Unable to decrypt: Not permitted by your Administrator (-12198) :: Error code -12198

book

Article ID: 156924

calendar_today

Updated On:

Products

Symantec Products

Issue/Introduction

When a user attempts to decrypt a hard disk, the following error message is displayed:

Unable to decrypt: Not permitted by your Administrator (-12198)

 

When attempted from command line, the following error is displayed:

Error code -12198: Not permitted by your Administrator

Cause

This issue can be caused by the following:

  • The PGP Desktop client was obtained from a PGP Universal Server and Whole Disk Encryption (WDE) policies do not allow users to decrypt their hard drives.
  • The client is part of a policy with the PGP Remote Disable and Destroy (PGP RDD) enabled. This will prevent decryption and display the same error:

    Error code -12198: Not permitted by your Administrator

Resolution

This issue can be resolved by contacting the PGP Universal Server administrator for further instructions if the client is managed by a server or by running the following command to decrypt the disk.

Windows XP  

  1. Click Start>Run.
  2. Type cmd in the Open field and click OK.
  3. Browse to C:\Program Files\PGP Corporation\PGP Desktop
  4. Type pgpwde --decrypt -p >passphrase< --disk 0 --all-partitions

Windows 7

  1. Click Start>Run.
  2. Type cmd in the Start Search field.
  3. Click cmd from the list of Programs.
  4. Browse to C:\Program Files\PGP Corporation\PGP Desktop
  5. Type pgpwde --decrypt -p >passphrase< --disk 0 --all-partitions


 

 For PGP RDD clients:

If you find that PGP RDD is enabled on the Group Policy for the user and decryption cannot occur, use the following steps to decrypt the disk:

  1. Create a new group on the PGP Universal Server and name it "Decryption Group" or something similar.
  2. Create a new policy by cloning the default policy.
  3. Edit this new policy and remove RDD functionality from it.
  4. Save the policy.
  5. Add this policy to the Decryption Group.
  6. Move user to the Decryption Group that you created.
  7. Have the user "Update Policy" from PGP Desktop and attempt decryption.

More details on this can be found here.