Best Practice for Developing Registry-based Policy

The level at which you implement registry-based policy typically depends on the requirements of the customer.

If security is an important consideration, you should implement registry-based policy at the lowest level possible in your code; for example, at the function level. If your functions are policy-aware, it will be more difficult to defeat your policy settings.

If you plan to use policy to simplify the user experience and reduce the total cost of ownership of the desktop, it may be appropriate to implement your policy settings at a relatively high level in your code. However, if you implement policy at a higher level, for example, at the user-interface (UI) level, it may be possible for users to create applications that bypass your policy settings.