I understand your situation and it can be quite frustrating. Here are some potential solutions and insights that might help:
Kernel DMA Protection: Kernel DMA Protection is a Windows security feature that protects against external peripherals from gaining unauthorized access to memory. It’s recommended to disable the BitLocker DMA attacks countermeasures if the system supports Kernel DMA Protection. Kernel DMA Protection provides a higher security bar for the system over the BitLocker DMA attack countermeasures, while maintaining usability of external peripherals.
BitLocker Event ID 812: This error typically occurs when BitLocker cannot use Secure Boot for integrity because the UEFI variable ‘SecureBoot’ could not be read. One potential solution is to verify the PCR validation profile of the TPM and the secure boot state. You can also try running your script as the system account using an elevated command prompt.
GPO Not Working on Desktop PCs: If the GPO is not working on desktop PCs, it could be due to a number of reasons. One possibility is that there’s some kind of outdated driver that is not allowed by DMA. You can check which driver it is, update it, and then allow it manually via the registry editor.
BitLocker and TPM: If TPM is activated and in 2.0, and Secure Boot is enabled, everything should work locally. However, if you’re still encountering issues, you might want to try the command manage-bde -protectors c: -add -tpm again.