This week on SysAdmin Weekly, Andy and Eric finally settle one of the most persistent questions in the Hyper-V world: Should your Hyper-V hosts be domain joined or live outside the domain? Spoiler: we have strong feelings.

Before the main event, we hit a few hot headlines:

- Microsoft is booting AV vendors out of the kernel (finally)

- CrowdStrike’s recent disaster knocked out 8.5 million devices

- Notepad++ had a nasty privilege escalation flaw in its installer

- And no, China did NOT break RSA encryption (at least, not the kind that matters)

Then, in Nerd Hour, Andy talks Debian 13 upgrade best practices, and Eric explores scripting virtual TPM keys in Hyper-V without going full-HGS.

In the main segment, we compare the tradeoffs of domain-joined vs workgroup-mode Hyper-V hosts, from security implications (Kerberos, pass-the-hash, curb roasting) to the operational challenges of backups, automation, and monitoring.

Got a spicy opinion? Want to challenge our take? Email us at contact@sysadminweekly.com

Episode Resources:

- Newsletter signup

- Project Runspace

- AndyOnTech

- Kerberoasting (MITRE ATT&CK technique T1558.003)

- Workgroup vs Domain

- Active Directory Security Best Practices

- Microsoft is moving antivirus providers out of the Windows kernel

- CrowdStrike’s faulty update crashed 8.5 million Windows devices

- CVE‑2025‑49144 – DLL planting privilege escalation in Notepad++ installer

- Chinese researchers break RSA encryption with a quantum computer (22‑bit only)

- Debian 13 (Trixie) release notes

This week on SysAdmin Weekly, Andy is joined by returning guest Paul Schnackenburg to dive headfirst into one of the most important (and overlooked) topics in modern IT: SaaS Security.

From token theft and malicious OAuth apps to adversary-in-the-middle attacks and the harsh truth about identity becoming the new firewall, we unpack how attackers are adapting to the cloud-first world, and why most orgs are woefully unprepared.

We explore:

- The SaaS cyber kill chain from recon to persistence

- Other real-world security incidents like CitrixBleed2 and the Fortinet hardcoded credentials fiasco

- The dark art of malicious OAuth apps and shadow IT exploitation

- Why EDR and XDR fall short in a SaaS world

- What you can do *right now* to harden your defenses (Hint: MFA is not enough)

This one’s loaded with insights and practical tips, don’t miss it!

## Episode Resources ##

- SysAdmin Weekly Companion Newsletter

- AndyOnTech

- Project Runspace

- CitrixBleed 2

- X Post re: Fortinet Hard-Coded Credentials

- Paul's SaaS Cyber Kill Chain Article

This week on SysAdmin Weekly, Andy is joined by Luke Orellana, a fellow IT war buddy from the MSP trenches who's now a Senior Engineering Manager at Microsoft (yes, that Microsoft) working with AI Agents on a daily basis!

In this episode we unpack the good, the bad, and the "seriously, who thought YAML was a good idea"? parts of Infra-as-Code from Terraform and Pulumi to PowerShell DSC and Packer pipelines. Luke drops wisdom on platform engineering, the rise of AI agents with their impact on DevOps, and how he rewrote entire Terraform libraries because apparently, sleep is optional.

Also in this episode:

- Why password resets are a scam (Forrester says $70 a pop — no thanks).

- The glorious chaos of auditors asking for 30-day resets in 2025 (because security theater must go on).

- Andy’s obsession with Linux Mint Debian Edition and the Tux shrine on his desk.

- The legendary Domino’s Pizza Terraform provider. Yes. That’s real.

We also answer critical questions like:

- Can an AI agent wreck your entire Git repo?

- Should sysadmins fear change or just automate it?

- And what’s more powerful: Terraform CDK or the sheer willpower of a sysadmin trying to avoid YAML?

Grab your favorite caffeine source, commit to main (regrets optional), and get ready to laugh, learn, and question your life choices. This one’s got code, chaos, and caffeine-fueled commentary.

Episode Resources Below!

- SysAdmin Weekly Companion Newsletter

- All Available Podcast Platforms

- AndyOnTech

- ProjectRunspace

- Luke Orellana on LinkedIn

- Terraform CDK Constructs