Though I think you'd need to test this you could perhaps Add an explicit deny to execute sp_add_job for the particular user you are having issues with.
sp_add_job is what is used to add a new job, the same settings would need to be applied to sp_delete_job, sp_start_job, sp_stop_job, etc.
Also make certain you document what you did so you can undo it if the need arises.
Also, if you need business justifications for an upgrade, managing SQL agent job security is much easier in 2005 and above, not withstanding the whole SQL 2k isn't supported any more argument of course 😉
-Luke.
To help us help you read this[/url]For better help with performance problems please read this[/url]