How robust is the W2K encryption scheme? I'm wondering particularly since they left in a 'backdoor' for a recovery agent (the encryption key, apparently, is included in the file, and is encrypted with the public keys of both the user and the recovery agent. Unless I have got it all botched.) Also, anyone letting their users implement this? I'm considering blocking it out in group policy just to avoid potential problems, but there are a few cases where it might be handy.