If you want something to run on the corporate network, and ESPECIALLY if you want a firewall hole opened up, you sure as hell better be giving me access to your server. And I better be able to have full admin rights, even if I'm not going to do anything to it. This is an ABSOLUTE requirement, there is no exceptions here. You would be lucky to get permission to even plug a network cable into this since you didn't go to the IT department about this before you ever started. IT is for the IT people for a damn good reason.
Things you haven't taken into account, security (ok, I'll give it that you have thought about this some), HIPPA, Sarbanes-Oxly, several other legal liabilities that fall back upon the IT dept if something gets hacked on that box. All of these have to be taken into account.