diff --git a/defaults/main.yml b/defaults/main.yml
index 3e93746..57debf6 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,6 +1,8 @@
 ---
 # not working currently
 cups_version: 2.2.10
+cups_admin_username: cupsadm
+cups_admin_password: secure
 
 cups_bind_url:
   - localhost:631
diff --git a/tasks/install.yml b/tasks/install.yml
index 7b06aa9..aef6edc 100644
--- a/tasks/install.yml
+++ b/tasks/install.yml
@@ -13,11 +13,13 @@
       yum:
         name: "{{ __cups_rpm_files }}"
         state: present
+      notify: __cupsd_restart
 
     - name: Install custom driver packages
       yum:
         name: "{{ cups_custom_driver_packages }}"
         state: present
+      notify: __cupsd_restart
 
     - name: Deploy global config files
       template:
diff --git a/tasks/main.yml b/tasks/main.yml
index 2e8e76c..ecff44a 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,5 +1,8 @@
 ---
+- include_tasks: prepare.yml
 - include_tasks: install.yml
+- include_tasks: selinux.yml
+  when: ansible_selinux
 - import_tasks: nginx.yml
   when: cups_nginx_vhost_enabled
 - include_tasks: post_tasks.yml
diff --git a/tasks/prepare.yml b/tasks/prepare.yml
new file mode 100644
index 0000000..bf8ef8b
--- /dev/null
+++ b/tasks/prepare.yml
@@ -0,0 +1,10 @@
+---
+- block:
+    - name: Create user '{{ cups_admin_username }}'
+      user:
+        comment: Cups Admin
+        name: "{{ cups_admin_username }}"
+        password: "{{ cups_admin_password }}"
+        groups: printadmin
+  become: True
+  become_user: root
diff --git a/tasks/selinux.yml b/tasks/selinux.yml
new file mode 100644
index 0000000..b0aa0c3
--- /dev/null
+++ b/tasks/selinux.yml
@@ -0,0 +1,32 @@
+---
+- block:
+    - name: Add SELinux file context mapping definitions
+      sefcontext:
+        target: "{{ item.target }}"
+        setype: "{{ item.setype }}"
+        state: present
+      loop:
+        - { target: '/opt/brother', setype: 'bin_t' }
+        - { target: '/etc/opt/brother', setype: 'cupsd_rw_etc_t' }
+        - { target: '/opt/brother/Printers/(.*/)?inf(/.*)?', setype: 'cupsd_rw_etc_t' }
+        - { target: '/opt/brother/Printers/(.*/)?lpd(/.*)?', setype: 'bin_t' }
+        - { target: '/opt/brother/Printers/(.*/)?cupswrapper(/.*)?', setype: 'bin_t' }
+      notify: __cupsd_restart
+
+    - name: Apply new SELinux file context to filesystem
+      command: "restorecon {{ item }}"
+      loop:
+        - -R /opt/brother
+        - -R /etc/opt/brother
+        - -R /opt/brother/Printers
+        - -RFv /usr/lib/cups/filter
+      notify: __cupsd_restart
+
+    - name: Allow cups execmem/execstack
+      seboolean:
+        name: cups_execmem
+        state: yes
+        persistent: yes
+      notify: __cupsd_restart
+  become: True
+  become_user: root
diff --git a/templates/etc/cups/cupsd.conf.j2 b/templates/etc/cups/cupsd.conf.j2
index 79b648d..94691fc 100644
--- a/templates/etc/cups/cupsd.conf.j2
+++ b/templates/etc/cups/cupsd.conf.j2
@@ -36,6 +36,8 @@ WebInterface Yes
 
 # Restrict access to the admin pages...
 <Location /admin>
+  AuthType Default
+  Require user @SYSTEM
   Order allow,deny
 </Location>