The easiest way to prevent users from using EFS encryption is to disable EFS encryption at the group policy level. To do so, open the group policy of choice in the Group Policy Object Editor and then navigate through the console tree to Computer Configuration | Windows Settings | Security Settings | Public Key Policies. Now, right click on the Encrypting File System object, and choose the Properties command from the resulting shortcut menu. In Windows Server 2003 you must clear the Encrypt Files Using Encrypting File System (EFS) check box. In Windows Server 2008, you would select the Don’t allow option.
If you choose to disable EFS encryption through a group policy setting, you must be careful of how you apply this setting. You should apply the setting to a portion of the Active Directory that only applies to desktop workstations. After all, you don’t want to disable EFS encryption on network servers, and depending on the nature of your business, you may also need to leave EFS encryption enabled for mobile users.