CR3000 Student Workbook

Advanced Access Control
Course 3000
Course Topics
Unauthorized Reproduction Prohibited

1 CR3000 - M01.01 - 6.4.500 TU 1 (Topics)
Course Agenda
System wide configuration

Segmentation
Single sign-on
Action Group Library
Linkage Server
Scheduler
Global Output Server (GOS) - Email
FormsDesigner Lite and FormsDesigner
Custom Reports

2 CR3000 - M01.01 - 6.4.500 TU 1 (Topics)
Course Agenda
Access Control Features

EOL resistor table
Debounce Time
Hold Time
Entry/Exit Delay
First Card Unlock
Cipher mode
I/O Linkage
Local I/O
Global I/O

3 CR3000 - M01.01 - 6.4.500 TU 1 (Topics)
Course Agenda
Acknowledgment Actions
Alarm Mask Groups
Command Programming
Instant Commands
Unknown User Command Event
User Commands
Extended Held Command
Intrusion Command
Command Keypad (LNL-CK)
Access Level Extended Options
Escort Mode
Temporary Access
4 CR3000 - M01.01 - 6.4.500 TU 1 (Topics)
Course Agenda
Area Control and Anti-Passback

Reader Interlock
Local Anti-Passback
Global Anti-Passback
Mustering
Guard Tour
Destination Assurance
Lost/Stolen Badge Event
Advanced Alarm Handling Options
Highlight Alarm
Forward Alarm

5 CR3000 - M01.01 - 6.4.500 TU 1 (Topics)
Course Agenda
ID Management Applications
Area Access Manager
Visitor Management
Elevator Control

6 CR3000 - M01.01 - 6.4.500 TU 1 (Topics)
Course 3000
System Wide Configuration

1 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Segmentation
Documentation Reference
System Administration User Guide | Appendix E

2 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Introduction into Segmentation
Segmentation is: The process of dividing an access

control database into smaller subsets known as
Segments.
Initial objects assigned to each segment.
Users
Access Panels
Access Levels
Adds additional levels of permissions to be assigned
to objects.
<All Segments>
Segment (Individual)
Segment Groups
3 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Introduction into Segmentation Cont.
<All Segments>
Any user can view an <All Segments> records/objects
Only <All Segments> users can add, modify, and delete <All
Segments> records/objects
Segment (individual)
Users can only add, modify, and delete records/objects that
have that same segment assignment as they do.
Segment Groups
Users can add, modify and delete records/objects that are
assigned at least one of the segments that are contained within
the segment group assigned to the user.

4 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Segmentation
Segmentation allows an additional level of

permissions to be assigned to an object
Full control
View only access
No Access

5 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
User and Object Assignments
When an <All Segments> user logs into <All Segments>,

that user can view, add, modify and delete any object
with any segment assignment*
User User Object
Assigned User 1 Logged In Object 1 Assigned
Segments Segment Segments
<All Segments> User 2 <All Segments> Object 2 <All Segments>
Segment 1 Segment 1 Segment 1
User 3 Object 3
Segment Segment Segment
Group User 4 Group Object 4 Group

User 5 Object 5
*Provided that the user has the proper user permissions to do so.

6 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
When an <All Segments> user logs into a segment, they can

add, modify and delete only those objects in that segment. The
user can also view any object that belongs to <All Segments>
or an additional segment that matches their segment.*
User User Object
User 3 Object 3

User 5 Object 5
7 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
A user assigned to a single segment can add, modify and delete only
those objects in their segment . The user can also view any object that
has an <All Segments> assignment or an additional segment that
matches their segment.*
User User Object

User 3 Object 3

User 5 Object 5
8 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
When a user logs into their segment group, they can add, modify and
delete only those objects that belong to that segment group. The user
can also view any object that belongs to <All Segments> or an
additional segment that matches any segment in their segment group.*
User User Object

User 3 Object 3

User 5 Object 5
9 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
When a user logs into a segment within a segment group, they can
add, modify and delete only those objects that belong to that segment.
The user can also view any object that belongs to <All Segments> or
an additional segment that matches the segment that the user has
logged into.*
User User Object
User 3 Object 3

User 5 Object 5
10 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Additional <All Segments> Rules
System wide settings can only be configured by an

<All Segments> user
BadgeDesigner and FormsDesigner
Archiving Events and Transactions
System Cardholder Options
General System Options
User segment access permissions must be modified,
otherwise, all users will have <All Segments> access
Note: Being an <All Segments> user is not the same as

having access to each individual segment
11 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Pre-Enabled Segmentation View
Segmentation
Disabled
No
Segment
Tabs or
Headers

12 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Enabling Segmentation
Once enabled, Segmentation cannot be disabled
Default segment is created for placement of pre-existing

records

13 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Post-Enabled Segmentation View
Segmentation
Enabled
New
Segment
Tabs or
Headers

14 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Adding New Segment
Segments may be added independently or to a new

or existing segment group
A segment is created by the New Segment Wizard
Hardware may be moved to new segment
Existing data may be copied to new segment
Access levels and groups may be copied or moved

15 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Segmentation Wizard
Unique segment name

Segment group assignment*
Move panels from another segment*
Hierarchy of readers and alarm panels will be maintained
Perform full panel download after move
If Do not copy records or move panels from another
segment is chosen then all associated access levels will

not be copied and lost.
* - Optional
16 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Segmentation Wizard

17 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Segmentation Wizard

18 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Segmentation Wizard
Copy records from another segment*

Select records to be copied
Copy empty access levels and groups*

Allows creating a similar access level/group scheme
in the new segment

Cleaning up source segment*
Removes access levels and groups that may become
empty after moving hardware

19 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Segmentation Wizard

20 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Segmentation Wizard

21 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Segmentation Wizard

22 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Segmentation Wizard

23 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Segmentation Wizard Cont.
Prefix or append text to the names of records for

unique identification
Record names are enforced to be unique per
segment
Define segment hardware settings

24 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Segmentation Wizard

25 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Segmentation Wizard

26 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Segmentation Wizard

27 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Post-Segment Added View

28 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Features Controlled Per Segment
System wide limits are now per segment

Holidays 20-255 supported
Timezones 127-255 supported
Access levels 255-31999 supported
Badge number length 7-18 digits supported
Number of elevator floors 1-128 floors

29 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Access level assignments per badge

Maximum of 128 access levels supported
Total levels
Level allowing no activation dates
Level allowing activation dates
Anti-Passback
User Commands
Access Levels / Assets

30 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)

31 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Segmenting Hardware
Segmenting Access Panels

All downstream devices are automatically given the
ISCs segment assignment and cant be changed

Pre-segmentation
Configured hardware usually receives assignment during the

segmentation process
Post-segmentation
Configured hardware is assigned a segment during the add
hardware process
Hardware segment assignment can be modified

32 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Modifying Access Panel Segment Assignment

33 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
User Segmentation
Initially, users are assigned to <All Segments>.

User segments may need to be modified to
accommodate your customers needs.

Specific segment assignments will restrict
permissions to view objects in other segments.

34 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
User Segmentation Cont.

35 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Advanced Segmentation
Segment Options
Card Formats
Badges via Badge Types
Cardholders or Cardholders and Visitors
Allow segments to belong to more than one segment
group
Access level assignment
Non-system List Builder lists

36 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Advanced Segmentation Features
Additional control over objects that belong to

multiple segments
Primary Segment
Primary segment assignment can be either an <All

Segment>, an individual segment or a segment group
Users can add, modify and delete objects and records with
the same segment assignment.
Additional Segment
Additional segment assignment can be either an individual
segment or a segment group
Users can only view/use objects and records in the additional
segment

37 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Card Formats Pre-Segment

38 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Card Format Segmentation
Card Formats become assignable per segment

Each segment may now have up to 8 unique card
formats
Useful for organizations that require many different
card formats
Card formats that belong to <All Segments> will
reserve a format for every segment.

39 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Card Formats Post-Segment

40 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Badge Types Pre-Segment

41 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Badge Types Segmentation
Badges controlled by Badge Type

Pre-Segmentation
Users can add, modify, and delete all badge types*

Users can add, modify, and delete cardholder badges*
Users can add, modify, and delete access levels from
badges*
Post-Segmentation
Badge Types are initially assigned Primary = <All Segments>
Only <All Segments> users can add, modify, delete badges*
Badge Types are initially set where Available to All = NO
Users can only add, modify, and delete access levels from all
badges*
*Provided that the user has the proper permission level to perform this task.

42 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Badge Types Segmentation
Available to All (No Segment Restrictions)

Only <All Segments> Badge Types can be Available to All
Only <All Segments> users can edit the Badge Type itself
Allows users to add, modify, and delete cardholder badges of
that type as well as access levels
Primary and Additional Segments
Users with Primary Segment (or <All Segments>) access can
add, modify, and delete badge types or cardholder badges.*
Users with Additional Segment access can ONLY assign or
remove access levels from their segments to existing badges

43 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Badge Types Post-Segment

44 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Cardholder Pre-Segment

45 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Cardholder Segmentation
Segment Cardholders
Allows Cardholder permissions to be controlled based
on segment access
Segment Visitors
Allows Visitor permissions to be controlled based on
segment access
Visitor segmentation can only be done if cardholders
are segmented

46 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Access to Cardholder/Visitor controlled by

Segmentation
Pre-Segmentation
Users can add, modify, and delete all cardholders*

Users can add, modify, and delete cardholder badges*
Users can add, modify, and delete access levels from
badges*

47 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Cardholder Post-Segment

48 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Post-Segmentation
Cardholders are initially assigned Primary = <All Segments>
Only <All Segments> users can add, modify, delete
cardholder records*
Any user can view <All Segments> cardholder records*
Any user can assign access levels from their own segment to
existing badges*
Cardholders can be assigned primary and additional
segments
A users access to these cardholders is then based on their
segment

49 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Users Segment = Cardholders Primary Segment
When the user logs into a segment that is the

cardholders Primary Segment, the user is able to
Add, modify, and delete cardholders associated with
the Primary Segment

Add, modify, and delete badges, assets, network
accounts
Capture multimedia
Print and encode badges

50 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Users Segment = Cardholders Primary Segment
Assign Access Levels

Modify Guard Tour group assignments
Issue One Free Pass for anti-passback
Execute an APB move badge
Display global APB areas

51 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Users Segment = Cardholders Additional
Segment
When the user logs into a segment that is the

cardholders Additional Segment, the user is able to
View the cardholder but not change the cardholders
personal information.
Modify access levels.
Issue One Free Pass for anti-passback
Execute an APB move badge
Display global APB areas

52 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
User = <All Segments>
If the user is not an <All Segments> user, then the

user can only view <All Segments> objects and add
cardholders associated with the users segment

53 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Segment Groups
A segment group is a collection of one or more

segments
Using segment groups can reduce management effort
and complexity
For example, when a new segment is added to the system,
the administrator simply adds it to the appropriate segment
group. Users and cardholders with those groups assigned
are granted access to the new segment.
It is recommended to use segment group
assignments where possible, especially for users
and cardholders.

54 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Segment Groups
Allow segments to belong to more than one segment

group.
A segment group may contain one or more segments
A single segment optionally may be allowed in
multiple segment groups

Determined in Segment Options tab

55 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Segment Groups

56 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Access Level Additional Segments
Allow access levels to be configured as assignable

by users in other segments
Allows segment users to assign access levels from
other segments to their cardholders

Access levels are assigned to other segments by the
original segments user

57 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Access Level Additional Segments

58 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
List Builder Segmentation
List Builder Simple Lists can be filtered based on

segment

59 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Only certain lists can have a segment assignment.

60 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
If you ADD an item already in use in another

segment, then the following error will be displayed

61 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
When viewing, adding, modifying or searching in the

Cardholder, Asset, or Visitor UI, the drop down menu
options will be filtered to show only the available
items based on segmentation.
If the Cardholders current selection is something you
cant view, <Restricted Entry> will be displayed.

62 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Single Sign-On

63 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Single Sign-On Cont.
Allows user to log on to OnGuard automatically

using the current Microsoft Windows account
Conventional standard OnGuard logon still available if
desired

64 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Single Sign-On Cont.
Internal Account
A user account where the authentication information
is saved within the OnGuard system database.

Directory Accounts
A user account where the OnGuard user is linked to
an operating system account. The authentication

information is controlled by the operating system.

65 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Logon Process
Logged into Windows
Open OnGuard Application
Logon via
Internal Internal Directory
or
Account Directory
Account
OnGuard User Account Info. Windows Account Info.

User ID = PC1 User ID = JSmith
Password = class Password = 123InNow
Note: Here OnGuard
dictates user and
password requirements Logged on to OnGuard Note: Here the OS dictates User and Password
using strong or weak requirements. Example requirements =
password rules.
as PC1 numbers, caps , change every 30 days, etc.

