I'm not used to explain so much in english, so i hope i'm clear ;-)
Believe me, your English is MUCH better than my French, and you are clear.
The solution you outline makes some sense and it certainly would throw up a roadblock or two.
I think a potentially better way to approach this would be to replace usernames and password authentication on the highly sensitive computers with key-based authentication. If you also remove a users ability to create a key pair, that would mean that a user would have to talk to an administrator to get the key pair. It would be more administrative hassle for you, but it would allow you to more completely control who has access to what machine.
Of course I'm assuming that it would be more difficult for a person to steal a key than it would be to steal a username and password. If you make the keys with a passphrase, then they would have to steal both the key file and the passphrase (which isn't transmitted across the network so they can't sniff it).