Recovery of DLP Administrator account
search cancel

Recovery of DLP Administrator account


Article ID: 160705


Updated On:


Data Loss Prevention Enforce Data Loss Prevention Data Loss Prevention Oracle Standard Edition 2


DLP has a utility called AdminPasswordReset.exe.

There is no method to recover a lost password, but you can use this utility to assign a new password.



Supported versions of DLP (15.8 and above, currently)


Important Note - This tool resolves the following issues:

1. Lost Administrator password
2. Misconfigured Single Sign On (everyone configured for SSO and no one can log in)

Tool prerequisites & results:

  • Would require access to the Symantec DLP software on the Enforce Server and Oracle DB password for PROTECT user.
  • Needs to be run from a command line at /opt/Symantec/DataLossPrevention/EnforceServer/15.8/Protect/bin (Linux)
    or C:\Program Files\Symantec\DataLossPrevention\EnforceServer\Protect\bin (Windows) directory.
  • Would set the Administrator user password to the given password
  • Would also set the flag to allow password login by the Administrator user in single sign-on situations
  • Would create an audit log record and system event to note the password reset

This can be done with a command-line tool as follows:

AdminPasswordReset.exe -dbpass <oracle "protect" password> -newpass <new admin password> (Windows)

./AdminPasswordReset.exe -dbpass <oracle "protect" password> -newpass <new admin password> (Linux)

Additional Information