Here's an idea (I'm working on implementation):
- intercept all calls to HKEY_CLASSES_ROOT.
- for every OpenKey try it against
HKEY_CURRENT_USER\Classes instead. If it doesn't succeed, then
fall down to HKEY_CLASSES_ROOT.
- for every SetValue/CreateKey failed with
ACCESSDENIED copy/create it in
HKEY_CURRENT_USER\Classes and resume operation.