8

Are any applications (off the shelf, or internal) leveraging Active Directory's Confidential Attributes?

Would you store sensitive information here such as a private key, or a salt here?

I'm planning a demonstration of this feature, but would like to cite as many real world usages, or implementations as possible.

Community
  • 1
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
  • I'm curious as well... most people don't even know about this attribute. Do you have a particular application for this, or are you just wanting to give a cool demo? – Steve Oct 17 '11 at 21:20
  • @SteveS The linked question references an application I'm independently building for sale. People want to know where the seed is stored/calculated so I want to show that other applications use this as well and also that I'm not being "creative" with security – makerofthings7 Oct 17 '11 at 21:25

1 Answers1

2

I see that Stanford is using it as part of their bitlocker system recovery process Stanford link

For computers that are part of the Stanford Windows Infrastructure, a copy of the recovery password is stored with the computer object as a confidential attribute. By default, only Domain Administrators can see confidential attributes, no matter what access is granted by standard ACLs.

Looks like a great feature to leverage for Role Based Access Control but I don't have any examples at hand.

zedman9991
  • 3,377
  • 15
  • 22