One issue of this is making sure that what you deploy to the user is different from what you develop on. I would give the users an executable only file, this will prevent them from making changes, although not from making queries that may/may not give them access to stuff you don't want. I used a custom ribbon to prevent this, but I don't know how you would implement this on your version.
Create some function that makes all the changes to the developing front end before you are ready to put it out there. I made a function that ensrues I am not running the code from the place I develop (to make sure I don't lose the SHIFT key override myself), and then changes the settings I want programmatically. Here is a snippit:
Code:
Application.CurrentDb.Properties("AllowSpecialKeys") = False
Debug.Print "Turned off special keys..."
Application.CurrentDb.Properties("StartUpShowDbWindow") = False
Debug.Print "Turned off nav bar..."
Application.SetOption "Show Hidden Objects", False
Debug.Print "Hid hidden objects..."
Application.SetOption "Show System Objects", False
Debug.Print "Hid system objects..."
SetBypassProperty (False)
Debug.Print "Turned off bypass key..."
SetBypassProperty is simply a names function I made for that code you can find on the web that gets rid of that bypass. Then, make it into an executable only format, and you have decent restriction of privaledges to your users as to what they can see and not. I think most of these settings will work on your version.
As far as the server, I don't know. I had "the server guy" make files non-deletable, although still usable for databases before, but that's out of my knowledge.