Wouldn’t it be easier to remove the telnet program or access to it from the PC’s? I suspect that client access uses the same protocol and ports as the regular telnet program, so it’s going to be difficult to work out which program is being used by the PC.
See TELNET EXIT PROGRAM DEVINIT2 for a discussion of the difficulties and a potential reason for not doing what you are trying to do.
Personally, I can’t think of a viable reason for it. That is, I can imagine reasons that someone might have; but I can come up with refutations for all of those.