A subset of my users need a way to share an encrypted folder on the file server. Security is the most important, followed closely by ease of use. It appears that TrueCrypt is easier to set up. Does EFS have any advantages over TC to justify the extra setup?
Windows Server 2003 and XP, Active Directory, 100 user LAN.
Edit: I originally missed the limitation of single-user R/W access for Truecrypt. Looks like EFS is better once I get past the setup.
The section on Sharing over a Network from the TrueCrypt user's guide makes it look like you have a couple of solutions-- mounting the shared file hosting the volume locally on computers or mounting the file hosting the volume on the server computer. The big difference between the two is that the volume's contents will be accessible read-write to all client computers when it's mounted on the server computer and shared (albeit access to the data will cross the wire "in the clear") versus the volume being mounted read-only on all computers when mounted locally on each machine.
If your users need seamless read/write access to the encrypted files either a TrueCrypt server-side mount or EFS is probably a better choice. The data is still going to cross the wire in the clear with EFS, as with TrueCrypt and the server-side mount.
Some people get really down on EFS but I think it fills a niche and solves a problem. It's well designed for what it is, but the problem that it seeks to solve is fundamentally awkward to solve.
Configuring EFS in an AD envrionment really isn't too difficult to setup. The most difficult part is wrapping your mind around the recovery agent functionality and exporting the recovery key to a safe offline location. You will need a PKI, but Microsoft's Certificate Services can automate most of the process for issuing certificates to users (have a look here for information about autoenrollment in Windows XP: http://technet.microsoft.com/en-us/library/bb456981.aspx)
Have some a look at the docs from Microsoft: http://technet.microsoft.com/en-us/library/cc962122.aspx (and another at http://technet.microsoft.com/en-us/library/bb457116.aspx)
Multi-user access to EFS files is a bit of a "wart" on the part of Microsoft, but it's not too hard to deal with. There's a very good answer here re: multi-user access to EFS-encrypted files.
EFS will allow you to use your existing AD and kerberos credentials to access the encrypted data.
Truecrypt doesn't support multi-user access, and has no way of storing access credentials in a directory. Additionally, Truecrypt hasn't been FIPS 140-2 validated, so if you are encrypting to protect yourself against breaches of personally identifying information it isn't the right tool.
Also consider commercial products like McAfee File & Folder encryption.
I'd recommend going with TrueCrypt for this scenario. Its probably going to be easier than EFS in this case.