I don't think so. A sysadmin is always going to be able to grant herself rights required to open the key.

So I think you'd need to use passwords instead of certificates. Nothing wrong with that, but you'll need to figure out how to securely manage the password (outside of SQL)...this was one of the big potential problem areas we were trying to avoid when we came up with the approach presented here.

Check notes at bottom of http://blogs.msdn.com/lcris/archive/2005/12/16/sql-server-2005-yet-another-column-encryption-demo-quot-clinic-quot.aspx, where Laurentiu Cristofor answers same question.