How are they resetting the BIOS password? I don't know how to do this short of opening the box. Would it not be simpler to disable floppy boot up, lock up the BIOS with a strong password, and possibly place a security sticker or two on the boxes themselves, you know, the type that you place across the cover that can't be removed without damaging the sticker, and check the boxes for tampering regularly?

Just my 2 cents... I think your management needs a lesson in security, I would fire the whole IT department and bring in some new blood. People are really hurting for jobs these days, it would not be hard at all to replace these "crackers" with a new crew that will adhere to the "new" user policies you need to implement. Someone has to make the first step, you might be able to step up a rung or two on the ladder if you make a formal stand on this issue to the Board of Directors. ( This is just a friendly suggestion, don't do this if you think it may jepordize your job.)

IMHO it would probably benifit your company to clean house.