I skipped few questions... Here are the answers:
1.If I delete the certificate and private key after I exported it, can the
users still read and write the documents?
I am not sure if I understand this. Let say I encrypted some files. Now you
export my keys and erase them from my PC. I won't be able to access the
files any more (I don't have the key any more)... But if you give them back
to me ... then I would be again able to read and write to them ...
2.Most of the users have their documents on their pc's, is it better to have
their docu's on a server, and if it is so will the bandwith play a role(we
run 100mbps on a switch).Or should I just implement EFS on every pc.
Let say I encrypt a file on my PC. Now I have to copy it to the server
(because of e.g. backup). First file will decrypt on my PC and will be sent
unencrypted over the network to the file server where it will be encrypted
or not -- depending on whether destination folder has encryption turned on
or off. Files will usually inherit parent folder settings (permissions, EFS
or compression settings). There are few rules and/or exceptions to this ...
No Bandwidth would not be a problem. Personally I would do this on server
because I would still want to backup this files on tape just in case. Since
you need to encrypt them they must be important to I guess backup is a must.
If you need to also secure data transfers on the network (when e.g. copying
files and folder from clients to servers) you can use built in IPSec (Win2K
or higher can support this via policies). This will put more stress mainly
on file server also network and clients. Clients and network should not be a
problem, but server well it depends on hardware configuration, number of
users...
Mike