I have a local network behind a Linksys WRT1900AC router. Several computers connect to the local network. Among those one particular machine, let's call it X1. I want to grant full access to this machine X1 to a user outside the network, either via VPN or Remote Desktop. However, I do not want to expose any network resources to that user other than access to X1 and its own physical resources such as hard disks.

I run Windows 10 on that machine X1, and have full admin rights to make chances to the router and X1 instance.

Anyone who can propose ideas how to disable local network access to "standard users" or a specific user group via a group policy or "incoming vpn connection settings" or other software solutions? Preferably I want to let the user to still have access to the internet from the X1 instance.

Please note the gateway and dns are at 192.168.1.1 and subnet is 255.255.255.0, and my X1 instance has a static IP of 192.168.1.7.