diff --git a/zefie_wtvp_minisrv/ServiceVault/wtv-admin/admin.js b/zefie_wtvp_minisrv/ServiceVault/wtv-admin/admin.js
index fad5cf02..a9a9ac56 100644
--- a/zefie_wtvp_minisrv/ServiceVault/wtv-admin/admin.js
+++ b/zefie_wtvp_minisrv/ServiceVault/wtv-admin/admin.js
@@ -51,17 +51,17 @@ if (auth === true) {
 <tr>
 <td><strike><a href="wtv-admin:/whitelist">Whitelist an SSID</a></strike>
 <td width = 10>
-<td><strike><a href="wtv-admin:/removeuserpasswd">Remove Pass from User </a></strike>
+<td><a href="wtv-admin:/removeuserpasswd">Remove Pass from User </a>
 <tr>
 <td colspan=3 height=6>
 <tr>
 <td><strike><a href="wtv-admin:/addadmin">Grant Admin to SSID</a></strike>
 <td width = 10>
-<td><strike><a href="wtv-admin:/deladmin">Revoke Admin from SSID</a></strike>
+<td><strike><a href="wtv-admin:/modadmin">Modify Admin for SSID</a></strike>
 <tr>
 <td colspan=3 height=6>
 <tr>
-<td><!-- TODO -->
+<td><a href="wtv-admin:/polyzoot">Polyzoot a User</a>
 <td width = 10>
 <td><!-- TODO -->
 <tr>
diff --git a/zefie_wtvp_minisrv/ServiceVault/wtv-admin/findaccount.js b/zefie_wtvp_minisrv/ServiceVault/wtv-admin/findaccount.js
index d2518f59..23048614 100644
--- a/zefie_wtvp_minisrv/ServiceVault/wtv-admin/findaccount.js
+++ b/zefie_wtvp_minisrv/ServiceVault/wtv-admin/findaccount.js
@@ -60,12 +60,15 @@ wtv-noback-all: wtv-admin:/findaccount`;
                 }
                 data += `
 <tr>
-<td border=0 colspan=2>
-<a href="wtv-admin:/ban?ssid=${user_info.ssid}">Ban SSID</a>
- &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
-<a href="wtv-admin:/unban?unban_ssid=${user_info.ssid}">Unban SSID</a>
- &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
-<a href="wtv-admin:/deleteaccount?ssid=${user_info.ssid}">Delete Account</span>
+<td border=0 colspan=2>`;
+                if (wtva.isBanned(user_info.ssid)) {
+                    data += `<a href="wtv-admin:/unban?ssid=${user_info.ssid}">Unban SSID</a>`;
+                    data += "&nbsp;".repeat(28);
+                } else {
+                    data += `<a href="wtv-admin:/ban?ssid=${user_info.ssid}">Ban SSID</a>`;
+                    data += "&nbsp;".repeat(32);
+                }
+data += `<a href="wtv-admin:/deleteaccount?ssid=${user_info.ssid}">Delete Account</span>
 </td>
 </tr>
 `
diff --git a/zefie_wtvp_minisrv/ServiceVault/wtv-admin/images/polyzoot.jpg b/zefie_wtvp_minisrv/ServiceVault/wtv-admin/images/polyzoot.jpg
new file mode 100644
index 00000000..881753d7
Binary files /dev/null and b/zefie_wtvp_minisrv/ServiceVault/wtv-admin/images/polyzoot.jpg differ
diff --git a/zefie_wtvp_minisrv/ServiceVault/wtv-admin/polyzoot.js b/zefie_wtvp_minisrv/ServiceVault/wtv-admin/polyzoot.js
new file mode 100644
index 00000000..fb855ba5
--- /dev/null
+++ b/zefie_wtvp_minisrv/ServiceVault/wtv-admin/polyzoot.js
@@ -0,0 +1,133 @@
+var minisrv_service_file = true;
+
+var WTVAdmin = require("./WTVAdmin.js");
+var wtva = new WTVAdmin(minisrv_config, ssid_sessions[socket.ssid], service_name);
+var auth = wtva.isAuthorized();
+if (auth === true) {
+    var password = null;
+    if (request_headers.Authorization) {
+        var authheader = request_headers.Authorization.split(' ');
+        if (authheader[0] == "Basic") {
+            password = Buffer.from(authheader[1], 'base64').toString();
+            if (password) password = password.split(':')[1];
+        }
+    }
+    if (wtva.checkPassword(password)) {
+        if (request_headers.query.username) {
+            var user_info = wtva.getAccountInfo(request_headers.query.username.toLowerCase()); // username search
+            if (user_info) {
+                var userAccount = wtva.getAccountBySSID(user_info.ssid);
+                userAccount.switchUserID(user_info.user_id, false, false);
+                if (request_headers.query.confirm) {
+                    var polyzooot = 1407;
+                    var WTVBGMusic = require("./WTVBGMusic.js");
+                    var wtvbgm = new WTVBGMusic(minisrv_config, userAccount);
+                    var bgmcat = wtvbgm.getSongCategory(polyzooot);
+                    var music_obj = wtvbgm.getMusicObj();
+                    music_obj.enableCategories = [bgmcat];
