For security reasons I have to restrict/disable file transfer via RDP (port 3389) from and to Remote Machines (Windows 10). Is the file transfer tunneled through port 3389, or can I safely prevent a file transfer by blocking port 139/445 SMB? A GPO would be too uncertain for me at this point.
I assume you are asking how to block copy/paste files from local PC to remote desktop (Windows 10) through RDP window directly. If yes, please config the group policy in remote desktop server (Windows 10).
If you also want to block SMB share file transfer, block client access these ports of server (Windows 10).