I know this is not the answer you were hoping for. But what if you include it in the Acceptable Use policy for the company?
We included a lot of things users were doing and were not supposed to be doing in the policy, and create a category in our ticket system (to report users) where we write up users doing things that are not supposed to. It doesn’t stop the problem in the short term, but it does in the long term. When we starting letting go of users our Director of sales without mentioning the issues or the name, said in a company wide meeting, we know when you do things you are not supposed to, and one of the people we let go recently had over 50 incidents recorded, and anything that is against the policy is recorded.
Granted, the person was let go for other reasons, but had 50 incidents. What this did do, is reduce the amount of incidents we are catching. We have TVs here, and people were connecting cable or Antennas to watch TV, instead of the digital signage that is supposed to be playing.
Social engineering sometimes does wonders. Removing the access is usually the best option, but when not available, amend that policy, distribute changes and get users in line