diff --git a/inc/inc.ClassSettings.php b/inc/inc.ClassSettings.php
index d90969744..a2973cd82 100644
--- a/inc/inc.ClassSettings.php
+++ b/inc/inc.ClassSettings.php
@@ -52,6 +52,8 @@ class Settings { /* {{{ */
 	var $_loginFailure = 0;
 	// maximum amount of bytes a user may consume, 0 = unlimited
 	var $_quota = 0;
+	// comma separated list of undeleteable user ids
+	var $_undelUserIds = 0;
 	// Restricted access: only allow users to log in if they have an entry in
 	// the local database (irrespective of successful authentication with LDAP).
 	var $_restricted = true;
@@ -346,6 +348,7 @@ class Settings { /* {{{ */
 		$this->_passwordHistory = intval($tab["passwordHistory"]);
 		$this->_loginFailure = intval($tab["loginFailure"]);
 		$this->_quota = intval($tab["quota"]);
+		$this->_undelUserIds = strval($tab["undelUserIds"]);
 		$this->_encryptionKey = strval($tab["encryptionKey"]);
 		$this->_cookieLifetime = intval($tab["cookieLifetime"]);
 		$this->_restricted = Settings::boolVal($tab["restricted"]);
@@ -594,6 +597,7 @@ class Settings { /* {{{ */
     $this->setXMLAttributValue($node, "passwordHistory", $this->_passwordHistory);
     $this->setXMLAttributValue($node, "loginFailure", $this->_loginFailure);
     $this->setXMLAttributValue($node, "quota", $this->_quota);
+    $this->setXMLAttributValue($node, "undelUserIds", $this->_undelUserIds);
     $this->setXMLAttributValue($node, "encryptionKey", $this->_encryptionKey);
     $this->setXMLAttributValue($node, "cookieLifetime", $this->_cookieLifetime);
     $this->setXMLAttributValue($node, "restricted", $this->_restricted);
diff --git a/languages/en_GB/lang.inc b/languages/en_GB/lang.inc
index 2c02ac117..bc01bdd05 100644
--- a/languages/en_GB/lang.inc
+++ b/languages/en_GB/lang.inc
@@ -112,6 +112,7 @@ $text = array(
 'cancel' => "Cancel",
 'cannot_assign_invalid_state' => "Cannot modify an obsolete or rejected document",
 'cannot_change_final_states' => "Warning: You cannot alter status for document rejected, expired or with pending review or approval",
+'cannot_delete_user' => "Cannot delete user",
 'cannot_delete_yourself' => "Cannot delete yourself",
 'cannot_move_root' => "Error: Cannot move root folder.",
 'cannot_retrieve_approval_snapshot' => "Unable to retrieve approval status snapshot for this document version.",
@@ -764,6 +765,8 @@ $text = array(
 'settings_updateDatabase' => "Run schema update scripts on database",
 'settings_updateNotifyTime_desc' => "Users are notified about document-changes that took place within the last 'Update Notify Time' seconds",
 'settings_updateNotifyTime' => "Update Notify Time",
+'settings_undelUserIds_desc' => "Comma separated list of user ids, that cannot be deleted.",
+'settings_undelUserIds' => "Undeletable User IDs",
 'settings_versioningFileName_desc' => "The name of the versioning info file created by the backup tool",
 'settings_versioningFileName' => "Versioning FileName",
 'settings_viewOnlineFileTypes_desc' => "Files with one of the following endings can be viewed online (USE ONLY LOWER CASE CHARACTERS)",
diff --git a/op/op.Settings.php b/op/op.Settings.php
index 7f254c7a0..b8d6de77f 100644
--- a/op/op.Settings.php
+++ b/op/op.Settings.php
@@ -104,6 +104,7 @@ if ($action == "saveSettings")
   $settings->_passwordHistory = intval($_POST["passwordHistory"]);
   $settings->_loginFailure = intval($_POST["loginFailure"]);
   $settings->_quota = intval($_POST["quota"]);
+  $settings->_undelUserIds = strval($_POST["undelUserIds"]);
   $settings->_encryptionKey = strval($_POST["encryptionKey"]);
   $settings->_cookieLifetime = intval($_POST["cookieLifetime"]);
 
diff --git a/op/op.UsrMgr.php b/op/op.UsrMgr.php
index ff3ce9edb..edbf9d39a 100644
--- a/op/op.UsrMgr.php
+++ b/op/op.UsrMgr.php
@@ -135,6 +135,10 @@ else if ($action == "removeuser") {
 		UI::exitError(getMLText("admin_tools"),getMLText("invalid_user_id"));
 	}
 
+	if(in_array($userid, explode(',', $settings->_undelUserIds))) {
+		UI::exitError(getMLText("admin_tools"),getMLText("cannot_delete_user"));
+	}
+
 	/* This used to be a check if an admin is deleted. Now it checks if one
 	 * wants to delete herself.
 	 */
diff --git a/out/out.RemoveUser.php b/out/out.RemoveUser.php
index aef3a5686..fcbdd9f4f 100644
--- a/out/out.RemoveUser.php
+++ b/out/out.RemoveUser.php
@@ -33,15 +33,18 @@ if (!isset($_GET["userid"]) || !is_numeric($_GET["userid"]) || intval($_GET["use
 }
 
