Neither method provides an easy approach for large numbers of users, and both involve lots of management issue...
The release of Windows .NET Server offers a much better solution. With Windows .NET Server, Certificate Services provides the ability to do key archival. This means that a properly configured system will automatically archive the EFS encryption keys of each user. Should a user's drive be reformatted, or his keys otherwise destroyed, the keys themselves can be recovered. No data loss, no reliance on a data recovery agent, no inadvertent exposure of data to other individuals. --Roberta Bragg
>> To find out more about avoiding data loss from EFS -- now and with soon-to-be-available security features in Windows .NET Server -- tune in to Roberta's live expert webcast, "Protecting sensitive data with Windows .NET Server.".
>> Ask Roberta an EFS question.