I have not had to do this in a while, but back in FoxPro 2.0 (DOS) I did something similar by using a directory structure on a server. Something like:

\\server\protected dir\database dir\

The protected directory was setup with only Admin access; the database directory was setup with access by users. This arrangement would not permit a user to access the subdirectory via a windows explorer browse. Only if they knew the path and then mapped a drive directly to the path would a person be able to get access (the path was not provided to end-users). This was a "quick-n-dirty" method of providing a level of protection.