Restrict use of a computer to one domain user

Are you the network administrator?  You can prevent all users except domain admins (if you prevent them, policies can be applied to undo what you did - not to mention the reprimand you might receive for doing it.  

Assuming you are the workstation administrator (or rather, your account is in the local admins group), you can remove the "domain users" group from the list of "users" in the local Users group on your machine.

First u must check if u are allowed to do that.If this is true then u can always put a BIOS password that will prevent most people of tampering with ur workstation.
If u are not allowed and u have sensitive data then i would recommend to "re -examine" how sensitive are ur data and the "sensitive" ones encrypt them.
The easiest encryption is to compress them (Winzip,Winrar) and put a hard to forget password that contains special characters("@!#$%")

Exactly what I need. Thanks!

Poor solution in my opinion.

The more appropriate way is not to start messing with user rights assignments but rather to simply adjust group memberships.

Disagree.
For a single PC used by the person making the setting, it's the most straightforward.

It's not something you would apply via group policy to an OU though.

And I disagree.  Most tech people I know would first look to resolve problems logging in by adding or removing users or groups from the local accounts database.  In my opinion, this is the more common sense approach.  Doing it by adjusting local policies would seem more suspicious to me like someone was trying to get away with something. This is in part because users and groups are easy to manage and not very confusing.  You generally need to (should) be an expert to navigate through local policies and not screw something up seriously.