How to prevent a global password policy applying to a Local Account?

Hi!
I think it's a though case, hence 500 points!
I have W2K computer joining Win Active Directory. Global policy on the Domain is set to be at least 6 char, Local policy is set to 0, and in effect it's 6 char.
Now, I have a software which REQUIRES to have a very specific 3-char password on one LOCAL User Account.
How to work around, so the Domain policy is untouched, and Local Account can have 3-char password?
I have full admin rights to the local computer, but the machine has to stay on the network joining Domain.
Thanks!
athanasius296Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

rsivanandanCommented:
I'm not sure if this can be done. It is pretty much turn ON/OFF.

Cheers,
Rajesh
oBdACommented:
Since it's a local account, you can do it. Put the machine into its own OU, and change the password policy for that OU. This will only influence local accounts on the machine(s) in this OU.

Step-by-Step Guide to Enforcing Strong Password Policies
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/stepbystep/strngpw.mspx
DiabloMillinCommented:
a simple work around would be to create a new OU for that computer and any others that need this part of the group polices changed. Then create a different GP for these boxes.

If you are not a domain admin try this:

Correct me if I am wrong but I thought local policies were the last to be applied. So if you specify on that machines local policy account that it also has a password policy of 3 min then this should also fix the problem by overwriting the GP.
CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

DiabloMillinCommented:
sorry must have been typing when oBdA put answer in....
oBdACommented:
Local Policies are the first to be applied; the sequence is LSDO: Local, Site, Domain, Organizational Units.
There'd basically be no point in policies if every local admin could just block or overwrite them ...
athanasius296Author Commented:
Thanks for your fast response.
oBdA says: "Simple work around would be to create a new OU for that computer"  - well, what if I don't have admin rights to that level of the Domain. I'm admin on the local wkstn, and can join/disjoing wkstn from the Domain.
What other options do I have?
oBdACommented:
Can you create GPOs and groups for the OU the machine is in? If so, you can create a new GPO with the password policy settings, and use security group filtering to only apply it to that machine.
If not, you can still ask the OU admin to do that for you.
If this doesn't work, either, your only choice is probably to unjoin the machine from the domain, create the account with the password, then join it back to the domain. The password isn't checked during use, only when it's created.
athanasius296Author Commented:
Hi iBdA,
I like your suggestion:
"your only choice is probably to unjoin the machine from the domain, create the account with the password, then join it back to the domain. The password isn't checked during use, only when it's created."
BUT if I'm asked by the program I mentioned before to change the password, I can't reapply 3-char password, and have to use a Global 6-char.
So, the solution would be only temporary.
athanasius296Author Commented:
Hi!

I didn't get a satisfying answer to solve my problem, but I found elsewhere a perfect solution, which I'm posting here:
To reset the local security settings on the computer, type in a command prompt exactly:

secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose

Thanks all for your comments and support!
DarthModCommented:
Closed, 500 points refunded.

DarthMod
Community Support Moderator

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.