diff --git a/lmn-desktop.yml b/lmn-desktop.yml
index b986d06..5fe1c6e 100644
--- a/lmn-desktop.yml
+++ b/lmn-desktop.yml
@@ -6,7 +6,7 @@
   become: yes
   pre_tasks:
     - pause:
-        prompt: "Enter global-admin active directory password to join domain:"
+        prompt: "Enter global-admin active directory password, leave empty to skip domain join"
         minutes: 5
         echo: false
       register: adpw
diff --git a/roles/lmn-mount/tasks/main.yml b/roles/lmn-mount/tasks/main.yml
index 7f8d8ed..c15d6c0 100644
--- a/roles/lmn-mount/tasks/main.yml
+++ b/roles/lmn-mount/tasks/main.yml
@@ -1,13 +1,14 @@
 ---
-- name: install needed packages
+- name: Install needed packages
   apt:
     name:
       - libpam-mount
       - cifs-utils
       - nfs-common
+      - hxtools
     state: latest
 
-- name: configure pam_mount
+- name: Configure pam_mount
   blockinfile:
     dest: /etc/security/pam_mount.conf.xml
     block: |
@@ -20,6 +21,18 @@
       ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>virti</user></or></not></volume>
     insertafter: "<!-- Volume definitions -->"
 
+- name: Clean up all user processes after logout
+  ansible.builtin.replace:
+    path: /etc/security/pam_mount.conf.xml
+    regexp: '^(<logout wait="0" hup="no" term="no" kill="no" />)$'
+    replace: '#\1\n<logout wait="1000" hup="yes" term="yes" kill="yes" />'
+
+- name: Kill all user processes on logout
+  ansible.builtin.lineinfile:
+    path: /etc/systemd/logind.conf
+    line: KillUserProcesses=yes
+    insertafter: '#KillUserProcesses=no'
+
 - name: Mount NFSv4 home directory
   ansible.posix.mount:
     src: server:/default-school
@@ -27,9 +40,3 @@
     opts: sec=krb5p,_netdev,x-systemd.automount,x-systemd.idle-timeout=60
     state: present
     fstype: nfs4
-
-- name: Kill all user processes on logout
-  ansible.builtin.lineinfile:
-    path: /etc/systemd/logind.conf
-    line: KillUserProcesses=yes
-    insertafter: '#KillUserProcesses=no'