A very neat and clever idea but I think this might be security catch-22 again. This key is Everyone read-only - so how would Saleem bootstrap this value into the registry (through the logon script without a plain-text password) ?

-Shawn