I've seen this handled 2 ways.

1) remove the built in admin account rights from SQL. This can be done and if you google or search this site you'll find a variety of ways to accomplish it as well as numerous caveats on things to expect.

2) It's a management problem and a matter of trust. Audit the heck out of your databases and when unauthorized individuals do things like that they lose their jobs, take a couple of days off without pay or some other such punishment like you being allowed to personally smack them upside the head with the office tool of your choice. I prefer an old CRT we have here, it's heavy enough to really make them think and the cord is strong enough I can whirl it around a few times before connecting.

-Luke.