Unfortunately, there is no way to automatically contain any rogue device that pops up. Cisco's lawyers stopped them from doing that. You'll need to manually contain each rogue you find.
I'm not sure what you mean by an ideal location for a rogue AP. If you mean a rogue detector AP, just place them throughout your building, maybe one for every 2 or 3 APs you have in place. Remember that these only listen, they do not broadcast, so no channel configuration is needed.