Server 2012 stop users from sending files as attachments on any email or web service

Not sure if this is possible, but have a design team, that needs to be restricted from sending files out via email.
they need web to work, so cant disable that.
need a way to disable attachments for all web based email, ex) gmail, outlook, etc..
Any ideas or thoughts would be appreciated.

Is there gp edit I can implement to prevent attachments.

the users need to have full access to the file, they are cad files so restrictions cause program issues.
Avi LeibzonAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
You can't really do what you want. If you controlled the email environment (exchange, office 365, etc) then you could restrict attachments there. But if you aren't willing or able to block access to gmail or similar, and the user has read access to the file then they can upload it.

Some programs offer enhanced security so an attachment can't be opened on the other end without the proper permissions.  Something like Windows RMS or Azure RMS could do this for Office file types. But for CAD files, you've somewhat put out too many conflicting requirements. I don't think you'll find a reliable way to get from point A to point B.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Avi LeibzonAuthor Commented:
thanks that is what I was thinking, but will leave question open for now. maybe some one else has a quirky idea.
0
David Johnson, CD, MVPOwnerCommented:
It's important to note that these new permission features can only be set on shares, folders and files on Windows Server 2012, though the permissions will apply to all users. DAC also requires a Windows Server 2012 domain controller,
https://redmondmag.com/Articles/2014/03/01/Secure-Files-in-Windows-Server-2012-with-AD-RMS.aspx
0
Cliff GaliherCommented:
DAC can be used to restrict the user's access to the file, but my understanding is that the OP wants the user to have access, but *not* be able to email. That's where the catch-22 comes in. DAC can be used to granularly block access, but that would also block local access which is not what the OP wants.  And AD-RMS still has the fundamental drawback that it requires application awareness such as office.  While there is a generic viewer for mobile apps, it also has the *big* caveat that nothing prevents a user from decrypting the file with the generic viewer, saving it, and then resending it unencrypted. The generic file support is extremely limited in this regard.
1
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Clients

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.