I've searched a lot to find a solution, but couldn't find any.
I need to protect my NI sbRIO controller from deploying any application from LV. For example, if anyone with LV connects to controller's network, he should not be able to deploy anything to sbRIO before filling controller's credentials.
From controller's web config I've removed all permissions from 'everyone' group, and set password for 'admin' user. After that, the NI MAX requires password before saving anything to controller, but LV project doesn't require anything before connecting to controller and deploying a VI on it.