I'm having some trouble with our deployment of EFS. I thought I had finished setting this up and some prelim testing was successful. We did make some changes to our GPO to allow auto-enrollment only by a selected group. We didn't do anything with EFS for a while and decided to do another test. Now we're not able to decrypt one another's files.
If I look at two files I'm seeing differences in thumbprint. File A has been encrypted by Person A and they've allowed me to decrypt. File B has been encrypted by me and I've allowed Person A to decrypt. When looking at Properties -> Details I see 4 different cert thumbprints. File A has Person A with cert thumbprint beginning 8FE8 and me 3D4F. File B has Person A with cert thumbprint 8FF4 and me D373. What's going on here?