Fixed bug in gam print|show oushareddrives that caused a trap.

Improved getting Shared Drive names from IDs when accessing Shared Drives in external workspaces.
Update Groups.md
2026-06-08 08:11:37 +00:00 · 2025-05-26 12:41:09 -07:00 · 2025-05-26 09:15:13 -07:00 · 2025-05-25 17:45:11 -07:00 · 2025-05-23 20:14:47 -07:00 · 2025-05-23 20:14:36 -07:00
26 changed files with 449 additions and 445 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -255,11 +255,9 @@ jobs:
            if [[ "$RUNNER_ARCH" == "ARM64" ]]; then
              PYEXTERNALS_PATH="arm64"
              WIX_ARCH="arm64"
-              CHOC_OPS=""
            elif [[ "$RUNNER_ARCH" == "X64" ]]; then
              PYEXTERNALS_PATH="amd64"
              WIX_ARCH="x64"
-              CHOC_OPS=""
            fi
            LD_LIBRARY_PATH="${LD_LIBRARY_PATH}:${PYTHON_SOURCE_PATH}/PCbuild/${PYEXTERNALS_PATH}"
            echo "PYTHON=${PYTHON_SOURCE_PATH}/PCbuild/${PYEXTERNALS_PATH}/python.exe" >> $GITHUB_ENV
@@ -294,8 +292,8 @@ jobs:
        if: matrix.goal == 'build' && steps.cache-python-ssl.outputs.cache-hit != 'true'
        run: |
          cd "${OPENSSL_SOURCE_PATH}"
-          # TODO: remove this once https://github.com/openssl/openssl/issues/26239 is fixed.
          if ([ "$RUNNER_OS" == "Windows" ] && [ "$RUNNER_ARCH" == "ARM64" ]); then
+            # https://github.com/openssl/openssl/issues/26239
            export CFLAGS=-DNO_INTERLOCKEDOR64
          fi
          # --libdir=lib is needed so Python can find OpenSSL libraries
--- a/src/GamCommands.txt
+++ b/src/GamCommands.txt
@@ -1862,7 +1862,7 @@ gam calendar|calendars <CalendarEntity> show events [<EventEntity>] <EventDispla
        [formatjson]
 gam calendar|calendars <CalendarEntity> print events [<EventEntity>] <EventDisplayProperty>*
        [fields <EventFieldNameList>] [showdayofweek]
-        [countsonly]
+        [countsonly [eventrowfilter]]
        [formatjson [quotechar <Character>]] [todrive <ToDriveAttribute>*]

 gam calendar <CalendarEntity> addevent <EventAttribute>+ [<EventNotificationAttribute>]
@@ -1876,7 +1876,7 @@ gam calendar <CalendarEntity> moveevent (id|eventid <EventID>)+ destination <Cal
 gam calendar <CalendarEntity> wipe
 gam calendar <CalendarEntity> printevents <EventSelectProperty>* <EventDisplayProperty>*
        [fields <EventFieldNameList>] [showdayofweek]
-        [countsonly]
+        [countsonly [eventrowfilter]]
        [formatjson [quotechar <Character>]] [todrive <ToDriveAttribute>*]

 <CalendarSettingsField> ::=
@@ -5240,7 +5240,10 @@ gam show vaultmatters|matters [matterstate <MatterStateList>]

 gam print vaultcounts [todrive <ToDriveAttributes>*]
        matter <MatterItem> corpus mail|groups
-        (accounts <EmailAddressEntity>) | (orgunit|org|ou <OrgUnitPath>) | everyone
+        [(accounts <EmailAddressEntity>) | (orgunit|org|ou <OrgUnitPath>) | everyone]
+        [(shareddrives|teamdrives (<SharedDriveIDList>|(select <FileSelector>|<CSVFileSelector>))) |
+            (rooms (<ChatSpaceList>|(select <FileSelector>|<CSVFileSelector>))) |
+            (sitesurl (<URLList>||(select <FileSelector>|<CSVFileSelector>)))]
        [scope [all_data|held_data|unprocessed_data]]
        [terms <String>] [start|starttime <Date>|<Time>] [end|endtime <Date>|<Time>] [timezone <TimeZone>]
        [excludedrafts <Boolean>]
@@ -5250,7 +5253,9 @@ gam print vaultcounts [todrive <ToDriveAttributes>*]

 gam create vaultexport|export matter <MatterItem> [name <String>] corpus calendar|drive|gemini|groups|hangouts_chat|mail|voice
        (accounts <EmailAddressEntity>) | (orgunit|org|ou <OrgUnitPath>) | everyone
-        (shareddrives|teamdrives <SharedDriveIDList>) | (rooms <RoomList>) | (sitesurl <URLList>)
+        (shareddrives|teamdrives (<SharedDriveIDList>|(select <FileSelector>|<CSVFileSelector>))) |
+            (rooms (<ChatSpaceList>|(select <FileSelector>|<CSVFileSelector>))) |
+            (sitesurl (<URLList>||(select <FileSelector>|<CSVFileSelector>)))
        [scope all_data|held_data|unprocessed_data]
        [terms <String>] [start|starttime <Date>|<Time>] [end|endtime <Date>|<Time>] [timezone <TimeZone>]
        [locationquery <StringList>] [peoplequery <StringList>] [minuswords <StringList>]
@@ -6094,7 +6099,7 @@ gam <UserTypeEntity> show events <UserCalendarEntity> [<EventEntity>] <EventDisp
        [formatjson]
 gam <UserTypeEntity> print events <UserCalendarEntity> [<EventEntity>] <EventDisplayProperty>*
        [fields <EventFieldNameList>] [showdayofweek]
-        [countsonly]
+        [countsonly [eventrowfilter]]
        [formatjson [quotechar <Character>]] [todrive <ToDriveAttribute>*]

 gam <UserTypeEntity> update calattendees <UserCalendarEntity> <EventEntity> [anyorganizer]
--- a/src/GamUpdate.txt
+++ b/src/GamUpdate.txt
@@ -1,3 +1,80 @@
+7.07.12
+
+Fixed bug in `gam print|show oushareddrives` that caused a trap.
+
+Improved getting Shared Drive names from IDs when accessing Shared Drives in external workspaces.
+
+7.07.11
+
+Updated `gam calendars <CalendarEntity> update events` and `gam <UserTypeEntity> update events <UserCalendarEntity>`
+to handle the following error:
+```
+ERROR: 400: badRequest - Bad Request
+```
+
+Updated `gam <UserTypeEntity> move drivefile` to handle the following error:
+```
+ERROR: 400: shareOutNotPermitted
+```
+
+7.07.10
+
+Updated `gam calendars <CalendarEntity> update events` and `gam <UserTypeEntity> update events <UserCalendarEntity>`
+to handle the following error:
+```
+ERROR: 400: eventTypeRestriction - Attendees cannot be added to 'fromGmail' event with this visibility setting.
+```
+
+7.07.09
+
+Updated `gam calendars <CalendarEntity> update events` and `gam <UserTypeEntity> update events <UserCalendarEntity>`
+to handle the following error:
+```
+gamlib.glgapi.serviceNotAvailable: Authentication backend unavailable.
+```
+
+7.07.08
+
+Fixed bug in `gam <UserTypeEntity> print filelist ... countsonly` that issued an
+incorrect warning message like the following when `redirect csv <FileName> multiprocess` was specified.
+```
+WARNING: csv_output_row_filter column "^name$" does not match any output columns
+```
+
+7.07.07
+
+Fixed bug in `gam report <ActivityApplictionName> ... countsonly eventrowfilter` that issued an
+incorrect warning message like the following when `redirect csv <FileName> multiprocess` was specified.
+```
+WARNING: csv_output_row_filter column "^doc_title$" does not match any output columns
+```
+
+7.07.06
+
+Added option `eventrowfilter` to `gam calendars <CalendarEntity> print events ... countsonly`
+and `gam <UserTypeEntity> print events <UserCalendarEntity> ... countsonly` that causes
+GAM to apply `config csv_output_row_filter` to the event details rather than the event counts.
+This will be useful when `<EventSelectProperty>` and `<EventMatchProperty>` do not have the
+capabilty to select the events of interest; e.g., you want to filter based on the event `created` property.
+
+Dropped the extraneous `id` column for `gam calendars <CalendarEntity> print events ... countsonly`
+and `gam <UserTypeEntity> print events <UserCalendarEntity> ... countsonly`.
+
+7.07.05
+
+Updated `gam <UserTypeEntity> move drivefile` to recognize the API error: `ERROR: 400: shareOutWarning`.
+
+7.07.04
+
+Updated `gam create vaultexport ... rooms <ChatSpaceList>` to strip `spaces/` from the Chat Space IDs.
+
+Updated `gam <UserTypeEntity> copy drivefile` to recognize the API error: `ERROR: 400: shareOutWarning`.
+
+7.07.03
+
+Updated `gam create vaultexport` to allow allow specifying a list of items in a search method
+with `shareddrives|rooms|sitesurl select <FileSelector>|<CSVFileSelector>`.
+
 7.07.02

 Fixed bug in `redirect csv ... transpose` where a CSV file with multiple rows was not properly transposed.
--- a/src/gam/init.py
+++ b/src/gam/init.py
@@ -3,7 +3,7 @@
 #
 # GAM7
 #
-# Copyright 2024, All Rights Reserved.
+# Copyright 2025, All Rights Reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -25,7 +25,7 @@ https://github.com/GAM-team/GAM/wiki
 """

 __author__ = 'GAM Team <google-apps-manager@googlegroups.com>'
-__version__ = '7.07.02'
+__version__ = '7.07.12'
 __license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)'

 #pylint: disable=wrong-import-position
@@ -8565,7 +8565,7 @@ class CSVPrintFile():
    if not self.JSONtitlesSet:
      systemErrorExit(USAGE_ERROR_RC, Msg.NO_COLUMNS_SELECTED_WITH_CSV_OUTPUT_HEADER_FILTER.format(GC.CSV_OUTPUT_HEADER_FILTER, GC.CSV_OUTPUT_HEADER_DROP_FILTER))

-  def writeCSVfile(self, list_type):
+  def writeCSVfile(self, list_type, clearRowFilters=False):

    def todriveCSVErrorExit(entityValueList, errMsg):
      systemErrorExit(ACTION_FAILED_RC, formatKeyValueList(Ind.Spaces(),
@@ -8956,11 +8956,13 @@ class CSVPrintFile():
                                                      self.oneItemPerRow,
                                                      self.showPermissionsLast,
                                                      self.zeroBlankMimeTypeCounts)))
+      if clearRowFilters:
+        GM.Globals[GM.CSVFILE][GM.REDIRECT_QUEUE].put((GM.REDIRECT_QUEUE_CLEAR_ROW_FILTERS, clearRowFilters))
      GM.Globals[GM.CSVFILE][GM.REDIRECT_QUEUE].put((GM.REDIRECT_QUEUE_DATA, self.rows))
      return
    if self.zeroBlankMimeTypeCounts:
      self.ZeroBlankMimeTypeCounts()
-    if self.rowFilter or self.rowDropFilter:
+    if not clearRowFilters and (self.rowFilter or self.rowDropFilter):
      self.CheckOutputRowFilterHeaders()
    if self.headerFilter or self.headerDropFilter:
      if not self.formatJSON:
@@ -9582,6 +9584,7 @@ def CSVFileQueueHandler(mpQueue, mpQueueStdout, mpQueueStderr, csvPF, datetimeNo
  GM.Globals[GM.DATETIME_NOW] = datetimeNow
  GC.Values[GC.TIMEZONE] = tzinfo
  GC.Values[GC.OUTPUT_TIMEFORMAT] = output_timeformat
+  clearRowFilters = False
 #  if sys.platform.startswith('win'):
 #    signal.signal(signal.SIGINT, signal.SIG_IGN)
  if multiprocessing.get_start_method() == 'spawn':
@@ -9639,9 +9642,15 @@ def CSVFileQueueHandler(mpQueue, mpQueueStdout, mpQueueStderr, csvPF, datetimeNo
      csvPF.SetTimestampColumn(GC.Values[GC.CSV_OUTPUT_TIMESTAMP_COLUMN])
      csvPF.SetHeaderFilter(GC.Values[GC.CSV_OUTPUT_HEADER_FILTER])
      csvPF.SetHeaderDropFilter(GC.Values[GC.CSV_OUTPUT_HEADER_DROP_FILTER])
-      csvPF.SetRowFilter(GC.Values[GC.CSV_OUTPUT_ROW_FILTER], GC.Values[GC.CSV_OUTPUT_ROW_FILTER_MODE])
-      csvPF.SetRowDropFilter(GC.Values[GC.CSV_OUTPUT_ROW_DROP_FILTER], GC.Values[GC.CSV_OUTPUT_ROW_DROP_FILTER_MODE])
+      if not clearRowFilters:
+        csvPF.SetRowFilter(GC.Values[GC.CSV_OUTPUT_ROW_FILTER], GC.Values[GC.CSV_OUTPUT_ROW_FILTER_MODE])
+        csvPF.SetRowDropFilter(GC.Values[GC.CSV_OUTPUT_ROW_DROP_FILTER], GC.Values[GC.CSV_OUTPUT_ROW_DROP_FILTER_MODE])
+      else:
+        csvPF.SetRowFilter([], GC.Values[GC.CSV_OUTPUT_ROW_FILTER_MODE])
+        csvPF.SetRowDropFilter([], GC.Values[GC.CSV_OUTPUT_ROW_DROP_FILTER_MODE])
      csvPF.SetRowLimit(GC.Values[GC.CSV_OUTPUT_ROW_LIMIT])
+    elif dataType == GM.REDIRECT_QUEUE_CLEAR_ROW_FILTERS:
+      clearRowFilters = dataItem
    else: #GM.REDIRECT_QUEUE_EOF
      break
  csvPF.writeCSVfile(list_type)
@@ -14348,6 +14357,7 @@ def doReport():
    else:
      if eventRowFilter:
        csvPF.SetRowFilter([], GC.Values[GC.CSV_OUTPUT_ROW_FILTER_MODE])
+        csvPF.SetRowDropFilter([], GC.Values[GC.CSV_OUTPUT_ROW_DROP_FILTER_MODE])
      if not countsSummary:
        titles = ['emailAddress']
        if countsOnly and countsByDate:
@@ -14396,7 +14406,7 @@ def doReport():
          if addCSVData:
            row.update(addCSVData)
          csvPF.WriteRow(row)
-    csvPF.writeCSVfile(f'{report.capitalize()} Activity Report')
+    csvPF.writeCSVfile(f'{report.capitalize()} Activity Report', eventRowFilter)

