On a recently built Windows 2008 R2 File Server, it was noticed that in the security log there were over 10000+ per second event 5145s for category 'Detailed File Share.'
Investigation into this pointed to an 'Advanced Audit Policy Configuration' item that is only available with Windows 2008 R2 and Windows 7; which is the subcategory item 'Audit Detailed File Share', and interestingly this was not configured.
It appears that if you have a domain or local policy that enables the normal 'Local Policies' → 'Audit Policy' for 'Audit object access' with Success and/or Failure
it causes the 'Audit Detailed File Share' to be configured unless you explicitly configure it with Success and/or Failure unticked.
After configuring the Local Security Policy on the file server with Success unticked (see below,) the number of security audit events recorded was drastically cut down, noticably reducing the CPU processing load.
Note: There is no granularity to this setting; it is either enabled or not across all the shares on the server.