Applicability
This article applies to users running PowerShell Universal 3.x and 4.x who are attempting to run scripts are alternate users. The issue presents itself as an error while attempting to run scripts that states: Error running script. A Required Privilege Is Not Held by the Client.
Root Cause
As of 3.9.9 and 4.0.3, PowerShell Universal is incorrectly requesting the SeTcbPrivilege (Act as part of the operating system). This privilege is a very permissive and is not recommended by Microsoft to grant to accounts of this type. This may affect other down-level versions.
Diagnostics
You can identify if this issue is occurring by enabling the Audit Non Sensitive Privilege Use and Audit Sensitive Privilege Use Advanced Audit Policies in the Local Security Policy on the PowerShell Universal service.
Each option should log failure to grant privileges.
Once this has been enabled, you can filter for event ID 4673 for privilege grant failures. You can also search for SeTcbPrivilege to see if PowerShell Universal is requesting the undesired privilege.
Workaround
The current work around is to grant this privilege to the service account running PowerShell Universal. Future versions of PowerShell Universal will not require this privilege.
Another work around is to invoke privileged commands using Invoke-Command and a credential from within the scripts running in PowerShell Universal.