Just a small note: I don't think that setting registrykeys during a logonscript is a good idea.

Setting keys when the logonscript runs means the user in question has the appropriate rights to change them (remember the logonscript runs with the users credentials). Since anyone can read the logon scripts, anyone could also find out which keys get changed. Once they know that they could undo/modify any changes you made.

Use the (group)policy editor to create a policy that dictates these changes. These cannot be modified by the user.