If you go into Active Directory Users and Computers, you have the option in user properties to restrict which computers they can log onto. Note this is per user, so depending on the size of your domain it will be a lot of work to restrict them to only a computer.
If you can be a bit more flexible (group of users can log onto group of computers) you could play with group policies using the Deny Logon Locally user right – even then I would ask WHY you need to restrict users in this way and why you cannot e.g. have an Acceptable Use Policy (with sanctions for non-compliance) combined with auditing to ensure users follow it.
Local Admins can be set via restricted groups – again depending on the size of the environment, this may be difficult to set up.
Damn, don’t have a DC at the moment but is that one of the options where you can select multiple User objects, right click, Properties and apply that setting to them all at once? Guess I had better build a DC tomorrow.