SYSVOLshare. All domain users have read access to it. This means all domain users can read the encrypted password set in Group Policy Preferences, and since Microsoft published the encryption key around 2012, the password can be decrypted
smb_enum_gppmodule), however it requires mounting the
SYSVOLshare, which can't be done through a docker environment unless it's run with privileged rights.
cpasswordstring in xml files and by then manually decrypting the matches.