For which users can log on to the computer:
• On workstations and servers: Administrators, Backup Operators, Power Users, Users, and Guest.
As you can see ,the users include local domain users and authenticated users.Authenticated Users is a group that includes all users whose identities were authenticated when they logged on.
That means all the users from the trusted domain/forest can logon to the workstation by default.
If you want to restrict the logon users on the workstation , you can use the group policy following by add and remove groups for the workstation:
Computer Configuration -> Policies -> Security Settings -> Local Policies -> User Rights Assignment:
Deny log on locally – allows to restrict local logon to workstation for specific users or groups;
Allow log on locally – contains the list of users who are allowed to log on to a computer locally.