+ 0 Votes You have to ask that user. Mehul Bhai Updated - 3 years ago And reprimand him. First of all how the user knew the administrator password? This has to be the exclusive domain of the System Administrator and related people like Support Staff and immediate Boss as per your company policy. You changed the administrator password by login as a user that means the user has administrative previleges for the Domain. Some thing is gravely wrong in your domain setup. Rectify it, otherwise you will have to run arround very much sorting out problems. + 0 Votes Why not... cmiller5400 3 years ago Why not rename the existing administrator account and create a bogus account titled administrator and assign it no rights, disabled and an absurdly long password? That way you are not messing too much with a built in account. + 0 Votes Check privileges mr_t_wright 3 years ago Make sure you don't have domain users in the "admin group"... + 0 Votes denied login? philldmc Updated - 3 years ago I might be mistaken, but I thought by default the DC policy was to deny non administrator accounts to log onto the DC. If I'm not mistaken this policy is automatic so it has to be turn off for a standard user to log in. Even if they could log in they should not have ability to change passwords to the admi account. Unless that user has admin rights. It sounds like there are other security issues going on. My first step would be to deny log in to non admin, very other accounts don't have admin privledges, and then change admin pass. Just remember what you changed it to.