I am configuring PC for small office (no AD domain, only one PC). I have configured some GPO rules (min password length, password complexity, etc), but since this is my first time of doing this for office use, I need some recommendation of good practice.
I want to limit user account rights from accessing advanced computer settings, so that user can't "destroy" computer. Current PC is total mess (user has admin rights...).
Please advise, what is good practice for small office PC with Local GPOs.