Your requirements can be addressed only if multiple gaps are closed:
1. Do not provide users with Administrative Access.
2. Use a Software / Asset inventory tool to get an understanding of tools/applications installed on user machines.
3. Enforce stricter Email and Web URL Filtering tools (This is probably your best option here).
4. EIther block or make Removable Storage Devices Read-Only to stop users from bringing such tools on their devices (DLPe can help here).