 # Substitute for #user#, #email#, #usernamne#
 def _substituteForUser(field, user, userName):
@@ -38592,7 +38602,8 @@ def _getCalendarListEventsDisplayProperty(myarg, calendarEventEntity):

 def initCalendarEventEntity():
  return {'list': [], 'queries': [], 'kwargs': {}, 'dict': None,
-          'matches': [], 'maxinstances': -1, 'countsOnly': False, 'showDayOfWeek': False}
+          'matches': [], 'maxinstances': -1, 'showDayOfWeek': False,
+          'countsOnly': False, 'eventRowFilter': False, 'countsOnlyTitles': []}

 def getCalendarEventEntity():
  calendarEventEntity = initCalendarEventEntity()
@@ -39254,7 +39265,8 @@ def _updateCalendarEvents(origUser, user, origCal, calIds, count, calendarEventE
      try:
        if updateFieldList:
          event = callGAPI(cal.events(), 'get',
-                           throwReasons=GAPI.CALENDAR_THROW_REASONS+[GAPI.NOT_FOUND, GAPI.DELETED, GAPI.FORBIDDEN],
+                           throwReasons=GAPI.CALENDAR_THROW_REASONS+[GAPI.NOT_FOUND, GAPI.DELETED, GAPI.FORBIDDEN, GAPI.BACKEND_ERROR],
+                           retryReasons=GAPI.SERVICE_NOT_AVAILABLE_RETRY_REASONS+[GAPI.BACKEND_ERROR],
                           calendarId=calId, eventId=eventId, fields=updateFields)
          if 'description' in updateFieldList and 'description' in event:
            body['description'] = event['description']
@@ -39284,10 +39296,11 @@ def _updateCalendarEvents(origUser, user, origCal, calIds, count, calendarEventE
            if parameters['clearResources']:
              body['attendees'] = [attendee for attendee in body['attendees'] if not attendee['email'].lower().endswith('@resource.calendar.google.com')]
        event = callGAPI(cal.events(), 'patch',
-                         throwReasons=GAPI.CALENDAR_THROW_REASONS+[GAPI.NOT_FOUND, GAPI.DELETED, GAPI.FORBIDDEN,
+                         throwReasons=GAPI.CALENDAR_THROW_REASONS+[GAPI.NOT_FOUND, GAPI.DELETED, GAPI.FORBIDDEN, GAPI.BACKEND_ERROR,
                                                                   GAPI.INVALID, GAPI.REQUIRED, GAPI.TIME_RANGE_EMPTY, GAPI.EVENT_DURATION_EXCEEDS_LIMIT,
                                                                   GAPI.REQUIRED_ACCESS_LEVEL, GAPI.CANNOT_CHANGE_ORGANIZER_OF_INSTANCE,
-                                                                   GAPI.MALFORMED_WORKING_LOCATION_EVENT],
+                                                                   GAPI.MALFORMED_WORKING_LOCATION_EVENT, GAPI.EVENT_TYPE_RESTRICTION, GAPI.BAD_REQUEST],
+                         retryReasons=GAPI.SERVICE_NOT_AVAILABLE_RETRY_REASONS+[GAPI.BACKEND_ERROR],
                         calendarId=calId, eventId=eventId, conferenceDataVersion=1, sendUpdates=parameters['sendUpdates'], supportsAttachments=True,
                         body=body, fields=pfields)
        if parameters['csvPF'] is None:
@@ -39301,8 +39314,9 @@ def _updateCalendarEvents(origUser, user, origCal, calIds, count, calendarEventE
          entityUnknownWarning(Ent.CALENDAR, calId, j, jcount)
          break
        entityActionFailedWarning([Ent.CALENDAR, calId, Ent.EVENT, eventId], str(e), j, jcount)
-      except (GAPI.forbidden, GAPI.invalid, GAPI.required, GAPI.timeRangeEmpty, GAPI.eventDurationExceedsLimit,
-              GAPI.requiredAccessLevel, GAPI.cannotChangeOrganizerOfInstance, GAPI.malformedWorkingLocationEvent) as e:
+      except (GAPI.forbidden, GAPI.backendError, GAPI.invalid, GAPI.required, GAPI.timeRangeEmpty, GAPI.eventDurationExceedsLimit,
+              GAPI.requiredAccessLevel, GAPI.cannotChangeOrganizerOfInstance, GAPI.malformedWorkingLocationEvent,
+              GAPI.eventTypeRestriction, GAPI.badRequest) as e:
        entityActionFailedWarning([Ent.CALENDAR, calId, Ent.EVENT, eventId], str(e), j, jcount)
      except GAPI.notACalendarUser:
        userCalServiceNotEnabledWarning(calId, i, count)
@@ -39637,11 +39651,25 @@ def _printShowCalendarEvents(origUser, user, origCal, calIds, count, calendarEve
        elif GC.Values[GC.CSV_OUTPUT_USERS_AUDIT] and user:
          csvPF.WriteRowNoFilter({'calendarId': calId, 'primaryEmail': user, 'id': ''})
      else:
+        if calendarEventEntity['eventRowFilter']:
+          jcount = 0
+          for event in events:
+            if calendarEventEntity['showDayOfWeek']:
+              _getEventDaysOfWeek(event)
+            row = {'calendarId': calId, 'id': event['id']}
+            if user:
+              row['primaryEmail'] = user
+            flattenJSON(event, flattened=row, timeObjects=EVENT_TIME_OBJECTS)
+            if csvPF.CheckRowTitles(row):
+              jcount += 1
        row = {'calendarId': calId}
        if user:
          row['primaryEmail'] = user
        row['events'] = jcount
-        csvPF.WriteRow(row)
+        if not calendarEventEntity['eventRowFilter']:
+          csvPF.WriteRow(row)
+        else:
+          csvPF.WriteRowNoFilter(row)

 EVENT_FIELDS_CHOICE_MAP = {
  'anyonecanaddself': 'anyoneCanAddSelf',
@@ -39879,13 +39907,17 @@ def _getCalendarPrintShowEventOptions(calendarEventEntity, entityType):
      calendarEventEntity['countsOnly'] = True
    elif myarg == 'showdayofweek':
      calendarEventEntity['showDayOfWeek'] = True
+    elif myarg == 'eventrowfilter':
+      calendarEventEntity['eventRowFilter'] = True
    else:
      FJQC.GetFormatJSONQuoteChar(myarg, True)
-  if calendarEventEntity['countsOnly']:
+  if calendarEventEntity['countsOnly'] and not calendarEventEntity['eventRowFilter']:
    fieldsList = ['id']
  if csvPF:
    if calendarEventEntity['countsOnly']:
+      csvPF.RemoveTitles(['id'])
      csvPF.AddTitles(['events'])
+      calendarEventEntity['countsOnlyTitles'] = csvPF.titlesList[:]
    elif not FJQC.formatJSON and not fieldsList:
      csvPF.AddSortTitles(EVENT_PRINT_ORDER)
  _addEventEntitySelectFields(calendarEventEntity, fieldsList)
@@ -39893,17 +39925,23 @@ def _getCalendarPrintShowEventOptions(calendarEventEntity, entityType):

 # gam calendars <CalendarEntity> print events <EventEntity> <EventDisplayProperties>*
 #	[fields <EventFieldNameList>] [showdayofweek]
-#	[countsonly] [formatjson [quotechar <Character>]] [todrive <ToDriveAttribute>*]
+#	[countsonly [eventrowfilter]]
+#	[formatjson [quotechar <Character>]] [todrive <ToDriveAttribute>*]
 # gam calendars <CalendarEntity> show events <EventEntity> <EventDisplayProperties>*
 #	[fields <EventFieldNameList>] [showdayofweek]
-#	[countsonly] [formatjson]
+#	[countsonly]
+#	[formatjson]
 def doCalendarsPrintShowEvents(calIds):
  calendarEventEntity = getCalendarEventEntity()
  csvPF, FJQC, fieldsList = _getCalendarPrintShowEventOptions(calendarEventEntity, Ent.CALENDAR)
  _printShowCalendarEvents(None, None, None, calIds, len(calIds), calendarEventEntity,
                           csvPF, FJQC, fieldsList)
  if csvPF:
-    csvPF.writeCSVfile('Calendar Events')
+    if calendarEventEntity['countsOnly'] and calendarEventEntity['eventRowFilter']:
+      csvPF.SetTitles(calendarEventEntity['countsOnlyTitles'])
+      csvPF.writeCSVfile('Calendar Events', True)
+    else:
+      csvPF.writeCSVfile('Calendar Events')

 # <CalendarSettings> ::==
 #	[description <String>] [location <String>] [summary <String>] [timezone <TimeZone>]
@@ -40745,6 +40783,8 @@ def _showVaultExport(matterNameId, export, cd, FJQC, k=0, kcount=0):
 VAULT_SEARCH_METHODS_MAP = {
  'account': 'ACCOUNT',
  'accounts': 'ACCOUNT',
+  'chatspace': 'ROOM',
+  'chatspaces': 'ROOM',
  'entireorg': 'ENTIRE_ORG',
  'everyone': 'ENTIRE_ORG',
  'org': 'ORG_UNIT',
@@ -40845,6 +40885,12 @@ VAULT_QUERY_ARGS = [
  ] + list(VAULT_SEARCH_METHODS_MAP.keys())

 def _buildVaultQuery(myarg, query, corpusArgumentMap):
+  def _getQueryList(obNameList):
+    itemList = getString(obNameList)
+    if itemList != 'select':
+      return itemList.replace(',', ' ').split()
+    return getEntityList(obNameList)
+
  if not query:
    query['dataScope'] = 'ALL_DATA'
  if myarg == 'corpus':
@@ -40860,11 +40906,15 @@ def _buildVaultQuery(myarg, query, corpusArgumentMap):
    elif searchMethod == 'ORG_UNIT':
      query['orgUnitInfo'] = {'orgUnitId': getOrgUnitId()[1]}
    elif searchMethod == 'SHARED_DRIVE':
-      query['sharedDriveInfo'] = {'sharedDriveIds': getString(Cmd.OB_SHAREDDRIVE_ID_LIST).replace(',', ' ').split()}
+      query['sharedDriveInfo'] = {'sharedDriveIds': _getQueryList(Cmd.OB_SHAREDDRIVE_ID_LIST)}
    elif searchMethod == 'ROOM':
-      query['hangoutsChatInfo'] = {'roomId': getString(Cmd.OB_ROOM_LIST).replace(',', ' ').split()}
+      roomIds = _getQueryList(Cmd.OB_CHAT_SPACE_LIST)
+      for i, roomId in enumerate(roomIds):
+        if roomId.startswith('spaces/') or roomId.startswith('space/'):
+          _, roomIds[i] = roomId.split('/', 1)
+      query['hangoutsChatInfo'] = {'roomId': roomIds}
    elif searchMethod == 'SITES_URL':
-      query['sitesUrlInfo'] = {'urls': getString(Cmd.OB_URL_LIST).replace(',', ' ').split()}
+      query['sitesUrlInfo'] = {'urls': _getQueryList(Cmd.OB_URL_LIST)}
  elif myarg == 'scope':
    query['dataScope'] = getChoice(VAULT_EXPORT_DATASCOPE_MAP, mapChoice=True)
  elif myarg == 'terms':
@@ -40922,7 +40972,9 @@ def _validateVaultQuery(body, corpusArgumentMap):

 # gam create vaultexport|export matter <MatterItem> [name <String>] corpus calendar|drive|gemini|groups|hangouts_chat|mail|voice
 #	(accounts <EmailAddressEntity>) | (orgunit|org|ou <OrgUnitPath>) | everyone
-#	(shareddrives|teamdrives <TeamDriveIDList>) | (rooms <RoomList>) | (sitesurl <URLList>)
+#	(shareddrives|teamdrives (<SharedDriveIDList>|(select <FileSelector>|<CSVFileSelector>))) |
+#	    (rooms (<ChatSpaceList>|(select <FileSelector>|<CSVFileSelector>))) |
+#	    (sitesurl (<URLList>||(select <FileSelector>|<CSVFileSelector>)))
 #	[scope <all_data|held_data|unprocessed_data>]
 #	[terms <String>] [start|starttime <Date>|<Time>] [end|endtime <Date>|<Time>] [timezone <TimeZone>]
 #	[locationquery <StringList>] [peoplequery <StringList>] [minuswords <StringList>]
@@ -41969,22 +42021,21 @@ def printShowUserVaultHolds(entityList):
  else:
    printKeyValueList(['Total Holds', totalHolds])

-def _cleanVaultQuery(query, cd):
+def _cleanVaultQuery(query, cd, drive):
  if 'query' in query:
-    if cd is not None:
-      if 'orgUnitInfo' in query['query']:
-        query['query']['orgUnitInfo']['orgUnitPath'] = convertOrgUnitIDtoPath(cd, query['query']['orgUnitInfo']['orgUnitId'])
-      if 'sharedDriveInfo' in query['query']:
-        query['query']['sharedDriveInfo']['sharedDriveNames'] = []
-        for sharedDriveId in query['query']['sharedDriveInfo']['sharedDriveIds']:
-          query['query']['sharedDriveInfo']['sharedDriveNames'].append(_getSharedDriveNameFromId(sharedDriveId))
+    if cd is not None and 'orgUnitInfo' in query['query']:
+      query['query']['orgUnitInfo']['orgUnitPath'] = convertOrgUnitIDtoPath(cd, query['query']['orgUnitInfo']['orgUnitId'])
+    if drive is not None and 'sharedDriveInfo' in query['query']:
+      query['query']['sharedDriveInfo']['sharedDriveNames'] = []
+      for sharedDriveId in query['query']['sharedDriveInfo']['sharedDriveIds']:
+        query['query']['sharedDriveInfo']['sharedDriveNames'].append(_getSharedDriveNameFromId(drive, sharedDriveId, False))
    query['query'].pop('searchMethod', None)
    query['query'].pop('teamDriveInfo', None)

 VAULT_QUERY_TIME_OBJECTS = {'createTime', 'endTime', 'startTime', 'versionDate'}

-def _showVaultQuery(matterNameId, query, cd, FJQC, k=0, kcount=0):
-  _cleanVaultQuery(query, cd)
+def _showVaultQuery(matterNameId, query, cd, drive, FJQC, k=0, kcount=0):
+  _cleanVaultQuery(query, cd, drive)
  if FJQC is not None and FJQC.formatJSON:
    printLine(json.dumps(cleanJSON(query, timeObjects=VAULT_QUERY_TIME_OBJECTS), ensure_ascii=False, sort_keys=False))
    return
@@ -42016,7 +42067,7 @@ def doInfoVaultQuery():
    queryId, queryName, queryNameId = convertQueryNameToID(v, getString(Cmd.OB_QUERY_ITEM), matterId, matterNameId)
  else:
    queryName = getString(Cmd.OB_QUERY_ITEM)
-  cd = None
+  cd = drive = None
  fieldsList = []
  FJQC = FormatJSONQuoteChar()
  while Cmd.ArgumentsRemaining():
@@ -42026,8 +42077,8 @@ def doInfoVaultQuery():
      queryId, queryName, queryNameId = convertQueryNameToID(v, queryName, matterId, matterNameId)
    elif myarg == 'shownames':
      cd = buildGAPIObject(API.DIRECTORY)
-      _, GM.Globals[GM.ADMIN_DRIVE] = buildGAPIServiceObject(API.DRIVE3, _getAdminEmail())
-      if GM.Globals[GM.ADMIN_DRIVE] is None:
+      _, drive = buildGAPIServiceObject(API.DRIVE3, _getAdminEmail())
+      if drive is None:
        return
    elif getFieldsList(myarg, VAULT_QUERY_FIELDS_CHOICE_MAP, fieldsList, initialField=['savedQueryId', 'displayName']):
      pass
@@ -42038,7 +42089,7 @@ def doInfoVaultQuery():
    query = callGAPI(v.matters().savedQueries(), 'get',
                    throwReasons=[GAPI.NOT_FOUND, GAPI.BAD_REQUEST, GAPI.FORBIDDEN, GAPI.INVALID_ARGUMENT],
                    matterId=matterId, savedQueryId=queryId, fields=fields)
-    _showVaultQuery(matterNameId, query, cd, FJQC)
+    _showVaultQuery(matterNameId, query, cd, drive, FJQC)
  except (GAPI.notFound, GAPI.badRequest, GAPI.forbidden, GAPI.invalidArgument) as e:
    entityActionFailedWarning([Ent.VAULT_MATTER, matterNameId, Ent.VAULT_QUERY, queryNameId], str(e))

@@ -42055,7 +42106,7 @@ def doPrintShowVaultQueries():
  csvPF = CSVPrintFile(PRINT_VAULT_QUERIES_TITLES, 'sortall') if Act.csvFormat() else None
  FJQC = FormatJSONQuoteChar(csvPF)
  matters = []
-  cd = None
+  cd = drive = None
  fieldsList = []
  while Cmd.ArgumentsRemaining():
    myarg = getArgument()
@@ -42065,8 +42116,8 @@ def doPrintShowVaultQueries():
      matters = shlexSplitList(getString(Cmd.OB_MATTER_ITEM_LIST))
    elif myarg == 'shownames':
      cd = buildGAPIObject(API.DIRECTORY)
-      _, GM.Globals[GM.ADMIN_DRIVE] = buildGAPIServiceObject(API.DRIVE3, _getAdminEmail())
-      if GM.Globals[GM.ADMIN_DRIVE] is None:
+      _, drive = buildGAPIServiceObject(API.DRIVE3, _getAdminEmail())
+      if drive is None:
        return
    elif getFieldsList(myarg, VAULT_QUERY_FIELDS_CHOICE_MAP, fieldsList, initialField=['savedQueryId', 'displayName']):
      pass
@@ -42128,11 +42179,11 @@ def doPrintShowVaultQueries():
      k = 0
      for query in queries:
        k += 1
-        _showVaultQuery(matterNameId, query, cd, FJQC, k, kcount)
+        _showVaultQuery(matterNameId, query, cd, drive, FJQC, k, kcount)
      Ind.Decrement()
    else:
      for query in queries:
-        _cleanVaultQuery(query, cd)
+        _cleanVaultQuery(query, cd, drive)
        row = flattenJSON(query, flattened={'matterId': matterId, 'matterName': matterName}, timeObjects=VAULT_QUERY_TIME_OBJECTS)
        if not FJQC.formatJSON:
          csvPF.WriteRowTitles(row)
@@ -42480,6 +42531,9 @@ PRINT_VAULT_COUNTS_TITLES = ['account', 'count', 'error']
 # gam print vaultcounts [todrive <ToDriveAttributes>*]
 #	matter <MatterItem> corpus mail|groups
 #	(accounts <EmailAddressEntity>) | (orgunit|org|ou <OrgUnitPath>) | everyone
+#	(shareddrives|teamdrives (<SharedDriveIDList>|(select <FileSelector>|<CSVFileSelector>))) |
+#	    (rooms (<ChatSpaceList>|(select <FileSelector>|<CSVFileSelector>))) |
+#	    (sitesurl (<URLList>||(select <FileSelector>|<CSVFileSelector>)))
 #	[scope <all_data|held_data|unprocessed_data>]
 #	[terms <String>] [start|starttime <Date>|<Time>] [end|endtime <Date>|<Time>] [timezone <TimeZone>]
 #	[excludedrafts <Boolean>]
@@ -51354,10 +51408,12 @@ def infoCalendarEvents(users):

