diff --git a/roles/iiab-admin/defaults/main.yml b/roles/iiab-admin/defaults/main.yml
index f58901620..080962fbf 100644
--- a/roles/iiab-admin/defaults/main.yml
+++ b/roles/iiab-admin/defaults/main.yml
@@ -3,19 +3,22 @@
 # Set iiab_admin_user_install: False if you don't want iiab_admin_user & wheel
 # group auto-created in roles/iiab-admin/tasks/main.yml (hence disabling sudo-
 # checks/warnings of published passwds like pi/raspberry & iiab-admin/g0adm1n).
-iiab_admin_user_install: True
+# iiab_admin_user_install: True
 # If iiab_admin_user_install: False, set iiab_admin_user (below) to an existing
 # Linux user that has sudo access, for login to Admin Console http://box/admin
 
 # ODDLY THIS IS ALSO USED BY roles/usb-lib/tasks/main.yml TO SET GROUP PERM FOR /library/www/html/local_content (ISN'T {{ apache_user }} MORE APPROPRIATE?)
-iiab_admin_user: iiab-admin
+# iiab_admin_user: iiab-admin
 
 # For live checks/alerts of published pwds
-iiab_admin_published_pwd: g0adm1n
+# iiab_admin_published_pwd: g0adm1n
 
 # Password hash to override above, if Ansible creates above user:
-iiab_admin_pwd_hash: $6$xsce51$D.IrrEeLBYIuJkGDmi27pZUGOwPFp98qpl3hxMwWV4hXigFGmdSvy3s/j7tn6OnyTTLmlV7SsN0lCUAFzxSop.
+# iiab_admin_pwd_hash: $6$xsce51$D.IrrEeLBYIuJkGDmi27pZUGOwPFp98qpl3hxMwWV4hXigFGmdSvy3s/j7tn6OnyTTLmlV7SsN0lCUAFzxSop.
 # Obtain a password hash - NEW MORE SECURE WAY:
 #    python3 -c 'import crypt; print(crypt.crypt("<plaintext>", crypt.mksalt(crypt.METHOD_SHA512)))'
 # Obtain a password hash - OLD WAY:
 #    python -c 'import crypt; print crypt.crypt("<plaintext>", "$6$<salt>")'
+
+# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
+# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!