The latest version of GuardPointPro is available for download
Notes on installation can be viewed here
Update policy for this version
From this version, the main GuardPointPro application requires a dongle with minimum version 3.00.0xx or higher.
In case there are no version details at all or if the version on the dongle is less than 3.00.0xx then
GuardPointPro will give an error to the user and would close the application right after
Default setting values
- DatabaseTimeout = 600 instead of 0
- ClearAddressInAllCtlOnNewBadge = 1
- UseMemoryCacheForCardAddress = 1
- DeleteCardOnUnKnownCardAddress = 1
- SendCtlScriptAfterCardFormatCommand = 1
- LogScrollControl = 1
- LogInsertEventsControl = 1
- ReportShowDeleted = 1
- pollingFilesNumberPerTimer = 5
- SaveCardHistoryForReport = 1
- UseNumBadgeTrackTable = 1
- MaxCardholders = 44000 instead of 5000
- NextNumBadgeRandom = 1
- MultipleViewPhoto = 1
- DisplayPhotoDuring = 2 instead of 0
- DynamicSiteSetUpBatchSize = 500
In addition, if using the ServiceCom module, the following default settings are set:
- in the ‘secComService.exe.Config’ file:
- selectTopNumberOfPendingRecordsToSend = 2000 instead of 1000
- sendCommandsToDebugMonitor = 1
- in the Network screen:
- Send Command Interval = 5 Msec. instead of 50 Msec.
- Ratio Polling / command = 1:50 instead of 1:10
- Event timeout = 500 Msec. instead of 100 Msec.
When updating an existing system, the current settings will not be overwritten. Thus, if necessary, those parameters must be set manually.
GuardPointPro supports MT-6330 Handheld reader from Partner Tech. This mobile phone includes the reader technology, which supports EM-Marine 125Khz on an Android platform. This integration allows a guard to check the validity of badges without the need of a mounted, hardwired reader.
After swiping the card at the back of the device, cardholder’s information is displayed on the Mobile screen with the picture of the cardholder and the mention ‘Valid’ or ‘Not Valid’ accordingly. For invalid badges, the denied reason is displayed as well (i.e. Canceled, Lost or Stolen). At the same time, an access event is shown in the GuardPointPro event log in real time, as long as the reader is connected with the dedicated web server via the Wifi.
This integration works with SQL databases only.
Mifare DESFire® technology and STID readers
A new solution uses MIFARE DESFire® contactless chip technologies with cutting edge data security to provide comprehensive security to the GusrdPointPro ecosystem. It implements public encryption algorithms (TDES, AES, RSA, SHA, etc.), as recommended by most independent international security standards organizations, in addition to meeting most all government and military standards.
Badges are encoded through a STID USB Reader/encoder ‘ARC-AC1’connected to the GuardPointPro stations. The communication between GuardPointPro and the reader/encoder, and between the Sensor controllers and the access readers is performed using the STID SSCP protocol. The communication between the controller and the Mifare DESFire® badges is fully encrypted (and the reader is “transparent”). Therefore, if the Ethernet network is also encrypted (AES-128), the whole system answers the ANSSI-1 recommendation.
This feature allows users to encode and use Mifare DESFire® EV1 badges with STID serial readers. The STID reader is the link in the security chain that allows the system to be completely secured, from the smart card to the GuardPointPro application server.
This development includes the possibility to build many configurations of badges. A badge configuration defines the applications, the files and the keys used. Each configuration may include up to 2 applications and 3 files per application. Existing badges (already used for other applications by other customers) may also be encoded and used according to their specific format if the necessary information (i.e. the internal Applications and files structure, the Keys, etc.) is known.
This feature requires the ServiceCom module and works only with IC2001/4001 controllers having a specific firmware and a special TCP module that supports AES-128 encryption. The controller must include a ‘Kit Com2’ module for the connection with the STID RemoteSecure interface
Mitsubishi & Thyssen lifts
Sensor systems have integrated Mitsubishi and Thyssen lift controllers in order to send commands directly to the lift controller via the manufacturer protocol instead of activating relays on the Sensor controller and
sending the lift information via dry contacts.
- Both types, RS485 and TCP/IP Mitsubishi lift controllers, have been integrated. RS485 Mitsubishi lift controllers requires to connect the Sensor controller to a RS45 bus via its second communication port. The Sensor controller should be equipped with the Kit Com 2 and a specific firmware. On GuardPointPro, when creating a new Lift controller, a new “Mitsubishi lift support” option appears in the Controller screen. After creating the controller with this option selected, a new “Mitsubishi lift” tab appears in the Controller screen allowing to define for each reader, which door (front or rear) per floor to open (up to 64 floors). Then, the Lift programmes and the Lift authorization groups must be defined as before for defining the cardholders’ access rights. Thus, when a cardholder is granted access at a lift reader, the controller, instead of activating the relays, sends via its Port 2 the list of the floors message to the Mitsubishi controller as defined in the Mitsubishi protocol.