66 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Directory Configuration
Directory must first be

configured based on
Template
Directory types
LDAP
Lightweight Directory Access
Protocol
Microsoft Active Directory
Windows NT 4.0 domain
Windows Local Accounts
Copy existing directory
Uses previous configuration as a
starting template

67 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Directory Configuration Cont.
Select domain hostname

Other default parameters will automatically be
populated
Name {Domain Name}
Port - 389
Start Node Node under which all accounts exist
SSL (Secure Socket Layer)
Enables data encryption

68 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Authentication allows the Lenel system to access

Windows user accounts to link to a Lenel User
account
Anonymous
Directories may be set up to allow anonymous access

Active directory default is to not allow anonymous access
Current Windows user
Explicit
Account logon information
Domain\User name
Password

69 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Advanced Configuration (Not available for Windows

NT4 Domains or Windows workstations)
Account class (user)
Account category (person)
Account attributes
ID attributes (objectsid)
User name attributes (samaccountname)
Display name attributes (displayname)
E-Mail attributes

70 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Lenel Accounts
Lenel users may have an internal account and/or a

directory account link
Internal account user name and password stored in
OnGuard DB
Windows directory account establishes a link between
the internal account and the directory account

Used for Auto and Manual Single Sign-On
Multiple Directory Accounts may be assigned to a
single Lenel account
Not recommended as user accountability will be lost
in Lenel reporting

71 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Lenel Accounts Cont.

72 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Logon
Internal
The internal account allows the standard login
method of logging on to OnGuard

ID and Password required
Manual Single Sign-On

Uses same directory as Auto Single Sign-on
Can be prevented by deselecting the Allow manual
single sign-on check box in the directory form

73 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Internal Account
The Internal Account is what you have been using to

log in to OnGuard up to this point.

74 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Auto Single Sign-On
Launch the Logon window

Open OnGuard Application
Log on to OnGuard using key icon or menu option
Auto Logon will be started
Press the Shift Key to bypass Auto Logon and log on

manually

75 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Manual Single Sign-On Cont.
Click the Options >> button to be given the ability

to choose between logging in using the internal
account or the directory account (manually).
Deselecting the Allow manual single sign-on check
box in the directory form will prevent the directory

from displaying in the log on directory drop-down box.

76 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Documentation References
System Administration User Guide | Appendix A:
Actions

77 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Action Groups Defined
An Action Group contains one or more Action Types.

An Action Group Library contains one or more
Action Groups.
The Action Group created is listed in the Action Group
Library.

78 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Used for pre-configuration of Action Groups before

being applied to:
Global I/O
Scheduler
Guard Tour
Alarm Acknowledgement Actions
Action Groups may also be configured and used

from the above forms.
Note: Not all Action Types are available in all
configuration locations (Dependant on Segment login)

79 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)

80 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Action Types
Action types listed and described in documentation

System Administration / Appendix A: Actions
More functionality than function lists

81 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Action Types
Action history/Guard tour event purging

Archive/Purge DB (Must be <All Segments> user)
Runs based on Record Archive Configuration
Arm/Disarm Area
Automatic Guard Tour
Initiates Guard Tour in Alarm Monitoring
Device Output
Reader and Alarm Panel Output control
Device Output Group

Reader and Alarm Panel Output Group control

82 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Action Types
Execute Function List

Local I/O configuration
Generate Event
Global APB System/Segment Reset
Resets APB location (free pass)
(I/Os dependant on segment login)

83 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Action Types
ISC DB Download
Downloads DB for specified ISCs
Limit quantity of panels based on cardholder DB size

ISC Firmware Download
Downloads Firmware for specified ISCs
Limit quantity of panels based on cardholder DB size

Mask (Disarm) / Unmask (Arm) Mask Group
Controls the inputs and devices in an Alarm Mask
Group

84 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Action Types
Mask/Unmask Alarm Input

Reader and Alarm Panel Input control
Mask/Unmask Alarm Input for Group

Reader and Alarm Panel Input Group control
Mask/Unmask Door
Simultaneous forced and held open masking
Mask/Unmask Door Forced Open

Reader forced open alarm
Mask/Unmask Door Forced Open for Reader Group

Reader group forced open alarm

85 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Action Types
Mask/Unmask Held Open

Reader held open alarm
Mask/Unmask Door Held Open for Reader Group

Reader group held open alarm
Moving Badges to APB Areas

Moves badges from one global area to another
Open/Close APB Area

Opens or closes an global or local APB area

86 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Action Types
Pulse Open Door

Pulse reader for strike time configured
Pulse Open Door Group

Pulse reader group for strike time configured
Reader Mode
Change on-line mode of reader
Reader Mode Group

Change on-line mode of reader group
Reset use limit

Resets use limit per access panel

87 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Action Types
Schedule Report
Run system reports (Must login to <All Segments>)
Set Forwarding Station

88 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Action Types Cont.

89 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Action Group - Monitor Zone Configuration
Monitor zones may be configured to include Action

Groups in the Alarm Monitoring system tree
Action groups are used in conjunction with the OnGuard
scheduler and Global I/O configurations
Will not restrict access to action groups used in the scheduler
Permission to scheduler controlled separately
The Action Group may be directly executed through right click
menu

90 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
LS Linkage Server

91 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Linkage Server
The LS Linkage Server is used to execute many

features within the OnGuard software
One instance per system
Typically configured as a service on the Database server

within system options.

92 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
LS Linkage Server Functions
Many functions controlled by the Linkage Server

Collects events sent by the Communication Server for
the following functions

Executing Action Groups
Scheduler
Global I/O
Guard Tour

93 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
LS Linkage Server Functions
Examines and updates cardholder records in the ISC

for the following function
Granularity/Temporary Access Levels
Locks video files for the following function
Digital Video
Accesses the Printer for the following function
Report Print Actions

94 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Scheduler

95 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Scheduler Cont.
Defines a schedule for either:

Action Types
Muster Mode initiation cannot be scheduled

Action Groups may also be created
Action Group

LS Linkage Server must be running

Time Zone selection shows current time in a specific
world time zone
For reference purposes only

96 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Scheduler Configuration
May be launched from:

Administration Menu
Scheduler for all objects

Monitoring Menu
Only allows Guard Tour scheduling
Alarm Monitoring
Scheduler for all objects

97 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Scheduler Configuration Cont.

98 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Add Action Wizard

Configures Action Type or Action Group
Schedule
World Time Zone that schedule time will be based
upon
Run one time by date and time
Define Recurring Action Schedule
Occurrence
Frequency
Duration

99 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)

100 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Scheduler Configuration
Scheduler will attempt to perform configured action

at scheduled time
Failure will be logged and may be examined by right
clicking on scheduled item

If a single item in the schedule fails to execute a
failure will report.

View action history
View current status
Refresh action

101 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Viewing Failed Action History

102 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Reporting Enhancements and Email
Schedule Report action

type
Available in
Scheduled Action
Groups
May be triggered from
Acknowledgement
Actions
Global IO

103 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Reporting Enhancements and Email
Allows the report to be sent

to email or printer
GOS must be configured for
sending reports by email
Email address must be entered
Target printers MUST be
located on same workstation
as LS Linkage Server for
printing
Number of pages can be
limited for large reports

104 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Global Output Server (GOS)

105 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
GOS Cont.
Global Output Server routes manual and/or

automatic E-mail requests from the Lenel application
to other 3rd party applications:
SMTP servers for E-mail requests
Other E-mail servers may also be used

106 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Manual E-mail
Alarm * SMTP
Monitoring
GOS Server
Manual Process
(Alarm Monitoring Operator)
*
Comm
Server
OnGuard
* Service
107 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Automatic E-mail
Alarm
Monitoring
Same as
*
Comm
*
Linkage * manual
GOS
Server Server from this
point
* Service
108 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Lenel Setup
SMTP Server Settings

Configures E-mail server
Recipients
Creates list of intended recipients for E-mail

109 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Email (SMTP) Devices
Email accounts must be set up by email

administrator prior to proceeding
SMTP is used for GOS requests for e-mail
Simple Mail Transport Protocol
SMTP is the Internet standard used for sending e-
mail

110 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Email (SMTP) Devices

111 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
E-mail (SMTP) Devices
Configuration includes
Name of OnGuard E-mail configuration
Host mail server name
Port number
(defaults to 25)
Workstation running GOS service

112 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Email (SMTP) Devices Cont.
Authentication optionally required

User name
Password
E-mail sender information (combined)

Sender name
Sender address

113 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Recipient
Create recipient name

Add recipient E-mail address
Device
Description
Address (recognized by E-mail server)

114 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Using Manual E-mail
Alarm monitoring station

System wide connection to GOS
Able to be performed from any window displaying

events and alarms
Right mouse click on alarm
Select E-mail

115 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Using Manual E-mail
A single event may be sent to multiple recipients

within email or paging

116 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Automatic E-mail
Linkage server is used to route E-mail requests from

the Communication Server to GOS
Typically a custom alarm definition is created for a
specific hardware device/event

The definition is associated with E-mail messages
and recipients
When configuring E-mail messages the default
information regarding the specific alarm will be shown

in the subject and body of the email if left blank.
To use custom E-mail layouts use %[item] as shown
in the help files

117 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Automatic E-mail

118 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Automatic E-mail

119 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Sending E-mail
Information sent:
Subject (E-Mail only)
Alarm description
Message
Alarm description
Date and time of event
Device/badge generating event

120 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
Summary
System Segmentation
Single Sign On
Linkage Server
Scheduler
Global Output Server (GOS) E-mail

121 CR3000 - M02.01 - 6.4.500 TU 1 (Sys Config)
FormsDesigner Lite and
FormsDesigner
FormsDesigner User Guide

1 CR3000 - M03.01 - 6.4.500 TU 1 (Forms Designer)
FormsDesigner Application
Separate OnGuard Application

Start | Programs | OnGuard | FormsDesigner
Controlled through licensing

FormsDesigner Lite
Supplied with OnGuard

FormsDesigner
Licensed with a maximum concurrent login of 1

Prerequisites
Backup the database!

Directly manipulates the database structure
Modifications cannot be undone
Unforeseen problems
Power Outage
Network Problems

Prerequisites
Close all cardholder screens

No changes can be made in System Administration or
Alarm Monitoring
These programs may be open, but not recommended
Another good reason to backup before beginning!

Database Backup
Microsoft SQL Server 2008

SQL Server Management Studio
Microsoft SQL Server
Databases
<Database Name>
Right Click
Select - Tasks
Backup Database*
* - Should be done before opening FormsDesigner

Open Form Options
Assets
Cardholder
Reader
Visit
Visitor

Before Design FYIs
There is not an undo option

Save your work often
Deleting a field means permanently deleting data
from the database. Use caution
Adjust the Field Page Permission Groups to include
the fields you have just added
New fields will not be available with default reports
Use Crystal Reports for report customization to
include new fields

FormsDesigner Navigation
Object List
Lists all objects currently defined in system
Used for easy selection of objects
Database Information Window

Lists database tables and fields
Form Layout View

Forms look as they will within their respective
applications

All Viewing Permanent Area

Appears at the top and right side of all cardholder
pages including reports tab

Custom Area
User configurable objects seen only on current
cardholder page

Form Design Layout
Object List
All Viewing Permanent Area
All Viewing
Database Permanent
Info Window Custom Area Area

The interface for adding reader groups is very

similar to adding other objects

FormsDesigner Lite
Same application as FormsDesigner, but license

limits the ability to alter database fields
Included with the standard Lenel OnGuard product
Allows you to make cosmetic changes to the
cardholder screen only

FormsDesigner Lite
Selecting objects:
Clicking on object
Selecting Name in Object List
Multiple selection
Boxing objects

FormsDesigner
Cardholder Screen Customization

Allows you to create, edit, and delete database fields
used in ID CredentialCenter
Assets
Cardholders
Visits
Visitors
Software option
Part # SWG-1210

Inserting Form Objects
Adding Objects
Page
A tab added to the selected form where additional fields,

dropdown boxes and labels may be added
Field
Text Field -Alphanumeric characters can be entered
Encrypted Text Field
Text is encrypted in OnGuard database with the option of
viewing data entered in OnGuard
Number Field - Only numeric characters can be entered
Date Field - Formatted to allow easy date entry

Inserting Form Objects
Dropdown Box
Entry is supplied by selecting from a list of predefined
choices
Label
Displayed title for each of the objects listed above

Inserting Pages
Pages may be inserted into:

Cardholder Form
New pages must be inserted between the Cardholder and Badge
pages
Order can be adjusted with other added pages only
Visit Form
New pages must be inserted after the Visit page
Order can be adjusted with other added pages and Details page
Visitor Form
New pages must be inserted after Visitor page
Order can be adjusted with other added pages only
Asset and Reader Form
Pages may not be inserted on these forms

Inserting Pages
Menu = Insert | Page Pages Window | Add
Page Order
Page Name
New added Page

Inserting Fields
New database fields are added to the UDFEMP table

Text Field
Encrypted Text Field
Dropdown List
Will cause a new table to be created in the database

The field name used for
Column in UDFEMP
Table which the column is joined
The contents are populated in List Builder

Inserting Fields
Adding a drop down field to the Readers group page

Inserting Fields
Naming the drop down field

Adding New Fields
Text Field
Number Text Fields are added to the
Date User Defined Employee Table
Uses local date
format from and can be customized for
Windows
numbers, dates, or plain text.
Text
UDFEMP Table
ID Name H
1 Jim 5
2 Sue 5
3 Greg 6
Adding New Fields: Encrypted Text
New text fields may be encrypted by selecting

Encrypted Text field type
Existing fields CANNOT be converted
Utilizes a IEEE DES Lenel encryption
Institute of Electrical and Electronics Engineers Digital

Encryption Standard
No reporting capability
Data viewed from OnGuard only

Field Style Password
Controls the ability to view in plain text format or
masked with asterisks

If enabled with Encrypted Text, then data within that
field can not be read

Adding New Fields
UDFEMP Table
ID Name Eye
Color
1 Jim 3
2 Sue 2 Eye Color Table
3 Greg 3 ID Eye Color
The field in the UDFEMP 1 Blue
table is represented as a
dropdown box in the 2 Green
OnGuard form, and a
new table is created for 3 Brown
the dropdown list.

