A quick note about changing Magento Admin users to lock out older users that you no longer want to have in your Magento admin area:
If you have an older employee that you want to remove access for, make sure that you delete the user vs. just changing the password.
If you simply change the password, the older user could use the password reset function to regain access to your system; this works by resetting the password via email.
If they used a gmail account or a non-company email, that’s how it can work.
The reason I’m posting: we had a customer call us who just changed the password for an admin, but didn’t delete this user from the system.
That user changed their password using the password reset button, and then changed the home page for the site to show an error 404 page.
Fortunately, this was something easy to fix. And fortunately, we were able to see in the log files that this user had logged in and made this change. (I’m sure that they will have some stern words for this ex-employee.)