OK, I give up. I've been reading everything I think that I should have to read to find out how to do this, and it's still unclear. Here is the scenario: I have Active Directory installed on a Server 2003 box. I can get as far as organizing everyone into OU's and so on. What I want to be able to do is set up a group policy on said OU that will move the group's My Documents folder onto our NAS box and Encrypt a given folder within each users My Documents folder. This would effectively keep everyone's data in one protected place and provide an encrypted folder to anyone with sensitive info. But that's not all, and this might need to be separate, but I'm having a hard time getting it straight as to how I am to set up the Certificates. I want the EFS part of the process to be transparent and foolproof if possible. I've read about Public Key Encryption where everyone in said group would have a common way to authenticate. Is all of this possible?