diff --git a/salt/pillars/hosts/exsilio.sls b/salt/pillars/hosts/exsilio.sls
index 4faa42c..dde3658 100644
--- a/salt/pillars/hosts/exsilio.sls
+++ b/salt/pillars/hosts/exsilio.sls
@@ -10,3 +10,7 @@ packages:
 firefox:
   addons:
     Okta Browser Plugin: https://addons.mozilla.org/en-US/firefox/addon/okta-browser-plugin/
+
+groups:
+  libvirt:
+  kvm:
diff --git a/salt/pillars/top.sls b/salt/pillars/top.sls
index 58a6af8..57e7ccd 100644
--- a/salt/pillars/top.sls
+++ b/salt/pillars/top.sls
@@ -6,6 +6,7 @@ base:
     - hosts
     - repos.google_chrome
     - firewalld
+    - groups
     {% if grains['os'] == "SUSE" -%}
     - repos.packman
     {% endif %}
diff --git a/salt/states/files/40-custom.rules b/salt/states/files/40-custom.rules
new file mode 100644
index 0000000..da2c5c0
--- /dev/null
+++ b/salt/states/files/40-custom.rules
@@ -0,0 +1,3 @@
+polkit.addAdminRule(function(action, subject) {
+    return ["unix-group:wheel"];
+});
diff --git a/salt/states/groups.sls b/salt/states/groups.sls
new file mode 100644
index 0000000..173394b
--- /dev/null
+++ b/salt/states/groups.sls
@@ -0,0 +1,7 @@
+add {{ pillar['username'] }} to optional groups:
+  user.present:
+    - name: {{ pillar['username'] }}
+    - optional_groups:
+       {% for group, args in pillar['groups'].items() -%}
+       - {{ group }}
+       {% endfor %}
diff --git a/salt/states/top.sls b/salt/states/top.sls
index 55c20ff..f4fdfef 100644
--- a/salt/states/top.sls
+++ b/salt/states/top.sls
@@ -7,3 +7,5 @@ base:
     - firefox
     - sudo
     - firewalld
+    - groups
+    - polkit