+                    music_obj.enableSongs = [polyzooot];
+                    music_obj = Object.assign({}, music_obj)
+                    userAccount.setSessionData("wtv-bgmusic", music_obj);
+                    var settings_obj = userAccount.getSessionData("wtv-setup");
+                    if (settings_obj === null) settings_obj = {};
+                    settings_obj['setup-play-bgm'] = 1;
+                    userAccount.setSessionData("wtv-setup", Object.assign({}, settings_obj));
+                    userAccount.saveSessionData();
+                }
+                if (request_headers.query.reset) {
+                    var WTVBGMusic = require("./WTVBGMusic.js");
+                    userAccount.deleteSessionData("wtv-bgmusic")
+                    var wtvbgm = new WTVBGMusic(minisrv_config, userAccount);
+                    var music_obj = wtvbgm.getMusicObj(true);
+                    var settings_obj = userAccount.getSessionData("wtv-setup");
+                    if (settings_obj === null) settings_obj = {};
+                    settings_obj['setup-play-bgm'] = 0;
+                    userAccount.setSessionData("wtv-setup", Object.assign({}, settings_obj));
+                    userAccount.saveSessionData();
+                }
+            }
+        }
+        headers = `200 OK
+Content-Type: text/html
+wtv-expire-all: wtv-admin:/polyzoot
+wtv-noback-all: wtv-admin:/polyzoot`;
+        data = `<html>
+<body>
+<display nosave nosend>
+<title>${minisrv_config.config.service_name} Admin Tricks</title>
+<sidebar width=20%>
+<img src="wtv-admin:/images/polyzoot.jpg">
+</sidebar>
+<body bgcolor="#0a0a0a" text="#CC1111" link="#ff55ff" vlink="#ff55ff" vspace=0>
+<br>
+<br>
+<h1>${minisrv_config.config.service_name} Admin Tricks</h1>
+<br>
+<table>
+<tr>
+<td colspan=3 height=6>
+<h3>Polyzoot a User</h3>`;
+
+        if (!request_headers.query.username) {
+            data += `"Polyzooting" a user will replace their Background Music with only Polyzoot,
+and turn on BGM if they have it disabled. This will not work on Old Classic clients. 
+Also, the only way to undo a "Polyzooting" is to reset the user's music selection to default.<br><br>`
+        }
+
+data += `
+<form action="wtv-admin:/polyzoot" method="POST">
+<input type="text" name="username" value="${(request_headers.query.username) ? request_headers.query.username : ""}"> &nbsp; <input type="submit" value="Look Up User">
+</form><br><br>`
+        if (request_headers.query.username) {
+            if (user_info && !request_headers.query.confirm && !request_headers.query.reset) {
+                if (user_info.username == ssid_sessions[socket.ssid].getSessionData("subscriber_username")) {
+                    data += `Are you sure you want to Polyzoot <b>yourself</b>?<br>Are you a masochist?`;
+                } else {
+                    data += `Are you sure you want to Polyzoot <b>${user_info.username}</b>?<br>Are you a sadist?`;
+                }
+                data += `
+<br><br>
+<tr>
+<td>
+<form action="wtv-admin:/polyzoot" method="POST">
+<input type="hidden" name="username" value="${user_info.username}">
+<input type="hidden" name="reset" value="true">
+<input type="submit" value="Release This Soul (Reset)">
+</td>
+<td>
+<form action="wtv-admin:/polyzoot" method="POST">
+<input type="hidden" name="username" value="${user_info.username}">
+<input type="hidden" name="confirm" value="true">
+<input type="submit" value="Torture This Soul">
+</form>
+</td>
+</tr>
+`
+                data += `</table>`;
+            } else if (request_headers.query.confirm) {
+                data += `You have condemned <strong>${user_info.username}</strong><br> to endless loops of Polyzoot.<br><br>It will take effect upon their next login.<br><br>`;
+            } else if (request_headers.query.reset) {
+                data += `You have freed <strong>${user_info.username}'s</strong> soul<br> from the bounds of Polyzoot.<br><br>It will take effect upon their next login.<br><br>`;
+            } 
+        }
+        data += `
+<br>
+<br>
+<tr>
+</table>
+<p align="right">
+<a href="client:goback">Go Back</a>
+</p>
+</body>
+</html>
