Preference: DenyLoginUnlessGroupMember check nested group membership under target groups
Description
The Preference: "DenyLoginUnlessGroupMember works well, but it will not check the effective group membership of the username if the username is part of another group nested under the target group. Example: Group = Login Under the Login group are the following groups: Tier1, Tier2, Tier3 If I populate the array list for "DenyLoginUnlessGroupMember" with just the "Login" group then nothing will be read from the nested groups (Tier1, Tier2, Tier3). I would have to add those individually to the array. This is fine in this case (only 3 groups) but if those 3 groups change a lot or periodically, you would have to deploy a new preference/profile to fix the misaligned groups.
A few Notes: The Login Options Window under the Users & Groups System Preference has an option to select specific groups for login if the computer is joined to a domain. This works fine with nested groups.
Proposal
Allow the "DenyLoginUnlessGroupMember" to work with Groups that have nested Groups.