That's friggin hilarious. I feel for you bro!
I saw a good idea on an Infoworld article: change the Administrator account to IT (or something boring and innocuous like backup drudgery maybe) and then create an account named Adminstrator that doesn't have access to the most extremely important bits. Just let them think they do. Saves effort :)
Yes, but I know my boss, he'd insist on knowing the real admin password and he would eventually give it out to someone he "trusts".