Recently I started diving down the path of using DSC to simplify and automate STIG enforcement for a few environments I work on that are non-domain/closed network clients. As soon as I started scripting up PS1 scripts to generate and create MOF templates, I quickly ran in to the realization that DSC is not applying any HKCU elements. After a few hours of googling around I stumbled upon old posts and questions from various forums and here, discussing how DSC is not designed to interact with HKCU.
I was just wondering if there's any work in the pipeline to allow for DSC to control and enforce HKCU elements? As anyone who works with STIG's, you quickly realize how many of the registry keys you have to touch live exclusively in HKCU. Or has anyone figured out any workarounds to force HKCU elements through DSC? With Powershell not liking LGPO, and DSC not playing with the HKCU hive, it really seems like Microsoft does not like non-domain/closed network environments.