I use Win10 for one single program only and I'm currently testing on how to take that machine offline, but still be accessible locally.
So far all I got is a blacklist regex in pihole. Blocking internet access to that machine via my router does not work for me, as I dual boot that machine with Linux for gaming. Tips per DM are very welcome actually.
Make Linux use a random MAC address, then block the physical MAC in the DHCP section of the router'e configuration. This will make Windows unablento recieve an IP address while Linux will be able to get ahold of one.
If windows uses tandom mac addresses, the feature should be able to be turned off.
Or, simply disable the network interfaces in Windows' control panel. I've never seen Windows reenable a network card by itself.
Static IP on the windows machine in a jail'd subnet, if you still want to be able to access it from the LAN but don't want it to have internet access.
If you're happy with it not having any kind of network access (I'm not sure if when you say 'locally' you mean just physically, or it needs LAN as well), just disable the network adapter in windows.