The USB stick issue is IMHO easy to solve.
Put the files on your network share and update it as often as you like.
Tell the sales to wipe all files from their USB drive and copy from your
share every time they need to give it to a guest.
You can even make a simple batch file for them.
Even more, you can make this batch to keep a log, so you will know who and when made copies.
The 1st question is not simple. You may want
some kind of digital certificates, smartcards etc for every user, and
the keys management stuff (a Radius server, ...)
Check on Technet for the Microsoft way to do this, or Google for everything else.