By default, whenever any of the components of File Reporter are installed on a server in a domain, the proxy rights universal security group is granted membership in that server’s built-in Administrators security group. This grants File Reporter certain permissions needed in addition to the LSA privileges required for successful scanning of file system metadata.
On other servers in the domain that are hosting storage to be scanned by File Reporter through a proxy agent, you must also grant the proxy rights group membership in the built-in Administrators group. This is necessary because there are many actions performed that require membership in this group regardless of the LSA privileges that the user has been granted—in particular, reading directory quotas.
Additionally, the other servers in the domain that are not hosting components, but are hosting storage to be scanned, must have the necessary rights and privileges, along with some file share and NTFS permissions. The easiest way of granting these rights and privileges is through Group Policy objects in Active Directory.
As explained previously, at a minimum, you must grant Read Only sharing and security privileges to the proxy rights group for each share that File Reporter will scan.
IMPORTANT:The proxy rights group for Active Directory must be a member of the built-in Administrators group on each Windows server that File Reporter scans.
Certain functions, such as collection of quotas via FSRM (File Server Resource Manager) do not work without this membership despite the assignment of other rights and privileges.