Bitlocker script not runned from all clients at startup

Question

Hi all,
Inside company, in the past, Bitlocker recovery keys were saved in a shared folder on file server.
All laptop are Windows 10 Professional and domain controllers are Win 2016 DataCenter.

A few days ago I installed Bitlocker roles on domain controllers and I created my first GPO to manage and store bitlocker of company laptop.
This gpo only works with laptops on which I have enabled the bitlocker after the deployment of the GPO.
Here you can see my GPO that permit domain computers to save Bitloker key on Active Directory.

I would save on AD recovery key of all laptops/computers that I enabled Bitlocker before to create and deploy the "new management of bitlocker key".
I created a second GPO that runs a simple PowerShell Script to send recovery key to domain controllers.

Here, you can see the second GPO to backup recovery keys:

The PS script is stored in \company.local\SysVol\company.local\Policies{9CDB32A0-1534-4B3D-86D1-F96974CB0E70}\Machine\Scripts\Startup

PowerShell script is:
$keyID = Get-BitLockerVolume -MountPoint c: | select -ExpandProperty keyprotector | where {$_.KeyProtectorType -eq 'RecoveryPassword'}
Backup-BitLockerKeyProtector -MountPoint c: -KeyProtectorId $keyID.KeyProtectorId

I configured security settings that permit to "Domain computer" and "Authenticated User" to read and execute this script.

I noted that not all computer inside company runned this script properly and I do not have all bitlocker recovery key on AD.

Should be wireless network an issue?
Does exist another way to backup bitlocker recovery key from laptop on which I have enabled the bitlocker before the deployment of the GPO?

Thanks for your suggestions in advance!

Answer 1

Hello @Anonymous ,
In this moment I applied the GPO to an OU with a small number of company computers.
I will try to test it soon (disable Fast StartUp)
I will keep you update!

Federico