diff --git a/salt/idh/defaults/httpproxy.defaults.yaml b/salt/idh/defaults/httpproxy.defaults.yaml
index 6b9b97558..32ef4a961 100644
--- a/salt/idh/defaults/httpproxy.defaults.yaml
+++ b/salt/idh/defaults/httpproxy.defaults.yaml
@@ -1,7 +1,7 @@
 idh:
   opencanary:
     config:
-      httpproxy.enabled: false
+      httpproxy.enabled: true
       httpproxy.port: 8080
       httpproxy.skin: squid
       httproxy.skin.list:
diff --git a/salt/idh/defaults/mysql.defaults.yaml b/salt/idh/defaults/mysql.defaults.yaml
index 4cff7c628..98c6d2041 100644
--- a/salt/idh/defaults/mysql.defaults.yaml
+++ b/salt/idh/defaults/mysql.defaults.yaml
@@ -1,6 +1,6 @@
 idh:
   opencanary:
     config:
-      mysql.enabled: false
+      mysql.enabled: true
       mysql.port: 3306
       mysql.banner: 5.5.43-0ubuntu0.14.04.1
\ No newline at end of file
diff --git a/salt/idh/defaults/ntp.defaults.yaml b/salt/idh/defaults/ntp.defaults.yaml
index e3968068e..a7df2d460 100644
--- a/salt/idh/defaults/ntp.defaults.yaml
+++ b/salt/idh/defaults/ntp.defaults.yaml
@@ -1,5 +1,5 @@
 idh:
   opencanary:
     config:
-      ntp.enabled: false
+      ntp.enabled: true
       ntp.port: '123'
\ No newline at end of file
diff --git a/salt/idh/defaults/rdp.defaults.yaml b/salt/idh/defaults/rdp.defaults.yaml
deleted file mode 100644
index fb406e123..000000000
--- a/salt/idh/defaults/rdp.defaults.yaml
+++ /dev/null
@@ -1,5 +0,0 @@
-idh:
-  opencanary:
-    config:
-      rdp.enabled: false
-      rdp.port: 3389
\ No newline at end of file
diff --git a/salt/idh/defaults/redis.defaults.yaml b/salt/idh/defaults/redis.defaults.yaml
index 6c594f736..90e190f09 100644
--- a/salt/idh/defaults/redis.defaults.yaml
+++ b/salt/idh/defaults/redis.defaults.yaml
@@ -1,5 +1,5 @@
 idh:
   opencanary:
     config:
-      redis.enabled: false
+      redis.enabled: true
       redis.port: 6379
\ No newline at end of file
diff --git a/salt/idh/defaults/sip.defaults.yaml b/salt/idh/defaults/sip.defaults.yaml
index 1981c178d..740a13234 100644
--- a/salt/idh/defaults/sip.defaults.yaml
+++ b/salt/idh/defaults/sip.defaults.yaml
@@ -1,5 +1,5 @@
 idh:
   opencanary:
     config:
-      sip.enabled: false
+      sip.enabled: true
       sip.port: 5060
\ No newline at end of file
diff --git a/salt/idh/defaults/smb.defaults.yaml b/salt/idh/defaults/smb.defaults.yaml
index fbf8c12b6..e92e0239a 100644
--- a/salt/idh/defaults/smb.defaults.yaml
+++ b/salt/idh/defaults/smb.defaults.yaml
@@ -2,4 +2,4 @@ idh:
   opencanary:
     config:
       smb.auditfile: /var/log/samba-audit.log
-      smb.enabled: false
\ No newline at end of file
+      smb.enabled: true
\ No newline at end of file
diff --git a/salt/idh/defaults/snmp.defaults.yaml b/salt/idh/defaults/snmp.defaults.yaml
index 981dceaeb..990bf919e 100644
--- a/salt/idh/defaults/snmp.defaults.yaml
+++ b/salt/idh/defaults/snmp.defaults.yaml
@@ -1,5 +1,5 @@
 idh:
   opencanary:
     config:
-      snmp.enabled: false
+      snmp.enabled: true
       snmp.port: 161
\ No newline at end of file
diff --git a/salt/idh/defaults/ssh.defaults.yaml b/salt/idh/defaults/ssh.defaults.yaml
index aed7de490..00dcfbcf8 100644
--- a/salt/idh/defaults/ssh.defaults.yaml
+++ b/salt/idh/defaults/ssh.defaults.yaml
@@ -1,6 +1,6 @@
 idh:
   opencanary:
     config:
-      ssh.enabled: false
+      ssh.enabled: true
       ssh.port: 22
       ssh.version: SSH-2.0-OpenSSH_5.1p1 Debian-4
\ No newline at end of file
diff --git a/salt/idh/defaults/tftp.defaults.yaml b/salt/idh/defaults/tftp.defaults.yaml
index 01996ed3b..5f275839f 100644
--- a/salt/idh/defaults/tftp.defaults.yaml
+++ b/salt/idh/defaults/tftp.defaults.yaml
@@ -1,5 +1,5 @@
 idh:
   opencanary:
     config:
-      tftp.enabled: false
+      tftp.enabled: true
       tftp.port: 69
\ No newline at end of file
diff --git a/setup/so-functions b/setup/so-functions
index 90ced3b41..eea5da332 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -462,7 +462,6 @@ collect_idh_services() {
 		;;
 		'Custom')
 			whiptail_idh_services_custom
-			echo $idh_services
 		;;
 	esac
 }
@@ -884,6 +883,7 @@ check_requirements() {
 		req_cores=4
 		if [[ "$node_type" == 'sensor' ]]; then req_nics=2; else req_nics=1; fi
 		if [[ "$node_type" == 'fleet' ]]; then req_mem=4; fi
+		if [[ "$node_type" == 'idh' ]]; then req_mem=1 req_cores=2; fi
 	elif [[ "$standalone_or_dist" == 'import' ]]; then
 		req_mem=4
 		req_cores=2
@@ -2850,12 +2850,13 @@ wait_for_salt_minion() {
 }
 
