Controlling access to servers

[<sf_mail_sbm () yahoo com>]

Hi List,

Consider a situation where IT Dept has full access and control over all servers

How do we manage security in such a case? i.e. how can we put control measures to prevent IT Admins to do whatever they 
want on the system without going through a proper control & approval process

One solution might be to give the admin passwords to the IT Security Section or the IT Audit, in this way, Admins will 
have to request them to log in the machine for all interventions

Of course this solution has lots of drawbacks!

I would be glad to know how other companies manage to control changes being done on IT systems, particularly in large 
organisations

Thanks for your comments

Ronish