Mark
We run in this way. It also helps with automated patching. If a patch install reboots a machine you cannot then install a second patch as its waiting at the boot menu.
The way around this is to use AD to tell it to ignore the boot menu for a period of time or number of reboots.
We also use AD to add a second account to the machine so if we need to give the password out to an engineer, we can change it quite easily.
We found AD updates did not work with fresh installs of 7.0.5 only upgrades and 7.0.7