Script tasks can be used to run commands to add, remove, or modify registry keys and/or entries without interferring with other tasks and policies.

1. Create the Script Task to modify the registry

• Go to Manage>Jobs and Tasks
• Select an appropriate folder to create the task under
• Right-click on the folder and go to New>Task
• The Create New Task window will appear
• Scroll down to the bottom of the available tasks and select Run Script
• Name the task appropriately
• Leave Script type: set to Command Script
• In the empty box enter the command line to modify the registry key and/or registry entry with the appropriate reg add or reg delete command. 
• Example 1. The following command will create or modify a Reg_SZ registry entry called “Execution Policy” with a value of "Remote Signed" under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell:
  • REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell /f /v ExecutionPolicy /t REG_SZ /d RemoteSigned
• Example 2. This command will only modify the registry on 64-bit computers and would insert text including qoute characters (") into the value: 
  • if "%PROCESSOR_ARCHITECTURE%" == "AMD64" REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\CA AIP SSH Server for Windows" /f /v ImagePath /t REG_EXPAND_SZ /d "\"C:\Program Files (x86)\CAS\SC\AutoShellClient\SSHD.exe\"
• Click OK to close the Create New Task window and create the task

2. Run the Script Task

• If the script task needs to access HKEY_CURRENT_USER click Advanced, then change the Run As credentials to Current logged-on user and click OK. Symantec Management Agent credentials will work for other registry hives.
• Click on New Schedule, choose Now or specify a schedule time and repeat interval.
• Specify target computers to run the task on.
• To target a single computer click in the Quick add: box and search for the name of the computer, or use the Quick Run feature instead of New Schedule.
• To target a list of computers click on Add>Computers or Devices then manually select the desired computers and click > and OK.
• To target a computer filter (such as All Computers) click on Add>Target, click Add rule, choose exclude computers not in, and search the name of the filter in the final drop-down box, then click OK.

If the scripts needs to access HKEY_CURRENT_USER, running as Currently Logged on user is required.  However, if the currently logged on user is a standard user, there could be problems creating or modifying registry keys and entries due to access rights.  The best way to test for this would be to login as the standard domain user, access the registry key and try manipulating it.