GPO Startup powershell脚本未执行

Question

我有一个powershell脚本，我试图通过GPO使用PowerShell脚本的新选项卡在计算机启动时运行，该选项卡可以在组策略编辑器中找到。

无论如何，它似乎根本没有运行，我怀疑问题可能是由于某些原因，脚本本身使用一些var或调用NT Authority \ System模拟下无法使用的东西。 / p>

是否需要编辑以下脚本中的某些内容才能通过GPO实际用作启动脚本？

$sysdrivelocker = Get-BitLockerVolume -MountPoint $env:SystemDrive

#If the drive is encrypted and ready, exit script and do nothing.
if(($sysdrivelocker.VolumeStatus -eq "FullyEncrypted") -or ($sysdrivelocker -eq "EncryptionInProgress")){
    exit
}
#If the drive has been prepared with bdehdcfg, start bitlocker encryption and restart the computer.
else if($sysdrivelocker.VolumeStatus -eq "FullyDecrypted"){

    #Creating the recovery key
    Start-Process 'manage-bde.exe' -ArgumentList " -protectors -add $env:SystemDrive -recoverypassword" -Verb runas -Wait

    #Adding TPM key.
    Start-Process 'manage-bde.exe' -ArgumentList " -protectors -add $env:SystemDrive -tpm" -Verb runas -Wait
    sleep -Seconds 15 #This is to give sufficient time for the protectors to fully take effect.

    #Getting Recovery Key GUID.
    $RecoveryKeyGUID = (Get-BitLockerVolume -MountPoint $env:SystemDrive).keyprotector | where {$_.Keyprotectortype -eq 'RecoveryPassword'} | Select-Object -ExpandProperty KeyProtectorID

    #Backing up the Recovery to AD.
    Start-Process 'manage-bde.exe' -ArgumentList " -protectors $env:SystemDrive -adbackup -id $RecoveryKeyGUID" -Verb runas -Wait

    #Enabling Encryption.
    Start-Process 'manage-bde.exe' -ArgumentList " -on $env:SystemDrive" -Verb runas -Wait

    #Restarting the computer, to begin the encryption process.
    Restart-Computer
}
#If the drive is not bitlocker ready, prepare it and restart the computer.
else if([string]::IsNullOrEmpty($sysdrivelocker.VolumeStatus) -eq $true)

    #Starting the defrag service, required in the next step.
    Get-Service -Name defragsvc -ErrorAction SilentlyContinue | Set-Service -Status Running -ErrorAction SilentlyContinue

    #Preparing the systemdrive for bitlocker activation, and restarting the computer.
    BdeHdCfg -target $env:SystemDrive shrink -quiet -restart | Out-Null
}
#Exit in case the volume status is anything else (e.g. paused or decryption in progress).
else{
    exit
}

是的，在有人要求之前，我已经正确设置了，因为我找到的任何指南都告诉我，该脚本位于\\ domain.local \ SysVol \ domain.local \ Policies \ {GPO-GUID}下Machine \ Scripts \ Startup和用于故障排除的目的我甚至将我的机器执行策略设置为不受限制。