I'm really struggling with a problem that I have with my software running under NT/2k. Basically, I want to create keys under HKEY_LOCAL_MACHINE and write and retrieve data from these keys. This works fine with my code as long as the user has the appropriate rights to the Registry keys. It seems, quite frequently, that unless Users have Administrator rights their Registry access is restricted by default. My questions are:

1. Under these circumstances is it possible to create a key under (say) HKEY_LOCAL_MACHINE\Software\... where users have unlimited rights to open/query/read/write, etc. to the keys created by me and if this is possible I presume the RegCreateEx call with the appropriate Security Descriptor information must be set. If so what are the values I should be setting under SECURITY_ATTRIBUTES for:

nLength
lpSecurityDescriptor
bInheritHandle

2. If I have previously created a key without the correct security information is it possible to change it using RegSetKeySecurity and, if so, how.