+`;
+    } else {
+        var errpage = wtvshared.doErrorPage(401, "Please enter the administration password, you can leave the username blank.");
+        headers = errpage[0];
+        data = errpage[1];
+    }
+} else {
+    var errpage = wtvshared.doErrorPage(403, auth);
+    headers = errpage[0];
+    data = errpage[1];
+}
\ No newline at end of file
diff --git a/zefie_wtvp_minisrv/ServiceVault/wtv-admin/removeuserpasswd.js b/zefie_wtvp_minisrv/ServiceVault/wtv-admin/removeuserpasswd.js
new file mode 100644
index 00000000..e66a6d52
--- /dev/null
+++ b/zefie_wtvp_minisrv/ServiceVault/wtv-admin/removeuserpasswd.js
@@ -0,0 +1,109 @@
+var minisrv_service_file = true;
+
+var WTVAdmin = require("./WTVAdmin.js");
+var wtva = new WTVAdmin(minisrv_config, ssid_sessions[socket.ssid], service_name);
+var auth = wtva.isAuthorized();
+if (auth === true) {
+    var password = null;
+    if (request_headers.Authorization) {
+        var authheader = request_headers.Authorization.split(' ');
+        if (authheader[0] == "Basic") {
+            password = Buffer.from(authheader[1], 'base64').toString();
+            if (password) password = password.split(':')[1];
+        }
+    }
+    if (wtva.checkPassword(password)) {
+        if (request_headers.query.username) {
+            var show_cannot_modify_self = false;
+            var show_user_has_no_password = false;
+            var user_info = wtva.getAccountInfo(request_headers.query.username.toLowerCase()); // username search
+            if (user_info) {
+                if (user_info.ssid == socket.ssid) {
+                    show_cannot_modify_self = true;
+                }
+                var userAccount = wtva.getAccountBySSID(user_info.ssid);
+                userAccount.switchUserID(user_info.user_id, false, false);
+                if (!userAccount.getUserPasswordEnabled()) {
+                    show_user_has_no_password = true;
+                }
+                if (request_headers.query.confirm_remove) {
+                    if (!show_cannot_modify_self && !show_user_has_no_password) {
+                        userAccount.disableUserPassword();
+                    } 
+                } 
+            }
+        }
+        headers = `200 OK
+Content-Type: text/html
+wtv-expire-all: wtv-admin:/removeuserpasswd
+wtv-noback-all: wtv-admin:/removeuserpasswd`;
+        data = `<html>
+<body>
+<display nosave nosend>
+<title>${minisrv_config.config.service_name} Admin Tricks</title>
+<sidebar width=20%>
+<img src="wtv-admin:/images/nuke.gif">
+</sidebar>
+<body bgcolor="#0a0a0a" text="#CC1111" link="#ff55ff" vlink="#ff55ff" vspace=0>
+<br>
+<br>
+<h1>${minisrv_config.config.service_name} Admin Tricks</h1>
+<br>
+<table>
+<tr>
+<td colspan=3 height=6>
+<h3>Remove Password from a User Account</h3>
+<form action="wtv-admin:/removeuserpasswd" method="POST">
+<input type="text" name="username" value="${(request_headers.query.username) ? request_headers.query.username : ""}"> &nbsp; <input type="submit" value="Look Up User">
+</form><br><br>`
+        if (request_headers.query.username) {
+            if (user_info && !request_headers.query.confirm_remove && !show_user_has_no_password && !show_cannot_modify_self) {
+                data += `
+<strong>User Information:</strong>
+<table border=1 cellpadding=3 width=400>
+<tr><td>Username:</td><td>${user_info.username} (User ID: ${user_info.user_id})</td></tr>
+<tr><td>SSID:</td><td>${user_info.ssid}</td></tr>`;
+                if (user_info.account_users) {
+                    data += `<tr><td>Primary User:</td><td>${user_info.account_users['subscriber'].subscriber_username}</td></tr>`;
+                }
+                data += `
+<tr>
+<td border=0 colspan=2 align=right>
+<form action="wtv-admin:/removeuserpasswd" method="POST">
+<input type="hidden" name="username" value="${user_info.username}">
+<input type="hidden" name="confirm_remove" value="true">
+<input type="submit" value="Confirm Password Removal">
+</form>
+</td>
+</tr>
+`
+                data += `</table>`;
+            } else if (show_cannot_modify_self) {
+                data += `<strong>Cannot modify your account in this manner.<br>Try <a href="wtv-setup:/accounts">wtv-setup</a>.</strong><br><br>`;