 # gam <UserTypeEntity> print events <UserCalendarEntity> <EventEntity> <EventDisplayProperties>*
 #	[fields <EventFieldNameList>] [showdayofweek]
-#	[countsonly] [formatjson [quotechar <Character>]] [todrive <ToDriveAttribute>*]
+#	[countsonly [eventrowfilter]]
+#	[formatjson [quotechar <Character>]] [todrive <ToDriveAttribute>*]
 # gam <UserTypeEntity> show events <UserCalendarEntity> <EventEntity> <EventDisplayProperties>*
 #	[fields <EventFieldNameList>] [showdayofweek]
-#	[countsonly] [formatjson]
+#	[countsonly]]
+#	[formatjson]
 def printShowCalendarEvents(users):
  calendarEntity = getUserCalendarEntity()
  calendarEventEntity = getCalendarEventEntity()
@@ -51375,7 +51431,11 @@ def printShowCalendarEvents(users):
                             csvPF, FJQC, fieldsList)
    Ind.Decrement()
  if csvPF:
-    csvPF.writeCSVfile('Calendar Events')
+    if calendarEventEntity['countsOnly'] and calendarEventEntity['eventRowFilter']:
+      csvPF.SetTitles(calendarEventEntity['countsOnlyTitles'])
+      csvPF.writeCSVfile('Calendar Events', True)
+    else:
+      csvPF.writeCSVfile('Calendar Events')

 def getStatusEventDateTime(dateType, dateList):
  if dateType == 'timerange':
@@ -52386,20 +52446,15 @@ def _convertSharedDriveNameToId(drive, user, i, count, fileIdEntity, useDomainAd
                                                                 ','.join([td['id'] for td in tdlist])), i, count)
  return False

-def _getSharedDriveNameFromId(sharedDriveId):
+def _getSharedDriveNameFromId(drive, sharedDriveId, useDomainAdminAccess=False):
  sharedDriveName = GM.Globals[GM.MAP_SHAREDDRIVE_ID_TO_NAME].get(sharedDriveId)
  if not sharedDriveName:
-    if not GM.Globals[GM.ADMIN_DRIVE]:
-      _, GM.Globals[GM.ADMIN_DRIVE] = buildGAPIServiceObject(API.DRIVE3, _getAdminEmail())
-    if GM.Globals[GM.ADMIN_DRIVE]:
-      try:
-        sharedDriveName = callGAPI(GM.Globals[GM.ADMIN_DRIVE].drives(), 'get',
-                                   throwReasons=GAPI.DRIVE_USER_THROW_REASONS+[GAPI.NOT_FOUND],
-                                   useDomainAdminAccess=True,
-                                   driveId=sharedDriveId, fields='name')['name']
-      except (GAPI.notFound, GAPI.serviceNotAvailable, GAPI.authError, GAPI.domainPolicy):
-        sharedDriveName = TEAM_DRIVE
-    else:
+    try:
+      sharedDriveName = callGAPI(drive.drives(), 'get',
+                                 throwReasons=GAPI.DRIVE_USER_THROW_REASONS+[GAPI.NOT_FOUND],
+                                 useDomainAdminAccess=useDomainAdminAccess,
+                                 driveId=sharedDriveId, fields='name')['name']
+    except (GAPI.notFound, GAPI.serviceNotAvailable, GAPI.authError, GAPI.domainPolicy):
      sharedDriveName = TEAM_DRIVE
    GM.Globals[GM.MAP_SHAREDDRIVE_ID_TO_NAME][sharedDriveId] = sharedDriveName
  return sharedDriveName
@@ -52412,7 +52467,7 @@ def _getDriveFileNameFromId(drive, fileId, combineTitleId=True, useDomainAdminAc
    if result:
      fileName = result['name']
      if (result['mimeType'] == MIMETYPE_GA_FOLDER) and result.get('driveId') and (result['name'] == TEAM_DRIVE):
-        fileName = _getSharedDriveNameFromId(result['driveId'])
+        fileName = _getSharedDriveNameFromId(drive, result['driveId'])
      if combineTitleId:
        fileName += '('+fileId+')'
      return (fileName, _getEntityMimeType(result), result['mimeType'])
@@ -53494,7 +53549,7 @@ def getFilePaths(drive, fileTree, initialResult, filePathInfo, addParentsToTree=
                 fullpath=False, showDepth=False, folderPathOnly=False):
  def _getParentName(result):
    if (result['mimeType'] == MIMETYPE_GA_FOLDER) and result.get('driveId') and (result['name'] == TEAM_DRIVE):
-      parentName = _getSharedDriveNameFromId(result['driveId'])
+      parentName = _getSharedDriveNameFromId(drive, result['driveId'])
      if parentName != TEAM_DRIVE:
        return f'{SHARED_DRIVES}{filePathInfo["delimiter"]}{parentName}'
    return result['name']
@@ -54193,9 +54248,9 @@ def showFileInfo(users):
        driveId = result.get('driveId')
        if driveId:
          if result['mimeType'] == MIMETYPE_GA_FOLDER and result['name'] == TEAM_DRIVE:
-            result['name'] = _getSharedDriveNameFromId(driveId)
+            result['name'] = _getSharedDriveNameFromId(drive, driveId)
          if DFF.showSharedDriveNames:
-            result['driveName'] = _getSharedDriveNameFromId(driveId)
+            result['driveName'] = _getSharedDriveNameFromId(drive, driveId)
        if showNoParents:
          result.setdefault('parents', [])
        if getPermissionsForSharedDrives and driveId and 'permissions' not in result:
@@ -54883,7 +54938,7 @@ def extendFileTreeParents(drive, fileTree, fields):
          result['parents'] = [ORPHANS] if result.get('ownedByMe', False) and 'sharedWithMeTime' not in result else [SHARED_WITHME]
        else:
          if result['name'] == TEAM_DRIVE:
-            result['name'] = _getSharedDriveNameFromId(result['driveId'])
+            result['name'] = _getSharedDriveNameFromId(drive, result['driveId'])
          result['parents'] = [SHARED_DRIVES] if 'sharedWithMeTime' not in result else [SHARED_WITHME]
      fileTree[fileId]['info'] = result
      fileTree[fileId]['info']['noDisplay'] = True
@@ -55628,7 +55683,7 @@ def printFileList(users):
    if not pmselect and 'permissions' in fileInfo:
      fileInfo['permissions'] = DLP.GetFileMatchingPermission(fileInfo)
    if DFF.showSharedDriveNames and driveId:
-      fileInfo['driveName'] = _getSharedDriveNameFromId(driveId)
+      fileInfo['driveName'] = _getSharedDriveNameFromId(drive, driveId)
    if filepath:
      if not FJQC.formatJSON or not addPathsToJSON:
        addFilePathsToRow(drive, fileTree, fileInfo, filePathInfo, csvPF, row,
@@ -56151,6 +56206,7 @@ def printFileList(users):
            summaryMimeTypeInfo[mimeType]['size'] += mtinfo['size']
        if summary != FILECOUNT_SUMMARY_ONLY:
          writeMimeTypeCountsRow(user, 'Various', 'Various', mimeTypeInfo)
+  titlePrefix = f'{Cmd.Argument(GM.Globals[GM.ENTITY_CL_START])} {Cmd.Argument(GM.Globals[GM.ENTITY_CL_START]+1)} ' if GM.Globals[GM.CSVFILE][GM.REDIRECT_QUEUE] is None else ''
  if not countsOnly:
    if not csvPF.rows:
      setSysExitRC(NO_ENTITIES_FOUND_RC)
@@ -56159,22 +56215,14 @@ def printFileList(users):
    else:
      if 'JSON' in csvPF.JSONtitlesList:
        csvPF.MoveJSONTitlesToEnd(['JSON'])
-    if GM.Globals[GM.CSVFILE][GM.REDIRECT_QUEUE] is None:
-      csvPF.writeCSVfile(f'{Cmd.Argument(GM.Globals[GM.ENTITY_CL_START])} {Cmd.Argument(GM.Globals[GM.ENTITY_CL_START]+1)} Drive Files')
-    else:
-      csvPF.writeCSVfile('Drive Files')
+    csvPF.writeCSVfile(f'{titlePrefix}Drive Files')
  else:
    if not csvPFco.rows:
      setSysExitRC(NO_ENTITIES_FOUND_RC)
    if summary != FILECOUNT_SUMMARY_NONE:
      writeMimeTypeCountsRow(summaryUser, 'Various', 'Various', summaryMimeTypeInfo)
    csvPFco.todrive = csvPF.todrive
-    if not countsRowFilter:
-      csvPFco.SetRowFilter([], GC.Values[GC.CSV_OUTPUT_ROW_FILTER_MODE])
-    if GM.Globals[GM.CSVFILE][GM.REDIRECT_QUEUE] is None:
-      csvPFco.writeCSVfile(f'{Cmd.Argument(GM.Globals[GM.ENTITY_CL_START])} {Cmd.Argument(GM.Globals[GM.ENTITY_CL_START]+1)} Drive File Counts')
-    else:
-      csvPFco.writeCSVfile('Drive File Counts')
+    csvPFco.writeCSVfile(f'{titlePrefix}Drive File Counts', not countsRowFilter)

 FILECOMMENTS_FIELDS_CHOICE_MAP = {
  'action': 'action',
@@ -56505,7 +56553,7 @@ def printShowFilePaths(users):
        driveId = result.get('driveId')
        if driveId:
          if result['mimeType'] == MIMETYPE_GA_FOLDER and result['name'] == TEAM_DRIVE:
-            result['name'] = _getSharedDriveNameFromId(driveId)
+            result['name'] = _getSharedDriveNameFromId(drive, driveId)
            if returnPathOnly:
              if fullpath:
                writeStdout(f'{SHARED_DRIVES}/{result["name"]}\n')
@@ -56595,7 +56643,7 @@ def printFileParentTree(users):
              driveId = result.get('driveId')
              if driveId:
                if result['mimeType'] == MIMETYPE_GA_FOLDER and result['name'] == TEAM_DRIVE:
-                  result['name'] = _getSharedDriveNameFromId(driveId)
+                  result['name'] = _getSharedDriveNameFromId(drive, driveId)
                  result['isRoot'] = True
            result['parents'] = ['']
            fileList.append(result)
@@ -56832,7 +56880,7 @@ def printShowFileCounts(users):
    if not drive:
      continue
    sharedDriveId = fileIdEntity.get('shareddrive', {}).get('driveId', '')
-    sharedDriveName = _getSharedDriveNameFromId(sharedDriveId) if sharedDriveId else ''
+    sharedDriveName = _getSharedDriveNameFromId(drive, sharedDriveId) if sharedDriveId else ''
    mimeTypeInfo = {}
    userLastModification = _initLastModification()
    gettingEntity = _getGettingEntity(user, fileIdEntity)
@@ -56977,7 +57025,7 @@ def printShowDrivelastModifications(users):
    if not drive:
      continue
    sharedDriveId = fileIdEntity.get('shareddrive', {}).get('driveId', '')
-    sharedDriveName = _getSharedDriveNameFromId(sharedDriveId) if sharedDriveId else ''
+    sharedDriveName = _getSharedDriveNameFromId(drive, sharedDriveId) if sharedDriveId else ''
    userLastModification = _initLastModification()
    gettingEntity = _getGettingEntity(user, fileIdEntity)
    printGettingAllEntityItemsForWhom(Ent.DRIVE_FILE_OR_FOLDER, gettingEntity, i, count)
@@ -57160,7 +57208,7 @@ def printDiskUsage(users):
          includeOwner = False
          csvPF.RemoveTitles(['Owner', 'ownedByMe'])
          if topFolder['name'] == TEAM_DRIVE and not topFolder.get('parents'):
-            topFolder['name'] = _getSharedDriveNameFromId(driveId)
+            topFolder['name'] = _getSharedDriveNameFromId(drive, driveId)
            topFolder['path'] = f'{SHARED_DRIVES}{pathDelimiter}{topFolder["name"]}'
          else:
            topFolder['path'] = topFolder['name']
@@ -57600,7 +57648,7 @@ def printShowFileTree(users):
                                   fileId=fileId, fields=fields, supportsAllDrives=True)
          if (fileEntryInfo['mimeType'] == MIMETYPE_GA_FOLDER and fileEntryInfo.get('driveId') and
              fileEntryInfo['name'] == TEAM_DRIVE and not fileEntryInfo.get('parents', [])):
-            fileEntryInfo['name'] = f"{SHARED_DRIVES}/{_getSharedDriveNameFromId(fileId)}"
+            fileEntryInfo['name'] = f"{SHARED_DRIVES}/{_getSharedDriveNameFromId(drive, fileId)}"
          if stripCRsFromName:
            fileEntryInfo['name'] = _stripControlCharsFromName(fileEntryInfo['name'])
          if buildTree:
@@ -59241,7 +59289,7 @@ def _getCopyMoveParentInfo(drive, user, i, count, j, jcount, newParentId, statis
        result['destParentType'] = DEST_PARENT_MYDRIVE_FOLDER
    else:
      if result['name'] == TEAM_DRIVE and not result.get('parents', []):
-        result['name'] = _getSharedDriveNameFromId(result['driveId'])
+        result['name'] = _getSharedDriveNameFromId(drive, result['driveId'])
        result['destParentType'] = DEST_PARENT_SHAREDDRIVE_ROOT
      else:
        result['destParentType'] = DEST_PARENT_SHAREDDRIVE_FOLDER
@@ -59511,7 +59559,8 @@ def copyDriveFile(users):
                        throwReasons=GAPI.DRIVE_USER_THROW_REASONS+[GAPI.FORBIDDEN, GAPI.INSUFFICIENT_PERMISSIONS, GAPI.INSUFFICIENT_PARENT_PERMISSIONS,
                                                                    GAPI.INVALID, GAPI.BAD_REQUEST, GAPI.FILE_NOT_FOUND, GAPI.UNKNOWN_ERROR,
                                                                    GAPI.STORAGE_QUOTA_EXCEEDED, GAPI.TEAMDRIVES_SHARING_RESTRICTION_NOT_ALLOWED,
-                                                                    GAPI.TEAMDRIVE_FILE_LIMIT_EXCEEDED, GAPI.TEAMDRIVE_HIERARCHY_TOO_DEEP, GAPI.SHORTCUT_TARGET_INVALID],
+                                                                    GAPI.TEAMDRIVE_FILE_LIMIT_EXCEEDED, GAPI.TEAMDRIVE_HIERARCHY_TOO_DEEP,
+                                                                    GAPI.SHORTCUT_TARGET_INVALID, GAPI.SHARE_OUT_WARNING],
                        body=body, fields='id', supportsAllDrives=True)
      Act.Set(Act.CREATE_SHORTCUT)
      entityModifierItemValueListActionPerformed(kvList, Act.MODIFIER_IN,
@@ -59522,7 +59571,8 @@ def copyDriveFile(users):
    except (GAPI.forbidden, GAPI.insufficientFilePermissions, GAPI.insufficientParentPermissions,
            GAPI.invalid, GAPI.badRequest, GAPI.fileNotFound, GAPI.unknownError,
            GAPI.storageQuotaExceeded, GAPI.teamDrivesSharingRestrictionNotAllowed,
-            GAPI.teamDriveFileLimitExceeded, GAPI.teamDriveHierarchyTooDeep, GAPI.shortcutTargetInvalid) as e:
+            GAPI.teamDriveFileLimitExceeded, GAPI.teamDriveHierarchyTooDeep,
+            GAPI.shortcutTargetInvalid, GAPI.shareOutWarning) as e:
      entityActionFailedWarning(kvList+[Ent.DRIVE_FILE_SHORTCUT, childName], str(e), k, kcount)
      _incrStatistic(statistics, STAT_FILE_FAILED)

