Object Access Event: 5145

Active Directory Auditing Tool

The Who, Where and When information is very important for an administrator to have complete knowledge of all activities that occur on their Active Directory. This helps them identify any desired / undesired activity happening. ADAudit Plus assists an administrator with this information in the form of reports. In real-time, ensure critical resources in the network like the Domain Controllers are audited, monitored and reported with the entire information on AD objects - Users, Groups, GPO, Computer, OU, DNS, AD Schema and Configuration changes with 200+ detailed event specific GUI reports and email alerts.

Object Access » Object Access Event: 5145

Event ID 5145 – A Network Share Object Was Checked To See Whether Client Can Be Granted Desired Access

Event ID 5145
Category Object Access: Detailed File Share
Type Success Audit

Every time a network share object (file or folder) is accessed, event 5145 is logged. If the access is denied at the file share level, it is audited as a failure event. Otherwise, it considered a success. No event is generated if access was denied on the NTFS level.

This event log contains the following information:

  • Security ID
  • Account Name
  • Account Domain
  • Logon ID
  • Object Type
  • Source Address
  • Source Port
  • Share Name
  • Share Path
  • Relative Target Name
  • Access Mask
  • Accesses

Why does event ID 5145 need to be monitored?

  • To ensure the Source Address is from our internal IP range
  • To ensure certain computers do not connect with certain others
  • To monitor if critical files or folders are shared by accident, and to monitor the access attempts to such files
  • To ensure only allowed accounts are attempting access to certain files
  • To monitor the Access Request Information for WriteData, AppendData, AddFile, WriteEA, DeleteChild, WriteAttributes, DELETE, WRITE_DAC, WRITE_OWNER access attempts

Pro Tip:

ADAudit Plus helps audit all Windows File Server and file share events, thus helping you meet your security, operational, and compliance needs with absolute ease.

Event 5145 applies to the following operating systems:

  • Windows 2008 R2 and 7
  • Windows 2012 R2 and 8.1
  • Windows 2016 and 10

Explore Active Directory auditing and reporting with ADAudit Plus.

  •  
  •  
  •  
  • By clicking 'Schedule a personalized demo' you agree to processing of personal data according to the Privacy Policy.
Account Management Auditing
Active Directory Auditing
Windows Server Auditing