Because I could not find an authoritative source for configuration of security for report scheduler on Windows Server 2008, I am going to write what I have done to allow this to work:
1. I created an Active Directory user that is only a member of domain users in the domain.
2. I added that user to NPM with very limited rights and defaulting to blank pages with no links or tabs on it and access to only the reports folder that I wanted
3. On the Orion server, I made the account a member of remote desktop users, logged on one time to create a profile, logged off and remove the account from remote desktop users.
4. On the Orion server, I granted the account the "log on as batch job" right.
5. On the Orion server, I gave the account change permissions on the c:\windows\tasks folder.
6. logging ontp the Orion server with the local administrator account (Ugh - still need to figure out how to avoid this) I set up a scheduled report to run as the account that I created and to pas the credentials for the account in the URL for the report.
That seems to have worked. If anyone has any comments or improvements to this process, I would be appreciative. Especially about how to not have to log on with the local Administrator to configure the report scheduler.