Strange Groove Issue

Ok, I've banged my head against this issue for a while now so before I waste any more time digging through support forums and technet loops it is time to consult the GWJ brain-trust.

A bunch of my coworkers have started using Groove 2007 to do report collaboration. Currently this is in peer-to-peer, no Groove-Server mode. I know this isn't ideal, and telling me that there are better solutions is preaching to the choir.
Out of a couple dozen or so users I have 4 that are experiencing a weird issue:

When they try to open a file from the Groove workspace the associated program will start, but then warn that the user doesn't have access, privileges, rights, etc. The message depends on the program, but this is the case with anything I have tried. DOC, XLS, TXT, etc.
If the file is copied to the desktop it will open normally. If the file is copied back into the workspace (which works fine) the file is inaccessible for them again. Other people can open the file without any issues.
The difference seems to be that If I browse to the Temp folder after attempting to open a file on the affected machines it will have the "E" flag set. So when Groove copies the file into the Temp folder it isn't decrypting the contents from the Groove datastore. I have had zero luck finding any information on this issue or how to modify this behavior. Manually copying the files seems to decrypt them properly, and the Temp files on other computers don't have the "E" flag.

I've uninstalled, reinstalled, used the Groove-cleaner utility, used the Groove-cleaner utility with the all flag, created new profiles, redownloaded, created new user profiles (and the problem seems to caused by the computer/Groove installation, NOT the user profile)... and am currently retrying uninstalling, defragging 3 times and reinstalling.

What am I missing? Any ideas?


Aaaaand I think I found it.
Sigh, AFTER I posted of course.

Groove uses the user account encryption certificate for the Temp folder transfer, but not for the manual copy for some reason.
Issuing a new certificate via the User Accounts tool in the Control Panel seems to solve this issue.