Your network contains an Active Directory domain named contoso.com.
You plan to implement Encrypting File System (EFS) to encrypt data on the client computer of each user.
You need to prevent EFS from generating self-signed certificates.
What should you use in Group Policy Management Editor?
To answer, select the appropriate Group Policy setting in the answer area.
Hot Area:
Correct Answer:
Explanation/Reference:
Access Computer ConfigurationWindows SettingsSecurity SettingsPublic Key PoliciesEncrypting File System.
Then right-click "Encrypting File System" and click properties as opposed to clicking it and expecting the settings to appear on the right hand window.
Reference: GPO required to disable the creation of self signed client EFS certificates
https://social.technet.microsoft.com/Forums/windowsserver/en-US/b4711fe8-a1cf-4ea6-8d3e-cf6386189a7e/gpt-required-to-disable-the-creation-of-self-signed-client-efs-certificates?forum=winserverGP