Registry Access Errors with the TFS API

If you are using the TFS API within a WebApp with impersonation there is a good chance you will see the error below when you run the web site on IIS

System.Security.SecurityException: Requested registry access is not allowed.    
at System.ThrowHelper.ThrowSecurityException(ExceptionResource resource)    
at Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable)    
at Microsoft.TeamFoundation.Client.RegisteredServers.OpenCurrentUser(Boolean writable, Boolean shouldCreate)    
at Microsoft.TeamFoundation.Client.RegisteredServers.GetUriForServer(String serverName)    
at Microsoft.TeamFoundation.Client.RegisteredServers.GetServerKeyForServer(String serverName, String subKey, Boolean writable, Boolean shouldCreate)    

If you google for this forums tells you to add read access for the impersonated user to

HKEY_CURRENT_USERSoftwareMicrosoftVisualStudio9.0TeamFoundationServers

However, this did not fix the problem. So after much fiddling and re-reading Naren’s Blog on configuring WIT I looked further down the error log and saw

The Zone of the assembly that failed was:    
MyComputer    
Access to the path ‘MicrosoftTeam Foundation2.0Cache’ is denied.    

So I created a cache directory and added the following

And it leapt into life, even with the added rights in the registry removed!

So it seems the first error is a red herring.