From 04e13ecb77dcb861ecd8a7c6e887d99aee2a95fb Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Fri, 21 Apr 2023 16:00:21 -0400 Subject: [PATCH] Fix tracker --- .openpublishing.redirection.json | 2 +- ...e-active-directory-integration-with-mdm.md | 2 +- .../images/{copy-to.PNG => copy-to.png} | Bin .../images/{slmgr_dlv.png => slmgr-dlv.png} | Bin .../images/{WinVer.PNG => winver.png} | Bin ...e-device-installation-with-group-policy.md | 56 +++++++++--------- .../client-tools/windows-version-search.md | 10 ++-- .../device-update-management.md | 45 +++++++------- windows/client-management/docfx.json | 12 +++- .../enable-admx-backed-policies-in-mdm.md | 3 - ...device-automatically-using-group-policy.md | 4 +- .../images/azure-ad-device-list.png | Bin 84823 -> 0 bytes ...-in-your-organization-modern-management.md | 2 +- .../mdm-diagnose-enrollment.md | 22 ++++--- windows/client-management/mdm-known-issues.md | 2 +- ...-scripting-with-the-wmi-bridge-provider.md | 14 ++--- ...and-centennial-app-policy-configuration.md | 2 +- 17 files changed, 87 insertions(+), 89 deletions(-) rename windows/client-management/client-tools/images/{copy-to.PNG => copy-to.png} (100%) rename windows/client-management/client-tools/images/{slmgr_dlv.png => slmgr-dlv.png} (100%) rename windows/client-management/client-tools/images/{WinVer.PNG => winver.png} (100%) delete mode 100644 windows/client-management/images/azure-ad-device-list.png diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 70c9214e97..ab57f2990f 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -20826,4 +20826,4 @@ "redirect_document_id": false } ] -} \ No newline at end of file +} diff --git a/windows/client-management/azure-active-directory-integration-with-mdm.md b/windows/client-management/azure-active-directory-integration-with-mdm.md index 20a3fc0b42..6fba3ba595 100644 --- a/windows/client-management/azure-active-directory-integration-with-mdm.md +++ b/windows/client-management/azure-active-directory-integration-with-mdm.md @@ -67,7 +67,7 @@ To support Azure AD enrollment, MDM vendors must host and expose a **Terms of Us The following diagram illustrates the high-level flow involved in the actual enrollment process. The device is first registered with Azure AD. This process assigns a unique device identifier to the device and presents the device with the ability to authenticate itself with Azure AD (device authentication). Then, the device is enrolled for management with the MDM. This step calls the enrollment endpoint and requests enrollment for the user and device. At this point, the user has been authenticated and device has been registered and authenticated with Azure AD. This information is available to the MDM in the form of claims within an access token presented at the enrollment endpoint. - ![azure ad enrollment flow.](images/azure-ad-enrollment-flow.png) + [![azure ad enrollment flow](images/azure-ad-enrollment-flow.png)](images/azure-ad-enrollment-flow.png#lightbox) The MDM is expected to use this information about the device (Device ID) when reporting device compliance back to Azure AD using the [Microsoft Graph API](/azure/active-directory/develop/active-directory-graph-api). A sample for reporting device compliance is provided later in this article. diff --git a/windows/client-management/client-tools/images/copy-to.PNG b/windows/client-management/client-tools/images/copy-to.png similarity index 100% rename from windows/client-management/client-tools/images/copy-to.PNG rename to windows/client-management/client-tools/images/copy-to.png diff --git a/windows/client-management/client-tools/images/slmgr_dlv.png b/windows/client-management/client-tools/images/slmgr-dlv.png similarity index 100% rename from windows/client-management/client-tools/images/slmgr_dlv.png rename to windows/client-management/client-tools/images/slmgr-dlv.png diff --git a/windows/client-management/client-tools/images/WinVer.PNG b/windows/client-management/client-tools/images/winver.png similarity index 100% rename from windows/client-management/client-tools/images/WinVer.PNG rename to windows/client-management/client-tools/images/winver.png diff --git a/windows/client-management/client-tools/manage-device-installation-with-group-policy.md b/windows/client-management/client-tools/manage-device-installation-with-group-policy.md index 71760bdd78..d936efcee7 100644 --- a/windows/client-management/client-tools/manage-device-installation-with-group-policy.md +++ b/windows/client-management/client-tools/manage-device-installation-with-group-policy.md @@ -4,7 +4,7 @@ description: Find out how to manage Device Installation Restrictions with Group ms.prod: windows-client author: vinaypamnani-msft ms.date: 09/14/2021 -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -62,7 +62,7 @@ You can ensure that users install only those devices that your technical support ## Scenario Overview -The scenarios presented in this guide illustrate how you can control device installation and usage on the computers that you manage. The scenarios use Group Policy on a local machine to simplify using the procedures in a lab environment. In an environment where you manage multiple client computers, you should apply these settings using Group Policy.. With Group Policy deployed by Active Directory, you can apply settings to all computers that are members of a domain or an organizational unit in a domain. For more information about how to use Group Policy to manage your client computers, see Group Policy at the Microsoft Web site. +The scenarios presented in this guide illustrate how you can control device installation and usage on the computers that you manage. The scenarios use Group Policy on a local machine to simplify using the procedures in a lab environment. In an environment where you manage multiple client computers, you should apply these settings using Group Policy. With Group Policy deployed by Active Directory, you can apply settings to all computers that are members of a domain or an organizational unit in a domain. For more information about how to use Group Policy to manage your client computers, see Group Policy at the Microsoft Web site. Group Policy guides: @@ -83,7 +83,7 @@ In this scenario, you'll combine what you learned from both scenario #1 and scen ### Scenario #4: Prevent installation of a specific USB device -This scenario, although similar to scenario #2, brings another layer of complexity - how does device connectivity work in the PnP tree. The administrator wants to prevent standard users from installing a specific USB device. By the end of the scenario, you should understand the way devices are nested in layers under the PnP device connectivity tree. +This scenario, although similar to scenario #2, brings another layer of complexity—how does device connectivity work in the PnP tree. The administrator wants to prevent standard users from installing a specific USB device. By the end of the scenario, you should understand the way devices are nested in layers under the PnP device connectivity tree. ### Scenario #5: Prevent installation of all USB devices while allowing an installation of only an authorized USB thumb drive @@ -95,7 +95,7 @@ The following sections provide a brief overview of the core technologies discuss ### Device Installation in Windows -A device is a piece of hardware with which Windows interacts to perform some function, or in a more technical definition - it's a single instance of a hardware component with a unique representation in the Windows Plug and Play subsystem. Windows can communicate