I still think a good reason to have WA is that it forces the person to have authenticated to our domain. Using SQL Logins someone could (in theory) execute lots of commands or even use SQL Enterprise Manager and never authenticate to the domain. Not the Win2k or NT domain security is the best in the world either. In my mind it would be more difficult to first join the domain (I could be wrong, wouldn't be the first time).

Ross