diff --git a/src/NetworkManager.conf b/src/NetworkManager.conf
index 8d08314002..1f1ed49b46 100644
--- a/src/NetworkManager.conf
+++ b/src/NetworkManager.conf
@@ -60,6 +60,18 @@
                 <deny send_destination="org.freedesktop.NetworkManager"
                        send_interface="org.freedesktop.NetworkManager"
                        send_member="SetLogging"/>
+
+                <deny send_destination="org.freedesktop.NetworkManager"
+                       send_interface="org.freedesktop.NetworkManager"
+                       send_member="Sleep"/>
+
+                <deny send_destination="org.freedesktop.NetworkManager"
+                       send_interface="org.freedesktop.NetworkManager"
+                       send_member="sleep"/>
+
+                <deny send_destination="org.freedesktop.NetworkManager"
+                       send_interface="org.freedesktop.NetworkManager"
+                       send_member="wake"/>
         </policy>
         <policy context="default">
                 <deny own="org.freedesktop.NetworkManager"/>
@@ -72,6 +84,18 @@
                        send_interface="org.freedesktop.NetworkManager"
                        send_member="SetLogging"/>
 
+                <deny send_destination="org.freedesktop.NetworkManager"
+                       send_interface="org.freedesktop.NetworkManager"
+                       send_member="Sleep"/>
+
+                <deny send_destination="org.freedesktop.NetworkManager"
+                       send_interface="org.freedesktop.NetworkManager"
+                       send_member="sleep"/>
+
+                <deny send_destination="org.freedesktop.NetworkManager"
+                       send_interface="org.freedesktop.NetworkManager"
+                       send_member="wake"/>
+
                 <!-- The org.freedesktop.NetworkManagerSettings.Connection.Secrets
                      interface is secured via PolicyKit.
                   -->
diff --git a/src/nm-manager.c b/src/nm-manager.c
index 758a0826bd..4a3e4997d9 100644
--- a/src/nm-manager.c
+++ b/src/nm-manager.c
@@ -3369,6 +3369,7 @@ _internal_sleep (NMManager *self, gboolean do_sleep)
 	g_object_notify (G_OBJECT (self), NM_MANAGER_SLEEPING);
 }
 
+#if 0
 static void
 sleep_auth_done_cb (NMAuthChain *chain,
                     GError *error,
@@ -3407,6 +3408,7 @@ sleep_auth_done_cb (NMAuthChain *chain,
 
 	nm_auth_chain_unref (chain);
 }
+#endif
 
 static void
 impl_manager_sleep (NMManager *self,
@@ -3414,10 +3416,12 @@ impl_manager_sleep (NMManager *self,
                     DBusGMethodInvocation *context)
 {
 	NMManagerPrivate *priv;
-	NMAuthChain *chain;
 	GError *error = NULL;
+#if 0
+	NMAuthChain *chain;
 	gulong sender_uid = G_MAXULONG;
 	const char *error_desc = NULL;
+#endif
 
 	g_return_if_fail (NM_IS_MANAGER (self));
 
@@ -3432,6 +3436,19 @@ impl_manager_sleep (NMManager *self,
 		return;
 	}
 
+	/* Unconditionally allow the request.  Previously it was polkit protected
+	 * but unfortunately that doesn't work for short-lived processes like
+	 * pm-utils.  It uses dbus-send without --print-reply, which quits
+	 * immediately after sending the request, and NM is unable to obtain the
+	 * sender's UID as dbus-send has already dropped off the bus.  Thus NM
+	 * fails the request.  Instead, don't validate the request, but rely on
+	 * D-Bus permissions to restrict the call to root.
+	 */
+	_internal_sleep (self, do_sleep);
+	dbus_g_method_return (context);
+	return;
+
+#if 0
 	if (!nm_auth_get_caller_uid (context, priv->dbus_mgr, &sender_uid, &error_desc)) {
 		error = g_error_new_literal (NM_MANAGER_ERROR,
 		                             NM_MANAGER_ERROR_PERMISSION_DENIED,
@@ -3457,6 +3474,7 @@ impl_manager_sleep (NMManager *self,
 
 	nm_auth_chain_set_data (chain, "sleep", GUINT_TO_POINTER (do_sleep), NULL);
 	nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_SLEEP_WAKE, TRUE);
+#endif
 }
 
 static void