Goal: Only allow members of specific Active Directory (AD) groups to logon to certain computers.
Why: We want to keep students from being able to logon to Faculty/Staff computers. We also need to keep Prep school students from using University computers.
The Details of the problem: THIS WORKS: Manually going into System Preferences, Login Options, Allow network users to log in at login window (Options...), Only these network users. Entering in domain groups.
THIS DOESN'T WORK: Creating a Configuration Profile within JSS where the Login Window contains a payload with the groups specified under the Access tab. This doesn't work if the group contains > 1500 users.
Can anyone verify this?
This is a bugger.....