diff --git a/roles/network/tasks/enable_services.yml b/roles/network/tasks/enable_services.yml
index 2991a0c58..4566c00bb 100644
--- a/roles/network/tasks/enable_services.yml
+++ b/roles/network/tasks/enable_services.yml
@@ -202,17 +202,6 @@
     # group: root
     mode: 0755
 
-- name: Install /usr/bin/iiab-internet-on|off from template (root:root by default)
-  template:
-    src: "{{ item }}"
-    dest: /usr/bin/
-    # owner: root
-    # group: root
-    mode: 0755
-  with_items:
-    - gateway/iiab-internet-on
-    - gateway/iiab-internet-off
-
 
 - name: Add 'squid' variable values to {{ iiab_ini_file }} - if squid_installed is defined
   ini_file:
diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml
index 0bae7b20f..99fb6cf41 100644
--- a/roles/network/tasks/hostapd.yml
+++ b/roles/network/tasks/hostapd.yml
@@ -1,14 +1,14 @@
-- name: Unmask the Access Point 'hostapd' service
-  systemd:
-    name: hostapd
-    enabled: no
-    masked: no
-
 - name: Disable hostapd when not using ap0 and wifi gateway present, or no WiFi hardware present or support not detected
   set_fact:
     hostapd_enabled: False
   when: (not wifi_up_down and discovered_wireless_iface == iiab_wan_iface) or discovered_wireless_iface == "none" or not can_be_ap
 
+- name: Disable the Access Point 'hostapd' service
+  systemd:
+    name: hostapd
+    enabled: no
+  when: not hostapd_enabled
+
 - name: Detect current Wifi channel
   shell: iw {{ discovered_wireless_iface }} info | grep channel | cut -d' ' -f2
   register: current_client_channel
@@ -22,10 +22,12 @@
 - name: Generate new random mac address for ap0
   shell: tr -dc A-F0-9 < /dev/urandom | head -c 10 | sed -r 's/(..)/\1:/g;s/:$//;s/^/02:/'
   register: ap0_mac
+  when: can_be_ap
 
 - name: Setting ap0 mac address for use in hostapd service file
   set_fact:
     ap0_mac_addr: "{{ ap0_mac.stdout }}"
+  when: can_be_ap
 
 - name: "Use custom 'hostapd' systemd service unit file using ap0 -- install from template: /etc/systemd/system/hostapd.service, /etc/systemd/system/iiab-clone-wifi.service, /etc/systemd/system/iiab-wifi-test.service, /usr/sbin/iiab-test-wifi"
   template:
diff --git a/roles/network/tasks/install.yml b/roles/network/tasks/install.yml
index 08ddb9113..4272cd627 100644
--- a/roles/network/tasks/install.yml
+++ b/roles/network/tasks/install.yml
@@ -45,6 +45,14 @@
 #     dest: /etc/network/if-pre-up.d/iptables
 #     mode: '0755'
 
+-- name: Unmask the Access Point 'hostapd' service
+   systemd:
+     name: hostapd
+     enabled: no
+     masked: no
+
+- name: avahi
+  include_tasks: avahi.yml
 
 # Ongoing rework (e.g. PR #2652) arising from ansible.posix collection changes:
 - name: "4 network settings in /etc/sysctl.conf -- e.g. disabling IPv6 (this might be overkill, as IPv6 should really only be disabled on the LAN side, i.e. br0)"
@@ -61,12 +69,12 @@
     #- { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' }         # BY ABOVE
 
 
-# UNMAINTAINED
+# UNUSED
 #- name: Install named / BIND
 #  include_tasks: roles/network/tasks/named.yml
 #  when: named_install is defined and named_install
 
-# UNMAINTAINED
+# UNUSED
 #- name: Install dhcpd
 #  include_tasks: roles/network/tasks/dhcpd.yml
 #  when: dhcpd_install is defined and dhcpd_install
@@ -76,6 +84,54 @@
   include_tasks: roles/network/tasks/squid.yml
   when: squid_install and squid_installed is undefined
 
+  #preprep for backends
+- name: Netplan in use on Ubuntu 18.04+
+  include_tasks: netplan.yml
+  when: is_ubuntu
+
+# all installs
+- name: Install /usr/bin/iiab-internet-on|off from template (root:root by default)
+  template:
+    src: "{{ item }}"
+    dest: /usr/bin/
+    # owner: root
+    # group: root
+    mode: 0755
+  with_items:
+    - gateway/iiab-internet-on
+    - gateway/iiab-internet-off
+
+# mate desktop detection based on 'register: nd_dir' in enable_services
+- name: Check if /usr/share/mate/autostart/ exists
+  stat:
+    path: /usr/share/mate/autostart/
+  register: mate_dir
+
+# contents work with mate as of 'switch to using dash via sh'
+# 'text' is up for debate other structural changes I do not recommend JV
+# if need be cut a second version for RasPiOS
+
+- name: Link /usr/local/sbin/netwarn to {{ iiab_dir }}/scripts/netwarn
+  file:
+    src: "{{ iiab_dir }}/scripts/netwarn.sh"
+    dest: /usr/local/sbin/netwarn
+    state: link
+  when: mate_dir.stat.exists and mate_dir.stat.isdir
+
+- name: Link /usr/share/mate/autostart/netwarn-iiab-network.desktop to {{ iiab_dir }}/scripts/netwarn-iiab-network.desktop
+  file:
+    src: "{{ iiab_dir }}/scripts/netwarn-iiab-network.desktop"
+    dest: /usr/share/mate/autostart/netwarn-iiab-network.desktop
+    state: link
+  when: mate_dir.stat.exists and mate_dir.stat.isdir
+
+# RpiOS detection based on register: lx in pwd-warnings.yml
+- name: Is /etc/xdg/lxsession/LXDE-pi a directory?
+  stat:
+    path: /etc/xdg/lxsession/LXDE-pi
+  register: lx
+
+# clairify usage
 
