Holy cow, I wrote a book!
One of my colleagues tipped me off to some additional resources
on the subject of
using the DropTarget technique for
accepting files for execution.
First, it turns out that there is
an SDK sample that demonstrates the DropTarget technique
This sample is fifteen years late
according to one commenter
who apparently thinks that the Platform SDK needs to provide a sample
for a feature that won't be invented for another twelve years.
Maybe we can use
the Microsoft Research project to predict the future.
No wait, we also need to get them to
invent the time machine
so we can take
the future-predictor machine back in time 15 years.
Second, there is
a sample for the ExecuteCommand technique.
ExecuteCommand technique is preferred over the DropTarget technique
because it is much easier to implement.
(Translation: much less you can get wrong.)
Like the DropTarget technique, the
ExecuteCommand supports out-of-process activation.
as it turns out,
App Path registration supports HKEY_CURRENT_USER
one of the complaints raised by a commenter
(a complaint I answered incorrectly).