The Spring 2017 24HOP focused on data security, a subject near and dear to me. One of favorite presentations was Bob Pusateri’s Passive Security for Hostile Environments. He showed what measures you can take when you have a situation where users who shouldn’t have sysadmin rights have those rights nonetheless.
I’ve faced similar situations and taken similar measures in the past. In Bob’s case he presents it in way that is systematic and easily digestible. definitely worthwhile watching. You can fine the slide deck and demo scripts on Bob’s blog.