Run deligated scheduled task on remote server via PS without admin rights


I’m trying to allow a non-admin user to run a scheduled task via PS, without giving out more permissions than required.
So far, i have given the user Read+Execute rights on the task file located in C:\Windows\System32\Tasks. This allowed the user to see and run the task in the GUI and Start-ScheduledTask -TaskName “taskname” locally via RDP. But when i try to do the same PS command via invoke command from a workstation, it fails.

How can i get this working without delegating unnecessary permissions?

I forgot to mention that i had added the user to the Remote Management Users group, and testet that Invoke-Command servername {hostname} works.

I have had some progress in my testing. My solution works for me, but i’d like to know why it behaves like this…

# This works.
Invoke-Command -ComputerName servername -ScriptBlock {schtasks /run /tn "taskname"}

# This doesn't.
Invoke-Command -ComputerName servername -ScriptBlock {Start-ScheduledTask -TaskName "taskname"}

What error message do you get?

Cannot connect to CIM server. Access denied
    + CategoryInfo          : ResourceUnavailable: (PS_ScheduledTask:String) [Start-ScheduledTask], CimJobException
    + FullyQualifiedErrorId : CimJob_BrokenCimSession,Start-ScheduledTask
    + PSComputerName        : servername

Let me add that the user is a part of the “Protected Users” group.