This policy setting prohibits users from connecting to a computer from across the network, which would allow users to access and potentially modify data remotely. In high security environments, there should be no need for remote users to access data on a computer. Instead, file sharing should be accomplished through the use of network servers. - Level 1 - Domain Controller. The recommended state for this setting is to include: ''Guests, Local account''. - Level 1 - Member Server. The recommended state for this setting is to include: 'Guests, Local account and member of Administrators group'. Caution: Configuring a standalone (non-domain-joined) server as described above may result in an inability to remotely administer the server. Note: Configuring a member server or standalone server as described above may adversely affect applications that create a local service account and place it in the Administrators group - in which case you must either convert the application to use a domain-hosted service account, or remove 'Local account and member of Administrators' group from this User Right Assignment. Using a domain-hosted service account is strongly preferred over making an exception to this rule, where possible.
Solution
To establish the recommended configuration via GP, configure the following UI path: Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Deny access to this computer from the network