diff --git a/HostProp.hs b/HostProp.hs
index 821fe9e..e0ed8f2 100644
--- a/HostProp.hs
+++ b/HostProp.hs
@@ -24,7 +24,10 @@ getProperties "clam" =
 	, GitHome.installedFor "root"
 	, check (Ssh.hasAuthorizedKeys "root") $
 		Ssh.passwordAuthentication False
+	, check (Ssh.hasAuthorizedKeys "root") $
+		User.lockedPassword "root"
 	, User.nonsystem "joey"
+	, User.nuked "user"
 	, Apt.installed ["sudo"]
 	, fileHasContent "/etc/sudoers" ["joey ALL=(ALL:ALL) ALL"]
 	, GitHome.installedFor "joey"
diff --git a/Property/User.hs b/Property/User.hs
index 3ab5f57..47d6fb5 100644
--- a/Property/User.hs
+++ b/Property/User.hs
@@ -17,5 +17,18 @@ nonsystem user = check (isNothing <$> homedir user) $ cmdProperty "adduser"
 	, Param user
 	]
 
+{- Removes user home directory!! Use with caution. -}
+nuked :: UserName -> Property
+nuked user = check (isJust <$> homedir user) $ cmdProperty "userdel"
+	[ Param "-r"
+	, Param user
+	]
+
+lockedPassword :: UserName -> Property
+lockedPassword user = cmdProperty "passwd"
+	[ Param "--lock"
+	, Param user
+	]
+
 homedir :: UserName -> IO (Maybe FilePath)
 homedir user = catchMaybeIO $ homeDirectory <$> getUserEntryForName user
diff --git a/TODO b/TODO
index 02283f0..39621d3 100644
--- a/TODO
+++ b/TODO
@@ -3,3 +3,4 @@
   but only once despite many config changes being made to satisfy
   properties. onChange is a poor substitute.
 * Apt upgrade does not avoid apt-listchanges and debconf prompts.
+* I often seem to want to be able to combine Properties monadically.