Posted 09 January 2011 - 12:49 PM
This is not the simplest topic to cover but in essence what you are trying to accomplish here is almost impossible. Assuming you are using windows as an OS for both the server and the workstations there are only a few ways to accomplish data security. First is by setting user level and group access permissions, second is by encryption, and finally by share permissions. Bottom line however you try to do it is that if the person is "creating" or "modifying" data on almost any program or app they will have full control rights regardless of how tight the permissions or where it is saved. They will still be able to access the data, copy it, e-mail it, transfer it to a USB drive, ect.
So know that the "simplest" method (and I say this very tounge in cheek) that comes to mind off the top is by setting those applications up on the server and forcing the users to access them VIA RDP. Of course this would require the added expense of setting up a application terminal server plus all of the additional licenses. The second method is to (if the program allows) point the program at shared folder created on the server as the default save point.
Keep in mind that doing either of these cannot stop the user from simply going to "save as" and pointing it to their local hard drive. Plus in the mapped drive method the drive itself would be available in My Computer unless you spent some time adjusting your script to hide the drive from the end users.
Get your facts first, then you can distort them as you please.