Question : How to block Remote Desktop to other domain admins on a particular server

I have a Windows 2008 Server running Exchange 2007.
We have a handful of domain admins (political reasons)
How can I block remote desktop and remote exchange tools and any type of remote registry to just this one exchange server for all other domain admins except two?

I would prefer a security policy on the server itself, but I guess if I had to I could block TCP3389 and RPC ports using Windows firewall?

Answer : How to block Remote Desktop to other domain admins on a particular server

As usual, it is very difficult to solve political problems using technical means.... whatever you do, you will still have political admins messing with your environment. sigh.