I have the following powershell that works perfectly when run manually as my Domain Admin account.
All of the commands run correctly when launched manually as (nt authority\system),
The line that does not ever run is the important one - "enable-bitlocker -mountpoint c: ..."
Can anyone help shed any light on why this runs manually, but not as a Startup script.
I can confirm that the startup script does run as the log file is updated with the text that can only be added when the (if) conditions are evaluated as true
#**********************************************************
'Encryption Script' | Out-File -FilePath c:\intel\Encrypt.log -Append
$EncStatus=(get-bitlockervolume -MountPoint c:).VolumeStatus
$KPExist=(get-bitlockervolume -MountPoint c:).KeyProtector
$now=Get-Date
if ($EncStatus -eq "FullyDecrypted")
{
if (!($KPExist -eq 'RecoveryPassword'))
{
$now | Out-File -FilePath c:\intel\Encrypt.log -Append
'Creating recovery key' | Out-File -FilePath c:\intel\Encrypt.log -Append
add-BitlockerKeyProtector -mountpoint c: -RecoveryPasswordProtector | Out-File -FilePath c:\intel\Encrypt.log -Append
start-sleep -seconds 20
}
$now | Out-File -FilePath c:\intel\Encrypt.log -Append
'Turning on Bitlocker' | Out-File -FilePath c:\intel\Encrypt.log -Append
Enable-BitLocker -MountPoint c: -UsedSpaceOnly -SkipHardwareTest -RecoveryPasswordProtector -EncryptionMethod AES256 | Out-File -FilePath c:\intel\Encrypt.log -Append
}
#**********************************************************
Thanks in advance,