Whether or not you can be successful at this depends on the security settings you're configuring. Many of them are not accessible (they're stored in the registry's security hive) and should never be deployed using this technique. Other settings are legitimately deployed using registry hive files. However, using a hive file is more of a shotgun approach, since the hive file replaces the key in to which you import it. So, I recommend that you use REG files.
The last thing I want to mention is that you shouldn't deploy policies as REG files or hive files. You should always establish policies using Group Policy, since there's much more going on behind the scenes than just setting some registry values. If you set these policies using REG files, you'll tattoo the registry and won't see the results in Group Policy editor, Resultant Set of Policy, etc.
One solution is to find a good scripting tool that'll walk through your configuration steps for you. Another is to deploy your servers as disk images (prior to promotion).
This was first published in September 2002