The EFS (Encrypting File System) always attempts to enroll the Basic EFS template.
When requesting a certificate on first use, EFS requests the Basic EFS template, or it uses auto-enrollment. When no certificates exist on the client computer, the version 1 template of the Basic EFS is used.
When configuring a version 2 template of the Basic EFS for enhanced configuration options, and you want users to automatically obtain the EFS certificate, you must use auto-enrollment.
NOTE: EFS does not know if there is the version 2 template on first use because the version 2 template has a different name.
NOTE: When you manually request a certificate in the MMC (Microsoft Management Console), the EFS certificate works with both versions of the template.
NOTE: See Encrypting File System in Windows XP and Windows Server 2003
