Object Access Event: 5140

Active Directory Auditing Tool

The Who, Where and When information is very important for an administrator to have complete knowledge of all activities that occur on their Active Directory. This helps them identify any desired / undesired activity happening. ADAudit Plus assists an administrator with this information in the form of reports. In real-time, ensure critical resources in the network like the Domain Controllers are audited, monitored and reported with the entire information on AD objects - Users, Groups, GPO, Computer, OU, DNS, AD Schema and Configuration changes with 200+ detailed event specific GUI reports and email alerts.

Object Access » Object Access Event: 5140

Event ID 5140 – A Network Share Object Was Accessed

Event ID 5140
Category Object Access: File Share
Type Success Audit; Failure Audit

Whenever a network share object is accessed, event ID 5140 is logged. The access is logged only the first time the attempt is made, i.e., it is logged only once per session.

This event log contains the following information:

  • Security ID
  • Account Name
  • Logon ID
  • Object Type
  • Source Address
  • Source Port
  • Share Name
  • Share Path
  • Access Mask
  • Accesses

Why does event ID 5140 need to be monitored?

  • To monitor all the accesses and shares of high value computers
  • To check if the access is from our internal IP range
  • To ensure certain computers do not connect with other specific computers
  • To monitor access attempts from a specific IP address
  • To monitor specific access types, like "WriteData"

Pro Tip:

ADAudit Plus helps audit all Windows File Server and file share events, thus helping you meet your security, operational, and compliance needs with absolute ease.

Event 5140 applies to the following operating systems:

  • Windows 2008 R2 and 7
  • Windows 2012 R2 and 8.1
  • Windows 2016 and 10