Computer

  • Updated

This article applies to BHCE and BHE

Node properties

The node supports the properties of the table below.

Properties which are blank/null will not be shown in the Entity Panel.

Entity Panel name Description
Tier Zero / High Value BloodHound Enterprise: Whether the object is part of Tier Zero of the Microsoft's Active Directory Tier Model, or the Control Plane of Microsoft's Enterprise Access Model.

BloodHound CE: Whether the object is currently marked as High Value. By default any object that belongs to Tier Zero is marked as High Value.
Display Name The display name for the object.
Object ID The object's security identifier (SID), a unique identifier in the directory.
ACL Inheritance Denied Identifies whether an object is allowing ACL inheritance to itself.
Allows Unconstrained Delegation Whether the object is allowed to perform unconstrained kerberos delegation. See more info about that here: https://blog.harmj0y.net/redteaming/another-word-on-delegation/
Created The time when the object was created in the directory.
Description The contents of the description field for the object.
Enabled Whether the computer object is enabled.
LAPS Enabled Whether LAPS is running on the computer. This is determined by checking whether the associated MS LAPS properties are populated on the computer object.
Last Logon The last time the domain controller you got this data from handled a logon request for the object. Attribute 'lastlogon'.
Last Logon (Replicated) The last time any domain controller handled a logon for this object,

the value is, by default, only updated if the latest logon is greater than or equal to 14 days than the previous value. Attribute 'lastlogontimestamp'.

Operating System The operating system running on the computer, according to the corresponding property on the object in the directory.
Owned BloodHound Enterprise: Not applicable.

BloodHound CE: Whether the object is marked as Owned, used to mark that the object has been compromised.
Password Last Set The human-readable date for when the user’s password last changed. This is stored internally in Unix epoch format