In order to limit access to given workstation open the ‘Active Directory Users and Computers’ administrative tool on your Windows Server. You can operate on user groups or individual user accounts.

(i) Limit access for an individual account

In the 'Active Directory Users and Computers' tool, right click on the user's account and go to ‘Properties’.

Choose the ‘Account’ tab. Click on ‘Log On To’ button.

Check ‘The following computers’ field and enter the list of workstations you want user to be able to log on.
 

(ii)  Limit access for group of users

In the 'Active Directory Users and Computers' tool, right-click on your domain name in left pane. Choose 'New' ->  'Organizational Unit'.

Provide a name for the new container.  It will store host(s) to which you want to limit access via NoMachine.

Open the Computers container, move all the hosts to which you need to deny access to the newly created container (right-click on host name -> 'Move...' , choose your container from the list).

Then open the 'Group Policy Management' administrative tool.

Expand 'Domains'on the left pane, click on the name of your domain and right-click on 'Group Policy Objects' -> 'New'. Type in the name for the new policy.

Right-click on the just created policy object and select 'Edit'.

In the new window select  ‘Computer Configuration’ -> ‘Windows Settings’ ->‘Security Settings’ -> ‘Local Policies’ -> ‘User Right Assignment’.

This should open the list of security settings.

Edit  the 'Deny access to this computer from network' setting: you can add group or individual users to the list.

Go back to main 'Group Policy Management' window and right-click on the name of the container you previously created.

Select 'Link an Existing GPO...' and pick the policy object created before.

Finally to make sure that the new policy settings are applied immediately, restart the related users' workstations involved by the new policy settings. Otherwise wait for the Group Policy updates, their frequence depends on system settings. See also: https://technet.microsoft.com/en-us/library/cc940895.aspx about Group Policy refresh interval for computers.

(iii) Limit access for group of users

This method requires changes in the ‘Active Directory Users and Computers’ on Windows server and on the user's computer settings and it's an alternative to (ii).
 

In the ‘Active Directory Users and Computers’ tool right click on domain name, go to ‘New’ and choose ‘Group’.

Provide name for new group.

Right click on the newly created group, go to ‘Properties’.

Choose the ‘Members’ tab, click on ‘Add’ and enter the names of accounts you want to manage.

Now you need to move to user's workstation and open ‘Local Group Policy Editor’.

Click on ‘Computer Configuration’ -> ‘Windows Settings’ -> ‘Security Settings’ -> ‘Local Policies’ -> ‘User Right Assignment’.

This should open the list of security settings.

If you want to prevent access to this workstation you need to add the group you just created to ‘Deny access to this computer from network’ and ‘Deny log on locally’ security settings.

You can also set ‘Access this computer from network’ and ‘Allow log on locally’ to limit access to workstation only to some user accounts and groups. Remember that ‘Deny …’ settings have priority in case of contradicting rules.