We need an API to launch applications with Windows. You can make an app startup by making a shortcut in the Start Menu\Startup folder or through a Registry entry (Software\Microsoft\Windows\CurrentVersion\Run), but if your application is running in reduced security mode it isn't an option. Better would be an API call that an application could use. The user should then see an alert from Windows, "An application, XXX, is attempting to register itself to launch with Windows. Is this OK?". An Advanced mode would let you see the actual path it wanted to register and exactly how it was registering (current user/all users). It would be pretty easy to do and would be a great compromise.
I say all this because I really like ClickOnce applications, but it's low-security mode makes it impossible to make auto-starting apps. I can see good reason for disallowing Registry manipulation, but app startup is something that would really be better served as an API call anyway. If Registry is used by the API call, that's fine, but it's an implementation detail that I shouldn't need to worry about.
I'm really just whining though. I briefly considered making a service to assist with this, but it's not really worth it. Maybe in a bigger company. You could also use the auto-update features without the deployment features I think so that would still be better than nothing. Just an avenue I haven't explored yet.
Am I missing anything? Are there better ideas for tackling this?