I recently started down the path of Powershell and DSC, trying to find an easier and more practical way to maintain baseline configurations on closed-network/non-domain workstations.
After getting all excited seeing and playing around with various ways to enforce registry settings, I ran in to a massive hard stop when I found I cannot enforce any HKCU registry items through DSC. Does anyone know if there are any future plans to allow control and enforce for HKCU elements? Anyone who works with STIG’s knows how much HKCU is a consistently touched hive for security hardening.
Also, as a hail mary, has anyone found a way to enforce HKCU settings with help of DSC?