Probably the easiest way to do and manage would be to use Group Policy.
1) Create 4 AD Groups – Group_Room_A_Users, Group_Room_B_Users, Group_Room_A_Workstations, and Group_Room_B_Workstations..
2) Add all users to Group_Room_B and those users with limited access to Group_Room_A.
3) Add room B workstations to Group_Room_B_Workstations and add room A workstations to Group_Room_A_Workstations.
4) Create new GPO “Group_Room_A_Access” with these options
a) Go to Computer Configuration -> Windows Settings -> Security Settings ->
Local Policies -> User Rights Assignment
b) Modify “Allow log on locally”
c) Check off “Define these policy settings”
d) Click on “Add Users or Groups” and select the newly created Group_Room_A.
4) Hit Ok and Save GPO.
5) Assign this GPO to Group_Room_A_Workstations.
6) At the command prompt, type “gpupdate /force”
a) First at the domain controller
b) 2nd at each workstation for immediate effect.