 - name: "Set 'network_installed: True'"
   set_fact:
diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml
index 8e225eb40..579bf64e9 100644
--- a/roles/network/tasks/main.yml
+++ b/roles/network/tasks/main.yml
@@ -59,14 +59,7 @@
 #    include_tasks: squid.yml
 #    when: squid_install and FQDN_changed and iiab_stage|int == 9
 
-  #preprep for backends
-  - name: Netplan in use on Ubuntu 18.04+
-    include_tasks: netplan.yml
-    when: is_ubuntu and not is_ubuntu_16
-
   #### Start services
-  - name: avahi
-    include_tasks: avahi.yml
   - name: hostapd
     include_tasks: hostapd.yml
   - name: computed_services
@@ -101,3 +94,9 @@
     include_tasks: restart.yml
   # end block
   when: network_installed is defined and network_enabled
+
+- name: Create {{ iiab_etc_path }}/install-flags/iiab-network-complete on second pass of network role.
+  file:
+    path: "{{ iiab_etc_path }}/install-flags/iiab-network-complete"
+    state: touch
+  when: iiab_stage|int == 9
diff --git a/roles/network/templates/network/ifcfg-WAN.j2 b/roles/network/templates/network/ifcfg-WAN.j2.unsued
similarity index 100%
rename from roles/network/templates/network/ifcfg-WAN.j2
rename to roles/network/templates/network/ifcfg-WAN.j2.unsued
diff --git a/roles/network/templates/network/ifcfg-slave.j2 b/roles/network/templates/network/ifcfg-slave.j2.unused
similarity index 100%
rename from roles/network/templates/network/ifcfg-slave.j2
rename to roles/network/templates/network/ifcfg-slave.j2.unused
diff --git a/roles/network/templates/network/ifcfg.j2 b/roles/network/templates/network/ifcfg.j2.usused
similarity index 100%
rename from roles/network/templates/network/ifcfg.j2
rename to roles/network/templates/network/ifcfg.j2.usused
diff --git a/roles/network/templates/network/sysconfig.network.j2 b/roles/network/templates/network/sysconfig.network.j2.unused
similarity index 100%
rename from roles/network/templates/network/sysconfig.network.j2
rename to roles/network/templates/network/sysconfig.network.j2.unused
diff --git a/scripts/iiab-network b/scripts/iiab-network
index 9e56350eb..c2d12056f 100644
--- a/scripts/iiab-network
+++ b/scripts/iiab-network
@@ -1,7 +1,3 @@
 #!/bin/bash -e
 cd /opt/iiab/iiab
 sudo ./iiab-network
-rc=$?
-if [[ $rc == "0" ]]; then
-    sudo touch /etc/iiab/install-flags/iiab-network-complete
-fi
diff --git a/scripts/netwarn-iiab-network.desktop b/scripts/netwarn-iiab-network.desktop
new file mode 100644
index 000000000..35547ee41
--- /dev/null
+++ b/scripts/netwarn-iiab-network.desktop
@@ -0,0 +1,10 @@
+[Desktop Entry]
+Name[en_US]=iiab-network
+Comment[en_US]=iiab-network
+Name[en_CA]=iiab-network
+Comment[en_CA]=iiab-network
+Type=Application
+Exec=/usr/local/sbin/netwarn
+Hidden=false
+Name=iiab-network
+Comment=iiab-network
diff --git a/scripts/netwarn.sh b/scripts/netwarn.sh
new file mode 100644
index 000000000..457152b37
--- /dev/null
+++ b/scripts/netwarn.sh
@@ -0,0 +1,29 @@
+#!/bin/sh
+if [ -f /etc/iiab/install-flags/iiab-network-complete ]; then
+    exit
+fi
+
+zenity --question --width=350 --text="IIAB needs to configure networking:\n\n► Internet must be live before you begin.\n►You might be prompted for your password.\n\nContinue?"
+case $? in
+    -1|5)
+        exit 1
+        ;;
+
+    1)
+        exit 0
+        ;;
+
+    0)
+        x-terminal-emulator -e /usr/local/bin/iiab-network
+        ;;
+esac
+
+if [ "$?" = "1" ]; then
+    zenity --warning --width=350 --text="iiab-network exited with error.\n\nPlease review /opt/iiab/iiab/iiab-network.log"
+    exit 1
+fi
+
+zenity --question --width=350 --text="iiab-network complete.\n\nWould you like to REBOOT now? (Recommended)"
+if [ "$?" = "0" ]; then
+    x-terminal-emulator -e "sudo reboot"
+fi