It won't work the way you want. In any case, you will need to tie the infrastructure with servers in order to control it.
Also, the cases you described are not related to network control, they are closer to user control.
The simplest thing is to deploy Ldap and use group policies to distribute rights to users.
Moreover, all users are on Windows.
To access the Internet - proxy. To control network connectivity, you can throw in poppy filters if your switches are managed. To control the installation and actions of users, I don’t know honestly free solutions, but it’s very easy to google, here’s a list for an example.

https://info-comp.ru/top-5-programs-for-employee-m...

In a peer-to-peer network - most of the Wishlist is unrealizable.
Tyrnet access is usually controlled by a proxy and port blocking on the router.

If you do not want AD, then do not expect easy ways. AD is the easy way out.
First you need on all computers in the network:
1. Get one user (with the same password) with administrator rights. On computers of administrators the same it is necessary to get the same user.
2. Set up remote access via RDP on all computers, at least for the administrator
3. Give clear names to computers so that you can easily identify the problem computer by the name / surname of the employee (phone number or something else). You can display the IP address and other information as a wallpaper, there is an appropriate software for this.
4. Enable "access to files and printers"
5. Remove administrator rights from users
6. Starting from Windows Vista and beyond, you need to turn off UAC to run programs remotely. This is done by editing the registry:

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f

In Windows, almost all administrative operations on a local computer can be done remotely. The above settings will allow you to do this (clauses 1,3,4).
In Windows, almost all the tools for remote administration are already out of the box.
P.2 will allow you to connect to the desktop and touch it with your hands without taking your ass off your chair.
RDP has such a thing as remote shadow - this makes it possible to remotely connect to the user's desktop at the same time as the user (i.e. the user will see all your actions, just like you see him). Often this is convenient, but requires specific configuration. There is information on the Internet, look for it.
Item 5 is a common security measure that will provide 50% security for your network.
P,6 - without this item, you will not be able to remotely execute programs that require administrator rights on computers. UAC itself should not be disabled, the thing is quite useful.
Having this base, you can then connect proxies, firewalls, mailers, etc. to the network. etc. not much distracted by the support of users and computers on the network.
But don't expect someone or something to do the work for you. Such wonderful programs do not exist. You will have to dive into all the details yourself.
Learn at least one scripting programming language built into Windows out of the box: cmd, powershell, JScript, VBScript. Now, perhaps, the most relevant powershell. This will help to partially automate your processes.
PS: If anything, I have been administering a peer-to-peer network of more than 100 computers for 10 years. HELL did not unfold there for "ideological" reasons, I was not to blame for this :-)

0) it will be hard without AD
1) take away the rights
2) If there is no AD and will not be - automate by other means, ala ManageEngine DesktopCentral

at first I did this
1. I took away the rights on all machines, left only the necessary set of programs, the rest was already coordinated separately
2. I installed TightVNC for everyone - there was a problem - I wrote to the cart - I gave ip (it will be displayed in the user's tray) - you connected with admin rights and did everything
3. If there are no servers at all - but you need a general file washer - any old beech will do - you deploy freenas on it
4. On networks, if there is no control, you most likely have a router, most likely mikrotik - there you can cut speed by poppy addresses (IpScanner will help to compile their table)

In a peer-to-peer network - run around computers and configure.
You can run with your feet, or you can connect remotely or even use software like Ansible.
If there is a simpler domain there, all settings are made in one place, no third-party software is needed.

I want to have a program on my computer that controls everything

Ah, I saw this one.
I don't remember the name but it's a great program.
There is only one button - "Do everything!"
Pressed and she does everything.

windows server is excluded because they do not plan purchases yet ...

Correctly!
Why do you need a windows server if it's cheaper to hire several admins who will run around and change settings.
As soon as the salary of admins becomes more expensive than buying a server, they buy it.
Logically and economically justified.

windows server

If you have group policies, then there is a bug, so computers can be connected to the domain, and
AD can also be deployed on Zentyal.