Symantec Endpoint Protection Manager Reset Admin Password

If password recovery was enabled during installation or by a previous admin, the SEPM web console includes a self-service password reset feature.

Use the SEPM built-in backup scheduler:

  • A Command Prompt window will open briefly and then close automatically.

    • If the password admin does not work: Ensure you ran the .bat file as an Administrator. If you simply double-clicked it, it may have appeared to run but failed to write the changes to the database due to permission restrictions. Right-click and try "Run as administrator" again.

    If you are using a different Username: The ResetPass.bat tool strictly resets the built-in admin account. It does not work on custom administrator accounts created later. If you have lost the password for a custom account and have no other admins, you generally have to reinstall the SEPM and use a disaster recovery file (if you have one) to restore your settings.

    To reset the Symantec Endpoint Protection Manager (SEPM) administrator password, you can use the built-in "Forgot your password?" link on the logon screen or the resetpass.bat tool located on the management server. Method 1: Console "Forgot your password?" Link

    This is the standard recovery method if an email server is configured for your management console. Open the Symantec Endpoint Protection Manager logon screen. Click the Forgot your password? link. Enter the user name for the account you need to reset.

    Click Temporary Password. A reset link will be sent to the administrator's registered email address.

    Follow the link in the email to activate a temporary password and log in immediately to set a permanent one. Method 2: resetpass.bat Tool (Command Line)

    If you cannot receive emails or are locked out entirely, you can manually reset the primary admin account using a batch script on the SEPM server. Default File Location:

    64-bit systems: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Tools\

    32-bit systems: C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Tools\ Reset Procedure: Open a Command Prompt as an administrator. Navigate to the Tools folder using the cd command. Run the resetpass.bat file.

    The administrator username and password will both be reset to admin.

    Log in with these credentials and change the password immediately. Troubleshooting Locked Accounts

    If you need to reset the Symantec Endpoint Protection Manager (SEPM)

    admin password, the process is straightforward but requires access to the management server's file system. Password Reset Methods According to technical documentation from , there are two primary ways to handle this: resetpass.bat

    : This is the most common "local" fix if you are locked out. Navigate to the folder in your SEPM installation directory (usually

    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Tools resetpass.bat This resets the default account password to : Log in immediately and change this to a secure password. The "Forgot Password" Link

    : If your SEPM is configured with an email server, you can use the link on the login console. Enter your username and click Forgot Password

    A temporary password will be sent to the administrator's email address on file. Broadcom Community Common Troubleshooting Account Lockouts

    : If the account is locked due to too many failed attempts, running resetpass.bat will also typically unlock it. Console Access

    : You must perform the batch file reset directly on the computer running the SEPM software. Configuration Wizard : If the batch file fails, some users perform a Broadcom Knowledge Base

    through the Control Panel to trigger the Management Server Configuration Wizard, which allows for re-configuring the admin credentials. Broadcom Community

    If you're having trouble locating the installation directory or if the batch file isn't working,

    would you like help troubleshooting your specific SEPM version or server setup? How can I unlock my admin user? | Endpoint Protection

    To reset the admin password for Symantec Endpoint Protection Manager (SEPM)

    , you can use the built-in self-service link or a command-line tool depending on your access and version. 1. "Forgot Your Password?" Link (Recommended)

    If you have a configured mail server, this is the official way to regain access. Broadcom TechDocs Access the Link: symantec endpoint protection manager reset admin password

    On the management server, open the SEPM logon screen and click Forgot your password? Submit Details:

    Enter your username (and domain if applicable) in the dialog box and click Temporary Password Email Reset:

    You will receive an email with a link to activate a temporary password, which must be changed immediately after logging in. Broadcom TechDocs resetpass.bat

    If you cannot use the email method, you can use a local batch file on the management server to reset the account. Broadcom Community Navigate to the folder in the SEPM installation directory: 64-bit default:

    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Tools 32-bit default:

    C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Tools Execution:

    Run a Command Prompt as administrator, navigate to this folder, and execute resetpass.bat Both the username and password will be reset to

    This tool is natively present in older versions (like 12.1 and lower); for newer versions, you may need to obtain it from Symantec Technical Support or recreate it manually if you have the script contents. Broadcom Community 3. Log Retrieval (Isolated Environments)

    If the server is in an isolated environment without email access, you can sometimes find the reset link in the server logs: Broadcom support portal Enable troubleshoot logging by editing conf.properties Tomcat\etc scm.mail.troubleshoot=1 to the file and restart the SEPM service. Request a password reset via the console, then check stdout-0.log tomcat\logs folder for the PasswordServlet entry containing the reset link. Broadcom support portal resetpass.bat file to try creating it manually on your server?

