4.024 - Local users must not exist on a system in a domain.
To minimize potential points of attack, local users, other than built-in accounts such as Administrator and Guest accounts, must not exist on a workstation in a domain. Users must log onto workstations in a domain with their domain accounts.
Limit local user accounts on domain-joined systems. Remove any unauthorized local accounts.