Symantec Endpoint Protection Manager Reset Admin Password May 2026

  • Once logged in, you will likely be prompted to change the password immediately, or you can navigate to Admin > Administrators.
  • Select the "admin" account and set a new, secure password.

    • Always ensure you have a recent backup of your SEPM database before making significant changes. If you're uncomfortable performing these steps or if issues arise, consider contacting Symantec technical support for assistance.

    By following these steps, you should be able to reset the admin password for your Symantec Endpoint Protection Manager.

    To reset the administrator password for Symantec Endpoint Protection Manager (SEPM), you can use the built-in "Forgot your password?" link or run a manual reset script on the management server Broadcom TechDocs Option 1: Using the "Forgot Password" Link

    This is the standard method if you have configured an email server (SMTP) in SEPM. Broadcom Community Launch the Symantec Endpoint Protection Manager Forgot your password? link on the logon screen.

    (and Domain Name, if applicable) for the account you need to reset. Temporary Password

    Check the administrator's email for a link to activate the temporary password. If you aren't receiving the email, you can check the stdout-0.log

    file on the SEPM server to find the password reset link manually. Broadcom TechDocs Option 2: Using the resetpass.bat

    It was 2:00 AM, and the only thing louder than the hum of the server room was the sound of Mark’s own heartbeat.

    Mark, the lead systems admin for a mid-sized firm, had just spent four hours trying to mitigate a lateral movement threat. He’d locked down the network, but when he went to log into the Symantec Endpoint Protection Manager (SEPM)

    to push a global policy update, the unthinkable happened: "Invalid Username or Password."

    He tried his "safe" password. He tried the legacy one. He even tried the one scribbled on a sticky note hidden under the server rack from three years ago. Nothing. The former admin hadn't just left the company; he’d left a digital fortress with the drawbridge pulled up.

    Sweat beaded on Mark's forehead. Without SEPM access, the infected endpoints were essentially "dark."

    He opened a terminal window on the management server. He knew the drill, but the pressure made his fingers feel like lead. He navigated deep into the directory:

    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Tools\ There it was. The ResetPassword.bat

    file. It felt like finding a skeleton key in a haunted house. symantec endpoint protection manager reset admin password

    He double-clicked. A command prompt flickered to life, demanding a new identity for the 'admin' account. He typed a complex string—half frustration, half hope—and hit Enter. The cursor blinked, a silent judge of his fate. “Password changed successfully.”

    Mark didn't cheer. He breathed. He navigated back to the console, entered the new credentials, and watched as the dashboard bloomed into green health status circles. The drawbridge was down. The network was his again. If you'd like to turn this story into a step-by-step guide , let me know: SEPM version (14.x is the most common) If you have access to the server's OS (Windows or Linux) I can give you the exact commands to get back in.

    To reset a forgotten administrator password for Symantec Endpoint Protection Manager (SEPM), you can use the built-in "Forgot your password?" link on the logon screen or a command-line tool located on the management server. Method 1: Using the Logon Screen

    This is the standard method if you have previously configured an email server in SEPM. Broadcom TechDocs Launch SEPM : Open the management server logon screen. Request Reset : Click the Forgot your password? Enter Credentials

    : Provide the user name and domain (leave blank if not using domains) for the account. Check Email Temporary Password to receive an activation link via email. Update Password

    : Log in using the temporary credentials and change them immediately. Broadcom TechDocs Method 2: Using the resetpass.bat Tool

    If email is not configured or the system is in an isolated environment, you can use a batch file to reset the password to the default "admin". Broadcom Community

    If you need to reset the Symantec Endpoint Protection Manager (SEPM)

    admin password, the process is straightforward but requires access to the management server's file system. Password Reset Methods According to technical documentation from , there are two primary ways to handle this: resetpass.bat

    : This is the most common "local" fix if you are locked out. Navigate to the folder in your SEPM installation directory (usually

    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Tools resetpass.bat This resets the default account password to : Log in immediately and change this to a secure password. The "Forgot Password" Link

