Keep Allow_Administrator_account_lockout out of schemas

[baristaTam]

We need to make sure "Allow administrator Account lockout" never ends up in the schema, since it's missing from the baseline local configuration manager. To generate the resources, some information about this type of account policy setting, but we don't want it to end up in the actual schema. 1.2.3 is specific to Win 11 and it may not be the same recommendation # in the future. This was added to $script:AccountPolicySettings = @{} in CISDSCResourceGeneration.psm1 to fix the resource generation issue with Win 11.

if($ExcludeList -notcontains '1.2.3' -and $LevelOne){ AccountPolicy "1.2.3 - (L1) Ensure Allow Administrator account lockout is set to Enabled" { Allow_Administrator_account_lockout = 1 Name = 'Allow_Administrator_account_lockout' } }

[MKletz]

Per our offline discussion:

This is a newer account policy that is missing from the pinned version of SecurityPolicyDSC. It might be supported in the latest release but that module doesn't seem to be in active development anymore. There is no stable release past what we have pinned just a 3yr old release candidate for v3.

We're not the only ones missing the support. https://github.com/dsccommunity/SecurityPolicyDsc/issues/193

If testing the last version of that module shows it works we'll have to decide if we want to use what's technically an unstable dependency. The dev of the v3 release being abandoned is cause for some concern going forward.

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 14 days.