This is very tricky when users already have rights to open files. The only way to stop this that I'm aware of is to have something in between the server and the client such as an IPS or data leakage prevention system in order to actually prevent the local copying. You may be able to handle this through an executable lock-down program as well, such as Horizon DataSys Inc.'s Exe Lockdown, Faronics Corp.'s Anti-Executable and/or Fortres Grand Corp.'s Fortres 101.

Read the advice below for more tips on managing folder permissions:

• Restricting user permissions in folders
  If you have a question about managing the permissions of a folder in your domain, this advice from Jonathan Hassell tells you how to set those permissions and prevent users from deleting that folder.
• Selectively set read and write permissions
  Manage the read and write permissions of certain hardware devices like Bluetooth headsets and external drives with this advice from Jonathan Hassell.