As per
http://qa.sqlservercentral.com/articles/SQL+Server+2005+-+Security/sqlserver2005logins/2474/
CHECK_EXPIRATION and CHECK_POLICY tell SQL Server to enforce the settings on password found in the computer's effective local security policy. Since Group Policy overrides the local security policy, the effective setting may actually be in a Group Policy. When CHECK_POLICY is on, SQL Server 2005 will get password policies and enforce them. However, CHECK_EXPIRATION can still be turned off, even if you want to ensure password complexity, password history, and account lockout settings are observed and enforced. If you set CHECK_POLICY on, though, CHECK_EXPIRATION will also be on unless you explicitly turn it off. CHECK_POLICY is only fully enforced in Windows Server 2003.
MJ