TightVNC Service Configuration → Access Control
Click Add… → set "First matching" and "Last matching IP" values to cover desired LAN range (e.g., 192.168.0.1 and 192.168.0.254) → set "Action" to Allow → click OK
Click Add… → set "First matching" to 0.0.0.0 and "Last matching IP" to 255.255.255.255 → set "Action" to Deny → click OK
Click Apply
Optionally adjust local and remote IP address scope for TightVNC's default inbound rule in Windows Defender Firewall with Advanced Security; see Restrict Windows Remote Desktop connections to LAN only.
/windows | Aug 31, 2024