with a device only through a piece of software called a device-driver (also known as a _driver_). To install a driver, Windows detects the device, recognizes its type, and then finds the driver that matches that type. +A device is a piece of hardware with which Windows interacts to perform some function, or in a more technical definition—it's a single instance of a hardware component with a unique representation in the Windows Plug and Play subsystem. Windows can communicate with a device only through a piece of software called a device-driver (also known as a _driver_). To install a driver, Windows detects the device, recognizes its type, and then finds the driver that matches that type. When Windows detects a device that has never been installed on the computer, the operating system queries the device to retrieve its list of device identification strings. A device usually has multiple device identification strings, which the device manufacturer assigns. The same device identification strings are included in the .inf file (also known as an _INF_) that is part of the driver package. Windows chooses which driver package to install by matching the device identification strings retrieved from the device to those strings included with the driver packages. @@ -260,7 +260,7 @@ To find device identification strings using Device Manager !['Details' tab.](images/device-installation-dm-printer-details-screen.png)
_Open the 'Details' tab to look for the device identifiers_ -1. From the 'Value' window, copy the most detailed Hardware ID - we'll use this value in the policies. +1. From the 'Value' window, copy the most detailed Hardware ID—we'll use this value in the policies. ![HWID.](images/device-installation-dm-printer-hardware-ids.png) @@ -351,25 +351,25 @@ Creating the policy to prevent all printers from being installed: 1. In the lower left side, in the 'Options' window, click the 'Show...' box. This option will take you to a table where you can enter the class identifier to block. -1. Enter the printer class GUID you found above with the curly braces (this convention is important! Otherwise, it won't work): {4d36e979-e325-11ce-bfc1-08002be10318} +1. Enter the printer class GUID you found above with the curly braces: `{4d36e979-e325-11ce-bfc1-08002be10318}`. ![List of prevent Class GUIDs.](images/device-installation-gpo-prevent-class-list.png)
_List of prevent Class GUIDs_ 1. Click 'OK'. -1. Click 'Apply' on the bottom right of the policy's window - this option pushes the policy and blocks all future printer installations, but doesn't apply to existing installs. +1. Click 'Apply' on the bottom right of the policy's window—this option pushes the policy and blocks all future printer installations, but doesn't apply to existing installs. -1. Optional - if you would like to apply the policy to existing installs: Open the **Prevent installation of devices using drivers that match these device setup classes** policy again; in the 'Options' window mark the checkbox that says 'also apply to matching devices that are already installed' +1. Optional—if you would like to apply the policy to existing installs: Open the **Prevent installation of devices using drivers that match these device setup classes** policy again; in the 'Options' window mark the checkbox that says 'also apply to matching devices that are already installed' > [!IMPORTANT] > Using a Prevent policy (like the one we used in scenario #1 above) and applying it to all previously installed devices (see step #9) could render crucial devices unusable; hence, use with caution. For example: If an IT admin wants to prevent all removable storage devices from being installed on the machine, using 'Disk Drive' class for blocking and applying it retroactive could render the internal hard-drive unusable and to break the machine. ### Testing the scenario -1. If you haven't completed step #9 - follow these steps: +1. If you haven't completed step #9, follow these steps: 1. Uninstall your printer: Device Manager > Printers > right click the Canon Printer > click "Uninstall device". - 1. For USB printer - unplug and plug back the cable; for network device - make a search for the printer in the Windows Settings app. + 1. For USB printer—unplug and plug back the cable; for network device—make a search for the printer in the Windows Settings app. 1. You shouldn't be able to reinstall the printer. 1. If you completed step #9 above and restarted the machine, look for your printer under Device Manager or the Windows Settings app and see that it's no-longer available for you to use. @@ -390,17 +390,17 @@ Setting up the environment for the scenario with the following steps: Getting the right device identifier to prevent it from being installed: -1. Get your printer's Hardware ID - in this example we'll use the identifier we found previously +1. Get your printer's Hardware ID. In this example we'll use the identifier we found previously. ![Printer Hardware ID identifier.](images/device-installation-dm-printer-hardware-ids.png)
_Printer Hardware ID_ -1. Write down the device ID (in this case Hardware ID) - WSDPRINT\CanonMX920_seriesC1A0; Take the more specific identifier to make sure you block a specific printer and not a family of printers +1. Write down the device ID (in this case Hardware ID): `WSDPRINT\CanonMX920_seriesC1A0;`. Take the more specific identifier to make sure you block a specific printer and not a family of printers Creating the policy to prevent a single printer from being installed: -1. Open Group Policy Object Editor - either click the Start button, type mmc gpedit.msc in the Start Search box, and then press ENTER; or type in the Windows search "Group Policy Editor" and open the UI. +1. Open Group Policy Object Editor. -1. Navigate to the Device Installation Restriction page: +1. Navigate to the Device Installation Restriction page: > Computer Configuration > Administrative Templates > System > Device Installation > Device Installation Restrictions @@ -408,7 +408,7 @@ Creating the policy to prevent a single printer from being installed: 1. In the lower left side, in the 'Options' window, click the 'Show...' box. This option will take you to a table where you can enter the device identifier to block. -1. Enter the printer device ID you found above - WSDPRINT\CanonMX920_seriesC1A0 +1. Enter the printer device ID you found above: `WSDPRINT\CanonMX920_seriesC1A0`. ![Prevent Device ID list.](images/device-installation-gpo-prevent-device-id-list-printer.png)
