Nice tutorial....
One thing that you may want to reconsider is EFS. It is based on a public/private key pair that is tied to each user account. The problem with this is that it is not designed to keep multiple users on the same box from seeing eachother's files. The other problem is that in order to make EFS work, you need to have a Recovery Agent. By default, this is the admin account. Now, if I get my hands on your server and I use a handy NT/W2K password reset diskette, I can look at *any* encrypted file even though I have changed the account password. Some may say that you can use a password floppy but this is also easilty defeated.
Anyway, just my two cents on EFS. You can read more about it here:
http://www.microsoft.com/windows2000...ty/encrypt.asp
--TH13
Reply With Quote