I have a small 2012 Active Directory network with about 300 clients. I recently found out that going on any client as an administrator and doing a "net user administrator <new-password> /Domain" the servers and all of the other clients password were changed. I wish to restrict that so only accessing the server itself can this be done. I have looked in group policy under default domain policy and can't seem to find the specific policy that provides that. Help please.