_Prevent Device ID list_ @@ -416,7 +416,7 @@ Creating the policy to prevent a single printer from being installed: 1. Click 'Apply' on the bottom right of the policy's window. This option pushes the policy and blocks the target printer in future installations, but doesn't apply to an existing install. -1. Optional - if you would like to apply the policy to an existing install: Open the **Prevent installation of devices that match any of these device IDs** policy again; in the 'Options' window mark the checkbox that says 'also apply to matching devices that are already installed'. +1. Optionally, if you would like to apply the policy to an existing install, open the **Prevent installation of devices that match any of these device IDs** policy again. In the 'Options' window, mark the checkbox that says 'Also apply to matching devices that are already installed'. ### Testing the scenario @@ -426,7 +426,7 @@ If you haven't completed step #8, follow these steps: 1. Uninstall your printer: Device Manager > Printers > right click the Canon Printer > click "Uninstall device". -1. For USB printer - unplug and plug back the cable; for network device - make a search for the printer in the Windows Settings app. +1. For USB printer, unplug and plug back the cable; for network device, make a search for the printer in the Windows Settings app. 1. You shouldn't be able to reinstall the printer. @@ -457,7 +457,7 @@ First create a 'Prevent Class' policy and then create 'Allow Device' one: 1. Open Group Policy Object Editor - either click the Start button, type mmc gpedit.msc in the Start Search box, and then press ENTER; or type in the Windows search "Group Policy Editor" and open the UI. -1. Navigate to the Device Installation Restriction page: +1. Navigate to the Device Installation Restriction page: > Computer Configuration > Administrative Templates > System > Device Installation > Device Installation Restrictions @@ -477,11 +477,11 @@ First create a 'Prevent Class' policy and then create 'Allow Device' one: 1. To complete the coverage of all future and existing printers - Open the **Prevent installation of devices using drivers that match these device setup classes** policy again; in the 'Options' window mark the checkbox that says 'also apply to matching devices that are already installed' and click 'OK' -1. Open the **Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria** policy and enable it - this policy will enable you to override the wide coverage of the 'Prevent' policy with a specific device. +1. Open the **Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria** policy and enable it—this policy will enable you to override the wide coverage of the 'Prevent' policy with a specific device. ![Image of Local Group Policy Editor that shows the policies under "Device Installation Restrictions" and the policy named in this step.](images/device-installation-apply-layered_policy-1.png) - ![Image that shows the current settings of the policy named in this step, "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria.".](images/device-installation-apply-layered-policy-2.png)
_Apply layered order of evaluation policy_ + [![Image that shows the current settings of the policy named in this step, "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria.](images/device-installation-apply-layered-policy-2.png)](images/device-installation-apply-layered-policy-2.png#lightbox)
_Apply layered order of evaluation policy_ 1. Now Open **Allow installation of devices that match any of these device IDs** policy and select the 'Enable' radio button. @@ -522,7 +522,7 @@ Getting the right device identifier to prevent it from being installed and its l 1. Open Device Manager 1. Find the USB thumb-drive and select it. - + ![Selecting the usb thumb-drive in Device Manager.](images/device-installation-dm-usb-by-device.png)
_Selecting the usb thumb-drive in Device Manager_ 1. Change View (in the top menu) to 'Devices by connections'. This view represents the way devices are installed in the PnP tree. @@ -531,20 +531,20 @@ Getting the right device identifier to prevent it from being installed and its l > [!NOTE] > When blocking\Preventing a device that sits higher in the PnP tree, all the devices that sit under it will be blocked. For example: Preventing a "Generic USB Hub" from being installed, all the devices that lay below a "Generic USB Hub" will be blocked. - + ![Blocking nested devices from the root.](images/device-installation-dm-usb-by-connection-blocked.png)
_When blocking one device, all the devices that are nested below it will be blocked as well_ 1. Double-click the USB thumb-drive and move to the 'Details' tab. 1. From the 'Value' window, copy the most detailed Hardware ID-we'll use this value in the policies. In this case Device ID = USBSTOR\DiskGeneric_Flash_Disk______8.07 - + ![USB device hardware IDs.](images/device-installation-dm-usb-hwid.png)
_USB device hardware IDs_ Creating the policy to prevent a single USB thumb-drive from being installed: 1. Open Group Policy Object Editor - either click the Start button, type mmc gpedit.msc in the Start Search box, and then press ENTER; or type in the Windows search "Group Policy Editor" and open the UI. -1. Navigate to the Device Installation Restriction page: +1. Navigate to the Device Installation Restriction page: > Computer Configuration > Administrative Templates > System > Device Installation > Device Installation Restrictions @@ -553,7 +553,7 @@ Creating the policy to prevent a single USB thumb-drive from being installed: 1. In the lower left side, in the 'Options' window, click the 'Show' box. This option will take you to a table where you can enter the device identifier to block. 1. Enter the USB thumb-drive device ID you found above - USBSTOR\DiskGeneric_Flash_Disk______8.07 - + ![Prevent Device IDs list.](images/device-installation-gpo-prevent-device-id-list-usb.png)
_Prevent Device IDs list_ 1. Click 'OK'. @@ -608,7 +608,7 @@ As mentioned in scenario #4, it's not enough to enable only a single hardware ID - "Intel(R) USB 3.0 eXtensible Host Controller - 1.0 (Microsoft)" -> PCI\CC_0C03 - "USB Root Hub (USB 3.0)" -> USB\ROOT_HUB30 - "Generic USB Hub" -> USB\USB20_HUB - + ![USB devices nested in the PnP tree.](images/device-installation-dm-usb-by-connection-layering.png)
_USB devices nested under each other in the PnP tree_ These devices are internal devices on the machine that define the USB port connection to the outside world. Enabling them shouldn't enable any external/peripheral device from being installed on the machine. @@ -628,7 +628,7 @@ First create a 'Prevent Class' policy and then create 'Allow Device' one: 1. Open Group Policy Object Editor - either click the Start button, type mmc gpedit.msc in the Start Search box, and then press ENTER; or type in the Windows search "Group Policy Editor" and open the UI. -1. Navigate to the Device Installation Restriction page: +1. Navigate to the Device Installation Restriction page: > Computer Configuration > Administrative Templates > System > Device Installation > Device Installation Restrictions @@ -641,7 +641,7 @@ First create a 'Prevent Class' policy and then create 'Allow Device' one: 1. Enter both USB classes GUID you found above with the curly braces: > {36fc9e60-c465-11cf-8056-444553540000}/ - > {88BAE032-5A81-49f0-BC3D-A4FF138216D6} + > {88BAE032-5A81-49f0-BC3D-A4FF138216D6} 1. Click 'OK'. diff --git a/windows/client-management/client-tools/windows-version-search.md b/windows/client-management/client-tools/windows-version-search.md index e7316b19c0..42f0454fa7 100644 --- a/windows/client-management/client-tools/windows-version-search.md +++ b/windows/client-management/client-tools/windows-version-search.md @@ -26,7 +26,7 @@ To determine if your device is enrolled in the Long-Term Servicing Channel or th Select **Start** > **Settings** > **System**, then select **About**. You'll then see **Edition**, **Version**, and **OS Build** information. -![screenshot of the system properties window for a device running Windows 10.](images/systemcollage.png) +:::image type="content" source="images/systemcollage.png" alt-text="screenshot of the system properties window for a device running Windows 10."::: ## Using Keyword Search @@ -34,11 +34,11 @@ You can type the following in the search bar and press **ENTER** to see version - **"winver"**: - ![screenshot of the About Windows display text.](images/winver.png) + :::image type="content" source="images/winver.png" alt-text="screenshot of the About Windows display text."::: - **"msinfo"** or **"msinfo32"** to open **System Information**: - ![screenshot