@@ -59655,7 +59705,7 @@ def copyDriveFile(users):
            result = callGAPI(drive.files(), 'copy',
                              bailOnInternalError=True,
                              throwReasons=GAPI.DRIVE_COPY_THROW_REASONS+[GAPI.INTERNAL_ERROR, GAPI.INSUFFICIENT_PARENT_PERMISSIONS,
-                                                                          GAPI.TEAMDRIVES_SHORTCUT_FILE_NOT_SUPPORTED],
+                                                                          GAPI.TEAMDRIVES_SHORTCUT_FILE_NOT_SUPPORTED, GAPI.SHARE_OUT_WARNING],
                              fileId=childId, body=child, fields='id,name', supportsAllDrives=True)
            if not csvPF:
              entityModifierItemValueListActionPerformed(kvList, Act.MODIFIER_TO,
@@ -59692,7 +59742,7 @@ def copyDriveFile(users):
                  GAPI.insufficientParentPermissions, GAPI.unknownError,
                  GAPI.invalid, GAPI.cannotCopyFile, GAPI.badRequest, GAPI.responsePreparationFailure, GAPI.fileNeverWritable, GAPI.fieldNotWritable,
                  GAPI.teamDrivesSharingRestrictionNotAllowed, GAPI.rateLimitExceeded, GAPI.userRateLimitExceeded,
-                  GAPI.internalError, GAPI.teamDrivesShortcutFileNotSupported) as e:
+                  GAPI.internalError, GAPI.teamDrivesShortcutFileNotSupported, GAPI.shareOutWarning) as e:
            entityActionFailedWarning(kvList, str(e), k, kcount)
            _incrStatistic(statistics, STAT_FILE_FAILED)
          except (GAPI.storageQuotaExceeded, GAPI.teamDriveFileLimitExceeded, GAPI.teamDriveHierarchyTooDeep) as e:
@@ -59788,7 +59838,7 @@ def copyDriveFile(users):
 # Source at root of Shared Drive?
        sourceMimeType = source['mimeType']
        if sourceMimeType == MIMETYPE_GA_FOLDER and source.get('driveId') and source['name'] == TEAM_DRIVE and not source.get('parents', []):
-          source['name'] = _getSharedDriveNameFromId(source['driveId'])
+          source['name'] = _getSharedDriveNameFromId(drive, source['driveId'])
        sourceName = source['name']
        sourceNameId = f"{sourceName}({source['id']})"
        copyMoveOptions['sourceDriveId'] = source.get('driveId')
@@ -60364,7 +60414,7 @@ def moveDriveFile(users):
                                                                    GAPI.INVALID, GAPI.BAD_REQUEST, GAPI.FILE_NOT_FOUND, GAPI.UNKNOWN_ERROR,
                                                                    GAPI.STORAGE_QUOTA_EXCEEDED, GAPI.TEAMDRIVES_SHARING_RESTRICTION_NOT_ALLOWED,
                                                                    GAPI.TEAMDRIVE_FILE_LIMIT_EXCEEDED, GAPI.TEAMDRIVE_HIERARCHY_TOO_DEEP, GAPI.SHORTCUT_TARGET_INVALID,
-                                                                    GAPI.TARGET_USER_ROLE_LIMITED_BY_LICENSE_RESTRICTION],
+                                                                    GAPI.TARGET_USER_ROLE_LIMITED_BY_LICENSE_RESTRICTION, GAPI.SHARE_OUT_WARNING],
                        body=body, fields='id', supportsAllDrives=True)
      Act.Set(Act.CREATE_SHORTCUT)
      entityModifierItemValueListActionPerformed(kvList, Act.MODIFIER_IN,
@@ -60376,7 +60426,7 @@ def moveDriveFile(users):
            GAPI.invalid, GAPI.badRequest, GAPI.fileNotFound, GAPI.unknownError,
            GAPI.storageQuotaExceeded, GAPI.teamDrivesSharingRestrictionNotAllowed,
            GAPI.teamDriveFileLimitExceeded, GAPI.teamDriveHierarchyTooDeep, GAPI.shortcutTargetInvalid,
-            GAPI.targetUserRoleLimitedByLicenseRestriction) as e:
+            GAPI.targetUserRoleLimitedByLicenseRestriction, GAPI.shareOutWarning) as e:
      entityActionFailedWarning(kvList+[Ent.DRIVE_FILE_SHORTCUT, childName], str(e), k, kcount)
      _incrStatistic(statistics, STAT_FILE_FAILED)

@@ -60394,6 +60444,7 @@ def moveDriveFile(users):
                                                             GAPI.FILE_OWNER_NOT_MEMBER_OF_TEAMDRIVE,
                                                             GAPI.FILE_OWNER_NOT_MEMBER_OF_WRITER_DOMAIN,
                                                             GAPI.FILE_WRITER_TEAMDRIVE_MOVE_IN_DISABLED,
+                                                             GAPI.SHARE_OUT_NOT_PERMITTED,
                                                             GAPI.TARGET_USER_ROLE_LIMITED_BY_LICENSE_RESTRICTION,
                                                             GAPI.CANNOT_MOVE_TRASHED_ITEM_INTO_TEAMDRIVE,
                                                             GAPI.CANNOT_MOVE_TRASHED_ITEM_OUT_OF_TEAMDRIVE,
@@ -60408,7 +60459,7 @@ def moveDriveFile(users):
      _incrStatistic(statistics, STAT_FILE_COPIED_MOVED)
      return
    except (GAPI.fileNotFound, GAPI.forbidden, GAPI.internalError, GAPI.unknownError, GAPI.badRequest,
-            GAPI.targetUserRoleLimitedByLicenseRestriction,
+            GAPI.shareOutNotPermitted, GAPI.targetUserRoleLimitedByLicenseRestriction,
            GAPI.cannotMoveTrashedItemIntoTeamDrive, GAPI.cannotMoveTrashedItemOutOfTeamDrive,
            GAPI.teamDrivesShortcutFileNotSupported, GAPI.storageQuotaExceeded) as e:
      entityActionFailedWarning(kvList, str(e), k, kcount)
@@ -60558,7 +60609,7 @@ def moveDriveFile(users):
        if sourceMimeType == MIMETYPE_GA_FOLDER and source['name'] in [MY_DRIVE, TEAM_DRIVE] and not source.get('parents', []):
          copyMoveOptions['sourceIsMyDriveSharedDrive'] = True
          if source.get('driveId'):
-            source['name'] = _getSharedDriveNameFromId(source['driveId'])
+            source['name'] = _getSharedDriveNameFromId(drive, source['driveId'])
        sourceName = source['name']
        sourceNameId = f"{sourceName}({source['id']})"
        copyMoveOptions['sourceDriveId'] = source.get('driveId')
@@ -63002,7 +63053,7 @@ def printEmptyDriveFolders(users):
        fileIdEntity['shareddrive'] = {'driveId': sharedDriveId, 'corpora': 'drive', 'includeItemsFromAllDrives': True, 'supportsAllDrives': True}
        csvPF.AddTitles(['driveId'])
        csvPF.MoveTitlesToEnd(['name'])
-        pathList = [f'{SHARED_DRIVES}/{_getSharedDriveNameFromId(sharedDriveId)}']
+        pathList = [f'{SHARED_DRIVES}/{_getSharedDriveNameFromId(drive, sharedDriveId)}']
      else:
        pathList = [fileEntryInfo['name']]
      mimeType = fileEntryInfo['mimeType']
@@ -63092,7 +63143,7 @@ def deleteEmptyDriveFolders(users):
      if 'driveId' in fileEntryInfo:
        sharedDriveId = fileEntryInfo['driveId']
        fileIdEntity['shareddrive'] = {'driveId': sharedDriveId, 'corpora': 'drive', 'includeItemsFromAllDrives': True, 'supportsAllDrives': True}
-        pathList = [f'{SHARED_DRIVES}/{_getSharedDriveNameFromId(sharedDriveId)}']
+        pathList = [f'{SHARED_DRIVES}/{_getSharedDriveNameFromId(drive, sharedDriveId)}']
      else:
        pathList = [fileEntryInfo['name']]
      mimeType = fileEntryInfo['mimeType']
@@ -65529,7 +65580,7 @@ def doPrintShowSharedDrives():
 def doPrintShowOrgunitSharedDrives():
  def _getOrgUnitSharedDriveInfo(shareddrive):
    shareddrive['driveId'] = shareddrive['name'].rsplit(';')[1]
-    shareddrive['driveName'] = _getSharedDriveNameFromId(shareddrive['driveId'])
+    shareddrive['driveName'] = _getSharedDriveNameFromId(drive, shareddrive['driveId'], True)
    shareddrive['orgUnitPath'] = orgUnitPath

  def _showOrgUnitSharedDrive(shareddrive, j, jcount, FJQC):
@@ -65543,13 +65594,13 @@ def doPrintShowOrgunitSharedDrives():
    printEntity([Ent.MEMBER_URI, shareddrive['memberUri']])
    printEntity([Ent.SHAREDDRIVE_ID, shareddrive['driveId']])
    printEntity([Ent.SHAREDDRIVE_NAME, shareddrive['driveName']])
-    printEntity([Ent.ORGANIZATIONAL_UNIT, shareddrive['orgUnit']])
+    printEntity([Ent.ORGANIZATIONAL_UNIT, shareddrive['orgUnitPath']])
    Ind.Decrement()

  ci = buildGAPIObject(API.CLOUDIDENTITY_ORGUNITS_BETA)
  cd = buildGAPIObject(API.DIRECTORY)
-  _, GM.Globals[GM.ADMIN_DRIVE] = buildGAPIServiceObject(API.DRIVE3, _getAdminEmail())
-  if not GM.Globals[GM.ADMIN_DRIVE]:
+  _, drive = buildGAPIServiceObject(API.DRIVE3, _getAdminEmail())
+  if drive is None:
    return
  csvPF = CSVPrintFile(['name', 'type', 'member', 'memberUri', 'driveId', 'driveName', 'orgUnitPath']) if Act.csvFormat() else None
  FJQC = FormatJSONQuoteChar(csvPF)
@@ -65628,13 +65679,13 @@ def copySyncSharedDriveACLs(users, useDomainAdminAccess=False):
    if not drive:
      continue
    if not srcFileIdEntity.get('shareddrivename'):
-      srcFileIdEntity['shareddrivename'] = _getSharedDriveNameFromId(srcFileIdEntity['shareddrive']['driveId'])
+      srcFileIdEntity['shareddrivename'] = _getSharedDriveNameFromId(drive, srcFileIdEntity['shareddrive']['driveId'])
    if tgtFileIdEntity.get('shareddrivename'):
      if not _convertSharedDriveNameToId(drive, user, i, count, tgtFileIdEntity, useDomainAdminAccess):
        continue
      tgtFileIdEntity['shareddrive']['corpora'] = 'drive'
    else:
-      tgtFileIdEntity['shareddrivename'] = _getSharedDriveNameFromId(tgtFileIdEntity['shareddrive']['driveId'])
+      tgtFileIdEntity['shareddrivename'] = _getSharedDriveNameFromId(drive, tgtFileIdEntity['shareddrive']['driveId'])
    statistics = _initStatistics()
    copyMoveOptions['sourceDriveId'] = srcFileIdEntity['shareddrive']['driveId']
    copyMoveOptions['destDriveId'] = tgtFileIdEntity['shareddrive']['driveId']
--- a/src/gam/cacerts.pem
+++ b/src/gam/cacerts.pem
@@ -1,33 +1,3 @@
-# Operating CA: DigiCert
-# Issuer: CN=Baltimore CyberTrust Root O=Baltimore OU=CyberTrust
-# Subject: CN=Baltimore CyberTrust Root O=Baltimore OU=CyberTrust
-# Label: "Baltimore CyberTrust Root"
-# Serial: 33554617
-# MD5 Fingerprint: ac:b6:94:a5:9c:17:e0:d7:91:52:9b:b1:97:06:a6:e4
-# SHA1 Fingerprint: d4:de:20:d0:5e:66:fc:53:fe:1a:50:88:2c:78:db:28:52:ca:e4:74
-# SHA256 Fingerprint: 16:af:57:a9:f6:76:b0:ab:12:60:95:aa:5e:ba:de:f2:2a:b3:11:19:d6:44:ac:95:cd:4b:93:db:f3:f2:6a:eb
-----BEGIN CERTIFICATE-----
-MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ
-RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD
-VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX
-DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y
-ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy
-VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr
-mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr
-IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK
-mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu
-XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy
-dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye
-jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1
-BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3
-DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92
-9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx
-jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0
-Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz
-ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS
-R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp
-----END CERTIFICATE-----
-
 # Operating CA: DigiCert
 # Issuer: CN=DigiCert Assured ID Root CA O=DigiCert Inc OU=www.digicert.com
 # Subject: CN=DigiCert Assured ID Root CA O=DigiCert Inc OU=www.digicert.com
@@ -273,257 +243,6 @@ r/OSmbaz5mEP0oUA51Aa5BuVnRmhuZyxm7EAHu/QD09CbMkKvO5D+jpxpchNJqU1
 gKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP82Z+
 -----END CERTIFICATE-----

