When a Windows computer connects to a domain it will cache the domain credentials locally so they can be used to login even though the Windows machine is not connect to the domain. If you are a system admin and don’t want user to login with being connect to the domain first you can change it by disabling a registry key. Here is how to stop Windows logins when not connected to a domain.
Stop Windows Logins when not Connected to a Domain
Open up the registry by going to regedit in the start search.
Then navigate to the following key:
Find the cachedlogonscount and change the value to 0. This will stop users from logging into without a network connection. Just remember this only works for computers that are configured to login to a domain, not Home editions.