Field Properties
Defining Field Properties

General Settings
Fonts
Field Settings
Field Styles

Field Properties
General Settings
Object Name
Position on (current) page
Width and Height of object

Number of pixels from top & left of page
Where object can be viewed from
Where object can be edited from

Field Properties
Fonts
Selection of font
Font style
Font size
Strikeout
Underline

Field Properties
Field Settings are automatically displayed when

adding object, or when viewing the properties of an
object
Object name displayed in object list
Field name name assigned in database
Field type determines the way database will store
the data
Date
Numeric
Text

Field Properties
Maximum length determines length reserved in

database
Decimal used only for numeric field type
Default value will automatically populate field with
this value
May be overridden if used has edit capability for this field
Template regulates data entered into field

Field Properties
Required
Enforced in the Lenel cardholder form during add or modify
Indexed
Creates index in database
Used to increase search performance
Unique
Enforced in the Lenel cardholder form during add or modify

Field Properties
Text Field Properties Window Drop-down List Field Properties

Window

Field Properties
Field Styles
Multi-line & scrolling options
Input Appearance
Editing Permission
Field Effect

Label Object
Label Objects
May be associated with a specific field
Cosmetic Change

Object Configuration
Object Manipulation
Move
Windows drag and drop interface

Resize
Use of arrow keys
Delete

Finalizing The Layout
Set Tab Order

Sets the order in which the cursor moves from field to
field when the user tabs through the fields on a page

Populate Drop-Down Lists
Use the List Builder to add contents to drop-down lists
Can populate from text already entered when
converting from a text field to a drop-down using the

same database field name

Finalizing the Layout
Arranging the added fields

Fields can be organized in several different ways
Align left, center, right

Aligned to the top or bottom of the selected objects
Make all the objects the same width or height
A complete list of options is available on pages 38-40
in the Forms Designer user guide

Finalizing the Layout

Saving The Changes
Save Cosmetic Changes (Lite version)

Does not affect the database
Available in full version

Save and Preserve
Preserves any existing cardholder data in the database

Save and Destroy
Deletes any existing cardholder data in the database

Summary
FormsDesigner Lite
Cosmetic Changes
FormsDesigner
Database changes
Field properties
Saving changes

Course 3000
Custom Reports

1 CR3000 - M04.01 - 6.4.500 TU 1 (Custom Reports)
Custom Reports
Crystal Reports used to create all standard Lenel

OnGuard reports
\Program Files\OnGuard\Report Templates directory
{Filename}.rpt file
Embedded portion of Crystal reports generates report
from .rpt file against database

Crystal Reports
Crystal Reports Eleven Release 2 is supported

Crystal Report Designer
Design view
WYSIWYG preview with live data
Database location must be configured

Open existing report
Reports will be saved as different report name
Standard default reports are read-only

Report Designer Components
Report Header
Information printed once on first page
Page Header and Footer

Information printed per page
Group Header and Footer

Information printed per group
Details
Data contained in report
Report title

Report Modification
Check database current schema

Run Verify Database option
Disable Auto-Smart linking

Tables must be manually linked
Add new tables if drop down lists have been created

Utilize the Database Expert utility

Crystal Reports

Database Tables and Fields
Certain tables are required for each report type

Tables must be linked (joined) to yield proper report
results
Reminder: Smart linking should not be used
Fields must be selected that are to appear on report

Report Configuration
Used to add Crystal Reports to the Lenel OnGuard

application
Name
File
Description
Password
Types
Filter

Report Characteristics
Report name
Sorted by name by type
Password
Password protection per report
Description
Describes report purpose / content
Make extensive use of description field with custom reports

Determine category of report and determine filters
that may be applied

Report Configuration

Considerations
The database schema is updated with each major

release and reports replaced
Custom reports must be tested with each upgrade
Use Database/Verify Database menu selection to verify

schema
Check new RPT file installed with new release for contents
Always thoroughly test results of custom reports
when the report is created on a different database
type than the deployment system

Summary
Crystal Reports
Standard reports
Saving custom reports

Course 3000
Access Control Configuration

1 CR3000 - M05.01 - 6.4.500 TU 1 (Access Control Config)
EOL Resistor Table

EOL Resistor Table
Allows configuration of EOL resistor values for all

Lenel alarm inputs
4 Default values
Non supervised
Supervised
4 Custom values
Detectable resistance range
Basic = 51 (minimum) to 9,999 (maximum)
Advanced = 50 (minimum) to 25000 (maximum)

EOL Resistor Table
Common
Values

EOL Resistor Table Cont.
Table Configuration
Standard pre-configured settings
Default normally open

Non supervised
Supervised
Default normally closed
Non supervised
Supervised

EOL Resistor Table Cont.
Custom configuration
Basic
Allows configuration of low and high range

Allows selecting N/O or N/C contact
Advanced
Input status and resistance ranges may be defined
Allows configuration of priority
During add or modify switching between basic and advanced
will keep low and high values.
Default button
Sets configurations to standard values

Basic Configuration
Basic default values

Normal low range
750 to 1250
Normal high range
1550 to 2500
Defined values
Foreign 1K Foreign 2K Foreign
Short Open

Advanced Configuration
Advanced default
values Active (alarm) input
Shorted loop 1550 to 2500
0 (short) to 50 Foreign
Foreign 2500 to 10000
50 to 750 Open loop
Inactive (secure) input 10000 to (open)
750 to 1250 Grounded input line
Foreign Input A or B grounded
1250 to 1550 Defined values
0 Foreign 1K Foreign 2K Foreign
Short Open
Advanced Configuration Cont.
Resistance range
Positive number representing a resistance value in
ohms
Drop-down selection
infinite resistance
shorted line
ground line A
ground line B

Status options:
Inactive
Active
Fault ground
Fault short
Fault open
Fault foreign voltage (abnormal resistance)
Fault non-settling (debounce time expires)

Priority
Configures the priority of each monitored state and
assign a priority to the reported event

Allowable range (low-high)
Used when the input is in a non-determined state and

another determined state will take precedence

Debounce Time

Debounce Time Cont.
Debounce time
The amount of time (mS) required for the contact to
remain stable and accurately report a change of state

of the input
Configuration is relative time based on type of input
General purpose alarm input (alarm panel, reader interface

alarm input)
REX
Door position switch

Debounce Time Cont.
Debounce time
Contact Open 150 mS
Contact Bounce
Contact Closed
Time
Reported Alarm = Alarm Restored

Debounce Time Cont.
Debounce
Contact Open time
33 mS
Contact Bounce
Contact Closed
Time
Reported Alarm = Fault Non settling

Debounce Time Cont.
Debounce values
Default used mainly for upgrading, and for hardware
not supporting configurable values

Previous value used when upgrading
1 ~ 33 mS (default for REX)
2 ~ 67 mS
3 ~ 100 mS (default for general purpose inputs and
DPS)
4 ~ 150 mS
5 ~ 200 mS
6 ~ 250 mS
Hold Time

Hold Time Cont.
Hold time
The hold time is intended to reduce multiple
transaction events from sensors that are likely to have

many transitions per incident
Intended for general purpose inputs
Extends the detection of the restored alarm
Configured in seconds

Hold Time Cont.
Incident Secure
1
A single restored
event will be
generated at the
end of each hold
time
Single Alarm 2 second hold time

Debounce & Hold Time Configuration
Configuration of Reader Controls, AUX inputs and

Alarm Inputs
Assigning the EOL supervision configuration
Debounce Time
1 lowest (33ms)
6 highest (255ms)
Hold Time
In seconds (1-15)

Exit/Entry Delay

Exit/Entry Delay
Non-Latch Entry field

Checked/Non-latched mode
Unchecked/Latched mode
Entry Delay
Non-Latched mode = Alarm will be reported when the
Entry Delay time expires

Adds false alarm prevention
Input must still be active at the end of delay time.

Exit/Entry Delay
Latched mode = Alarm will not be reported when the

Entry Delay time expires if input is masked within the
specified delay time
Valid access to a room with motion detectors
Used with Reader Command Programming, Arm/Disarm
Areas or Manual Masking.

Exit/Entry Delay
Exit Delay
An active input will NOT be reported until the Exit
Delay expires (count down starts after unmask action)

Useful for securing a room upon exit
Value is in seconds (0 to 32767)

Exit/Entry Delay Cont.

First Card Unlock

First Card Unlock Cont.
Referred to as Snow Day functionality

The reader will change to unlock mode when the first
badge is presented
Any badge
Authorized badge
Based on access level permission

May also be controlled through Timezone/Reader
mode

Option enabled at each ISC

Enabled on a per reader basis
Default reader configuration
May also be manually changed from alarm monitoring

Reader mode timezone control
Specific times when functionality is enabled


First Card Unlock

Authority
Reader optionally
configured for First

Card Unlock Authority
Required
First card unlock
authority controlled by
access level
assignment


Timezone can be applied to determine when reader

will switch to first card unlock mode.

Other features that can enable or disable First Card

Unlock include:
Global I/O
Alarm Acknowledgment Actions
Guard Tours
Scheduler

Cipher Mode

Cipher Mode Cont.
Allows card data to be entered via the readers

keypad
Temporary badge if employee forgets badge
Eliminates multiple badges for multiple facilities
May be revealed to a group of people
Reporting accountability would be lost

No physical credential

May be used when reader is set to card and PIN

Both cipher code and PIN must be entered

Cipher Mode Cont.

Cipher Mode Cont.
Magnetic card format must be assigned to the reader

for format comparison
Card format used as template for badge information
entered through keypad

All badge format information must be entered that is
configured in the card format

Facility code, badge ID, issue code
* used to identify the start of data entry for cipher mode
# used for identify end of data entry for cipher mode

Cipher Mode Cont. Example 1
Reader in card only mode

Enter *12312345601# at the reader keypad
* (start)
123 facility code*
123456 badge ID*
01 issue code*
# (end)
* - Determined by card format

Cipher Mode Cont. Example 2
Reader in card and PIN mode

Enter *123456# 1234 at the reader keypad
* (start)
No facility code*
123456 badge ID*
No issue code*
# (end)
PIN 1234
* - Determined by card format

Cipher Mode Cont.
Cipher mode will not operate in reader facility mode

Magnetic card format may be configured with just a
badge ID
No facility code or issue code

I/O Linkage
Local I/O
Global I/O

New Terminology
Local I/O
Confined to a single access panel
Global I/O
System wide*
*Segmentation restricts the ability to configure Global APB,

Mustering, and Guard Tour across segments

Local I/O

Local I/O
Functions operate at local level only

Up to 100 functions supported per ISC

Local I/O Cont.
Output of functions allow control of:

Alarm panel outputs
Reader outputs
Masking/unmasking of alarm groups
Opening/closing areas
Chain to function list
Access Panel callback
Two Man Area Control Activation
Reader unlock/set reader mode
Testing for active alarms in alarm group*
* - Used in conjunction with Alarm Group unmasking to provide
intrusion detection panel functionality
Activate/deactivate time zone
Local I/O Cont.
Local I/O may be executed via.

Device linkage
Command Programming
Instant Commands
Area count
Alarm mask group count
Alarm Acknowledgment
Scheduler
Part of an Action Group

Action type

Local I/O Cont.
Device Linkage Inputs include:

All alarm points
Communications loss to downstream devices
Access activity
Workstation
Communication loss to host workstation running the panels

LS Communication server

Local I/O Cont.
Input actions on state change can be configured to

Do nothing
Set true
Set false
Pulse

Local I/O Cont.

Local I/O Cont.

Local I/O Cont.

