You can look for traffic patterns and the like, but there's significant crossover between the crowd that mines bitcoins, the crowd that knows how Tor works and the crowd that goes to amazing lengths to protect their privacy. That means: detection on the network isn't all that reliable. That it doesn't use a whole lot of bandwidth makes it especially hard.
What they likely can't hide is CPU and GPU usage. If you have access to the machine via SNMP, you can remotely watch for CPU spikes, or you can use the Get-Process PowerShell cmdlet against the machines on your network to look for things running up CPU time. For GPU time; you're not that likely to be able to actually spot the usage unless you can somehow monitor power draw.
Unfortunately, since you allow people to install software they want to arbitrary paths, you're not likely to be able to come up with a reliable, repeatable method - the people you're looking for could change miner, change path, etc. to change their signature.