DSC and HKCU Planning?

I recently started down the path of Powershell and DSC, trying to find an easier and more practical way to maintain baseline configurations on closed-network/non-domain workstations.

After getting all excited seeing and playing around with various ways to enforce registry settings, I ran in to a massive hard stop when I found I cannot enforce any HKCU registry items through DSC. Does anyone know if there are any future plans to allow control and enforce for HKCU elements? Anyone who works with STIG’s knows how much HKCU is a consistently touched hive for security hardening.

Also, as a hail mary, has anyone found a way to enforce HKCU settings with help of DSC?

Welcome to the forum. :wave:t4:

I doubt that and I think it is very unlikely that there will be one some day. Microsoft already has an established technology to centrally maintain HKCU keys and settings in an Windows infrastructure … it’s called GPOs. :man_shrugging:t4:

That’s why I mentioned the clients are non-domain controlled, so GPOs are useless for this scenario. And Powershell in general doesn’t play well with LGPO, which is why I was hoping that DSC would play well with HKCU elements

I had actually missed that … sorry. But if I understood DSC right it is not made for client systems. So you’re probably pretty much out of luck. :man_shrugging:t4: