If you set the domain policy such that the clients don't cache passwords then there will be no passwords or their hashes from the domain stored on the client. The authentication will have to take place over the network.

To test for this setting log in as a domain user that has rights on the local machine. Log out, disconnect the network cable and try logging in as the same domain user. If it comes back telling you the domain can't be found then the setting is set correctly. If it logs you in to the local machine then it is not.