Strictly limited set of users

Say you want just a few users on your site. For example on this site I have limited it to one user, myself, because this site is purely for me. But on other sites the purpose is to have lots of users. Drupal can be configured to handle both situations.

In Administer / User Settings make these settings:-

Check Only site administrators can create new user accounts. Anonymous users can still request accounts but you have complete control.

In Administer / Blocks consider not displaying the User Login block.

The User Login block has the link that gives access to request a new account. By hiding the login block anonymous people won't see the link and therefore will not connect in their mind they can request a new account. This is called security through obscurity. An informed person who recognizes a site is made by Drupal might know the URL to access the new account request form. This does give the approved users a small hurdle to log in, because they also won't see the login form. It may be easy to instruct them on the URL for the login form.

The Registration Code requires that users supply a secret code during the registration process. I haven't used this module but it may be helpful in some cases.

In Administer / Access Control consider these settings:-

comment module: Since most people accessing this site will be anonymous, consider whether they can see or post comments. It's very likely you want anonymous users to view comments, so enable access comments for every role. What's an interesting question is whether to allow anonymous users to post comments. There are spambots who know how to autopost to Drupal sites, so it's worthwhile using a protection system to prevent or detect spam postings. I use the CAPTCHA system but the Drupal community has developed some others. In any case enable post comments and post comments without approval to suit your taste.

node module: Since most people accessing this site will be anonymous, consider whether they can see or post nodes. It's very likely you want anonymous users to view content, so enable access content for every role. It's very unlikely you want anonymous users to post new content. It's nice that Drupal allows anonymous users to post nodes, and maybe for your purposes you want this.

There are three sets of access controls to consider: "create new type", "edit own type", and "edit type". As I said it's most likely you'll leave all of these off for the anonymous role. However you can select create new type for anonymous roles if it is what you desire. Just be aware you will be getting SPAM if this is done. As mentioned already there are many methods to limit SPAM.

I haven't used this, but Block anonymous links may be useful. As they say most SPAM has links and this module blocks links in comments submitted by the anonymous user.