>Question 1: how do I setup this group so users of that groups are only allowed to execute procs and NOTHING else ?
You told us that you did that. If the user does not have SELECT permission on a table, they will not be able to view the data within the table. They will be able to see the table names because Public has SELECT on the system tables.
If you don't want anyone to have any access, create a login that is only used by your application.
The downside is that you're not letting your customer get to their data using any number of tools, such as Analysis Services 2000, to extend the value of your application.
>Question 2: It's easy to put 'WITH ENCRYPTION' so users cannot see the procs code, but in my installation scripts, it's clearly visible. How do you solve that ?
Compile your scripts into an .EXE. Let the EXE build your database.
-Mike