I have compiled some tips on how to secure/protect, restrict and/or change restrictions from the computer(s) in your network. If you have a Workgroup or HomeGroup setup in your Network, you may use the Local Security Policy using a Windows 7 Professional or above versions to do all of these.
You must add all the Users (Identical User Names and Passwords that are assigned on each computer) in your network that you wish to give restrictions to.
You must have an Administrator privilege.
To access Local Security Policy, click on the Start button/orb and type Local Security Policy then press enter or click on the top to access Local Security Policy.
I will show you a couple of things that might be useful, you may navigate and see what other things you may be able to utilize and modify. Practice, be aware, make some notes and remember all the changes that you are about to make.
If you wish to disable the elevation prompt when an application installation packages are detected, you may go to Local Security Policy>Security Settings>Local Policies>Security Options> then double click on User Account Control: Detect Application Installations and Prompt for Elevation, Disable this policy.
If you wish to use the advanced firewall option and open up Ports and use the Inbound and Outbound Rules, you may go to Local Security Policy>Security Settings>Local Policies>Windows Firewall with Advanced Security> double click on User Firewall Inbound and Outbound Rule, make all the necessary changes.
If you wish only certain Users to access a computer, go to Local Security Policy>Security Settings>Local Policies>double click on User Rights Assignment and double click on Allow Log on Locally, then add the User(s). Note: If a User can't remote access a computer in your network, make sure that you add the User in question in this Policy.
If you want only certain Users to remote access your computer, go to Local Security Policy>Security Settings>Local Policies> double click on User Rights Assignment and double click on Allow logon to remote desktop services, then add the User(s). Note: You may remove the Administrators group and leave the Remote Desktop Users group and only add Users that require remote access if needed and for security purpose.
If you do not want Users in your Network to install printer drivers on any shared printers go to Local Security Policy>Security Settings>Local Policies>Security Options> double click on Devices: Prevent users from installing printer drivers when connecting to shared printers, then Enable this policy then add the User(s).
Important Note: Please know the consequences of some modifications that you have to make, the good news....you may always undo them. A System Restore is an option (if you can't remember what mistakes you've made) which would take you back when things were fine. :smile9:
Awesome job. Btw, in regards to restricting remote access users, isn't there a default group for Windows 7 that is for remote desktop which any user added to it will have access? Seems somewhat easier to do it that way.
It's an excellent question to ask. Yes, it’s true, but the purpose of Local Security Policy is to give more restrictions to the Users in your network. I should have mentioned that Administrators by default can remote access, you may remove the Administrators group and leave the Remote Desktop Users group and only add Users that require remote access using the Local Security Policy.
Also, if someone is having an issue in Remote Desktop Connection, along with 'Allow log to Remote Desktop Services' to the User make sure that 'Allow Log on locally' (which is also in my Post) is also permitted. I have used this a couple of times and it worked for me.
This is something that I can add to my post later on. Thanks for your feedback. :wave: