Symantec Endpoint Protection Manager Reset Admin Password May 2026
Every IT administrator knows the sinking feeling. You walk into the office on a Monday morning, fire up the console to check the latest threat reports for your endpoint fleet, and type in the credentials you’ve used a thousand times. Access Denied.
The password for the built-in admin account in Symantec Endpoint Protection Manager (SEPM) has expired, been changed by a departing colleague, or simply slipped your mind. Panic sets in. Without this password, you cannot manage policies, deploy agents, or review security incidents.
So, what do you do? Reinstall the server? Restore a month-old VM snapshot? No. You reset the password.
This 2,500+ word guide provides a definitive, step-by-step methodology for resetting the admin password in Symantec Endpoint Protection Manager. We will cover three distinct methods, ranging from official command-line tools to emergency database backups.
Please Note: These methods assume you have physical or remote administrative access to the Windows Server hosting SEPM. If you do not have access to the server itself, your only recourse is a full disaster recovery from a backup.
| Error Message | Solution |
|---------------|----------|
| Unable to connect to database | SEPM services might not be fully stopped. Verify in Task Manager that no java.exe or dbsrv* processes linger. |
| RecoveryUtil.bat opens and closes instantly | Run from an Administrator command prompt manually, not by double-clicking. |
| Authentication failed after reset | Clear your browser cache if using the web console. Also verify keyboard layout (Caps Lock, Num Lock). |
| User 'admin' does not exist | Your internal admin account might have been renamed for security. Use sem5user or another name. List users via SQL: SELECT USER_NAME FROM USER_LIST. |
Do not store the SEPM password in an email or Post-It note. Use a corporate password manager (e.g., CyberArk, 1Password, Bitwarden).
If you're using a SQL database and the SEPM console isn't accessible:
Open a Command Prompt as Administrator:
Navigate to the SEPM Installation Directory:
Execute the Password Reset Command:
Start the SEPM Services:
During SEPM installation, you set a DBA password for the embedded database (default sql). If you changed it, document it. Method 2 fails without this password.
If the password admin does not work:
Ensure you ran the .bat file as an Administrator. If you simply double-clicked it, it may have appeared to run but failed to write the changes to the database due to permission restrictions. Right-click and try "Run as administrator" again.
If you are using a different Username:
The ResetPass.bat tool strictly resets the built-in admin account. It does not work on custom administrator accounts created later. If you have lost the password for a custom account and have no other admins, you generally have to reinstall the SEPM and use a disaster recovery file (if you have one) to restore your settings.
To reset the Symantec Endpoint Protection Manager (SEPM) administrator password, you can use the built-in "Forgot your password?" link on the logon screen or the resetpass.bat tool located on the management server. Method 1: Console "Forgot your password?" Link
This is the standard recovery method if an email server is configured for your management console. Open the Symantec Endpoint Protection Manager logon screen. Click the Forgot your password? link. Enter the user name for the account you need to reset.
Click Temporary Password. A reset link will be sent to the administrator's registered email address.
Follow the link in the email to activate a temporary password and log in immediately to set a permanent one. Method 2: resetpass.bat Tool (Command Line)
If you cannot receive emails or are locked out entirely, you can manually reset the primary admin account using a batch script on the SEPM server. Default File Location:
64-bit systems: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Tools\
32-bit systems: C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Tools\ Reset Procedure: Open a Command Prompt as an administrator. Navigate to the Tools folder using the cd command. Run the resetpass.bat file.
The administrator username and password will both be reset to admin. symantec endpoint protection manager reset admin password
Log in with these credentials and change the password immediately. Troubleshooting Locked Accounts
To reset the administrator password for Symantec Endpoint Protection Manager (SEPM), you can use the built-in password reset tool or the command-line interface, depending on your version and access level. Reset via ResetPassword.bat (Recommended)
This is the standard method for most versions. It generates a temporary password that you must change upon login.
Navigate to the Tools folder: Open File Explorer on the SEPM server and go to:C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Tools Run the script: Double-click ResetPassword.bat.
Authentication: A command window will prompt for confirmation. Once completed, it will display a message stating the password has been reset to admin. Log in and Update: Open the SEPM console. Log in with username admin and password admin.
You will be prompted immediately to create a new, secure password. Reset via Command Line (Alternative)
If you prefer using the command line or the .bat file is missing, you can use the reset-password.exe utility.
Path: ..\Symantec Endpoint Protection Manager\bin\reset-password.exe
Command: Run the executable as an Administrator. This follows the same logic as the batch file, reverting the admin account to its default credentials. Troubleshooting and Limitations
Database Connectivity: The reset tool requires a connection to the SEPM database. If the database service is stopped, the reset will fail.
Account Locking: If the account is locked due to too many failed attempts, the reset script typically unlocks it while resetting the password.
FIPS Mode: If SEPM is running in FIPS-compliant mode, ensure you are using the specific tools provided in the FIPS subdirectories.
Symantec Endpoint Protection Manager (SEPM) administrator passwords can be reset using the "Forgot your password?" feature if email is configured, or via the resetpass.bat script located in the tools directory to revert to default credentials. If email recovery is unavailable, running the reset script requires administrative access to the server, which resets the account to a default username and password. For detailed, official procedures, visit Broadcom TechDocs.
