diff --git a/linux/compliance.yaml b/linux/compliance.yaml
index 8f4635a..1b43785 100644
--- a/linux/compliance.yaml
+++ b/linux/compliance.yaml
@@ -11,13 +11,17 @@
       user:
         name: ansible
         state: present
+        # add to sudo
+        groups: sudo
+        append: yes
 
     # Ansible user SSH pub key
+    # This is a really stupid way to do it, but alas.
+    # This uses an environment variable named ansiblesvc_key in Semaphore which has the ssh-rsa pubkey.
     - name: Add deployment user's SSH key.
-      ansible.posix.authorized_key:
-        user: ansible
-        state: present
-        key: "{{ ansiblesvc_key }}"
+      shell:
+        cmd: echo "{{ ansiblesvc_key }}" > /home/ansible/.ssh/authorized_keys
+        creates: /home/ansible/.ssh/authorized_keys
 
     # Give ansible sudo rights with no password required.
     - name: Add sudo rights with no password for deployment user.
@@ -47,7 +51,7 @@
         append: yes
 
     # SSH config updating
-    - name: Update SSH configuration to be more secure.
+    - name: Update SSH configuration to disallow root login.
       lineinfile:
         dest: /etc/ssh/sshd_config
         regexp: "{{ item.regexp }}"
@@ -60,17 +64,8 @@
       notify: restart ssh
 
     # Delete our network ansible key from the root user.
-    - name: Delete our network ansible key from the root user.
+    - name: Delete our network ansible key (and other keys) from the root user.
       ansible.builtin.file:
         path: /root/.ssh/authorized_keys
         state: absent
-        ignore_errors: yes
-    
-    # New 04/28/24: Do not use the DHCP Client ID as our MAC Address.
-    - name: Configure dhclient to use the MAC address of the system instead of Client ID.
-      blockinfile:
-        state: present
-        insertafter: EOF
-        dest: /etc/dhclient/dhclient.conf
-        marker: "# Changed by ansible playbook: Use MAC address instead of DHCP Client ID"
-        content: 
\ No newline at end of file
+        ignore_errors: yes
\ No newline at end of file
diff --git a/linux/dhclient.yml b/linux/dhclient.yml
new file mode 100644
index 0000000..ffce4ca
--- /dev/null
+++ b/linux/dhclient.yml
@@ -0,0 +1,24 @@
+---
+## Configures dhclient to use the MAC address of the system instead of Client ID, removes all previous leases, and restarts the networking service.
+
+- hosts: all
+  gather_facts: yes
+  become: yes
+
+  tasks:
+  - name: Configure dhclient to use the MAC address of the system instead of Client ID.
+    blockinfile:
+      state: present
+      insertafter: EOF
+      dest: /etc/dhcp/dhclient.conf
+      marker: "# Changed by ansible playbook: Use MAC address instead of DHCP Client ID"
+      content: |
+        send dhcp-client-identifier = hardware;
+  - name: Remove any dhclient leases in /var/lib/dhcp.
+    shell:
+      cmd: rm /var/lib/dhcp/*
+      removes: /var/lib/dhcp/*
+  - name: Restart networking service.
+    service:
+      name: networking
+      state: restarted
\ No newline at end of file