Writing to Registry? Some best-practices...

Use the following best practices when dealing with the Windows registry.

• Use of registry reduces application portability. Therefore, use only if required.
• Don’t use the registry as a configuration trash–bin.
• Don’t store secrets in registry.
• Encrypt application data stored in the registry.
• Discourage users from directly editing the registry.
• Perform input validation on data read and written to registry.
• Don’t write data to HKLM. Reading back the data will require the user to be logged on as administrator as by default only Read-access is provided to HKLM all users.
• Don't open registry keys for FULL_CONTROL or ALL_ACCESS.

Vista update:
a) Always open registry keys with read-only access when possible. Use read-write access only when needed and revert the permissions back to read-only once the operation is complete.
b) Beware of WRP (Windows Resource Protection) that might be protecting a hive you might want to store your app data into and may result in access denied error message and ultimately broken app functionality.
c) How to find out if WRP is active for a registry key, Two ways of doing this.

a. Programmatic: Call the SfcIsKeyProtected function in your code .
b. Administratively: Use Regedit by right-clicking the key in question  Permissions. Keys that are WRP will show Trusted Installer with Full Control.  SYSTEM, Administrators, and Users will only have Read permissions.

d) Hopefully, the registry changes are being doing through a thick-client and not IE. If it is IE, btw, remember that in Vista runs IE in protected mode and so wont be able to store to HKCU.