I would do a formal write up on the advantages of incorporating linux in the environment, including a cost savings angle. IT Suits (as I am one - unfortunately  ) will always be pressured from the biz folks for $$$ savings so perhaps you could breakdown how certain tools can help automate certain tasks and thus save time, etc. Hard to believe they are doing pen testing on just windows though, I would assume this is for a particular reason but opening their eyes to backtrack would undoubtedly be worth everyone's while.

I think I'd point out that if they don't allow you to use linux then they need to come up with some big bucks for the windows pentesting apps. Otherwise you can't do your job properly.

I agree with comments so far write up a review of the os and detail your reason why you want to use Linux.

Maybe say that using linux there more tools and you can get better coverage of whatever you testing. also any attackers are going to be using linux so by not having access to the same tools you cant be 100% sure the system would be safe.

As 3xban pointed out, a VM might be your best bet of getting a Linux box.  If you do go that route though, pick the hyper-visor that will work best with both the host and the guest.  And don't forget that backtrack was not built to be a secure OS but a pentest OS. 

Thanks for the replies, there's some good stuff in here. Sorry I didn't respond earlier...I forgot to subscribe to my own post again.

I had thought about the VM solution and am going to talk with my boss about it. Without going into too much detail, I will be doing more internal pentesting than anything and we don't have an official, established toolkit as of yet.
Part of my job is to research and build our toolkit before the testing begins. There is some money in the budget for commercial apps, which we will be getting, but I'm not sure of the amount.

I think all the advice on setting up a VM and only using it when testing is the way I'm going to present it to them. I don't really need to use it on a daily basis, but I do feel pretty lost testing without it, even if we do get some pretty nice commercial tools. The advantage of using what an attacker is most likely using is a big thing too.

As of right now, only a few of the IT people are familiar with linux and by boss hasn't even heard of backtrack. I think if I can explain some of the points that you guys have made, along with demonstrating Backtrack and the usefulness of some of the tools, I'll be able to get somewhere.

Let me know if you've got anything else to add. I'm probably not going to get to the actual testing for another few weeks, but I'll try to update on the outcome.