Global I/O
System Administration | Appendix A | Actions
System Administration | Appendix B | Alarm/Event
Descriptions

Global I/O
Global I/O
Functionality allows linkage between Access Panels
system wide
Utilizes the LS Linkage Server for Global I/O
execution

Global I/O

Global I/O Cont.
Global Linkage
World Time Zone
Defines world time zone that the LS Linkage Server will use
to execute based on the OnGuard Timezone assignment
Timezone
Defines allowable times when Global Linkage will execute
based on world time zone
Always
User defined
Never Could be used to disable Global I/O linkage

Global I/O
Event Timestamp Tolerance

Name changed in OnGuard 2008
Used to be called Input Event Duration in previous versions

Sets a tolerance (limit) to the difference between the
time of the event and the time it is received by the
linkage server

Global I/O
Logic correlation time period

The number of seconds that each event text must
occur between each other to be valid

Valid range 1-999 seconds
Defaults to 10 seconds
If each event transaction occurs within the logic
correlation time, the output action is triggered

Global I/O
Input Event*
Event is required
May have two inputs linked to a single event

Devices may be optionally assigned:
All field hardware
Badges may be optionally assigned
One badge ID per configuration
* - Multiple input event configurations may be configured within a single

Global Linkage

Global I/O

Global I/O: And / Or Logic
Requires two or more input (event) transactions in a

pre-configured time (Logic correlation time period) in
order to generate the output event(s)
Not a state-based AND operation
All inputs must report active, but do not have to remain active
Inputs are transaction based NOT Alarm State based

Global I/O: And / Or Logic
Multi-layer AND/OR hierarchy may be created

OR gates feeding an AND gate
The AND gates feeding an OR gate
Limited to OR-AND-OR relationship

Global I/O: And Logic Group
Two or more inputs must be selected to initially

create an And Logic Group
An OR logic group will also be automatically created

Creating Logic Groups
The automatically created OR group represents that

the input Event window was originally an OR
window
It also allows you to follow the logic of any inputs
added to the window after the AND was created
Logic Diagram

Global I/O: Multiple Logic Levels
Up to 3 logic levels may be created
OR logic group
allows multiple conditions
to trigger execution

Global I/O: Modifying Inputs in Logic Groups
Inputs may be dragged and dropped between logic groups

using a mouse
As long as moving the input does not violate the logical operation
Example: There MUST always be at least 2 inputs in an AND group
Logic groups may be deleted
User will be prompted for keeping the inputs belonging to the group

Global I/O
Output Action*
Choices include
Action Types
Individual actions
Predefined Action Groups
Control action
Action dependent on selected item
* - Multiple output actions may be configured within a single Global Linkage

Global I/O

Global I/O
Local I/O may be linked to Global I/O when Execute

Function List is selected for the Output Action
Execute: True
Execute: False
Execute: Pulse

Grant / Deny Action Type
Launches pop-up on any access related event

Previously only launched Grant/Deny pop-up window
with an access grant event

Global I/O: Generic Event Action Type
Action type used to

generate a Generic
Event from Global I/O
Useful for creating a
custom alarm from the

correlation linkage that
may include event text
Custom alarm based on
Generic Event and
specific event text

Global I/O: Generic Event Text
Configuring event text

Select configured text
using dropdown
Contents added in Text
Library
Events can be typed in
the given area
Automatically added to
Text Library


Allows an Action Type or Action Group to be

executed during the alarm acknowledgment process
Action or Action Group may be executed
Allows a Local I/O function list to be executed during

the alarm acknowledgment process
Execute Function List Action can be chosen from
Action Types
Execute: True
Execute: False
Execute: Pulse

Acknowledgment time limit may be configured to

prevent execution after a period of time lapses
Zero sets no limit

Alarm Mask Groups

Alarm Mask Groups
Allows you to mask or unmask multiple alarm inputs

and readers simultaneously
Limitations
128 Alarm Points (items to mask) per group
64 Alarm Mask Groups per Access Panel
Uses Device Event assignments to determine

masking
Each assignment can be assigned to only one
masking group

Alarm Mask Groups Cont.
Local IO function can be linked to the

masking/unmasking of the group
Can be used to show indication by activating device
output upon unmasking

Alarm Mask Groups Cont.
Alarm Masking Groups can be masked or unmasked

Manually through Alarm Monitoring System Status
Tree
Using Local IO Function
Alarm Group Mask/Unmask

Absolute or Incremental
Using Global IO
Mask/Unmask an Alarm Mask Group
Absolute Mask or Unmask Only
Setup to call Mask/Unmask Local IO Function

Using Mask Counts
Allows configuration of how I/O will mask and

unmask an Alarm Masking Group
A mask count of 0 = Unmasked
A mask count of 1 or higher = Masked

Masking methods
Absolute
Sets mask count to 1 on set true

Sets mask count to 0 on set false
Incremental
Increments mask count by 1 on set true
Decrements mask count by 1 on set false
Incremental is useful for using valid access grants into rooms
or areas. (Anti-Passback Area Function List)

Alarm Mask Group using Local I/O
Setup a function list to test and set the mask

count for the Alarm Masking Group
Link that function list to Access Granted at
Entry and Exit Readers

Masking Groups using Command Programming
Setup a function list to test and

set the mask count for the Alarm
Masking Group
Assign the function list to a
command pair under command
programming

Command Programming

Command Programming
Enable Command Programming at a particular

reader
Access level must be enabled for Command Authority
and level must be assigned to cardholders badge

Function may be assigned to key command pair
Command range 4-15
Even number sets function true, e.g. *4#

Odd number sets function false, e.g. *5#

Command Programming Cont.

Command Programming Cont.

Instant Commands

Instant Commands *
May be entered at any keypad reader

Non-paired commands used to execute local I/O
function lists
Function 16-22
Example - * 17 #

Instant Commands
Command sequence entered into keypad readers

Does not first require an access grant transaction
Useful for Local I/O functions that can be executed by
anyone at anytime
Commands may be entered when reader is in Locked
or Unlocked mode

Instant Commands Cont.

Unknown User Command
Event

An Unknown User Command event will be generated

and logged containing keypad user command data
unrecognized by the system
Note: Default Unknown User Command alarm
definition is set to not display or print


May be used to
Track and report keypad entry
Erroneous entry
Intentional
Creating custom command sequences
Custom alarm definitions and Global I/O linkages may be
created containing the invalid command strings
Uses event text library

User Commands

User Commands
Non-Segmented
system
Segmented
system

User Commands Cont.
Configuration of the Extended Held Command

Configuration of the Intrusion Command

Allows held open time to be extended for a specific

reader by a validated cardholder
Examples:
Cleaning crew removing large quantity of trash

Shipping and receiving with large delivery
Occupied Rooms with low security levels in need of air
circulation.
Training Rooms
Hardware closets
Libraries
Board/meeting rooms
Etc.

Extended Held Commands
Extended held command options

Code
Must be 3-6 digits in length per system (segment)

Avoids conflict with Reader Commands 4-15
Minimum time (1 minute)

Maximum time (999 minutes)
Pre alarm time (1-30 minutes)
User has 15 seconds from valid access to enter the

extended held command

Command Authority for Extended held

Reader must be configured for allow user commands
Access level must be enabled for Command Authority
and level must be assigned to cardholders badge

Reader Beep
Setting must be set to Use reader buzzer in the
System Administration / Access Control / Readers /

Settings / Pre-Alarm Mode field
once every two seconds during pre-alarm time (not
configurable)
Pre-alarm in extended held command overrides pre-
alarm in reader settings

Reader Output Pulse

Setting must be set to Use aux output 1 in the
System Administration / Access Control / Readers /

Settings / Pre-Alarm Mode field
Causes auxiliary relay 1 to energize for the Output
pulse time when an Extended Held Open Pre-alarm

occurs

Command Sequence:
Valid Access Granted
Present badge + proper access level + hold open door

* or on LNL-CK
Tells system that cardholder is about to enter a command
Extended command code
Default = 200

Command Sequence Continued
Three digit extended held time in minutes

002 = two minutes
Time before issuing pre-alarm and/or held alarm
# or Command key on LNL-CK
Tells system that the cardholder is finished entering
command
Example:
Extended Held for 30 minutes
Access Granted + * + 200 + 030 + #

Intrusion Command
Allows cardholder to Arm/Disarm an alarm mask

group using keypad input.
Set Intrusion Command Configuration
Global Permission Control allows for basic
Arm/disarm functionality
Advanced Permission Control allows for more
discrete control of Arm/disarm permission

Training covered in Elective Distance Learning Course,
EL3700 Embedded Intrusion
NOTE: Prior to 5.12.110 this was called the Arm/Disarm command

and did not include the Advanced Permission Control functionality

Intrusion Command
Allow Intrusion Commands at the Reader

Typically the LNL-CK is used
Access panel firmware 3.083 or higher is required.
Non-command keypads are not recommended but
may be used

Intrusion Command: Global

Intrusion Command: Global
Cardholder must also have an access level with

Global intrusion command authority

Intrusion Command
Command Sequence:
Valid Access Granted - Present badge + proper
access level + open door

- Tells system that cardholder is about to enter a
command
Arm/disarm command code - Default = 300 - Tells
system that cardholder is executing arm/disarm

command
Two digit alarm mask group ID - Tells system what
mask group to arm or disarm

Command - Tells system that the cardholder is
finished entering command
Command Sequence Continued
Arm/Disarm Command
1=Disarm: Sets alarm mask group to 1 and masks all events
in the group
2=Arm: Sets alarm mask group to 0 and unmasks all events
in the group
3=Forced Arm: Sets alarm mask group to 0 and unmasks all
events in the group even if a device is in alarm at the time of
arming
4=View: Allows you to view any active points to help you
determine if any further action is required before arming
Example: Access Granted + + 300 + 01 +
Command + 2 = Arming #01 Alarm Masking Group

Stand Alone LNL-CK may be set as

No Door
an alternate reader to
Hardware
the primary door reader
Address
for visual text message
0-31
display
Reader Device Alternate RS-485 Device

LNL-CK Uses door Reader LNL-CK Uses door
hardware from RIM Port 1 hardware from RIM
Address 1 Address 1
Address 2

Command Keypad
LCD display will display text information

Line 1
Locked, Unlocked, Ready, Denied, Access granted, Enter

PIN, Next badge, Not authorized, Invalid data, Timed door
open
Line 2
Current time, *s on PIN entry, Number of minutes/seconds
left until door held alarm occurs
LNL-CK can also display the extended held time
available:
14:32 to alarm = Held alarm in 14 minutes and 32
seconds.
Access Level Extended
Options

Access levels may be configured with extended

options
Escort feature
Temporary access
Options configured globally

Per system
Per segment basis


Escort Feature
Feature utilizing the two man rule for visitors or
cardholders required to be escorted by a designated

escort
Escorted badge(s) presented first
Escort badge presented within 15 seconds
Access granted for both badges

Configuration allows access levels to be set

Not an escort or does not require an escort
Standard access level

An escort
Access level designated as being an escort
Requires an escort
Access level designated as needing an escort

Temporary Access
Feature downloaded to the access panels allowing
configuring either/both
Activation date/time
Deactivation date/time
A group of badges may be affected by
activating/deactivating the access level
Hardware resident rather than host driven



Area Control and Anti-
Passback
System Administration | Appendix G | Special Two-
Man Rule

Reader Interlocking
A multiple door interlock may be created using Local

APB
For any door in the area if either the door strike is active or the door
is open, no other door may be opened to leave or enter the area
Typically used with magnetic locks in order to secure the interlock

Reader Interlocking
This option requires

LNL-2220 or LNL-3300 panels
System configured with local areas
Reader tab for APB is used for configuration
If Global APB is enabled this option will be unavailable
When the area interlock is active, any additional

request for access will be denied
An event will be indicated in Alarm Monitoring
LEDs on the door reader(s) will show that access has been
disabled

Reader Interlocking
Interlock Area Events

Interlock Area Busy
Cannot Open Door: Interlock Area Busy
Exit Request Denied: Interlock Area Busy
DURESS - Interlock Area Busy

Reader Interlocking

Anti-Passback Overview
OnGuard supports either Local or Global Anti-

Passback (APB)
Local Area Control & APB
Tracked and controlled by access panel

Access Panels
Global Area Control & APB
Tracked in DB and controlled by software
Communication servers

Local Anti-Passback
Access Control
Panel
Area #1
1A 1B Inside 2B 2A
Area #2
Outside

Access Control Access Control

Panel Panel
Area #1
1A 1B Inside 2B 2A
Area #2
Outside

Types of Anti-Passback
Three Types of Anti-Passback scenarios

Soft
Event generated if system thinks you are not in Area

Leaving
Hard
Access Denied into Area Entering if system thinks you are
not in Area Leaving

Timed
Individual Reader
Access denied to individual reader until configurable countdown
time expires
Countdown time transfers to new reader on every access
granted event.
Area
Access denied to Area Entering until configurable countdown
time expires
Countdown time transfers to Area Entering upon access
granted event at an entering area reader

Soft Anti-Passback
Access Control
Area #2 Panel
Outside
Then
Here 3 Area #1
1A 1B 2
Inside 2B 2A
Then
4 Then
Here
Again Here
1
#4 Outcome = Swipe
Here
Access Granted
Anti-Passback
Violation

Hard Anti-Passback
Access Control
Area #2 Panel
Outside
Then
Here
3 Area #1
1A 1B 2
Inside 2B 2A
Then
4 Then
Here
Again Here
1
# 4 Outcome = Swipe
Access Denied Here
Anti-Passback
Violation

Timed Anti-Passback
Access Control
Area #2 Panel
Outside
Then
Here 3 2
Area #1
09:40
09:41
09:42
09:43
09:44
09:45
09:46
09:47
09:48
09:49
09:50
09:51
09:52
09:53
09:54
09:55
09:56
09:57
09:58
09:59
10:00 1A 1B Then
Inside 2B 2A
Then Here
4 09:50
09:51
09:52
09:53
09:54
09:55
09:56
09:57
09:58
09:59
10:00
Here
09:50
09:51
09:52
09:53
09:54
09:55
09:56
09:57
09:58
09:59
10:00
Again 1
Swipe
# 4 Outcome =
Here
Access
Denied on 1A
reader for 10
min.
Segmented vs. Non Segmented
Non-Segmented
system
Segmented
system

Anti-Passback Settings
Reset APB Status

Local APB
Option to reset ABP at the

start of a timezone
Reset Now button resets
ABP immediately
Global APB
Timezone option is disabled
Reset Now button is available
Global APB
Select checkbox to enable
Global APB
Local Anti-Passback

Setting up Local APB
Local APB is setup in several steps

Enable Store APB Locations at Access Panel
Create/Set up Areas
Set up APB at Readers
Timed APB
Enable Timed APB at the Access Panel
Set up time limit at the readers
Areas may be used with Timed Area APB option set
at the reader
In this case you will also need to create areas

Enabling at the Access Panel

Local Areas
All Local Areas are considered a Normal Area type

A default local area will be created in a local APB
system/segment when a new access panel is added
Normal Area (Default Area)
Areas may not span Access Panels

Local Areas Cont.