To reset your Symantec Endpoint Protection Manager (SEPM) admin password, you can use the built-in "Forgot your password?" feature or the resetpass.bat command-line tool. These methods ensure you can regain access to your management console even if you have lost your credentials or are locked out. Method 1: Using the "Forgot Your Password" Link
This is the standard recovery method if your SEPM environment is configured with an email server.
Launch the Console: Open the SEPM logon screen on your management server. Request Reset: Click the Forgot your password? link.
Enter Account Details: In the dialog box, type the user name for the account you need to reset. For domain administrators, include the domain name. For local accounts, leave the domain field blank.
Receive Email: Click Temporary Password. You will receive an email containing a link to activate a temporary password.
Update Password: Log in with the temporary password and change it immediately. Method 2: Using the resetpass.bat Tool
If you do not have an email server configured or are in an isolated environment, use the command-line utility located on the server.
Locate the Tool: Open Windows Explorer on the SEPM server and navigate to the Tools folder.
64-bit Systems: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Tools. Every IT administrator knows the sinking feeling
32-bit Systems: C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Tools.
Run as Administrator: Right-click Command Prompt and select Run as administrator, then navigate to the directory above using the cd command. Execute Reset: Type resetpass.bat and press Enter.
Wait and Login: Wait approximately 10 minutes for the reset to take effect.
Default Credentials: Log in using the following default credentials: Username: admin Password: admin
Secure the Account: You will be prompted to change the password immediately upon logging in. Advanced Recovery: Troubleshooting the Reset Email
If the "Forgot your password?" link doesn't send an email, you can force the system to reveal the reset link in its internal logs.
Stop the SEPM Service: Use Services.msc to stop the Symantec Endpoint Protection Manager service.
Enable Debug Logging: Edit the conf.properties file (located in ...\Tomcat\etc) and set scm.log.loglevel=FINEST and append scm.mail.troubleshoot=1.
Restart and Capture: Start the service again and request the password reset.
Find the Link: Open the stdout-0.log file in the ...\tomcat\logs\ folder and search for "PasswordServlet" to find the generated reset URL.
Method 1: Reset Admin Password using the SEPM Console
Method 2: Reset Admin Password using SQL Database
If you are unable to access the SEPM console or if the above method does not work, you can reset the admin password by updating the SQL database directly.
For Microsoft SQL Server:
UPDATE tbl_SEP_Users SET pwd = 'new_password' WHERE uid = 'admin_username'
Replace new_password with the new password you want to set and admin_username with the admin username (default is admin).
For Oracle Database:
UPDATE sep_users SET pwd = 'new_password' WHERE uid = 'admin_username'
Replace new_password with the new password you want to set and admin_username with the admin username (default is admin).
Method 3: Reset Admin Password using Command Line
You can also reset the admin password using the command line.
For Windows:
java -classpath ".;lib/*" com.symantec.sepm.adminui.AdminConsole -resetpwd -admin <admin_username> -pwd <new_password>
Replace <admin_username> with the admin username (default is admin) and <new_password> with the new password you want to set.
For Linux:
java -classpath ".:lib/*" com.symantec.sepm.adminui.AdminConsole -resetpwd -admin <admin_username> -pwd <new_password>
Replace <admin_username> with the admin username (default is admin) and <new_password> with the new password you want to set.
Re-login to SEPM Console
After resetting the admin password, re-login to the SEPM console using the new password. Make sure to update any password records or authentication configurations to reflect the new password.
Resetting Your Symantec Endpoint Protection Manager (SEPM) Admin Password
If you have lost access to your Symantec Endpoint Protection Manager (SEPM) console, you can regain entry using several methods depending on your environment's configuration. The most common solution involves using a built-in batch script on the management server. Method 1: Using the resetpass.bat Tool (Recommended)
This tool is included in your SEPM installation and resets the administrator credentials to their default values.
Access the Server: Log into the physical or virtual machine where Symantec Endpoint Protection Manager is installed.
Locate the Tool: Open Windows Explorer and navigate to the following directory:
64-bit systems: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Tools
32-bit systems: C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Tools
Run the Script: Right-click resetpass.bat and select Run as Administrator.
Log In: Wait approximately 10 minutes for the change to take effect. Then, log in with the following default credentials: Username: admin Password: admin
Update Security: You will be prompted to change this temporary password immediately. Ensure your new password meets current complexity requirements (typically 8–16 characters, including uppercase, lowercase, numbers, and special characters). Method 2: Using the "Forgot Your Password?" Link
If your SEPM is configured with a working SMTP mail server, you can use the built-in recovery link. On the SEPM logon screen, click Forgot your password?. Enter the username for the account you wish to reset.
Check your email for a temporary password and activation link.
Troubleshooting: If you don't receive the email, you may need to check the mailConfig.properties file located in the \tomcat\etc\ folder to verify your SMTP settings. Method 3: Advanced Recovery via Log Files
If you cannot receive emails but have access to the server's file system, you can sometimes extract the reset link directly from the system logs.
Enable Debugging: Edit the conf.properties file in ...\Tomcat\etc and set scm.log.loglevel=FINEST and scm.mail.troubleshoot=1.
Restart Service: Restart the Symantec Endpoint Protection Manager service via services.msc.
Extract Link: Trigger the "Forgot Password" request again, then check the stdout-0.log file in the \tomcat\logs\ directory for a phrase like "PasswordServlet." The reset URL should be listed there.
For official technical documentation, visit the Broadcom Support Portal or review troubleshooting tips on the Broadcom Community forums.
