This wouldn't have a public root, but it would be a stepping stone toward enabling:
o Virtual smart cards. Well-managed computers provide the 2nd factor for multi-factor.
o Rights Management Server. Microsoft's DRM offering for high-risk data.
o Extremely low-overhead cert management SSL for internal webservers. Never have a human request or renew a cert, if you don't have a public webserver.
o Multi-factor authentication methods that depend on a user certificate. Smart cards, USB tokens, etc. all need a simple user certificate deployment capability.
o Higher security capabilities for many existing technologies, e.g. EFS, RDS, S/MIME