Local Areas Cont.
Default Local Area

This area is automatically created for each panel
All badges will be assigned to the default area
After an ISC database download

When new badges are first created
Typically no area features should be configured for
default area
Do not delete the default area

Creating a Local Area
Select the panel (ISC) for the area

Define area rules
Anti-passback readers associated with the area will
be listed once readers are configured

Interlock
User Counting
Two man control

Maximum occupancy
Close Area
Occupancy actions
Function list

User Counting
Maximum occupancy
Setting count to zero disables feature

Two man control
None: Feature disabled
Standard: Two cardholders must be in the area at all times
Other options are available is Special Area Rules are
enabled at the access panel
Close area
Manually closes area to any card access

Occupancy Function Actions
A Local function list may be set to activate based on
occupancy
Minimum count
Triggers Local I/O on descending count direction

Maximum count
Triggers Local I/O on ascending count direction

Timezone/Area Modes
Doors associated to areas can be configured to open

or close based on the start and end timezone

Setup Local APB Readers
Area Configuration Rules

Area entering
Updates badge being used with new area

Required
Area leaving
Checks for APB violation
Free pass negates this check one time
Cardholder must be in this area before access
Not required
System has choice for Dont care; equivalent to blank

Local APB Readers
Anti-Passback tab in reader configuration

Area entering
Move the badge to this new area

Area Leaving
Badge must be in this area to use the reader (for Hard APB)
Use Soft anti-passback (APB not enforced)
Timed Area anti-passback
Used to allow areas with Timed APB
Timed anti-passback setting (minutes)
Actual time limit for the same badge using the reader twice in
a row

Local APB Readers


Global Anti-passback may be enabled system wide

or may be enabled per segment
Global and Local Areas are not supported
simultaneously in a non-segmented database or in

the same segment in a segmented database
Global Area Control utilizes the LS Communication
Server to track APB

Global APB Cont.
Decision to grant / deny access will be made at the

database when using Hard APB
If reader is configured for APB
Decision based on APB location
Decision to grant / deny access will be made by the

access panel when using Soft APB
Decision based on access level
Anti-passback event generated after the access event
is received by the database

Global APB Cont.
When online, the LS Communication Server

performs OnGuard database lookup to enforce APB

Global APB Cont.
For Hard APB only, when the panel is offline from

the OnGuard database
Access panel will attempt to make access decision
through the LS Communication Server for 15 seconds

Reader blinks red/green during this time
After 15 seconds of database inaccessibility the off
line state is then enforced based on the configuration
of anti-passback at the reader
Access will be denied for all cardholders (default)
Decision will be made by the Access panel based on access
level

Setting up Global APB
Global APB is setup in several steps

Enable Global anti-passback
Create/Set up Areas
Set up APB at Readers

Global Areas
Areas may span Access Panels

Not associated with an access panel
Tracked by the Communication Server

Some area features disabled
Two man control
Function list activation
Global Area types

Normal (Similar to a local area)
Hazardous (only used with Mustering)
Safe (only used with Mustering)

Global Areas Cont.

Global APB Readers
Global APB reader configuration

Similar to Local APB reader options
Timed Area APB not available
Timed APB is available but reader must not be
associated to an area
Host Decision Offline Mode
Global areas require access to DB so we need to set the

behavior when the database is offline
Default is to Deny all access attempts
Set Make local decision at panel to suspend APB and revert
to panel access level enforcement

Global APB Readers Cont.

Alarm Monitoring
Areas
Occupancy report
Displays cardholders in area

May be manually refreshed
Move badges
Allows moving cardholder to selected area

Anti-Passback Features
Allows current cardholder displayed

One Free Pass
APB not enforced for first access attempt

APB Move Badge
Allows badges to be moved from the current area to a new
area
Notes may also be logged
Global APB only
Display Global APB Areas
Displays the Global APB areas for all badges of the currently
displayed cardholder

Anti-Passback Features

Global APB Reset
Listed as an Action In only scheduler

Global APB System/Segment Reset
Local APB Reset was done on a timezone or manually

Mustering

Mustering
Global APB is the foundation for Mustering

Mustering requires at least two global areas
Hazardous Location
Safe Location

Mustering Cont.
Hazardous Location
A danger area
When Mustering is initiated, a occupancy report will
be generated showing cardholders in the Hazardous

Location
More than one Hazardous Location may exist for a
Safe Location(s)
Safe Location
A safe area used to account for and assemble
cardholders leaving a Hazardous Location(s)

More than one Safe Location may exist for a
Hazardous Location(s)
Hazard Location
Hazardous Location
Tracked by the DB/Communication Server

Normal areas may be associated and located within a
Hazardous Location
Active area features
Maximum occupancy
Close area

Safe Location
Safe Location
Tracked by the DB/Communication Server

No area features enabled
Cardholders area will update regardless of access
level permissions during Mustering
Cardholder must access the Safe Area reader
Recommended Safe Area configuration
Set area leaving as Dont care
Enable Soft APB

Safe Location Cont.

Associated Safe Locations
Associated Safe Location

Associates one or more safe locations with each
Hazardous Location
A mandatory configuration when the following
functionality is required
Muster Reset Area
Removes all badges from safe area to a specified area when
Muster mode is reset
Muster Start Area
Removes all badges from safe area to a specified area when
Muster mode is initiated

Associated Inside Areas
Associated Inside Areas

Associates normal areas with the Hazardous Location
Muster report will list all badges within the Hazardous
Location and all associated areas

Mustering Reporting
Muster Reporting
Muster report shows badges within the Muster area
and associated areas

Alarm monitoring Muster Report activation
Immediate
Time delay in minutes
Minimum occupancy is reached

Safe Reader Configuration
Anti-passback tab in reader configuration

Similar to all other APB reader configurations
Readers entering a Safe Area

Automatically Use soft APB
Automatically set Area Leaving to <Dont Care>

Alarm Monitoring
Hazardous Location
Muster report
Real time display of cardholders in Hazardous Location and

optionally inside areas within the Hazardous Location
Optionally removes all cardholders from Safe Area
Automatically refreshed every two minutes
Shows last attempted location
Start muster mode
Starts muster mode for Hazardous Location
Reset muster mode
Stops muster mode for Hazardous Location

Alarm Monitoring Cont.

Guard Tour

Guard Tour
Creates predefined guard checkpoints that must be

reached in the correct order in a pre-defined
rehearsed time range
Alarm input devices may be optionally configured as
checkpoint devices for ease of configuration
Filtering purposes

Guard Tour Configuration
The Guard Tour wizard will configure:

Devices to be used as checkpoints
Devices may be filtered by defining device as a checkpoint

device
Readers
Reader aux inputs
Alarm panel inputs
Personal safety device inputs
Checkpoint devices may span Access Panels
Must reside in same segment in a segmented database

Guard Tour Configuration Cont.

Device minimum/maximum times

Defines time window that checkpoint must be reached
From start of tour if first device in tour
From previous checkpoint device
Time may not be set to zero
Device order
Order that checkpoints must be toured


Action Events
Define actions link(s) to checkpoint action events

Action type
Action group

Action Events Cont.

Action Events Cont.
Checkpoint reached on time

Generated when guard arrives between minimum and
maximum times
Checkpoint reached early
Generated when guard arrives prior to minimum time
Checkpoint overdue
Generated when maximum time exceeded and guard
has not yet arrived

Checkpoint reached late
Generated when guard arrives after maximum time

Associated Messages
Associate messaging with action events

Email
Recipient(s)
Subject
Message

Associated Messages Cont.

Monitor Stations
Monitor station assignment

Monitor station must be first configured in Monitor
Station configuration
Selects which Alarm Monitoring stations will be
notified
When the tour is scheduled to begin
When tour is started at another alarm monitoring station

Monitor Stations Cont.

Digital Video
Digital Video Camera assignment

Associate cameras to checkpoint devices for live view
or record tour that is underway

Enable live video for this tour
Will display a matrix view for all cameras linked to the

checkpoint devices in the tour
Colored frame follows tour activity

Digital Video Cont.

Tour Instructions
Tour Instructions
Create instructions for the tour that may be viewed or
printed from Alarm Monitoring

Tour Groups
Allows assignment of a single or multiple tours

Random Tour List
Picks a random tour from the Tour Group that is scheduled to

run
Security Clearance Level
Only the guards that have Security Clearance are listed when
the tour is launched.
Guards without Security Clearance Level can also be selected.

Tour Groups Cont.

Security Clearance
Cardholders are set as recommended guards for a

tour by assigning security clearance.

Tour Scheduler
Schedules Tours or random Tours from Tour Group

Alarm Monitoring Workstations will be notified that
tour needs to be started

First Alarm Monitoring workstation that starts tour gets
priority
All other Guard Tour Stations will be notified

Tour Scheduler Cont.

Guard Tour Events
Guards Tour events appear only in the Alarm

Monitoring Guard Tour dialog
Guard Tour events are stored in a separate database
table
Events are generated by LS Linkage Server
Guard Tour events sorted by each individual tour

Guard Tour Event Definitions
Guard Tour Initiated

Issued at start of tour
Guard Tour Completed

Issued when last checkpoint reached
Guard Tour Completed with errors

Issued when last checkpoint reached but one or more
checkpoints were not reached on time or missed all

together

Guard Tour Event Definitions Cont.
Guard Tour Cancelled

Cancelled by the Alarm Monitoring operator before
Tour is started
Guard Tour Terminated
Tour terminated prior to completion by Alarm
Monitoring operator

Guard Tour Event Definitions Cont.
Checkpoint reached out of sequence

Issued when a checkpoint was reached that was
expected further along in the tour

Checkpoint missed
Issued when a checkpoint further along was reached
before this checkpoint

Terminology
Alarm Monitoring Operator

User responsible for monitoring alarms, controlling
hardware at the Lenel OnGuard Alarm Monitoring

station
Guard
Security officer responsible for physically touring the
facility as part of the Guard Tour

Launching a Guard Tour
Guard Tour
Launch Guard Tour from Hardware tree or toolbar
Start tour
View tour

Launching a Guard Tour Cont.
Select tour
Instructions
View or print tour instructions
Select Guard
With proper Tour Security Clearance Level
Any Guard
Any badge

Launching a Guard Tour Cont.


Destination Assurance Cont.
Global functionality allows timing the use of a

initiating reader to one of several destination readers
Maximum time 9999 minutes (approximately 7 days)
Must proceed to exit readers option enforces use of

the exit reader prior to any other reader
Other readers may be accessed prior to the exit
reader within the timeout, with the option turned off
Note: LS Linkage Server must be running

Without Must Proceed To Exit Readers
Entrance reader access

Entrance
Alarm configuration 20
Reader
minutes timer begins
Exit reader must be
accessed prior to 20 minutes
timeout expiration
Alarm generated if not
Exit
accessed within 20
Reader
minute timeout
Other readers may be * Option off
used during the 20
minute timeout*

With Must Proceed To Exit Readers
Entrance reader access

Entrance
Alarm configuration 20
Reader
minute timer begins
Exit reader must be
accessed prior to
timeout expiration Non- exit 20 minutes
Alarm generated due Reader
to non-exit reader
being accessed*
Alarm also generated
Exit
after the 20 minute
Reader * Option on
timeout
Destination Assurance Cont.

Enabling Badge Exemption
A system prompt occurs when creating the first

Destination Assurance link after performing an
OnGuard upgrade
Enable badge exemption option
Allows each badge to be set exempt for this feature

Default is non-exempt
All users with view or edit permissions to see the Destination
Exemption option control
New installs have the option automatically added to
the badge form


Invalid Badge Event
Invalid badge events will have the badge status

appended to the event description for inactive
badges
No status will be appended on an active badge that is
generating an invalid badge event

Standard invalid badge event will be generated on an active
badge due to no access levels assignment

Basic Configuration
Cardholder option must be enabled

Use invalid badge event text
Report badge as being lost or stolen

Deactivate badge for cardholder
Invalid Badge alarm

Alarm description format dropdown can now be edited
Event Text Only

Alarm Name Only
Alarm Name Event Text
Event Text Alarm Name
Refresh Alarm Configuration in Alarm Monitoring
Cardholder Options

Additional Event Configuration Options
Badge statuses requiring special handling will need

an exact entry match in the Text Library
Special alarm handling may be configured
Alarm definition will need to include text
Global I/O will need to include text as the trigger for
an action execution

Advanced Configuration
Cardholder option must be enabled

Use invalid badge event text
Create Badge Status entry

Create Text Library entry
Directly from Text Library or Alarm Definition or
Global I/O
Create custom alarm definition and/or create Global
I/O

Badge Status

Text Library

Alarm Definition

Global I/O

Examples
Active badge with at least one access level

Access grant
Badge not in DB
Invalid badge
Active badge with no access levels assigned

Invalid badge
Badge marked as Lost (with Cardholder Option

enabled)
Invalid badge Lost

Uses of Event Text
Events that may be configured with event text

Generic event
Invalid badge
Option must be enabled in Cardholder Options

License expiration
Unknown user command

Advanced Alarm Handling
Options

Advanced Alarm Handling Options
One of two alarm handling options may be

configured per alarm definition
Alarm highlighting
Displays pop-up window after a pre-configured period

indicating that an alarm has not been acknowledged
Alarm forwarding
The alarm will be forwarded to another alarm monitoring
station after a pre-configured period
//System Administration/Administration/Monitoring/Alarms/Failure to Acknowledge

Dependent services
The LS Communications Server is used to forward
hardware related alarms

The LS Linkage Server is used for non-hardware
related alarms
Mustering alarms
OpenIT events
//System Administration/Administration/Monitoring/Monitor Zones/Monitor Stations

Alarm Highlighting

Alarm Highlighting Cont.
A dialog box will to pop-up in Alarm Monitoring

when the alarm has not been acknowledged in the
configured time frame
Option to silence the reoccurrence of select alarms
for the snooze interval

Snooze
Snooze all

Alarm Highlighting Cont.

