Here's an idea (I'm working on implementation):

• intercept all calls to HKEY_CLASSES_ROOT.
• for every OpenKey try it against HKEY_CURRENT_USER\Classes instead. If it doesn't succeed, then fall down to HKEY_CLASSES_ROOT.
• for every SetValue/CreateKey failed with ACCESSDENIED copy/create it in HKEY_CURRENT_USER\Classes and resume operation.