My users have their documents redirected to a share on a file server running NTFS - very regular setup. EFS works and the users are able to encrypt a folder and files in their redirected documents.
The problem which I'm trying to solve and for which I did not find a solution yet, is that the users need to copy some of those files to a share folder to share them with others. At that point, I need the files to be decrypted. But when the files are copied to that share, the files remain encrypted.
That share the files are copied to is a different share than the user documents are in, but on the same file server.
If anyone has data on how to make it so that files copied to a non-encrypted location gets decrypted, of if it is really impossible then fine. Or if there is things I need to look at or other option that is also fine, I'm not stuck on EFS.
I found an acceptable alternate solution with Symantec PGP File Share Encryption. With this, you can select various network path and specify that files in that folder should be encrypted and you can give various PGP keys. When you put files there, they get encrypted. When you pull files out of there, they are decrypted.
The point of EFS is that decryption must be deliberate. If you try and copy an EFS encrypted file to a different computer that doesn't support EFS, then you will get a warning.
Ideally, this is a training issue. Teach your users how to decrypt their files.