+ Force log offs from network within every 24-hour period for all users. Then,
+ Edit login script to check for presence of Admin share, recreate (net share ...) if not there.
+ If shares not there, have network message sent to administrator - log, then tackle with solid evidence of the changes taking place either w/end-user or their manager.
+ Try renaming the 'net.exe' or 'share.exe' files, and/or hiding, and/or changing permissions to prevent users from changing things on the command line (will not affect clients using 'Server Manager', however).
+ fire the clowns and let them play with their own systems with all their free time.

Bill