Database Reference
In-Depth Information
■
There is a small security risk associated with Instant File Initialization. When this option is enabled, an
unallocated part of the data file can contain information from previously deleted oS files. Database administrators are
able to examine such data.
Note
You can enable Instant File Initialization by adding an
SA_MANAGE_VOLUME_NAME
permission, also known as
Perform Volume Maintenance Task
, to the SQL Server startup account. This can be done under the Local Security
Policy management application (
secpol.msc
), as shown in Figure
1-3
. You need to open the properties for the
“Perform volume maintenance task” permission, and add a SQL Server startup account to the list of users there.
Figure 1-3.
Enabling Instant File Initialization in secpol.msc
■
SQL Server checks to see if Instant File Initialization is enabled on startup. You need to restart SQL Server service
after you give the corresponding permission to the SQL Server startup account.
Tip
In order to check if Instant File Initialization is enabled, you can use the code shown in Listing 1-3. This code sets
two trace flags that force SQL Server to put additional information into the error log, creates a small database, and
reads the content of the error log file.
Listing 1-3.
Checking to see if Instant File Initialization is enabled
dbcc traceon(3004,3605,-1)
go
create database Dummy
go
exec sp_readerrorlog
go
