diff --git a/src/cloudron.js b/src/cloudron.js
index 63131f29f..a848ec4cf 100644
--- a/src/cloudron.js
+++ b/src/cloudron.js
@@ -738,6 +738,8 @@ function migrate(options, callback) {
     assert.strictEqual(typeof options, 'object');
     assert.strictEqual(typeof callback, 'function');
 
+    if (config.isDemo()) return callback(new CloudronError(CloudronError.BAD_FIELD, 'Not allowed in demo mode'));
+
     if (!options.domain) return doMigrate(options, callback);
 
     var dnsConfig = _.pick(options, 'domain', 'provider', 'accessKeyId', 'secretAccessKey', 'region', 'endpoint');
diff --git a/src/routes/user.js b/src/routes/user.js
index 7cfcfc5bd..a6f3fff22 100644
--- a/src/routes/user.js
+++ b/src/routes/user.js
@@ -127,6 +127,7 @@ function remove(req, res, next) {
     if (req.user.id === req.params.userId) return next(new HttpError(403, 'Not allowed to remove yourself.'));
 
     user.remove(req.params.userId, auditSource(req), function (error) {
+        if (error && error.reason === UserError.BAD_FIELD) return next(new HttpError(400, error.message));
         if (error && error.reason === UserError.NOT_FOUND) return next(new HttpError(404, 'No such user'));
         if (error) return next(new HttpError(500, error));
 
diff --git a/src/user.js b/src/user.js
index 2c2891ab4..5f259e31b 100644
--- a/src/user.js
+++ b/src/user.js
@@ -26,6 +26,7 @@ exports = module.exports = {
 var assert = require('assert'),
     clients = require('./clients.js'),
     crypto = require('crypto'),
+    config = require('./config.js'),
     constants = require('./constants.js'),
     debug = require('debug')('box:user'),
     DatabaseError = require('./databaseerror.js'),
@@ -261,6 +262,8 @@ function removeUser(userId, auditSource, callback) {
     assert.strictEqual(typeof auditSource, 'object');
     assert.strictEqual(typeof callback, 'function');
 
+    if (config.isDemo() && userId === constants.DEMO_USER_ID) return callback(new UserError(UserError.BAD_FIELD, 'Not allowed in demo mode'));
+
     getUser(userId, function (error, user) {
         if (error) return callback(error);
 
@@ -346,6 +349,8 @@ function updateUser(userId, data, auditSource, callback) {
 
     if (_.isEmpty(data)) return callback();
 
+    if (config.isDemo() && userId === constants.DEMO_USER_ID) return callback(new UserError(UserError.BAD_FIELD, 'Not allowed in demo mode'));
+
     if (data.username) {
         data.username = data.username.toLowerCase();
         error = validateUsername(data.username);
@@ -442,6 +447,8 @@ function setPassword(userId, newPassword, callback) {
     var error = validatePassword(newPassword);
     if (error) return callback(new UserError(UserError.BAD_FIELD, error.message));
 
+    if (config.isDemo() && userId === constants.DEMO_USER_ID) return callback(new UserError(UserError.BAD_FIELD, 'Not allowed in demo mode'));
+
     userdb.get(userId, function (error, user) {
         if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new UserError(UserError.NOT_FOUND));
         if (error) return callback(new UserError(UserError.INTERNAL_ERROR, error));