 $rmuser = $dms->getUser(intval($_GET["userid"]));
-
-if ($rmuser->getID()==$user->getID()) {
-	UI::exitError(getMLText("rm_user"),getMLText("access_denied"));
-}
-
 if (!is_object($rmuser)) {
 	UI::exitError(getMLText("rm_user"),getMLText("invalid_user_id"));
 }
 
+if(in_array($rmuser->getID(), explode(',', $settings->_undelUserIds))) {
+	UI::exitError(getMLText("rm_user"),getMLText("cannot_delete_user"));
+}
+
+if ($rmuser->getID()==$user->getID()) {
+	UI::exitError(getMLText("rm_user"),getMLText("cannot_delete_yourself"));
+}
+
 $allusers = $dms->getAllUsers($settings->_sortUsersInList);
 
 $tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
diff --git a/out/out.UsrMgr.php b/out/out.UsrMgr.php
index b44145dad..0ad157720 100644
--- a/out/out.UsrMgr.php
+++ b/out/out.UsrMgr.php
@@ -45,7 +45,7 @@ if(isset($_GET['userid']) && $_GET['userid']) {
 }
 
 $tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
-$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user, 'seluser'=>$seluser, 'allusers'=>$users, 'allgroups'=>$groups, 'passwordstrength'=>$settings->_passwordStrength, 'passwordexpiration'=>$settings->_passwordExpiration, 'httproot'=>$settings->_httpRoot, 'enableuserimage'=>$settings->_enableUserImage, 'workflowmode'=>$settings->_workflowMode));
+$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user, 'seluser'=>$seluser, 'allusers'=>$users, 'allgroups'=>$groups, 'passwordstrength'=>$settings->_passwordStrength, 'passwordexpiration'=>$settings->_passwordExpiration, 'httproot'=>$settings->_httpRoot, 'enableuserimage'=>$settings->_enableUserImage, 'undeluserids'=>explode(',', $settings->_undelUserIds), 'workflowmode'=>$settings->_workflowMode));
 if($view) {
 	$view->show();
 	exit;
diff --git a/views/bootstrap/class.Settings.php b/views/bootstrap/class.Settings.php
index 5ddb82a9b..84c7a6bbb 100644
--- a/views/bootstrap/class.Settings.php
+++ b/views/bootstrap/class.Settings.php
@@ -324,6 +324,10 @@ if(!is_writeable($settings->_configFilePath)) {
         <td><?php printMLText("settings_quota");?>:</td>
         <td><input type="text" name="quota" value="<?php echo $settings->_quota; ?>" size="2" /></td>
       </tr>
+      <tr title="<?php printMLText("settings_undelUserIds_desc");?>">
+        <td><?php printMLText("settings_undelUserIds");?>:</td>
+        <td><input type="text" name="undelUserIds" value="<?php echo $settings->_undelUserIds; ?>" size="32" /></td>
+      </tr>
       <tr title="<?php printMLText("settings_encryptionKey_desc");?>">
         <td><?php printMLText("settings_encryptionKey");?>:</td>
         <td><input type="text" name="encryptionKey" value="<?php echo $settings->_encryptionKey; ?>" size="32" /></td>
diff --git a/views/bootstrap/class.UsrMgr.php b/views/bootstrap/class.UsrMgr.php
index 0da8a2b30..3118e0f40 100644
--- a/views/bootstrap/class.UsrMgr.php
+++ b/views/bootstrap/class.UsrMgr.php
@@ -41,6 +41,7 @@ class SeedDMS_View_UsrMgr extends SeedDMS_Bootstrap_Style {
 		$passwordexpiration = $this->params['passwordexpiration'];
 		$httproot = $this->params['httproot'];
 		$enableuserimage = $this->params['enableuserimage'];
+		$undeluserids = $this->params['undeluserids'];
 		$workflowmode = $this->params['workflowmode'];
 
 		$this->htmlStartPage(getMLText("admin_tools"));
@@ -322,10 +323,16 @@ function showUser(selectObj) {
 	<input type="hidden" name="userid" value="<?php print $currUser->getID();?>">
 	<input type="hidden" name="action" value="edituser">
 	<table class="table-condensed">
+<?php
+	if(!in_array($currUser->getID(), $undeluserids)) {
+?>
 		<tr>
 			<td></td>
 			<td><a class="standardText btn" href="../out/out.RemoveUser.php?userid=<?php print $currUser->getID();?>"><i class="icon-remove"></i> <?php printMLText("rm_user");?></a></td>
 		</tr>
+<?php
+	}
+?>
 		<tr>
 			<td><?php printMLText("user_login");?>:</td>
 			<td><input type="text" name="login" value="<?php print htmlspecialchars($currUser->getLogin());?>"></td>