diff --git a/roles/matrix-awx/surveys/backup_server.json.j2 b/roles/matrix-awx/surveys/backup_server.json.j2
index 80782b74..acb6e356 100644
--- a/roles/matrix-awx/surveys/backup_server.json.j2
+++ b/roles/matrix-awx/surveys/backup_server.json.j2
@@ -16,4 +16,3 @@
     }
   ]
 }
-
diff --git a/roles/matrix-awx/tasks/customise_website_access_export.yml b/roles/matrix-awx/tasks/customise_website_access_export.yml
index b7e27e9d..29019766 100755
--- a/roles/matrix-awx/tasks/customise_website_access_export.yml
+++ b/roles/matrix-awx/tasks/customise_website_access_export.yml
@@ -128,18 +128,13 @@
     validate_certs: yes
   when: customise_base_domain_website is undefined
 
-- name: Ensure group "sftp" exists
-  group:
-    name: sftp
-    state: present
-
 - name: If user doesn't define a sftp_password, create a disabled 'sftp' account
   user:
     name: sftp
     comment: SFTP user to set custom web files and access servers export
     shell: /bin/false
     home: /home/sftp
-    group: sftp
+    group: matrix
     password: '*'
     update_password: always
   when: sftp_password|length == 0
@@ -150,15 +145,20 @@
     comment: SFTP user to set custom web files and access servers export
     shell: /bin/false
     home: /home/sftp
-    group: sftp
+    group: matrix
     password: "{{ sftp_password | password_hash('sha512') }}"
     update_password: always
   when: sftp_password|length > 0
 
+- name: Ensure group "sftp" exists
+  group:
+    name: sftp
+    state: present
+
 - name: adding existing user 'sftp' to group matrix
   user:
     name: sftp
-    groups: matrix
+    groups: sftp
     append: yes
   when: customise_base_domain_website is defined
 
@@ -214,14 +214,14 @@
     group: sftp
     mode: '0644'
   when: (sftp_public_key | length > 0) and (sftp_auth_method == "SSH Key")
-
-- name: Alter SSH Subsystem State 1
+    
+- name: Remove any existing Subsystem lines
   lineinfile:
     path: /etc/ssh/sshd_config
-    line: "Subsystem sftp	/usr/lib/openssh/sftp-server"
     state: absent
+    regexp: '^Subsystem'
 
-- name: Alter SSH Subsystem State 2
+- name: Set SSH Subsystem State
   lineinfile:
     path: /etc/ssh/sshd_config
     insertafter: "^# override default of no subsystems"
diff --git a/roles/matrix-awx/tasks/purge_media_local.yml b/roles/matrix-awx/tasks/purge_media_local.yml
index fcb4770f..b07c32ea 100644
--- a/roles/matrix-awx/tasks/purge_media_local.yml
+++ b/roles/matrix-awx/tasks/purge_media_local.yml
@@ -6,7 +6,7 @@
 
 - name: Purge local media to specific date
   shell: |
-    curl -X POST --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/media/matrix.{{ matrix_domain }}/delete?before_ts={{ epoche_time.stdout }}'
+    curl -X POST --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/media/matrix.{{ matrix_domain }}/delete?before_ts={{ epoche_time.stdout }}000'
   register: purge_command
   
 - name: Print output of purge command
diff --git a/roles/matrix-awx/tasks/purge_media_main.yml b/roles/matrix-awx/tasks/purge_media_main.yml
index 77a8fecc..84e73a8b 100644
--- a/roles/matrix-awx/tasks/purge_media_main.yml
+++ b/roles/matrix-awx/tasks/purge_media_main.yml
@@ -17,15 +17,16 @@
     - jq
     state: present
 
-- name: Collect access token for janitor user
-  shell: |
-    curl -XPOST -d '{"type":"m.login.password", "user":"janitor", "password":"{{ matrix_awx_janitor_user_password }}"}' "https://matrix.{{ matrix_domain }}/_matrix/client/r0/login" | jq '.access_token'
-  register: janitors_token
-  
 - name: Collect the internal IP of the matrix-synapse container
   shell: "/usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse"
   register: synapse_container_ip
-    
+
+- name: Collect access token for janitor user
+  shell: |
+    curl -XPOST -d '{"type":"m.login.password", "user":"janitor", "password":"{{ matrix_awx_janitor_user_password }}"}' "{{ synapse_container_ip.stdout }}:8008/_matrix/client/r0/login" | jq '.access_token'
+  register: janitors_token
+  no_log: True
+
 - name: Generate list of dates to purge to
   delegate_to: 127.0.0.1
   shell: "dateseq {{ matrix_purge_from_date }} {{ matrix_purge_to_date }}"
diff --git a/roles/matrix-awx/tasks/purge_media_remote.yml b/roles/matrix-awx/tasks/purge_media_remote.yml
index 14f9c8d5..c2f75c81 100644
--- a/roles/matrix-awx/tasks/purge_media_remote.yml
+++ b/roles/matrix-awx/tasks/purge_media_remote.yml
@@ -6,7 +6,7 @@
 
 - name: Purge remote media to specific date
   shell: |
-    curl -X POST --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_media_cache?before_ts={{ epoche_time.stdout }}'
+    curl -X POST --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_media_cache?before_ts={{ epoche_time.stdout }}000'
   register: purge_command
   
 - name: Print output of purge command