diff --git a/server/db/sqlite/schema/schema.ts b/server/db/sqlite/schema/schema.ts
index 42e568f9..3f483a11 100644
--- a/server/db/sqlite/schema/schema.ts
+++ b/server/db/sqlite/schema/schema.ts
@@ -685,7 +685,7 @@ export const roles = sqliteTable("roles", {
     sshSudoMode: text("sshSudoMode").default("none"), // "none" | "full" | "commands"
     sshSudoCommands: text("sshSudoCommands").default("[]"),
     sshCreateHomeDir: integer("sshCreateHomeDir", { mode: "boolean" }).default(
-        false
+        true
     ),
     sshUnixGroups: text("sshUnixGroups").default("[]")
 });
diff --git a/server/routers/org/createOrg.ts b/server/routers/org/createOrg.ts
index 729cf211..1a5d8799 100644
--- a/server/routers/org/createOrg.ts
+++ b/server/routers/org/createOrg.ts
@@ -272,7 +272,8 @@ export async function createOrg(
                     orgId: newOrg[0].orgId,
                     isAdmin: true,
                     name: "Admin",
-                    description: "Admin role with the most permissions"
+                    description: "Admin role with the most permissions",
+                    sshSudoMode: "full"
                 })
                 .returning({ roleId: roles.roleId });
 
diff --git a/server/routers/role/updateRole.ts b/server/routers/role/updateRole.ts
index 66332bf2..7400e582 100644
--- a/server/routers/role/updateRole.ts
+++ b/server/routers/role/updateRole.ts
@@ -102,16 +102,14 @@ export async function updateRole(
             );
         }
 
-        if (role[0].isAdmin) {
-            return next(
-                createHttpError(
-                    HttpCode.FORBIDDEN,
-                    `Cannot update a Admin role`
-                )
-            );
+        const orgId = role[0].orgId;
+        const isAdminRole = role[0].isAdmin;
+
+        if (isAdminRole) {
+            delete updateData.name;
+            delete updateData.description;
         }
 
-        const orgId = role[0].orgId;
         if (!orgId) {
             return next(
                 createHttpError(
diff --git a/src/components/Credenza.tsx b/src/components/Credenza.tsx
index 919ee495..63b84746 100644
--- a/src/components/Credenza.tsx
+++ b/src/components/Credenza.tsx
@@ -84,7 +84,7 @@ const CredenzaContent = ({ className, children, ...props }: CredenzaProps) => {
     return (
         <CredenzaContent
             className={cn(
-                "overflow-y-auto max-h-[100dvh] md:max-h-screen md:top-[200px] md:translate-y-0",
+                "overflow-y-auto max-h-[100dvh] md:max-h-screen md:top-[clamp(1.5rem,12vh,200px)] md:translate-y-0",
                 className
             )}
             {...props}
diff --git a/src/components/EditRoleForm.tsx b/src/components/EditRoleForm.tsx
index 80555660..aea0b93a 100644
--- a/src/components/EditRoleForm.tsx
+++ b/src/components/EditRoleForm.tsx
@@ -46,11 +46,13 @@ export default function EditRoleForm({
 
     async function onSubmit(values: RoleFormValues) {
         const payload: UpdateRoleBody = {
-            name: values.name,
-            description: values.description || undefined,
             requireDeviceApproval: values.requireDeviceApproval,
             allowSsh: values.allowSsh
         };
+        if (!role.isAdmin) {
+            payload.name = values.name;
+            payload.description = values.description || undefined;
+        }
         if (isPaidUser(tierMatrix.sshPam)) {
             payload.sshSudoMode = values.sshSudoMode;
             payload.sshCreateHomeDir = values.sshCreateHomeDir;
diff --git a/src/components/InternalResourceForm.tsx b/src/components/InternalResourceForm.tsx
index 1ed85c59..08eb5a24 100644
--- a/src/components/InternalResourceForm.tsx
+++ b/src/components/InternalResourceForm.tsx
@@ -385,7 +385,7 @@ export function InternalResourceForm({
                   tcpPortRangeString: resource.tcpPortRangeString ?? "*",
                   udpPortRangeString: resource.udpPortRangeString ?? "*",
                   disableIcmp: resource.disableIcmp ?? false,
-                  authDaemonMode: resource.authDaemonMode ?? null,
+                  authDaemonMode: resource.authDaemonMode ?? "site",
                   authDaemonPort: resource.authDaemonPort ?? null,
                   roles: [],
                   users: [],
@@ -413,7 +413,7 @@ export function InternalResourceForm({
     });
 
