User Account for Scope of Management Issue

User Account for Scope of Management Issue

If I use a domain admin account for the SoM, I can install the agent and have computer automatically removed from Desktop Central when they are deleted from AD.  This is great, except that it is against our policy rules to use a Domain Admin account for workstation products.

We have a user account that is a local admin to all computers, but when I use that account, everything fails (agent can't install, computers aren't removed, etc).  Does this users need any special rights, like delegated authority to the OU the computers reside in?  If so what exactly needs delegated as I can't just give it full control.

I would appreciate any help anyone could provide.  We have called support but have not gotten a resolution yet.

Andy