Can I disable WSD (Web Services for Devices) on Server 2012/R2? How?

windows-server-2012 windows-server-2012-r2 network-printer print-server

I am looking for a way to disable WSD on Server 2012 and Server 2012 R2. Basically, a number of our printers on a number of our print server have decided that using this bloody service is better than using the TCP/IP ports they were assigned, and they are changing themselves over to WSD ports which results in users being unable to print to these printers.

On Windows 2008 R2 server, I can prevent this behavior by stopping and disabling the PnP-X IP Bus Enumerator service, however, that service doesn't seem to be present in Server 2012.

The only suggestions I've come across for stopping this behavior are all sub-optimal.

  1. Turn off Network Discovery (which WDS relies on to function)
  2. Block WDS at the Firewall
  3. Disable the WDS functionality on the printers.

I'd like a way to disable this service (and only this service) at the print server, because any of the other options involve a lot more work than I'd like (2, 3) or have undesirable side-effects (1). Does anyone know of a way to do this?


I'm afraid there is no "Off"-switch for WSD specifically for Printer discovery in Windows Server

As an alternative to disabling the "Function Discovery Provider Host" service, you could change the following outbound rules' Action to Deny, in the Windows Firewall with Advanced Security:

enter image description here

This will specifically block WSD and WSDAPI discovery events

If your print servers are segregated from your printer networks, block interzone traffic on these specific ports instead:

  • TCP 5357 - WSDAPIEvents
  • TCP 5358 - WSDEvents Secure
  • UPD 3702 - WSD publishing

I don't think you need to disable WSD inbound on your Print Servers.


1) Merge this reg file:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WSDPrintDevice]
"Type"=dword:00000001
"Start"=dword:00000004
"ErrorControl"=dword:00000001
"Tag"=dword:00000028
"ImagePath"=hex(2):00,00
"DisplayName"="@WSDPrint.Inf,%WSDPrintDevice.SVCDESC%;WSD Print Support"
"Group"="Extended Base"
"Owners"=hex(7):00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WSDPrintDevice\Enum]
"Count"=dword:00000000
"NextInstance"=dword:00000000

That disables WSD print service from starting and removes the location of WSDPrint.Inf if something wants to force it to start.

2) Rename the extensions on these 3 files in your WINDOWS\INF folder to .bak :

WSDPrint.Inf
WSDPrint.PNF
WSDScDrv.inf

That prevents WSD print devices from starting.

While WSD printers are shown in Add Printer window, and it seems you can add them, WSD ports are never created, and the WSD driver for printer is not installed. All criteria satisfied. Verified in Windows Server 2012 R2.

1 Drawback: You should rename the 3 files back to their original names before doing any Windows Updates related to printing or WSD. And then change them back to .bak after patch installed successfully.


The service you want is the "Function Discovery Provider Host" (also called fdPHost). This will disable the WS-Discovery protocol. This has a side effect of disabling SSDP support as well, however.


Install the printer manually through Devices and Printers to the network. Select the option to "Add a printer using a TCP/Ip address or hostname. In the next window, make sure to change the the Device Type option to TCP/IP Device and NOT the Auto Detect option (which is generally the default). Enter the IP address of the printer and click Next. Finish the install as normal from this point. This should resolve this issue.


Here's a reg and a batch files to make this a 2 clicks operation:

https://drive.google.com/open?id=1mlx_ziiygRib9f4UkweBvAV8n-DXYNKg

disablewsdservice.reg is the registry hack given by RoelDS:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WSDPrintDevice]
"Type"=dword:00000001
"Start"=dword:00000004
"ErrorControl"=dword:00000001
"Tag"=dword:00000028
"ImagePath"=hex(2):00,00
"DisplayName"="@WSDPrint.Inf,%WSDPrintDevice.SVCDESC%;WSD Print Support"
"Group"="Extended Base"
"Owners"=hex(7):00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WSDPrintDevice\Enum]
"Count"=dword:00000000
"NextInstance"=dword:00000000

disablewsdservice.EN.bat is a batch file to take ownership of the files you need to rename before you rename them. It also ends by running the registry hack.

TAKEOWN /F %WINDIR%\INF\WSDPrint.Inf
ICACLS %WINDIR%\INF\WSDPrint.Inf /grant administrators:F
ren %WINDIR%\INF\WSDPrint.Inf WSDPrint.Inf.bak
TAKEOWN /F %WINDIR%\INF\WSDPrint.PNF
ICACLS %WINDIR%\INF\WSDPrint.PNF /grant administrators:F
ren %WINDIR%\INF\WSDPrint.PNF WSDPrint.PNF.bak
TAKEOWN /F %WINDIR%\INF\WSDScDrv.inf
ICACLS %WINDIR%\INF\WSDScDrv.inf /grant administrators:F
ren %WINDIR%\INF\WSDScDrv.inf WSDScDrv.inf.bak
disablewsdservice.reg

You need to run the batch file in a elevated (Administrator) command prompt. Use the EN file for any English version of Windows and the FR file for any French version.

You can run the batch then the reg, or the other way around it doesn't matter.

Successfully tested on W10 LTSC.

Related

SSH over VPN connection
Can't change the keyboard layout on Centos 7
How do I manually release a DHCP lease on the DHCP server itself?
non-cpu-intensive alternative to lsof?
Why should you not restore a DC that was backed up 6 months ago?
ECS cluster has no ecs instances but two ecs instances are visible in EC2
How to see debug logs for WireGuard (e.g. to see authentication attempts)
Prevent execution of Windows executables
Getting rsync to delete files from the *sender* after transfer
VMware in Linux breaks my ALT, CTRL and/or SHIFT keys. How do I fix it? [closed]
How to solve "ExpiresActive not allowed here" error message in .htaccess file?
Xen vs virtualbox?