People need to start asking the difficult questions like, "Why would you give your wifi password to someone you don't want on your network?"
In any case, your average user will never be able to bypass MAC filtering, so that's always a good bet.
Otherwise, just kick them off the network by changing the password.
I don't see how that's a problem.
If your question about restricting them actually means reducing the bandwidth they consume, you'll need to implement QoS, preferably on the router for best results.