Symantec Endpoint Protection Manager Reset Admin Password -

The Ultimate Guide: How to Reset the Admin Password in Symantec Endpoint Protection Manager (SEPM)

Method 1: Using the SEPM Console

If you have another administrator account with a known password, you can reset the admin password directly through the SEPM console. Here’s how:

1. Log in to the SEPM console using an administrator account.
2. Navigate to Administrators under the Management or Settings section, depending on the SEPM version.
3. Find the admin account, select it, and choose the option to Reset Password.
4. Enter a new password, confirm it, and save the changes.

6. Conclusion

Resetting the SEPM admin password is feasible without reinstallation using built‑in tools, provided the operator has local system access.

If you’d prefer the actual step-by-step commands to perform the reset, just say so, and I’ll provide them.

To reset the administrator password for Symantec Endpoint Protection Manager (SEPM), you can use the built-in password reset tool or the command-line interface, depending on your version and access level. Reset via ResetPassword.bat (Recommended)

This is the standard method for most versions. It generates a temporary password that you must change upon login.

Navigate to the Tools folder: Open File Explorer on the SEPM server and go to:C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Tools Run the script: Double-click ResetPassword.bat.

Authentication: A command window will prompt for confirmation. Once completed, it will display a message stating the password has been reset to admin. Log in and Update: Open the SEPM console. Log in with username admin and password admin.

You will be prompted immediately to create a new, secure password. Reset via Command Line (Alternative)

If you prefer using the command line or the .bat file is missing, you can use the reset-password.exe utility.

Path: ..\Symantec Endpoint Protection Manager\bin\reset-password.exe

Command: Run the executable as an Administrator. This follows the same logic as the batch file, reverting the admin account to its default credentials. Troubleshooting and Limitations

Database Connectivity: The reset tool requires a connection to the SEPM database. If the database service is stopped, the reset will fail.

Account Locking: If the account is locked due to too many failed attempts, the reset script typically unlocks it while resetting the password.

FIPS Mode: If SEPM is running in FIPS-compliant mode, ensure you are using the specific tools provided in the FIPS subdirectories. symantec endpoint protection manager reset admin password

Method 1: Reset Admin Password using the SEPM Console

1. Log in to the SEPM console: Open a web browser and navigate to https://<SEPM_SERVER>:<PORT>/sepm (replace <SEPM_SERVER> with the hostname or IP address of your SEPM server and <PORT> with the port number, default is 8443).
2. Click on " Administration": Click on the "Administration" tab on the top navigation menu.
3. Click on "Users": Click on "Users" from the left-hand menu.
4. Select the Admin User: Select the admin user account for which you want to reset the password.
5. Click on "Edit": Click on the "Edit" button.
6. Reset Password: Check the box next to "Reset password" and enter a new password. Confirm the new password by re-entering it in the "Confirm new password" field.
7. Save Changes: Click "Save" to save the changes.

Method 2: Reset Admin Password using SQL Database

If you are unable to access the SEPM console or if the above method does not work, you can reset the admin password by updating the SQL database directly.

For Microsoft SQL Server:

1. Open SQL Server Management Studio: Open SQL Server Management Studio and connect to the SQL server that hosts the SEPM database.
2. Select the SEPM Database: Select the SEPM database (default is smdb) from the list of available databases.
3. Execute the Query: Execute the following query to reset the admin password:

UPDATE tbl_SEP_Users SET pwd = 'new_password' WHERE uid = 'admin_username'

Replace new_password with the new password you want to set and admin_username with the admin username (default is admin).

For Oracle Database:

1. Open Oracle SQL Developer: Open Oracle SQL Developer and connect to the Oracle database that hosts the SEPM database.
2. Select the SEPM Schema: Select the SEPM schema (default is SMDB) from the list of available schemas.
3. Execute the Query: Execute the following query to reset the admin password:

UPDATE sep_users SET pwd = 'new_password' WHERE uid = 'admin_username'

Replace new_password with the new password you want to set and admin_username with the admin username (default is admin).

Method 3: Reset Admin Password using Command Line

You can also reset the admin password using the command line.

For Windows:

1. Open Command Prompt: Open a command prompt as an administrator.
2. Navigate to SEPM Installation Directory: Navigate to the SEPM installation directory (default is C:\Program Files\Symantec\Endpoint Protection Manager).
3. Run the Command: Run the following command to reset the admin password:

java -classpath ".;lib/*" com.symantec.sepm.adminui.AdminConsole -resetpwd -admin <admin_username> -pwd <new_password>

Replace <admin_username> with the admin username (default is admin) and <new_password> with the new password you want to set.

