1. Why don't you set EEFF to always encrypt files of those types wherever they are stored? The problem you are facing is that moving an encryted file preserves encryption (unless there is a specific decrypt policy), but in this case users are creating NEW files in locations you did not set an encryption policy on.
2. You can use Windows security permissions to stop users moving folders.
4. Not that I can think of - remember though files are only encrypted with one key. If you start encrypting folders with a key that the users don't have, they won't be able to access the data.
Rather than setting policy re location, you might want to think about setting policy based on originating application?