While on the subject of Certificates/Encryption/IPSec/PKI in general yesterday, I was looking around for some good information on how PKI works to post up. One white paper which stuck-out from the pile was published in December last year (so it's reasonably up to date) by David B. Cross and Avi Ben-Menahem entitled "Key Archival and Management in Windows Server 2003". Now this isn't exactly going to be a best seller, but I found it very easy to read and understand, so all kudos to David & Ali. Joking aside, it is crucial to pay consideration to this subject if you are planning to implement or already have implemented a certificate authority within your organisation.
For further info on PKI in general, this link is a good starting point. The home page for Cryptography on Technet is here and information on EFS (Encrypting File System) in XP and Windows Server 2003 can be found here. Otherwise my colleague Steve Lamb will be able fill in the gaps.