Search the Community
Showing results for tags 'diagnosticprompt'.
-
Introduction On Windows 10 version 1607 and earlier during Windows 10 upgrades from one version to another, after the computer reboots to upgrade the operating system you'll see a screen similar to the below At this point you could press Shift and F10 to bring up a command prompt, which is extremely useful if you need to check a log file, verify driver installation or to do troubleshooting. The screenshot below is from Windows 10 version 1607 which was being upgraded from Windows 10 version 1511. Security changes everything However there's a downside to this, having the ability to open a command prompt in the wrong hands could mean elevation of privileges or data theft. We all know that security is a big focus with Microsoft and as a direct result of the concerns above, the diagnostic prompt ability was disabled by default in Windows 10 version 1703 and later. That's all well and good for Joe public, but what about the SCCM admin who is trying to debug a task sequence ? Fear not, help is at hand. To re-enable the Diagnostic command prompt (Shift F10 during Windows setup in an upgrade scenario) you need to modify your task sequence to set a variable, and that variable is called OSDSetupAdditionalUpgradeOptions which is described here. This variable allows us to pass command line options to Windows setup during the upgrade and that's how we'll re-enable the diagnostic command prompt, however we don't want it available to everyone, except those 'in the know', aka the SCCM admins who need more info while troubleshooting. Step 1. Set a task sequence variable To make this work you need to add a Set Task Sequence Variable step before the Upgrade Operating system step in the Upgrade Task Sequence, like so. Task Sequence Variable: OSDSetupAdditionalUpgradeOptions Value: /DiagnosticPrompt enable Step 2. Add Options to limit exposure (optional) To limit the exposure of this diagnostic command prompt to only you (or your admins), you can add an option on the step to check for a file, reg key, variable or something that works for you, in this example, you'll look for the presence of a file on C:\ called windowsnoob.txt. Note: As stated, you can use whatever method you wish to limit exposure, Mike Terril has a nice blogpost on using collection variables to achieve something similar here. Step 3. Test it ! That's it, apply the changes and optionally create a file called windowsnoob.txt on C:\ on a computer you intend to test this on. Here's the file, created by the SCCM admin who plans on troubleshooting an Upgrade. Starting the upgrade... Before the reboot you can see the check for the file presence step is here, and as the file was present, the set task sequence variable step will run and here you can see the option has been appended to the Setup.exe command line by opening C:\Windows\CCM\Logs\SMSTSLOG\smsts.log in CMTrace After rebooting into the Windows Setup portion, try pressing Shift and F10 together, if everything went ok you'll see this. So that's it, now you know how to re-enable the Diagnostic command prompt during Windows 10 1703 or later upgrades and to do it in a reasonably limited way. Related reading https://docs.microsoft.com/en-us/sccm/osd/understand/task-sequence-action-variables https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-setup-command-line-options