Be aware of these caveats:
1. Users listed in the Administrators group bypass this setting. (Think about it and you'll be happy that it's designed that way ...)
2. Only NRPC traffic is restricted, but no HTTP, IMAP, POP3, etc. (You have to stop such tasks to prevent users from accessing these services.)
3. Passthru traffic is considered a Server rather than a User accessing the server. (And servers are probably listed in an Administrators group as well, so they bypass the parameter as stated 1. )
If anybody has made different or additional experience, please let me know ...