Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA ™ Asset Strategy Optimization

TABLE OF CONTENTS

Security requirements

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedOct 16, 2025
  • 2 minute read

This section outlines the security requirements recommended when using AVEVA Asset Stratrgy Optimization.

  • For using network shares, we recommend that Windows SMB security or equivalent is enabled on the file server or on the specific file shares. For more information on enabling SMB security, see the topic "SMB security enhancements" in the Microsoft documentation.

  • The Windows event log files must only have the admin privileges. We recommend setting a Windows audit policy on files or folders. For more information, see the topic "Apply a basic audit policy on a file or folder" in the Microsoft documentation.

  • Configuring Identity Manager: For increased security, we recommend the following configuration for Identity Manager:

    • Limit the number of unsuccessful login attempts by a user, after which the User ID will be locked.

    • Keep a User ID locked after the set number of unsuccessful login attempts, until an administrator unlocks it, or it is auto-unlocked after an amount of time you have configured.

    • Enable logging information for all user login scenarios for auditing purposes.

  • Sharing the Configurator Dump File

    Important: The Configurator memory dump file (.dmp) may contain sensitive information, such as database and user details. Therefore, we strongly recommend you to sanitize this file thoroughly before sharing.

  • Using TLS 1.2

    Important: For enhanced security, we highly recommend that you use TLS 1.2. This setting is more secure and must not be changed. If you are required to use a different setting, make sure that other risk-mitigation controls are implemented before making any changes.

  • Secure the IIS settings to avoid IIS short name enumeration (Path Equivalence: Windows 8.3 Filename) by performing the following steps:

    1. Open the registry editor.

    2. Navigate to the registry at the following location:

      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem

    3. Select and right-click NtfsDisable8dot3NameCreation, and then select Modify.

    4. In the Value data box, type 1, and then select OK.

    5. Disable the "Server" header in the Windows registry by performing the following steps:

      1. In the registry, navigate to the following location:

        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters

      2. Create a new value for DWORD (32-bit) as DisableServerHeader.

      3. Set the value of DisableServerHeader to 2.

      4. Stop and restart the HTTP service using net stop HTTP and net start HTTP in an command prompt or restart the system.

        For more information about "Server" header, see the topic "Http.sys registry settings for Windows" in the Microsoft documentation.

  • About IIS Server Configuration: To avoid IIS server sensitive information leakage, we recommend removing the 'X-Powered-By' header from the HTTP response. The following are the steps to remove header from the HTTP response:

    1. Open the IIS Manager and connect to the local server

    2. Select the IIS server Node.

    3. Double-click HTTP Response Headers.

      The HTTP Response Headers window appears.

    4. Select the header X-Powered-By.

    5. From the Actions pane, select Remove.

      A dialog appears, asking you to confirm the changes.

    6. Select Yes.

      The 'X-Powered-By' header is removed from the HTTP response.

  • Antivirus and Security patch updates: Please make sure that the nodes installed with Asset Strategy Optimization are updated with latest available security patches for OS, .Net framework’s and antivirus.

TitleResults for “How to create a CRG?”Also Available in