-# Operating CA: Entrust Datacard
-# Issuer: CN=Entrust Root Certification Authority O=Entrust, Inc. OU=www.entrust.net/CPS is incorporated by reference/(c) 2006 Entrust, Inc.
-# Subject: CN=Entrust Root Certification Authority O=Entrust, Inc. OU=www.entrust.net/CPS is incorporated by reference/(c) 2006 Entrust, Inc.
-# Label: "Entrust Root Certification Authority"
-# Serial: 1164660820
-# MD5 Fingerprint: d6:a5:c3:ed:5d:dd:3e:00:c1:3d:87:92:1f:1d:3f:e4
-# SHA1 Fingerprint: b3:1e:b1:b7:40:e3:6c:84:02:da:dc:37:d4:4d:f5:d4:67:49:52:f9
-# SHA256 Fingerprint: 73:c1:76:43:4f:1b:c6:d5:ad:f4:5b:0e:76:e7:27:28:7c:8d:e5:76:16:c1:e6:e6:14:1a:2b:2c:bc:7d:8e:4c
-----BEGIN CERTIFICATE-----
-MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMC
-VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0
-Lm5ldC9DUFMgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW
-KGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsGA1UEAxMkRW50cnVzdCBSb290IENl
-cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEyNzIwMjM0MloXDTI2MTEyNzIw
-NTM0MlowgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkw
-NwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSBy
-ZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNV
-BAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJ
-KoZIhvcNAQEBBQADggEPADCCAQoCggEBALaVtkNC+sZtKm9I35RMOVcF7sN5EUFo
-Nu3s/poBj6E4KPz3EEZmLk0eGrEaTsbRwJWIsMn/MYszA9u3g3s+IIRe7bJWKKf4
-4LlAcTfFy0cOlypowCKVYhXbR9n10Cv/gkvJrT7eTNuQgFA/CYqEAOwwCj0Yzfv9
-KlmaI5UXLEWeH25DeW0MXJj+SKfFI0dcXv1u5x609mhF0YaDW6KKjbHjKYD+JXGI
-rb68j6xSlkuqUY3kEzEZ6E5Nn9uss2rVvDlUccp6en+Q3X0dgNmBu1kmwhH+5pPi
-94DkZfs0Nw4pgHBNrziGLp5/V6+eF67rHMsoIV+2HNjnogQi+dPa2MsCAwEAAaOB
-sDCBrTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zArBgNVHRAEJDAi
-gA8yMDA2MTEyNzIwMjM0MlqBDzIwMjYxMTI3MjA1MzQyWjAfBgNVHSMEGDAWgBRo
-kORnpKZTgMeGZqTx90tD+4S9bTAdBgNVHQ4EFgQUaJDkZ6SmU4DHhmak8fdLQ/uE
-vW0wHQYJKoZIhvZ9B0EABBAwDhsIVjcuMTo0LjADAgSQMA0GCSqGSIb3DQEBBQUA
-A4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8ZyntyTtSx29CW+1RaGSwMCPeyvIWonX9t
-O1KzKtvn1ISMY/YPyyYBkVBs9F8U4pN0wBOeMDpQ47RgxRzwIkSNcUesyBrJ6Zua
-AGAT/3B+XxFNSRuzFVJ7yVTav52Vr2ua2J7p8eRDjeIRRDq/r72DQnNSi6q7pynP
-9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE2jTSW3iDVuycNsMm4hH2Z0kdkquM++v/
-eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0tHuu2guQOHXvgR1m
-0vdXcDazv/wor3ElhVsT/h5/WrQ8
-----END CERTIFICATE-----
-
-# Operating CA: Entrust Datacard
-# Issuer: CN=Entrust Root Certification Authority - EC1 O=Entrust, Inc. OU=See www.entrust.net/legal-terms/(c) 2012 Entrust, Inc. - for authorized use only
-# Subject: CN=Entrust Root Certification Authority - EC1 O=Entrust, Inc. OU=See www.entrust.net/legal-terms/(c) 2012 Entrust, Inc. - for authorized use only
-# Label: "Entrust Root Certification Authority - EC1"
-# Serial: 51543124481930649114116133369
-# MD5 Fingerprint: b6:7e:1d:f0:58:c5:49:6c:24:3b:3d:ed:98:18:ed:bc
-# SHA1 Fingerprint: 20:d8:06:40:df:9b:25:f5:12:25:3a:11:ea:f7:59:8a:eb:14:b5:47
-# SHA256 Fingerprint: 02:ed:0e:b2:8c:14:da:45:16:5c:56:67:91:70:0d:64:51:d7:fb:56:f0:b2:ab:1d:3b:8e:b0:70:e5:6e:df:f5
-----BEGIN CERTIFICATE-----
-MIIC+TCCAoCgAwIBAgINAKaLeSkAAAAAUNCR+TAKBggqhkjOPQQDAzCBvzELMAkG
-A1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3
-d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVu
-dHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEzMDEGA1UEAxMq
-RW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRUMxMB4XDTEy
-MTIxODE1MjUzNloXDTM3MTIxODE1NTUzNlowgb8xCzAJBgNVBAYTAlVTMRYwFAYD
-VQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0
-L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0g
-Zm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMzAxBgNVBAMTKkVudHJ1c3QgUm9vdCBD
-ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEVDMTB2MBAGByqGSM49AgEGBSuBBAAi
-A2IABIQTydC6bUF74mzQ61VfZgIaJPRbiWlH47jCffHyAsWfoPZb1YsGGYZPUxBt
-ByQnoaD41UcZYUx9ypMn6nQM72+WCf5j7HBdNq1nd67JnXxVRDqiY1Ef9eNi1KlH
-Bz7MIKNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O
-BBYEFLdj5xrdjekIplWDpOBqUEFlEUJJMAoGCCqGSM49BAMDA2cAMGQCMGF52OVC
-R98crlOZF7ZvHH3hvxGU0QOIdeSNiaSKd0bebWHvAvX7td/M/k7//qnmpwIwW5nX
-hTcGtXsI/esni0qU+eH6p44mCOh8kmhtc9hvJqwhAriZtyZBWyVgrtBIGu4G
-----END CERTIFICATE-----
-
-# Operating CA: Entrust Datacard
-# Issuer: CN=Entrust Root Certification Authority - G2 O=Entrust, Inc. OU=See www.entrust.net/legal-terms/(c) 2009 Entrust, Inc. - for authorized use only
-# Subject: CN=Entrust Root Certification Authority - G2 O=Entrust, Inc. OU=See www.entrust.net/legal-terms/(c) 2009 Entrust, Inc. - for authorized use only
-# Label: "Entrust Root Certification Authority - G2"
-# Serial: 1246989352
-# MD5 Fingerprint: 4b:e2:c9:91:96:65:0c:f4:0e:5a:93:92:a0:0a:fe:b2
-# SHA1 Fingerprint: 8c:f4:27:fd:79:0c:3a:d1:66:06:8d:e8:1e:57:ef:bb:93:22:72:d4
-# SHA256 Fingerprint: 43:df:57:74:b0:3e:7f:ef:5f:e4:0d:93:1a:7b:ed:f1:bb:2e:6b:42:73:8c:4e:6d:38:41:10:3d:3a:a7:f3:39
-----BEGIN CERTIFICATE-----
-MIIEPjCCAyagAwIBAgIESlOMKDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMC
-VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50
-cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3Qs
-IEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVz
-dCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwHhcNMDkwNzA3MTcy
-NTU0WhcNMzAxMjA3MTc1NTU0WjCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVu
-dHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwt
-dGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0
-aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmlj
-YXRpb24gQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-AoIBAQC6hLZy254Ma+KZ6TABp3bqMriVQRrJ2mFOWHLP/vaCeb9zYQYKpSfYs1/T
-RU4cctZOMvJyig/3gxnQaoCAAEUesMfnmr8SVycco2gvCoe9amsOXmXzHHfV1IWN
-cCG0szLni6LVhjkCsbjSR87kyUnEO6fe+1R9V77w6G7CebI6C1XiUJgWMhNcL3hW
-wcKUs/Ja5CeanyTXxuzQmyWC48zCxEXFjJd6BmsqEZ+pCm5IO2/b1BEZQvePB7/1
-U1+cPvQXLOZprE4yTGJ36rfo5bs0vBmLrpxR57d+tVOxMyLlbc9wPBr64ptntoP0
-jaWvYkxN4FisZDQSA/i2jZRjJKRxAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAP
-BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqciZ60B7vfec7aVHUbI2fkBJmqzAN
-BgkqhkiG9w0BAQsFAAOCAQEAeZ8dlsa2eT8ijYfThwMEYGprmi5ZiXMRrEPR9RP/
-jTkrwPK9T3CMqS/qF8QLVJ7UG5aYMzyorWKiAHarWWluBh1+xLlEjZivEtRh2woZ
-Rkfz6/djwUAFQKXSt/S1mja/qYh2iARVBCuch38aNzx+LaUa2NSJXsq9rD1s2G2v
-1fN2D807iDginWyTmsQ9v4IbZT+mD12q/OWyFcq1rca8PdCE6OoGcrBNOTJ4vz4R
-nAuknZoh8/CbCzB428Hch0P+vGOaysXCHMnHjf87ElgI5rY97HosTvuDls4MPGmH
-VHOkc8KT/1EQrBVUAdj8BbGJoX90g5pJ19xOe4pIb4tF9g==
-----END CERTIFICATE-----
-
-# Operating CA: Entrust Datacard
-# Issuer: CN=Entrust.net Certification Authority (2048) O=Entrust.net OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/(c) 1999 Entrust.net Limited
-# Subject: CN=Entrust.net Certification Authority (2048) O=Entrust.net OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/(c) 1999 Entrust.net Limited
-# Label: "Entrust.net Premium 2048 Secure Server CA"
-# Serial: 946069240
-# MD5 Fingerprint: ee:29:31:bc:32:7e:9a:e6:e8:b5:f7:51:b4:34:71:90
-# SHA1 Fingerprint: 50:30:06:09:1d:97:d4:f5:ae:39:f7:cb:e7:92:7d:7d:65:2d:34:31
-# SHA256 Fingerprint: 6d:c4:71:72:e0:1c:bc:b0:bf:62:58:0d:89:5f:e2:b8:ac:9a:d4:f8:73:80:1e:0c:10:b9:c8:37:d2:1e:b1:77
-----BEGIN CERTIFICATE-----
-MIIEKjCCAxKgAwIBAgIEOGPe+DANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML
-RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp
-bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5
-IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp
-ZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQxNzUwNTFaFw0yOTA3
-MjQxNDE1MTJaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3d3d3
-LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxp
-YWIuKTElMCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEG
-A1UEAxMqRW50cnVzdC5uZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgp
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArU1LqRKGsuqjIAcVFmQq
-K0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOLGp18EzoOH1u3Hs/lJBQe
-sYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSrhRSGlVuX
-MlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVT
-XTzWnLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/
-HoZdenoVve8AjhUiVBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH
-4QIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV
-HQ4EFgQUVeSB0RGAvtiJuQijMfmhJAkWuXAwDQYJKoZIhvcNAQEFBQADggEBADub
-j1abMOdTmXx6eadNl9cZlZD7Bh/KM3xGY4+WZiT6QBshJ8rmcnPyT/4xmf3IDExo
-U8aAghOY+rat2l098c5u9hURlIIM7j+VrxGrD9cv3h8Dj1csHsm7mhpElesYT6Yf
-zX1XEC+bBAlahLVu2B064dae0Wx5XnkcFMXj0EyTO2U87d89vqbllRrDtRnDvV5b
-u/8j72gZyxKTJ1wDLW8w0B62GqzeWvfRqqgnpv55gcR5mTNXuhKwqeBCbJPKVt7+
-bYQLCIt+jerXmCHG8+c8eS9enNFMFY3h7CI3zJpDC5fcgJCNs2ebb0gIFVbPv/Er
-fF6adulZkMV8gzURZVE=
-----END CERTIFICATE-----
-
-# Operating CA: Entrust Datacard
-# Issuer: CN=AffirmTrust Commercial O=AffirmTrust
-# Subject: CN=AffirmTrust Commercial O=AffirmTrust
-# Label: "AffirmTrust Commercial"
-# Serial: 8608355977964138876
-# MD5 Fingerprint: 82:92:ba:5b:ef:cd:8a:6f:a6:3d:55:f9:84:f6:d6:b7
-# SHA1 Fingerprint: f9:b5:b6:32:45:5f:9c:be:ec:57:5f:80:dc:e9:6e:2c:c7:b2:78:b7
-# SHA256 Fingerprint: 03:76:ab:1d:54:c5:f9:80:3c:e4:b2:e2:01:a0:ee:7e:ef:7b:57:b6:36:e8:a9:3c:9b:8d:48:60:c9:6f:5f:a7
-----BEGIN CERTIFICATE-----
-MIIDTDCCAjSgAwIBAgIId3cGJyapsXwwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UE
-BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz
-dCBDb21tZXJjaWFsMB4XDTEwMDEyOTE0MDYwNloXDTMwMTIzMTE0MDYwNlowRDEL
-MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp
-cm1UcnVzdCBDb21tZXJjaWFsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
-AQEA9htPZwcroRX1BiLLHwGy43NFBkRJLLtJJRTWzsO3qyxPxkEylFf6EqdbDuKP
-Hx6GGaeqtS25Xw2Kwq+FNXkyLbscYjfysVtKPcrNcV/pQr6U6Mje+SJIZMblq8Yr
-ba0F8PrVC8+a5fBQpIs7R6UjW3p6+DM/uO+Zl+MgwdYoic+U+7lF7eNAFxHUdPAL
-MeIrJmqbTFeurCA+ukV6BfO9m2kVrn1OIGPENXY6BwLJN/3HR+7o8XYdcxXyl6S1
-yHp52UKqK39c/s4mT6NmgTWvRLpUHhwwMmWd5jyTXlBOeuM61G7MGvv50jeuJCqr
-VwMiKA1JdX+3KNp1v47j3A55MQIDAQABo0IwQDAdBgNVHQ4EFgQUnZPGU4teyq8/
-nx4P5ZmVvCT2lI8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ
-KoZIhvcNAQELBQADggEBAFis9AQOzcAN/wr91LoWXym9e2iZWEnStB03TX8nfUYG
-XUPGhi4+c7ImfU+TqbbEKpqrIZcUsd6M06uJFdhrJNTxFq7YpFzUf1GO7RgBsZNj
-vbz4YYCanrHOQnDiqX0GJX0nof5v7LMeJNrjS1UaADs1tDvZ110w/YETifLCBivt
-Z8SOyUOyXGsViQK8YvxO8rUzqrJv0wqiUOP2O+guRMLbZjipM1ZI8W0bM40NjD9g
-N53Tym1+NH4Nn3J2ixufcv1SNUFFApYvHLKac0khsUlHRUe072o0EclNmsxZt9YC
-nlpOZbWUrhvfKbAW8b8Angc6F2S1BLUjIZkKlTuXfO8=
-----END CERTIFICATE-----
-
-# Operating CA: Entrust Datacard
-# Issuer: CN=AffirmTrust Networking O=AffirmTrust
-# Subject: CN=AffirmTrust Networking O=AffirmTrust
-# Label: "AffirmTrust Networking"
-# Serial: 8957382827206547757
-# MD5 Fingerprint: 42:65:ca:be:01:9a:9a:4c:a9:8c:41:49:cd:c0:d5:7f
-# SHA1 Fingerprint: 29:36:21:02:8b:20:ed:02:f5:66:c5:32:d1:d6:ed:90:9f:45:00:2f
-# SHA256 Fingerprint: 0a:81:ec:5a:92:97:77:f1:45:90:4a:f3:8d:5d:50:9f:66:b5:e2:c5:8f:cd:b5:31:05:8b:0e:17:f3:f0:b4:1b
-----BEGIN CERTIFICATE-----
-MIIDTDCCAjSgAwIBAgIIfE8EORzUmS0wDQYJKoZIhvcNAQEFBQAwRDELMAkGA1UE
-BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz
-dCBOZXR3b3JraW5nMB4XDTEwMDEyOTE0MDgyNFoXDTMwMTIzMTE0MDgyNFowRDEL
-MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp
-cm1UcnVzdCBOZXR3b3JraW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
-AQEAtITMMxcua5Rsa2FSoOujz3mUTOWUgJnLVWREZY9nZOIG41w3SfYvm4SEHi3y
-YJ0wTsyEheIszx6e/jarM3c1RNg1lho9Nuh6DtjVR6FqaYvZ/Ls6rnla1fTWcbua
-kCNrmreIdIcMHl+5ni36q1Mr3Lt2PpNMCAiMHqIjHNRqrSK6mQEubWXLviRmVSRL
-QESxG9fhwoXA3hA/Pe24/PHxI1Pcv2WXb9n5QHGNfb2V1M6+oF4nI979ptAmDgAp
-6zxG8D1gvz9Q0twmQVGeFDdCBKNwV6gbh+0t+nvujArjqWaJGctB+d1ENmHP4ndG
-yH329JKBNv3bNPFyfvMMFr20FQIDAQABo0IwQDAdBgNVHQ4EFgQUBx/S55zawm6i
-QLSwelAQUHTEyL0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ
-KoZIhvcNAQEFBQADggEBAIlXshZ6qML91tmbmzTCnLQyFE2npN/svqe++EPbkTfO
-tDIuUFUaNU52Q3Eg75N3ThVwLofDwR1t3Mu1J9QsVtFSUzpE0nPIxBsFZVpikpzu
-QY0x2+c06lkh1QF612S4ZDnNye2v7UsDSKegmQGA3GWjNq5lWUhPgkvIZfFXHeVZ
-Lgo/bNjR9eUJtGxUAArgFU2HdW23WJZa3W3SAKD0m0i+wzekujbgfIeFlxoVot4u
-olu9rxj5kFDNcFn4J2dHy8egBzp90SxdbBk6ZrV9/ZFvgrG+CJPbFEfxojfHRZ48
-x3evZKiT3/Zpg4Jg8klCNO1aAFSFHBY2kgxc+qatv9s=
-----END CERTIFICATE-----
-
-# Operating CA: Entrust Datacard
-# Issuer: CN=AffirmTrust Premium O=AffirmTrust
-# Subject: CN=AffirmTrust Premium O=AffirmTrust
-# Label: "AffirmTrust Premium"
-# Serial: 7893706540734352110
-# MD5 Fingerprint: c4:5d:0e:48:b6:ac:28:30:4e:0a:bc:f9:38:16:87:57
-# SHA1 Fingerprint: d8:a6:33:2c:e0:03:6f:b1:85:f6:63:4f:7d:6a:06:65:26:32:28:27
-# SHA256 Fingerprint: 70:a7:3f:7f:37:6b:60:07:42:48:90:45:34:b1:14:82:d5:bf:0e:69:8e:cc:49:8d:f5:25:77:eb:f2:e9:3b:9a
-----BEGIN CERTIFICATE-----
-MIIFRjCCAy6gAwIBAgIIbYwURrGmCu4wDQYJKoZIhvcNAQEMBQAwQTELMAkGA1UE
-BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVz
-dCBQcmVtaXVtMB4XDTEwMDEyOTE0MTAzNloXDTQwMTIzMTE0MTAzNlowQTELMAkG
-A1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1U
-cnVzdCBQcmVtaXVtMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxBLf
-qV/+Qd3d9Z+K4/as4Tx4mrzY8H96oDMq3I0gW64tb+eT2TZwamjPjlGjhVtnBKAQ
-JG9dKILBl1fYSCkTtuG+kU3fhQxTGJoeJKJPj/CihQvL9Cl/0qRY7iZNyaqoe5rZ
-+jjeRFcV5fiMyNlI4g0WJx0eyIOFJbe6qlVBzAMiSy2RjYvmia9mx+n/K+k8rNrS
-s8PhaJyJ+HoAVt70VZVs+7pk3WKL3wt3MutizCaam7uqYoNMtAZ6MMgpv+0GTZe5
-HMQxK9VfvFMSF5yZVylmd2EhMQcuJUmdGPLu8ytxjLW6OQdJd/zvLpKQBY0tL3d7
-70O/Nbua2Plzpyzy0FfuKE4mX4+QaAkvuPjcBukumj5Rp9EixAqnOEhss/n/fauG
-V+O61oV4d7pD6kh/9ti+I20ev9E2bFhc8e6kGVQa9QPSdubhjL08s9NIS+LI+H+S
-qHZGnEJlPqQewQcDWkYtuJfzt9WyVSHvutxMAJf7FJUnM7/oQ0dG0giZFmA7mn7S
-5u046uwBHjxIVkkJx0w3AJ6IDsBz4W9m6XJHMD4Q5QsDyZpCAGzFlH5hxIrff4Ia
-C1nEWTJ3s7xgaVY5/bQGeyzWZDbZvUjthB9+pSKPKrhC9IK31FOQeE4tGv2Bb0TX
-OwF0lkLgAOIua+rF7nKsu7/+6qqo+Nz2snmKtmcCAwEAAaNCMEAwHQYDVR0OBBYE
-FJ3AZ6YMItkm9UWrpmVSESfYRaxjMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/
-BAQDAgEGMA0GCSqGSIb3DQEBDAUAA4ICAQCzV00QYk465KzquByvMiPIs0laUZx2
-KI15qldGF9X1Uva3ROgIRL8YhNILgM3FEv0AVQVhh0HctSSePMTYyPtwni94loMg
-Nt58D2kTiKV1NpgIpsbfrM7jWNa3Pt668+s0QNiigfV4Py/VpfzZotReBA4Xrf5B
-8OWycvpEgjNC6C1Y91aMYj+6QrCcDFx+LmUmXFNPALJ4fqENmS2NuB2OosSw/WDQ
-MKSOyARiqcTtNd56l+0OOF6SL5Nwpamcb6d9Ex1+xghIsV5n61EIJenmJWtSKZGc
-0jlzCFfemQa0W50QBuHCAKi4HEoCChTQwUHK+4w1IX2COPKpVJEZNZOUbWo6xbLQ
-u4mGk+ibyQ86p3q4ofB4Rvr8Ny/lioTz3/4E2aFooC8k4gmVBtWVyuEklut89pMF
-u+1z6S3RdTnX5yTb2E5fQ4+e0BQ5v1VwSJlXMbSc7kqYA5YwH2AG7hsj/oFgIxpH
-YoWlzBk0gG+zrBrjn/B7SK3VAdlntqlyk+otZrWyuOQ9PLLvTIzq6we/qzWaVYa8
-GKa1qF60g2xraUDTn9zxw2lrueFtCfTxqlB2Cnp9ehehVZZCmTEJ3WARjQUwfuaO
-RtGdFNrHF+QFlozEJLUbzxQHskD4o55BhrwE0GuWyCqANP2/7waj3VjFhT0+j/6e
-KeC2uAloGRwYQw==
-----END CERTIFICATE-----
-
-# Operating CA: Entrust Datacard
-# Issuer: CN=AffirmTrust Premium ECC O=AffirmTrust
-# Subject: CN=AffirmTrust Premium ECC O=AffirmTrust
-# Label: "AffirmTrust Premium ECC"
-# Serial: 8401224907861490260
-# MD5 Fingerprint: 64:b0:09:55:cf:b1:d5:99:e2:be:13:ab:a6:5d:ea:4d
-# SHA1 Fingerprint: b8:23:6b:00:2f:1d:16:86:53:01:55:6c:11:a4:37:ca:eb:ff:c3:bb
-# SHA256 Fingerprint: bd:71:fd:f6:da:97:e4:cf:62:d1:64:7a:dd:25:81:b0:7d:79:ad:f8:39:7e:b4:ec:ba:9c:5e:84:88:82:14:23
-----BEGIN CERTIFICATE-----
-MIIB/jCCAYWgAwIBAgIIdJclisc/elQwCgYIKoZIzj0EAwMwRTELMAkGA1UEBhMC
-VVMxFDASBgNVBAoMC0FmZmlybVRydXN0MSAwHgYDVQQDDBdBZmZpcm1UcnVzdCBQ
-cmVtaXVtIEVDQzAeFw0xMDAxMjkxNDIwMjRaFw00MDEyMzExNDIwMjRaMEUxCzAJ
-BgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEgMB4GA1UEAwwXQWZmaXJt
-VHJ1c3QgUHJlbWl1bSBFQ0MwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNMF4bFZ0D
-0KF5Nbc6PJJ6yhUczWLznCZcBz3lVPqj1swS6vQUX+iOGasvLkjmrBhDeKzQN8O9
-ss0s5kfiGuZjuD0uL3jET9v0D6RoTFVya5UdThhClXjMNzyR4ptlKymjQjBAMB0G
-A1UdDgQWBBSaryl6wBE1NSZRMADDav5A1a7WPDAPBgNVHRMBAf8EBTADAQH/MA4G
-A1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNnADBkAjAXCfOHiFBar8jAQr9HX/Vs
-aobgxCd05DhT1wV/GzTjxi+zygk8N53X57hG8f2h4nECMEJZh0PUUd+60wkyWs6I
-flc9nF9Ca/UHLbXwgpP5WW+uZPpY5Yse42O+tYHNbwKMeQ==
-----END CERTIFICATE-----
-
 # Operating CA: GlobalSign
 # Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA
 # Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA
@@ -818,16 +537,16 @@ smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg==
 # Issuer: CN=COMODO Certification Authority O=COMODO CA Limited
 # Subject: CN=COMODO Certification Authority O=COMODO CA Limited
 # Label: "COMODO Certification Authority"
-# Serial: 104350513648249232941998508985834464573
-# MD5 Fingerprint: 5c:48:dc:f7:42:72:ec:56:94:6d:1c:cc:71:35:80:75
-# SHA1 Fingerprint: 66:31:bf:9e:f7:4f:9e:b6:c9:d5:a6:0c:ba:6a:be:d1:f7:bd:ef:7b
-# SHA256 Fingerprint: 0c:2c:d6:3d:f7:80:6f:a3:99:ed:e8:09:11:6b:57:5b:f8:79:89:f0:65:18:f9:80:8c:86:05:03:17:8b:af:66
+# Serial: 43390818032842818540635488309124489234
+# MD5 Fingerprint:  20:E7:4F:82:C2:7E:94:80:34:82:8A:13:A9:17:1D:97
+# SHA1 Fingerprint EE:86:93:87:FF:FD:83:49:AB:5A:D1:43:22:58:87:89:A4:57:B0:12
+# SHA256 Fingerprint: 1A:0D:20:44:5D:E5:BA:18:62:D1:9E:F8:80:85:8C:BC:E5:01:02:B3:6E:8F:0A:04:0C:3C:69:E7:45:22:FE:6E
 -----BEGIN CERTIFICATE-----
-MIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUFADCB
+MIID0DCCArigAwIBAgIQIKTEf93f4cdTYwcTiHdgEjANBgkqhkiG9w0BAQUFADCB
 gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
 A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV
-BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEyMDEwMDAw
-MDBaFw0yOTEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl
+BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMTAxMDEwMDAw
+MDBaFw0zMDEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl
 YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P
 RE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0
 aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3
@@ -836,16 +555,14 @@ UcEbVASY06m/weaKXTuH+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI
 Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV4EajcNxo2f8ESIl33rXp
 +2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA1KGzqSX+
 DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5O
-nKVIrLsm9wIDAQABo4GOMIGLMB0GA1UdDgQWBBQLWOWLxkwVN6RAqTCpIb5HNlpW
-/zAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBJBgNVHR8EQjBAMD6g
-PKA6hjhodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9u
-QXV0aG9yaXR5LmNybDANBgkqhkiG9w0BAQUFAAOCAQEAPpiem/Yb6dc5t3iuHXIY
-SdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CPOGEIqB6BCsAv
-IC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYmuNg4ON8qa90SzMc/
-RxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4
-zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd
-BA6+C4OmF4O5MBKgxTMVBbkN+8cFduPYSo38NBejxiEovjBFMR7HeL5YYTisO+IB
-ZQ==
+nKVIrLsm9wIDAQABo0IwQDAdBgNVHQ4EFgQUC1jli8ZMFTekQKkwqSG+RzZaVv8w
+DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
+ggEBAC/JxBwHO89hAgCx2SFRdXIDMLDEFh9sAIsQrK/xR9SuEDwMGvjUk2ysEDd8
+t6aDZK3N3w6HM503sMZ7OHKx8xoOo/lVem0DZgMXlUrxsXrfViEGQo+x06iF3u6X
+HWLrp+cxEmbDD6ZLLkGC9/3JG6gbr+48zuOcrigHoSybJMIPIyaDMouGDx8rEkYl
+Fo92kANr3ryqImhrjKGsKxE5pttwwn1y6TPn/CbxdFqR5p2ErPioBhlG5qfpqjQi
+pKGfeq23sqSaM4hxAjwu1nqyH6LKwN0vEJT9s4yEIHlG1QXUEOTS22RPuFvuG8Ug
+R1uUq27UlTMdphVx8fiUylQ5PsE=
 -----END CERTIFICATE-----