     const mode = form.watch("mode");
-    const authDaemonMode = form.watch("authDaemonMode");
+    const authDaemonMode = form.watch("authDaemonMode") ?? "site";
     const hasInitialized = useRef(false);
     const previousResourceId = useRef<number | null>(null);
 
@@ -466,7 +466,7 @@ export function InternalResourceForm({
                     tcpPortRangeString: resource.tcpPortRangeString ?? "*",
                     udpPortRangeString: resource.udpPortRangeString ?? "*",
                     disableIcmp: resource.disableIcmp ?? false,
-                    authDaemonMode: resource.authDaemonMode ?? null,
+                    authDaemonMode: resource.authDaemonMode ?? "site",
                     authDaemonPort: resource.authDaemonPort ?? null,
                     roles: [],
                     users: [],
diff --git a/src/components/RoleForm.tsx b/src/components/RoleForm.tsx
index 7333ec87..8fe2c55e 100644
--- a/src/components/RoleForm.tsx
+++ b/src/components/RoleForm.tsx
@@ -138,6 +138,7 @@ export function RoleForm({
 
     const sshDisabled = !isPaidUser(tierMatrix.sshPam);
     const sshSudoMode = form.watch("sshSudoMode");
+    const isAdminRole = variant === "edit" && role?.isAdmin === true;
 
     useEffect(() => {
         if (sshDisabled) {
@@ -161,7 +162,11 @@ export function RoleForm({
                                 <FormItem>
                                     <FormLabel>{t("accessRoleName")}</FormLabel>
                                     <FormControl>
-                                        <Input {...field} />
+                                        <Input
+                                            {...field}
+                                            disabled={isAdminRole}
+                                            readOnly={isAdminRole}
+                                        />
                                     </FormControl>
                                     <FormMessage />
                                 </FormItem>
@@ -174,7 +179,11 @@ export function RoleForm({
                                 <FormItem>
                                     <FormLabel>{t("description")}</FormLabel>
                                     <FormControl>
-                                        <Input {...field} />
+                                        <Input
+                                            {...field}
+                                            disabled={isAdminRole}
+                                            readOnly={isAdminRole}
+                                        />
                                     </FormControl>
                                     <FormMessage />
                                 </FormItem>
@@ -203,7 +212,11 @@ export function RoleForm({
                                             {t("accessRoleName")}
                                         </FormLabel>
                                         <FormControl>
-                                            <Input {...field} />
+                                            <Input
+                                                {...field}
+                                                disabled={isAdminRole}
+                                                readOnly={isAdminRole}
+                                            />
                                         </FormControl>
                                         <FormMessage />
                                     </FormItem>
@@ -218,7 +231,11 @@ export function RoleForm({
                                             {t("description")}
                                         </FormLabel>
                                         <FormControl>
-                                            <Input {...field} />
+                                            <Input
+                                                {...field}
+                                                disabled={isAdminRole}
+                                                readOnly={isAdminRole}
+                                            />
                                         </FormControl>
                                         <FormMessage />
                                     </FormItem>
diff --git a/src/components/RolesTable.tsx b/src/components/RolesTable.tsx
index b93e4df1..bf17f63f 100644
--- a/src/components/RolesTable.tsx
+++ b/src/components/RolesTable.tsx
@@ -135,7 +135,6 @@ export default function UsersTable({ roles }: RolesTableProps) {
                         </DropdownMenu>
                         <Button
                             variant={"outline"}
-                            disabled={isAdmin || false}
                             onClick={() => {
                                 setEditingRole(roleRow);
                                 setIsEditDialogOpen(true);