- E-LIP Mitsubishi interface controllers only accepts TCP/IP commands to dictate which floors are allowed by the cardholder. A new action type called “Send Mitsubishi Command to socket” has been added in GuardPointPro for this purpose allowing to select the Gate (reader), the lift IP address and the floors that should be allowed. The TCP/IP lift commands are sent to the E-LIP interface via Global reflexes upon granted accesses at one of the access control readers. Then, the E-LIP controller sends the required command to the Lift panel (Gates), enabling the authorized lift buttons for few seconds.
- The Thyssen Lift Controller System (LCS) communicates via a RS232 link. This requires to connect the Sensor controller via its RS485 second communication port through a RS485/RS232 interface. The Sensor controller should be equipped with the Kit Com 2 and a specific firmware. One controller may be installed at each floor to manage the readers of the floor. On GuardPointPro, when creating a new Lift controller, a new “Thyssen lift support” option appears in the Controller screen. After creating the controller with this option, new fields are displayed in the “Controller/Reader/Miscellaneous” screen allowing to select the Thyssen Destination Selection Control (DSC) terminal number to which the reader is attributed and the Shaft number. The Lift programmes and the Lift authorization groups must be defined as before for defining the cardholders’ access rights in the “Lift group” field of the “Cardholder/Personal” screen. Then, when a cardholder swipes his card and gets a granted access at a reader near a DSC-Terminal, the Sensor controller sends to the Thyssen LCS, via the TKAW protocol, a message containing the authorized floor(s) (according to the cardholder’s Lift group) and from which DSC-Terminal (front or rear) the card has been swiped.
Sensor controllers (with firmware dated from 2016) support now the ‘Magellan 1100i’ scanner interface and allow to read QR codes. This reader should use a “Keyboard Wedge” interface and must be connected to the Controller reader connector from its RJ10 connector. Up to 4 readers per controller may be connected. On GuardPointPro, the dongle must have the ‘QR’ module.
Multi frame View photo screen
A new 'Multi frame' tab in the ‘View/Display photo’ screen allows to display the picture and the details of the cardholders as they swipe their card at specified readers. The user may supervise many readers in parallel.
Two fields (‘X’ and ‘Y’) allow to choose the number of readers to supervise at the same time.
Right click on any tile pops up a menu allowing to select which reader to supervise. From this menu, other manual actions are available (Pause/Play, Previous/Next).
An icon in the upper left-hand corner of the tile indicates the Pause/Play mode.
It is possible to define the picture ratio Width/Height in the GuardPointPro.ini, using this setting: ‘ViewPhotoMultiFrameRatio’. This can be adjusted in 0.1 increments.
Cancelling & removing unused cards
Some controllers may be exceeding their card capacity with validated cardholders that are not in use anymore. A new automated solution allows to clean up those cardholders from the system. This solution has two steps: the first one automatically invalidates the cardholders that have not swiped for a specific number of days. After this step the corresponding card space is released from the controller memory. In addition, the status of their badge is automatically cancelled by the system. The second step automatically removes badges from their owner (i.e. they become ‘free’) if they have not been used for a specific number of days, no matter if these badges are valid or cancelled, and if the ‘Validated’ checkbox is checked or not.
The changes that are made by this feature can be viewed in the GuardPointPro reports.
Note that the first step (badge cancelation) is not necessary and may be skipped. In such case, the system will remove the cards but let the ‘Validated’ checkbox checked for the relevant cardholders.
To install this feature, use the following new GuardPointPro.ini entries on the main server only:
- ‘CheckUsedCardsTheFirstTime’ should be set only once before using the feature.
- ‘NumberOfDaysBeforeInvalid’ should be set with the number of days before card cancelation.
- ‘NumberOfDaysBeforeRemoveCard’ should be set with the number of days before card removal.
This feature works with SQL databases only.
GuardPointPro has integrated the SALTO wireless door lock system that uses the data-on-card technology, allowing any stand-alone electronic locks to read and update card access information. We have developed a way to sync the GuardPointPro cardholder database with the SALTO cardholder database in order to manage people from only one location (i.e. GuardPointPro ).
This integration works with SQL databases only.
Identytech biometric reader
In addition to the IDT Wallmount and IDT Gate biometric readers, we have integrated the IDT Onyx biometric reader that supports iClass Smart cards.