 # Operating CA: Sectigo
--- a/src/gam/gamlib/glcfg.py
+++ b/src/gam/gamlib/glcfg.py
@@ -1,6 +1,6 @@
 # -*- coding: utf-8 -*-

-# Copyright (C) 2024 Ross Scroggs All Rights Reserved.
+# Copyright (C) 2025 Ross Scroggs All Rights Reserved.
 #
 # All Rights Reserved.
 #
@@ -260,12 +260,12 @@ SMTP_HOST = 'smtp_host'
 SMTP_USERNAME = 'smtp_username'
 # SMTP password
 SMTP_PASSWORD = 'smtp_password'
+# Time Zone
+TIMEZONE = 'timezone'
 ## Minimum TLS Version required for HTTPS connections
 TLS_MIN_VERSION = 'tls_min_version'
 ## Maximum TLS Version used for HTTPS connections
 TLS_MAX_VERSION = 'tls_max_version'
-# Time Zone
-TIMEZONE = 'timezone'
 # Clear basic filter when updating an existing sheet
 TODRIVE_CLEARFILTER = 'todrive_clearfilter'
 # Use client access for todrive
@@ -431,9 +431,9 @@ Defaults = {
  SMTP_HOST: '',
  SMTP_USERNAME: '',
  SMTP_PASSWORD: '',
+  TIMEZONE: 'utc',
  TLS_MIN_VERSION: 'TLSv1_3',
  TLS_MAX_VERSION: '',
-  TIMEZONE: 'utc',
  TODRIVE_CLEARFILTER: FALSE,
  TODRIVE_CLIENTACCESS: FALSE,
  TODRIVE_CONVERSION: TRUE,
@@ -599,9 +599,9 @@ VAR_INFO = {
  SMTP_HOST: {VAR_TYPE: TYPE_STRING, VAR_LIMITS: (0, None)},
  SMTP_USERNAME: {VAR_TYPE: TYPE_STRING, VAR_LIMITS: (0, None)},
  SMTP_PASSWORD: {VAR_TYPE: TYPE_PASSWORD, VAR_LIMITS: (0, None)},
+  TIMEZONE: {VAR_TYPE: TYPE_TIMEZONE},
  TLS_MIN_VERSION: {VAR_TYPE: TYPE_CHOICE, VAR_ENVVAR: 'GAM_TLS_MIN_VERSION', VAR_CHOICES: TLS_CHOICE_MAP},
  TLS_MAX_VERSION: {VAR_TYPE: TYPE_CHOICE, VAR_ENVVAR: 'GAM_TLS_MAX_VERSION', VAR_CHOICES: TLS_CHOICE_MAP},
-  TIMEZONE: {VAR_TYPE: TYPE_TIMEZONE},
  TODRIVE_CLEARFILTER: {VAR_TYPE: TYPE_BOOLEAN},
  TODRIVE_CLIENTACCESS: {VAR_TYPE: TYPE_BOOLEAN},
  TODRIVE_CONVERSION: {VAR_TYPE: TYPE_BOOLEAN},
--- a/src/gam/gamlib/glclargs.py
+++ b/src/gam/gamlib/glclargs.py
@@ -846,6 +846,7 @@ class GamCLArgs():
  OB_CHAT_MESSAGE = 'ChatMessage'
  OB_CHAT_MESSAGE_ID = 'ChatMessageID'
  OB_CHAT_SPACE = 'ChatSpace'
+  OB_CHAT_SPACE_LIST = 'ChatSpaceList'
  OB_CHAT_THREAD = 'ChatThread'
  OB_CHROMEPROFILE_ID = 'ChromeProfileId'
  OB_CHROME_VERSION = 'ChromeVersion'
@@ -993,7 +994,6 @@ class GamCLArgs():
  OB_ROLE_ASSIGNMENT_ID = 'RoleAssignmentID'
  OB_ROLE_ITEM = 'RoleItem'
  OB_ROLE_LIST = 'RoleList'
-  OB_ROOM_LIST = 'RoomList'
  OB_SCHEMA_ENTITY = 'SchemaEntity'
  OB_SCHEMA_NAME = 'SchemaName'
  OB_SCHEMA_NAME_FIELD_NAME = 'SchemaName.FieldName'
--- a/src/gam/gamlib/glgapi.py
+++ b/src/gam/gamlib/glgapi.py
@@ -1,6 +1,6 @@
 # -*- coding: utf-8 -*-

-# Copyright (C) 2024 Ross Scroggs All Rights Reserved.
+# Copyright (C) 2025 Ross Scroggs All Rights Reserved.
 #
 # All Rights Reserved.
 #
@@ -72,6 +72,7 @@ DOMAIN_POLICY = 'domainPolicy'
 DOWNLOAD_QUOTA_EXCEEDED = 'downloadQuotaExceeded'
 DUPLICATE = 'duplicate'
 EVENT_DURATION_EXCEEDS_LIMIT = 'eventDurationExceedsLimit'
+EVENT_TYPE_RESTRICTION = 'eventTypeRestriction'
 EXPIRATION_DATES_MUST_BE_IN_THE_FUTURE = 'expirationDatesMustBeInTheFuture'
 EXPIRATION_DATE_NOT_ALLOWED_FOR_SHARED_DRIVE_MEMBERS = 'expirationDateNotAllowedForSharedDriveMembers'
 FAILED_PRECONDITION = 'failedPrecondition'
@@ -156,6 +157,7 @@ SERVICE_NOT_AVAILABLE = 'serviceNotAvailable'
 SHARE_IN_NOT_PERMITTED = 'shareInNotPermitted'
 SHARE_OUT_NOT_PERMITTED = 'shareOutNotPermitted'
 SHARE_OUT_NOT_PERMITTED_TO_USER = 'shareOutNotPermittedToUser'
+SHARE_OUT_WARNING = 'shareOutWarning'
 SHARING_RATE_LIMIT_EXCEEDED = 'sharingRateLimitExceeded'
 SHORTCUT_TARGET_INVALID = 'shortcutTargetInvalid'
 STORAGE_QUOTA_EXCEEDED = 'storageQuotaExceeded'
@@ -456,6 +458,8 @@ class duplicate(Exception):
  pass
 class eventDurationExceedsLimit(Exception):
  pass
+class eventTypeRestriction(Exception):
+  pass
 class expirationDatesMustBeInTheFuture(Exception):
  pass
 class expirationDateNotAllowedForSharedDriveMembers(Exception):
@@ -618,6 +622,8 @@ class shareOutNotPermitted(Exception):
  pass
 class shareOutNotPermittedToUser(Exception):
  pass
+class shareOutWarning(Exception):
+  pass
 class sharingRateLimitExceeded(Exception):
  pass
 class shortcutTargetInvalid(Exception):
@@ -722,6 +728,7 @@ REASON_EXCEPTION_MAP = {
  DOWNLOAD_QUOTA_EXCEEDED: downloadQuotaExceeded,
  DUPLICATE: duplicate,
  EVENT_DURATION_EXCEEDS_LIMIT: eventDurationExceedsLimit,
+  EVENT_TYPE_RESTRICTION: eventTypeRestriction,
  EXPIRATION_DATES_MUST_BE_IN_THE_FUTURE: expirationDatesMustBeInTheFuture,
  EXPIRATION_DATE_NOT_ALLOWED_FOR_SHARED_DRIVE_MEMBERS: expirationDateNotAllowedForSharedDriveMembers,
  FAILED_PRECONDITION: failedPrecondition,
@@ -803,6 +810,7 @@ REASON_EXCEPTION_MAP = {
  SHARE_IN_NOT_PERMITTED: shareInNotPermitted,
  SHARE_OUT_NOT_PERMITTED: shareOutNotPermitted,
  SHARE_OUT_NOT_PERMITTED_TO_USER: shareOutNotPermittedToUser,
+  SHARE_OUT_WARNING: shareOutWarning,
  SHARING_RATE_LIMIT_EXCEEDED: sharingRateLimitExceeded,
  SHORTCUT_TARGET_INVALID: shortcutTargetInvalid,
  STORAGE_QUOTA_EXCEEDED: storageQuotaExceeded,
--- a/src/gam/gamlib/glglobals.py
+++ b/src/gam/gamlib/glglobals.py
@@ -1,6 +1,6 @@
 # -*- coding: utf-8 -*-