Alarm Forwarding
Alarm forwarding may be configured per alarm

definition
The alarm will be forward to another alarm monitoring
station after a pre-configured period

Uses the time received by the Alarm Monitoring
program
Queued events in DB follow same received rule
//System Administration/Administration/Monitoring/Alarms/Failure to Acknowledge

Alarm Forwarding Cont.


Alarm monitoring includes two columns that may be

configured to display
Workstation
Workstation that events are forwarded from

Time received
Date/time when event was received by the Alarm Monitoring
station the event was forwarded
//Alarm Monitoring/Configure/Columns

Monitoring station that alarms are to be forwarded to

must include the hardware in the monitor zone
Event routing may be used to control suppression of
events except when forwarded

Event routing time zones do not affect forwarded events
Alarms forwarded to a monitor station who already
has received the alarm will not display the alarm a
second time

Set Forwarding action

type allows alarm
forwarding to be
scheduled
Choose source
monitoring station
Choose monitoring
station that events are

to be forwarded
Set station to None to
configure the system to
stop forwarding
//System Administration/Administration/Scheduler
Alarm icon indicates forwarding status in Alarm

Monitoring
Routed In
Routed Out
Failure to Route

Summary
Access control features

EOL resistor table
Debounce Time
Hold Time
Entry/Exit Delay
1st Card Unlock
Cipher mode
I/O Linkage
Local I/O
Global I/O

Summary Cont.
Alarm Mask Groups
Command Programming
Instant Commands
User Commands
Intrusion Command

Summary Cont.

Escort Mode
Temporary Access
Area Control and Anti-Passback
Local Anti-Passback
Mustering
Guard Tour
Alarm Forwarding

Course 3000
Advanced Cardholder Management Applications

1 CR3000 - M06.01 - 6.4.500 TU 1 (ID Manage Apps)
Area Access Manager
Area Access Manager User Guide

Area Access Manager
Area Access Manager is an application allowing

administration of existing access levels to existing
cardholders
An Area Access Manager user has control over
specific access levels that are assigned in System
Administration
Area Access Manager is access level oriented

Area Access Manager
Browser-based OnGuard
Documentation: Area Access Manager User Guide (Browser-based

Client)

User Permissions
Access levels must be defined prior to assigning

Area Access Manager Levels
Access levels are assigned to the Lenel OnGuard
user account
Only access levels assigned will be accessible from
the Area Access Manager program

User Permissions

View Only User Permission
This user has view-only

access to the Area
Access Manager
application

System Configuration
Cardholder options allows setting up cardholder

search results fields and order

Area Access Manager Functions
Login to Area Access Manager

Logins administrated from Lenel OnGuard product
Assign cardholders to access level

Multiple cardholders may be selected
Remove cardholders from access level

Multiple cardholders may be selected
View personal information concerning highlighted

cardholder
Run reports based on Visitors and Cardholders

Assign Cardholder
Select access level

Conduct search of cardholders by selecting Assign
Launches wizard
Select cardholder(s) to be assigned to selected
access level
Add cardholders to access level

Assign Cardholder

Assign Cardholder

Remove Cardholder
Select access level

Select cardholder(s) to be removed from selected
access level
Remove cardholder from access level by selecting
Remove
Confirmation message appears

Display Personal Information
Allows viewing of cardholder, badge and access

level information of selected cardholder
No information may be modified

Display Cardholder Assignments
Selecting access level will display all cardholders

assigned to the access level

Area Access Manager Reports
Area Access Manager reports

Default Reports
Access Level Assignments to Cardholders

Access Level Assignments to Cardholders by Segment
Additional reports can be added from System
Administration
Modify report and select type as Area Access Manager

Visitor Management
Visitor Management User Guide

Visitor Management
Visitor Management is a part of the OnGuard

application allowing management of visitor
enrollment and visits
Visitor Management is controlled by user account
permission
System Permission Group

Visitor Management
Cardholders may optionally be allowed

visitor assignments

List Builder
Visit Types
List builder is used to populate the visit types
dropdown
Used for identifying purpose of visit
Badge status
When a visitor signs out, one inactive badge status
will be assigned to the access control badge

List Builder

Visits Configuration
Cardholders Options
Visits
Default time and out

Allows customizing visits based on business hours
Number of remaining visits

Visits purchased as part of software license
Refresh rate (in minutes)

Refreshes visit information on visit form

Sign in now
Allows configuring visitors in advance
Visitor badge type permissions

Allow disposable badge printing
Allow access control badge assignment

Allow email notification

Restricts sending email on creation of visit
Email recipients
Include default recipients
Include hosts email by default
Include visitors email by default

Synchronize active badges and active visits

Sets badge activate and deactivate date with visit
time in and time out dates

Prompt user prior to synchronizing
Only prompted on a modify visit
Allows user to choose from multiple active badges
Badge status for sign out

Chooses badge status upon sign out of visitor


Search Results
Cardholder Lists
Chooses fields and field order of cardholder
information
Used when linking cardholder to visitor
Visitor Lists
Chooses fields and field order of visitor information
Used when linking visitor to cardholder

Search Results

Search Results
Visit Lists
Chooses fields and field order of visit information
displayed on the visit form

Person E-mail Fields
Person Email Fields (Default recipients)

Allows selection of fields used for email notification of
visits
Cardholder
Cardholder E-mail field default
Visitor
No default E-mail field
Linked directory accounts
Allows E-mail to be sent from configured linked Directory
Accounts to cardholder or visitor

E-mail fields may be created in FormsDesigner with

field properties V-Card field set to Internet E-mail
Multiple E-mail fields may be created
Personal e-mail account

Business e-mail account


Visitor Badge Types
Badge type class

Visitor disposable badge
No access levels may be assigned

Badge ID is a negative number
Visitor access control badge
Access levels may be assigned
Badge ID is a positive number

Visitor Badge Types

Operator Tasks
Add New Visitor

Add New Visit
Sign in visitor
Schedule visitor
Managing Visits
Sign out visitor
Status Search capabilities

Reporting

Operator Tasks

Visit View
A single point of managing visits

Defaults to displaying active visits for all cardholders
and visitors for today

Additional filtering may be applied
Date
Cardholder (host)
Visitor
Visit status

Visit View
Results may be temporarily rearranged by sliding

columns into the order desired
Visit results are automatically updated
System default rate
Refresh rate (in minutes)

Managing Visits
Add new visitor

Add a new visit
Use existing visit to create new visit
Visit information for selected visit
Cardholder information for selected visit
Visitor information for selected visit

Add New Visitor
Visitors may be enrolled into the system

Visit form
Cardholder form
Person type field adds cardholders or visitors

Image, signature, fingerprint and hand template may
optionally be used for visitors

Add New Visitor
Visit form
Existing visitors may be selected
New visitors may be added
Capture image or biometrics

Import business card
Sign in now
Scheduled time out

Add New Visitor
Visit details
Visit type
Contents populated in List Builder

Purpose
Text field describing visit purpose

Add New Visitor
Visit e-mail notification

Default recipients
Generally people notified every visit

Configured under System Options | Visits tab
If segmented database, configured under Segments
Cardholder
Visitor
Additional recipients

Default Email Recipients

Add New Visitor
System will send e-mail based on configuration to all

unique addresses
Cardholder/visitor email fields
Linked directory accounts
Additional email accounts

Visitor Badge
Only badges with visitor badge types are made

available for visitors
Disposable badges will created when visit is created
Access control badge will be assigned to the visitor
during the creation of the visit

Must be already present in the system and have a status of
inactive

Visitor Badge
Badge type class

Disposable
No access level may be assigned

Badge type configuration determines properties
Non-disposable (access control badge)
Access levels may be assigned
Badge type configuration determines properties such as
default access group

Sign In Visit
Print disposable badge

Select badge type
Badge will print to printer defined by Badge Type

Sign In Visit

Sign In Visit
Access control badge ID

Badge must be a visitor class badge
Non-disposable
Badge ID must currently be in the system
The badge will move to the new visitor if assigned to another
visitor
User will be prompted if the badge is active

Sign Out Visit
Visitor sign out uses current date and time

Active badge will be deactivated badge
Status configured in Cardholder Options

Sign Out Visit

Status Search
Search for Visits that meet a certain criteria

Scheduled
Active
Finished

Visitor / Visit Reporting
Visitor Management Reports

Default Reports
Personnel Without an Active Badge

Personnel, Personal Details
Visitors
Additional reports can be added from System
Administration
Modify report and select type as Visitor
Reports of type Visit do not display in Visitor Management

Visit Reports in System Administration
All current active visits by cardholder, by visitor
Visit history
All Visitors

Reports

Reports

IDVM Visitor Management EL2200
Host Application
Browser-based application allowing employees
(hosts) to enroll visitors and schedule visits

Administration
Browser-based application used to configure the
visitor management system

Bulk User Import Utility
Bulk User Import Utility found in the

OnGuard 2010 program group
Used to automatically add OnGuard internal
user accounts using existing OnGuard
cardholders with directory account linkage
Used for IDVM

Users
Automatically created
user
Used to help filter
users that were

created for use with
the new IDVM Host
Applications

Users
Hide users that have

been automatically
created
Will filter out all IDVM
users that have been

automatically added
from view

IDVM Visitor Management
Front Desk
Application used to search and add visitors, sign
in/out visitors, assign access control badges and print

temporary paper badges
May be deployed through ClickOnce
Kiosk
Self service touch screen portal allowing a visitor to
logon/search their own visitor record through the use

of a 3 of 9 3:1 barcode, capture photo, and print a
temporary paper badge

IDVM Host Application
Calendar in
Use
Assign
Delegates
Calendar
Functions
Schedule
New
Event
Invite /
Remove
Visitors

Host Application Delegates
Add / Remove
Delegates

Host Application Advanced Search

Outlook Integration
Employees have the ability to interact with a single

application that they are comfortable with and use
on a daily basis
Note: Customer must be using Outlook
Some companies use Lotus Notes or other email
solutions

Host Application Outlook Integration
Select
OnGuard Visitor
Management
and schedule a visit in OnGuard

reflected in both Outlook and
Visitor Management

Administration Functions
Sign in locations
Configures dropdown list when creating an event from
the host application

Kiosk profiles
Set kiosk messages
Kiosk
Configure Kiosk Locations
Other settings
Configures badge type for disposable badges

IDVM - Administration Application

Front Desk Application
Visitor Management Front Desk User Guide
Add Events &

Visitors

IDVM Support for the CSS-1000
CSS-1000 is a USB device that will scan in driver

licenses and passports
Pre-populates OnGuard fields
The Front Desk Application
Support for Driver license lookup on IDVM Front Desk
Application
Support for Passport lookup on IDVM Front Desk Application

Front Desk Confirming Email
Visit e-mail confirmation sent to visitor and host

when a visit is scheduled
Visit key and Barcode included for interaction with
the Kiosk
Visit Key
Barcode

Kiosk Hardware
Ped 1 Configuration Ped 2 Configuration

Kiosk Application Welcome Screen

Kiosk Application Sign In
Touch the sign in button on the screen

Scan the barcode or manually type the visit key contained the email
Optional Forgot Visit Key will

display customizable message
to the visitor
Kiosk Application Sign Agreement
Agreement message can be configured on a per kiosk basis

Touch scroll bar on the right hand side of the screen and scroll down
Touch the I have read and Agree button
Touch Next Step

Kiosk Application Update Visitor Info
Visitor may review data and update as required

Use scroll bar to show all Visitor Profile data
Touch field to update information.
Touch Next Step

Kiosk Application Capture Photo
The kiosk has a built in camera to capture visitor photo

Click Take Photograph
Click Next Step

Kiosk Application Print Badge and Sign In
Badge may be printed and visitor signed into the system

Click Print Badge and Sign In

Summary
Area Access Manager

Visitor Management
IDVM Visitor Management

Course 3000
Elevator Control

1 CR3000 - M07.01 - 6.4.500 TU 1 (Elevator Control)
Elevator Control Overview
LNL-1320 button interrupt elevator control

1-6 floors
LNL-1320 Relays interrupt elevator floor selection
button
LNL-1300 button interrupt elevator control
1-128 floors
Uses LNL-1300 and LNL-1200 combination
LNL-1300 elevator control with floor tracking

1-128 floors
Uses LNL-1300, LNL-1100 and LNL-1200
combination
LNL-1320 Button Interrupt Example
N/C
ISC To
C
N/O
Elevator
Control
Room
LNL-1320 Elevator
Floor Button
1 2
Reader
1 2 3 4
3 4 5 6
5 6
This example shows a button interrupt setup that will allow the
cardholder to select floors 1, 2, 4 & 5 but only chooses floor 1.
LNL-1300 Button Interrupt Example
To
Elevator
ISC Control
Room
Elevator
Floor Button
1 2 3
4 5 6
1 2 3 4 5 7 8 9
6 7 8 9 10 10 11 12
Reader
11 12 13 14
LNL- 13 14 15
1300 15 16
16
~8 LNL-1200
This example shows a button interrupt setup that will allow the cardholder to
select floors 1, 2, 4, 5, 10, 12, 14 and 15 but only chooses floor 1.

