Thanks for the replies, there's some good stuff in here. Sorry I didn't respond earlier...I forgot to subscribe to my own post again.
I had thought about the VM solution and am going to talk with my boss about it. Without going into too much detail, I will be doing more internal pentesting than anything and we don't have an official, established toolkit as of yet.
Part of my job is to research and build our toolkit before the testing begins. There is some money in the budget for commercial apps, which we will be getting, but I'm not sure of the amount.
I think all the advice on setting up a VM and only using it when testing is the way I'm going to present it to them. I don't really need to use it on a daily basis, but I do feel pretty lost testing without it, even if we do get some pretty nice commercial tools. The advantage of using what an attacker is most likely using is a big thing too.
As of right now, only a few of the IT people are familiar with linux and by boss hasn't even heard of backtrack. I think if I can explain some of the points that you guys have made, along with demonstrating Backtrack and the usefulness of some of the tools, I'll be able to get somewhere.
Let me know if you've got anything else to add. I'm probably not going to get to the actual testing for another few weeks, but I'll try to update on the outcome.