[BBBCat]

А вот это не о том?

Код:

procedure SetRegKeySecurity(KeyRoot : HKEY; KeyName : String);
var
  Privs : IJwPrivilegeScope;
  Key : HKEY;
  KeySec : TJwSecureRegistryKey;
  DACL : TJwDAccessControlList;
begin
  JwInitWellKnownSIDs; //inits JwSecurityProcessUserSID

  if RegOpenKeyEx(KeyRoot, PChar(KeyName), 0, KEY_ALL_ACCESS, Key) = ERROR_ACCESS_DENIED then
  begin
    Privs := JwGetPrivilegeScope([SE_TAKE_OWNERSHIP_NAME], pst_Enable);

    if RegOpenKeyEx(KeyRoot, PChar(KeyName), 0, WRITE_OWNER, Key) <> 0 then
      RaiseLastOSError;

    try
      TJwSecureRegistryKey.TakeOwnerShip(Key);

      if RegOpenKeyEx(KeyRoot, PChar(KeyName), 0, WRITE_DAC, Key) <> 0 then
        RaiseLastOSError;


      KeySec := TJwSecureRegistryKey.Create(Key);
      try
        DACL := KeySec.DACL; //returns a cached DACL so we must not free it!

        DACL.Add(TJwDiscretionaryAccessControlEntryAllow.Create(nil, [afContainerInheritAce], KEY_ALL_ACCESS, JwSecurityProcessUserSID));
        KeySec.SetDACL(DACL);
      finally
        KeySec.Free;
      end;
    finally
      RegCloseKey(Key)
    end;
  end;
end;