LNL-1300 Floor Tracking Example
To
ISC Elevator
Control
Room
Reader
LNL-
1300
Elevator
Floor 1 2 3 4 5
Buttons 6 7 8 9 10
1 2 11 12 13 14
3 4 15 16
5 6
~8 LNL-1100 ~8 LNL-1200

Elevator Control Access Panels
Elevator Control must be enabled at the ISC for all

types of elevator controls
Reserves memory in the ISC
Allows readers to be configured for elevator control
NOTE: Elevator control is not supported on the LNL-
2210

Elevator Control Access Panels

Reader Setup
LNL-1320 Elevator Control

Button Interrupt

Button Interrupt
Floor Tracking

Lenel LNL-1320 Button Interrupt

Track floors not available
On-board relays used for control
Reader two disabled
Additional elevator hardware not used


Elevator Control Levels and Access Levels
Comparing Access Levels and Elevator Control Levels

Elevator Control Levels
Combination of Timezones, Relay Outputs and Floors

256 Elevator Control Levels Supported
Elevator Control Levels used to configure:
Elevator Access Level assigned to badge
Day mode for free access to floors
Access Levels
Combination of Readers and Elevator Control Levels
Elevator control level treated as a multi-floor timezone
Standard readers and elevator readers may be combined into
the same access level



Using Elevator Control
Access Granted Events

Pulses 1320 relays based on assigned Elevator
Controls
Pulse duration is set by adjusting each readers strike
time

Using Elevator Control

LNL-1300 Button Interrupt
Lenel LNL-1300 Button Interrupt

Check Elevator Control only
Additional elevator hardware must be used
Must be configured through the Reader Elevator Hardware

tab
LNL-1200 relays used for control

LNL-1300 Button Interrupt

Elevator Hardware
Used in conjunction with the LNL-1300

Assigns up to 8 LNL-1200 Output Control Modules for
use in elevator control

Without Floor tracking checked LNL-1200 is the only
hardware available
Outputs may be renamed to match floor names
System Administration | Access Control | Alarm Panels | Alarm
Outputs

Elevator Hardware

LNL-1300 Floor Tracking
Lenel LNL-1300 Floor Tracking

Check Elevator Control and Track Floors
Additional elevator hardware must be used
Must be configured through the Reader Elevator Hardware

tab
LNL-1100 inputs used to detect which floor has been
requested


Used in conjunction with the LNL-1300

Assigns up to 8 LNL-1100 Input Control Modules for
use in elevator control

With Floor Tracking checked LNL-1100 and LNL-1200 are
available


Custom Day Mode
Pre-defined floors have free access during active

day mode timezone
Each floor may use a different time zone
LNL-1320 will have output(s) energized
LNL-1300 requires button selection
Day Mode Elevator Control assigned per reader
Under Access Control | Reader | Control Tab | Elevator
Control Settings Area

Custom Day Mode

Online Facility Code
Online Facility Code No Floor Tracking

All outputs defined in the Elevator Control Level
(ECL) selected from the drop down box will energize

when granted facility code is issued at the reader
Works for LNL-1300 and LNL-1320 elevator solutions
The reader must be on-line and in facility code mode
Online Facility Code With Floor Tracking enabled
for LNL-1300
Outputs defined in the Elevator Control Level (ECL)
selected from the drop down box will be available

Selection of the floor via elevator button is necessary
The reader must be on-line and in facility code mode
Online Facility Code

Offline Access
LNL-1320 offline from ISC

Output 1 will energize when a badge (with valid
facility code) is presented to the elevator reader
LNL-1300 offline from ISC
No Floor Tracking all outputs defined in the Elevator
Control Level (ECL) selected in the drop down box for
Online Facility Code will energize
With Floor Tracking enabled the outputs defined in
the Elevator Control Level (ECL) selected in the drop
down box for Online Facility Code will be available
Selection of the floor via elevator button is necessary

Summary
Elevator control
1320 Button Interrupt
1300 Button Interrupt
1300 Floor Tracking
Day Mode
Online Facility Mode
Offline Access

Order
1 Segmentation (Workbook Location - System Wide Settings)
Step 1 Enable Segmentation (System Administration | Administration | Segments )
Step 2 Enable Card Format Segmentation
Step 3 Enable Badge Type Segmentation
Step 4 Enable Cardholder and Visitor Segmentation
Step5 Enable Segments belonging to more than one Segment Group
2 Single Sign-On (Workbook Location - System Wide Settings)
Step 1 Create Directory (System Administration | Administration | Directories)
Step 2 Link Directory to User (System Administration | Administration | Users | Directory Accounts)
3 Action Groups (Workbook Location - System Wide Settings)
Step 1 Open the Action Group Library (System Administration | Administration | Action Group Library)
Step 2 Click the "Add" button
Step 3 In the Action Group Properties window, give the action group a description then click the "Add" button.
Step 4 Select the Action type and click the "Next" button.
Step 5 Depending on the Action type you chose the next step will allow you will select the device, guard tour, panel, etc. Choose the one you want
Step 6 Select the function options on the bottom of the window and click next.
Step 7 Click "Add" again if you want more Action Types in your group (like in step 3) or click "OK" if you are done.
4 Scheduler (Workbook Location - System Wide Settings)
Step 1 Select Linkage Server Host (System Administration | Administration | System Options)
Step 2 Start Linkage Server (as a Service or Manually through OnGuard Application)
St 3
Step Create Schedule to activate Action Group (System Administration | Administration | Scheduler)
5 Global Output Devices (Email and Paging) (Workbook Location - System Wide Settings)
Step 1 Set SMTP Server Settings (System Administration | Administration | Global Output Devices)
Step 2 Create Recipients (System Administration | Administration | Global Output Devices)
Step 3 Send Alarm E-mails (Manual - Right Click on Alarm in Alarm Monitoring )
Step 4 Setup Messages in Alarms (Automatic - Associate to Alarm in System Administration | Administration | Monitoring | Alarms | Messages tab )
6 Forms Designer (Workbook Location - Forms Designer)
Step 1 Create DB Backup in SQL
Step 2 Open Forms Designer and make changes
Step 3 Save and Close Forms Designer
Lenel Systems International Inc. Confidential Page 1

7 Custom Reports (Workbook Location - Custom Reports)
Step 1 Open Crystal Reports (3rd Party Software)
Step 2 Click open report or new report Icon
Step 3 If opening report, Select a report from the OnGuard Report Templates
Step 4 Click OK to warnings
Step 5 Verify the database by clicking "Database\Verify Database".
Step 6 Type in the AccessControl DB log on ID and password.
Step 7 Click OK to all three warnings.
Adding a basic text field
Step 1 If the "Field Explorer" isn't showing on the far left side of the screen then open it by selecting "View\Field Explorer.
Step 2 Click + next to "Database Fields" to open it.
Step 3 Click + next to "UDFEMP" to open it.
Step 4 Click, drag and drop the field you want to add from the "Field Explorer" to the white area of the "Details" section of the report.
Step 5 Within the "Page Header" of the report you may need to modify the field's label.
Step 6 If complete save changes (remember to save the report with a different name other than the original or changes will be lost when upgrading OnGuard).
Adding a drop-down list field
Step 1 Open the "Database\Database Expert"
Step 2 On the Data tab expand "Current Connections\Lenel\accesscontrol\dbo\Tables"
Step 3 Find the table you want to add to the "Selected Tables" list, it will be named the same as the drop-down list you are adding to the report.
Step 4 Select the table and click the assign button (>) to add it to the "Selected Tables" List.
Step 5 Select the "Links" tab and delete the link between the "EMP" table and the for your drop-down list by right clicking on the line and selecting "Delete Link".
St 6
Step Scroll down the "UDFEMP" table until you find the drop-down
drop down list you are adding and click,
click drag and drop it on the ID field of the table you created
created.
Step 7 A new link should now be created from the "UDFEMP" Table and your drop-down list table. Close the "Data Expert" window.
Step 8 In the "Field Explorer" under the "Database Fields" you should now see your drop-down list field. Click the + next to it.
Step 9 Select "NAME" drag and drop it in the white area of the "Details" section of the report.
Step 10 Within the "Page Header" of the report you may need to modify the field's label.
Step 11 If complete save changes (remember to save the report with a different name other than the original or changes will be lost when upgrading OnGuard).
Add Report to Lenel OnGuard
Step 1 Login to "OnGuard\System Administration" and open "Administration\Reports".
Step 2 Click the "Add" button on the "Report Configuration" form.
Step 3 Click the "Browse" button, find and select the report that you saved.
Step 4 Select the report type by marking the appropriate checkboxes next to the categories in the "Type(s)" section.
Step 5 Optional: Add comments and passwords to customize the report.
Step 6 Click OK to save changes.

8 EOL Resistor Table (Workbook Location - Access Control Config)
Step 1 Open EOL Resistor Tables (System Administration | Access Control | EOL Resistor Configuration)
Step 2 Click add
Step 3 Configure a Basic or Advance Resistor Table
Step 4 Save Table
Step 5 Set Reader Control Supervision to your custom EOL table on all Readers
Step 6 Set Reader Aux Input Supervision to your custom EOL table on all Readers
Step 7 Set Alarm Input Supervision to your custom EOL table on all Alarm Inputs
9 Debounce (Workbook Location - Access Control Config)
Step 1 Adjust Reader Control Debounce time on all appropriate Readers (System Administration | Access Control | Readers | Controls Tab)
Step 2 Adjust Reader Aux Input Debounce time on all appropriate Readers (System Administration | Access Control | Readers | Aux Inputs Tab)
Step 3 Adjust Reader Alarm Input Debounce time on all appropriate Alarm Inputs (System Administration | Access Control | Alarm Panels | Alarm Inputs Tab)
10 Hold Time (Workbook Location - Access Control Config)
Step 1 Adjust Reader Aux Input Hold time on all appropriate Readers (System Administration | Access Control | Readers | Aux Inputs Tab )
Step 2 Adjust Alarm Input Hold time on all appropriate Alarm Inputs (System Administration | Access Control | Alarm Panels | Alarm Inputs Tab)
11 1st Card Unlock (Workbook Location - Access Control Config)
Manual
Step 1 Enable First Card Unlock on Access Panel (System Administration | Access Control | Access Panel | Options Tab)
Step 2 In Alarm Monitoring/System Hardware Tree, Right click on Reader and Select First Card Unlock/Enabled.
Reader Default
Step 1 Enable First Card Unlock on Access Panel (System Administration | Access Control | Access Panel | Options Tab)
Step 2 Enable First Card Unlock on Reader (System Administration | Access Control | Readers )
Timezone (Any Cardholder will unlock door)
Step 1 Add or Modify a Timezone Reader Mode and check the First Card Unlock check box (System Administration | Access Control | Timezones )
Step 2 When the time for the timezone starts, the reader you select in the Timezone Reader Mode will be set to First Card Unlock.
Timezone (Only Authorized Cardholders will unlock door)
Step 1 Enable First Card Unlock Authority Required (System Administration | Access Control | Readers |Settings Tab)
Step 2 Add or Modify the Access Level for the Cardholder(s) that are authorized (System Administration | Access Control | Access Levels )
Step 3 Add or Modify a Timezone Reader Mode and check the First Card Unlock check box (System Administration | Access Control | Timezones )
Step 4 Wait for the timezone to start and swipe the reader you selected in the Timezone Reader Mode.
12 Cipher Mode (Workbook Location - Access Control Config)
Step 1 Enable Cipher Mode (System Administration | Access Control | Readers )
Step 2 Add or Modify Magnetic Card Format, if needed (System Administration | Administration | Card Formats )
Step 3 Enable Card Format at Reader, if required (System Administration | Access Control | Reader )
Step 4 Enter your cipher code in to the keypad at the door you want to access. (Example: *1234(Facility Code) 12345(Badge ID) 01(Issue Code) #)

