Interesting thread - and im on both sides...
I run my own IT business so I know how to cover my own tracks if need be, but also know that once you assign someone an admin account you open your system.
Having a honeypot is fraught with legal problems because your could be in trouble for encouraging a crime to take place (my thoughts)
Would it be best to set the security to block everyone except named people from accessing the folder through NTFS permissions? The down side is that the admin runs a backup of the folder, moves the backup file to another machine and then can extract the data less the security. This also means that there's less audit trail
What amount of files are we talking about, and are these files read only? If so why not move them to CD and only give them to people who requires them?
I have had a bad time with file encryption, lost a load of work because the main machine died and I was unable to decrypt the data.
What does your contract with the IT guy say? My contracts with client points out the Non Disclosure Agreement which allows them to sue me should I release any data under my remit.
Would it be possible to move the files to your own XP Pro machine and share the folder from there? Then you set up local security auditing so you can monitor in realtime the file activity, plus when you leave the office at night the PC is turned off so he/she can't remote access the files from home over a weekend.
Tez