Viewing and printing T&A reports
Two new action types have been added for viewing and printing a T&A report (first pass/last pass) with an
ability to filter on the cardholders’ department and over a specific period (ex. from last X months or from last X days). An additional parameter allows to select a pre-defined template report (.rpx file) if not wanting to use the default one. In Multisite installations, another field is added to filter cardholders by site also.
The Time & Attendance screen has a now a Print button and two new fields for filtering cardholders by Department or by Company. In Multisite installations, another field is added to filter cardholders by site.
Update the GuardPointPro.ini file of all the stations from one place
On installations having a lot of workstations, it may take a lot of time to update some parameters in the GuardPointPro.ini file on each station. A new option allows to update the GuardPointPro.ini files of all the workstations quickly. Once the change has been made locally, restart GuardPointPro and open the ‘Option/General’ screen. Then, select the relevant INI option in the list and press "Apply to all WS" to update the GuardPointPro.ini files of all the workstations in one go.
Controlling the badge allocation
For a specific project, people already registered in the system may receive for some reasons another card temporarily (e.g. they have left their card at home, the card is lost, etc.). In such case, the GuardPointPro user creates a new profile for them as Visitors and gives them a temporary badge. But if they are already registered as invalidated cardholders, the system should prevent user from allocating a new card to them.
To do so, the new ‘VisitorBlockedIfHisCardholderNotValid’ GuardPointPro.ini entry has been introduced in this version. Once this option is set, every time a visitor is created with his ID number in the ‘Number’ field, GuardPointPro searches in its database for a non-deleted employee having the same ‘Number’. If no employee is found, the badge assignment is not blocked. If such employee is found, GuardPointPro checks his validity. If the existing cardholder is valid then a new card can be given to the visitor, but if the employee is not valid, then the operation is stopped, and a message is shown saying that it “is not allowed to save the visitor since the corresponding cardholder is NOT valid”.
This option works only if the INI option ‘CardholdersNumberUnique = 0’.
Customized card format
A new ‘Programmable’ format option in the ‘Reader/Badge Format’ screen allows to define the card code length and position and the site code length and position for Wiegand technology readers. This avoids to enter a specific script for customized card format.
A stronger password policy
Since GuardPointPro version 2.3, the 'PasswordMixNumber' INI option allows to force the minimum mixes of letters and digits for the Users' authentication password. For example, if PasswordMixNumber = 2,
GuardPointPro would require at least 2 letters and 2 digits.
For a specific project, we have added in this version the possibly to have a stronger password policy by using the new 'PasswordMix2' INI option. With this option, GuardPointPro classifies users into 2 types: Normal users and Administrators (i.e. Users having the ‘Super user’ option checked). Normal users’ passwords must be at least 10 characters long and Administrators must have a minimum password length of 16 characters. In addition, every password must contain at least 3 of the following statements:
- one lowercase letter at least
- one uppercase letter at least
- one number at least
- one special symbol at least
The new following report templates have been added in the Report Wizard, under the "Other Reports" section:
- ‘DoorStatus’, which lists all the readers with their current communication status (Communication OK/Polling error) and since when.
- ‘InactiveCard’, which allows to know who has not swiped from X days. Indeed, this report gives the cardholders' list with their card code and the number of days that have elapsed from their last swipe. Thus, it is possible to filter on the number of passed days easily.
- ‘RollCall’, which allows to know where the cardholders are located in the site. This report lists all the cardholders with their employee number, in which Area they are, since when and the reader name of the last swipe.
- ‘RollCallCount’, which gives the total number of people per Area.
A new INI option, ‘ReportsConnectionString’, allows to generate reports from another database
Search option for deleted visitors
Until now, when searching for an existing visitor by any of his fields from the Visitors’ screen, all deleted visitors were not in the search result, if the “Show deleted” option was left unchecked. The new ‘CardholderSearchInDeletedAlways’ INI option allows to display also deleted visitors in a search result, even if the “Show deleted” option is unchecked.
- It is possible to add or delete several cards (one card by technology) of existing cardholders by import. For example, to add a car plate (LPR card) to a cardholder having a Wiegand card already, just import the LPR code with the Technology ‘9’. Thus, the car plate is added to the relevant cardholder who has 2 cards after the import. Also, if wanting to delete the LPR card only, just import an empty LPR code with the Technology ‘9’.
- A new INI option, ‘ImportAgAnyTimeIfMissingAg’, allows to allocate automatically the
'Anytime Anywhere' Access Group to cardholders, when the 'Access Group' field is left empty in the HR file and when there is no 'Access Group' field in the HR file as well.
