Im ready to move forward with testing EFS in my test lab. I have a service running on a server that needs to be able to access photos on another server. The photos need to encrypted at rest, and over the network.

I know to encrypt it during transmission I need to look at webdav.
My other issue is scope. I wan to use EFS for this only, not allow it to be implented domain-wide.
When I try to encrypt a folder I get a recovery key error, which makes sence because the recovery key has expired. Can I encrypt it locally, or must I use domain recovery agents and such because the server is a member of the domain?

Need to support users over the internet? click here try our remote control online beta

Hi,
You mean to generate a self-signed certificate for EFS. The default setting for EFS public key policies allows EFS to generate self-signed certificates when a certification authority (CA) is not available. However, using the self-signed certificates for
EFS is not recommended in a domain environment. Because concerns about information security risks. You need to configure CA to deliver EFS certificates to users as part of your PKI simplifies the manageability of recovery agents.
Using Encrypting File System

http://technet.microsoft.com/en-us/library/bb457116.aspx

Changes in EFS

http://technet.microsoft.com/en-us/library/dd630631(v=ws.10).aspx

Best Regards,
AidenAiden Cao
TechNet Community Support

Need to support users over the internet? click here try our remote control online beta