Computer 'Wheel-Locks' concept

In Active Directory domain environments I do what you're looking for by dragging the computer object into an OU that has a GPO applied that denies "Log on Locally" rights (via "User Rights Assignment") to "Domain Users". Normally this generates a support call.

One nice thing about this method is that the settings revert to "normal" when the computer object is moved back to its original location in AD. No persistent changes are made to the PC (that aren't, at least, undone by the Group Policy client).

I don't typically need to do this "right now", so when I make such a change I expect to find out about it the next time the user reboots or tries to logon again.

If you wanted to do that "right now" to a PC just move it in AD and send it a restart request via the shutdown command. That'll get the user's attention, though they may lose work if they don't save and close programs before the reboot happens. You should probably set a fairly long shutdown delay when you do that. Obviously, if they're not at the computer they're not going to see it, so this method isn't without problems.

Default wallpaper and trigger a screen lock repeatedly or with a timeout of 5 seconds oro less? (that would cause me to call support).

To be honest though, this seems like the hard and intrusive way to physically locate a computer, most particularly because it relies on the user.

If you have managed switches you should be able to narrow the physical location down to a single port on the switch, that port on the switch to a wall port, and the wall port to a computer.