Privilege Manager Registry Traverse Rule for Registry Values

What is a one sentence summary of your feature request?

Need a way to allow users access to a regsitry key while restricting certain values

Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.

We are attempting to give user access to manage their own startup applications in Settings-> Apps → Startup. By default, any machine-wide application requires users to be an admin to change it. We can enable users by a registry traverse rule to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved. The problem is that there are a few applications we don’t want users to be able to disable. So need a rule that can set those few registry values to remain with read-only access.

How do you currently solve the challenges you have by not having this feature?

We do not currently have a way to enable users to manage startup applications. Without this feature, we will not be able to roll out a solution because there are some applications we can’t allow users to disable.

I think you’re looking for ACL level registry values, which “isnt a thing in windows.”

PP registry settings mirrors what’s done in GPPrefs Registry CSE. If it’s not possible there, its not possible with us.

However, if I’m reading it wrongly, and you have some step by steps (manually) that would work, maybe we can investigate a PP way to achieve the same goal?