This week on SysAdmin Weekly, Andy and Eric finally settle one of the most persistent questions in the Hyper-V world: Should your Hyper-V hosts be domain joined or live outside the domain? Spoiler: we have strong feelings.

Before the main event, we hit a few hot headlines:

- Microsoft is booting AV vendors out of the kernel (finally)

- CrowdStrike’s recent disaster knocked out 8.5 million devices

- Notepad++ had a nasty privilege escalation flaw in its installer

- And no, China did NOT break RSA encryption (at least, not the kind that matters)

Then, in Nerd Hour, Andy talks Debian 13 upgrade best practices, and Eric explores scripting virtual TPM keys in Hyper-V without going full-HGS.

In the main segment, we compare the tradeoffs of domain-joined vs workgroup-mode Hyper-V hosts, from security implications (Kerberos, pass-the-hash, curb roasting) to the operational challenges of backups, automation, and monitoring.

Got a spicy opinion? Want to challenge our take? Email us at contact@sysadminweekly.com

Episode Resources:

- Newsletter signup

- Project Runspace

- AndyOnTech

- Kerberoasting (MITRE ATT&CK technique T1558.003)

- Workgroup vs Domain

- Active Directory Security Best Practices

- Microsoft is moving antivirus providers out of the Windows kernel

- CrowdStrike’s faulty update crashed 8.5 million Windows devices

- CVE‑2025‑49144 – DLL planting privilege escalation in Notepad++ installer

- Chinese researchers break RSA encryption with a quantum computer (22‑bit only)

- Debian 13 (Trixie) release notes

This week on SysAdmin Weekly, Andy is joined by returning guest Paul Schnackenburg to dive headfirst into one of the most important (and overlooked) topics in modern IT: SaaS Security.

From token theft and malicious OAuth apps to adversary-in-the-middle attacks and the harsh truth about identity becoming the new firewall, we unpack how attackers are adapting to the cloud-first world, and why most orgs are woefully unprepared.

We explore:

- The SaaS cyber kill chain from recon to persistence

- Other real-world security incidents like CitrixBleed2 and the Fortinet hardcoded credentials fiasco

- The dark art of malicious OAuth apps and shadow IT exploitation

- Why EDR and XDR fall short in a SaaS world

- What you can do *right now* to harden your defenses (Hint: MFA is not enough)

This one’s loaded with insights and practical tips, don’t miss it!

## Episode Resources ##

- SysAdmin Weekly Companion Newsletter

- AndyOnTech

- Project Runspace

- CitrixBleed 2

- X Post re: Fortinet Hard-Coded Credentials

- Paul's SaaS Cyber Kill Chain Article

This week on SysAdmin Weekly, Andy is joined by Luke Orellana, a fellow IT war buddy from the MSP trenches who's now a Senior Engineering Manager at Microsoft (yes, that Microsoft) working with AI Agents on a daily basis!

In this episode we unpack the good, the bad, and the "seriously, who thought YAML was a good idea"? parts of Infra-as-Code from Terraform and Pulumi to PowerShell DSC and Packer pipelines. Luke drops wisdom on platform engineering, the rise of AI agents with their impact on DevOps, and how he rewrote entire Terraform libraries because apparently, sleep is optional.

Also in this episode:

- Why password resets are a scam (Forrester says $70 a pop — no thanks).

- The glorious chaos of auditors asking for 30-day resets in 2025 (because security theater must go on).

- Andy’s obsession with Linux Mint Debian Edition and the Tux shrine on his desk.

- The legendary Domino’s Pizza Terraform provider. Yes. That’s real.

We also answer critical questions like:

- Can an AI agent wreck your entire Git repo?

- Should sysadmins fear change or just automate it?

- And what’s more powerful: Terraform CDK or the sheer willpower of a sysadmin trying to avoid YAML?

Grab your favorite caffeine source, commit to main (regrets optional), and get ready to laugh, learn, and question your life choices. This one’s got code, chaos, and caffeine-fueled commentary.

Episode Resources Below!

- SysAdmin Weekly Companion Newsletter

- All Available Podcast Platforms

- AndyOnTech

- ProjectRunspace

- Luke Orellana on LinkedIn

- Terraform CDK Constructs

This week, Andy is back from InfoSecurity Europe (and yes, still fighting off a conference cold), so naturally, we’re talking all about IT conferences. The big, the small, the budget-busting, and the badge-scanning bonanzas that are IT Events.

Paul Schnackenburg returns to help unpack the real value of these events: learning (but not just in sessions), community (a.k.a. the hallway track), and how to dodge aggressive booth folks without pretending to answer a fake phone call. Also covered:

- A news react segment on Trend Micro vulnerabilities and the Coinbase supply chain scare

- The reality of conference session overload (triple-booked? Same.)

- Why the expo hall isn’t just a capitalist trap (spoiler: you might stumble on tools that blow your mind)

- Why speaking at events could be your career’s best power-up

Oh! And don’t skip the outro. We tease a future episode on “what’s in your conference bag” (nerd edition). BTW, you can subscribe to the companion newsletter at https://newsletter.sysadminweekly.com!

