Run PS as SYSTEM account, but make change to current logged on user(not admin) cert


Sorry first post here.
I need to find a specific user certificate on all clients, when user logged in, and then delete it.
Reason is we are changing UPN´s of all users. and cert used for Always on VPN.

Most users are not local admins.

Is there a way to use PSADT to accomplish this? Run the PS as System and then somehow
run the cert part elevated as the current logged on user? Or maybe other ideas?

$cc = Get-ChildItem Cert:\CurrentUser\My | Select *

foreach ($c in $cc) {
    $aa = $c | select -expandproperty EnhancedKeyUsageList | where {$_.friendlyname -like "*ReplaceWithNameUWantSelected*"} 
    if ($aa -ne $null) 
    $c | Remove-Item
     #Write-Host "Friendlyname = "$aa.friendlyname
     #Write-Host "ObjectID = "$aa.ObjectID     

Does your script work when a regular user runs it?