Graham,
Admin Tools would not prevent you from adding a user, but it could prevent you from adding that user to certain groups. In Web Application Firewall, Configure WAF, on the Joomla! Feature Hardening Options tab, check the value of "Disable editing backend users' properties". The error message you are seeing is not one that I have ever seen.
When a user is locked out by Admin Tools it is normally because they did something wrong. It may be as simple as mistyping a password or as complex as using innocent language that Admin Tools interprets as possibly being a valid MySQL command (SQL injection). You are correct that the "never block" feature won't work well with a dynamic IP addresses. And there are edge cases where a user gets blocked when they haven't done anything wrong. If your browser displays screen shots of recent pages, that screen shot can trigger a security exception. We recently found a really strange set of circumstances where Joomla!'s own keep alive javascript was triggering security exceptions. Under normal circumstances, the "never block" should not be necessary. If they get blocked, we just have to figure out why and adjust.
Dale L. Brackin
Support Specialist
English: native
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
????
My time zone is
EST (UTC -5) (click here to see my current time in Philadelphia, PA)