of the System Information display text.](images/msinfo32.png) + :::image type="content" source="images/msinfo32.png" alt-text="screenshot of the System Information display text."::: > [!TIP] > You can also use `winver` or `msinfo32` commands at the command prompt. @@ -47,8 +47,8 @@ You can type the following in the search bar and press **ENTER** to see version - At the PowerShell or Command Prompt, type `systeminfo | findstr /B /C:"OS Name" /B /C:"OS Version"` and then press **ENTER** - ![screenshot of system information display text.](images/refcmd.png) + :::image type="content" source="images/refcmd.png" alt-text="screenshot of system information display text."::: - At the PowerShell or Command Prompt, type `slmgr /dlv`, and then press ENTER. The /dlv command displays the detailed licensing information. Notice the output displays "EnterpriseS" as seen in the image below: - ![screenshot of software licensing manager.](images/slmgr_dlv.png) + :::image type="content" source="images/slmgr-dlv.png" alt-text="screenshot of software licensing manager."::: diff --git a/windows/client-management/device-update-management.md b/windows/client-management/device-update-management.md index 06053d6ba5..9680e7249e 100644 --- a/windows/client-management/device-update-management.md +++ b/windows/client-management/device-update-management.md @@ -41,7 +41,7 @@ This article provides independent software vendors (ISV) with the information th The following diagram provides a conceptual overview of how this works: -![mobile device update management.](images/mdm-update-sync.png) +:::image type="content" source="images/mdm-update-sync.png" alt-text="mobile device update management."::: The diagram can be roughly divided into three areas: @@ -69,7 +69,7 @@ Some important highlights: - For mobile devices, you can sync metadata for a particular update by calling GetUpdateData. Or, for a local on-premises solution, you can use Windows Server Update Services (WSUS) and manually import the mobile updates from the Microsoft Update Catalog site. For more information, see [Process flow diagram and screenshots of server sync process](#process-flow-diagram-and-screenshots-of-server-sync-process). > [!NOTE] -> On Microsoft Update, metadata for a given update gets modified over time (updating descriptive information, fixing bugs in applicability rules, localization changes, and so on). Each time such a change is made that doesn't affect the update itself, a new update revision is created. The identity of an update revision is a compound key containing both an UpdateID (GUID) and a RevisionNumber (int). The MDM should not expose the notion of an update revision to IT. Instead, for each UpdateID (GUID) the MDM should just keep the metadata for the later revision of that update (the one with the highest revision number). +> Over time, Microsoft Update modifies metadata for a given update, for example, by updating descriptive information, fixing bugs in applicability rules, making localization changes, and so on. Each time a change occurs that doesn't affect the update itself, a new update revision is created. An UpdateID (GUID) and a RevisionNumber (int) compounds to comprise an identity key for an update revision. The MDM doesn't present an update revision to IT. Instead, for each UpdateID (GUID) the MDM keeps the metadata for the later revision of that update, which is the one with the highest revision number. ### Examples of update metadata XML structure and element descriptions @@ -77,15 +77,15 @@ The response of the GetUpdateData call returns an array of ServerSyncUpdateData - **UpdateID** - The unique identifier for an update - **RevisionNumber** - Revision number for the update in case the update was modified. -- **CreationDate** - the date on which this update was created. +- **CreationDate** - The date on which this update was created. - **UpdateType** - The type of update, which could include the following: - - **Detectoid** - if this update identity represents a compatibility logic + - **Detectoid** - If this update identity represents a compatibility logic - **Category** - This element could represent either of the following: - A Product category the update belongs to. For example, Windows, MS office, and so on. - The classification the update belongs to. For example, drivers, security, and so on. - **Software** - If the update is a software update. - - **Driver** - if the update is a driver update. -- **LocalizedProperties** - represents the language the update is available in, title and description of the update. It has the following fields: + - **Driver** - If the update is a driver update. +- **LocalizedProperties** - Represents the language the update is available in, title and description of the update. It has the following fields: - **Language** - The language code identifier (LCID). For example, en or es. - **Title** - Title of the update. For example, "Windows SharePoint Services 3.0 Service Pack 3 x64 Edition (KB2526305)" - **Description** - Description of the update. For example, "Windows SharePoint Services 3.0 Service Pack 3 (KB2526305) provides the latest updates to Windows SharePoint Services 3.0. After you install this item, you may have to restart your computer. After you've installed this item, it can't be removed." @@ -106,10 +106,9 @@ The following procedure describes a basic algorithm for a metadata sync service: 1. Create an empty list of "needed update IDs to fault in". This list will get updated by the MDM service component that uses OMA DM. We recommend not adding definition updates to this list, since they're temporary. For example, Defender can release new definition updates many times per day, each of which is cumulative. 1. Sync periodically (we recommend once every 2 hours - no more than once/hour). 1. Implement the authorization phase of the protocol to get a cookie if you don't already have a non-expired cookie. See **Sample 1: Authorization** in [Protocol Examples](/openspecs/windows_protocols/ms-wsusss/2dedbd00-fbb7-46ee-8ee0-aec9bd1ecd2a). - 1. Implement the metadata portion of the protocol (see **Sample 2: Metadata and Deployments Synchronization** in [Protocol Examples](/openspecs/windows_protocols/ms-wsusss/2dedbd00-fbb7-46ee-8ee0-aec9bd1ecd2a)), and: - - Call GetUpdateData for all updates in the "needed update IDs to fault in" list if the update metadata hasn't already been pulled into the DB. - - If the update is a newer revision of an existing update (same UpdateID, higher revision number), replace the previous update metadata with the new one. - - Remove updates from the "needed update IDs to fault in" list once they've been brought in. + 1. Implement the metadata portion of the protocol. See **Sample 2: Metadata and Deployments Synchronization** in [Protocol Examples](/openspecs/windows_protocols/ms-wsusss/2dedbd00-fbb7-46ee-8ee0-aec9bd1ecd2a)), and call GetUpdateData for all updates in the "needed update IDs to fault in" list if the update metadata hasn't already been pulled into the DB. + - If the update is a newer revision of an existing update (same UpdateID, higher revision number), replace the previous update metadata with the new one. + - Remove updates from the "needed update IDs to fault in" list once they've been brought in. These steps get information about the set of Microsoft Updates that IT needs to manage, so the information can be used in various update management scenarios. For example, at update approval time, you can get information so IT can see what updates they're approving. Or, for compliance reports to