Local Security Authority (LSA) rights and privileges are assigned to accounts or groups, and they determine how those accounts or group members may access the system. The rights and privileges are modified through secpol.msc or Local Security Policy from:
Start > Administrative Tools > Local Security Policy
In Local Security Policy, go to the following:
Security Settings > Local Policies > User Rights Assignments
In the table of Privileges and the objects to which they apply located on the right, verify that the File Reporter proxy rights group has the following privileges:
Access this computer from the network
Act as part of the operating system
Back up files and directories
Bypass traverse checking
Create a token object
Create symbolic links
Impersonate a client after authentication
Log on as a batch job
Manage auditing and security log
Restore files and directories
Take ownership of files or other objects
IMPORTANT:The Engine and Agent components attempt to repair these privileges on startup on the servers on which they're installed. Absence of some of these privileges causes the Engine and Agent components to not function properly. Removal of these rights and privileges via Group Policy Object (GPO) results in the Engine and Agent not functioning properly.
If GPO conflicts are detected, set up an additional GPO with just the privileges listed above and assign it to the proxy rights group for the appropriate servers.
IMPORTANT:Some people assume that assigning these rights and privileges to the proxy rights group is sufficient so that they can thus remove the proxy rights group as a member of built-in Administrators. This is incorrect. In order for the Agent to collect quota information on Windows, the File Reporter proxy rights group must be a member of built-in Administrators.