Random inconsistent locations, random inconsistent rules for inclusions and imports, Random ill-documented ad-hoc formats, no standard interfaces to add/remove/set config values, no ability to put ACLS on individual config entries, basically no way to export and re-import or auto-merge partial config, without at least screwing up whitespace and comments or risking duplicates, no ecosystem wide single 'source of truth' pattern.
I've never seen one using acls on registry keys.
I have however seen several config files for the same program with different permissions. Think .ssh/config or /etc/sshd_config.
For your partial config / single source of trust please refer to ansible.
Random inconsistent locations, random inconsistent rules for inclusions and imports, Random ill-documented ad-hoc formats, no standard interfaces to add/remove/set config values, no ability to put ACLS on individual config entries, basically no way to export and re-import or auto-merge partial config, without at least screwing up whitespace and comments or risking duplicates, no ecosystem wide single 'source of truth' pattern.
They work, but they're not nice.