diff --git a/profiles/unl_profile/unl_profile.install b/profiles/unl_profile/unl_profile.install
index 70224d08dfbe78655e6fe7b713ee6ccb06cb9d8b..9e89c7198aa1e740c77f11dfa946ba01d425574a 100644
--- a/profiles/unl_profile/unl_profile.install
+++ b/profiles/unl_profile/unl_profile.install
@@ -260,10 +260,29 @@ EOF;
         // Only enable CAS on subsites until we get some sort of bootstrap setup.
         module_enable(array('unl_cas'));
         
-        // Copy permissions from the parent site to the new site.
-        db_query("TRUNCATE {$new_prefix}role_permission")->execute();
-        // I'm using REPLACE because I keep getting duplicate entry errors, despite inserting into what should be an empty table.
-        db_query("REPLACE INTO {$new_prefix}role_permission (rid, permission, module) SELECT rid, permission, module FROM {$shared_prefix}role_permission")->execute();
+        
+        // Copy the authenticated user role's permissions for text formats from the default site.
+        db_query("REPLACE INTO {$new_prefix}role_permission (rid, permission, module) SELECT rid, permission, module FROM {$shared_prefix}role_permission WHERE rid=:rid AND module='filter'", array(':rid' => DRUPAL_AUTHENTICATED_RID));
+        
+        // Create the Site Admin role
+        $site_admin_role = new stdClass();
+        $site_admin_role->name = 'Site Admin';
+        $site_admin_role->weight = 2;
+        user_role_save($site_admin_role);
+        
+        // Assign most permissions to the Site Admin role.
+        $all_permissions = module_invoke_all('permission');
+        unset($all_permissions['unl administer administrator permissions']);
+        unset($all_permissions['unl site creation']);
+        unset($all_permissions['administer modules']);
+        unset($all_permissions['administer themes']);
+        unset($all_permissions['administer software updates']);
+        unset($all_permissions['administer imce']);
+        unset($all_permissions['administer filters']);
+        foreach (array_keys(module_invoke('filter', 'permission')) as $permission) {
+          unset($all_permissions[$permission]);
+        }
+        user_role_grant_permissions($site_admin_role->rid, array_keys($all_permissions));
     }
     
     
diff --git a/sites/all/modules/unl/unl.module b/sites/all/modules/unl/unl.module
index b647e69cc5038e16535f94010f2607da09a1374e..6eea4d43f23ec5c6854a094e5f708fadb020abc5 100644
--- a/sites/all/modules/unl/unl.module
+++ b/sites/all/modules/unl/unl.module
@@ -189,6 +189,30 @@ function unl_form_alter(&$form, $form_state, $form_id) {
       unset($form['checkboxes'][$role_id]);
     }
     
+    if (!in_array(variable_get('user_admin_role'), array_keys($GLOBALS['user']->roles))) {
+      $administrator_permissions = array(
+        'unl administer administrator permissions',
+        'unl site creation',
+        'administer modules',
+        'administer themes',
+        'administer software updates',
+        'administer imce',
+        'administer filters',
+      );
+    
+      foreach ($form['permission'] as $permission => $sub_form) {
+        if (in_array($permission, $administrator_permissions)) {
+          unset($form['permission'][$permission]);
+        }
+      }
+      foreach ($form['checkboxes'] as $role_id => $sub_form) {
+        foreach ($sub_form['#options'] as $permission => $value) {
+          if (in_array($permission, $administrator_permissions)) {
+            unset($form['checkboxes'][$role_id]['#options'][$permission]);
+          }
+        }
+      }
+    }
   }
 }