The Windows 11 OOBE is a mess...
The OOBE (Out-of-Box Experience) is the first thing a user sees when they boot up a new Windows device. It's the first impression of the operating system, and it's important to get it right. At first glance, it seems to be a thing Microsoft surprisingly has gotten right. However, once you take a look under the hood, you find a mess of legacy code, hidden features and undocumented APIs... and suddenly, you take it all back.
In this article, I aim to take a deep dive into that mess and explore some hidden features and customization options it offers.
Unfinished article
This post is a work in progress, please check back later for more content!
The OOBE protocol
The OOBE is a web application, and the ms-cxh:// protocol is a custom handler that defines a couple of shortcuts to
various pages, seemingly, for internal use.
The list of available protocol strings can be retrieved by scanning Windows binaries for the ms-cxh:// occurrences.
Luckily, Hexacorn did all the heavy lifting for us and shared
his findings in his blog post.
The protocol API is undocumented by Microsoft, so it's not guaranteed to work in the future. In fact, it has already been partially removed or deprecated in Windows 11 without any notice.
Microsoft used acronyms in protocol strings, and some of them are quite cryptic, but there's nothing we can't decode.
Out-of-Box Experience
FRX stands for «First Run eXperience»;
RDX stands for «Retail Demo eXperience».
ms-cxh://FRX/AADms-cxh://FRX/INCLUSIVEms-cxh://FRX/INCLUSIVE?start=OobeProvisioningStatusms-cxh://FRX/TEAMEDITIONms-cxh://FRXRDXINCLUSIVE
Microsoft Azure
The AAD acronym is commonly used and refers to «Azure Active Directory»;
SSPR stands for «Self-Service Password Reset».
ms-cxh://AADPINRESETAUTHms-cxh://AADSSPRms-cxh://AADWEBAUTH
Modern settings
The MOSET acronym most likely refers to «Modern settings»;
MAM stands for «Mobile Application Management».
MSA stands for «Microsoft Account».
ms-cxh://MOSET/AADLOCALms-cxh://MOSET/CONNECTTOWORKms-cxh://mosetmamconnecttowork?mode=mdm&username=%s&servername=%sms-cxh://mosetmdmconnecttoworkms-cxh://MOSETMSAms-cxh://MOSETMSALOCAL
Microsoft account
CFL probably stands for «Change First Logon»?
ms-cxh://MSACFLPINRESETms-cxh://MSACFLPINRESETSIGNINms-cxh://MSACXSIGNINAUTHONLYms-cxh://MSACXSIGNINPINADDms-cxh://MSACXSIGNINPINRESETms-cxh://MSAPINENROLLms-cxh://MSAPINRESETms-cxh://MSARDXms-cxh://MSASSPR
Windows Hello for Microsoft Intune
NTH stands for «iNTune Hello»;
NGC stands for «Next Generation Credential»;
ENT stands for «Enterprise»;
MDM stands for «Mobile Device Management».
ms-cxh://NTHms-cxh://NTH/AADRECOVERYms-cxh://NTHAADNGCFIXMEms-cxh://NTHAADNGCONLYms-cxh://NTHAADNGCRESETms-cxh://NTHAADNGCRESETDESTRUCTIVEms-cxh://NTHAADNGCRESETNONDESTRUCTIVEms-cxh://NTHAADORMDM?ngc=enabledms-cxh://NTHENTNGCFIXMEms-cxh://NTHENTNGCONLYms-cxh://NTHENTNGCRESETms-cxh://NTHENTNGCRESETDESTRUCTIVEms-cxh://NTHENTORMDMms-cxh://NTHENTORMDM?ngc=enabledms-cxh://NTHNGCUPSELLms-cxh://NTHPRIVACYms-cxh://RDXRACSKUINCLUSIVE
Second-chance OOBE
ms-cxh://SCOOBEms-cxh://SCOOBE%wsms-cxh://SCOOBE/UPGRADE
Cloud settings
ms-cxh://SETADDLOCALONLYms-cxh://SETADDNEWUSERms-cxh://SETCHANGEPWDms-cxh://SETPHONEPAIRINGms-cxh://SETPHONEPAIRING?scenarioId=SwiftKeyCloudClipboardms-cxh://setsqsalocalonly
Miscellaneous
ms-cxh://TSET/ADDFAMILYms-cxh://WLTms-cxh://WLTUC