SQL Server 2005 has a couple of groups added that are local to the actual machine - not domain groups - added as logins, not to mention the BUILTIN\Administrators group.
If this individual is a local administrator on the server - or has added himself to one of the local groups - then that individual would have sysadmin access to the instance. To fix this you would disable/remove the BUILTIN\Adminstrators and/or remove the individual from those groups. However - if the individual is an administrator on the machine they could just add themselves back...
To prevent that specific user - add his domain account as a login and disable (DENY CONNECT) that login. That should prevent the user from accessing the instance...as long as you can disable or remove the BUILTIN\Administrators.
Problems are opportunities brilliantly disguised as insurmountable obstacles.
How to post questions to get better answers faster[/url]
Managing Transaction Logs[/url]