I wouldn't generalise acceptable use policies that far. AUPs vary, with their scope ostensibly being determined by data security requirements, sometimes varying between departments. Of course, this assumes you can map managerial decision making onto some kind of rational process, which isn't always the case. Also, communicating in a brief form how modifying the user account was a requirement according to the AUP helps to cut off arguments at the knees, especially if you have a referral to HR or other policy authority for further questions. This is not something which you owe the user, unless someone didn't provide them access to the AUP. As I posted earlier, it doesn't take much to do it, can often save time and hassle, and it covers your ass for those users with more power than brains.