By far the most common approach to securing privileged accounts is to randomize their passwords regularly. Normally this process is initiated by a central server, to eliminate the need for change control on each managed system.
A good rule of thumb is daily. With a daily password change, if a system administrator quits, he would only have access to a few accounts (on systems where he did work on his last day) and all that access would automatically expire within 24 hours.
Longer password change intervals introduce the possibility of access retention for more time, creating a longer window of vulnerability.
Shorter password change intervals may interfere with work. For example, an administrator may need to sign into a system for several hours to make a complex change, and an hourly password change might interfere with this work.