Permissions Required By The Remote Desktop Reporter Service and Agent Services
What permissions are needed both by 1.) the main Remote Desktop Reporter Service and 2.) the Local Agent Service that can be deployed on each Remote Desktop Session Host?
The main Remote Desktop Reporter Service should run as a Domain Admin or, failing that, a Domain User account with local Admin rights on each RDS/Citrix server monitored.
The Remote Desktop Reporter Agent Service needs to run as LocalSystem, which is how it is installed by default.
The In-Session Agent processes that are launched via logon script (if user screenshot recording is desired) run under the credentials of each user and do not need any sort of elevated privileges – they send their data to the Remote Desktop Reporter Agent Service, which the main Remote Desktop Reporter Service then polls periodically to capture and store that information.