see what updates are needed but not yet installed. @@ -118,15 +117,15 @@ These steps get information about the set of Microsoft Updates that IT needs to An MDM can manage updates via OMA DM. The details of how to use and integrate an MDM with the Windows OMA DM protocol, and how to enroll devices for MDM management, is documented in [Mobile device management](mobile-device-enrollment.md). This section focuses on how to extend that integration to support update management. The key aspects of update management include the following information: - Configure automatic update policies to ensure devices stay up to date. -- Get device compliance information (the list of updates that are needed but not yet installed) +- Get device compliance information (the list of updates that are needed but not yet installed). - Specify a per-device update approval list. The list makes sure devices only install updates that are approved and tested. -- Approve EULAs for the end user so update deployment can be automated, even for updates with EULAs +- Approve EULAs for the end user so update deployment can be automated, even for updates with EULAs. The following list describes a suggested model for applying updates. 1. Have a "Test Group" and an "All Group". -1. In the Test group, just let all updates flow. -1. In the All Group, set up Quality Update deferral for seven days. Then, Quality Updates will be auto approved after the seven days. Definition Updates are excluded from Quality Update deferrals, and will be auto approved when they're available. This schedule can be done by setting Update/DeferQualityUpdatesPeriodInDays to seven, and just letting updates flow after seven days or pushing Pause if any issues. +1. In the Test group, let all updates flow. +1. In the All Group, set the Quality Update deferral for seven days, and then, Quality Updates are auto approved after seven days. Quality Update deferrals exclude Definition Updates, so Definition Updates automatically are approved when they're available. Match the schedule for Definition Updates with the Quality Update deferral schedule by setting Update/DeferQualityUpdatesPeriodInDays to seven. Let updates flow after seven days or by pausing if any issues occur. Updates are configured using the [Update Policy CSP](mdm/policy-csp-update.md). @@ -134,9 +133,9 @@ Updates are configured using the [Update Policy CSP](mdm/policy-csp-update.md). The following screenshots of the administrator console show the list of update titles, approval status, and additional metadata fields. -![mdm update management screenshot.](images/deviceupdatescreenshot1.png) +:::image type="content" source="images/deviceupdatescreenshot1.png" alt-text="mdm update management screenshot."::: -![mdm update management metadata screenshot.](images/deviceupdatescreenshot2.png) +:::image type="content" source="images/deviceupdatescreenshot2.png" alt-text="mdm update management metadata screenshot."::: ### SyncML example @@ -189,19 +188,19 @@ Set auto update to notify and defer. The following diagram and screenshots show the process flow of the device update process using Windows Server Update Services and Microsoft Update Catalog. -![mdm device update management screenshot3.](images/deviceupdatescreenshot3.png) +:::image type="content" source="images/deviceupdatescreenshot3.png" alt-text="mdm device update management screenshot3."::: -![mdm device update management screenshot4](images/deviceupdatescreenshot4.png) +:::image type="content" source="images/deviceupdatescreenshot4.png" alt-text="mdm device update management screenshot4"::: -![mdm device update management screenshot5](images/deviceupdatescreenshot5.png) +:::image type="content" source="images/deviceupdatescreenshot5.png" alt-text="mdm device update management screenshot5"::: -![mdm device update management screenshot6](images/deviceupdatescreenshot6.png) +:::image type="content" source="images/deviceupdatescreenshot6.png" alt-text="mdm device update management screenshot6"::: -![mdm device update management screenshot7](images/deviceupdatescreenshot7.png) +:::image type="content" source="images/deviceupdatescreenshot7.png" alt-text="mdm device update management screenshot7"::: -![mdm device update management screenshot8](images/deviceupdatescreenshot8.png) +:::image type="content" source="images/deviceupdatescreenshot8.png" alt-text="mdm device update management screenshot8"::: -![mdm device update management screenshot9](images/deviceupdatescreenshot9.png) +:::image type="content" source="images/deviceupdatescreenshot9.png" alt-text="mdm device update management screenshot9"::: ## Related articles diff --git a/windows/client-management/docfx.json b/windows/client-management/docfx.json index c90a4dfc5f..1aecb97d90 100644 --- a/windows/client-management/docfx.json +++ b/windows/client-management/docfx.json @@ -62,13 +62,19 @@ "jborsecnik", "tiburd", "garycentric", - "beccarobins" + "beccarobins", + "american-dipper", + "angelamotherofdragons", + "v-stsavell", + "stacyrch140" ], - "searchScope": ["Windows 10"] + "searchScope": [ + "Windows 10" + ] }, "fileMetadata": {}, "template": [], "dest": "win-client-management", "markdownEngineName": "markdig" } -} +} \ No newline at end of file diff --git a/windows/client-management/enable-admx-backed-policies-in-mdm.md b/windows/client-management/enable-admx-backed-policies-in-mdm.md index 03f598f6ae..c60b1439b5 100644 --- a/windows/client-management/enable-admx-backed-policies-in-mdm.md +++ b/windows/client-management/enable-admx-backed-policies-in-mdm.md @@ -28,9 +28,6 @@ Summary of steps to enable a policy: See [Support Tip: Ingesting Office ADMX policies using Microsoft Intune](https://techcommunity.microsoft.com/t5/Intune-Customer-Success/Support-Tip-Ingesting-Office-ADMX-Backed-policies-using/ba-p/354824) and [Deploying ADMX policies using Microsoft Intune](/archive/blogs/senthilkumar/intune-deploying-admx-backed-policies-using-microsoft-intune) for a walk-through using Intune. - - - ## Enable a policy > [!NOTE] diff --git a/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy.md index b06a046e5b..fc976f6277 100644 --- a/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy.md +++ b/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy.md @@ -107,7 +107,7 @@ When a group policy refresh occurs on the client, a task is created and schedule If two-factor authentication is required, you'll be prompted to complete the process. Here's an example screenshot. -![Two-factor authentication notification.](images/autoenrollment-2-factor-auth.png) +:::image type="content" source="images/autoenrollment-2-factor-auth.png" alt-text="Screenshot of Two-factor authentication notification."::: > [!TIP] > You can avoid this behavior by using Conditional Access Policies in Azure AD. Learn more by reading [What is Conditional Access?](/azure/active-directory/conditional-access/overview). @@ -116,7 +116,7 @@ If two-factor authentication is required, you'll be prompted to complete the pro To verify successful enrollment to MDM, go to **Start** > **Settings** > **Accounts** > **Access work or school**, then select your domain account.Select **Info** to see the MDM enrollment information. -![Work School Settings.](images/autoenrollment-settings-work-school.png) +:::image type="content" source="images/autoenrollment-settings-work-school.png" alt-text="Screenshot of Work School Settings."::: > [!NOTE] > If you don't see the **Info** button or the enrollment information, enrollment might have failed. Check the status in [Task Scheduler app](#task-scheduler-app) and see [Diagnose MDM enrollment](./mdm-diagnose-enrollment.md). diff --git a/windows/client-management/images/azure-ad-device-list.png b/windows/client-management/images/azure-ad-device-list.png deleted file mode 100644 index 607c36c307f4f59244dd64ebddfd326ad459dfd3..