I recently had reason to reset the Local Administrator password to one that did not satisfy the local security policy complexity requirements. This server had already been joined to the domain. Firstly, I logged on as local administrator and tried to change the password complexity requirement here:
Administrative Tools > Local Security Policy > Account Policies > Password Policy
The setting could not be changed as options were grayed out. Although I suspected it was due to being joined to AD and I could remove server from AD, change password complexity and add to AD again, I decided to search for another way. After some looking I came across this page on Spiceworks:
In particular, these instructions from IgnaceQ:
Go to a command prompt and Type 'secedit /export /cfg c:\local.cfg'
Look for the line "PasswordComplexity = 1" and change it to "PasswordComplexity = 0"
Save the file
At a command prompt type 'secedit /configure /db %windir%\security\local.sdb /cfg c:\local.cfg /areas SECURITYPOLICY
This worked for me also. Don’t know if it will persist after a restart but will check soon.
[Ed : 20140829 : Thought I should add here that while it worked across restarts, it may have messed up some other stuff although I am not 100% sure. For example, after making this change and restarting, the vCenter service would not start no matter what I did. As we have a relatively simple vSphere + vCentre environment, I ended up reinstalling OS + applications. In this case, I changed the local user password policy before joining the server to the domain.]