Event Log ID 5145 - Detailed File Sharing

we have auditing turned on our server on 1 file in order determine computers accessing file.  have few computers accessing file (not workstations) though have no reason programmatically access files.  how  can determine why these workstations accessing file , disable it.  below sample:

-

system

- provider [ name] microsoft-windows-security-auditing [ guid] {54849625-5478-4994-a5ba-3e3b0328c30d}

eventid 5145

version 0

level 0

task 12811

opcode 0

keywords 0x8020000000000000

- timecreated [ systemtime] 2012-10-17t16:13:09.381066300z

eventrecordid 1038283

correlation

- execution [ processid] 444 [ threadid] 460

channel security

computer sbistream.sheridanbooks.com

security

-

eventdata

subjectusersid

s-1-5-21-1993962763-1708537768-839522115-1357

subjectusername

eblissic

subjectdomainname

sbi

subjectlogonid

0x15329a4

objecttype

file

ipaddress

10.2.40.59

ipport

64853

sharename

\\*\stream

sharelocalpath

\??\e:\stream

relativetargetname

$extend\$quota:$q:$index_allocation

accessmask

0x12019f

accesslist

%%1538 %%1541 %%4416 %%4417 %%4418 %%4419 %%4420 %%4423 %%4424

accessreason

%%1538: %%1801 d:(a;;fa;;;wd) %%1541: %%1801 d:(a;;fa;;;wd) %%4416: %%1801 d:(a;;fa;;;wd) %%4417: %%1801 d:(a;;fa;;;wd) %%4418: %%1801 d:(a;;fa;;;wd) %%4419: %%1801 d:(a;;fa;;;wd) %%4420: %%1801 d:(a;;fa;;;wd) %%4423: %%1801 d:(a;;fa;;;wd) %%4424: %%1801 d:(a;;fa;;;wd)

this on client (workstation) side. use process monitor reveal problem causing process.

rgds

milos

Windows Server  >  Windows Server General Forum