If a user is logged in as a local admin, they can enter literally any password to gain access to these settings.

https://www.techrepublic.com/article/macos-high-sierra-bug-lets-app-store-preferences-be-unlocked-with-any-fake-password/#ftag=RSS56d97e7