Another 2 bits I posted to Twitter — noticed that there is a built-in “ms-cxh” handler that was unknown to me (CXH stands for Cloud Experience Host) and there is also its near cousin “ms-cxh-full” (which I spotted while I was looking at the Registry settings for ms-cxh).

The first one accepts a number of strings which in return launch dedicated Dialog/Wizard offering specific Windows functionality including adding new user, changing PIN, password, etc. f.ex.:

ms-cxh://SETADDNEWUSER

ms-cxh://NTHENTNGCONLY

List of available strings I found in Windows binaries:

• ms-cxh://AADPINRESETAUTH
• ms-cxh://AADSSPR
• ms-cxh://AADWEBAUTH
• ms-cxh://FRX/AAD
• ms-cxh://FRX/INCLUSIVE
• ms-cxh://FRX/INCLUSIVE?start=OobeProvisioningStatus
• ms-cxh://FRX/TEAMEDITION
• ms-cxh://FRXRDXINCLUSIVE
• ms-cxh://MOSET/AADLOCAL
• ms-cxh://MOSET/CONNECTTOWORK
• ms-cxh://mosetmamconnecttowork?mode=mdm&username=%s&servername=%s
• ms-cxh://mosetmdmconnecttowork
• ms-cxh://MOSETMSA
• ms-cxh://MOSETMSALOCAL
• ms-cxh://MSACFLPINRESET
• ms-cxh://MSACFLPINRESETSIGNIN
• ms-cxh://MSACXSIGNINAUTHONLY
• ms-cxh://MSACXSIGNINPINADD
• ms-cxh://MSACXSIGNINPINRESET
• ms-cxh://MSAPINENROLL
• ms-cxh://MSAPINRESET
• ms-cxh://MSARDX
• ms-cxh://MSASSPR
• ms-cxh://NTH
• ms-cxh://NTH/AADRECOVERY
• ms-cxh://NTHAADNGCFIXME
• ms-cxh://NTHAADNGCONLY
• ms-cxh://NTHAADNGCRESET
• ms-cxh://NTHAADNGCRESETDESTRUCTIVE
• ms-cxh://NTHAADNGCRESETNONDESTRUCTIVE
• ms-cxh://NTHAADORMDM?ngc=enabled
• ms-cxh://NTHENTNGCFIXME
• ms-cxh://NTHENTNGCONLY
• ms-cxh://NTHENTNGCRESET
• ms-cxh://NTHENTNGCRESETDESTRUCTIVE
• ms-cxh://NTHENTORMDM
• ms-cxh://NTHENTORMDM?ngc=enabled
• ms-cxh://NTHNGCUPSELL
• ms-cxh://NTHPRIVACY
• ms-cxh://RDXRACSKUINCLUSIVE
• ms-cxh://SCOOBE
• ms-cxh://SCOOBE%ws
• ms-cxh://SCOOBE/UPGRADE
• ms-cxh://SETADDLOCALONLY
• ms-cxh://SETADDNEWUSER
• ms-cxh://SETCHANGEPWD
• ms-cxh://SETPHONEPAIRING
• ms-cxh://SETPHONEPAIRING?scenarioId=SwiftKeyCloudClipboard
• ms-cxh://setsqsalocalonly
• ms-cxh://TSET/ADDFAMILY
• ms-cxh://WLT
• ms-cxh://WLTUC

When I tested ms-cxh-full – I just ran opened “ms-cxh-full://foo” from Run dialog box and it messed up the desktop of the test system by blocking any window from being visible/interactive (with some exception for Taskbar, and Taskbar previews). Interestingly, when I posted it @SoloCarry6 and @cyb3rops pointed me to some other posts on the internet where people ran “ms-cxh-full://0” and got their desktop locked. Since no one knew how to disable it, here’s a quick solution:

• Press WIN+R — this will open invisible Run dialog box
• Run “taskkill /f /im UserOOBEBroker.exe” — this will terminate the “UserOOBEBroker.exe” process.