I have enable PS remoting on one of the Domain controller and given permission to one service account by command: Set-PSSessionConfiguration -Name Microsoft.PowerShell –showSecurityDescriptorUI
User wants to execute command powershell command "Set-ADUser -Identity thpoo -ChangePasswordAtLogon $true" but getting access denied, however working fine for Domain admins.
Your user doesn't have the proper privilege in Active Directory. Either assign them to a group that does, or modify the permission of their AD user object (their user account). I'd probably shoot for the first of these two options.
In case it's unclear, the -ShowSecurityDescriptorUI parameter of the Set- and Register-PSSessionConfiguration cmdlets, is for modifying the permissions on the endpoint (think, who can and can't use the endpoint). It's about giving them access to use this endpoint — the Microsoft.PowerShell (default) endpoint, in this instance. Just a thought, but if it were me, I'd leave this endpoint or session configuration alone, and create a new one that this user can use. Just a thought.
You must be logged in to reply to this topic.