Your user doesn't have the proper privilege in Active Directory. Either assign them to a group that does, or modify the permission of their AD user object (their user account). I'd probably shoot for the first of these two options.
In case it's unclear, the -ShowSecurityDescriptorUI parameter of the Set- and Register-PSSessionConfiguration cmdlets, is for modifying the permissions on the endpoint (think, who can and can't use the endpoint). It's about giving them access to use this endpoint — the Microsoft.PowerShell (default) endpoint, in this instance. Just a thought, but if it were me, I'd leave this endpoint or session configuration alone, and create a new one that this user can use. Just a thought.