diff --git a/request-tracker/defaults/main.yml b/request-tracker/defaults/main.yml
index 0881a4984255bc3d1e4cadfd628d4d6284370b2c..773f526f2dfc1418741c6e0a6b5a2c329b70728e 100644
--- a/request-tracker/defaults/main.yml
+++ b/request-tracker/defaults/main.yml
@@ -4,3 +4,4 @@ rt_enable_acmetool: false
 rt_enable_nginx: true
 rt_workers: 4
 rt_ldap_password: "{{ lookup('passwordstore', rt_ldappass) }}"
+rt_disallowexecutecode: true
diff --git a/request-tracker/templates/RT_SiteConfig.d/50-debconf.pm.j2 b/request-tracker/templates/RT_SiteConfig.d/50-debconf.pm.j2
index 8599a70d258dc2b2526ccbf308ff4a81dee508f8..2a0a855047b1bf72e195f5dcfdfebcf9ac157b38 100644
--- a/request-tracker/templates/RT_SiteConfig.d/50-debconf.pm.j2
+++ b/request-tracker/templates/RT_SiteConfig.d/50-debconf.pm.j2
@@ -7,7 +7,7 @@ Set($MessageBoxRichText, 0);
 Set($PreferRichText, 0);
 Set($PlainTextMono, 1);
 Set($AllowLoginPasswordAutoComplete, 1);
-Set($DisallowExecuteCode, 1);
+Set($DisallowExecuteCode, {{rt_disallowexecutecode|int}});
 Set($Organization, '{{rt_organization}}');
 
 ### Web