As is well known, to avoid the Powershell Second Hop problem when Powershell Remoting, one needs to set the CredSSP Client and Server settings.
e.g.
# On the client, a.k.a the First Hop Server
Enable-WSManCredSSP -Role "Client" -DelegateComputer "secondhop.example.com"
# On the server, a.k.a the Second Hop Server
Enable-WSManCredSSP -Role "Server"
And now I can PSRemote to the "client" server and from there access resources on the "server" server. All good and well.
However, the environment is largeish, and I want to know the "Client DelegateComputers" in effect on a good number of machines. How do I achieve this?
I know I can (Get-WSManCredSSP)[0] to get a list of Client DelegateComputers. But this is presented as an ugly, unwieldy string which I would very much like to not parse, given that this is Powershell and that I am in love with the object oriented approach.
I would like to think that I have been all over wsman:/ both using Get-Item and Get-WSManInstance, as well as googled through what reasonably must be all of Google.
It seems unthinkable that this is so elusive, I must have missed something embarrassingly simple.
So ServerFault, how do I Powershell natively or using a direct .NET call get a nicely presented array or similar of CredSSP Client DelegateComputers on a given host?
I can run any version of .NET Framework and Powershell available on Win2008r2 and Win2012r2.
So as it turns out, Google actually had one more page and this is where the answer was hiding.
The Client DelegateComputer list is stored in the Windows registry at:
Reading this key is not beautiful, but it's better than the alternative.
So Victor Vogelpoel, all worldly glory to him, came up with the following oneliner: