Issue/Introduction:
When a user attempts to decrypt a hard disk, the following error message is displayed:
Unable to decrypt: Not permitted by your Administrator (-12198)
When attempted from command line, the following error is displayed:
Error code -12198: Not permitted by your Administrator
Cause:
This issue can be caused by the following:
- The PGP Desktop client was obtained from a PGP Universal Server and Whole Disk Encryption (WDE) policies do not allow users to decrypt their hard drives.
- The client is part of a policy with the PGP Remote Disable and Destroy (PGP RDD) enabled. This will prevent decryption and display the same error:
Error code -12198: Not permitted by your Administrator
Resolution:
This issue can be resolved by contacting the PGP Universal Server administrator for further instructions if the client is managed by a server or by running the following command to decrypt the disk.
Windows XP
- Click Start>Run.
- Type cmd in the Open field and click OK.
- Browse to C:\Program Files\PGP Corporation\PGP Desktop
- Type pgpwde --decrypt -p >passphrase< --disk 0 --all-partitions
Windows 7
- Click Start>Run.
- Type cmd in the Start Search field.
- Click cmd from the list of Programs.
- Browse to C:\Program Files\PGP Corporation\PGP Desktop
- Type pgpwde --decrypt -p >passphrase< --disk 0 --all-partitions
For PGP RDD clients:
If you find that PGP RDD is enabled on the Group Policy for the user and decryption cannot occur, use the following steps to decrypt the disk:
- Create a new group on the PGP Universal Server and name it "Decryption Group" or something similar.
- Create a new policy by cloning the default policy.
- Edit this new policy and remove RDD functionality from it.
- Save the policy.
- Add this policy to the Decryption Group.
- Move user to the Decryption Group that you created.
- Have the user "Update Policy" from PGP Desktop and attempt decryption.
More details on this can be found here.