diff --git a/playbooks/bridge.yaml b/playbooks/bridge.yaml
index 594c2d9b94..5c59682a00 100644
--- a/playbooks/bridge.yaml
+++ b/playbooks/bridge.yaml
@@ -1,7 +1,6 @@
 - hosts: bridge.openstack.org
   become: true
   roles:
-    - users
     - pip3
     - install-ansible
     - root-keys
diff --git a/playbooks/roles/install-ansible/tasks/main.yaml b/playbooks/roles/install-ansible/tasks/main.yaml
index 26dfe67dfb..ff43453699 100644
--- a/playbooks/roles/install-ansible/tasks/main.yaml
+++ b/playbooks/roles/install-ansible/tasks/main.yaml
@@ -21,7 +21,7 @@
     state: directory
     path: /var/cache/ansible
     owner: root
-    group: admin
+    group: root
     mode: 0770
 
 - name: Ensure ansible log dir is writable
@@ -29,7 +29,7 @@
     path: /var/log/ansible
     state: directory
     owner: root
-    group: admin
+    group: root
     mode: 0775
 
 - name: Copy ansible.cfg in to place
diff --git a/playbooks/roles/users/tasks/main.yaml b/playbooks/roles/users/tasks/main.yaml
index 4f711b892c..6555b37db3 100644
--- a/playbooks/roles/users/tasks/main.yaml
+++ b/playbooks/roles/users/tasks/main.yaml
@@ -1,11 +1,7 @@
-- name: Add sudo admin groups
-  loop:
-    - sudo
-    - admin
+- name: Add sudo group
   group:
-    name: "{{ item }}"
+    name: "sudo"
     state: present
-  when:
 
 # NOTE(mordred): We replace the main file rather than dropping a file in to
 # /etc/sudoers.d to deal with divergent base sudoers files from our distros.
@@ -52,7 +48,7 @@
     uid: "{{ all_users[item].uid }}"
     group: "{{ item }}"
     comment: "{{ all_users[item].comment }}"
-    groups: admin,sudo
+    groups: sudo
     shell: /bin/bash
   when:
     - item in all_users