Windows Security Log Event ID 5145
Operating Systems |
Windows 2008 R2 and 7
Windows 2012 R2 and 8.1
Windows 2016 and 10
Windows Server 2019 and 2022
|
Category • Subcategory | Object Access • Detailed File Share |
Type
|
Success
Failure
|
Corresponding events
in Windows
2003 and before |
|
5145: A network share object was checked to see whether client can be granted desired access
On this page
A network share object was checked to see whether client can be granted desired access
This is the only event under the "Detailed File Share" Subcategory which is new to Windows 2008 Release 2 and Windows 7. It does not appear in earlier versions of Windows.
This event logs every access to the file share and indicates the reason it was allowed or not allowed, based on the access check results.
Some Microsoft documentation puts this in the "File Share" Subcategory. However, we have yet to see it appear under that.
Free Security Log Resources by Randy
Subject:
Security ID: %1
Account Name: %2
Account Domain: %3
Logon ID: %4
Network Information:
Object Type: %5
Source Address: %6
Source Port: %7
Share Information:
Share Name: %8
Share Path: %9
Relative Target Name: %10
Access Request Information:
Access Mask: %11
Accesses: %12
Access Check Results:
%13
Supercharger Free Edition
Supercharger's built-in Xpath filters leave the noise behind.
Free.
A network share object was checked to see whether client can be granted desired access.
Subject:
Security ID: SYSTEM
Account Name: WIN-KOSWZXC03L0$
Account Domain: W8R2
Logon ID: 0x86d584
Network Information:
Object Type: File
Source Address: fe80::507a:5bf7:2a72:c046
Source Port: 55490
Share Information:
Share Name: \\*\SYSVOL
Share Path: \??\C:\Windows\SYSVOL\sysvol
Relative Target Name: w8r2.com\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\Machine\Microsoft\Windows NT\Audit\audit.csv
Access Request Information:
Access Mask: 0x120089
Accesses: READ_CONTROL
SYNCHRONIZE
ReadData (or ListDirectory)
ReadEA
ReadAttributes
Access Check Results:
READ_CONTROL: Granted by Ownership
SYNCHRONIZE: Granted by D:(A;;0x1200a9;;;WD)
ReadData (or ListDirectory): Granted by D:(A;;0x1200a9;;;WD)
ReadEA: Granted by D:(A;;0x1200a9;;;WD)
ReadAttributes: Granted by D:(A;;0x1200a9;;;WD)
Top 10 Windows Security Events to Monitor
Free Tool for Windows Event Collection