Context: I have this script that edits local GPO for a specific usecase I have. When run locally the script runs fine, makes the changes to the local GPO and ends. When running in automox the worklet reports it ran all the way through, but when checking the machine itself it does not actually change anything.
Any ideas on what might be causing this?
Script:
#Set Execution policy to allow for 3rd party modules
Set-ExecutionPolicy Unrestricted -Force
#Instal NuGet which is needed for PolicyFileEditor
Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
#Install PolicyFileEditor
Install-Module -Name PolicyFileEditor -RequiredVersion 3.0.1 -Force
Import-module -Name PolicyFileEditor
#Designate the User's local group policy directory
$MachineDir = "$env:windir\system32\GroupPolicy\Machine\Registry.pol"
Get-PolicyFileEntry -Path $MachineDir -All
#Enable Deny write access to removable drives not protected by Bitlocker
$RegPath = 'System\CurrentControlSet\Policies\Microsoft\FVE'
$RegName = 'RDVDenyWriteAccess'
$RegData = '1'
$RegType = 'DWord'
Set-PolicyFileEntry -Path $MachineDir -Key $RegPath -ValueName $RegName -Data $RegData -Type $RegType
#Disable DenyCrossOrganization Use
$RegPath = 'Software\Policies\Microsoft\FVE'
$RegName = 'RDVDenyCrossOrg'
$RegData = '0'
$RegType = 'DWord'
Set-PolicyFileEntry -Path $MachineDir -Key $RegPath -ValueName $RegName -Data $RegData -Type $RegType
#Enable 'Enforce Full Encryption type on removable data drives'
$RegPath = 'Software\Policies\Microsoft\FVE'
$RegName = 'RDVEncryptionType'
$RegData = '1'
$RegType = 'DWord'
Set-PolicyFileEntry -Path $MachineDir -Key $RegPath -ValueName $RegName -Data $RegData -Type $RegType
#Enable 'Control use of Bitlocker on removable drives'
$RegPath = 'Software\Policies\Microsoft\FVE'
$RegName = 'RDVAllowBDE'
$RegData = '1'
$RegType = 'DWord'
Set-PolicyFileEntry -Path $MachineDir -Key $RegPath -ValueName $RegName -Data $RegData -Type $RegType
#Enable 'Allow users to apply Bitlocker protection on removable data drives'
$RegPath = 'Software\Policies\Microsoft\FVE'
$RegName = 'RDVConfigureBDE'
$RegData = '1'
$RegType = 'DWord'
Set-PolicyFileEntry -Path $MachineDir -Key $RegPath -ValueName $RegName -Data $RegData -Type $RegType
#Enable 'Allow users to suspend and decrypt Bitlocker protection on removable data drives'
$RegPath = 'Software\Policies\Microsoft\FVE'
$RegName = 'RDVDisableBDE'
$RegData = '1'
$RegType = 'DWord'
Set-PolicyFileEntry -Path $MachineDir -Key $RegPath -ValueName $RegName -Data $RegData -Type $RegType
Get-PolicyFileEntry -Path $MachineDir -All
Invoke-GPUpdate -Force
Write-Host "| All Bitlocker To-Go policies have been applied. |"