When my users log into GP, they do it through SQL server accounts, not Active Directory. I'm setting up SSRS reports but unfortunately since its security is tied to Active Directory, domain admins can run reports. Even if BUILTIN\Administrators is removed from the security settings on the SSRS site, domain admins can still view the reports. I've poured over the links below and haven't been able to find something that directly addresses preventing domain admins access. Can I add additional password security like you would to say an Excel report for example, to a SSRS report?
https://dynamicsgpland.blogspot.com/2011/05/and-one-and-two-sql-report-security.html
dynamicsgpblogster.blogspot.com/.../microsoft-sql-server-security-roles-and.html;utm_medium=feed&utm_campaign=Feed%3A+TheDynamicsGpBlogster+%28The+Dynamics+GP+Blogster%29