1cf@BPtw would have worked fine ;-)
Personally, if I was found to have ever given a single user a weak password that worked, I would not only be fired, I'd be escorted to my car while someone examined my things to see what I'd be allowed to take home. Fortunately, it would be nearly impossible to do.
Giving SME users access with a weak or nonexistent password is one thing (and risky enough), but allowing root or admin access in a commercial setting with any less than the strongest security possible is a dereliction of duty IMO. We have recently seen a cpl of instances where weak admin passwords have been guessed by someone out on the net, who proceeded to compromise the server/gateway.
I would advise you to make up a few scenarios of potential compromises (from within and without) together with an estimate of what each would cost. Don't neglect "opportunity costs" (the money they would have made) if applicable. Share these scenarios with the owners or senior managers of your org.
If they don't care, fine: it's their money. Most people will care, though. And when the bosses really care, and show it, you'll see that almost all workers are suddenly quite able to remember their passwords, and can deal with making strong ones. They are not complete idiots. Of course they'll still do stuff like tape the passwords on their monitors, or forget them every 3-day weekend, but you can work with that.
At least you would be working on securing your environment. When the compromise happens, you won't find yourself standing there saying "It was too hard to get them to accept strong passwords, so I didn't even try". :-(
Good Luck!
RonM