Symantec Encryption Desktop will not allow a user to decrypt an internal disk after clicking on the Decrypt button:
Symantec Encryption Desktop also prevents decryption if a user presses the Stop button while a disk is being encrypted:
and then chooses to Decrypt from the dialog that follows:
The user sees this error message:
The Symantec Encryption Desktop user belongs to a Symantec Encryption Management Server policy that does not permit users to decrypt their internal disks:
Use the Disk Administrator Passphrase or admin authorization to decrypt the disk.
1. Decrypting with the Disk Administrator Passphrase
If the user's policy has a Disk Administrator Passphrase set, this passphrase can be used to decrypt the disk:
Click on the Decrypt button:
When prompted for a passphrase, enter the Disk Administrator Passphrase and decryption will begin.
2. Decrypting with Admin Authorization
Users who belong to the Active Directory security group called WDE-ADMIN can use Admin Authorization with the Symantec Drive Encryption command line tool to decrypt the drive.
PGPwde is located in the following location on 32-bit and 64-bit Windows systems respectively:
If the logged in user is not a member of the WDE-ADMIN group, the PGPwde command can be run as a user who is a member of the group.
To run the command if the logged in user is a member of the WDE-ADMIN group (on a 64 bit system):
To run the command if the logged in user is not a member of the WDE-ADMIN group but windomain\aauser is a member (on a 64 bit system):