I'm trying to write a Zen app to delete and recreate some registry keys for all of our users, who run as non-admin.

I have keys in HKCU and HKLM that I have to delete and recreate. As a result, running my app elevated makes it hard to modify things in HKCU (because the app doesn't run as the user), and running non-elevated makes HKLM difficult (due to registry permissions).

I therefore want to add an entry to the users' group policy to give them permissions to the HKLM keys that need to be modified.

I have created an INF file using MMC that specifies only the reg key that needs to be modified. I am not clear from reading the documentation as to whether importing that INF completely replaces all security settings in the group policy, or just supplements them.

If it replaces them, do I need to migrate my existing security settings to live in the same INF file and re-import it? How do I do that?

Alternatively if anyone can suggest a better way to achieve what I want to achieve...I was thinking of finding a way to discover which of the HKEY_USERS refers to the currently logged on user, and put my app in UNSECURE mode and just modify their HKCU settings that way.