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 84823 zcmY(qWmJ^k7dA{vGa^Wrf^>s442TlaAR*l#Fo1Lqp&&{+q;yO75JPvT)DT1W&|UNL z`@hfg;aO|nalY*Pth4sH?z8v4t_Te^1tNTEd^9vPA|=K5T4-qK@Td1h+-Fbs*+H}a z9_Vgb3h&U$M`?GT23WSTsdxgBz6ZGMQg*8*XVXe zGz)c0tdn-kpbSMzuNc*m;_|&od;?pIqB>me%ll}Q`Zrs~7eCMhg5K+-4bvP3_B3wO z`y6?oV1Tk`wZ?Pb|F4ng6V%Gd$)!{gz$*WbdEtDUTfjiBoEtNu)T~oGj*pL594T%q zjir~BWq{H}kScWngcoRcJ$QOLfo>)xy(Zt-aEVr$*s!>v$)V@}_mhed-bVU`B5;XO zuXbo?2;}ZwTUJ_X^(QlPYzHVToT#vQ8od8=@-)q%L@nWB6(U}9%cmh&9o4tS+j{AP zyJx@=Na1|q;pD`#5EU6|6_7>$SMuWSURN#A+-ck|g$5@>bJV)3>s+GWK?jmaWiIN#UQK z`T_?6*J}{fkaew9bTB~4QLz^sWxWS`RzA=67!OeVjBOgfs$Hj3;a$9_$swVO(|^a8 zC1pfq_e)eEeROoR9B--7AL|g&23GAqEjMcX9gHpSslAEbY|Zxa zUevK~t;+X$fL(cIJX>yHb|{H=+k-t}ePd&TIyzOvxxDTb0e&vfXKHHdvuT@%(_(*M z?E=i}$Uq92zV9%WA%)zVE^(0eUuh41`+c`dzVWicOKZ!W6tuheOmZsoK4-!^Eq7_| zbC4fOX4b-3K9bR~y$Fn>I@{Wg)1lon$hV0cj%vPg*6Nq&X0T%nB>4yBF zuPd&Jk^+qwB)$1|lW+6AYWTc?+q#im2P%e{olnO4hwI>IX#!gn(o6%()o1^^JO?vEkv;6H{sF z&Vg2rivZdTF%0P6R)HJuEu+1z@XdtFfzWHrYNil*+}F6*(|V>L;B^PUHH%d(&93cC zq74$Qoc@b~7kU(U1w*ELEh}MPLx4As%bnbqaDMeZBr2sO9)kLCWXPl&k!Vyb90;rmgdc#)Nwl|Reb-8o&8^?_ZBk}ewU7u z=Z0+;h7lz|;!4f(hyCX9nVZniB(=sQc|NrKk?@F$1&u@zK+#Khuj9*kUx$D6S_7R}Q7kjuHZ1~q^-Z8VKL!@{>kU~~xnMBbQ=h}eZTQtY-SelF zU{Es@$ZqjId3U!80RNLdOBt)peRbvbWabJ0;Hl!=GzB~+@O(YFyN8)iw{2)>iTSAY z?oe6E=iy>@N`7}xuk|$Ha*(s4_6Ur+E7HceVG0ga8wWMv)PfJH`l_W(H7mcWFywq9(V)=yEKinyCLi+LRy-L*Ydpg2L_kyS(BtD{Hb)1mjFNbsRsrt*SR z;Jr7TCv#Bmaf0DN^OPv_TCrj7jN!h6A9%3|O!Q`^zIFQX zehejP`=0hB27JGMISYQ66?^_Io>apL4Rs7a#S*S=uv30mp(V7)6})D{_T$AgH*Iiv zb@MYkjUPw3QPjkL!wOsUA|3%oJq(;31swUM6sBkGro};i-2!hXVg$^zR7(CTC-LO- z|0c=zLDtP`iD8qFvVz!)1(1)AM<{8c)Y6IbtyJfNYJ7wLfU{CrP(C?HOk?@f4H&b4MpvalT>I_}w|sw|jR z0ETUo^%8g1Cjd8|6F0Lgw^?V%hz?7SjEw%4D~$+z-f@I@TmYvgIFi)#)XU+_k)>bn zw>@5c30;3RrDxH3yHsiHN`V!4{J@Y08XX?aU#>J9MdYOtS83mzkBhaeQq<=AxyLdH zH-?5krZP`%vS#`VASqg2isIk;o@nm(`(1=Tempmkv4-{9uG&blJfMb9r)_zNlAbQq z4frv07cs|5qlI|uSA_QyJ4&fk+;P9+aj)WcCd+{7btlE7@C|X0ywJ|rNefHuLa=k- zSt|EC$16UvjjS9|bb}FU#^6+blIoOrN&NN*#*7!q)?^cK1Q7=KWi}ap+mNhV=e3d& z8_Bkzp<-m;pk6?)e((paLfYo{6B}-$Huf0N!XaTD?TJZg+T|Axa({G> zG1{eC%3*Shqnp%|?uctG8UiFYPvA7kDX2uhkxnho2_IuKyk^E|I_cIwjsSNtG}n+? zFM4Z9qOq{OSm=^FB}s~RFq8=P-cM8So?3%^5{5$jhv)|*wAiA5LS73AhF1h$lpr%7 zr@(&j4vSab0t*{n4K4V3QeNJvThbTqi z#dKfOiaB2l^fb!c9n_2!oOzYezsda(G7P?FK=mPkcVmw=i+dRH(X{ANSy^O>B)Lgn z3CwOA^s)%w%UCeKMbCz9W<_EHq85Z1Zc+2VJ6ohW>Rf%c*Azl_aiW_ucHXKRXJr*q z#4EsN*kM?&-G8cVdaFeZzHdgCIQV5X856Q;|tkWR+kq!co@Uh-k{eQUd zHVlbsC3cwu>CDBfWGfbvjX$4gOj;Nc&1d2%@SwcFS6*-i)C5C4%5Y~2e42UB3UZ9U zPh9BUcn_zAH6^2;$nU*;U&!QQ1Pd%f0xN;!yfFpRaV@uqn^CXHumRffmfuCb=UTtj zDW)MCCzu#KbQJ@OEm*ypyAMHQUrUq)R-cQ`3xQcq6neMQq8ih0G9L?3U*IpK@$=S_ z#G%Q?sr{$6-r;&KHJtYxZCgKDPwV!URTVjTI$T~uMMYWVV_ZhN<6fX);p6^q^K2*P zeC}$y5kaveZQ2mSTx_4?=D~@(C1j&sY2o9y|8TIe_tb;XGqNoh#Ipg!?pGNe&DBDf z1@3^4F{s=JB;pY?>RQKCp+)<%Tk(xRQehkZB#RD4SQewGrn_3(-ZG~dtuTf z>CVgJf7wIsv)(6^;B-!H(?;Q5lV`nu6N>I=+D>TZiFvUW|KQaCM31}QvW7ovKu^QS z&r)9Ad)#tJXmq#LmX#S5j|86|Q=Uecty|)p!8;eC*S4kGoV6AmAs&ZED>c}TI2b14qaC{yk#u&3 zu59br8--FnkW@N`+AJN0=vy0Q+WcuA-~M9H*R;PfjIZs?*)Z1ne`JQl+KLpt#wQhn z=@7Ft>mcI|u0DqN! zRLy?VS@M0623)zrGT3C9y2g%oC{#uCErFz2w%#emVyVZbp;@0~sYy)?in(FMcgwH` zb>LEeIBwzC@IybQIHJU9MF-GM6RL=1tg(JSuBBBdr3H&Qs1GUWX6k;nvV^iICgXLg zR$*aQb8JqT1l5VxBzzH8sX8xQ9G-7X$wg|MzHzSk0=oNn{T0*qxL7yeJ=%QQe*7mw z%$O%v2d6?Z&W-~8XoE)3q=P9A5ZI+k9For(B_xriR@ zLgyE^XPKy+fNcp>EPw-}$^H5`+Y|M`I+-$+)b&d4qNAjub&{o*72Y~t5)pBsMD}p( z&b4Ije2`eKcw5`z*r|{?S7a#X6#7YkeJhhYl4E6A*(}X)T3xc;K{ifZklb^ad`<^B zNmatALhSg**%EgDCRJ12?<*k?+eOmK@1DtMuj9LIbb#U1(b9&cv`4A7Ivr{jbpcMt z;`79K1{GlbX?Zuq^e>vI&`W@ zgP*Ct_Z3LP)a-k&Cw3cElX-}Bqyr@|47ajm=G0(?#tg*gZXw9Yx4Jq|Tr8z+xME{a z!~<&^4fH&fh-6o1%QT^jx?Dv(dABENSl;HPq?0kL*0k<$mTd z&HmVIaP)Ga{Be6;2uu$ZHe4Yie2(d8_%Y3gU4}v0z9TR#2>kHL$D`X2!-`hdG*X%G z`376iOP)6Z+S-W37jIluKMx|Oru;z^Vc+O`IEJhn_08UZCNH$0*+X(c{ih$^>psw%I+aCMGCvnTPf+<#j6K~ z09kVxgjPl7lX0u0#I>K2RBq{m&O1z#m*-;=S=vJ-t}O811W4jZ!{M2=2~s zOR(O-XIn3)6;#LWFmkUR=rqWkKm)+~?wF>lsTzkj?w87T7x1VcNI})Ui z3(vm+v-Hki1YRs&W-$aI%u0d+=i@@$a_P@2fFJ36c+)@W3Nugm!8G^IK6u7;zp&Iv z8u=m8d$27rcoNo9b@7MNaOo_H1$tbq(|`?v+D~c&)OUZWb|7X$t7`y5oJa`H32W7m zOuRDw+TR-ZA2*)of5YuUh0#LEjL-`dG2UHUC^zvFcsat0c=LYU3YHRp4X!9<$Tc6l{dPsn=;8f!VVBS${QYH zoA|{eG^McJj!#e0;Dlntf{$E*6wiIgLE#tmse4PIdFW3+MKcM^0Fn5pphq$N&-`%)qZGQaNv^)O zlJ0iq*?xYS^UE7nS6I!fomQ?}B2f1qk##x%71buG38e41dBe0)3(cHV=10@{r|6f# zS(xc18D|G!0faRS3m;C-K~><#4m6XZ7+cKIi*kgHpm}WY`>XZ|)BE(yOjW6Ew@5)# zYbxQ7yO+z;I9>qUpjN8!vI%RFb1cqqSk`9M~o zS_$nd8QJg5j`^?p=8nWo(<_eNr|vJg7q8eiZb(nc0vr1uoRyy97e{Jc><1Uulf-EGS&rd;QE}Hy{nM-u{?hNt(FE(gQlub!Ghv^&*dz)@ zbDAZzP;vIEsz^jsZ&c~LL;c-vs2!w3Yr&pR^ujhsydtS<Bg6*21o)iGhAx4{s+|t6luY5OX9)b+)t%R&D=Ua^=q8a}cDXp_Aj; zx(?s5^Wz&+V}%PxP8ZKwyd65_9V@KK4QFx>ko!tgNyar4aO5;KL3-Ykc~CAOjCte5 zu|RmM=1(zW4)ecfl!-R{j{MhBkH&ygctjA&?*u_guoN)b4jCcTmH_w?qNB+I-CtQT zxq&t7wD1?_m}`AR2fntBsnwK)p9CoT&2#COlqznmT7GroW;k4nyt{Z=*%a7nuzgh6 zro{*xm+@Lubm7H0p<79%r7M1h zv)sGlBd&vSJ}>$ZeuosK6avI6h_b>E#x!Zb$>hSJ+lH9h{I#>nAb9{upk@cl(`4}(CmEK%bBC9p=;-6zJe8ilK zq^pn1!|;#ZPk_~^+O>i7ioF&~GbMuh-p*j&ErmtZdQ{Tb0a@mFc)eacxn5NQwg4SD z$IC~)0ey}KYTpR0`+3z_x&W%SX1mId$n5g*YYlg4DsE+=THTCDJwJ4bY!@dz!GbS&I@D^cC2EhDxr6<-=kyIDpIpd?_!IlA3$ODW(2gg5q%r6G zX@I;Hy=^$G^=L*fR&sB&KGQF0pt18>mFr}c7|#j#b#7ZnH#42SHiA=CMHfFc>OwMO zaC7j@vMXju#?QH3SLm;4;iw4xz$e1jV^g<05%VI^R%d7_el zfgak0^83D>{qv+Ae6%ga_zQ@;bk(bW^u`4&EcV!;aw(M+7+)*ZZHQur_;#%}FC*g- z$|$do2;h&gJF8n5(ThFPZWkv8O|J{5nNMXSy`~i(7R7<}UAG%PkI|kj6L)VBk%JO) zW((t4CiyABo?nXmQv6%aZ)fSGBRcjVgmSxwNox(7C|#T|y~@BA52}|T#$upvF9TPX zT330{=DY0$kLo}HJt;@UbZKq8%&W%8R-Q#AUQgt?Q;-bo=3y!t_DFn9dw=Qd_LXpt zP-m%lLw{F|&rUE1)Ue0+1rp)U=smU!Efqf^mMj^3D?KoD65a4l`#UU=@%QwxuF^zf9*V$Z(? zdQq5rSm%{-)#Q%Qo!N{J*p+l+ZPL!Mge)a*`?4Zy{g-t?G2r>=m`2-n;?8kJtf*iW zPK_|GnNauvM}zTuoNh)IDG-~-0C z=kn_7W5v9qck+ctT#rqd1t8Hmjfxp zqd!%)+^x_Tt2csl)E45tw2zxPo? zq)E5DTyIvea_5yTv+@cNTpDCfI~7hGT8P`-iv`s1{yqdDmkIjR;Jcm&#EYELmVSK6 zl4ba{rIVB#vEsiY&N@7>1~vv^A#XT&1AF+r^=5Cr_t)*!8=o_t=J=N9oK$JN`ScKl z=s=Kk#n|;DsY087pMromY^WaX9m!XxHj<**YqTcd& zNnsoq_}r{d-v4<(tme30MATl@g}J9NlpwXs^SXhKv4T!$chjX>c?bg}T9vW3sD$!@ zw>kE0XKzAwk1QhVm%Mmi8IIuBhU~8-vs=~R88*f0y8bMQ|D1FnR8hr(c`h$KU5De% zIdi_p48IU}crI=8g}q#GocQ#`GxSSnGXRas3K8}Gf0M*WuQ)|;_rd6F0f%q%7l@@6 z==RmRJa-!PuBFL7{&8=k5ThA_c3sx`fIU~4Fx6bYjeCCVbENh9LLtpzmP>P;o)p^d zYZz<1`&h=+b0co0PlGi>tnIb@M#4aMq(vqp;a2?LY>`C5RdzYD9BbJq>IjSZRf{Fg z8V4{nSofKNSB2h>9C$I5cfpwH*rF9@2Nd4ggTsE77pfSn@-iN6g^1D$~sp636@4#^M7?L^S% z9m4_FP+0LpWhL3K(Rs5+qhTDx2x?@b$|D1&PUaEr<#A_R3E}!2rK4JI^NcgPteqU` zH2u@ou8An>AcnI9ZhXBHTzXqF_mTd`-l$%gonBI>?z$_{UJku~se@i_T&dmumy1c9 zzDFOgS_>1@jYgYV#|qru%cC@kP`&#@A#Z)0yPjD9ZNT4#KfyB*se@ko?Ee5SyvLsq zl^8m7^@ON$awJv@7m69ah=%F8!YXjUBpLZfhQCzc={Na;QOyr^Ju zQ3fLbG@`1xYl_ovw#rOsZ9!3G2j*8B;IpLZ8P{fAwY+N1_BEl@Yr~walI{b%{P!Vq zR(|gG!>&lT--sFX+3LReAKSG9$2?z&Pa?!#7WjM3g5_oJym$+bk)7fz76o+X zQPX&RjTe4@*%931)qk$$qw80*NwbgcnugIG|Lr#|f00x* zOcN_I?ml{Lhjy)$hQ>}@`bRa@&$c1W*(ywE85o?Em6u2@@`dsVqZ9NL;tb4mXTY__ zjqOW%%(FE6pL`M;6Y&fGnVRdF$WBazb3C0+{F%;A%4DsGwgq>O5cFKRRU#SEWJGjQ zK7Tasi{{nZmUU%mE+iJ|#$=5t)cV$rN_9(4J;DOKV3VqAviZXoNb;o zkCdHI;N}ZU{V$Hy5Kzw0t?}`T{=}r|BlyB=-tF~5Kt5?#S8uU=BtN`@YX~6Om_Di` z{_MSB-S0^|0t$uT#OeFsT=B3q$;wRvv>g{>-Y+y%P*;7traAdOhge__uF0mZsaQ9< z`YElHL&SJfF2C=D|5Z(l6CqRX9R@=1tH1EAD7BBKm#Tg_zWOHm1Cd&X!Gy1k!Vuag zhRB+8p&CJ6*Y&2+VE(I$66v{QQ|kvek7AQkKbOO~zB;OA)0?Fb!fMbfaaxtI0XFMS z+bKHP3*CQ>RJ-zXlL^pTf3b7dKn>uzux`SVb6}G&6TO|`$)9(Iy_O*Nf5bg2!Ed^9 z#D=ZMX}ZE|9#NKfqFt_|=xVQ*j~_2}KZhMY;;*?WgWh!fW0>>b|%R z?IFyY9i~@cVJrX8{k)`ujL71zk-!o`K|zqOuXw@-1ASbZXOYp-Ht$LYL$b0Cd@U?; zMn*>qw64pZYbY4}3>uLks683&`+4|aR?MqlecR-*ue-)|zgIXFffe3Vcgo|NFi_z; zT9VmxD2MX3q}p=CNla|XrFeLg<)Lq|w?j)uhnK&f=15B&Nb_qzbz)cl9({)czCmT% zMjP{s;q(|EwJ|MGqMYb=c`$I_nH!ZWd>t8G3=lre+ku!0?U+uI#{>r^C{F`4On;l6 z7nc}s)ulk2$k07+ERy#estN*LIU?