I've been doing some testing as my company is planning to integrate our mac users into the windows active directory environment.
Joining/removing computers from a windows domain is cake, everything can be done via the Mac's Directory Utility.
Is there a way for us to control which active directory users or groups can login to this mac?
After joining a mac to a windows domain, anyone with a proper domain account can login to the computer. And by proper, I mean anyone from the domain by default.