    To reset the Symantec Endpoint Protection Manager (SEPM) admin password, you can use the built-in resetpass.bat utility or the standard "Forgot your password?" link if an email server is configured. Method 1: Using the resetpass.bat Tool

    This method is the most reliable if you have access to the SEPM server. It resets the administrator username and password back to the default admin.

    Locate the Tool: On the SEPM server, open Windows Explorer and navigate to the following default directory:

    64-bit systems: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Tools.

    32-bit systems: C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Tools.

    Run the File: Double-click the resetpass.bat file. Alternatively, run it via an elevated Command Prompt (Run as Administrator).

    Wait and Log In: It may take up to 10 minutes for the changes to take effect. Log in using: Username: admin Password: admin

    Update Credentials: You will be prompted to change the password immediately upon login. Method 2: The "Forgot your password?" Link

    Use this if your management server is configured with a mail relay to send recovery emails. Open the Symantec Endpoint Protection Manager logon screen. Click the Forgot your password? link. Enter the username and click Temporary Password.

    Check your email for a link to activate a temporary password. Important Troubleshooting Tips Forgot Admin Password - Console | Endpoint Protection

    Comprehensive Guide to Resetting the Symantec Endpoint Protection Manager (SEPM) Admin Password

    Losing access to your Symantec Endpoint Protection Manager (SEPM) console can halt critical security updates and leave your network vulnerable. Whether you’ve forgotten the administrator credentials or are dealing with a lockout, there are two primary methods to regain control: using the built-in password reset tool or the "Forgot Password" email feature. 1. The resetpass.bat Utility (Local Server Access)

    If you have physical or remote desktop access to the Windows server running SEPM, the fastest way to recover is using the bundled resetpass.bat script. This utility resets the "admin" account password back to the factory default. Step 1: Log in to the management server computer.

    Step 2: Open Windows Explorer and navigate to the SEPM installation directory. The default path is usually:C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Tools.

    Step 3: Locate and double-click the file named resetpass.bat.

    Step 4: A command prompt window will briefly appear, confirming that the password has been reset to admin.

    Step 5: Launch the SEPM console and log in with the username admin and the password admin. If password recovery was enabled during installation or

    Critical Action: You must change the password immediately upon logging in to secure the console. 2. The "Forgot Password" Feature (Email Recovery)

    If you cannot access the server directly but have configured an email server (SMTP) within SEPM, you can request a temporary password. Step 1: Open the SEPM Login console. Step 2: Click the Forgot your password? link.

    Step 3: Enter your username and the email address associated with the account.

    Step 4: Check your inbox for an email containing a Temporary Password.

    Step 5: Log in using the temporary credentials and update your password immediately. 3. Troubleshooting Common Login Issues

    If neither method works, consider these common pitfalls documented by Broadcom Tech Docs:

    Account Lockout: SEPM may lock an account after multiple failed attempts. Wait for the lockout period to expire (usually 15-30 minutes) before trying again.

    Database Connectivity: If the password reset tool fails, ensure the SEPM database service is running.

    Permissions: Ensure you are running the resetpass.bat file with Administrator privileges on the server. Security Best Practices To avoid future lockouts, it is recommended to:

    Configure SMTP: Always set up a mail server in SEPM so the "Forgot Password" feature is functional.

    Multiple Admins: Create at least one secondary administrator account for emergency access.

    Documentation: Securely store the SEPM "admin" credentials in a company-approved password manager.

    For further technical support, you can visit the Broadcom Support Portal or the Symantec Enterprise Community.

    To reset the administrator password for Symantec Endpoint Protection Manager (SEPM), you can use the built-in password reset tool or the command-line interface, depending on your version and access level. Reset via ResetPassword.bat (Recommended)

    This is the standard method for most versions. It generates a temporary password that you must change upon login.

