Document quarantine refers to a scenario where you want to identify, protect, and take further action on data that matches certain conditions. This means preventing certain types of sensitive files from being stored on files shares where they would be accessible to large numbers of employees.
Let’s assume the sensitive files are those that contain personally identifiable information (PII). After discussing the pros and cons of various approaches and the expected outcome of each, we came up with the following desired behaviors for the quarantine solution:
This can be easily implemented using some of the new Dynamic Access Control capabilities in Windows Server 2012.
If you are interested in how this is accomplished, read the complete post at http://blogs.technet.com/b/wincat/archive/2012/08/20/document-quarantine-with-windows-server-2012-dynamic-access-control.aspx.