Hello:
I do not post much, but I do read a lot from this site, so informative. Anywhoo, I personally think UAC is quite annoying, personally, if you are the only (and main) one utilizing that computer in your home...KEEP IT DIDABLED...lol. Only you know your computer's idiosyncrasies. I run two networks in my home, one upstairs snd one down. I have a central access point via my broadband modem's DHCP,  in where I have two networked printers and two TP-Link dual-band routers. This means I am technically behind three firewalls  (my broadband modem, TP-Link router, and my AVG Internet anti-virus program [which is a software firewall]), if I had to access remotely my Mom's hard drive on her notebook, it would almost be impossible because I'd have to figure out a routing table and for me its too much of a PITA, unless the computer  and any other hardware is tapped into the main broadband's DHCP, like my network printers, in where as the two separate networks I built can access the two static IP addresses I gave them (from the broadband's DHCP) to each of the individual TP-Link netwworks.
I know you're (at least I don't think so) not running two individual networks, from my understanding, and if you are not, why are you not invoking Windows' Home Group (wizard) feature? Although to do this (easily) all computers should be on the same network. I have yet heard of that feature being implemented (without warrant) on separate networks. Also, are you an Admin on your son's computer? Do not forget if he is also an Admin as well he can overcome and override any precautions you have intended (I do not know his age [emoji4]) to do. I hope I have been some help, even if in a small way.
Cheers!
Shane / Sawuwaya / Spirit Wolfe
Sent from my SM-G935P using 
Windows Forums mobile app