![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 85%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELS%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 43%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBV%3C/text%3E%3C/svg%3E)
Dear Lucky Star,
Thank you for reaching out to the Microsoft Q&A.
Yes, it's possible to enable Remote Desktop Protocol (RDP) during the Windows 11 Out-of-Box Experience (OOBE), but it requires a specific configuration in your autounattended.xml file.
The key is to run a command that enables RDP during the OOBE System configuration pass of your unattended installation. This pass runs after Windows Setup is complete but before the user-specific setup begins, making it the perfect time to modify the system for remote access.
During OOBE, Windows is running, and the network stack is active, which allows for an RDP connection if the service is enabled and the firewall is configured correctly.
You need to add a FirstLogonCommands section within the oobeSystem pass of your autounattended.xml file. This command will enable RDP and configure the firewall to allow connections.
Here is a snippet of the XML code you would add. This should be placed within the <component name="Microsoft-Windows-Shell-Setup" ...> section for the oobeSystem pass.
<FirstLogonCommands>
<SynchronousCommand wcm:action="add">
<Order>1</Order>
<CommandLine>cmd /c "reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f"</CommandLine>
<Description>Enable RDP</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>2</Order>
<CommandLine>cmd /c "netsh advfirewall firewall set rule group="remote desktop" new enable=Yes"</CommandLine>
<Description>Allow RDP through Firewall</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>3</Order>
<CommandLine>cmd /c "reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v UserAuthentication /t REG_DWORD /d 0 /f"</CommandLine>
<Description>Disable NLA for OOBE</Description>
</SynchronousCommand>
</FirstLogonCommands>
Once your Proxmox VM boots into this customized OOBE screen, you should be able to connect to it using its IP address with an RDP client. The user will then see the OOBE prompts within the RDP session and can proceed to log in with their Entra ID (Azure AD) credentials as intended.
To assist others who might have similar questions and to help us improve our support system, we kindly encourage you to "Accept the answer" if it successfully addressed your concern. Accepting an answer lets other users know that this solution worked for you, and it also helps us track the effectiveness of our support efforts.
Best regards,
Bryan Vu | Microsoft Q&A Support Specialist