You could set up IPSEC with certificates on the affected machines, possibly in conjunction with NAP and use the Windows Firewall to filter RDP traffic which is coming in unencrypted.
But it seems like a lot of work, If the pc has an static ip then maybe a firewall rule based on that ip ?
Question is the non domain machine and the target server on the same network, or are you connectiong trhough an Firewall / network appliance that might do some sort of access control for you ?