How can I prevent users from changing their passwords except when Windows 2000 prompts them to?

 You can configure your domain via a group policy so that users can change their passwords only when the system prompts them:
Start the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in (Start, Programs, Administrative Tools, Active Directory Users and Computers).
Right-click the container (site/domain or organizational unit—OU) you want to enforce the policy on, and select Properties.
Select the Group Policy tab.
Select the policy and click Edit.
Expand User Configuration, Administrative Templates, System, Logon/Logoff.
Double-click Disable Change Password, and on the Policy tab, select Enabled.
Click Apply, then OK.
Close all dialog boxes.
Refresh the policy with the following command:
C:\> secedit /refreshpolicy user_policy
You can also configure this feature on a per-user basis. Perform the following steps:
Start regedit.exe.
Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies.
If the System key exists, select it. Otherwise create it (Edit, New, Key, System).
Under System, create a new value of type DWORD (Edit, New, DWORD value).
Type a name of DisableChangePassword, and press Enter.
Double-click the new value, and set it to 1. Click OK.
Close regedit.
You don't need to log off; the change takes effect immediately.

Security Administrator More info

     If the above options do not provide enough security for you, download Access manager for Windows.

Access manager provides much more security than standard ways in Windows.

More info

More articles about Security