about only way you might get around things. is to due a "course backup" and then "restore course" into another course. this way you could strip out all the userdata. via when you do a course backup, and/or when you restore course you have options of stripping out user/student data.
but the whole "trust / micro manage" issue has me some what concerned. techsupport / administrators = accessing information and see the information for what it is. about only other way for techsupprot (not on sight) is to have a default moodle install, of different versions with different plugins installed that is supported. so they can click thier screen, while teacher / whom ever clicks there setup of moodle.
last moment of thought. i am not sure if there is a permission for change grade. but you might be able to set the permission to "denied" so any "inherit" permissions that might allow for change grade get denied. i want to say... http://moodle.org/plugins -> admin tools -> 2 plugins that might show things slightly differently than default moodle change permission shows in site admin menu -> users -> *err forget correct name* i want to say permissions or roles
if issue the person is a student of say a collage. (taking some classes) and the student is also "techsupport" for moodle. and you are wanting to keep this student from changing there own grade. you could enrol student in all but each given course they are enrolled in. perhaps being able to enrol student in categories. were student has no classes taken in given category.