The aspect that I would be most curious about is that is the batch being executed before or after a log-onhas been made. The reason I say this is, that if a user that is executing this type of command would not be able to if he/she didn't have regedit access in the first place. The only way that I could actually see this working is that if you ran the batch command even before a log-on was made. Yes, a different registry entry would have to be exploited but it's all relative.

scat