-# Copyright (C) 2023 Ross Scroggs All Rights Reserved.
+# Copyright (C) 2025 Ross Scroggs All Rights Reserved.
 #
 # All Rights Reserved.
 #
@@ -25,8 +25,6 @@
 # Some commands want to set a non-zero return code but not bail
 # GAM admin user from oauth2.txt or oauth2service.json
 ADMIN = 'admn'
-# Drive service for admin; used to look up Shared Drive Names
-ADMIN_DRIVE = 'addr'
 # Number/length of API call retries
 API_CALLS_RETRY_DATA = 'rtry'
 # GAM cache directory. If no_cache is True, this variable will be set to None
@@ -207,6 +205,7 @@ REDIRECT_WRITE_HEADER = 'rdwh'
 REDIRECT_MULTIPROCESS = 'rdmp'
 REDIRECT_QUEUE = 'rdq'
 REDIRECT_QUEUE_NAME = 'name'
+REDIRECT_QUEUE_CLEAR_ROW_FILTERS = 'clearRowFilters'
 REDIRECT_QUEUE_TODRIVE = 'todrive'
 REDIRECT_QUEUE_CSVPF = 'csvpf'
 REDIRECT_QUEUE_DATA = 'rows'
@@ -219,7 +218,6 @@ REDIRECT_QUEUE_EOF = 'eof'
 #
 Globals = {
  ADMIN: None,
-  ADMIN_DRIVE: None,
  API_CALLS_RETRY_DATA: {},
  CACHE_DIR: None,
  CACHE_DISCOVERY_ONLY: True,
--- a/wiki/Authorization.md
+++ b/wiki/Authorization.md
@@ -64,6 +64,7 @@ Verify the following steps:
 * If groups are used to authenticate access, make sure the super admin is in one of the groups
 * Collapse "Service status"
 * Expand "Cloud Resource Manager API settings"
+* Select the OU in the left that contains the super admin you'll be using
 * Make sure that "Allow users to create projects" is checked

 Verify that all scopes are available:
--- a/wiki/Calendars-Events.md
+++ b/wiki/Calendars-Events.md
@@ -567,7 +567,7 @@ By default, Gam displays the information as an indented list of keys and values.
 ```
 gam calendar <CalendarEntity> show events [<EventEntity>] <EventDisplayProperty>*
        [fields <EventFieldNameList>] [showdayofweek]
-        [countsonly] [formatjson]
+        [countsly] [formatjson]
 ```
 In `<EventEntity>`, any `<EventSelectProperty>` options must precede all other options.

@@ -585,8 +585,9 @@ By default, Gam displays event details, use `countsonly` to display only the num

 ```
 gam calendar <CalendarEntity> print events [<EventEntity>] <EventDisplayProperty>*
-         [fields <EventFieldNameList>] [showdayofweek]
-         [countsonly] [formatjson [quotechar <Character>]] [todrive <ToDriveAttribute>*]
+        [fields <EventFieldNameList>] [showdayofweek]
+        [countsonly [eventrowfilter]]
+        [formatjson [quotechar <Character>]] [todrive <ToDriveAttribute>*]
 ```
 In `<EventEntity>`, any `<EventSelectProperty>` options must precede all other options.

@@ -602,6 +603,11 @@ By default, Gam displays the information as columns of fields; the following opt

 By default, Gam displays event details, use `countsonly` to display only the number of events. `formatjson` does not apply in this case.

+When `countsonly` is specified, the `eventrowfilter` option causes
+GAM to apply `config csv_output_row_filter` to the event details rather than the event counts.
+This will be useful when `<EventSelectProperty>` and `<EventMatchProperty>` do not have the
+capabilty to select the events of interest; e.g., you want to filter based on the event `created` property.
+
 By default, when writing CSV files, Gam uses a quote character of double quote `"`. The quote character is used to enclose columns that contain
 the quote character itself, the column delimiter (comma by default) and new-line characters. Any quote characters within the column are doubled.
 When using the `formatjson` option, double quotes are used extensively in the data resulting in hard to read/process output.
@@ -627,6 +633,8 @@ gam calendar <CalendarEntity> deleteevent (id|eventid <EventID>)+ [doit] [<Event
 gam calendar <CalendarEntity> moveevent (id|eventid <EventID>)+ destination <CalendarItem> [<EventNotificationAttribute>]
 gam calendar <CalendarEntity> updateevent <EventID> <EventAttribute>+ [<EventNotificationAttribute>]
 gam calendar <CalendarEntity> wipe
-gam calendar <CalendarEntity> printevents <EventSelectProperty>* <EventDisplayProperty>* [fields <EventFieldNameList>]
-         [formatjson [quotechar <Character>]] [todrive <ToDriveAttribute>*]
+gam calendar <CalendarEntity> printevents <EventSelectProperty>* <EventDisplayProperty>*
+        [fields <EventFieldNameList>]
+        [countsonly [eventrowfilter]]
+        [formatjson [quotechar <Character>]] [todrive <ToDriveAttribute>*]
 ```
--- a/wiki/Cloud-Identity-Devices.md
+++ b/wiki/Cloud-Identity-Devices.md
@@ -1,4 +1,5 @@
 # Cloud Identity Devices
+- [Notes](#notes)
 - [API documentation](#api-documentation)
 - [Query documentation](#query-documentation)
 - [Definitions](#definitions)
@@ -20,6 +21,15 @@
 - [Display device user client state](#display-device-user-client-state)
 - [Update device user client state](#update-device-user-client-state)

+## Notes
+These commands use service account access with `admin_email` (if defined) from `gam.cfg` or
+the admin from `oauth2.txt` (specified in `gam oauth create`).
+
+Use `gam user user@domain.com update serviceaccount` and make sure that the following is specified:
+```
+[*] 17)  Cloud Identity Devices API (supports readonly)
+```
+
 ## API documentation
 * [Cloud Identity API - Devices](https://cloud.google.com/identity/docs/reference/rest/v1/devices)
 * [Cloud Identity API - Device Users](https://cloud.google.com/identity/docs/reference/rest/v1/devices.deviceUsers)
--- a/wiki/Downloads-Installs.md
+++ b/wiki/Downloads-Installs.md
@@ -2,6 +2,8 @@
 You can download and install the current GAM7 release from the [GitHub Releases](https://github.com/GAM-team/GAM/releases/latest) page.
 Choose one of the following:

+## Executable, Automatic
+
 * Executable Archive, Automatic, Linux/Mac OS/Google Cloud Shell/Raspberry Pi/ChromeOS
  - Start a terminal session and execute one of the following commands:
  - New install, default path `$HOME/bin`
@@ -16,6 +18,12 @@ Choose one of the following:
 By default, a folder, `gam7`, is created in the default or specified path and the files are downloaded into that folder.
 Add the `-s` option to the end of the above commands to suppress creating the `gam7` folder; the files are downloaded directly into the default or specified path.

+If, when executing one of the above commands, you get an error message stating that Python is not installed,
+go here [Python](https://www.python.org/downloads/) and download/install Python. When the installation is complete,
+start a new terminal session and reissue the command from above.
+
+## Executable, Manual
+
 * Executable Archive, Manual, Linux/Google Cloud Shell
  - `gam-7.wx.yz-linux-x86_64-glibc2.35.tar.xz`
  - `gam-7.wx.yz-linux-x86_64-glibc2.39.tar.xz`
@@ -65,6 +73,8 @@ Add the `-s` option to the end of the above commands to suppress creating the `g
  - Download the installer and run it.
  - Start a Command Prompt/PowerShell session.

+## Source
+
 * Source, all platforms
  - `Source code(zip)`
  - `Source code(tar.gz)`
--- a/wiki/GamUpdates.md
+++ b/wiki/GamUpdates.md
@@ -10,6 +10,81 @@ Add the `-s` option to the end of the above commands to suppress creating the `g

 See [Downloads-Installs-GAM7](https://github.com/GAM-team/GAM/wiki/Downloads-Installs) for Windows or other options, including manual installation

+### 7.07.11
+
+Updated `gam calendars <CalendarEntity> update events` and `gam <UserTypeEntity> update events <UserCalendarEntity>`
+to handle the following error:
+```
+ERROR: 400: badRequest - Bad Request
+```
+
+Updated `gam <UserTypeEntity> move drivefile` to handle the following error:
+```
+ERROR: 400: shareOutNotPermitted
+```
+
+### 7.07.10
+
+Updated `gam calendars <CalendarEntity> update events` and `gam <UserTypeEntity> update events <UserCalendarEntity>`
+to handle the following error:
+```
+ERROR: 400: eventTypeRestriction - Attendees cannot be added to 'fromGmail' event with this visibility setting.
+```
+
+### 7.07.09
+
+Updated `gam calendars <CalendarEntity> update events` and `gam <UserTypeEntity> update events <UserCalendarEntity>`
+to handle the following error:
+```
+gamlib.glgapi.serviceNotAvailable: Authentication backend unavailable.
+```
+
+### 7.07.08
+
+Fixed bug in `gam <UserTypeEntity> print filelist ... countsonly` that issued an
+incorrect warning message like the following when `redirect csv <FileName> multiprocess` was specified.
+```
+WARNING: csv_output_row_filter column "^name$" does not match any output columns
+```
+
+### 7.07.07
+
+Fixed bug in `gam report <ActivityApplictionName> ... countsonly eventrowfilter` that issued an
+incorrect warning message like the following when `redirect csv <FileName> multiprocess` was specified.
+```
+WARNING: csv_output_row_filter column "^doc_title$" does not match any output columns
+```
+
+### 7.07.06
+
+Added option `eventrowfilter` to `gam calendars <CalendarEntity> print events ... countsonly`
+and `gam <UserTypeEntity> print events <UserCalendarEntity> ... countsonly` that causes
+GAM to apply `config csv_output_row_filter` to the event details rather than the event counts.
+This will be useful when `<EventSelectProperty>` and `<EventMatchProperty>` do not have the
+capabilty to select the events of interest; e.g., you want to filter based on the event `created` property.
+
+Dropped the extraneous `id` column for `gam calendars <CalendarEntity> print events ... countsonly`
+and `gam <UserTypeEntity> print events <UserCalendarEntity> ... countsonly`.
+
+### 7.07.05
+
+Updated `gam <UserTypeEntity> move drivefile` to recognize the API error: `ERROR: 400: shareOutWarning`.
+
+### 7.07.04
+
+Updated `gam create vaultexport ... rooms <ChatSpaceList>` to strip `spaces/` from the Chat Space IDs.
+
+Updated `gam <UserTypeEntity> copy drivefile` to recognize the API error: `ERROR: 400: shareOutWarning`.
+
+### 7.07.03
+
+Updated `gam create vaultexport` to allow allow specifying a list of items in a search method
+with `shareddrives|rooms|sitesurl select <FileSelector>|<CSVFileSelector>`.
+
+### 7.07.02
+
+Fixed bug in `redirect csv ... transpose` where a CSV file with multiple rows was not properly transposed.
+
 ### 7.07.01

 Fixed bug in `gam print|show chromepolicies` that caused a trap. Made additional
--- a/wiki/Groups.md
+++ b/wiki/Groups.md
@@ -335,6 +335,11 @@ gam update group group@domain.com whoCanViewMembership ALL_MEMBERS_CAN_VIEW whoC
 Group: group@domain.com, Updated
 ```

+If you are entering a valid combination but an error message is returned, do the following and then re-issue your command.
+```
+gam update group group@domain.com whoCanViewMembership ALL_IN_DOMAIN_CAN_VIEW whoCanDiscoverGroup ALL_IN_DOMAIN_CAN_DISCOVER
+```
+
 ## Manage groups

 These commands allow you to create, update and delete groups.
--- a/wiki/How-to-Upgrade-Legacy-GAM-to-GAM7.md
+++ b/wiki/How-to-Upgrade-Legacy-GAM-to-GAM7.md
@@ -251,10 +251,10 @@ writes the credentials into the file oauth2.txt.
 admin@server:/Users/admin$ rm -f /Users/admin/GAMConfig/oauth2.txt
 admin@server:/Users/admin$ gam version
 WARNING: Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: /Users/admin/GAMConfig/oauth2.txt, Not Found
-GAM 7.07.01 - https://github.com/GAM-team/GAM - pyinstaller
+GAM 7.07.11 - https://github.com/GAM-team/GAM - pyinstaller
 GAM Team <google-apps-manager@googlegroups.com>
 Python 3.13.3 64-bit final
-MacOS Sequoia 15.4.1 x86_64
+MacOS Sequoia 15.5 x86_64
 Path: /Users/admin/bin/gam7
 Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com

@@ -989,7 +989,7 @@ writes the credentials into the file oauth2.txt.
 C:\>del C:\GAMConfig\oauth2.txt
 C:\>gam version
 WARNING: Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: C:\GAMConfig\oauth2.txt, Not Found
-GAM 7.07.01 - https://github.com/GAM-team/GAM - pythonsource
+GAM 7.07.11 - https://github.com/GAM-team/GAM - pythonsource
 GAM Team <google-apps-manager@googlegroups.com>
 Python 3.13.3 64-bit final
 Windows-10-10.0.17134 AMD64
--- a/wiki/Users-Calendars-Events.md
+++ b/wiki/Users-Calendars-Events.md
@@ -671,8 +671,9 @@ By default, Gam displays event details, use `countsonly` to display only the num

 ```
 gam <UserTypeEntity> print events <UserCalendarEntity> [<EventEntity>] <EventDisplayProperty>*
-         [fields <EventFieldNameList>] [showdayofweek]
-         [countsonly] [formatjson [quotechar <Character>]] [todrive <ToDriveAttribute>*]
+        [fields <EventFieldNameList>] [showdayofweek]
+        [countsonly]
+        [formatjson [quotechar <Character>]] [todrive <ToDriveAttribute>*]
 ```
 In `<EventEntity>`, any `<EventSelectProperty>` options must precede all other options.

@@ -688,6 +689,11 @@ By default, Gam displays the information as columns of fields; the following opt

 By default, Gam displays event details, use `countsonly` to display only the number of events. `formatjson` does not apply in this case.

+When `countsonly` is specified, the `eventrowfilter` option causes
+GAM to apply `config csv_output_row_filter` to the event details rather than the event counts.
+This will be useful when `<EventSelectProperty>` and `<EventMatchProperty>` do not have the
+capabilty to select the events of interest; e.g., you want to filter based on the event `created` property.
+
 By default, when writing CSV files, Gam uses a quote character of double quote `"`. The quote character is used to enclose columns that contain
 the quote character itself, the column delimiter (comma by default) and new-line characters. Any quote characters within the column are doubled.
 When using the `formatjson` option, double quotes are used extensively in the data resulting in hard to read/process output.
--- a/wiki/Users-Drive-Copy-Move.md
+++ b/wiki/Users-Drive-Copy-Move.md
@@ -18,6 +18,7 @@
 * [Drive API - Files](https://developers.google.com/drive/api/v3/reference/files)
 * [Move content to Shared Drives](https://support.google.com/a/answer/7374057)
 * [Shared Drive Limits](https://support.google.com/a/users/answer/7338880)
+* [Limited and Expansive Access](https://developers.google.com/workspace/drive/api/guides/limited-expansive-access)

 ## Definitions
 * [`<DriveFileEntity>`](Drive-File-Selection)
@@ -115,6 +116,7 @@ gam <UserTypeEntity> copy drivefile <DriveFileEntity>
        (mappermissionsdomain <DomainName> <DomainName>)*
        [sendemailifrequired [<Boolean>]]
        [verifyorganizer [<Boolean>]]
+        [enforceexpansiveaccess [<Boolean>]]
 ```
 The files/folders specified by `<DriveFileEntity>` are referred to as `source`, `target` refers to where those files are being copied.
 The files/folders specified by `<DriveFileEntity>` are referred to as `top`; when a folder is being copied recursively, the files/folders that it contains are referred as `sub`.
@@ -499,6 +501,7 @@ gam <UserTypeEntity> move drivefile <DriveFileEntity> [newfilename <DriveFileNam
        [retainsourcefolders [<Boolean>]]
        [sendemailifrequired [<Boolean>]]
        [verifyorganizer [<Boolean>]]
+        [enforceexpansiveaccess [<Boolean>]]
 ```
 The files/folders specified by `<DriveFileEntity>` are referred to as `source`, `target` refers to where those files are being moved.
 The files/folders specified by `<DriveFileEntity>` are referred to as `top`; when a folder is being moved, the files/folders that it contains are referred as `sub`.
--- a/wiki/Users-Drive-Files-Manage.md
+++ b/wiki/Users-Drive-Files-Manage.md
@@ -30,7 +30,7 @@
 * [Shared Drive Limits](https://support.google.com/a/users/answer/7338880)
 * [My Drive Shared Drive API differences](https://developers.google.com/drive/api/v3/shared-drives-diffs)
 * [Google Docs API](https://developers.google.com/docs/api/reference/rest)
-* [Limited Access](https://workspaceupdates.googleblog.com/2025/02/updating-access-experience-in-google-drive.html)
+* [Limited and Expansive Access](https://developers.google.com/workspace/drive/api/guides/limited-expansive-access)

