Help with reg checks (does it exist, access denied, able to read, able to write/modify?) (a_ahmed)

Hi guys, I'm hoping you can help me out with what I'm trying to achieve.
 
I'm trying to write a routine to check if a certain registry key exists, if user has access to it and if a user can write/modify it. All these criteria have to be checked and under each scenario to do something and log it. I don't care about deleting. I already have a log routine.


Most solutions on the internet rely on a dirty method of just checking if an error code other than 0 is returned. That's not reliable.
 
For example HKEY_LOCAL_MACHINE\Security\ if a user has no access to it, those scripts will return stating the key doesn't exist... but it does.
 
The closest I've come is figuring out that if I run this it returns err.number -2147024891
 
 

 'strKey = "HKEY_LOCAL_MACHINE\SECURITY\"
 'strKey = "HKEY_USERS\S-1-5-18\"
 strKey = "HKEY_USERS\S-1-5-19a\" 
 on error resume next
 present = WshShell.RegRead(strKey)
 if err.number = -2147024891 then WScript.Echo "access denied"
 end if

 
 
For example in the above examples, SECURITY exists but current user has no access so it returns that error code, S-1-5-18 is me, exists and I have access to it and that user S-15-19a is a false key. S-15-19 like SECURITY, exists but current user has no access to it in which case the long -2147024891 is returned.
 
Now for the other keys there is no code returned... what gives?