I have one Windows Server 2003 VM that I need to disable the Password Complexity policy for Local users on. I still want the Active Directory users to use the domain Password Complexity Policy.
Is there a way to do this?
[More background info for those who are curious: I am going to be using the users on the server as an authentication piece for a 3rd party tool. The local users will have no rights on the machine. They just need to exist to authenticate against. Because the 3rd party tool is for mobile devices, I don't want my users to have to type in complex passwords. (It would quickly become tedious on a mobile device.)]
Best Answer
Your member computer is picking up its local password policy settings from the "Default Domain Policy" (in a stock configuration) but you can override it by applying a group policy object with the password policy settings you'd like at the OU of that machine (or, really, anywhere lower than the top of the domain but above that computer object's path).
As long as you don't put another password policy into a GPO at the root of the domain you won't cause changes to the domain-wide password policy (used for AD accounts by domain controllers).
You might see things about granular password policies in W2K8, but this isn't what you're looking for. What you want can be done in every version of AD back to W2K, because it only applies to local accounts on member computers.