The Microsoft security baselines have User Right Assignment rules in terms of a string of comma delimited SIDs and the SecurityPolicyDsc module expects an array of display names. As a result, if you convert the baseline GPO to DSC with the BaselineManagement module, all User Right Assignment rules will fail when calling Start-DscConfiguration targeting the resulting MOF file.
For example, the BaselineManagement module conversion has the following rule.
The Microsoft security baselines have User Right Assignment rules in terms of a string of comma delimited SIDs and the SecurityPolicyDsc module expects an array of display names. As a result, if you convert the baseline GPO to DSC with the BaselineManagement module, all User Right Assignment rules will fail when calling Start-DscConfiguration targeting the resulting MOF file.
For example, the BaselineManagement module conversion has the following rule.
The above will fail to accurately evaluate the current setting or apply the desired state, but works if switched to the below.