I sympathise with your point of view mohaugn, but I have made my opinions clear

Originally posted here by mohaughn
[B]As for disabling system commands. Again, I see no problem with doing this. If you do what you say, and test/document any new installs, then you will know ahead of time that turning off a certain command broke an install. I would also be really suspect of any software install that used CLI commands. You can do just about anything using windows installer and the installer APIs. Any software that installs using things like cmd or ftp, are bad install routines.. These would also be things that are tested and insured to work before going into production.
It depends which system commands you're referring to... I find it highly unlikely that many programs rely on telnet or ftp, but cmd.exe, cscript.exe and wscript.exe are basic Windows components these days and are relied on by MANY installers for a lot of products including Microsoft software.

IIS in fact ships with several configuration scripts which should be run with cscript.exe (If you choose to use them).

The Windows installer has APIs for a few things but a lot of configuration of real software is done by cmd.exe scripts or vbs scripts.

Granted, if you test absolutely everything and can guarantee that no software will require them, you can safely disable them. The problem is that a future version of existing applications may use them - even things like patches may use them. That's why I'm deeply suspicious of removing these core components.

Slarty