Does anyone know how we can restrict logon for only specific AD groups using AM
Basically we don't want students logging in to staff machines.
There was a plist com.apple.loginwindow before in WGM where in you can allow or deny specific users or OD groups. I created this particular plist into a profile but it doesn't seem to work anymore. Moreover the profile is looking for Generated UIDs which I could not figure out what attribute in AD I would use. Digging deeper when an iMac is binded to AD I can use dscl command interactively and browse/read the attributes of an AD group - there is actually a Generated UIDs on those AD groups but this does not work when use in Profiles.
Thanks in advance.