diff --git a/api/tacticalrmm/accounts/management/commands/delete_tokens.py b/api/tacticalrmm/accounts/management/commands/delete_tokens.py
index 5765b2b4..f7cd0bf1 100644
--- a/api/tacticalrmm/accounts/management/commands/delete_tokens.py
+++ b/api/tacticalrmm/accounts/management/commands/delete_tokens.py
@@ -1,10 +1,15 @@
+from django.utils import timezone as djangotime
+
 from django.core.management.base import BaseCommand
 from knox.models import AuthToken
 
 
 class Command(BaseCommand):
-    help = "Deletes all knox tokens"
+    help = "Deletes all knox web tokens"
 
     def handle(self, *args, **kwargs):
-        AuthToken.objects.all().delete()
-        self.stdout.write("All tokens have been deleted!")
+        # only delete web tokens, not any generated by the installer
+        dont_delete = djangotime.now() + djangotime.timedelta(hours=23)
+        tokens = AuthToken.objects.filter(expiry__lt=dont_delete)
+        tokens.delete()
+        self.stdout.write("All web tokens have been deleted!")