-- Episode Resources --

- AndyOnTech

- Project Runspace

- SysAdmin Weekly Companion Newsletter

- Trend Micro Vulnerabilities

- Coinbase Insider Threat

- Ookla Speedtest PS Script

What makes a great SysAdmin? Is it scripting sorcery? The ability to debug DHCP before coffee? Or maybe it's just not rage-quitting when someone says, “Have you tried turning it off and on again?”This week, Paul Schnackenburg returns to help Andy tackle the age-old question: What makes a great SysAdmin?We dig into:

• The technical skills that separate the pro SysAdmins from the PowerShell copy-pasters
• The soft skills that matter more than you think (spoiler: communication is better than compiling)
• The mindset traits that keep us sane in the chaos
• Why curiosity, not caffeine, is the true fuel of the trade
• And yes... we even talk about empathy. You’ve been warned =D

Whether you’re a grizzled server-room veteran or a newcomer wondering if your Wi-Fi troubleshooting skills qualify as “IT support,” this episode's got something for you.

Bonus: Hear Paul and I rant (gently) about gatekeeping, burnout, and why the best SysAdmins never stop learning—even when they really want to.

Episode Resources:SysAdmin Weekly Companion NewsletterAndyOnTechProject RunspacePaul Schnackenburg on LinkedIn

#sysadmin #softskills #itpro #careergrowth

In this episode of SysAdmin Weekly, Andy and Eric dive headfirst into the world of GitHub Copilot, the AI-powered coding assistant everyone’s either cautiously testing or quietly ignoring. But should you be paying attention?

Originally designed for developers, GitHub Copilot is quickly becoming a SysAdmin’s Swiss Army knife, helping with everything from PowerShell scripting to deciphering cursed regex one-liners. But it's not all sunshine and sudo.In this episode we cover:

• How sysadmins are using Copilot to write scripts, generate configs, and troubleshoot faster.
• The hidden risks: hallucinated commands, AI security pitfalls, and Shadow IT vibes.

• Why context matters (and why Copilot doesn’t know your environment).
• Practical advice for testing, adoption, and rolling it out safely across your team.

Is GitHub Copilot the productivity boost you've been waiting for… or a compliance time bomb with autocomplete? Tune in and find out!

Episode Resources:

SysAdmin Weekly Companion Newsletter

AndyOnTech⁠

Project Runspace

Windows Update with 3rd Party Apps

#SysAdmin #ITPro #GithubCopilot

Are companies really looking the migrate off the cloud? You may be surprised!

In this episode of SysAdmin Weekly, we’re diving headfirst into the growing trend of cloud repatriation and why some orgs are saying “thanks, but no thanks” to AWS, Azure, and Google Cloud. From skyrocketing costs to performance surprises and compliance headaches, we’re breaking down the real-world reasons behind this shift back to on-prem and hybrid infrastructure.

- What’s triggering the move?

- Who’s doing it, and is it working?

- Should you be considering repatriation?

If you’re a sysadmin, IT leader, or just a curious cloud-watcher, this one’s for you.

Buckle up! we’re demystifying the hype and serving up hard truths with a side of occasional snark.

Subscribe, comment, and tell us if YOU would bring workloads back from the cloud!

Episode Resources:

SysAdmin Weekly Companion Newsletter

AndyOnTech

Project Runspace

Barclays CIO Survey 2024 – Enterprise CIO repatriation intentions

Dropbox S-1 Filing GeekWire – Dropbox saved $75M moving off AWS

37signals Blog DataCenterDynamics – $2M/year saved post-cloud

Flexera State of the Cloud Report 2024 – 21% of workloads repatriated

GEICO Interview Infrastructure VP – Cloud cost and latency issues

IDC Repatriation Study 2024 – 80% expect repatriation of workloads

Uptime Institute Survey 2022–2023 – Only 6% abandon public cloud entirely

Gartner Cloud Cost Analysis 2024 – Cloud economics and repatriation triggers

Gartner “Cloud Missteps” Report 2023 – Cloud project failure as a repatriation reason

Citrix Hybrid Cloud Study 2023 – UK: 25% moved more than 50% of workloads back

#CloudRepatriation #SysAdmin #HybridCloud #CloudComputing #ITStrategy #InfrastructureOps #CloudCosts #TechTrends

In this episode of *SysAdmin Weekly*, we bid farewell to an old friend: WSUS (Windows Server Update Services). Microsoft is phasing it out and hosts Andy and Eric here to talk about why, what it means for SysAdmins, and how you can prep for what’s next.

In This Episode:

• A quick trip down memory lane: the story of WSUS and its role in traditional patch management
• Why WSUS is being deprecated and how it affects on-prem systems
• What replaces WSUS? (Hint: think Intune, Azure Update Manager, and cloud-first strategies)
• Deep dive into Hot Patch? No reboot updates? Yes please.
• How Azure Arc extends Hot Patch to hybrid and multi-cloud environments
• What SysAdmins should be doing NOW to stay ahead of the curve

Whether you're managing legacy infrastructure or moving toward a cloud-native model, this episode is packed with practical guidance, snarky insights, and a little bit of nostalgia.

Episode Resources:

SysAdmin Weekly - The Newsletter

AndyOnTech

Project Runspace

Windows STS Guidance

Azure Arc Pricing

#WSUS #AzureArc #HotPatch #SysAdminLife #Intune #PatchManagement #CloudFirst #MicrosoftUpdate #ITPodcast