This analytic rule detects potential reconnaissance activities targeting Windows endpoints using Kerberos Unconstrained Delegation through the use of PowerView commandlets. By leveraging PowerShell Script Block Logging (EventCode=4104), it identifies the execution of commands such as `Get-DomainComputer` and `Get-NetComputer` accompanied by the `-Unconstrained` parameter. This behavior is significant as it suggests that an adversary or Red Team is attempting to map delegation settings within Active Directory. Recognizing such activities allows organizations to proactively respond to potential threats including privilege escalation or lateral movement attempts within their networks. Administrators are cautioned that regular usage by authorized personnel might trigger false positives, necessitating careful review of community and organizational context.