I need to configure EFS in our domain to achieve the following goals:
Allow only users in specified groups to encrypt files
Allow domain administrators to decrypt files
I have very little experience with EFS so need some help.
Backstory: I had a problem the other day where a user who had used the EFS attribute to encrypt a folder in their documents found they were unable to decrypt it and nor could a domain admin (I presume because it used a local computer cert to encrypt and because I had not setup EFS in the domain?). I recovered the files from a backup but it highlighted that I should have configured EFS.