Event ID 5145

A network share object was checked to see whether client can be granted desired access.

A network share object was checked to see whether client can be granted desired access.

Subject:
    Security ID:        %1
    Account Name:       %2
    Account Domain:     %3
    Logon ID:       %4

Network Information:    
    Object Type:        %5
    Source Address:     %6
    Source Port:        %7

Share Information:
    Share Name:     %8
    Share Path:     %9
    Relative Target Name:   %10

Access Request Information:
    Access Mask:        %11
    Accesses:       %12
Access Check Results:
    %13

Enabling auditing on this subcategory will apply to all files, on all network shares, on all hosts to which this setting gets applied.

Volume: Medium High Very High

Volume is potentially very high on busy servers and domain controllers.

Microsoft Documentation

Event ID - 5145

Lookup Audit Policy Configuration Settings


  C:\> AuditPol.exe /get  /subcategory:"Detailed File Share"

How to enable Windows Auditing

Recommended Audit Policy

Operating Systems:

Windows 2008 R2 Windows 7 Windows 2012 Windows 2012 R2 Windows 8 Windows 8.1 Windows 10 Windows 2016 Windows 2019 Windows 11 Windows 2022

Tags:

Audit Success Audit Failure

Audit Category:

Object Access

Audit Subcategory:

Detailed File Share

LEFT/RIGHT arrow keys for navigation

Back to List