&SLmiMa!znwckKNxQg!!TMs*#6Eu+;Pv<<{uv zuzQ8qwA|e9Gchn8^zmW(Uve$GK=$^{+*~6c(x?AQ(BHnLct+9C%NiP%pg3fHAP4g0 zh~zUf_mQ@0dM*@39OK!<6h$0WzsU#9@5u^4H`RmB^;@Mb!&rM|09%+8tnWuv(w)K{ z@w&^`j9z$)2d?(nMFXkd1ilJ%a+2OL#k-C4%Hu9w{8^kXDM2rvnmxKaeDAzW=$kZ$ z7C@~met@r{s#@T$N?X8kC69Oo%huG$dl6)SC4b1<3lW#XQA^f(bf_r$h&T!(&e}$52pLWWs-`w7{ zd4#tKz|ce@n*r%2ZKft>eM>6~=dZs>JYjd|>}{wO`nP411i4~jT1Sp&_rZ6%ojzDZ4Xmbd`VX+m#fnEIgH)cScJ;+HVqm zXdbLMYjwt6w#_0+oh(11CD5OW2QnuozjMZ-S;l-b&BqzC)?zRcXC)m-4*giEPSmoTiIToUijiNNjE zuO4CXI+4>8iE}@8tvMS4iS$eW161Ko&Gw|Erp~EaOjuZY4SqucWP*S$^KW*ZJb#auW}8I@gVbmfPDn8;MV<6v;SkaboW zg|5cyZTvwz*B_hh!7{j-)4U(B;OHRb>(hTzt?_jgS%bzB6^yI2CdhMaBjv2yukrsT zo&^?>)v7Bna5&dgw>Pa`FKYxS8=UixV)N>SBu=;p=ZcXQpLkjh3QLL8{X%`8N-i;p zV%VvNvv+aM{uWS@*3cEj)*TmF>tw2cU!24rY?f$8_xW6KR@}0UlRM7nUBqoGi*(ge zu19GsZo`KcP3vz~kFbGb@>!w`4`cOJKk&PTASAH`r(&u3-#00hH=?-Y(b7OeBzECg zzxjTy?$`#J3sW{Pvar6E3H!=Z=CWsQ!*5v-kOrOKo10^`h0cutmEA_0TW|5B0rfewRDqtAod+^;x;z?yKt3=y9r;+S^kqN>pT!qPxp-a50&!yHE$I{ z3d`TNlS8fcB(h%etd}@txld5UZ9p3pxq?#M<4rX&$q@-=Wx2@h;=iF^CS?!V5v=@(mTb?tn`vX;#eF2wyTN9o@A7FmIgeSW1sax=3*8=Kbk;M9(64oBK)w9)aZpe zxgTN68s8KBS*y@-c%E?6%VoC~>J}|1PH4T?8?wdW7DevvfN9_Swmd4U^<-9zjq2~1 z3;Kte>Y^aKkUZ1b{BLkJ2u`@0l9UonfT#jPIO70kz^(-0#kj`#OXCkUc}LWl4x;J*U4DQdcbA zk@`|St8S)!#v%GXeN(68U*k@Foz!|b#*tQPR6?%Kid|`Jd*_-s!i`gW@!@^x40%^X zGJ8x^&md5@Qr1c(OBA;$jFle}4fQL$`lgB%MIe%6%DG?%{4%|c{IC&85jyYb{k56z z#x?M)*Wy@z9AKck%8W^>fBVAsg{+cvq1nZs1!pA(taX0QucT$8%kQvKnp!P%$dK5x zMYus2*Y}HBsnI%x2`D4c+<8UqDQ%K}svL>$G6YE^2f~rvKY_h!8QKuc)@`7B-^Rd< zi;)uN>faog6JZ>wE+wiI-Xue_%vP>ya}N~=IhZs$P9P3Dd~Zr;!%0WlOc{h@p<7EN zg@*%u5k30t^(P@+SwNrtJutEw#buGM9riiz7VUPHM7c00Tin{4)PLi-+2gy}<{iS0 zb~{%8{H4xU^M&j0r;__0ge<0}9f88lA_t!8Tw2=#5C}VbEn{?omOb8I`1>`w&yx##~DNqEE0VCHo;$Gc9uyPV?MUTH_PSn?%DBB zs43V5;?}k-Z_+su950FHgMQ8)-X$TE;8lzGIm**}qD8osFD!u)0h#ZFn-k9F-0P}1 z+IG5xFGO*=f$S}uMFSQRZ+}I|mUc2PE#OBlzqX?z_>4?Q)NMG4_Oa+VbE#b zO^FrmFzb}p98E7p4VJ)5Il(XAAyou@jgIN_w$M>r6LDJZ-(SS|)vH^C5m`2dJO8;b zbbP_HW$8~N3A*>I^NjL7?~!3l`7*QIawMXNT^8sr=A9v4%keyX{m0Ae5yOc zS2emwf)mmz-@E*&Jd;IiLs&__swTNAi?a~0yx^=dfG&YJzlu&OmU5JeI%=k}9W0={ zR~~GGFM#-BfgI5iWOnPWfvtu;r>sFl|3a`B#)&t?3dc4IRd-u@BK$84q{QM@SG&Rm z+u9Y3Yt3t1*xZagO*Ejol_$Q1XkLy+-})sE2eaONrKKmP4oALjp-QQcuk_0vskj#n zL8`;oP7UKIf^Gf53lg3UBj2LAdA@^UhU*_lahNE>op@AxzWIt@&n@Mcv7YC_0&2wP zvITZKe*GZg*EAeKb57!MWcA8Sgl}>tEyT%%TXKj_Z|OP_UsIk6ej#2S3zJm!1RP2| zxBMZEVdy=5O+)YtxA#}5jDu@^)9}o@40EURuR<6X7UO-u?sHaW)hGqTTYg(hJAFbw ze)FCx%R7^pua3C2KXTBd1y&UMTcyz`>tcvCh_66w!}-dql$fR7Y=94Nn1~H`HsfG0 z)8b~lu^W_3k3Jj_uS8pW*`G6Pm(^ZQP}qz8UyPW_P_u1_%x zwD@lpCGHgr`e^`Tq$SE~Z4ad0-F3;ky>0R0o&|abcnUIeBe8q)r7+g&ru}<1cz4#-L z3aV2A+T3(8x(2UrUBvd-!H!y)_(%0+Kc4l%(i#%=R1z<7(zRb9iab|V9@#RLS#73Q z9%sK3P+)=`p4g{VS?sz*t8)b`5_FYxZO@wxjUtssN`;5`A4AzK2Xrq(?!KVgJkaL7 zRLuGzh|bA!(IE%O!KH`mJNYSoP}w1VK=c;Y2HikD*Ax?5jh>*(@BI$Q-nyRV z7T<%NRovL6;>(q}6Hh^b3gfE&Uju#F1 zlsr_rZMvW*F+Gd;ZS}TeR;Be!Y`wtoII3WN-IeoE6J?cDCgxk#Vc*M;w0SpMBc`r{ zA0rb(-=Vx1XL)obl>q4=&^C|GTrC~-!u%P3aHX6ezZiWmxMArJY(84WgJ3!iOtrF+ zinzDAs{!8Cd#u^|;lzI7$p52Tg+& zIf>3YzY`!g2DFh;v!;OW5ufcv^J;9zp!LhXoI@&hSgb+<^2n$d*|z)Bq0b5dq_iE? z-UjZ17OuV*(|QoFcVSxT3L_A-+DqUQFyE;}evMlD#cKoJP+W%3y%l{Tv#vo9fIM&Y zz`f3^UK(fSvcahJZ6L~LYgQB;M+bB#Ky^~wsuRp3dD|bg(s85TlWxB~X5z$(Xn0-> zu0*D`0+Yp;Ml)f{JQ-~-q67HTPv-iUS3HiLQUn)hN;B%hRcSPVv*B=Zbi_HTNT^DDa;luHhhe>29*5W?8bv4Vqjn=?>=SIk|>t4XFTP z0G(Zp2rImV*VL|}new!;^aRe+K_=m{>i7F5q#LJ$VRN>$X6qb}$sat^N@{`VlPz*X5%RI{ z`O7GF_i@`dw49rYz0vASa(+37@6V}(Y1ZGi>fiNz6|f3;b1lvwF3b=tJj14a9{xxd zDV>2Yp7C>nA;MBsW$r`L%ovao_udl+jiImiKQMX^ zw!6s!{})R~tecxObVE37L;OU?=jN8nHXfe%TpkCi^~x=>O}1^Dq!oaf$1{^g{b2%Hxzy+BMqmn!bD zx;Q;PyJDT}9%e4K71vQ(@WMDacdJ z5(6eqC+yC6J_^d$Pk~~R*k5&byKz}bPWLJhed>sz9d!nL)>1x*Rw7#0eten(j zJ~)oVY0In46c>_(Wn+9~Vry4jW!_G!Tp3AmTZ@stwd07I)?d}3U<=n?BQpwZb=3n$ z?`138Nw9A%X^lVXmjDILNaIZJ*S4v;=>s?7JkNSZ8XiAT7i6*Gsp*!~xiL1h9Cs2R z8Biw-5Zk@AsVd7p0gY9>`)dX1CkX;?O?i+W=fD3b?oXg|{81t}nRfLZ#m#@ZhxtsI z+faskM$FgSU$=%+{*xa_{;smb_J7c8|EA3s@SlJ{{fW5VeI$%Ne}9C!LuFh{{9uJE zx(AomQaDa!m*Q7;v}p>ySD(*t-sWjuH1T~Lxg5$2Q|eYZZDp$Z`8nO5SMtih?<{Jb zZ!y8eTULQ`;UgBDT>dTfGrPB5m%}Q4hZM652?RsP$2*3R^lyt>RGIjZg0HJSz4%jrDllfL`l%QdAc;Pa#Ajl&Zc9h0|T3}n-ea4Bvwhz z*nlwj{ehL=Dh0&?06ZQ7=1%Kz5naY%5NF<_VVyg1Z5OIsf8(cAoU4a0EKg6b| z@6!KGPM)JU^^hoHQpo-D3sO-Wd5l7`hJMu4t^t8 zf?NRmK_Bi}%Zy`uj^zMpxCWPXC3;)0uTAX7P_N

S>YfK1?BVjb|bGpYQC-OP832 z?iQ-tGt%ou>R*Uccf7$!pS~DLc5w-_Gx}WjtCqUSzr>h`!Edd5m9}KM-7!+?A1{k2 zOAn+&g40I*dBw(rzNJFY)*p)kK zPY^(P`-v71egF%qr8m0UW+0422sZ`|0jrAs$18So^*V@>thh~F>-Rwbp16zdUnS|*PjI=gYXA?`X9&~yPL9|yiX-CG%(33bnM}o&c0s=4&t{MeS*_Z)q)j~XlQvEL8A!FAa=6|;yoGDdP} zXoTUvz=&9}oVJm-tFsEbz8M2c+eZKP)HNU@ZSM<)75o@9(zYmJMaOjVzKFTJJ8Ell z+wjtO>isd04L)Ci7_AqrSkd-g|AVN%iRwKWmjhVK2#}X7^f7=XLo=Wu@Kop46v>+| z;C&ZuX3*z_Q{6V}wBv+Q$~KuH{U`+C0&_(3aW*vMKZR6xQO1gjuulcA)m1)k0Q;Bg zCxuKJF$UfBeIfX^a6rMGFAzp+b8)(ZPP_A#eq946x-i3+)7JS^*`=5^5o&`+WO#q{}&hvDn@p2^qP{&H|C+xnVA>nmtaru%tJQUg@ zomMl6d8hU*HJx?4< zvrHRFN-B89Ga8)p(nTK?N1IH+7wIeO^PZRKoU5^8RvPubPcC%N%{!}kLk2&N2ecZu zL7#`U0@H@Sd+u%Ycy6WBkgzf3d>7PDV{k59zdg;ToQ>Ki5wZ;l>$#tgM4a)2NfY*P z1su+NlJN2^YPr7uj%#Ort<4?MnH@VH;X52(2wGD-y$?o@zBVA->OMNY$0Rx2W{`^9d z%p^_SpQVs{Cep>vT~H(Lc5AS6lTV3Ik?=fU#Vwes!bo9mJUP|7yP)8}da$esBVNgMUuaN>-> zZC42zaS*H3*uS{(j?Kz+zDw3JX{#~q)`Mu;_wTJx)-g&zM`qnjtPlV1si+U#{Ko=H zvhOc6`@yIqRKT+&{2a2eM%Um~1>mhF2N|}k)yVP6bAR@1MwwUa4B>!^l>Ci*3B-+> zxLfW2Bz)V$S~)9(7{r!yN`I#Xm(l%C&-pP)nwfzjUx9-^NmN7Dn5sH;!eTJePf|tQ zWvzr+=`pD3_c5LAEne|!ScfDrmJ%;sYeLBIO$5f}pZ_a_?hP@ipSnfao(>mJFq&o_ z)5M6o%YMdIJ}u<^?QpYU{~?n1Hy#chBUp6MCsuWp>Xb1~s;F{$x_NBxRp?3b0F>{q zAwQ&HORHUWB!<>Xv;Q zYE%iEnxlDt7}Z|O8@Xqu5^eFj(pQuPvy2WnX;IJ&#E@4(BPUjP3;sPsxg2;sQ+tzQ#H-2?%>x^d$1cHxg7>NYUmG_CJ*OyBpbb zq30)&ew(!Wc42)sk*VK+KdQ%D%n?#(NHQFfxK3hsr4}}l<}}MBI>xg&>{pPH4u`c( zRXm}qzFJQ|u8z!9vFrvT{jY^~RH4bGyl&Q{H4eG#8zAic^=)r8^{gE7d|>ku z{?v6L8LNX-jBRi1?QK$ysl=M+GLefh$tl1GCxcf&J58*gEZYKb`;6 zdh~LqfLAvGdd>RUyZfhvx6lT=H*c<@kNbc~fmFKm3t>r-n&b%D7zTm`BI753^u4}%}e6)CoQ7dFob_#;~8 zGVbQ5#}g8S-2#};GEg@~p05s0;G5*WqNKOff$J9~=E}27-;bI|N|xigvJG>QWwSir zmeV5!cI{w+K4R`i7I*V8CZn}{q|*JOmi{=Mi&rYwWlr^S8;QU0?pz|P?gk7?i!BKQ z4_ifHg~sBre}UI6CCD;8%S-W~Na6>oIJakPf3;o*Yw~Sql&P>~NPg73;)r+4siP)U zHf(;2uWGW@&0`@58lNf6or9AIoboaSicc}q;J&TOh?TJ@lj05BK9 z^n5tClQCPp(jsQW>eI?NRzR1Q+H0>|iPh;+Oe(^d-VQVo06hWhXFd}XM?)8$j6k_R zg4aqo{ox3(bM2LvTesrd^H2oKV}T8a(sPVg!|$Fzm@#Wgl;QCLe2iV`Vsn z%;BREl=cMG(Z`U<=v34Vhq!nk0_`_qmi~Ac@xBO9OKm9v?SXwyx5=?b+NJXm^sfoR zd!zhd1f6g;=f=V?kAzd%-`%$?xSi+C) z4L#g99S)c*{)pN8}u*4N_HjA$J^xigPDd_4#pV6cbr;mFFk*)J@@l)vX}Qnp9iDf zWK1Nk#;WEtcfXr9SU!)h zGcnf}-*|68#0mG_n|q~sMU6r>A%{%DNu)StUf5^%5TBowc?rubw;J@N!J5Cq`pJf8gP^Z_oX0=H_ra z7j}9k?0s_dXawNNSS?>|uY^9XEbI-txxd|rVEf`PPq&w!Kie*!iwWb&g;4J4ybZNH zKN*wTa}iuGw-ZO7Z2P88w2S9v+IPSGVy5K?_=onLXvYq<_Q-<|2i=cE-v@GsXn!~Z zFSxOq9gQ?1e&R!<)x~`=Q5b2jhkak~?jR)G7HBCAXV1Y_5TFPI&LP{{Rfp10A`aDd zWhsLIM~OIIK~#GB>8EpBg`+kLq*M<-{BUk*njzY*w6#eA1qF^-K>zyJzn;z-UWx}V z+N{pdLzx8xiY+MF5`|YkwrJ2T0KvDDkS4$o{2v&^Q1HR;w9tnq8JL1^`0TOuS}ht+ z1tS3sKN%>%d-y8g!6VNkM8X3O0AKI|jtYRB!Pma_wf5|@&nCZ2PE1GyV1`c)f}-u* zFMjchDF=X;f-=B6{FmgL>~I7{udxC2;Xk?sVL{YZ_@DgApS0imz2D0Ozp+Rb0*)}s56Sjq=Ot%8Z!cts^ z9?bd)Psruk&6)Q0>8tI=t%cy>P`fo76Nd;XV{AR2$Zd|+7E}ecS zR>F((#06UamDt6%$r@CCmW6PQP0au&h(+-yvE z7DK0FVmNvz^q>DY(7y83-)YZ0`}s`M(}!BHCv?_t^Os|y-rAL`bM4m6px?dg2=14! z%m&RP?STiMXrKA)mxK3Dw-9~M7XdH$Gcp=72nW~woT>9!I|b~GZqi$JTDv%3{pwfK zcbVj~Ba>75%H`oEW;Tfqi@ zdPgaP>?&F##c?Q-RbReXW^6Lk_^5}7T6;Ri?^T_zzVcdo>BW~~!Em5G{NMw5>tt^T zeE;74+1}gVE?>ADK{h5Q;TIlz^ojQDGoNk`oOm!