|"and thought that I would need to add it as a domain computer on our server...but i didn't. Just plugging it in allowed her internet access,"|
Just because you have a Domain does not mean it will block any one from just plugging in to your network and getting access. First, if you want to prevent any one from just plugging in and getting internet access you can setup a Proxy Server and an internal firewall to block internet access. There are other things you can do as well.
As for your domain computers being visible by other computers on the network you can either configure your software firewall to block ICMP (not recommended) or do the following.
Also, not recommended.
Once some one has physical access to your network then they have more control. There are techniques for protecting against this but in the end you have to give people inside the NAT access or then there would not be a network. Also as stated above, just because they can see the servers does not mean they can access them.