The ability to press Shift-F10 to open a command prompt during the out-of-box experience (OOBE) in Windows has been around for many years. But if you want to turn that off, there are two ways you can do it:
- Buy a device that ships with Windows 10 in S Mode. When Windows 10 is running in S Mode, Shift-F10 is disabled by default. You can always then “unlock” the device (getting it out of S Mode) as part of the Windows Autopilot device provisioning process, via Intune, or manually via the Microsoft Store.
- Create a file named DisableCMDRequest.TAG in the C:WindowsSetupScripts folder. With that file present, Shift-F10 will be disabled. You can ask your OEM to include that file in the preinstalled Windows 10 image that ships on the device.
Of course you will then get exactly what you ask for: no more command prompt means no more troubleshooting during the OOBE process.
Note that if you take the file route (DisableCMDRequest.TAG), you’ll find that the file is removed any time you reset the device, so if you want that file to be persisted, create a provisioning package that recreates it. (There are various techniques to do that, but running a simple PowerShell script from the PPKG is probably the easiest.)
If you are interested in a way to disable that by default, feel free to vote for one or more of the Windows Autopilot uservoice items:
- Add option to disable shift+F10 in Autopilot profile. Just one problem with this one: You would still be able to press Shift-F10 prior to connecting the device to the network.
- Disable Shift-F10 by default on Windows 10 Pro and above. I submitted this one myself, basically flipping the previous one around: Turn it off by default, let Autopilot turn it back on for troubleshooting purposes.
While I’m soliciting votes for ideas, here’s another one for you to consider:
- Require internet access during OOBE for Windows 10 Pro and above. Today you can choose not to make a network connection and as a result completely skip the Windows Autopilot provisioning process. We could disable that bypass by requiring an internet connection to continue.