For Linux:

1. Open Terminal: Open a terminal.
2. Navigate to SEPM Installation Directory: Navigate to the SEPM installation directory (default is /opt/symantec/endpoint-protection-manager).
3. Run the Command: Run the following command to reset the admin password:

java -classpath ".:lib/*" com.symantec.sepm.adminui.AdminConsole -resetpwd -admin <admin_username> -pwd <new_password>

Replace <admin_username> with the admin username (default is admin) and <new_password> with the new password you want to set. The Ultimate Guide: How to Reset the Admin

Re-login to SEPM Console

After resetting the admin password, re-login to the SEPM console using the new password. Make sure to update any password records or authentication configurations to reflect the new password.

It was 2:00 AM, and the only thing louder than the hum of the server room was the sound of Mark’s own heartbeat.

Mark, the lead systems admin for a mid-sized firm, had just spent four hours trying to mitigate a lateral movement threat. He’d locked down the network, but when he went to log into the Symantec Endpoint Protection Manager (SEPM)

to push a global policy update, the unthinkable happened: "Invalid Username or Password."

He tried his "safe" password. He tried the legacy one. He even tried the one scribbled on a sticky note hidden under the server rack from three years ago. Nothing. The former admin hadn't just left the company; he’d left a digital fortress with the drawbridge pulled up.

Sweat beaded on Mark's forehead. Without SEPM access, the infected endpoints were essentially "dark."

He opened a terminal window on the management server. He knew the drill, but the pressure made his fingers feel like lead. He navigated deep into the directory:

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Tools\ There it was. The ResetPassword.bat

file. It felt like finding a skeleton key in a haunted house.

He double-clicked. A command prompt flickered to life, demanding a new identity for the 'admin' account. He typed a complex string—half frustration, half hope—and hit Enter. The cursor blinked, a silent judge of his fate. “Password changed successfully.”

Mark didn't cheer. He breathed. He navigated back to the console, entered the new credentials, and watched as the dashboard bloomed into green health status circles. The drawbridge was down. The network was his again. If you'd like to turn this story into a step-by-step guide , let me know: SEPM version (14.x is the most common) If you have access to the server's OS (Windows or Linux) I can give you the exact commands to get back in.

If you need to reset the Symantec Endpoint Protection Manager (SEPM) Log in to the SEPM console using an administrator account

admin password, the process is straightforward but requires access to the management server's file system. Password Reset Methods According to technical documentation from , there are two primary ways to handle this: resetpass.bat

: This is the most common "local" fix if you are locked out. Navigate to the folder in your SEPM installation directory (usually

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Tools resetpass.bat This resets the default account password to : Log in immediately and change this to a secure password. The "Forgot Password" Link

: If your SEPM is configured with an email server, you can use the link on the login console. Enter your username and click Forgot Password

A temporary password will be sent to the administrator's email address on file. Broadcom Community Common Troubleshooting Account Lockouts

: If the account is locked due to too many failed attempts, running resetpass.bat will also typically unlock it. Console Access

: You must perform the batch file reset directly on the computer running the SEPM software. Configuration Wizard : If the batch file fails, some users perform a Broadcom Knowledge Base

through the Control Panel to trigger the Management Server Configuration Wizard, which allows for re-configuring the admin credentials. Broadcom Community

If you're having trouble locating the installation directory or if the batch file isn't working,

would you like help troubleshooting your specific SEPM version or server setup? How can I unlock my admin user? | Endpoint Protection

Suggested paper

• Title: Resetting Symantec Endpoint Protection Manager (SEPM) Administrator Password — Practical Guide and Recovery Procedures
• Type: Technical how-to whitepaper (procedural, step‑by‑step)

2. Prerequisites

• Local console or CLI access to SEPM server
• Operating system admin rights
• Backup of %SYMANTEC_HOME%\Symantec Endpoint Protection Manager\ (Windows) or /opt/Symantec/ (Linux)

Method 1: The Official Way (Using the SEPM Reset Tool)

Symantec (now Broadcom) provides a built-in, unsupported, but highly effective tool specifically for this scenario: resetpass.bat. This script is installed by default with every SEPM installation.

5. Document the DBA Password

During SEPM installation, you set a DBA password for the embedded database (default sql). If you changed it, document it. Method 2 fails without this password.

Introduction: The Silent IT Crisis

For any IT security administrator, few moments induce panic quite like staring at the login screen of your Symantec Endpoint Protection Manager (SEPM) with a blank mind. You’ve tried your complex password three times. You’ve checked the sticky note under the keyboard. You’ve even asked colleagues. Nothing works.

You are locked out of the console that controls the antivirus, firewall, and intrusion prevention systems for your entire organization.

Before you consider reinstalling the server or restoring a months-old VM snapshot, there is good news: Resetting the admin password in SEPM is possible without losing your policies, client data, or critical configurations. This guide provides a step-by-step walkthrough of every reliable method, from using built-in recovery tools to direct database edits.

Prerequisites:

• Download a SQL database client (e.g., DBISQL or Interactive SQL). Broadcom support articles reference dbisql.com, which is found in the SEPM installation /ASA/win32 or /ASA/win64 folder.