Symantec Endpoint Protection Manager Reset Admin Password [better] May 2026

The Ultimate Guide: How to Reset the Admin Password in Symantec Endpoint Protection Manager (SEPM)

Method 1: Using the SEPM Console

If you have another administrator account with a known password, you can reset the admin password directly through the SEPM console. Here’s how:

Log in to the SEPM console using an administrator account.
Navigate to Administrators under the Management or Settings section, depending on the SEPM version.
Find the admin account, select it, and choose the option to Reset Password.
Enter a new password, confirm it, and save the changes.

Step 2: Run the Utility

Right-click on ResetPass.bat.
Select Run as administrator.
- Important: You must run this as an administrator, otherwise, the tool may fail to update the database credentials.
A Command Prompt window will open briefly and then close automatically.

Step-by-Step Instructions:

Step 1: Log into the SEPM Server Log directly into the Windows Server where SEPM is installed. Remote Desktop (RDP) works perfectly. You do not need to log in as SYSTEM; a standard local administrator account is sufficient.

Step 2: Stop the Symantec Endpoint Protection Manager Service Before modifying credentials, you must stop the service to release file locks.

Open services.msc (Start > Run > services.msc).
Locate Symantec Endpoint Protection Manager.
Right-click and select Stop.
Optional but recommended: Also stop the Symantec Endpoint Protection Manager Web Server.

Step 3: Navigate to the Tools Directory Open File Explorer and navigate to the following path: symantec endpoint protection manager reset admin password

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tools

Note: If you installed SEPM on a different drive (e.g., D: or E:), adjust the path accordingly.

Step 4: Run the Reset Script You will see a file named resetpass.bat.

Right-click on resetpass.bat and select Run as Administrator.
A command prompt window will open.

Step 5: Follow the Interactive Prompts The script will ask you a series of questions. Here is what you will see and how to respond: The Ultimate Guide: How to Reset the Admin

"Do you want to reset the admin password? [y/n]" → Type y and press Enter.
"Enter a new password for admin:" → Type your new, strong password. (Note: Characters will not appear on screen for security).
"Confirm new password:" → Type it again.
"Do you want to unlock the admin account? [y/n]" → Type y. (Even if it isn’t locked, this ensures it is active).
"Do you want to rest the DBA password to match the admin? [y/n]" → Type n. (Stick to resetting only the admin account to avoid database complications).

Step 6: Start the Services

Return to services.msc.
Start Symantec Endpoint Protection Manager and the Web Server.
Wait 2-3 minutes for the services to fully initialize.

Step 7: Test the New Password Open the SEPM Console (usually via Start Menu or https://localhost:8443). Log in with:

Username: admin
Password: [Your new password]

Success! This method works in 95% of standard scenarios. Log in to the SEPM console using an administrator account

Part 8: Prevention – Avoid the Next Lockout

To avoid needing another Symantec Endpoint Protection Manager reset admin password in the future:

Implement a break-glass account: Create a secondary SEPM user with global admin rights, but store its password offline in a safe.
Use a Password Manager: Integrate SEPM login with a corporate vault like CyberArk or Thycotic.
Enable AD/LDAP Authentication: Configure SEPM to authenticate against Active Directory. Then if you forget the local admin password, you can log in with a domain admin account.
Schedule regular backups of the SEM5 database and test the restore process annually.

Abstract

This paper documents the methods to reset a lost or forgotten administrator password for Symantec Endpoint Protection Manager (SEPM). It covers both Windows and Linux-based SEPM installations, including database authentication resets, safe-mode recovery, and post-reset validation.