Inno-Setup update HKCU of original user in Win7/Vista

I'm trying to add my application path as a Trusted Location for an MS Access install using Inno Setup. I have the following lines in my script:

[Registry]
; Add the application folder as a trusted location for Access 2007
Root: HKCU; SubKey: Software\Microsoft\Office\12.0\Access\Security\Trusted Locations\{#DirName}; ValueType: string; ValueName: Path; ValueData: {app}; Check: AccessVersion('2007');
Root: HKCU; SubKey: Software\Microsoft\Office\12.0\Access\Security\Trusted Locations\{#DirName}; ValueType: string; ValueName: Description; ValueData: Gran开发者_Python百科djean and Braverman applications; Check: AccessVersion('2007');
Root: HKCU; SubKey: Software\Microsoft\Office\12.0\Access\Security\Trusted Locations\{#DirName}; ValueType: dword; ValueName: AllowSubfolders; ValueData: 1; Check: AccessVersion('2007');

This works fine in Windows XP and earlier, but often fails under User Account Control in Vista/Win7 because the (elevated) user running the install may be different than the currently logged in user.

The only workaround I can think of is to have a .reg file that gets extracted and run via ShellExecAsOriginalUser, but this seems hackish. Is there a better way?

Ideally, I would like the trusted location to be added for all users on the system.

I used the command-line utility reg.exe to do updates to the original user's HKCU. Reg.exe has shipped with Windows since at least Win XP. Since earlier versions of Windows may not have reg.exe (or it may not be accessible for some other reason), I've left the Registry section lines in place to provide redundancy and fallback.

It's still a bit hackish, but I think it is better than any of the other alternatives. Here's how the lines from the question look with this approach:

[Registry]
; Add the application folder as a trusted location for Access 2007 for the installing user (degrades gracefully for Windows 2000 and earlier)
Root: HKCU; SubKey: Software\Microsoft\Office\12.0\Access\Security\Trusted Locations\{#DirName}; ValueType: string; ValueName: Path; ValueData: {app}; Check: AccessVersion('2007');
Root: HKCU; SubKey: Software\Microsoft\Office\12.0\Access\Security\Trusted Locations\{#DirName}; ValueType: string; ValueName: Description; ValueData: Grandjean and Braverman applications; Check: AccessVersion('2007');
Root: HKCU; SubKey: Software\Microsoft\Office\12.0\Access\Security\Trusted Locations\{#DirName}; ValueType: dword; ValueName: AllowSubfolders; ValueData: 1; Check: AccessVersion('2007');

[Run]
; Add the application folder as a trusted location for Access 2007 for the current user
Filename: Reg.exe; Parameters: "add ""HKCU\Software\Microsoft\Office\12.0\Access\Security\Trusted Locations\{#DirName}"" /v Path /t REG_SZ /d ""{app}"" /f"; Flags: runasoriginaluser; Check: AccessVersion('2007'); StatusMsg: Adding trusted location...
Filename: Reg.exe; Parameters: "add ""HKCU\Software\Microsoft\Office\12.0\Access\Security\Trusted Locations\{#DirName}"" /v Description /t REG_SZ /d ""Grandjean and Braverman applications"" /f"; Flags: runasoriginaluser; Check: AccessVersion('2007'); StatusMsg: Adding trusted location...
Filename: Reg.exe; Parameters: "add ""HKCU\Software\Microsoft\Office\12.0\Access\Security\Trusted Locations\{#DirName}"" /v AllowSubfolders /t REG_DWORD /d 1 /f"; Flags: runasoriginaluser; Check: AccessVersion('2007'); StatusMsg: Adding trusted location...

Notice that the lines have been copied and modified from the [Registry] section to the [Run] section and have the flag runasoriginaluser set.

One solution to your particular case is to create a second setup which does not require elevated privileges, just to update the registry.

You can include this second setup executable inside the first one and call it with the /verysilent command line parameter using the already mentioned ShellExecuteAsOriginalUser.

For your second question, you must post it as a different question, I'm not access expert, but maybe you can do a whole-machine configuration adding the same values to the HKLM registry key.

My 5 cents.