Hi @Mike
You can configure the "Deny logon locally" user right on the local computers.
-Go to "Start" -> "Run".
-Write "Gpedit.msc"
-Enable "Deny logon locally" user right to the source domain user accounts.
Deny logon locally
-Run Gpupdate /force on the local computer.
Here are some links to dig more info regarding this.
How to restrict the use of a computer to one domain user only
https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/restrict-use-one-domain-user-only
Hope this resolves your Query!!
--If the reply is helpful, please Upvote and Accept it as an answer--