Holy cow, I wrote a book!
If changing a setting requires administrator privileges in the first place,
then any behavior that results cannot be considered a security hole
because in order to alter the setting, attackers must already have gained
administrative privileges on the machine, at which point you've already
lost the game.
If attackers have administrative privileges,
they're not going to waste his time fiddling with some setting and
leveraging it to gain even more privileges on the system.
They're already the administrator;
why go to more work to get what they already have?
One reaction to this is to try to "secure" the feature by asking,
"Well, can we make it harder to change that setting?"
For example, in response to the Image File Execution Options key,
Norman Diamond suggested "only allowing the launching of known debuggers."
But this solution doesn't actually solve anything.
What would a "known debugger" be?
Besides, it doesn't matter how much you do to make the Image File
Execution Options key resistant to unwanted tampering.
If the attacker has administrative privileges on your machine,
they won't bother with Image File Execution Options anyway.
They'll just install a rootkit and celebrate the addition of another
machine to their robot army.
Thus is the futility of trying to stop someone who already has
obtained administrative privileges.
closing the barn door after the horse has bolted.