 write_out_idh_services() {
+	local pillar_file="$temp_install_dir"/pillar/minions/"$MINION_ID".sls
+
 	printf '%s\n'\
 	"idh:"\
-	"  opencanary:"\
-	"    config:" >> "$minion_config"
+	"  services:" >> "$pillar_file"
 	for service in ${idh_services[@]}; do
-      echo "      - $service" >> "$minion_config"
+	  echo "    - $service" | tr '[:upper:]' '[:lower:]' >> "$pillar_file"
     done
 }
 
diff --git a/setup/so-setup b/setup/so-setup
index dc9b5abb5..cf3dabfaa 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -280,6 +280,8 @@ if ! [[ -f $install_opt_file ]]; then
 		check_requirements "standalone"
 	elif [[ $is_fleet_standalone ]]; then
 		check_requirements "dist" "fleet"
+	elif [[ $is_idh ]]; then
+		check_requirements "dist" "idh"
 	elif [[ $is_sensor && ! $is_eval ]]; then
 		check_requirements "dist" "sensor"
 	elif [[ $is_distmanager || $is_minion ]] && [[ ! $is_import ]]; then
@@ -750,6 +752,12 @@ echo "1" > /root/accept_changes
 		logstash_pillar >> $setup_log 2>&1
 	fi
 
+	if [[ $is_idh ]]; then
+		# Write out services to minion pillar file
+		set_progress_str 19 'Generating IDH services pillar'
+		write_out_idh_services
+	fi
+
 
 	if [[ $is_minion ]]; then
 		set_progress_str 20 'Accepting Salt key on manager'
@@ -919,9 +927,6 @@ echo "1" > /root/accept_changes
 	fi
 
 	if [[ $is_idh ]]; then
-		# Write out services to minion pillar file
-		write_out_idh_services
-
 		set_progress_str 79 "$(print_salt_state_apply 'idh')"
 		salt-call state.apply -l info idh >> $setup_log 2>&1
 
diff --git a/setup/so-whiptail b/setup/so-whiptail
index 96a145d2d..b6db2d9a7 100755
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -432,6 +432,14 @@ whiptail_end_settings() {
 	Hostname: $HOSTNAME
 	EOM
 
+	if [[ $is_idh ]]; then
+		__append_end_msg "IDH Services Enabled:"
+	   for service in ${idh_services[@]}; do
+		__append_end_msg "- $service"
+      done
+
+	fi
+
 	[[ -n $NODE_DESCRIPTION ]] && __append_end_msg "Description: $NODE_DESCRIPTION"
 
 	[[ $is_airgap ]] && __append_end_msg "Airgap: True"
@@ -832,14 +840,12 @@ whiptail_install_type_dist_existing() {
 
 	local node_msg
 	read -r -d '' node_msg <<- EOM
-	Choose a distributed node type to join to an existing grid.
-	
-	See https://docs.securityonion.net/architecture for details.
+	Choose a distributed node type to join to an existing grid. See https://docs.securityonion.net/architecture for details.
 
 	Note: Heavy nodes (HEAVYNODE) are NOT recommended for most users.
 	EOM
 	
-	install_type=$(whiptail --title "$whiptail_title" --radiolist "$node_msg" 19 58 5 \
+	install_type=$(whiptail --title "$whiptail_title" --radiolist "$node_msg" 19 58 6 \
 		"SENSOR" "Create a forward only sensor " ON \
 		"SEARCHNODE" "Add a search node with parsing " OFF \
 		"FLEET" "Dedicated Fleet Osquery Node " OFF \