Ambiguous because I was just trying to read between the lines. Knowing that there is some additional security configuration required and that this is expected behavior makes it clear.
The registry keys in question allow administrators access, so it should work to add the farm account to the local administrators groups on the machines in question. That said, I'll probably have the customer register the event sources with a script for two
1. It's fewer steps. (login, run this script)
2. I don't want to give the farm account this level of access to accomodate one situation.
I think modifying permissions on the individual registry keys, while workable, has more cons than pros.
Based on this I don't get event logging in my provisioning time jobs (this is for a custom service application), but that work is done by a SharePoint savvy admin anyway so ULS only at that point is fine.
I really appreciate the clarification, I think you folks did a great job on this. If you need help next time around I'd be happy to pitch in!