In-lieu of having TDE available you can use file-level encryption like EFS to encrypt the folders/files where SQL has the data/log/backup files.

As for your access issue in Windows on your domain, SQL Server 2005 and earlier kept the built-in/administrators group in the sysadmins server role. Ensure the authorized personnel who need sysadmin rights have logins set on your instance and are a part of the sysadmins server role. Once that is done you can remove the built-in/administrators role. That will take care of any non-authorized domain/server admins from accessing your instance, unless they bring it up in single-user mode.