    Navigate to the Tools folder: Open File Explorer on the SEPM server and go to:C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Tools Run the script: Double-click ResetPassword.bat.

    Authentication: A command window will prompt for confirmation. Once completed, it will display a message stating the password has been reset to admin. Log in and Update: Open the SEPM console. Log in with username admin and password admin.

    You will be prompted immediately to create a new, secure password. Reset via Command Line (Alternative)

    If you prefer using the command line or the .bat file is missing, you can use the reset-password.exe utility.

    Path: ..\Symantec Endpoint Protection Manager\bin\reset-password.exe

    Command: Run the executable as an Administrator. This follows the same logic as the batch file, reverting the admin account to its default credentials. Troubleshooting and Limitations

    Database Connectivity: The reset tool requires a connection to the SEPM database. If the database service is stopped, the reset will fail.

    Account Locking: If the account is locked due to too many failed attempts, the reset script typically unlocks it while resetting the password.

    FIPS Mode: If SEPM is running in FIPS-compliant mode, ensure you are using the specific tools provided in the FIPS subdirectories.

    Forgetting the administrator password for Symantec Endpoint Protection Manager (SEPM) can feel like being locked out of your own high-security vault. Fortunately, Symantec provides built-in "emergency keys" to regain entry. 1. The Standard "Forgot Your Password?" Link

    If you have configured a working email server (SMTP) in your SEPM settings, this is your quickest route. A Command Prompt window will open briefly and

    The Action: On the SEPM logon screen, click Forgot your password?.

    The Result: Type your username and click Temporary Password. An email will be sent with a reset link.

    Catch-22: This only works if your SMTP relay and recovery email were set up before you lost access. 2. The Power Move: resetpass.bat

    In isolated environments or cases where email isn't configured, Symantec provides a specific batch script located directly on the management server.

    Location: Navigate to C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Tools. The Execution: Open a Command Prompt as Administrator. Run resetpass.bat.

    The Reset: This script forcefully reverts the admin account name and password to the default: admin / admin.

    Pro Tip: You must change this default password immediately after logging back in for security compliance. 3. The "Deep Log" Extraction (Advanced)

    If you’ve requested a reset email but it never arrives (common in restrictive networks), you can sometimes "catch" the link from the server's own logs.

    The Trick: Increase the SEPM loglevel to FINEST in the conf.properties file and add scm.mail.troubleshoot=1.

    The Find: After restarting the service and requesting the password again, search the stdout-0.log file for the phrase "PasswordServlet". The actual reset URL is often hidden right there in the text. 4. Important Constraints to Remember

    Method 1: Reset Admin Password using the SEPM Console

    Method 2: Reset Admin Password using SQL Database

    If you are unable to access the SEPM console or if the above method does not work, you can reset the admin password by updating the SQL database directly.

    For Microsoft SQL Server:

    UPDATE tbl_SEP_Users SET pwd = 'new_password' WHERE uid = 'admin_username'

    Replace new_password with the new password you want to set and admin_username with the admin username (default is admin).

    For Oracle Database:

    UPDATE sep_users SET pwd = 'new_password' WHERE uid = 'admin_username'

    Replace new_password with the new password you want to set and admin_username with the admin username (default is admin).

    Method 3: Reset Admin Password using Command Line

    You can also reset the admin password using the command line.

    For Windows:

    java -classpath ".;lib/*" com.symantec.sepm.adminui.AdminConsole -resetpwd -admin <admin_username> -pwd <new_password>

    Replace <admin_username> with the admin username (default is admin) and <new_password> with the new password you want to set.

    For Linux:

    java -classpath ".:lib/*" com.symantec.sepm.adminui.AdminConsole -resetpwd -admin <admin_username> -pwd <new_password>

    Replace <admin_username> with the admin username (default is admin) and <new_password> with the new password you want to set.

    Re-login to SEPM Console

    After resetting the admin password, re-login to the SEPM console using the new password. Make sure to update any password records or authentication configurations to reflect the new password.

    Symantec (now Broadcom) provides a built-in, unsupported, but highly effective tool specifically for this scenario: resetpass.bat. This script is installed by default with every SEPM installation.