This script generates a groups.xml file that mimics a real GPP to create a new user on domain-joined computers.
Blue teams can use this file as a honeyfile. By monitoring for access to the file, Blue Teams can detect pen testers or malicious actors scanning for GPP files containing usernames and cpasswords for lateral movment.
Blue Teams can also monitor for use of the credentials as honeycreds.
Invoke-GPPDeception -Plaintext plaintextpassword -UserName honeycredaccount