For those that do not want to give their members access to the admin pages, password retrieval, rather than changing the password would be ideal. Have an email sent to the user with the passord. OR rather than changing the password in the admin area, the user should be directed to their profile page since they can change their password there too.

As of now, if a user group is set to NO ACCESS to the admin area, requests to change the password only result in ERRORS.