Use this method for the administrator accounts that authenticate by using Symantec Management Server authentication but not by either RSA SecurID authentication or directory authentication.
The password must contain at least 8 characters and fewer than 16 characters. It must include at least one lowercase letter [a-z], one uppercase letter [A-Z], one numeric character [0-9], and one special character ["/ \ [ ] : ; | = , + * ? < > ].
To reset a forgotten Symantec Endpoint Protection Manager password
On the management server computer, click Start > All Programs > Symantec Endpoint Protection Manager > Symantec Endpoint Protection Manager.
By default, the Forgot your password? link appears on the management server logon screen.
In the Logon screen, click Forgot your password?
In the Forgot Password dialog box, type the user name for the account for which to reset the password.
For domain administrators and limited administrators, type the domain name for the account. If you did not set up domains, leave the domain field blank.
Click Temporary Password.
The administrator receives an email that contains a link to activate a temporary password. An administrator can request a temporary password from the management console only once per minute. For security reasons, the management server does not verify the entries.
The administrator must change the temporary password immediately after logging on.
To verify whether the administrator successfully reset the password, check that the administrator received the email message.
If you cannot recover your administrator password with the Forgot your password? functionality, Symantec cannot assist with the recovery of your password. You must reconfigure the Symantec Endpoint Protection Manager and database without a database backup. This procedure overwrites the previous management server and database settings and enables you to recreate a new password. Therefore, it is critical that you configure your email settings correctly when you set up the management server and when you audit administrator account information.
Resetting the password for 12.1.1 and earlier with the ResetPass.bat script
In versions 12.1 RU1 (12.1.1) and earlier, you can use the ResetPass.bat script, found in the \Symantec Endpoint Protection Manager\Tools installation folder. This script forcefully resets the default administrator account password to admin if it is not linked to an Active Directory account.
Symantec no longer supports the script. In versions later than 12.1 RU1 MP1 (18.104.22.168), the script may cause damage to Symantec Endpoint Protection Manager or to the database.