In a Cisco Press publication "Troubleshooting Cisco Secure ACS on Windows" (http://www.ciscopress.com/articles/article.asp?p=474238&seqNum=6&rl=1), I read the following question:
How can I disable the users' option to change the password by using Telnet to access the router?
It has an answer describing certain details. However, the question itself is not clear to me. Could someone explain them a little more clearly?