All our users are Power Users, but we have a program that need Modify access to these parts of the Registry, which a Power User cannot do, so at the minute said program is unusable.
I have looked at setting these via group policy, but apparently I can only use this feature to modify permission for HKEY_LOCAL_MACHINE, HKEY_USERS and HKEY_CLASSES_ROOT. I realise that the profile for every user is kept in HKEY_USERS, but changing this setting for every user that has ever logged onto that PC would require knowing the SID of every user, which isn't feasible.
If I understand it correctly, when a user logs on, the Registry profile of that user is copied from HKEY_USERS to HKEY_CURRENT_USER. After this happens, is there no way changing the permissions in HKEY_CURRENT_USER after logon, rahter than changing HKEY_USERS before logon?
I would be looking to have this as some sort of command(s) that run in a Logon Script, so preferably batch commands, or VB Script.