If you can write the batch files and edit the conf files then there is no problem. I am talking about companies and individuals that slap a Linux box up as a webserver and think there safe just because they are using Linux. I had a client, a local ISP that did that. Every box they had was compromised and they did not even know it. They called me in after deciding a firewall might be a good idea. When I showed them what was happening to there systems they were shocked.
<rant> The sad fact is that security is a joke at most companies. I reported problems with the road runner (Time Warner/AOL broadband) network and have never heard anything from them. I ran across this by accident and was shocked. 3 months later it is still the same. </rant> As for the remote administration of NT/2000 boxes. I have used SSH for NT/2000 and the resource kit tools to do just about anything from the command line. Much faster. -------------------- IMHO, it's easier and more reliable to edit a .conf or .ini file than point-and-click my way through a GUI. I deal almost exclusively with WinNT/2K and IIS, and have to make and follow checklists and scripts to make certain I've done everything in the proper order. The process is time consuming and tedious, with too much margin for human error. If I could start off with a .conf or .ini that's already been properly configured for security, it's much easier to be certain the machine is secure. Auditing existing machines would be easier as well, just compare the current .conf to the template and resolve the differences. >From a systems administration point of view, Windows is a horrible pain in the ass. I wasn't a big fan of the dozens of .INI files in Win3x, and I'm forever trying to remember where the .conf files live on the UNIX/LINUX boxes I sometimes have to deal with, but at least I could find, read, edit, compare, backup and restore these files without spending a lifetime trying to decipher SIDs, GIDs and other meaningless (to me, at least) hexadecimal strings. Let's not talk about what a huge rectal cramp it is to try and make these changes over a 33.6kbps dial-up connection using pcAnywhere or WinVNC!