Disable WaaSMedicSvc using registry file or script?
Disable WaaSMedicSvc using registry file or script?
Push your script down to all desired domain members from SMS (SCCM) as a one-time script. It will execute once, then stop and remove itself. The recommended method is to generate a working .reg file, place it on all machines needing changes, and create a one-time script that imports the .reg file. No complex scripts are required here.
Thank you for your reply...
The problem I am encountering is the .reg file doesn't work. I was hoping someone could look at the script and offer corrections...
I have set the correct parameters on one of the machines, manually, then after a reboot to confirm success, I've exported the registry branch and tried to import it onto other machines and it doesn't work.
Here is the outcome of the exported registry branch. Perhaps you see something amiss or know of a more simpler way?
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc]
"DependOnService"=hex(7):72,00,70,00,63,00,73,00,73,00,00,00,00,00
"Description"="@WaaSMedicSvcImpl.dll,-101"
"DisplayName"="@WaaSMedicSvcImpl.dll,-100"
"ErrorControl"=dword:00000001
"FailureActions"=hex:84,03,00,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00
"ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,77,00,75,00,73,00,76,00,63,00,73,00,20,00,2d,00,70,00,00,00
"LaunchProtected"=dword:00000002
"ObjectName"="LocalSystem"
"RequiredPrivileges"=hex(7):53,00,65,00,54,00,63,00,62,00,50,00,72,00,69,00,76,\
00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,68,00,61,00,6e,00,\
67,00,65,00,4e,00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,\
00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,\
73,00,6f,00,6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\
00,67,00,65,00,00,00,53,00,65,00,54,00,61,00,6b,00,65,00,4f,00,77,00,6e,00,\
65,00,72,00,73,00,68,00,69,00,70,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\
00,67,00,65,00,00,00,53,00,65,00,53,00,65,00,63,00,75,00,72,00,69,00,74,00,\
79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,\
00,42,00,61,00,63,00,6b,00,75,00,70,00,50,00,72,00,69,00,76,00,69,00,6c,00,\
65,00,67,00,65,00,00,00,53,00,65,00,52,00,65,00,73,00,74,00,6f,00,72,00,65,\
00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,\
4d,00,61,00,6e,00,61,00,67,00,65,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,50,\
00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
"ServiceSidType"=dword:00000001
"Start"=dword:00000003
"Type"=dword:00000020
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
57,00,61,00,61,00,53,00,4d,00,65,00,64,00,69,00,63,00,53,00,76,00,63,00,2e,\
00,64,00,6c,00,6c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceMain"="ServiceMain"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc\Security]
"Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,00,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,48,00,03,00,00,00,00,00,14,00,9d,00,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,ff,01,0f,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\
01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
If these machines belong to the same domain, there should be no issues importing the .reg file. What exact error message appears when trying to import a known working .reg file? Are you halting all active services that might be using the impacted registry keys before attempting the import? Also, remember the correct command is "reg import <registry.reg file> not "reg load". Access permissions are important too—you need to run the reg import as local or domain administrator.
They are indeed on the same domain.
I’m beginning regedit as an admin and importing the reg file from there. I don’t encounter an error but instead receive a confirmation that the keys for HKLM:\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc were imported successfully. Yet, when inspecting the branch, there’s no modification—permissions remain full control, allowing access; this is consistent before and after a reboot (though a reboot shouldn’t be needed just to see it, for effect only).
For the batch and PowerShell approaches, I’m logged in as a local admin and either run the batch script or PowerShell as an admin.
I’m unsure if any processes or services are utilizing the reg key at the same time as my permission changes; nothing stands out, though there aren’t any errors when performing the operation manually except for a general permissions hierarchy disclaimer.
Lastly, yes—they all belong to the same domain—but this doesn’t matter since I can’t export the registry file from the same machine I’m using...
For instance, at home I manually adjusted the permissions of that specific branch, rebooted, verified the changes, restored original settings, imported the reg file through an elevated registry editor, received a success message, checked permissions again—still no change. Still full control allowed. Rebooted again, still no difference.
Try it on your own system, maybe? You’ll understand what I mean.
I might be missing something! Ugh.
I perform these actions consistently and haven't experienced this problem in more than two decades.
I'm uncertain about what to say... My experience with the windows registry since Windows for workgroups 3.11 has been limited, and this is the first time I've faced a situation where I couldn't grasp the boundaries of my actions.
My approach didn't yield results.
The operation finished without issues.
However, the permissions for SYSTEM at HKLM:\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc are still set to FullControl - Allow.
I've heard that certain registry adjustments can't be made with a simple method and must rely on Integrity Control ACLs, which is why I attempted batch and PowerShell composites.
Now I'm questioning whether this setting can be handled as I prefer—manually adjusting it for a few hosts during imaging isn't ideal—but I'm worried about the effort required, possibly up to 200 or more.
If anyone in this thread knows of a better solution, please share your advice.
And just to confirm—I'm using an exported version of the correct settings but not achieving the same outcomes when importing on the same host.
I’m being completely honest, I didn’t check the other replies and I’m unsure if any of them helped.
However, my suggestion is to back up your data and then destroy it from orbit.
You could perform a full reformat of the drive and reinstall Windows via a physical disk or USB drive.
After that, once everything is reinstalled and secured according to your preferences, apply all updates and security patches.
Then proceed through the services and disable automatic updates and related protocols.
Also, review the registry and manually adjust the start value to "4" for any services that won’t allow changes via the GUI.
I carried this out about 1.5 days ago.
I mean there might be an automatic script that can be sent to all workstations on a network using a specific protocol. I just don't know how to do it. Maybe someone with Microsoft coding skills on this forum knows how to apply policies and registry changes across the network.