I have a policy which encrypts a folder on the d: drive of a laptop.

when the user logs in the policy is published and the files that are contained within the folder are encrypted, all good.

If i browse to the laptop over the network and try and view the files they are encrypted... all good.

if i log off the laptop and login as a local user (different username to the domain account) i can view all the files in the encrypted area of the disk ...

im just simulating if the laptop was to be stolen what the issues would be, i would quite easily force the creation of a local admin and then login and access all the data....

Surely this cant be right ?