Just breifly, I am currently using a patch management solution called Shavlik Protect. With this, I am able to input Windows Admin Credentials so that whenever I push updates and patches, there are no Permission's issues.
That being said, I recently ran into an issue with WebRoot where the numberpad on the key board would be rendered unusable depending upon the website or application my users were using (usually something that required Java). I got the patch from your KB article on this and deployed the registry key edit through the agent using the registry command in the console. Needless to say it did not work because at the time it was deployed the user logged onto the machine was not, or did not have, administrative rights. I was also told by tech support, or perhaps maybe misunderstood, that if no one was logged onto the machine but it was powered on, the endpoint would not install the registry command. The only other option would be to download the zip file with the registry key and install it while logged into the machine with admin credentials. I should not have to be logged into the machine I am trying to push the registry key to from the console. At that point, I might as well just download the zip and install it on every computer manually in my company which then makes the registry and dos command feature in the console almost useless.
Perhaps this is something that can be added into the console. A place where you can enter admin credentials for the network which would allow us to more easily control the endpoints without any problems. Along with this, a tracker that will let you know if your registry or dos command was successful or failed, even if its in email form.