 ## Definitions
 * [`<DriveFileEntity>`](Drive-File-Selection)
--- a/wiki/Users-Drive-Ownership.md
+++ b/wiki/Users-Drive-Ownership.md
@@ -7,6 +7,7 @@

 ## API documentation
 * [Drive API - Files](https://developers.google.com/drive/api/v3/reference/files)
+* [Limited and Expansive Access](https://developers.google.com/workspace/drive/api/guides/limited-expansive-access)

 ## Definitions
 * [`<DriveFileEntity>`](Drive-File-Selection)
@@ -60,6 +61,7 @@ Use [Users - Drive - Transfer](Users-Drive-Transfer) for more complex ownership
 ```
 gam <UserTypeEntity> transfer ownership <DriveFileEntity> <UserItem>
        [<DriveFileParentAttribute>] [includetrashed] [norecursion [<Boolean>]]
+        [enforceexpansiveaccess [<Boolean>]]
        (orderby <DriveOrderByFieldName> [ascending|descending])*
        [preview] [filepath] [pathdelimiter <Character>] [buildtree] [todrive <ToDriveAttribute>*]
 ```
@@ -99,6 +101,7 @@ gam <UserTypeEntity> claim ownership <DriveFileEntity>
        [skipids <DriveFileEntity>] [onlyusers|skipusers <UserTypeEntity>] [subdomains <DomainNameEntity>]
        [restricted [<Boolean>]] [writerscanshare|writerscantshare [<Boolean>]]
        [keepuser | (retainrole reader|commenter|writer|editor|none)] [noretentionmessages]
+        [enforceexpansiveaccess [<Boolean>]]
        (orderby <DriveOrderByFieldName> [ascending|descending])*
        [preview] [filepath] [pathdelimiter <Character>] [buildtree] [todrive <ToDriveAttribute>*]
 ```
--- a/wiki/Users-Drive-Permissions.md
+++ b/wiki/Users-Drive-Permissions.md
@@ -13,6 +13,7 @@
 ## API documentation
 * [Drive API - Permissions](https://developers.google.com/drive/api/v3/reference/permissions)
 * [Shortcuts](https://developers.google.com/drive/api/guides/shortcuts)
+* [Limited and Expansive Access](https://developers.google.com/workspace/drive/api/guides/limited-expansive-access)

 ## Definitions
 * [`<DriveFileEntity>`](Drive-File-Selection)
@@ -196,7 +197,7 @@ By default, when an ACL is created, GAM outputs details of the ACL as indented k
 ```
 gam <UserTypeEntity> update drivefileacl <DriveFileEntity> <DriveFilePermissionIDorEmail>
        (role <DriveFileACLRole>) [expiration <Time>] [removeexpiration [<Boolean>]]
-        [updatesheetprotectedranges [<Boolean>]]
+        [updatesheetprotectedranges [<Boolean>]] [enforceexpansiveaccess [<Boolean>]]
        [showtitles] [nodetails|(csv [todrive <ToDriveAttribute>*] [formatjson [quotechar <Character>]])]
 ```
 There is no change of parents when a new user is updated to be a file's owner.
@@ -222,7 +223,7 @@ By default, when an ACL is updated, GAM outputs details of the ACL as indented k
 ### Delete
 ```
 gam <UserTypeEntity> delete|del drivefileacl <DriveFileEntity> <DriveFilePermissionIDorEmail>
-        [updatesheetprotectedranges [<Boolean>]]
+        [updatesheetprotectedranges [<Boolean>]] [enforceexpansiveaccess [<Boolean>]]
        [showtitles]
 ```
 The option `updatesheetprotectedranges` only applies to items in `<DriveFileEntity>` that are Google Sheets.
@@ -262,6 +263,7 @@ When adding permissions from JSON data, permissions with `deleted` true are neve
 ```
 gam <UserTypeEntity> delete permissions <DriveFileEntity> <DriveFilePermissionIDEntity>
        <PermissionMatch>* [<PermissionMatchAction>]
+        [enforceexpansiveaccess [<Boolean>]]
 ```
 When deleting permissions from JSON data, permissions with role `owner` true are never processed.

--- a/wiki/Users-Drive-Transfer.md
+++ b/wiki/Users-Drive-Transfer.md
@@ -9,6 +9,7 @@
 * [Drive API - Files](https://developers.google.com/drive/api/v3/reference/files)
 * [Shortcuts](https://developers.google.com/drive/api/guides/shortcuts)
 * [Prepare account for transfer](https://support.google.com/a/answer/1247799)
+* [Limited and Expansive Access](https://developers.google.com/workspace/drive/api/guides/limited-expansive-access)

 ## Definitions
 * [`<DriveFileEntity>`](Drive-File-Selection)
@@ -47,6 +48,7 @@ gam <UserTypeEntity> transfer drive <UserItem> [select <DriveFileEntity>]
        [noretentionmessages]
        [nonowner_retainrole reader|commenter|writer|editor|contentmanager|fileorganizer|current|none]
        [nonowner_targetrole reader|commenter|writer|editor|contentmanager|fileorganizer|current|none|source]
+        [enforceexpansiveaccess [<Boolean>]]
        (orderby <DriveFileOrderByFieldName> [ascending|descending])*
        [preview] [todrive <ToDriveAttribute>*]
 ```
--- a/wiki/Users-Gmail-Messages-Threads.md
+++ b/wiki/Users-Gmail-Messages-Threads.md
@@ -179,7 +179,7 @@ This table and other suggestions came from:
        x400-trace
 <SMTPHeaderList> ::= "<SMTPDateHeader|SMTPHeader>(,<SMTPDateHeader|SMTPHeader>)*"

-<MessageID> ::= <String>
+<MessageID> ::= <String>  # This is the Google internal message ID, not the RFC822 message ID
 <MessageIDList> ::= "<MessageID>(,<MessageID>)*"
 <MessageIDEntity> ::=
        <MessageIDList> | <FileSelector> | <CSVkmdSelector> | <CSVDataSelector>
--- a/wiki/Vault-Takeout.md
+++ b/wiki/Vault-Takeout.md
@@ -36,6 +36,7 @@
 * https://support.google.com/vault/answer/2474474

 ## Definitions
+[Collections of Items](Collections-of-Items)
 ```
 <AttendeeStatus> ::= accepted|declined|needsaction|tentative
 <EmailItem> ::= <EmailAddress>|<UniqueID>|<String>
@@ -53,6 +54,8 @@
 <RESearchPattern> ::= <RegularExpression>
 <RESubstitution> ::= <String>>

+<ChatSpace> ::= spaces/<String> | space/<String> | <String>
+<ChatSpaceList> ::= "<ChatSpace>(,<ChatSpace>)*"
 <ExportItem> ::= <UniqueID>|<String>
 <ExportStatus> ::= completed|failed|inprogrsss
 <ExportStatusList> ::= "<ExportStatus>(,<ExportStatus>)*"
@@ -60,6 +63,9 @@
 <MatterItem> ::= <UniqueID>|<String>
 <MatterState> ::= open|closed|deleted
 <MatterStateList> ::= "<MatterState>(,<MatterState>)*"
+<SharedDriveID> ::= <String>
+<SharedDriveIDList> ::= "<SharedDriveID>(,<SharedDriveID>)*"
+<URL> ::= <String>
 <URLList> ::= "<URL>(,<URL>)*"

 <QueryVaultCorpus> ::= <String>
@@ -199,11 +205,25 @@ This command can be useful for discovering legacy former employee accounts which
 gam print vaultcounts [todrive <ToDriveAttributes>*]
        matter <MatterItem> corpus mail|groups
        (accounts <EmailAddressEntity>) | (orgunit|org|ou <OrgUnitPath>) | everyone
+        [(shareddrives|teamdrives (<TeamDriveIDList>|(select <FileSelector>|<CSVFileSelector>))) |
+            (rooms (<ChatSpaceList>|(select <FileSelector>|<CSVFileSelector>))) |
+            (sitesurl (<URLList>||(select <FileSelector>|<CSVFileSelector>)))]
        [scope <all_data|held_data|unprocessed_data>]
        [terms <String>] [start|starttime <Date>|<Time>] [end|endtime <Date>|<Time>] [timezone <TimeZone>]
        [excludedrafts <Boolean>]
        [wait <Integer>]
 ```
+Specify the search method, this is optional:
+* `accounts <EmailAddressEntity>` - Search all accounts specified in `<EmailAddressEntity>`
+* `orgunit|org|ou <OrgUnitPath>` - Search all accounts in the OU `<OrgUnitPath>`
+* `everyone` - Search for all accounts in the organization
+* `shareddrives|teamdrives <SharedDriveIDList>` - Search for all accounts in the Shared Drives specified in `<SharedDriveIDList>`
+* `shareddrives|teamdrives select <FileSelector>|<CSVFileSelector>` - Search for all accounts in the Shared Drives specified in `<FileSelector>|<CSVFileSelector>`
+* `rooms <ChatSpaceList>` - Search in the Room specified in the chat rooms specified in `<ChatSpaceList>`
+* `rooms <ChatSpaceList>` - Search in the Room specified in the chat rooms specified in `<FileSelector>|<CSVFileSelector>`
+* `sitesurl <URLList>` - Search the published site URLs of new Google Sites in `<URLList>`
+* `sitesurl <URLList>` - Search the published site URLs of new Google Sites specified in `<FileSelector>|<CSVFileSelector>`
+
 Check the status of a previous count operation with the name from a previous command.
 ```
 gam print vaultcounts [todrive <ToDriveAttributes>*]
@@ -216,7 +236,9 @@ Create a Google Vault export request.
 ```
 gam create vaultexport|export matter <MatterItem> [name <String>] corpus calendar|drive|gemini|groups|hangouts_chat|mail|voice
        (accounts <EmailAddressEntity>) | (orgunit|org|ou <OrgUnitPath>) | everyone
-        (shareddrives|teamdrives <SharedDriveIDList>) | (rooms <RoomList>) | (sitesurl <URLList>)
+        (shareddrives|teamdrives (<TeamDriveIDList>|(select <FileSelector>|<CSVFileSelector>))) |
+            (rooms (<ChatSpaceList>|(select <FileSelector>|<CSVFileSelector>))) |
+            (sitesurl (<URLList>||(select <FileSelector>|<CSVFileSelector>)))
        [scope all_data|held_data|unprocessed_data]
        [terms <String>] [start|starttime <Date>|<Time>] [end|endtime <Date>|<Time>] [timezone <TimeZone>]
        [locationquery <StringList>] [peoplequery <StringList>] [minuswords <StringList>]
@@ -250,8 +272,11 @@ Specify the search method, this option is required:
 * `orgunit|org|ou <OrgUnitPath>` - Search all accounts in the OU `<OrgUnitPath>`
 * `everyone` - Search for all accounts in the organization
 * `shareddrives|teamdrives <SharedDriveIDList>` - Search for all accounts in the Shared Drives specified in `<SharedDriveIDList>`
-* `rooms <RoomList>` - Search in the Room specified in the chat rooms specified in `<RoomList>`
-* `sitesurl <URLList>` - Search the published site URLs of new Google Sites
+* `shareddrives|teamdrives select <FileSelector>|<CSVFileSelector>` - Search for all accounts in the Shared Drives specified in `<FileSelector>|<CSVFileSelector>`
+* `rooms <ChatSpaceList>` - Search in the Room specified in the chat rooms specified in `<ChatSpaceList>`
+* `rooms <ChatSpaceList>` - Search in the Room specified in the chat rooms specified in `<FileSelector>|<CSVFileSelector>`
+* `sitesurl <URLList>` - Search the published site URLs of new Google Sites in `<URLList>`
+* `sitesurl <URLList>` - Search the published site URLs of new Google Sites specified in `<FileSelector>|<CSVFileSelector>`

 Specify the scope of data to include in the export:
 * `all_data` - All available data; this is the default
--- a/wiki/Version-and-Help.md
+++ b/wiki/Version-and-Help.md
@@ -1,14 +1,12 @@
-
-k
 # Version and Help

 Print the current version of Gam with details
 ```
 gam version
-GAM 7.07.01 - https://github.com/GAM-team/GAM - pyinstaller
+GAM 7.07.11 - https://github.com/GAM-team/GAM - pyinstaller
 GAM Team <google-apps-manager@googlegroups.com>
 Python 3.13.3 64-bit final
-MacOS Sequoia 15.4.1 x86_64
+MacOS Sequoia 15.5 x86_64
 Path: /Users/Admin/bin/gam7
 Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
 Time: 2023-06-02T21:10:00-07:00
@@ -17,10 +15,10 @@ Time: 2023-06-02T21:10:00-07:00
 Print the current version of Gam with details and time offset information
 ```
 gam version timeoffset
-GAM 7.07.01 - https://github.com/GAM-team/GAM - pyinstaller
+GAM 7.07.11 - https://github.com/GAM-team/GAM - pyinstaller
 GAM Team <google-apps-manager@googlegroups.com>
 Python 3.13.3 64-bit final
-MacOS Sequoia 15.4.1 x86_64
+MacOS Sequoia 15.5 x86_64
 Path: /Users/Admin/bin/gam7
 Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
 Your system time differs from www.googleapis.com by less than 1 second
@@ -29,10 +27,10 @@ Your system time differs from www.googleapis.com by less than 1 second
 Print the current version of Gam with extended details and SSL information
 ```
 gam version extended
-GAM 7.07.01 - https://github.com/GAM-team/GAM - pyinstaller
+GAM 7.07.11 - https://github.com/GAM-team/GAM - pyinstaller
 GAM Team <google-apps-manager@googlegroups.com>
 Python 3.13.3 64-bit final
-MacOS Sequoia 15.4.1 x86_64
+MacOS Sequoia 15.5 x86_64
 Path: /Users/Admin/bin/gam7
 Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
 Time: 2023-06-02T21:10:00-07:00
@@ -66,7 +64,7 @@ MacOS High Sierra 10.13.6 x86_64
 Path: /Users/Admin/bin/gam7
 Version Check:
  Current: 5.35.08
-   Latest: 7.07.01
+   Latest: 7.07.11
 echo $?
 1
 ```
@@ -74,7 +72,7 @@ echo $?
 Print the current version number without details
 ```
 gam version simple
-7.07.01
+7.07.11
 ```
 In Linux/MacOS you can do:
 ```
@@ -84,10 +82,10 @@ echo $VER
 Print the current version of Gam and address of this Wiki
 ```
 gam help
-GAM 7.07.01 - https://github.com/GAM-team/GAM
+GAM 7.07.11 - https://github.com/GAM-team/GAM
 GAM Team <google-apps-manager@googlegroups.com>
 Python 3.13.3 64-bit final
-MacOS Sequoia 15.4.1 x86_64
+MacOS Sequoia 15.5 x86_64
 Path: /Users/Admin/bin/gam7
 Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
 Time: 2023-06-02T21:10:00-07:00
--- a/wiki/gam.cfg.md
+++ b/wiki/gam.cfg.md
@@ -287,7 +287,7 @@ csv_output_users_audit
        Default: False
 customer_id
        Google Customer ID
-        Default: Blank
+        Default: my_customer
        Environment variable: CUSTOMER_ID
 debug_level
        If debug_level > 0, turn on API debugging output.
@@ -321,7 +321,7 @@ drive_v3_native_names
 email_batch_size
        When archiving, printing, showing, trashing, untrashing, marking as spam Gmail messages.
        how many should be processed in each batch
-        Default: 100
+        Default: 50
        Range: 1 - 100
 enable_dasa
        Enable/disable Delegated Admin Service Account API Access
@@ -384,7 +384,7 @@ message_batch_size
 message_max_results
        When retrieving lists of Gmail messages from API,
        how many should be retrieved in each API call
-        Default: 1000
+        Default: 500
        Range: 1 - 10000
 mobile_max_results
        When retrieving lists of Mobile devices from API,
@@ -416,8 +416,10 @@ no_short_urls
        the shortened URL redirects to the long URL.
        When True, the long scopes URLs in `gam oauth create` and
        `gam <UserTypeEntity> check|update serviceaccount` will be used as is.
+        Default: True
 no_verify_ssl
        Disable SSL certificate validation
+        Default: False
 num_tbatch_threads
        Number of threads for gam tbatch
        Default: 2