We have an IDM loopback policy that provides a random initial password based
on a Universal Password Policy. To minimally match our corporate policy, we
require 1 number, 1 special character and 8 total characters. Simple,

Well, the random password generated includes a number of "special"
characters that are causing grief for our users (i.e. not simple enough).
Periods and spaces seem to wreak the most havoc.

The question is, can we have a random password created, maintaining these
minimum requirements, but which limits the variety of special characters it
chooses from? I know we can restrict entire passwords, or block passwords
containing specified attributes... but is there a way to block the use of
unwanted special characters? In IDM Policy, or in UP Policy?