diff --git a/bin/v-change-user-password b/bin/v-change-user-password
index 22a3d78f..a1b6a76f 100755
--- a/bin/v-change-user-password
+++ b/bin/v-change-user-password
@@ -22,6 +22,9 @@ source $VESTA/conf/vesta.conf
 #                    Verifications                         #
 #----------------------------------------------------------#
 
+if [ "$user" = "root" ]; then
+    check_result $E_FORBIDEN "Changing root password is forbiden"
+fi
 check_args '2' "$#" 'USER PASSWORD'
 is_format_valid 'user'
 is_object_valid 'user' 'USER' "$user"
diff --git a/install/vst-install-ubuntu.sh b/install/vst-install-ubuntu.sh
index 653f7fc1..21f645bd 100755
--- a/install/vst-install-ubuntu.sh
+++ b/install/vst-install-ubuntu.sh
@@ -688,6 +688,7 @@ chmod 755 /usr/bin/rssh
 mkdir -p /etc/sudoers.d
 cp -f $vestacp/sudo/admin /etc/sudoers.d/
 chmod 440 /etc/sudoers.d/admin
+sed -i "s/%admin.*ALL=(ALL).*/# sudo is limited to vesta scripts/" /etc/sudoers
 
 # Configuring system env
 echo "export VESTA='$VESTA'" > /etc/profile.d/vesta.sh
diff --git a/upd/limit_sudo.sh b/upd/limit_sudo.sh
index 4f4ac924..22572151 100755
--- a/upd/limit_sudo.sh
+++ b/upd/limit_sudo.sh
@@ -4,3 +4,5 @@ if [ -e "/etc/sudoers.d/admin" ]; then
     sed -i "s/admin.*ALL=(ALL).*/# sudo is limited to vesta scripts/" \
         /etc/sudoers.d/admin
 fi
+
+sed -i "s/%admin.*ALL=(ALL).*/# sudo is limited to vesta scripts/" /etc/sudoers