Luckily Apple have a support document at http://support.apple.com/kb/HT2102 which details what registry settings to change. You'll probably want to skip to the "Preconfiguring Parental Controls" section, as the top half suggests you should create a unique entry in HKLM for every user that will ever log in to that machine. Thankfully it's a lot more straightforward than that.
By default iTunes will have created the following key on install (on a 32-bit machine remove the Wow6432Node part)-
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Apple Computer, Inc.\iTunes
Create keys named Parental Controls and Default so you get this path-
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Apple Computer, Inc.\iTunes\Parental Controls\Default
In the Default key create a DWORD value (choose 32-bit if you're on a 64-bit machine) named AdminFlags. To test it works, let's try and disable Ping and the iTunes Store. From the table at the article above we can see the flags we want are-
The AdminFlags value is a bitmask of these flags, so we just add these values together. This gives us a value of 0x00800004. But if you set AdminFlags to that value nothing will happen. Apple state that "these flags are only respected in AdminFlags when kParentalFlags_Locked is set." From the table at apple-
So, for any of these values to take effect we need to add 1. This gives us 0x00800005 or the decimal value 8388613. Set this value and lets see what happens.
So here is iTunes before setting the value...
...and here is iTunes after we set the value...
For people working in education this is a useful flag - 0x01940005 or 26476549 in decimal. This prevents the welcome screen from loading and allows access to iTunes-U while blocking access to the rest of the iTunes store.