+            } else if (show_user_has_no_password) {
+                data += `<strong>${user_info.username} has no password,<br>so there nothing to do.<br><br>`;
+            } else {
+                data += `<strong>Password removed from account "${user_info.username}"</strong><br><br>`;
+            }
+        }
+        data += `
+<br>
+<br>
+<tr>
+</table>
+<p align="right">
+<a href="client:goback">Go Back</a>
+</p>
+</body>
+</html>
+`;
+    } else {
+        var errpage = wtvshared.doErrorPage(401, "Please enter the administration password, you can leave the username blank.");
+        headers = errpage[0];
+        data = errpage[1];
+    }
+} else {
+    var errpage = wtvshared.doErrorPage(403, auth);
+    headers = errpage[0];
+    data = errpage[1];
+}
\ No newline at end of file
diff --git a/zefie_wtvp_minisrv/WTVAdmin.js b/zefie_wtvp_minisrv/WTVAdmin.js
index 78aff4ca..0c428d9e 100644
--- a/zefie_wtvp_minisrv/WTVAdmin.js
+++ b/zefie_wtvp_minisrv/WTVAdmin.js
@@ -148,6 +148,17 @@ class WTVAdmin {
         userSession.user_id = 0;
         return userSession;
     }
+
+    isBanned(ssid) {
+        var self = this;
+        var isBanned = false;
+        Object.keys(this.minisrv_config.config.ssid_block_list).forEach(function (k) {
+            if (self.minisrv_config.config.ssid_block_list[k] == ssid) {
+                isBanned = true;
+            }
+        });
+        return isBanned;
+    }
 }
 
 module.exports = WTVAdmin;
diff --git a/zefie_wtvp_minisrv/WTVBGMusic.js b/zefie_wtvp_minisrv/WTVBGMusic.js
index 2cfa8bdd..0fe4c2a6 100644
--- a/zefie_wtvp_minisrv/WTVBGMusic.js
+++ b/zefie_wtvp_minisrv/WTVBGMusic.js
@@ -1252,12 +1252,12 @@ class WTVBGMusic {
         this.wtvshared = new WTVShared(minisrv_config);
     }
 
-    getMusicObj() {
+    getMusicObj(force_default = false) {
         var music_obj = this.session_data.getSessionData("wtv-bgmusic");
         if (music_obj === null) music_obj = {};
 
         // check if we need to set defaults
-        var setDefaults = false;
+        var setDefaults = force_default;
         if (!music_obj.enableCategories) setDefaults = true;
         else if (music_obj.enableCategories.length == 0) setDefaults = true;
         if (!music_obj.enableSongs) setDefaults = true;
diff --git a/zefie_wtvp_minisrv/WTVClientSessionData.js b/zefie_wtvp_minisrv/WTVClientSessionData.js
index 68ab198b..0a1be9b1 100644
--- a/zefie_wtvp_minisrv/WTVClientSessionData.js
+++ b/zefie_wtvp_minisrv/WTVClientSessionData.js
@@ -451,7 +451,7 @@ class WTVClientSessionData {
     getUserPasswordEnabled() {
         if (!this.minisrv_config.config.passwords.enabled) return false; // master config override
         var enabled = this.getSessionData("subscriber_password");
-        return (enabled); // true if set, false if null/disabled
+        return (enabled != null && typeof enabled != undefined); // true if set, false if null/disabled
     }
 
     validateUserPassword(passwd) {
diff --git a/zefie_wtvp_minisrv/config.json b/zefie_wtvp_minisrv/config.json
index 40308694..07f8dd7f 100644
--- a/zefie_wtvp_minisrv/config.json
+++ b/zefie_wtvp_minisrv/config.json
@@ -113,6 +113,7 @@
     },
     "wtv-admin": {
       "port": 1698,
+      "enable_multi_query": true,
       "password": "viRak-7"
     },
     "http": {

+ Polyzoot a User `; + + if (!request_headers.query.username) { + data += `"Polyzooting" a user will replace their Background Music with only Polyzoot, +and turn on BGM if they have it disabled. This will not work on Old Classic clients. +Also, the only way to undo a "Polyzooting" is to reset the user's music selection to default. ` + } + +data += ` + + + ` + if (request_headers.query.username) { + if (user_info && !request_headers.query.confirm && !request_headers.query.reset) { + if (user_info.username == ssid_sessions[socket.ssid].getSessionData("subscriber_username")) { + data += `Are you sure you want to Polyzoot yourself? Are you a masochist?`; + } else { + data += `Are you sure you want to Polyzoot ${user_info.username}? Are you a sadist?`; + } + data += ` + +
+ + + + +	+ + + + + +