Hey all. I want to share something that has been very convenient for my VM: The Windows Special Administration Console, or SAC. It’s available for Windows 10 VMs as an Optional Feature. (even in Home edition!)
To get started, make sure your VM has a Serial device attached. This is a <serial type="pty"/> device for Libvirt users.
Next, log into your VM as an Administrator and open the Optional Features settings page, search for SAC and install the EMS and SAC Toolset for Windows 10 feature.
Next, open a privileged Command Prompt and run these commands: bcdedit /ems {current} on, and bcdedit /emssettings EMSPORT:1 EMSBAUDRATE:115200 (you can lower the baudrate if you wish to)
Finally, reboot your VM and connect to its serial console. Libvirt users can run virsh console <domain> to pull it up in their terminal, or start the VM with virsh start --console <domain>. I am not sure how to do this with QEMU args, but it is possible.
You should soon be connected to a serial console with an SAC> prompt. Running the help command reveals these options:
These can be used for basic out-of-band task management, setting the date, and the best part: you can even login to a privileged command prompt, all from a Linux terminal (or physical terminal if you’re so inclined).
My experience shows that the SAC is one of the first components to start, and one of the last to die. The cmd command, however, is beholden to the Windows service sacsvr, and only works when that service is running. As far as I know however, the main SAC> console is not really a “process” that can be killed, and is more like a kernel module, so you should always have it. (I could be wrong on this)
There may be security concerns about this being used as a potential VM escape vector, and I cannot provide an educated or authoritative answer on that topic, so don’t enable it if that sort of thing concerns you. You can turn off the feature with bcdedit /ems {current} off.
I sincerely hope this helps someone, enjoy.