13 Local Input and Output Linkage (Workbook Location - Access Control Config)
Step 1 Create a Local I/O Function list (System Administration | Access Control | Local I/O )
Step 2 Link the Function List to an action (System Administration | Access Control | Local I/O | Device --> Function Links )
Step 3 Optional: Other uses for Function Lists are:
14 Global Input and Output Linkage (Workbook Location - Access Control Config)
Step 1 Open Global I/O (System Administration | Access Control | Global I/O )
Step 2 Click on Add and configure Global Linkage Tab
Step 3 Add Input Event(s)
Step 4 Add Output Action(s)
Step 5 Start Linkage Server (as a Service or Manually through OnGuard Application)
15 Acknowledgment Actions (Workbook Location - Access Control Config)
Step 1 Configure the alarm (System Administration | Monitoring | Alarms | Acknowledgment Actions Tab)
Step 2 In Alarm Monitoring, Click on Options | Refresh Alarm Configuration
16 Alarm Masking Groups (Workbook Location - Access Control Config)
Step 1 Configure the alarm mask group (System Administration | Access Control | Groups | Alarm Mask Group Tab)
Step 2 Configure Local I/O using the alarm mask group (System Administration | Access Control | Local I/O Tab)
17 Command Programming (Workbook Location - Access Control Config)
Step 1 Enable Allow User Commands checkbox per Reader (System Administration | Access Control | Readers | Reader Tab)
Step 2 Enable Command Authority for Users checkbox per Access Level(s) (System Administration | Access Control | Access Levels )
Step 3 Configure Command Programming (System Administration | Access Control | Readers | Command Programming Tab)
Step 4 Assign Access Level to Badge, if required (System Administration | Administration | Cardholders | Access Level Tab)
18 IInstant
t tC Commands
d (W (Workbook
kb k L Location
ti -A
Access C
Control
t lC Config)
fi )
Step 1 Configure the Instant Command (System Administration | Access Control | Reader | Command Programming Tab)
19 Unknown User Commands (Workbook Location - Access Control Config)
Step 1 Checkbox Display Alarm for Unknown User Command (System Administration | Monitoring | Alarms | Alarm Definition Tab)
20 User Commands - Extended Held Open (Workbook Location - Access Control Config)
Non-Segmented Database
Step 1 Set the Extended Held Command options (System Administration | Administration | System Options | User Commands Tab)
Segmented Database
Step 1 Set the Extended Held Command options (System Administration | Administration | Segments | Segments | User Commands Tab)
Step 2 Enable Allow User Commands checkbox per Reader (System Administration | Access Control | Readers | Reader Tab)
Step 3 Enable Command Authority for Users checkbox per Access Level(s) (System Administration | Access Control | Access Levels )
Step 5 Obtain Access Granted on Reader, OPEN door
Step 6 Enter Extended Held Command to hold door open for a programmed time period (Example:*200 (code ) 002 (minutes )#)

User Commands - Arm/Disarm using LNL-CK (Workbook Location - Access Control Config)
Step 1 Enable the Arm/disarm Command (System Administration | Administration | System Options | User Commands Tab)
Segmented Database
Step 1 Enable the Arm/disarm Command (System Administration | Administration | Segments | Segments | User Commands Tab)
Step 2 Enable Allow arm/disarm Command checkbox per Reader (System Administration | Access Control | Readers | Reader Tab)
Step 3 Enable Arm/disarm Command Authority checkbox per Access Level(s) (System Administration | Access Control | Access Levels )
Step 5 Obtain Access Granted on LNL-CK via PIN #
Step 6 Enter Arm/disarm Command code and Alarm Mask Group number (Example:*300 (code ) 00 (alarm mask group )#)
Step 7 Enter command to Arm or Disarm group
21 Extended Options (Escort and Temporary Access Levels) (Workbook Location - Access Control Config)
Step 1 Enable the Extended Options (System Administration | Administration | System Options | Access Levels Tab)
Segmented Database
Step 1 Enable the Extended Options (System Administration | Administration | Segments | Segments | Access Levels Tab)
Step 2 Create the necessary Access Levels (System Administration | Access Control | Access Levels | Access Level Tab)
Step 3 Select the Extended Options tab (System Administration | Access Control | Access Levels | Extended Options )
Step 4 Click on Modify to designate access level as "an escort" or "requires an escort"
Step 5 Assign access level(s) to cardholders as needed (System Administration | Administration | Cardholders | Access Levels Tab)
Additional:
Temporary Activation and Deactivation may be set for entire access level(s)
22 Local Anti-Passback (Workbook Location - Access Control Config)
Step 1 Enable Anti-Passback (Timed and/or Store Areas) on Access Panel (System Administration | Access Control | Access Panel | Options Tab)
Step 2 Create multiple Areas (System Administration | Access Control | Areas )
Step 3 Assign Areas to Readers (System Administration | Access Control | Readers | Anti-Passback Tab)
Optional Configurations
Timed Anti-Passback
Timed Area Anti-Passback
23 Global Anti-Passback (Workbook Location - Access Control Config)
Step 1 Enable the Global anti-passback check box (System Administration | Administration | System Options | Anti-Passback Tab)
Segmented Database
Step 1 Enable the Global anti-passback check box (System Administration | Administration | Segments | Segments | Anti-Passback Tab)
Step 2 Create multiple Areas (System Administration | Access Control | Areas )
Step 3 Assign Areas to Readers (System Administration | Access Control | Readers | Anti-Passback Tab)
Optional Configurations
Timed Anti-Passback

24 Mustering (Workbook Location - Access Control Config)
Step 1 Activate and setup Global APB as described above.
Step 2 Add Safe and Hazard Areas (System Administration | Access Control | Areas )
Step 3 Associate the Safe and Hazard areas (System Administration | Access Control | Areas | Associated Safe Locations Tab)
Step 4 Associate Inside and Hazard areas (System Administration | Access Control | Areas | Associated Inside Locations Tab)
Step 5 Configure Muster Report activation (System Administration | Access Control | Areas | Muster Reporting Tab)
Step 6 Assign Safe area to Reader(s) (System Administration | Access Control | Readers | Anti-Passback Tab)
25 Guard Tour (Workbook Location - Access Control Config)
Step 1 Optional: Enable checkpoints for devices
Set a Reader (System Administration | Access Control | Readers | Settings )
Set a Reader AUX input (System Administration | Access Control | Readers | Aux Inputs )
Set a Alarm Panel Input (System Administration | Access Control | Alarm Panels | Alarm Inputs )
Step 2 Add a Guard Tour by using the wizard (System Administration | Monitoring | Guard Tour )
Step 3 Create Tour Groups in Tour Groups tab within Guard Tour
Step 4 Schedule the tours on the Scheduler tab within Guard tour
Step 5 Enable "Can perform guard tours" checkbox per Cardholder (System Administration | Administration | Cardholders | Guard Tours Tab)
Step 6 Select the appropriate tours for the cardholder (System Administration | Administration | Cardholders | Guard Tours Tab)
Step 7 Manual Launch: Right click in Alarm Monitoring | Guard Tour
Step 8 Scheduled Launch: A guard tour will automatically launch in Alarm Monitoring
26 Destination Assurance (Workbook Location - Access Control Config)
Step 1 Select an Entrance Reader in Destination Assurance (System Administration | Access Control | Destination Assurance )
Step 2 Click the Modify button
Step 3 Select an Exit Reader(s)
Step 4 Configure Options for minutes and 'must proceed to exit reader' checkbox
27 Lost/Stolen Badge Event (Workbook Location - Access Control Config)
Step 1 Configure Cardholder Options - enable Invalid Badge Event Text (System Administration | Administration | Cardholder Options )
Step 2 Create Badge Status in List Builder (System Administration | Administration | List Builder )
Step 3 Create Text Library (System Administration | Administration | Text Library )
Step 4 Define Custom Alarm (System Administration | Monitoring | Alarms )
28 Advanced Alarm Handling (Forwarding alarms) (Workbook Location - Access Control Config)
Step 1 Configure Alarm(s) for Failure to Acknowledge (System Administration | Monitoring | Alarms | Failure to Acknowledge )
Step 2 For Alarm Forwarding, Configuring Monitoring Station (System Administration | Monitoring | Monitor Zones | Monitor Stations )
29 Area Access Manager (Workbook Location - ID Manage Apps)
Step 1 Assign the access level(s) to the OnGuard User(s) (System Administration | Administration | Users | Area Access Manager Levels Tab)
Step 2 Open Area Access Manager Application (OnGuard | Area Access Manager )
Step 3 Select the Access Level from the drop down box
Step 4 Click on Assign Access Level Button and follow Access Level Assignment Wizard
30 Visitor Management (Workbook Location - ID Manage Apps)
Step 1 Configure Visitor Badge Type (System Administration | Administration | Badge Types )
Step 2 Configure Badge Status (Visit Type is optional) (System Administration | Administration | List Builder )
Step 3 Configure Visit options (System Administration | Administration | Cardholder Options | Visits Tab)
Step 4 Add Visit and Visitor information (OnGuard | Visitor Management OR System Administration | Administration | Visits )

31 Elevator Control (Workbook Location - Elevator Control)
Instructor setup for each student PC
Step 1 Delete the Input and Output panels
Step 1 Enable Elevator Support in the Access Panel (System Administration | Access Control | Access Panel | Options Tab)
Step 2 Click the Add button in the System Administration/Access Control/Readers tab.
Step 3 Add normal LNL-1320 reader information (Note: do not select a slave reader in the "Slave Reader Attached" field).
Step 4 Click the "Elevator" check box.
Step 5 In the Administration/Access Control/Access Levels/Elevator Control tab click the add button.
Step 6 Match the elevator output selector and the floor selector to the proper settings.
Step 7 Select the Timezone that you want.
Step 8 Click the Assign button.
Step 9 Increase the elevator output selector and click the Assign button again.
Step 10 Repeat the last step as many times as needed to get all of the floor used for an Access Level.
Step 11 Give the Elevator control a name and save it.
Step 12 In the same form, select the "Access Levels" tab and Add or Modify an Access Level
Step 13 Select the Reader (an elevator enabled reader) and the Elevator Control Level.
Step 14 Click the assign button and click OK
Step 15 Assign Access Level to Cardholder Badge(s) (System Administration | Administration | Cardholders | Access Levels Tab)
Step 1 Enable Elevator Support in the Access Panel (System Administration | Access Control | Access Panel | Options Tab)
Step 2 Click the "Add"
Add button in the System Administration/Access Control/Readers tab. tab
Step 3 Add normal LNL-1300 reader information.
Step 4 Click the "Elevator" check box. (for floor tracking, click the "Track Floors" check box.)
Step 5 Select the "Elevator Hardware" tab
Step 6 Click the "Add" button
Step 7 Choose the floor range, the port number, the address and the Panel Type (LNL-1100 (Input)).
Step 8 Click the "OK" button to save.
Step 9 Click the "Add" button again
Step 10 Choose the floor range, the port number, the address and the Panel Type (LNL-1200 (Output)).
Step 11 Click the "OK" button to save.
Step 12 Perform the last six steps as many as eight times to create 128 floor.
Step 13 In the Administration/Access Control/Access Levels/Elevator Control tab click the add button.
Step 14 Match the elevator output selector and the floor selector to the proper settings.
Step 15 Select the Timezone that you want.
Step 16 Click the Assign button.
Step 17 Increase the elevator output selector and click the Assign button again.
Step 18 Repeat the last step as many times as needed to get all of the floor used for an Access Level.
Step 19 Give the Elevator control a name and save it.
Step 20 In the same form, select the "Access Levels" tab and Add or Modify an Access Level
Step 21 Select the Reader (an elevator enabled reader) and the Elevator Control Level.
Step 22 Click the assign button and click OK
Step 23 Assign Access Level to Cardholder Badge(s) (System Administration | Administration | Cardholders | Access Levels Tab)

CR3000 Student Workbook

Transféré par

Informations du document

Description originale:

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

CR3000 Student Workbook

Transféré par

Droits d'auteur :

Formats disponibles

Advanced Access Control

Unauthorized Reproduction Prohibited

System wide configuration

Unauthorized Reproduction Prohibited

Access Control Features

Unauthorized Reproduction Prohibited

Area Control and Anti-Passback

Unauthorized Reproduction Prohibited

Unauthorized Reproduction Prohibited

System Wide Configuration

Unauthorized Reproduction Prohibited

Unauthorized Reproduction Prohibited

Segmentation is: The process of dividing an access

Unauthorized Reproduction Prohibited

Segmentation allows an additional level of

View only access

Unauthorized Reproduction Prohibited

When an <All Segments> user logs into <All Segments>,

Segment 3 Segment 3 Segment 3

Unauthorized Reproduction Prohibited

When an <All Segments> user logs into a segment, they can

Segment 3 Segment 3 Segment 3

User User Object

Segment 3 Segment 3 Segment 3

User User Object

Segment 3 Segment 3 Segment 3

Segment 3 Segment 3 Segment 3

System wide settings can only be configured by an

Archiving Events and Transactions

System Cardholder Options

General System Options

User segment access permissions must be modified,

otherwise, all users will have <All Segments> access

Note: Being an <All Segments> user is not the same as

Unauthorized Reproduction Prohibited

Once enabled, Segmentation cannot be disabled

Default segment is created for placement of pre-existing

Unauthorized Reproduction Prohibited

Unauthorized Reproduction Prohibited

Segments may be added independently or to a new

Hardware may be moved to new segment

Existing data may be copied to new segment

Access levels and groups may be copied or moved

Unauthorized Reproduction Prohibited

Unique segment name

Perform full panel download after move

If Do not copy records or move panels from another

segment is chosen then all associated access levels will

Unauthorized Reproduction Prohibited

Unauthorized Reproduction Prohibited

Copy records from another segment*

Copy empty access levels and groups*

in the new segment

empty after moving hardware

Unauthorized Reproduction Prohibited

Unauthorized Reproduction Prohibited

Unauthorized Reproduction Prohibited

Unauthorized Reproduction Prohibited

Unauthorized Reproduction Prohibited

Prefix or append text to the names of records for

Unauthorized Reproduction Prohibited

Unauthorized Reproduction Prohibited

Unauthorized Reproduction Prohibited