Windows Security Log Event ID 5145

Operating Systems Windows 2008 R2 and 7
Windows 2012 R2 and 8.1
Windows 2016 and 10
Category
 • Subcategory
Object Access
 • Detailed File Share
Type Success
Failure
Corresponding events
in Windows 2003
and before
 
Discussions on Event ID 5145
Audit File And Folders - Rename

5145: A network share object was checked to see whether client can be granted desired access

On this page

A network share object was checked to see whether client can be granted desired access

This is the only event under the "Detailed File Share" Subcategory which is new to Windows 2008 Release 2 and Windows 7. It does not appear in earlier versions of Windows.

This event logs every access to the file share and indicates the reason it was allowed or not allowed, based on the access check results.

Some Microsoft documentation puts this in the "File Share" Subcategory. However, we have yet to see it appear under that.

Free Security Log Resources by Randy

Description Fields in 5145

Subject:
 Security ID:  %1
 Account Name:  %2
 Account Domain:  %3
 Logon ID:  %4

Network Information: 
 Object Type:  %5
 Source Address:  %6
 Source Port:  %7
 
Share Information:
 Share Name:  %8
 Share Path:  %9
 Relative Target Name: %10

Access Request Information:
 Access Mask:  %11
 Accesses:  %12
Access Check Results:
 %13

Setup PowerShell Audit Log Forwarding in 4 Minutes

 

Examples of 5145

A network share object was checked to see whether client can be granted desired access.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-KOSWZXC03L0$
 Account Domain:  W8R2
 Logon ID:  0x86d584

Network Information: 
 Object Type:  File
 Source Address:  fe80::507a:5bf7:2a72:c046
 Source Port:  55490
 
Share Information:
 Share Name:  \\*\SYSVOL
 Share Path:  \??\C:\Windows\SYSVOL\sysvol
 Relative Target Name: w8r2.com\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\Machine\Microsoft\Windows NT\Audit\audit.csv

Access Request Information:
 Access Mask:  0x120089
 Accesses:  READ_CONTROL
    SYNCHRONIZE
    ReadData (or ListDirectory)
    ReadEA
    ReadAttributes
    
Access Check Results:
 READ_CONTROL: Granted by Ownership
    SYNCHRONIZE: Granted by D:(A;;0x1200a9;;;WD)
    ReadData (or ListDirectory): Granted by D:(A;;0x1200a9;;;WD)
    ReadEA: Granted by D:(A;;0x1200a9;;;WD)
    ReadAttributes: Granted by D:(A;;0x1200a9;;;WD)
    

 

Keep me up-to-date on the Windows Security Log.
Email*:
*We will NOT share this

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection



 

Additional Resources