Not even sure where to start on this list. I'll leave security alone since it's such a hotspot (and is so incredibly relative it isn't even funny).

You'll need to define what you mean by Control to me... Webserving is an incredibly simple task, how much control do you want? Between IIS and web.config you have incredible amounts of control, in fact more than with Apache/.htaccess.

Automation... Between servers? Scheduled tasks? Remoting? Web service-fired events? OS-based listeners?

Wink

You're right about the separation of windows / web users. They are all in the same place, but they are easily separated. It's called sandboxing and has been done since the beginning of time. But yes, it would be nice to somehow have different users in some cases.

However, in non-ISP environments you can be damn sure I want to use NT/Directory authentication. Saves the trouble of login scripts entirely. If someone's logged into the domain they have access to all the apps they need.

Try doing that with Linux Wink (oh, is That what you meant about control? Wink).

Linking a webserver to a domain... Again, in an ISP environment, sure. But since most of the webservers out there are in corporate environments, it sure does make sense to link it to a domain. Inside a DMZ or semi-safe zone sure, but still within the sphere of domains that a corporation operates (we have 50+).