1. If it is a Win2K domain, then it should be Active Directory based. Unless of course you have some NT4 domain controllers. If you have Active Directory, you can create a Group Policy to change the local administrator password on all machines connected to the domain. You can rename the local administrator account as well. Do a search on "Group Policy Management" on Google, and it should return a ton of hits to sites that can explain it in great detail.

2. For logging access to files on a particular machine, you will have to enable auditing in the machine's local security policy. Or, you can enable domain wide auditing through a group policy object. Keep in mind that logging successful file accesses will create some massive security logs. As for logging all connections to your machine; it depends on how granular you want to get. If you just want to see an originating IP address or host name, then get a basic desktop firewall package like ZoneAlarm, and just have it log accesses. XTC was dead on in answering this question for you. Any decent router out there can log access to any box it routes for. A basic syslog server that the router can send its logs to will do the job. I use Kiwi's syslog software at work and it is pretty decent considering it is free. The registered version is well worth the $99 USD they charge.

3. Word filtering is marginally effective. Any decent spammer out there can defeat most context filters. What kind of proxy server are you using?