Author Posts

March 31, 2016 at 9:32 am

I have enable PS remoting on one of the Domain controller and given permission to one service account by command: Set-PSSessionConfiguration -Name Microsoft.PowerShell –showSecurityDescriptorUI

User wants to execute command powershell command "Set-ADUser -Identity thpoo -ChangePasswordAtLogon $true" but getting access denied, however working fine for Domain admins.
Kindly assist

March 31, 2016 at 10:07 am

Your user doesn't have the proper privilege in Active Directory. Either assign them to a group that does, or modify the permission of their AD user object (their user account). I'd probably shoot for the first of these two options.

In case it's unclear, the -ShowSecurityDescriptorUI parameter of the Set- and Register-PSSessionConfiguration cmdlets, is for modifying the permissions on the endpoint (think, who can and can't use the endpoint). It's about giving them access to use this endpoint — the Microsoft.PowerShell (default) endpoint, in this instance. Just a thought, but if it were me, I'd leave this endpoint or session configuration alone, and create a new one that this user can use. Just a thought.