This might be a little far fetched and might not be possible.
I have a virtual machine that will have files on that I don't want people to be able to transfer off - they are allowed access, I just want them staying put with no copying. With that in mind, is it possible to restrict a VM's network access so that I could still allow RDP connections (port 3389) but block network access (i.e shares etc) when logged into that machine?
Im running Xenserver 6.2 and the VM is running Windows 2012 with RDS enabled.