| In a corporate Windows-biased environment, there are usually a set of private ‘network drives’ for users’ mail etc., and a further set of public network drives so that users can share information with colleagues.
If there is one public folder on the network for each user, you can mount those folders onto the webserver using samba, and institute a convention that a ‘public_html’ (or similar) directory within that folder will be made visible via the web server. You can almost certainly leave CGI disabled for those folders, and the performance hit of serving pages from a network file system should be irrelevant for a typical intranet.
Another option would be to set up web folders using WebDAV (apt-get install libapache-mod-dav) for each user, and hook the authentication into the corporate network auth (e.g. via samba with libpam-smb, or via LDAP).
The first option is probably the better (though less exciting) one.