Well I'm new to this myself, but at my organization they set up a dedicated workstation (virtual machine) for running Reports that doesn't inherit the normal AD user policies. It's in a special OU container for servers and special systems with different policies. That seems to work - we just RDP to the system when we need to make a change to the reports. Security to the system is maintained through RDP access control and other security systems.
That may not be an ideal solution or even a possible solution but I'll throw it out there.
Cheers!