The VM's are in a domain that the Help Desk staff don't have access to, this why I was hoping to do this through vCenter using a service account that has restart permissions.

Are you using Horizon for the desktops?

No these are Citrix XenApp servers that are using a legacy app that occasionally have hung user sessions and need to be restarted.

I thought you said the Helpdesk doesn't have access to vCenter?
With a PowerCLI based solution, they will at least have to make a connection to the vCenter, albeit with an account with restricted privileges.

You can take LucD​ script and convert is like this

$target = Read-Host -Prompt "Name of machine to reboot"

$confirm = Read-Host -Prompt "Are you sure you want to reboot $target (y/n)"

if($confirm -eq 'y'){

     Connect-VIServer vcenter-name

    Get-VM -Name $target | Restart-VMGuest -Confirm:$false

}

This will ask for a user name and password for vcenter where you can enter a service account. This still requires access to vcenter though, I'm not aware of a way to allow powercli but not access to the client.

I have a service account that can be used for this. I just didn't want to give the Help Desk staff the credentials, I wanted to put the credentials in the script in an encrypted state.

Which encryption do you envisage?

If these are workstations and you don't have a Security DB or App, you will be limited to using DPAPI on Windows.
That is

1. Not really secure (easily broken)
2. Is restricted in that the encryption key is stored locally and is bound to the user (meaning that you would need to create the encrypted string with the account that will use it) and station (meaning the encryption will have to be done on each station)