Stealthbits’ products provide a multitude of ways to mitigate Plaintext Policy Extraction.
The best protection from Group Policy Preference abuse is to remove any passwords from GPPs.
Identify & Remove GPP Passwords
Report on any group policy preferences which leverage cPassword fields that contain password data which can be decrypted. Remove the dependency on these and migrate to a more secure way to accomplish the task of that GPP setting.