diff --git a/.ansible/roles/lockdown/tasks/main.yml b/.ansible/roles/lockdown/tasks/main.yml
index 1d9d83c..704f409 100644
--- a/.ansible/roles/lockdown/tasks/main.yml
+++ b/.ansible/roles/lockdown/tasks/main.yml
@@ -31,8 +31,6 @@
         uid: 1000
         password: "{{ item.password }}"
         append: yes
-        groups:
-          - sudo
         shell: /bin/bash
         generate_ssh_key: yes
         password_expire_min: 93
@@ -84,6 +82,7 @@
         owner: "{{ item.name }}"
         group: "{{ item.name }}"
         mode: "0600"
+        state: present
       tags:
         - other_users
         - others_ssh
@@ -101,6 +100,7 @@
         owner: "{{ created_admin.name }}"
         group: "{{ created_admin.name }}"
         mode: "0600"
+        state: present
       tags:
         - default
         - administrative_user
@@ -129,7 +129,10 @@
         dest: /etc/ssh/sshd_config.d/auth.conf
         force: yes
         backup: yes
+        owner: root
+        group: root
         mode: "0644"
+        state: present
       tags:
         - depass_root
       register: constrained_auth
@@ -139,7 +142,10 @@
         dest: /etc/ssh/sshd_config.d/denyroot.conf
         force: yes
         backup: yes
+        owner: root
+        group: root
         mode: "0644"
+        state: present
       tags:
         - prohib_root_ssh
       register: prohibited_root_ssh_login