Don t Open Objects for FULL_CONTROL or ALL_ACCESS
This advice has been around since the early days of Windows NT 3.1 in 1993: if you want to open an object, such as a file or a registry key for read access, open the object for read-only access don t request all access. Requiring this means the ACL on the objects in question must be very insecure indeed for the operation to succeed.