diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common
index dc5ae2123..5cdb9e57a 100755
--- a/salt/common/tools/sbin/so-common
+++ b/salt/common/tools/sbin/so-common
@@ -8,10 +8,12 @@
 DEFAULT_SALT_DIR=/opt/so/saltstack/default
 DOC_BASE_URL="https://docs.securityonion.net/en/2.4"
 
-# Check for prerequisites
-if [ "$(id -u)" -ne 0 ]; then
-	echo "This script must be run using sudo!"
-	exit 1
+if [ -z $NOROOT ]; then
+	# Check for prerequisites
+	if [ "$(id -u)" -ne 0 ]; then
+		echo "This script must be run using sudo!"
+		exit 1
+	fi
 fi
 
 # Define a banner to separate sections
diff --git a/salt/manager/defaults.yaml b/salt/manager/defaults.yaml
new file mode 100644
index 000000000..8bb34690e
--- /dev/null
+++ b/salt/manager/defaults.yaml
@@ -0,0 +1,5 @@
+manager:
+  reposync:
+    enabled: True
+    hour: 3
+    minute: 0
\ No newline at end of file
diff --git a/salt/common/tools/sbin/so-repo-sync b/salt/manager/files/so-repo-sync
similarity index 75%
rename from salt/common/tools/sbin/so-repo-sync
rename to salt/manager/files/so-repo-sync
index c69aa44ad..051a1fff7 100644
--- a/salt/common/tools/sbin/so-repo-sync
+++ b/salt/manager/files/so-repo-sync
@@ -4,7 +4,7 @@
 # or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.
-
+NOROOT=1
 . /usr/sbin/so-common
 
 set_version
@@ -12,5 +12,5 @@ set_os
 salt_minion_count
 
 curl --retry 5 --retry-delay 60 -A 'checkin/$VERSION/$OS/$(uname -r)/$MINIONCOUNT' https://sigs.securityonion.net/checkup --output /tmp/checkup
-dnf reposync --norepopath -g --delete -m -c /root/repodownload.conf --repoid=securityonionsync --download-metadata -p /nsm/repo/
+dnf reposync --norepopath -g --delete -m -c /opt/so/conf/reposync/repodownload.conf --repoid=securityonionsync --download-metadata -p /nsm/repo/
 createrepo /nsm/repo	
\ No newline at end of file
diff --git a/salt/manager/init.sls b/salt/manager/init.sls
index a360fb2c5..4db979266 100644
--- a/salt/manager/init.sls
+++ b/salt/manager/init.sls
@@ -7,6 +7,8 @@
 {% if sls in allowed_states %}
 {% from 'vars/globals.map.jinja' import GLOBALS %}
 {% from 'strelka/map.jinja' import STRELKAMERGED %}
+{% import_yaml 'manager/defaults.yaml' as MANAGERDEFAULTS %}
+{% set MANAGERMERGED = salt['pillar.get']('manager', MANAGERDEFAULTS.manager, merge=true) %}
 
 include:
   - salt.minion
@@ -14,6 +16,52 @@ include:
   - manager.sync_es_users
   - manager.elasticsearch
 
