For any IT security administrator, few moments induce panic quite like staring at the login screen of your Symantec Endpoint Protection Manager (SEPM) with a blank mind. You’ve tried your complex password three times. You’ve checked the sticky note under the keyboard. You’ve even asked colleagues. Nothing works.
You are locked out of the console that controls the antivirus, firewall, and intrusion prevention systems for your entire organization.
Before you consider reinstalling the server or restoring a months-old VM snapshot, there is good news: Resetting the admin password in SEPM is possible without losing your policies, client data, or critical configurations. This guide provides a step-by-step walkthrough of every reliable method, from using built-in recovery tools to direct database edits.
Never rely on a single admin account.
Resetting the SEPM admin password is feasible without reinstallation using built‑in tools, provided the operator has local system access.
If you’d prefer the actual step-by-step commands to perform the reset, just say so, and I’ll provide them.
To reset your Symantec Endpoint Protection Manager (SEPM) admin password, you can use the built-in "Forgot your password?" feature or the resetpass.bat command-line tool. These methods ensure you can regain access to your management console even if you have lost your credentials or are locked out. Method 1: Using the "Forgot Your Password" Link
This is the standard recovery method if your SEPM environment is configured with an email server.
Launch the Console: Open the SEPM logon screen on your management server. Request Reset: Click the Forgot your password? link.
Enter Account Details: In the dialog box, type the user name for the account you need to reset. For domain administrators, include the domain name. For local accounts, leave the domain field blank.
Receive Email: Click Temporary Password. You will receive an email containing a link to activate a temporary password.
Update Password: Log in with the temporary password and change it immediately. Method 2: Using the resetpass.bat Tool
If you do not have an email server configured or are in an isolated environment, use the command-line utility located on the server.
Locate the Tool: Open Windows Explorer on the SEPM server and navigate to the Tools folder.
64-bit Systems: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Tools.
32-bit Systems: C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Tools.
Run as Administrator: Right-click Command Prompt and select Run as administrator, then navigate to the directory above using the cd command. Execute Reset: Type resetpass.bat and press Enter.
Wait and Login: Wait approximately 10 minutes for the reset to take effect. symantec endpoint protection manager reset admin password
Default Credentials: Log in using the following default credentials: Username: admin Password: admin
Secure the Account: You will be prompted to change the password immediately upon logging in. Advanced Recovery: Troubleshooting the Reset Email
If the "Forgot your password?" link doesn't send an email, you can force the system to reveal the reset link in its internal logs.
Stop the SEPM Service: Use Services.msc to stop the Symantec Endpoint Protection Manager service.
Enable Debug Logging: Edit the conf.properties file (located in ...\Tomcat\etc) and set scm.log.loglevel=FINEST and append scm.mail.troubleshoot=1.
Restart and Capture: Start the service again and request the password reset.
Find the Link: Open the stdout-0.log file in the ...\tomcat\logs\ folder and search for "PasswordServlet" to find the generated reset URL.
To reset a forgotten administrator password for Symantec Endpoint Protection Manager (SEPM), you can use the built-in "Forgot your password?" link on the logon screen or a command-line tool located on the management server. Method 1: Using the Logon Screen
This is the standard method if you have previously configured an email server in SEPM. Broadcom TechDocs Launch SEPM : Open the management server logon screen. Request Reset : Click the Forgot your password? Enter Credentials
: Provide the user name and domain (leave blank if not using domains) for the account. Check Email Temporary Password to receive an activation link via email. Update Password
: Log in using the temporary credentials and change them immediately. Broadcom TechDocs Method 2: Using the resetpass.bat Tool
If email is not configured or the system is in an isolated environment, you can use a batch file to reset the password to the default "admin". Broadcom Community
It was 2:00 AM, and the only thing louder than the hum of the server room was the sound of Mark’s own heartbeat.
Mark, the lead systems admin for a mid-sized firm, had just spent four hours trying to mitigate a lateral movement threat. He’d locked down the network, but when he went to log into the Symantec Endpoint Protection Manager (SEPM)
to push a global policy update, the unthinkable happened: "Invalid Username or Password."
He tried his "safe" password. He tried the legacy one. He even tried the one scribbled on a sticky note hidden under the server rack from three years ago. Nothing. The former admin hadn't just left the company; he’d left a digital fortress with the drawbridge pulled up.
