Unable to decrypt: Not permitted by your Administrator (-12198) :: Error code -12198

Article:TECH195061  |  Created: 2012-08-16  |  Updated: 2013-02-13  |  Article URL http://www.symantec.com/docs/TECH195061
Article Type
Technical Solution


Issue



When a user attempts to decrypt a hard disk, the following error message is displayed:


Error



Unable to decrypt: Not permitted by your Administrator (-12198)

 

When attempted from command line, the following error is displayed:

Error code -12198: Not permitted by your Administrator


Cause



This issue can be caused by the following:

  • The PGP Desktop client was obtained from a PGP Universal Server and Whole Disk Encryption (WDE) policies do not allow users to decrypt their hard drives.
  • The client is part of a policy with the PGP Remote Disable and Destroy (PGP RDD) enabled. This will prevent decryption and display the same error:

    Error code -12198: Not permitted by your Administrator

Solution



This issue can be resolved by contacting the PGP Universal Server administrator for further instructions if the client is managed by a server or by running the following command to decrypt the disk.

Windows XP  

  1. Click Start>Run.
  2. Type cmd in the Open field and click OK.
  3. Browse to C:\Program Files\PGP Corporation\PGP Desktop
  4. Type pgpwde --decrypt -p >passphrase< --disk 0 --all-partitions

Windows 7

  1. Click Start>Run.
  2. Type cmd in the Start Search field.
  3. Click cmd from the list of Programs.
  4. Browse to C:\Program Files\PGP Corporation\PGP Desktop
  5. Type pgpwde --decrypt -p >passphrase< --disk 0 --all-partitions


 

 For PGP RDD clients:

If you find that PGP RDD is enabled on the Group Policy for the user and decryption cannot occur, use the following steps to decrypt the disk:

  1. Create a new group on the PGP Universal Server and name it "Decryption Group" or something similar.
  2. Create a new policy by cloning the default policy.
  3. Edit this new policy and remove RDD functionality from it.
  4. Save the policy.
  5. Add this policy to the Decryption Group.
  6. Move user to the Decryption Group that you created.
  7. Have the user "Update Policy" from PGP Desktop and attempt decryption.

More details on this can be found here.

 




Article URL http://www.symantec.com/docs/TECH195061


Terms of use for this information are found in Legal Notices