I need to give a group of users access to read certain sensitive documents on our server, but I don't want them to copy the files to less-secure folders, take copies out of the building, or attach the files to email messages. How can I grant read access without the ability to copy?

You can't accomplish your goal with classic, discretionary access controls such as those in Windows. When users copy a file, they're simply running a program (such as Windows Explorer) that opens the file for read access and then writes the data back out to another location. The access required is no different when users use Microsoft Excel to read a spreadsheet.

The only way to do what you want is with some type of Digital Rights Management (DRM) technology such as Windows Rights Management Services. RMS allows you to control exactly which operations (e.g., view, print, modify) a user can perform on a specific document (such as a Microsoft Office document) and for how long. For instance, you could send the schematics of a new product to several contractors and allow only the specified people to view the document for only a specified amount of time, such as 2 weeks. If they copy the document or email an electronic copy to someone else, the copy won't be available outside the constraints you impose on the document at the time you distribute it. The same restraints could be used in your situation, in which you just need to restrict the actions that internal users can perform on your documents. RMS is a free download covered by a Windows Server 2003 license but does require RMS client-access licenses as well as applications that support RMS.