I use a similar gimmick, but I face the problem that some of the "IT" resources are administered outside IT because of poor system design (our accounting program is mainframe based and users can't change passwords...since it's accounting, IT isn't allowed to administer as the passwords are stored in the clear!?).

I have to fight a culture where passwords are relatively simple and not very private for the accounting side, yet balancing that against the rest of the network where we want greater security.

Culture wars at their finest!