>>It boiuls down to your personal philosophy of things. MS's intent was to at least keep station-specific and user-specific information in various registry keys; since it isn't in a text file form, it's easy to put widely variable data types in, and the hierarchical reference system is easy to work with IMO. Some people don't like the registry; there's nothing inherently wrong with using INI files or configuration databases (and I do both at times) to store configuration data. In many cases, I'll put a reference to the desired configuration database in the user's HKEY_CURRENT_USER hierarchy, and machine-specific configuration detail in another key somewhere in HKEY_LOCAL_MACHINE.
>>
>>It's your app, so its your choice.
>
>An added note: I usually use the "table" method for app configuration/preference storage, but I finally got around to trying to use the registry. And guess what? They're all locked up by LAN, only a couple high-level central administrators have registry write access from Control Panel or with Regedit.
>
>Now installing apps use code (API?) which allows registry writes, obviously (or the registry would not be working). But once I realized that some LANs may be quite "secure" about registry access, I gave the idea up. This is under Win95, and we're soon moving to all-NT, where they will be even tighter about security. Does this make sense, have you ever heard of this?

Yes, it makes sense to secure certain parts of the registry, but not all of it by any means! NT will allow selective access to the registry, letting the user read from some values and create in others. In most cases, I'd certainly allow applications to access registry keys in HKEY_LOCAL_MACHINE\Software and HKEY_CURRENT_USER\Software, and obviously the operating system needs to be able to access other parts even when non-privileged users are present.

If the restriction is on user access to registry editors, I'm generally in favor of it. There are sections of the registry, certainly specific hives (registry hierarchy segments) that associate with the user, especially for roaming profiles, need to be maintainable, as do software-specific regisry sections, otherwise many apps (like Word) won't work at all.

BTW, it's not the LAN security that's at issue, unless roaming profiles are in use, in which case the LAN Administrator has several powerful tools available such as POLEDIT to maintain system policies regarding access to applications, as well as security features of NT which can lock down sections of the registry from unpriveleged (underprivileged?) users.