V-271327
Microsoft SQL Server 2022 Instance Security Technical Implementation Guide
Title
SQL Server must prevent unauthorized and unintended information transfer via Instant File Initialization (IFI).
Description
<VulnDiscussion>The purpose of this control is to prevent information, including encrypted representations of information, produced by the actions of a prior user/role (or the actions of a process acting on behalf of a prior user/role) from being available to any current user/role (or current process) that obtains access to a shared system resource (e.g., registers, main memory, secondary storage) after the resource has been released back to the information system. Control of information in shar...
Fix Text (Documentation Requirement)
If IFI is not documented as being required, disable instant file initialization for the instance of SQL Server by removing the SQL Service SID and/or service account from the "Perform volume maintenance tasks" local rights assignment. To grant an account the "Perform volume maintenance tasks" permission: 1. On the computer where the data file will be created, open the Local Security Policy application (secpol.msc). 2. In the left pane, expand "Local Policies" then select "User Rights Assignment". 3. In the right pane, double-click "Perform volume maintenance tasks". 4. Select "Add User or Group" and add the SQL Server service account. 5. Select "Apply", then close all Local Security Policy dialog boxes. 6. Restart the SQL Server service. 7. Check the SQL Server error log at startup.