Sweat beaded on Mark's forehead. Without SEPM access, the infected endpoints were essentially "dark." Safe first steps
He opened a terminal window on the management server. He knew the drill, but the pressure made his fingers feel like lead. He navigated deep into the directory:
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Tools\ There it was. The ResetPassword.bat
file. It felt like finding a skeleton key in a haunted house.
He double-clicked. A command prompt flickered to life, demanding a new identity for the 'admin' account. He typed a complex string—half frustration, half hope—and hit Enter. The cursor blinked, a silent judge of his fate. “Password changed successfully.”
Mark didn't cheer. He breathed. He navigated back to the console, entered the new credentials, and watched as the dashboard bloomed into green health status circles. The drawbridge was down. The network was his again. If you'd like to turn this story into a step-by-step guide , let me know: SEPM version (14.x is the most common) If you have access to the server's OS (Windows or Linux) I can give you the exact commands to get back in.
To reset the administrator password for Symantec Endpoint Protection Manager (SEPM), you can use the built-in "Forgot your password?" link or run a manual reset script on the management server Broadcom TechDocs Option 1: Using the "Forgot Password" Link
This is the standard method if you have configured an email server (SMTP) in SEPM. Broadcom Community Launch the Symantec Endpoint Protection Manager Forgot your password? link on the logon screen.
(and Domain Name, if applicable) for the account you need to reset. Temporary Password
Check the administrator's email for a link to activate the temporary password. If you aren't receiving the email, you can check the stdout-0.log
file on the SEPM server to find the password reset link manually. Broadcom TechDocs Option 2: Using the resetpass.bat
Symantec Endpoint Protection Manager (SEPM) administrator passwords can be reset using the "Forgot your password?" feature if email is configured, or via the resetpass.bat script located in the tools directory to revert to default credentials. If email recovery is unavailable, running the reset script requires administrative access to the server, which resets the account to a default username and password. For detailed, official procedures, visit Broadcom TechDocs.
Comprehensive Guide to Resetting the Symantec Endpoint Protection Manager (SEPM) Admin Password
Losing access to your Symantec Endpoint Protection Manager (SEPM) console can halt critical security updates and leave your network vulnerable. Whether you’ve forgotten the administrator credentials or are dealing with a lockout, there are two primary methods to regain control: using the built-in password reset tool or the "Forgot Password" email feature. 1. The resetpass.bat Utility (Local Server Access)
If you have physical or remote desktop access to the Windows server running SEPM, the fastest way to recover is using the bundled resetpass.bat script. This utility resets the "admin" account password back to the factory default. Step 1: Log in to the management server computer.
Step 2: Open Windows Explorer and navigate to the SEPM installation directory. The default path is usually:C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Tools.
Step 3: Locate and double-click the file named resetpass.bat.
Step 4: A command prompt window will briefly appear, confirming that the password has been reset to admin. Recovery options overview
Step 5: Launch the SEPM console and log in with the username admin and the password admin.
Critical Action: You must change the password immediately upon logging in to secure the console. 2. The "Forgot Password" Feature (Email Recovery)
If you cannot access the server directly but have configured an email server (SMTP) within SEPM, you can request a temporary password. Step 1: Open the SEPM Login console. Step 2: Click the Forgot your password? link.
Step 3: Enter your username and the email address associated with the account.
Step 4: Check your inbox for an email containing a Temporary Password.
Step 5: Log in using the temporary credentials and update your password immediately. 3. Troubleshooting Common Login Issues
If neither method works, consider these common pitfalls documented by Broadcom Tech Docs:
Account Lockout: SEPM may lock an account after multiple failed attempts. Wait for the lockout period to expire (usually 15-30 minutes) before trying again.
Database Connectivity: If the password reset tool fails, ensure the SEPM database service is running.
Permissions: Ensure you are running the resetpass.bat file with Administrator privileges on the server. Security Best Practices To avoid future lockouts, it is recommended to:
Configure SMTP: Always set up a mail server in SEPM so the "Forgot Password" feature is functional.
Multiple Admins: Create at least one secondary administrator account for emergency access.
Documentation: Securely store the SEPM "admin" credentials in a company-approved password manager.
For further technical support, you can visit the Broadcom Support Portal or the Symantec Enterprise Community.
To reset the Administrator password for Symantec Endpoint Protection Manager (SEPM), you use the built-in ResetPass.bat utility located in the installation directory.
Note: This procedure only works for the default "admin" username. If you created a custom administrator username and forgot it, you must log in with another administrator account to reset it, or reinstall the management server.
Here is the step-by-step guide.