Great that it now works as per your requirement.
Mind you, this still won't lock the user at some future date IMHO. That would require GRC to keep a memory of requests it needs to provision in the future (that functionality does not exist) because you cannot provide a validity date to a locking status.
What you are doing now, I assume, is limiting the validity date of the user account with the "Change User" action - which is perfectly fine! But it's good to understand that the user (although not accessible due to a future validity date) is not technically in a "locked" status.