Instead of blocking the settings app, you could use powercfg to set appropriate security descriptors on the power schemes and actions. This way, you can ensure that the power settings cannot be changed from a standard user account regardless of the application doing it.
on my local account stops all of the settings from being changed for the Balanced power plan unless I elevate. Something similar could be done with the remaining plans and restricting ActionCreate would stop new plans from being created. My SDDL game is quite weak, but the one in that example is the default Windows 10 one, but I replaced the first "KRKW" with "KR" which there removes the write right and only allows members of the built-in Users group to just read the settings. Since members of the built-in Administrator group have full access (KA), this doesn't affect elevated users.
powercfg /SETSECURITYDESCRIPTOR 381b4222-f694-41f0-9685-ff5bb260df2e O:BAG:SYD:P(A;CI;KR;;;BU)(A;CI;KA;;;BA)(A;CI;KA;;;SY)(A;CI;KA;;;CO)(A;CI;KR;;;AC)