Folders encrypted with File Share Encryption sometimes cannot be decrypted using a group key stored on Encryption Management Server.

For example, if a folder is encrypted to two group keys:

1. File Share Administrators - Administrator permissions
2. File Share Users - User permissions

If the user running pgpnetshare to decrypt the folder is a member of the group with administrator permissions, this command should decrypt the folder called protected:

C:\Program Files (x86)\PGP Corporation\PGP Desktop>pgpnetshare --decrypt z:\share\protected
Decrypting [z:\share\protected\]
Finished.

However, instead you see this. Note that the --force switch forces pgpnetshare to try to retrieve the key from Encryption Management Server:

C:\Program Files (x86)\PGP Corporation\PGP Desktop>pgpnetshare --decrypt z:\share\protected --verbose --force
- Preparing decryption...
Error: You are attempting to manage a File Share Encryption-protected file or folder, but you do not have rights to do so.

Encryption Desktop File Share Encryption 10.5 MP1 and below.

Upgrade to release 10.5 MP2 or above.

If you cannot upgrade, export the private group key from Encryption Management Server and import it into the local keyring and then use the following command where password is the passphrase of the group key:

C:\Program Files (x86)\PGP Corporation\PGP Desktop>pgpnetshare --decrypt z:\share\protected --passphrase password