For fully functional creation and management of a logical network, an Administration Server service account:
Needs administration permissions for its database.
When using an SQL server in Windows authentication mode, the account which runs an Administration Server must have access to the database. This account must be the owner of the Administration Server database. Dbo schema must be used by default.
On the Administration Server PC:
Must be a local administrator.
Must have the following additional privileges:
Log on as a service;
Act as part of the operating system;
Access this computer from the network;
Replace a process level token;
Increase quotas/ Adjust memory quotas for a process.
In order to conduct remote installation (uninstallation), Administration Server service account needs the following permissions (relevant only if a remote installation task will be running under an Administration Server service account when Network Agent on a client PC is either not installed or unavailable):
for forced installation/uninstallation: an Administration Server service account is used to upload on client PCs the files needed to install/uninstall software. So it needs to have the following permission on a client PC:
permission to run applications remotely;
permission for the Admin$ resource;
permission to log on as a service.
for installation/uninstallation using login scripts: an Administration Server service account is used to access the domain controller with modify account script role. So it needs to have permissions to modify login scripts in the domain controller database.
If there is an Network Agent installed and running on a client PC, the Network Agent can be used for delivery of files to client PCs and installation under a Local System Account. In this case, you will not have to configure any additional permissions. To do it, create a forced installation/uninstallation task, and check the box Using Network Agent in its Properties: