Considering Using EFS in Your Environment
Microsoft ships EFS enabled by default, so you don't have to do anything to turn it on. When you have permission to modify the files, you are in fact encrypting them. Because EFS relies on a public key to encrypt files, you need a public-private key pair and a public key certificate for encryption. Because EFS can use self-signed certificates, it does not require administrative effort before it can be used.
If EFS is not appropriate in your environment, or if you have files that you do not want encrypted, you can disable EFS by setting properties in the administrative login profile. There are also a number of ways in which you can configure EFS to meet the specific needs of your organization.
In order to use EFS, all users must have EFS certificates. If you do not currently have a Public Key Infrastructure (PKI), you can use self-signed certificates that are generated by the operating system automatically. If you have certification authorities, however, you might want to configure them to provide EFS certificates. You will also need to consider a disaster recovery plan if you use EFS on your system.