diff --git a/desktop/Library_offacc.mk b/desktop/Library_offacc.mk
index a7f560379627..fb1a162b2b90 100644
--- a/desktop/Library_offacc.mk
+++ b/desktop/Library_offacc.mk
@@ -11,6 +11,10 @@ $(eval $(call gb_Library_Library,offacc))
 
 $(eval $(call gb_Library_use_sdk_api,offacc))
 
+$(eval $(call gb_Library_use_custom_headers,offacc,\
+       officecfg/registry \
+))
+
 $(eval $(call gb_Library_use_libraries,offacc,\
     comphelper \
     cppu \
diff --git a/desktop/source/app/appinit.cxx b/desktop/source/app/appinit.cxx
index 6eca704c7fb9..51b466c6b980 100644
--- a/desktop/source/app/appinit.cxx
+++ b/desktop/source/app/appinit.cxx
@@ -41,6 +41,8 @@
 #include <unotools/tempfile.hxx>
 #include <vcl/svapp.hxx>
 #include <unotools/pathoptions.hxx>
+
+#include <iostream>
 #include <map>
 
 using namespace ::com::sun::star::uno;
@@ -165,7 +167,7 @@ void Desktop::createAcceptor(const OUString& aAcceptString)
     }
     else
     {
-        SAL_WARN( "desktop.app", "Acceptor could not be created");
+        ::std::cerr << "UNO Remote Protocol acceptor could not be created, presumably because it has been disabled in configuration." << ::std::endl;
     }
 }
 
diff --git a/desktop/source/offacc/acceptor.cxx b/desktop/source/offacc/acceptor.cxx
index b8612f668b22..9598466d9c5b 100644
--- a/desktop/source/offacc/acceptor.cxx
+++ b/desktop/source/offacc/acceptor.cxx
@@ -23,6 +23,7 @@
 #include <com/sun/star/bridge/BridgeFactory.hpp>
 #include <com/sun/star/connection/Acceptor.hpp>
 #include <com/sun/star/uno/XNamingService.hpp>
+#include <officecfg/Office/Security.hxx>
 #include <cppuhelper/supportsservice.hxx>
 #include <sal/log.hxx>
 #include <comphelper/diagnose_ex.hxx>
@@ -240,6 +241,12 @@ extern "C" SAL_DLLPUBLIC_EXPORT css::uno::XInterface*
 desktop_Acceptor_get_implementation(
     css::uno::XComponentContext* context, css::uno::Sequence<css::uno::Any> const&)
 {
+    if (!officecfg::Office::Security::Net::AllowInsecureUNORemoteProtocol::get())
+    {
+        // this is not allowed to throw
+        SAL_WARN("desktop", "UNO Remote Protocol is disabled by configuration");
+        return nullptr;
+    }
     return cppu::acquire(new desktop::Acceptor(context));
 }
 
diff --git a/officecfg/registry/schema/org/openoffice/Office/Security.xcs b/officecfg/registry/schema/org/openoffice/Office/Security.xcs
index 4cb9073012f5..67bd4078585f 100644
--- a/officecfg/registry/schema/org/openoffice/Office/Security.xcs
+++ b/officecfg/registry/schema/org/openoffice/Office/Security.xcs
@@ -46,7 +46,7 @@
     </group>
     <group oor:name="Net">
       <info>
-        <desc>Specifies how secure hyperlinks are processed.</desc>
+        <desc>Specifies security aspects of network connections.</desc>
       </info>
       <prop oor:name="AllowInsecureProtocols" oor:type="xs:boolean" oor:nillable="false">
         <info>
@@ -54,6 +54,12 @@
         </info>
         <value>true</value>
       </prop>
+      <prop oor:name="AllowInsecureUNORemoteProtocol" oor:type="xs:boolean" oor:nillable="false">
+        <info>
+          <desc>Allow listening for unauthenticated remote code execution via soffice --accept.</desc>
+        </info>
+        <value>true</value>
+      </prop>
     </group>
   </component>
 </oor:component-schema>