ThinApp User’s Guide : Configuring Package Parameters : Configuring Isolation : RegistryIsolationMode

The RegistryIsolationMode parameter controls the isolation mode for registry keys in the package. This setting applies to the registry keys that do not have explicit settings.
The capture process does not set the value of this parameter. You can configure the registry isolation mode only in the Package.ini file. ThinApp sets the initial registry isolation mode to WriteCopy. For information about isolation mode options, see DirectoryIsolationMode.
Do not use the Full isolation mode in the Package.ini file because that mode blocks the ability to detect and load system DLLs. You can use Full isolation mode as an override mechanism. You can place exceptions to the configured RegistryIsolationMode parameter in the registry key text files in the project directory. An exception might appear in a file, such as HKEY_CURRENT_USER.txt, as isolation_full HKEY_CURRENT_USER\Software\Macromedia.
All runtime modifications to virtual files in the captured application are stored in the sandbox, regardless of the isolation mode setting. At runtime, virtual and physical registry files are indistinguishable to an application, but virtual registry files always supersede physical registry files when both exist in the same location. If virtual and physical entries exist at the same location, isolation modes do not affect access to these entries because the application always interacts with virtual elements.
If external group policy updates occur separately from the package through the physical registry, you might remove virtual registry files from a package and verify that the parent file of these virtual registry files does not use Full isolation. Because child files inherit isolation modes from parent elements, Full isolation in a parent file can block the visibility of physical child files to an application.
You can modify the RegistryIsolationMode parameter to ensure that the application can read keys from the host computer, but not write to the host computer.
You can ensure that the application can write to any key on the computer, except where the package specifies otherwise.