+repo_log_dir:
+  file.directory:
+    - name: /opt/so/log/reposync
+    - user: socore
+    - group: socore
+    - recurse:
+      - user
+      - group
+
+repo_conf_dir:
+  file.directory:
+    - name: /opt/so/conf/reposync
+    - user: socore
+    - group: socore
+    - recurse:
+      - user
+      - group
+
+repo_dir:
+  file.directory:
+    - name: /nsm/repo
+    - user: socore
+    - group: socore
+    - recurse:
+      - user
+      - group
+
+repo_sync_script:
+  file.managed:
+    - name: /usr/sbin/so-repo-sync
+    - source: salt://manager/files/so-repo-sync
+    - user: root
+    - group: root
+    - mode: 755
+
+reposync_cron:
+  {% if MANAGERMERGED.reposync.enabled %}
+  cron.present:
+  {% else %}
+  cron.absent:
+  {% endif %}
+    - user: socore
+    - name: '/usr/sbin/so-repo-sync >> /opt/so/log/reposync/reposync.log 2>&1'
+    - hour: '{{ MANAGERMERGED.reposync.hour }}'
+    - minute: '{{ MANAGERMERGED.reposync.minute }}'
+
 socore_own_saltstack:
   file.directory:
     - name: /opt/so/saltstack
diff --git a/salt/manager/soc_manager.yaml b/salt/manager/soc_manager.yaml
index e6e58e524..437c14ad9 100644
--- a/salt/manager/soc_manager.yaml
+++ b/salt/manager/soc_manager.yaml
@@ -1,4 +1,17 @@
 manager:
+  reposync:
+    enabled:
+      description: This is the daily task of syncing the Security Onion OS packages. It is recommended that you leave this enabled.
+      global: True
+      helpLink: manager.html
+    hour:
+      description: The hour of the day in which the repo sync takes place.
+      global: True
+      helpLink: manager.html 
+    minute:
+      description: The minute within the hour to run the repo sync.
+      global: True
+      helpLink: manager.html
   elastalert:
     description: Enable elastalert 1=enabled 0=disabled.
     global: True
diff --git a/setup/so-functions b/setup/so-functions
index 96c357c74..807d29575 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1967,28 +1967,28 @@ repo_sync_local() {
 	# Check for reposync
 	info "Backing up old repos"
 	mkdir -p /nsm/repo
-	mkdir -p /root/reposync_cache
-	echo "[main]" > /root/repodownload.conf
-	echo "gpgcheck=1" >> /root/repodownload.conf
-	echo "installonly_limit=3" >> /root/repodownload.conf
-	echo "clean_requirements_on_remove=True" >> /root/repodownload.conf
-	echo "best=True" >> /root/repodownload.conf
-	echo "skip_if_unavailable=False" >> /root/repodownload.conf
-	echo "cachedir=/root/reposync_cache" >> /root/repodownload.conf 
-	echo "keepcache=0" >> /root/repodownload.conf 
-	echo "[securityonionsync]" >> /root/repodownload.conf
-	echo "name=Security Onion Repo repo" >> /root/repodownload.conf
-	echo "baseurl=https://repo.securityonion.net/file/securityonion-repo/2.4/" >> /root/repodownload.conf
-	echo "enabled=1" >> /root/repodownload.conf
-	echo "gpgcheck=1" >> /root/repodownload.conf
-	echo "gpgkey=https://repo.securityonion.net/file/securityonion-repo/keys/securityonion.pub" >> /root/repodownload.conf
+	mkdir -p /opt/so/conf/reposync/cache
+	echo "[main]" > /opt/so/conf/reposync/repodownload.conf
+	echo "gpgcheck=1" >> /opt/so/conf/reposync/repodownload.conf
+	echo "installonly_limit=3" >> /opt/so/conf/reposync/repodownload.conf
+	echo "clean_requirements_on_remove=True" >> /opt/so/conf/reposync/repodownload.conf
+	echo "best=True" >> /opt/so/conf/reposync/repodownload.conf
+	echo "skip_if_unavailable=False" >> /opt/so/conf/reposync/repodownload.conf
+	echo "cachedir=/opt/so/conf/reposync/cache" >> /opt/so/conf/reposync/repodownload.conf
+	echo "keepcache=0" >> /opt/so/conf/reposync/repodownload.conf
+	echo "[securityonionsync]" >> /opt/so/conf/reposync/repodownload.conf
+	echo "name=Security Onion Repo repo" >> /opt/so/conf/reposync/repodownload.conf
+	echo "baseurl=https://repo.securityonion.net/file/securityonion-repo/2.4/" >> /opt/so/conf/reposync/repodownload.conf
+	echo "enabled=1" >> /opt/so/conf/reposync/repodownload.conf
+	echo "gpgcheck=1" >> /opt/so/conf/reposync/repodownload.conf
+	echo "gpgkey=https://repo.securityonion.net/file/securityonion-repo/keys/securityonion.pub" >> /opt/so/conf/reposync/repodownload.conf
 
 	logCmd "dnf repolist"
 	# Make sure we can get to the sig repo
-    logCmd "curl --retry 5 --retry-delay 60 -A 'gridinstall/$SOVERSION/$OS/$(uname -r)/1' https://sigs.securityonion.net/checkup --output /tmp/checkup" 
-	logCmd "dnf reposync --norepopath -g --delete -m -c /root/repodownload.conf --repoid=securityonionsync --download-metadata -p /nsm/repo/"
+    logCmd "curl --retry 5 --retry-delay 60 -A 'gridinstall/$SOVERSION/$OS/$(uname -r)/1' https://sigs.securityonion.net/checkup --output /tmp/install" 
+	logCmd "dnf reposync --norepopath -g --delete -m -c /opt/so/conf/reposync/repodownload.conf --repoid=securityonionsync --download-metadata -p /nsm/repo/"
 	# Run it again and make sure we got allt he things
-	logCmd "dnf reposync --norepopath -g --delete -m -c /root/repodownload.conf --repoid=securityonionsync --download-metadata -p /nsm/repo/"
+	logCmd "dnf reposync --norepopath -g --delete -m -c /opt/so/conf/reposync/repodownload.conf --repoid=securityonionsync --download-metadata -p /nsm/repo/"
 
 	# After the download is complete run createrepo
 	create_repo