Your comparison to facebook is somewhat off base. Since you don't pay anything, its hard to say they're 'swindling' you by reactivating your free account when you log into it. Also, since you're not paying anything you're not thier customer. You're the product they sell to other people.
I agree, excpet thinking they have decent drive sleds. How do you make a server that lets you accidentally bump a drive and dismount it? Want to have that ejected drive come back online? Gotta reboot the server. Want to use the lock on the box to prevent those drives from accidentally dismounting? Sure you you explicitly picked a boot volume in the Startup Disk control panel, otherwise you'll get that lovely blinking question mark if you ever try to reboot it when locked.
The mounting/hardware of the Xserve lines seems like what you'd come up with if you'd never actually had to deal with servers before.
You might want to take a look into Centrify and LikeWise's options for doing OS X management from an AD centric environment. We use Likewise open software for AD integration for our linux servers, and don't need the group policy type control for those, but the rest of thier feature set looks quite nice.
Considering its setting next to a pin for marbles and for good manners, I'd say its probobly about at right level for the 9 year olds its targeted to. I remember at that age earning an arrow (do they even still have those arrow patches) for learning a couple ways to tie a tie in cub scouts.
There's still a few apps out there that either require USB keys for licensing, or that you want to have interact some sort of physical device that doesn't have its own IP stack. Thankfully, these cases are fairly uncommon these days, but they do still exist.
You're just making it harder than it needs to be. Use Ghost, Acronis, KACE, or any of the other semi-hardware agnostic imaging systems. Failing that, just take individual images of each peice of disparate hardware. Just takes a little one time act for each peice of hardware, and a large disk drive.
You're not going to be able to throttle at the router in an environment like this. For an office this size, its doubtful that the computers are on different subnets. Same subnet = not going through the router, and just staying local on the switch.
If you have a very large network and no centralized configuration manager, you're going to have a lot of problems every time any issue comes up that requires a change. Config managers don't have to be complicated or expensive (see RANCID or CatTools), but not having them inplace means a lot of needless legwork.
You don't - you have remote disable/nuke options. Once something is stolen, the odds of you getting it back at pretty small, since regardless of whatever tech means you have of identifying the owner, you still need to have someone go get it from the thief.
Better option is to disable the device remotely (Blackberries have a nice set of tools for this). Once its gone, its gone, but this way they don't have your data or a working device.