Event ID 5145 – A Network Share Object Was Checked To See Whether Client Can Be Granted Desired Access
Event ID | 5145 |
Category | Object Access: Detailed File Share |
Type | Success Audit |
Every time a network share object (file or folder) is accessed, event 5145 is logged. If the access is denied at the file share level, it is audited as a failure event. Otherwise, it considered a success. No event is generated if access was denied on the NTFS level.
This event log contains the following information:
- Security ID
- Account Name
- Account Domain
- Logon ID
- Object Type
- Source Address
- Source Port
- Share Name
- Share Path
- Relative Target Name
- Access Mask
- Accesses
Why does event ID 5145 need to be monitored?
- To ensure the Source Address is from our internal IP range
- To ensure certain computers do not connect with certain others
- To monitor if critical files or folders are shared by accident, and to monitor the access attempts to such files
- To ensure only allowed accounts are attempting access to certain files
- To monitor the Access Request Information for WriteData, AppendData, AddFile, WriteEA, DeleteChild, WriteAttributes, DELETE, WRITE_DAC, WRITE_OWNER access attempts
Pro Tip:
ADAudit Plus helps audit all Windows File Server and file share events, thus helping you meet your security, operational, and compliance needs with absolute ease.
Event 5145 applies to the following operating systems:
- Windows 2008 R2 and 7
- Windows 2012 R2 and 8.1
- Windows 2016 and 10
Explore Active Directory auditing and reporting with ADAudit Plus.
- Related Products
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Real-time Active Directory Auditing and UBA
- EventLog Analyzer Real-time Log Analysis & Reporting
- ADSelfService Plus Self-Service Password Management
- AD360 Integrated Identity & Access Management
- Log360 (On-Premise | Cloud) Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools