enderman.ch
/
index
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
index/content/blog/the-windows-oobe.md

131 lines
4.4 KiB
Markdown
Raw Blame History

---
title: The hidden features of the Windows OOBE
description: The Windows 11 OOBE is a mess, but it's excellent for bulk deployment and has some hidden features and customization options!
authors: ['Enderman']
created: 2024-03-01T23:30:10Z
updated: 2024-03-02T15:10:58Z
draft: false
tags: ['windows', 'oobe', 'deployment', 'know how', 'secret features', 'protocols', 'features', 'windows 10', 'windows 11']
---
# The Windows 11 OOBE is a mess...
The OOBE (Out-of-Box Experience) is the first thing a user sees when they boot up a new Windows device.
It's the first impression of the operating system, and it's important to get it right.
At first glance, it seems to be a thing Microsoft surprisingly _has_ gotten right.
However, once you take a look under the hood, you find a mess of legacy code, hidden features and undocumented APIs...
and suddenly, you take it all back.
In this article, I aim to take a deep dive into that mess and explore some hidden features and
customization options it offers.
::card
---
icon: warning
title: Unfinished article
---
This post is a **work in progress**, please check back later for more content!
::
### The OOBE protocol
The OOBE is a web application, and the `ms-cxh://` protocol is a custom handler that defines a couple of shortcuts to
various pages, seemingly, for internal use.
The list of available protocol strings can be retrieved by scanning Windows binaries for the `ms-cxh://` occurrences.
Luckily, Hexacorn did all the heavy lifting for us and shared
his findings in [his blog post](https://go.enderman.ch/18n6n).
The protocol API is **undocumented** by Microsoft, so it's not guaranteed to work in the future.
In fact, it has already been partially removed or deprecated in Windows 11 without any notice.
Microsoft used acronyms in protocol strings, and some of them are quite cryptic, but there's nothing we can't decode.
#### Out-of-Box Experience
FRX stands for «**F**irst **R**un e**X**perience»;
RDX stands for «**R**etail **D**emo e**X**perience».
* `ms-cxh://FRX/AAD`
* `ms-cxh://FRX/INCLUSIVE`
* `ms-cxh://FRX/INCLUSIVE?start=OobeProvisioningStatus`
* `ms-cxh://FRX/TEAMEDITION`
* `ms-cxh://FRXRDXINCLUSIVE`
#### Microsoft Azure
The AAD acronym is commonly used and refers to «**A**zure **A**ctive **D**irectory»;
SSPR stands for «**S**elf-**S**ervice **P**assword **R**eset».
* `ms-cxh://AADPINRESETAUTH`
* `ms-cxh://AADSSPR`
* `ms-cxh://AADWEBAUTH`
#### Modern settings
The MOSET acronym most likely refers to «**Mo**dern **set**tings»;
MAM stands for «**M**obile **A**pplication **M**anagement».
MSA stands for «**M**icro**s**oft **A**ccount».
* `ms-cxh://MOSET/AADLOCAL`
* `ms-cxh://MOSET/CONNECTTOWORK`
* `ms-cxh://mosetmamconnecttowork?mode=mdm&username=%s&servername=%s`
* `ms-cxh://mosetmdmconnecttowork`
* `ms-cxh://MOSETMSA`
* `ms-cxh://MOSETMSALOCAL`
#### Microsoft account
CFL probably stands for «**C**hange **F**irst **L**ogon»?
* `ms-cxh://MSACFLPINRESET`
* `ms-cxh://MSACFLPINRESETSIGNIN`
* `ms-cxh://MSACXSIGNINAUTHONLY`
* `ms-cxh://MSACXSIGNINPINADD`
* `ms-cxh://MSACXSIGNINPINRESET`
* `ms-cxh://MSAPINENROLL`
* `ms-cxh://MSAPINRESET`
* `ms-cxh://MSARDX`
* `ms-cxh://MSASSPR`
#### Windows Hello for Microsoft Intune
NTH stands for «i**NT**une **H**ello»;
NGC stands for «**N**ext **G**eneration **C**redential»;
ENT stands for «**Ent**erprise»;
MDM stands for «**M**obile **D**evice **M**anagement».
* `ms-cxh://NTH`
* `ms-cxh://NTH/AADRECOVERY`
* `ms-cxh://NTHAADNGCFIXME`
* `ms-cxh://NTHAADNGCONLY`
* `ms-cxh://NTHAADNGCRESET`
* `ms-cxh://NTHAADNGCRESETDESTRUCTIVE`
* `ms-cxh://NTHAADNGCRESETNONDESTRUCTIVE`
* `ms-cxh://NTHAADORMDM?ngc=enabled`
* `ms-cxh://NTHENTNGCFIXME`
* `ms-cxh://NTHENTNGCONLY`
* `ms-cxh://NTHENTNGCRESET`
* `ms-cxh://NTHENTNGCRESETDESTRUCTIVE`
* `ms-cxh://NTHENTORMDM`
* `ms-cxh://NTHENTORMDM?ngc=enabled`
* `ms-cxh://NTHNGCUPSELL`
* `ms-cxh://NTHPRIVACY`
* `ms-cxh://RDXRACSKUINCLUSIVE`
#### Second-chance OOBE
![personalized-scoobe-test.png](/images/blog/assets/the-windows-oobe/personalized-scoobe-test.png)
* `ms-cxh://SCOOBE`
* `ms-cxh://SCOOBE%ws`
* `ms-cxh://SCOOBE/UPGRADE`
#### Cloud settings
* `ms-cxh://SETADDLOCALONLY`
* `ms-cxh://SETADDNEWUSER`
* `ms-cxh://SETCHANGEPWD`
* `ms-cxh://SETPHONEPAIRING`
* `ms-cxh://SETPHONEPAIRING?scenarioId=SwiftKeyCloudClipboard`
* `ms-cxh://setsqsalocalonly`
#### Miscellaneous
* `ms-cxh://TSET/ADDFAMILY`
* `ms-cxh://WLT`
* `ms-cxh://WLTUC`
Reference in New Issue View Git Blame Copy Permalink