- The ‘DepartmentAG’ INI option allows to automatically set default Access groups according to the
selected Department upon creating a new cardholder. When using this option, it is now possible with the INI option ‘ImportAGByDepartment’ to import new cardholders with the default Access groups according to their defined Department.
- A log has been added every time a cardholder is added/changed in DB API/XML API via the command “ImportOneCardHolderXML”. The log is located in the application folder with the name: '
- Because Graphic + version depends on the GuardPointPro version, the last version setup file of the Graphic + module is available in the application folder with the name ‘GraphicPlusSetup.exe’.
- From the Position screen, the same component (Reader, Input. etc.) may be attached to multiple sym bols, with the limit of one symbol per map.
- On multisite installations, Users may now place on a same map, symbols from different sites.
- A new INI option for multisite installations, called ‘showActiveAlarmsByUserAuth’, allows the user to view the symbols of all sites managed by him instead of those managed by the PC.
- If a controller has lost the communication with the server, the Active alarms screen shows the last I/O status recorded for this controller.
- The Graphic + module supports a secondary database.
- The last version of the Galaxy service is now available in the folder ‘\Galaxy1\newGalaxyService’. To up date the service, just execute the "Run_InstallGalaxyService.bat" file.
- From the Galaxy service version 1.0.10, when executing an Omit/Unomit operation from the Galaxy keypad, the relevant information is received in the Event log of GuardPointPro as a User comment.
In addition, the arming status of the relevant symbol on map is updated accordingly.
- When using a secondary database, a new INI option, ‘restartOnRedundantDBSwitch’, allows to restart automatically GuardPointPro before every database change.
- A new INI option, ‘DbsFolderBackup’, allows the Workstation to find the application folder of the
Redundant server when starting after the swap.
- New options are available in the Redundancychecker.ini file:
o ‘AlwaysOn’ to leave the RedundancyChecker running after GuardPointPro has been launched
o ‘CentralizedSpread’ to support the Spread Centralized mode
o ‘BatchStopName’ to execute a batch file when the RedundancyChecker closes GuardPointPro
- ‘BatchStartName’ to execute a batch file when the RedundancyChecker runs GuardPointPro
- The ‘LogCleaner’ and the ‘EVCleaner’ tools are installed in the application folder.
- Two new INI options allow to launch a batch file when GuardPointPro is started (after login ok) and closed. I.e. ‘BatchRunOnStop = StopService.bat’ and ‘BatchRunOnStart = StartService.bat’. The batch files must be in the GuardPointPro folder and their name should not have any space character.
- A new INI option, ‘ShowMismatchControllerMsg’, allows to enable/disable the popup message about mismatch controller information.
- A new INI option allows to automatically open a screen on GuardPointPro startup, i.e. ‘
ScreenNameOnStart = ID_ViewPhoto’.
- A new INI option, ‘PhotoFolder’, allows to use a different folder for the cardholder picture files.
- Cardholder pictures supports now ‘.png’ picture formats in addition to ‘.jpg’ and ‘.bmp’.
- A new check box in the Access Group screen allows the user to sort the readers by controller.
- A new Authorization Level allows to restrict the ‘Reset all’ button located in the Cardholder/Location screen.
- For conflicts reason, a same input can no longer belong to more than one input group. Once an input is assigned to one input group, it becomes unavailable for the other groups except if the input was already assigned to more than one input group from older version.
- The Help/About screen displays the remaining quantity of cardholders allowed by the dongle.
For example, '2000 CH left' means that up to 2000 cardholders can be created.
- In the Diagnostic screen, when clicking on ‘Cardholders in memory’, a new ‘Cards in DB’ menu allows to display the cardholders' list that should be in the Controller memory.
- In the Communication Engine screen, the user may specify a different folder for the polling files.
- In the DVR screen, the user may configure the Authentication mode and a new button allows to create the cameras in the Camera screen automatically if they do not exist already.
- A new option in the T&A+ screen allows to filter on the Transaction codes.
During the GuardPointPro installation/update setup, an error was always appeared when registering the 32-bit type library: ‘C:\Windows\system32\STDOLE2.TLB’. This error did not occur if setting the ‘Setup.exe’ file on ‘Windows XP (SP3)’ Compatibility. Now, GuardPointPro ignores this error since the ‘STDOLE2.TLB’ component is already registered on Windows by default.
Badge Printing issue
The cardholders’ picture was missing in the Badge printing layout after customizing. When opening the Badge printing layout and do not change the photo position or size, all worked fine. But when changing the picture position or size, then the photo was not viewable anymore. Now this issue has been solved.
Black border on the captured image
When using a Webcam to capture a cardholder’s photo, there was a black border that appears across the top and left-hand sides of the image. Now this issue has been solved.