    : If your SEPM is configured with an email server, you can use the link on the login console. Enter your username and click Forgot Password

    A temporary password will be sent to the administrator's email address on file. Broadcom Community Common Troubleshooting Account Lockouts

    : If the account is locked due to too many failed attempts, running resetpass.bat will also typically unlock it. Console Access Once logged in, you will likely be prompted

    : You must perform the batch file reset directly on the computer running the SEPM software. Configuration Wizard : If the batch file fails, some users perform a Broadcom Knowledge Base

    through the Control Panel to trigger the Management Server Configuration Wizard, which allows for re-configuring the admin credentials. Broadcom Community

    If you're having trouble locating the installation directory or if the batch file isn't working,

    would you like help troubleshooting your specific SEPM version or server setup? How can I unlock my admin user? | Endpoint Protection

    Resetting Your Symantec Endpoint Protection Manager (SEPM) Admin Password

    If you have lost access to your Symantec Endpoint Protection Manager (SEPM) console, you can regain entry using several methods depending on your environment's configuration. The most common solution involves using a built-in batch script on the management server. Method 1: Using the resetpass.bat Tool (Recommended)

    This tool is included in your SEPM installation and resets the administrator credentials to their default values.

    Access the Server: Log into the physical or virtual machine where Symantec Endpoint Protection Manager is installed.

    Locate the Tool: Open Windows Explorer and navigate to the following directory:

    64-bit systems: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Tools

    32-bit systems: C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Tools

    Run the Script: Right-click resetpass.bat and select Run as Administrator.

    Log In: Wait approximately 10 minutes for the change to take effect. Then, log in with the following default credentials: Username: admin Password: admin

    Update Security: You will be prompted to change this temporary password immediately. Ensure your new password meets current complexity requirements (typically 8–16 characters, including uppercase, lowercase, numbers, and special characters). Method 2: Using the "Forgot Your Password?" Link Always ensure you have a recent backup of

    If your SEPM is configured with a working SMTP mail server, you can use the built-in recovery link. On the SEPM logon screen, click Forgot your password?. Enter the username for the account you wish to reset.

    Check your email for a temporary password and activation link.

    Troubleshooting: If you don't receive the email, you may need to check the mailConfig.properties file located in the \tomcat\etc\ folder to verify your SMTP settings. Method 3: Advanced Recovery via Log Files

    If you cannot receive emails but have access to the server's file system, you can sometimes extract the reset link directly from the system logs.

    Enable Debugging: Edit the conf.properties file in ...\Tomcat\etc and set scm.log.loglevel=FINEST and scm.mail.troubleshoot=1.

    Restart Service: Restart the Symantec Endpoint Protection Manager service via services.msc.

    Extract Link: Trigger the "Forgot Password" request again, then check the stdout-0.log file in the \tomcat\logs\ directory for a phrase like "PasswordServlet." The reset URL should be listed there.

    For official technical documentation, visit the Broadcom Support Portal or review troubleshooting tips on the Broadcom Community forums.

    To reset the Administrator password for Symantec Endpoint Protection Manager (SEPM), you use the built-in ResetPass.bat utility located in the installation directory.

    Note: This procedure only works for the default "admin" username. If you created a custom administrator username and forgot it, you must log in with another administrator account to reset it, or reinstall the management server.

    Here is the step-by-step guide.

    Occasionally, RecoveryUtil.bat fails because of Java environment issues, corrupted .dll files, or version mismatches. When this happens, you can perform a manual SEPM reset admin password via direct SQL.

    Never rely on a single admin account.

    This paper documents the methods to reset a lost or forgotten administrator password for Symantec Endpoint Protection Manager (SEPM). It covers both Windows and Linux-based SEPM installations, including database authentication resets, safe-mode recovery, and post-reset validation.

    If both software and manual methods fail (e.g., database corruption), you can restore the SEPM configuration from a backup.

    Caveat: You will lose any configuration changes made after the backup date. Use only as a last resort.