Thank-you both for your replies, and sorry for the confusion...I think Mike is understanding the situation, but I'll try to explain in more detail
I'm using Symantec Ecryption Server (v. 3.3.2 MP6) and Encryption Desktop (v 10.3.2 MP6).
I've setup a group on the management server and membership is based on a LDAP (AD) query.
I've created a policy which enforces encryption of a specific directory.
The first user of the folder, when they logged on for the first time, the client Symantec Desktop, prompted for passphrase etc to register with the server, once they had jumped through all those hoops and downloaded the policy, and accessed the encrypted folder it initially encrypted it with the user's private key and not the groups...
So I, as the sys admin, remoted in with the user, and was able to manually add the groups key and reencrypt the folder. At this time, I also thought it would be a good idea to remove the user's private key and just have the group listed as the 'Admin' because all the users were in this group, so there really wouldn't be a need for an Admin to add/remove users.
Now I'm not 100% sure what happened, but when the second user went to access the folder they could access it but half of the sub folders were still encrypted with the first user's private key only (the group key wasn't listed), So I tried to re-encrypt but it wouldn't allow me to as only the Group was listed.
I remoted in with the first user and manually added the Group to each sub-folder (this did propagate to each sub-sub-folder), but it had to be at the sub-folder level, as the top level folder only has the Group private key and even though both users are members of this group, they can not add/remove users or re-encrypt the data (as mentioned by Mike)