There are a couple of things that will help you with this issue.

The bpduguard commands, and port-security commands.

BPDUGUARD detects the bridging signals that most switches and hubs use, and will shut down (error-disable) the port when a bpdu is detected.

The command for this on a 3750 is:

interface FastEthernet1/0/1

spanning-tree bpduguard enable

This command can be offset to auto-enable with the following commands at the config prompt:

errdisable recovery cause bpduguard

errdisable recovery interval 900

The above commands cause the error disabled port to automatically re-enable after a period of 900 seconds (15 minutes).

Port security will limit the number of mac addresses allowed on the port to the number you specify (default of 1). This can cause other issues with people that move around from port to port. Considerable thought needs to be exercised before implementing this capability, as you will be called upon to re-enable the ports by performing a shut/no shut to bring the ports back up.

You could use the Sticky command in the port security command. That will register the first mac address on that port. If you do though remember to set the maximum mac it should register and what should happen if in case of a violation. Having said that, combine the error recovery command provided earlier with the switchport security command and maximum mac command. You can even hardcode the ports as access ports only ("Switchport mode access").

This a typical config we use on our 3750's:

interface FastEthernet1/0/6

switchport port-security

switchport port-security aging time 1

switchport port-security violation restrict

switchport port-security aging type inactivity

We dont use the sticky command because if someone wants to swap out their PC. The default is one MAC address per port.