diff --git a/domain/backup/backup.go b/domain/backup/backup.go
index 51d3bad3..1a31b310 100644
--- a/domain/backup/backup.go
+++ b/domain/backup/backup.go
@@ -268,7 +268,10 @@ func (b backerHandler) dmzConfig(files *[]backupItem) (err error) {
 	if err != nil {
 		return
 	}
-	*files = append(*files, backupItem{Filename: "dmz_config.json", Content: content})
+
+	if b.Spec.SystemBackup() {
+		*files = append(*files, backupItem{Filename: "dmz_config.json", Content: content})
+	}
 
 	w := ""
 	if !b.Spec.SystemBackup() {
diff --git a/domain/backup/restore.go b/domain/backup/restore.go
index 720447e3..12eda6e8 100644
--- a/domain/backup/restore.go
+++ b/domain/backup/restore.go
@@ -136,9 +136,11 @@ func (r *restoreHandler) PerformRestore(b []byte, l int64) (err error) {
 	}
 
 	// Config.
-	err = r.dmzConfig()
-	if err != nil {
-		return
+	if r.Context.GlobalAdmin {
+		err = r.dmzConfig()
+		if err != nil {
+			return
+		}
 	}
 
 	// Audit Log.
@@ -1649,8 +1651,7 @@ func (r *restoreHandler) dmzUser() (err error) {
 				err = errors.Wrap(err, fmt.Sprintf("unable to check email %s", u[i].Email))
 				return
 			}
-			// Existing userID from database overrides all incoming userID values
-			// by using remapUser().
+			// Existing userID from database overrides all incoming userID values by using remapUser().
 			if len(userID) > 0 {
 				r.MapUserID[u[i].RefID] = userID
 				insert = false