diff --git a/roles/fas_client/templates/fas.conf.j2 b/roles/fas_client/templates/fas.conf.j2
index d3af01dd47..1dae863058 100644
--- a/roles/fas_client/templates/fas.conf.j2
+++ b/roles/fas_client/templates/fas.conf.j2
@@ -26,7 +26,7 @@ cla_group = cla_done
 ; in 'groups'
 
 ; groups that should have a shell account on this system.
-{% if fas_client_groups %}
+{% if fas_client_groups is defined %}
 groups = sysadmin-main,{{ fas_client_groups }}
 {% else %}
 groups = sysadmin-main
@@ -40,7 +40,7 @@ restricted_groups =
 ; need to disable password based logins in order for this value to have any
 ; security meaning.  Group types can be placed here as well, for example
 ; @hg,@git,@svn
-{% if fas_client_ssh_groups %}
+{% if fas_client_ssh_groups is defined %}
 ssh_restricted_groups = {{ fas_client_ssh_groups }}
 {% else %}
 ssh_restricted_groups = 
@@ -66,14 +66,14 @@ home_backup_dir = /home/fedora.bak
 ; is a powerfull way to restrict access to a machine.  An alternative example
 ; could be given to people who should only have cvs access on the machine.
 ; setting this value to "/usr/bin/cvs server" would do this.
-{% if fas_client_restricted_app %}
+{% if fas_client_restricted_app is defined %}
 ssh_restricted_app = {{ fas_client_restricted_app }}
 {% else %}
 ssh_restricted_app = 
 {% endif %}
 
 ; ssh_admin_app - This is the path to an app that an admin is allowed to use.
-{% if fas_client_admin_app %}
+{% if fas_client_admin_app is defined %}
 ssh_admin_app = {{ fas_client_admin_app }}
 {% else %}
 ssh_admin_app =