The EFS (Encrypting File System) always attempts to enroll the Basic EFS template.

When requesting a certificate on first use, EFS requests the Basic EFS template, or it uses auto-enrollment. When no certificates exist on the client computer, the version 1 template of the Basic EFS is used.

When configuring a version 2 template of the Basic EFS for enhanced configuration options, and you want users to automatically obtain the EFS certificate, you must use auto-enrollment.

NOTE: EFS does not know if there is the version 2 template on first use because the version 2 template has a different name.

NOTE: When you manually request a certificate in the MMC (Microsoft Management Console), the EFS certificate works with both versions of the template.

NOTE: See Encrypting File System in Windows XP and Windows Server 2003