diff --git a/roles/ipa/client/tasks/sudo.yml b/roles/ipa/client/tasks/sudo.yml
index 195973b50c..350594eac4 100644
--- a/roles/ipa/client/tasks/sudo.yml
+++ b/roles/ipa/client/tasks/sudo.yml
@@ -29,6 +29,7 @@
     runasgroupcategory: "all"
   when: ipa_client_sudo_groups is defined and ipa_client_sudo_groups | length > 0
 
+## Disabled: Remove "False and" from when: to re-enable
 - name: "Give certain groups password-less sudo access to anything on host group {{ ipa_host_group }}"
   ipasudorule:
     name: "hostgroup/{{ ipa_host_group }}/nopasswd"
@@ -41,4 +42,4 @@
     runasusercategory: "all"
     runasgroupcategory: "all"
     options: "!authenticate"
-  when: ipa_client_sudo_groups_nopasswd is defined and ipa_client_sudo_groups_nopasswd | length > 0
+  when: False and ipa_client_sudo_groups_nopasswd is defined and ipa_client_sudo_groups_nopasswd | length > 0