This is really a two part question.
The scenario is that I have two domain in my environment, domain1 and domain2. On domain1, I have full control of the domain and on domain2 I have no control or delegated rights on it. No trust between the two domains. Also, my users have accounts on both domains. If they sit in front of a workstation on domain1, they get all the resources available on domain1. If they sit in front of a workstation on domain2, they need to map drives, and install network printers that exists on domain1 manually.
So, with that picture in mind, I've setup EFS on domain1 with autoenrollment and everything is functional as it should.
Is it possible for a user logged into a workstation on domain2 to access shared EFS files? The drives will be mapped with domain1 credentials but what else do I need to do to get users to open the EFS files? I'm currently getting "Access denied". Do I need to export certificates to the domain2 workstation and where do I install the certificate?
Second question is this. Will a user sitting in front of a workstation on domain1 be able to encrypt files on the network? In other words, there's a share called share1 and user1 has full access to that share. Can user1 encrypt share1 or do I need to do some more configuration to allow that? I want this to be possible.