Windows Security Log Event ID 5145

Operating Systems Windows 2008 R2 and 7
Windows 2012 R2 and 8.1
Windows 2016 and 10
Windows Server 2019 and 2022
Category
 • Subcategory
Object Access
 • Detailed File Share
Type Success
Failure
Corresponding events
in Windows 2003
and before
 

5145: A network share object was checked to see whether client can be granted desired access

On this page

A network share object was checked to see whether client can be granted desired access

This is the only event under the "Detailed File Share" Subcategory which is new to Windows 2008 Release 2 and Windows 7. It does not appear in earlier versions of Windows.

This event logs every access to the file share and indicates the reason it was allowed or not allowed, based on the access check results.

Some Microsoft documentation puts this in the "File Share" Subcategory. However, we have yet to see it appear under that.

Free Security Log Resources by Randy

Description Fields in 5145

Subject:
 Security ID:  %1
 Account Name:  %2
 Account Domain:  %3
 Logon ID:  %4

Network Information: 
 Object Type:  %5
 Source Address:  %6
 Source Port:  %7
 
Share Information:
 Share Name:  %8
 Share Path:  %9
 Relative Target Name: %10

Access Request Information:
 Access Mask:  %11
 Accesses:  %12
Access Check Results:
 %13

Supercharger Free Edition


Supercharger's built-in Xpath filters leave the noise behind.

Free.

 

Examples of 5145

A network share object was checked to see whether client can be granted desired access.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-KOSWZXC03L0$
 Account Domain:  W8R2
 Logon ID:  0x86d584

Network Information: 
 Object Type:  File
 Source Address:  fe80::507a:5bf7:2a72:c046
 Source Port:  55490
 
Share Information:
 Share Name:  \\*\SYSVOL
 Share Path:  \??\C:\Windows\SYSVOL\sysvol
 Relative Target Name: w8r2.com\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\Machine\Microsoft\Windows NT\Audit\audit.csv

Access Request Information:
 Access Mask:  0x120089
 Accesses:  READ_CONTROL
    SYNCHRONIZE
    ReadData (or ListDirectory)
    ReadEA
    ReadAttributes
    
Access Check Results:
 READ_CONTROL: Granted by Ownership
    SYNCHRONIZE: Granted by D:(A;;0x1200a9;;;WD)
    ReadData (or ListDirectory): Granted by D:(A;;0x1200a9;;;WD)
    ReadEA: Granted by D:(A;;0x1200a9;;;WD)
    ReadAttributes: Granted by D:(A;;0x1200a9;;;WD)
    

 

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection



 

Upcoming Webinars
    Additional Resources