An angry god

His trick

Your systems administrator was running your network before dirt was invented. He's always had root or administrator accounts for his daily work, and he's not going to start using sudo now. In fact, he's insulted that you suggested it, and is withholding access rights from the only other senior administrator. One of the R&D departments claims that a bunch of its data is now inaccessible, and now your guy is asking for a raise.

Your treat

A hardware keystroke logger (available for PS/2, USB or even this bogus but plausible rig for a laptop) is your best friend when digging a shallow grave is not an option. Read up on rules of evidence and chain of custody, get authorization from the CEO to tape your conversations, install a stand-alone security camera, and unless he's sleeping at his desk, unload the contents of the keylogger every night. Be patient; if he thinks he's bulletproof, he's bound to do something juicy you can hold over his head. When you do make your move, make sure you've replaced the firewall, wireless and VPN configurations before he's escorted from the building.