What is the SYSVOL shared folder, and why does it pose a security risk for domain passwords?

SYSVOL is a default domain shared folder (\\<domain>\SYSVOL\<domain>) accessible by all authenticated domain users. It stores Group Policy data, including configuration files like Groups.xml. When administrators batch-change local administrator passwords via Group Policy Preferences, the encrypted password (cpassword) is stored in these XML files within SYSVOL, exposing it to any domain user who can read the share. For a full walkthrough, see Domain Penetration - Recovering Passwords Stored in Group Policy via SYSVOL.