diff --git a/linux/compliance.yaml b/linux/compliance.yaml
index a475023..04232da 100644
--- a/linux/compliance.yaml
+++ b/linux/compliance.yaml
@@ -55,7 +55,7 @@
         name: ansible
         groups: wheel
         append: yes
-      when: wheel in ansible_facts.getent_group
+      when: "'wheel' in ansible_facts.getent_group"
 
     # Ansible user SSH pub key
     # This is a really stupid way to do it, but alas.
@@ -112,21 +112,21 @@
         name: nhadmin
         groups: wheel
         append: yes
-      when: wheel in ansible_facts.getent_group
+      when: "'wheel' in ansible_facts.getent_group"
 
     - name: Add nhadmin to sudo group.
       user:
         name: nhadmin
         groups: sudo
         append: yes
-      when: wheel in ansible_facts.getent_group
+      when: "'sudo' in ansible_facts.getent_group"
 
     - name: Add nhadmin to systemd-journal group.
       user:
         name: nhadmin
         groups: systemd-journal
         append: yes
-      when: wheel in ansible_facts.getent_group
+      when: "'systemd-journal' in ansible_facts.getent_group"
 
       
     # Sysadmin user SSH pub key