Not possible, because as a guest, the only two things we can use for authentication are the mac address of the device upon association and the username of the guest.
Using mac authentication, if the device has already authenticated as a domain computer, it might be able to derive the built-in CPPM [Machine Authenticated role], which you could use to put the device in a VLAN or in a role that bring up a page, rejecting the device.
Alternatively, you can use group policy to push an SSID with the guest SSID name with a wep key, so that those devices simply cannot connect to the guest SSID.