Im ready to move forward with testing EFS in my test lab. I have a service running on a server that needs to be able to access photos on another server. The photos need to encrypted at rest, and over the network. I know to encrypt it during transmission I need to look at webdav. My other issue is scope. I wan to use EFS for this only, not allow it to be implented domain-wide. When I try to encrypt a folder I get a recovery key error, which makes sence because the recovery key has expired. Can I encrypt it locally, or must I use domain recovery agents and such because the server is a member of the domain?

Hi, You mean to generate a self-signed certificate for EFS. The default setting for EFS public key policies allows EFS to generate self-signed certificates when a certification authority (CA) is not available. However, using the self-signed certificates for EFS is not recommended in a domain environment. Because concerns about information security risks. You need to configure CA to deliver EFS certificates to users as part of your PKI simplifies the manageability of recovery agents. Using Encrypting File System http://technet.microsoft.com/en-us/library/bb457116.aspx Changes in EFS http://technet.microsoft.com/en-us/library/dd630631(v=ws.10).aspx Best Regards, AidenAiden Cao TechNet Community Support