I am trying to provision a few special case laptops. I would like to create a local guest account. That's fine but when I try to create it I prompted that my guest password does not meet the complexity requirements.
I tried editing the local security policy to change the complexity but this is greyed out. Is it possible to override domain policy with local?
Yes, I know I can chose a longer password but that is not the point. I want to know how to override domain policy in case I need to in the future.
Best Answer
There are always way to hack around central policies if you have local admin access - at a minimum you can make your changes locally to the registry and hack the security settings so they can't be updated by the group policy agent - but it isn't the best way to go. I'll admit to doing it 10 years ago.. but really.. don't. There are unanticipated results in a lot of cases.
See this technet article. The order for policy application is effectively:
Later policies will overwrite earlier ones.
Your best bet is to make a computer group and use that group to either exclude your custom computers from the password complexity policy or assemble a new policy that'll override these defaults, filtered to only apply to this group.