AD Bridge 26.1.0 Machine Account Password Encryption
To improve credential protection, as of ADBridge 26.1, machine account passwords are encrypted by default when stored in the machine-level secrets stored (registry) on Linux systems. This reduces exposure in the event of system compromise and better aligns with common security control requirements for authenticator protection.
The registry setting on the Linux system added by Active Directory Bridge controls the machine account password encryption behavior:
HKEY_THIS_MACHINE\Services\lsass\Parameters\Providers\ActiveDirectory\PstoreCompatLevel
PstoreCompatLevel settings:
-
1 - The machine account password is encrypted when stored
-
0 - The machine account password is not encrypted when stored
When upgrading from a previous AD Bridge release to 26.1, the plaintext machine password will be encrypted the next time it rotates. Existing binaries that use the machine password are unaffected and will continue to work.
To disable the setting, run the following command:
sudo /opt/pbis/bin/regshell set_value "[HKEY_THIS_MACHINE\Services\lsass\Parameters\Providers\ActiveDirectory]" PstoreCompatLevel 0
To list the value, run the following command:
sudo /opt/pbis/bin/regshell list_values HKEY_THIS_MACHINE\\Services\\lsass\\Parameters\\Providers\\ActiveDirectory | grep PstoreCompatLevel
Continue reading HERE
Customer Case Study
ivision: How ivision Simplifies and Scales Identity Security with BeyondTrust
Latest Available Versions
AD Bridge 25.2 – December 2025
BeeKeepers Community
Click here for the most popular articles In our Beekeepers Community
Upcoming and In Case You Missed It Webinars
Upcoming: Endpoint Privilege Management Unix & Linux and Active Directory Bridge – May 5 2026
2026 February Product Road Map: Endpoint Privilege Management Unix & Linux and Active Directory Bridge
Tech Talk Tuesday: Securing "AI Coworkers" on the Endpoint
Webinar: AI: Is there a Single Source of Truth Anymore?
