Information
Domain controller: Refuse machine account password changes
This security setting determines whether domain controllers will refuse requests from member computers to change computer account passwords. By default, member computers change their computer account passwords every 30 days. If enabled, the domain controller will refuse computer account password change requests.
If it is enabled, this setting does not allow a domain controller to accept any changes to a computer account's password.
Default: This policy is not defined, which means that the system treats it as Disabled.
Solution
Policy Path: Local Policies\Security Options
Policy Name: Domain controller: Refuse machine account password changes