There is no difference in security if I give modify permissions to admin group only, as the same admin group can modify the permissions to get those anyway. Of course, if I want to delete a key, permissions no longer matter. But that's not my concern. I also have tested everything I'm scripting, in some cases keeping the reversion scripts too. Rest assured, I know what I'm doing
My problem is TrustedInstaller. By having keys owned and locked by it, administrators are effectively deprived the permission to administer the system, so importing .reg files no longer work sometimes, depending on what I touch.
You name PowerShell. Do you have any samples or references on how to do so and manage to import the keys? I know nearly nothing about it, but seems that it may be able to do what I want. Thanks!