This topic contains 1 reply, has 2 voices, and was last updated by  tommymaynard 2 years, 2 months ago.

  • Author
  • #37132

    amit aman

    I have enable PS remoting on one of the Domain controller and given permission to one service account by command: Set-PSSessionConfiguration -Name Microsoft.PowerShell –showSecurityDescriptorUI

    User wants to execute command powershell command "Set-ADUser -Identity thpoo -ChangePasswordAtLogon $true" but getting access denied, however working fine for Domain admins.
    Kindly assist

  • #37133


    Your user doesn't have the proper privilege in Active Directory. Either assign them to a group that does, or modify the permission of their AD user object (their user account). I'd probably shoot for the first of these two options.

    In case it's unclear, the -ShowSecurityDescriptorUI parameter of the Set- and Register-PSSessionConfiguration cmdlets, is for modifying the permissions on the endpoint (think, who can and can't use the endpoint). It's about giving them access to use this endpoint — the Microsoft.PowerShell (default) endpoint, in this instance. Just a thought, but if it were me, I'd leave this endpoint or session configuration alone, and create a new one that this user can use. Just a thought.

You must be logged in to reply to this topic.