Windows 2000 includes the ability encrypt files and folders with a new, CryptoAPI-based service known as EFS. Files and folders that have been configured to use EFS are completely undecipherable except to the user who originally encrypted them.
Folders themselves are not encrypted, but are marked so that files created in them will be encrypted. The user who created the file might not be the only user who can decrypt the file. All recovery agents can also decrypt the file.
NOTE: You can import keys. It is possible for a local account to import the key of a domain account and have access.