--- title: The hidden features of the Windows OOBE description: The Windows 11 OOBE is a mess, but it's excellent for bulk deployment has some hidden features and customization options! authors: ['Enderman'] created: 2024-03-01T23:30:10Z updated: 2024-03-02T15:10:58Z draft: false tags: ['windows', 'oobe', 'deployment', 'know how', 'secret features', 'protocols', 'features', 'windows 10', 'windows 11'] --- # The Windows 11 OOBE is a mess... The OOBE (Out-of-Box Experience) is the first thing a user sees when they boot up a new Windows device. It's the first impression of the operating system, and it's important to get it right. At first glance, it seems to be a thing Microsoft surprisingly _has_ gotten right. However, once you take a look under the hood, you find a mess of legacy code, hidden features and undocumented APIs... and suddenly, you take it all back. In this article, I aim to take a deep dive into that mess and explore some hidden features and customization options it offers. ::card --- icon: warning title: Unfinished article --- This post is a **work in progress**, please check back later for more content! :: ### The OOBE protocol The OOBE is a web application, and the `ms-cxh://` protocol is a custom handler that defines a couple of shortcuts to various pages, seemingly, for internal use. The list of available protocol strings can be retrieved by scanning Windows binaries for the `ms-cxh://` occurrences. Luckily, Hexacorn did all the heavy lifting for us and shared his findings in [his blog post](https://go.enderman.ch/18n6n). The protocol API is **undocumented** by Microsoft, so it's not guaranteed to work in the future. In fact, it has already been partially removed or deprecated in Windows 11 without any notice. Microsoft used acronyms in protocol strings, and some of them are quite cryptic, but there's nothing we can't decode. #### Out-of-Box Experience FRX stands for «**F**irst **R**un e**X**perience»; RDX stands for «**R**etail **D**emo e**X**perience». * `ms-cxh://FRX/AAD` * `ms-cxh://FRX/INCLUSIVE` * `ms-cxh://FRX/INCLUSIVE?start=OobeProvisioningStatus` * `ms-cxh://FRX/TEAMEDITION` * `ms-cxh://FRXRDXINCLUSIVE` #### Microsoft Azure The AAD acronym is commonly used and refers to «**A**zure **A**ctive **D**irectory»; SSPR stands for «**S**elf-**S**ervice **P**assword **R**eset». * `ms-cxh://AADPINRESETAUTH` * `ms-cxh://AADSSPR` * `ms-cxh://AADWEBAUTH` #### Modern settings The MOSET acronym most likely refers to «**Mo**dern **set**tings»; MAM stands for «**M**obile **A**pplication **M**anagement». MSA stands for «**M**icro**s**oft **A**ccount». * `ms-cxh://MOSET/AADLOCAL` * `ms-cxh://MOSET/CONNECTTOWORK` * `ms-cxh://mosetmamconnecttowork?mode=mdm&username=%s&servername=%s` * `ms-cxh://mosetmdmconnecttowork` * `ms-cxh://MOSETMSA` * `ms-cxh://MOSETMSALOCAL` #### Microsoft account CFL probably stands for «**C**hange **F**irst **L**ogon»? * `ms-cxh://MSACFLPINRESET` * `ms-cxh://MSACFLPINRESETSIGNIN` * `ms-cxh://MSACXSIGNINAUTHONLY` * `ms-cxh://MSACXSIGNINPINADD` * `ms-cxh://MSACXSIGNINPINRESET` * `ms-cxh://MSAPINENROLL` * `ms-cxh://MSAPINRESET` * `ms-cxh://MSARDX` * `ms-cxh://MSASSPR` #### Windows Hello for Microsoft Intune NTH stands for «i**NT**une **H**ello»; NGC stands for «**N**ext **G**eneration **C**redential»; ENT stands for «**Ent**erprise»; MDM stands for «**M**obile **D**evice **M**anagement». * `ms-cxh://NTH` * `ms-cxh://NTH/AADRECOVERY` * `ms-cxh://NTHAADNGCFIXME` * `ms-cxh://NTHAADNGCONLY` * `ms-cxh://NTHAADNGCRESET` * `ms-cxh://NTHAADNGCRESETDESTRUCTIVE` * `ms-cxh://NTHAADNGCRESETNONDESTRUCTIVE` * `ms-cxh://NTHAADORMDM?ngc=enabled` * `ms-cxh://NTHENTNGCFIXME` * `ms-cxh://NTHENTNGCONLY` * `ms-cxh://NTHENTNGCRESET` * `ms-cxh://NTHENTNGCRESETDESTRUCTIVE` * `ms-cxh://NTHENTORMDM` * `ms-cxh://NTHENTORMDM?ngc=enabled` * `ms-cxh://NTHNGCUPSELL` * `ms-cxh://NTHPRIVACY` * `ms-cxh://RDXRACSKUINCLUSIVE` #### Second-chance OOBE ![personalized-scoobe-test.png](/images/blog/assets/the-windows-oobe/personalized-scoobe-test.png) * `ms-cxh://SCOOBE` * `ms-cxh://SCOOBE%ws` * `ms-cxh://SCOOBE/UPGRADE` #### Cloud settings * `ms-cxh://SETADDLOCALONLY` * `ms-cxh://SETADDNEWUSER` * `ms-cxh://SETCHANGEPWD` * `ms-cxh://SETPHONEPAIRING` * `ms-cxh://SETPHONEPAIRING?scenarioId=SwiftKeyCloudClipboard` * `ms-cxh://setsqsalocalonly` #### Miscellaneous * `ms-cxh://TSET/ADDFAMILY` * `ms-cxh://WLT` * `ms-cxh://WLTUC`