DSCResources/MSFT_xCredSSP/MSFT_xCredSSP.psm1

function Get-TargetResource
{
    [CmdletBinding()]
    [OutputType([System.Collections.Hashtable])]
    param
    (
        [parameter(Mandatory = $true)]
        [ValidateSet("Server","Client")]
        [System.String]
        $Role
    )

    switch($Role)
    {
        "Server"
        {
            $RegKey = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Service"
        }
        "Client"
        {
            $RegKey = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client"
        }
    }

    if(Get-ItemProperty -Path $RegKey -Name "auth_credssp" -ErrorAction SilentlyContinue)
    {
        $Setting = (Get-ItemProperty -Path $RegKey -Name "auth_credssp").auth_credssp
    }
    else
    {
        $Setting = 0
    }

    switch($Role)
    {
        "Server"
        {
            switch($Setting)
            {
                1
                {
                    $returnValue = @{
                        Ensure = "Present";
                        Role = "Server"
                    }
                }
                0
                {
                    $returnValue = @{
                        Ensure = "Absent";
                        Role = "Server"
                    }
                }
            }
        }
        "Client"
        {
            switch($Setting)
            {
                1
                {   
                    $DelegateComputers = @()
                    foreach($DelegateComputer in (Get-WSManCredSSP)[0].Split(","))
                    {
                        $DelegateComputers += $DelegateComputer.Split("/")[1]
                    }
                    $DelegateComputers = $DelegateComputers | Sort-Object -Unique

                    $returnValue = @{
                        Ensure = "Present";
                        Role = "Client";
                        DelegateComputers = @($DelegateComputers)
                    }
                }
                0
                {
                    $returnValue = @{
                        Ensure = "Absent";
                        Role = "Client"
                    }
                }
            }
        }
    }

    $returnValue
}


function Set-TargetResource
{
    [CmdletBinding()]
    param
    (
        [ValidateSet("Present","Absent")]
        [System.String]
        $Ensure = "Present",

        [parameter(Mandatory = $true)]
        [ValidateSet("Server","Client")]
        [System.String]
        $Role,

        [System.String[]]
        $DelegateComputers
    )

    switch($Role)
    {
        "Server"
        {
            switch($Ensure)
            {
                "Present"
                {
                    Enable-WSManCredSSP -Role Server -Force
                }
                "Absent"
                {
                    Disable-WSManCredSSP -Role Server
                }
            }
        }
        "Client"
        {
            switch($Ensure)
            {
                "Present"
                {
                    if($DelegateComputers)
                    {
                        $CurrentDelegateComputer = (Get-WSManCredSSP)[0]
                        foreach($DelegateComputer in $DelegateComputers)
                        {
                            if(!$CurrentDelegateComputer.Contains("wsman/$DelegateComputer"))
                            {
                                Enable-WSManCredSSP -Role Client -DelegateComputer $DelegateComputer -Force
                            }
                        }
                    }
                    else
                    {
                        Throw "DelegateComputers is required!"
                    }
                }
                "Absent"
                {
                    Disable-WSManCredSSP -Role Client
                }
            }
        }
    }
}


function Test-TargetResource
{
    [CmdletBinding()]
    [OutputType([System.Boolean])]
    param
    (
        [ValidateSet("Present","Absent")]
        [System.String]
        $Ensure = "Present",

        [parameter(Mandatory = $true)]
        [ValidateSet("Server","Client")]
        [System.String]
        $Role,

        [System.String[]]
        $DelegateComputers
    )

    $CredSSP = Get-TargetResource -Role $Role

    switch($Role)
    {
        "Server"
        {
            return ($CredSSP.Ensure -eq $Ensure)
        }
        "Client"
        {
            switch($Ensure)
            {
                "Present"
                {
                    $CorrectDelegateComputers = $true
                    if($DelegateComputers)
                    {
                        foreach($DelegateComputer in $DelegateComputers)
                        {
                            if(!($CredSSP.DelegateComputers | Where-Object {$_ -eq $DelegateComputer}))
                            {
                                $CorrectDelegateComputers = $false
                            }
                        }
                    }
                    $result = (($CredSSP.Ensure -eq $Ensure) -and $CorrectDelegateComputers)
                }
                "Absent"
                {
                    $result = ($CredSSP.Ensure -eq $Ensure)
                }
            }
        }
    }

    $result
}


Export-ModuleMember -Function *-TargetResource