I have configured CLE with SSPR where I have enabled REST and Change Password in the CLE configuration utility.

I have set certain characters to be disallowed in the SSPR password policy, and these are blocked on a normal change password request (using CTRL+ALT+DEL and clicking Change password), but not on an expired password login on the computer.

Is this expected? Or a bug?

CLE is the latest version and SSPR is a bit old, v4.2.0.3.

Best regards