--- ./restrict_password_change.module	2009-08-22 04:29:07.000000000 -0400
+++ ./restrict_password_change_new.module	2009-08-22 05:19:29.000000000 -0400
@@ -6,7 +6,15 @@
  * Implementation of hook_perm()
  */
 function restrict_password_change_perm() {
-  return array('change other users password');
+  return array(
+	'change other users password',
+	'change other users username',
+	'change other users altlogin',
+	'change other users email',
+	'delete other users',
+	'block other users',
+	'change admin user'
+	);
 }
 
 /**
@@ -16,15 +24,47 @@ function restrict_password_change_form_a
   global $user;
   switch ($form_id) {
     case 'user_profile_form':
-      //drupal_set_message('$form = <pre>'. print_r($form, TRUE) .'</pre>');
-      // check to see if the form is for the current user or if they have permission
-      if(($user->uid != $form['_account']['#value']->uid) && !user_access('change other users password')) {
-        // password cannot be changed
-        $form['account']['pass']['#access'] = FALSE;
-        // e-mail address cannot be changed
-        $form['account']['mail']['#access'] = FALSE;
-        // they cannot be deleted
-        $form['delete']['#access'] = FALSE;
+      if($user->uid != $form['_account']['#value']->uid) {
+        if(!user_access('change other users password')) {
+          // password cannot be changed
+          $form['account']['pass']['#access'] = FALSE;
+        }
+        if(!user_access('change other users username')) {
+          // username cannot be changed
+          $form['account']['name']['#access'] = FALSE;
+        }
+        if(!user_access('change other users altlogin')) {
+          // alt_login cannot be changed
+          $form['account']['alt_login']['#access'] = FALSE;
+        }
+        if(!user_access('block other users')) {
+          // user cannot be blocked
+          $form['account']['status']['#access'] = FALSE;
+        }
+        if(!user_access('change other users email')) {
+          // e-mail address cannot be changed
+          $form['account']['mail']['#access'] = FALSE;
+        }
+        if(!user_access('delete other users')) {
+          // user cannot be deleted
+          $form['delete']['#access'] = FALSE;
+        }
       }
-  }
-}
\ No newline at end of file
+
+      // check to see if the form is for the current user or if they have permission
+      // check if user 1 - if not, prevent changing user 1 account
+      // regardless of permission to 'change other users password' 
+      if(($user->uid != 1) && 
+      ($form['_account']['#value']->uid == 1) &&
+        (!user_access('change admin user'))) {
+          $form['account']['#access'] = FALSE;
+          $form['theme_select']['#access'] = FALSE;
+          $form['contact']['#access'] = FALSE;
+          $form['submit']['#access'] = FALSE;
+          $form['timezone']['#access'] = FALSE;
+          $form['messaging']['#access'] = FALSE;
+          $form['delete']['#access'] = FALSE;
+      } // protect admin usr 1
+
+  } // switch
+}