+$eyxmkvG|%`P8Q~sGmA{Iwohs z?Nd)Z+rIeuuf*}8cKOmmOb#!F{ZB?vj|uF_3+>9KTd}eYo4K{z#>0+3^XwPer=R(J zOp1@>j*E2das=$KUxD@D{zL7^p(E|SV-eRLjKCXl=2-Y#yGGugCK)T|W74oUeAD5B zQSXt*u`D42Eu|`OE(x?8JcXh}wjCdP?6Gu|0-qy=;Aklk=T9LiM>)|-6(lH)`lUPq zi8d5Y8!I$;%nl3Wql41IL9w;3`;N9^thNOgGtS@r-QUgr zu8oZW8jnZL@d3Zw_rWg)V*K60!*^2CXD-B(P7(v5q z^lxQ17Bu?JsXRZyl|oB{j*)J=KWO!m2R1Ypoy;$VQAOP-3|WsSp0{I}X_^qW)ehe` z(T<)7eV>?bH|H+2t2fWI*G@jy&R%@0?L9Eu9(nx!cHqdKz%vuUGXmbit#)I^mhP?S z+k+<2d#IA%Dh|h_V{&gy)B@M=)J&TS!#)1+bbI32``V|!_;{wzeR;g?KN@2gUvA68 z5ex#)`OBe4S7Wkq{JwVh*nMqk@1eYNcJ9K>2)-+AG8`GdxVRLnurQ75H)q?$D+|ew z6Av7UU^|)P#fRb1(65k>_IR}zV;9u@C|}tSJ&&@9kh?TIIud+Zh{a9FG$so(^ViyB z1Zrt&e`Lhi7M5>?PYhkz*V+RQA8SuM9h2_QJkg&1>=Vt;lyA*l$)wKe@O;W-X*Kw> zdb2GLg|dv(IggMtNKXUt6q}_qT^0ysv%Z>-XgYfY1N( zg?8rj*|r!;?`ifx8n|P68AO=~bSZp55FDZjydl3BwBLe<8*B5kUfL8BTZ{JPg*=)Y zd4^-9g}+&e#YFTzI!;GBcvqmM5P%|ZtQ<5YG6N%cz*$lnfrCRWr(eog&Q{V^5)>&I z$4(IiOf$F&hH!E6pzbqTL7}5o$H3N#z6E{(skX2ws(h<7N5M#YwC*Hu$Y~6NbK`eS zKvg~-{Ft8Jn`8GgA7ihF9*h}(@WMSEytA^!6RUr98KOXEa-*JP+}i0+xjykjAKI%c za4W|f!Ppbtj^t|Bp@KcRX{()nI1;iVTf8h?paUj2WMGyqp%aib84J94Z%4rxCH2t< z4}1mami#_5Z*b&Kd}cGqws5p#ldElS1egOyrrP1-d)u)S2iu{e`_ggyUED+jjlBmB zhm)UfZ=MVX9-jQ6M;?m+6;408nGIt-dFHkD&bhZEkSw)BM<&{s->Zg25RV6l=41Rz zF&*`DS4r@g2n*gHd=yB}2cOTzien}W*h}&SnbjEU!s=4Ha_xFMeSW6xkJa%*j~{4{ zJbAP|{`7tA_yf~zWHM&bmru4AU-@Y}dHSsk{9{wmYdDN$zX6WGJTrHroetVAU%QmS z)jNmhm%QX5PRB`%U z^O?pbLSB0VZA=O#_l`un(944{89TfuWEy&R-+^`@&WFcBe{P&_=P%*Qxi(8Jf-ft> zG5KmUfj@L(WFh3#1==(`>8?N_TSrK**$3S&AIA@V`O9BUT{q#R!~7Q;qUU@U+hyPN zgmO2@?t-RcAE$N}3T%uoQ=c8O$7)mHynp>sLj~FlvJulV0s1Rtu z^U{dDVXMaJ)u@8) zSP8#%vR#NcifCc&6`(aHGDmY75qJ&?zsN6eYpF0l#% zl*KBFQerSA6)4nkbpL`=7dSb1b*=7fr#Ql?A8p+O;l!=1)i-;j(7*lLzny)#_Y1Ff zaN4GEq|ALNMZFsen_oGJV;Vr0)g6P60-<1rm!JO3XOb3t`1#L&k-Gwn=o{boM$T-F z&DOcG0er_FyscHIJS%l$l<>yb^dSkJ47+%%K4Z2$EFi)!c-G1oEdnnYc(@GzfGuaZ z-5zis$rc$}@toXUdtgJLMK32(69e)_%U}G(Ut~FY$wNMQa3~uch}R`9FU2e|9P{GR z`EaghV|5l2uvtF^S!fU3|71FzZM`The(n-@mdy7d#9v*)c?&j)Q+!k`y}mc!v>yjF5NXu005UtMj74nEYr^rhc! z_doDR1jv0^&kA{TJRHX8zG!=`&CIU0Yu7KeQ}3J#yB=+iJo;GZPT1_wR2!c>5UYhl z?ev+LFuif6-I`r#pZ~&_l8!6E)0bWjXBW%nk(il0{K%uhv;DDJ?%sj^#HXH&3Est^ zXQ4gw>{ARQx1){o%9Trz_nFX1uc}CsxWAFI^6v%(S=9T#7nY z+IzxTJ`l1x7?19X{dLFN&p#M+y6K_1#q>qx!%X<;qTtA` z=`nr&joXI&koPKF&a^Ugp)Ib^pL1<&+-fr>T@i>++B>7{9}Df_M~}5*_w8*DJbX0#$o2f0(!-A)4LdRkz8ZRes~tSL*!ISRcY0q;B*quR zw%uEgMN0(vz58OZIX>U6-mez6pSdK_5z4H&@zj{OiZ}2K2*&-hx-hmwFi~(4gbgh z@9;%^^3YaL#5Z|@seFcSMT%B5D3drIyr(O83?JUt?gE;%gBQ4#FL>*}_%7f1%JR*y z*K2XS5{CI|TN-|`%`E<+UA;Wp&YZg59ytDF=-{zvu@FJxR0Q%E*K|0b)rofM&0FpH zU!IGgHru}R)yLZxA`OpvG03@a?pNBv{9;=Ur@m)$x*a_dEBOnVg0q=){;7mh$(h`wtv!hhuqZcjJ2SkDUBg6K~1N+nJ8VWa%9f zq>#_CW5+{Io=sQ^xzFZPns`1wcuD)-gY&T(9F71q6~SjU%CF_aQbS88+9MBrDrWoL z1nAuP*JI*xAy%`CZDM?XJNf3t;N4W49CuIuM%dV%NJk?;yT9tqWDx|f-)cYl(NALX z^iJ5;RQr$q>7PWfuv>901EIHPnYf&Yi3Q!i6nS&=b1_N#bhHUOy>YqSfB(^tuceQt zOhdoVoNu4|+!vxxKZCj)ybHO<>UlEkV&A^$I8KBdW0igGbWASyhyKj8+4&p6heN^J zz4=onKP@?M;Qlr-^qaxmuY`ksFtF1np_L7GsXO1yzBd9pue1($;J38KDG0JpI$tYK zcF$(mBU`i>pzmxzJvKwv`7XLIUjY5w=RTMIj=k`8CdYgi+lCVkZB1ZnC0srkZ0@r@ zLO_cfl2)#(9p9VJ;0@c^x)qo2MA^xxaX)B?3s4$ z=Bds%?7uH3)o;H3T6_Glhok*M1jb9T8jS!KI>8T~ITL_C%3!%J6LjSx-!IRb31Gk?~O~wlDe0$@yYwgTC3+|gV zL-2jvcKn_QG%?=b$KHJ=4IQ6+>FII=A^e%1KG?kAVm#>af(pO?rDvm)9j&92UJP(K z0#G=giLsbj2aWUlgZYP&{?SoeZXTSv65;7u8=LTkrRm^_AK;I~LL_u1R=Vy-c~`UG zj{a-0jC|{@lkK_Zo{wI-=OMoEg)gQpnmpc`35T^DD~gyH96IDZ=8Kuvuow|0{^`V@X8NTkz5>(!%PJL;+F@p13p-=BTY%tVm9 z78A#?l>>q2@PW=xd3J(c8)5gQpH2to=L7$U>zIVaa9y0=sL2mu;rW^c9q zVb}X6E~Z>>3$zr16YL9kP`oDKa{~#*JRk&63T^x_jAZM!R~>S?Ww7`qUwip@gO{!uEl?NE3Y^7TJks8z$u)pWyQ&AYQx8AotE+FRpnt8u z3bcSR7;8Bqc+dlnAH3(6KUQPH&`yW4o{big&(Z}=t6s{Gk0}KhzYhk?wU=LhBZBRX zFy5*5+rRVsZE`w-YXrlQ@fgqacylK4em$s z`&;(`gRi48-Wc=J^3__sz{~ zF~RU)S>FF1nro9D*2oVY#N?($FplxBMBl^B)9T^Gf-cT!YRXT*E(dSBH^be3;zaIT z9XQxMwC8F1{F+WURS&FqLY(9E@d7Vv7clMIn1JZ9(T z6@a^X_`~5XHt)LS^d`I&sCj1Nfxu?G>g~je7OkBw(|KUBOOIWfc$CcmKCk?nHf6Kg z&~^Tc9kG$VJ-Rl*F8je}Z43H+^z%P@zz;S==E1M!;JK%by?Qaf-otmDi?TCuJl$sI zUv5`!{G#nY(D61xYy?pc!>+dB@tCxZTnRhA753nnp77K80g16tCqCcLL%R<;_|9_o zo_KmDhIA7gawuQob(!qVMD*anBl$VZ`Or`Ana4jbm`I-%2t!n7K3HP43o?E`zX6ItE9zl03ChjJJcEG%{)#n|%uXDk&(hg1kBxRa` z7QqlY$}FWan9cyZAVA3J7ze_p5Rx_<^9zT332q?YHAe}zHk7WCYs@oHimX2T$)rKs zQglan%>G>K7tQ6sox@jj71Z^{{0_?CZa2L50`&PUtsCokJ;=+xt2}7yKHp^J*?n+8 zLaTaN9^*C+bQ`~R5GUxGLZv*$W+?TR)9E);O5kEchUSl7(4-q8p#Ry_! zaQV_vII)S*1Cbvi33=INp_5)U2yDUms*cx%TA5GB1Z;Y*_d^E{eQetkEIGmGoNkwv z(g_N>zPQqT8qWkHW+N#>KyHzuULJ!V^^-T(Rsqgk;*l51%Y)y)(cnjZ+AOQ{EuNm1 zx=D<5Hv?_vgkBVMv~|0DYyy;@L9epX=f3ZfS9Za6*rvML$#-N!a4FLsu*HrKgBQAB zOh6q!9ta&8$bqp zZ&(T6IUIg`#I2Z^z&yY2KEm+|zCQ(faIUiP8tXm7kgefgD&x6X?XWwg$# z4+%XRSO3bZkD{?~fEoiRUKW1ss-8M@3@z}$2aH!eA6u}M>Ps_LoGa~W;J6;j8RJ^< z-cn9kP>A+^Ydf?U#uk$aj(5eDoo%G(R}g@EIGmO3tXRRt^eqB%1l?t`Qx94M&JJGCJDmVh}#O8uFTN-M4_1 z3k(8Jq`Zz}$|Y9gOFlK$@ilpn+hUXP%ttvg*KQtoYhkMXtf#0Md zaKy~l$KHoW1*70kFx!2cq2+L1BVDjfgS6!(Kt?e1&rg0jh^wTln_w_v91gq=L33M~+oJ~jY8yWA)*MJJdb#fR98B8Jwnnj1lT8%#Qo|T{;`3p-o z!`N>`-KG4o|3q#>+rsW->)V~(r}2V6s0`=gQ)BeRmv}e?1o+PFI^Z!~>l{?~`8u{t zZ%qh0`h6kD#KA|dO@wmQ?DbL6)BJ)h?2t{+DCoL>m5WTf4FgBjBEb5P_DaYE;H4Eo zoD3K+fS9PHql`Y$O&8X@cJVHbw&l@Ack=Uu;TTtkcP`Lc&3KRwAJI<7%cjsMb^6-* zF8agl+OkXd;8mZ^vOni#SD=m`2MDmCG5IgTU+7y*@PZ{J`uu%u z!K$EkH451BU`4xfG}7^mbIYrj1Islg6?(BJj(ad5g0Qb=@$YQOIq3{qvzTp!Z=d`RJH3uS;a9p9D8U25q|oIMRqVsY>jHJFJ|_;G zbGUsa5+LA~N15b1ul}lC|0rKwirWtu+R3Xjif%m4H{vX)>y7yx)Yvv3<7S{Qedcd! z11G%l&@L67agr-2Pn$9x_iU;hI5Jpu$zv@D1zu2N1nN|({(z(4SF>REVBLR(qwrO` zqOX!V+B5PBu2tq7z~NeZG}br^Z=d%PP>y!>0*8Wx-i9uC_Z zT8Klu$Q9_&%{Dp_6R_o2{l?7NJCS{Zc45H-D&7bclPnJ}4b4W|`8FN~HX>l=Rv?-@ zw1Ae-m0ZzwJ1Gfh>CIH}!g#zD%2SL!O1@;JnyX0lLoQ3P;vB6lQ{&?FqaeIUZpj*B zS33Z&;worbSa9Fly&!xSWFx3W;G3SF%6mysGr5v4%~%#Z>`uVk^<$MQctIZ|#mW9(6PX5Oa>eeG&0`J&uv+<3jA$BMV>$5@g@`Dby? z8_sToF8g{=@Q*{(i9i|k+%p^H(E?HzWQPMPcCZzqy-eq4pt{pglc3WRZf>ICiN!m;Zi%m`dx=@2~V!qPvvaln<}6YFE%d|ENKbjqo37A-ENMp@%UM&IM?YRoq8m-lk|*LxflJMGzf$ z(ec4#_44w~wzv{2-iXfmdB+T9T8I4yKLlAr&EbX)n`omT{R9P#e7v#p6#hM=hmWbN zVTX85kE}##M%0dWW9`=U*)}_Oy&XCy7yx^cnsBkj6CNL3eMV!naK;5)aYLlNZjGhV^NMTlax8G(}F3|JmK>iCgHZKk>+&~`eWtLgEn zkfm9CIKD78ww`oFcdNrucXT$e!y!0EAMxKRjc#<~uL-8WVT(NEz3Rz%4mI>#(DSfQ z^v#I#zEs=S7M6nttAaee4*K)+dR_3c@HJFpkTRx4M)nzF7Q_W2JT*DstMI#<=?6ta zv3l?#h!qp;kv2YT3oim)T=@*)=zvFpR&J4ZjZ&x6rk6OIx$flyw)Zl?8hc;}!L4v& zYs;LV$*7~O{BF0UO;0*L(@D)eRnB3OEe5;atd2=W65d_KAF1%84z4b3KhT0Y1`RPr zld!sX4@?Y#fkDT>rh^C0`KFqfX1y3w*=pYooUdQg3+Ot0a8!ABpT6_0%F9+k_3?2) zOot-K#st?JnnF+9AGhT@9FyI#AS-`P8}*XJpxrlVmshSf-=9rbIntKr_k=vzaFqMa zZOBlN^-!MR4T9~#`=yw?S_}lQW8%9oKNtFKr&67c|5n4D&X~}IZbizc^7)OxNQU)L z-O7@u7$Tg`m>9PfbI%Uo7^Rm2tr*qmfWK^Ebu|`)3-r{tZcTd778GzTQOD3q<#S_7 zV}FQQfFAD_G$r)}M03yx?JLMeAnX!2B%3)>cq*yeuUEKT>+?>1Rei@&TC{0s;fXODe9yp`Uz(|l8!=;>cQOw%G#s-GB&=EqE&pdp%c<)u-Tms335~vHS81x}x1`tYTxFlXH-IY?2jICyG0`R+>5)LoqRtr>rY~?|&Wc_e*GauN33nBpHXv zq#mI<^Z&O19Ru6I0=XbstUD!)sfF9^0K1;*zAqOq{w@alsWU0Zx}JHo<6qOJbf zq8$r;7z@2}8z|d_P5FQUeI1Vp89R|rAEI>}gED=FpNxxq1KRYyPF~uX1 zdX7Qm7PdhK7(-;o;>kD$d2Av&N?Ga9K%@cWiZ)LIS>O3>6{?N)TZIqW=Kbn_5WIJW z?epSJfUF{^JKvnXt&DLaY#j3k!SV4!-$@khopHTO3|S@qtUdWFOB+@|>(iwTz!@jm zrLJs%cP(uO+7*^MR{eoXS??q+U2sNs!q-8{Dynq-YqK$dGFJ5>U}t}fUYo(#234!K zwYNez@1xIfgFB-zw|QD}O+G59;b&1(79h&~Np>c3cM|tseTI=DLi) z#v|zC?dNY+_x<4AwB;B!%m1)2AZrIOC#>-^Cx!i9dgp7b*^G+!&U4mjj37ieyXaFW z`^T7)#owj%?(D>vY|6+?HUnd4Q>BIPhR~GsYtH>CdN$I!S^LTh&TOn+kOkeSZilYz z?LH%}2h}#~Z6laOCGGJif_=A=vNGC*UHEvQg6;dmRuufh!qzA$7*MpmMjtzTkO^5% z7CvF{LB`p+{cyf_d$>Ugl)YaL-F3)y*kJc%^8v`~=hykhV?kY8({}6HPn;SgJ9e7r zfpB|ZXK^jix@T&;u^wRBg!gl!hNer?D+t(L? z*5U4sx#FMWPH{K*j?C#j{|ZGbE{4*oaRoO`PPHV<_7jjf!#p+(ZU)BcZ!^~m2BBa z^|(=Xo5(V^P&cbz=e9uuYu+#aq`_w6x|^`h_da;_>{_4|U}boZ@h}<2nC>8RNfq;c&eF*^&}4Yt2F zfi~)Qo5wpK+hE~NYE06-*1=}-l6QyvwEzn?o(IyE4OKo-uyK5M5$@mzydHQh(C$7A zwF@6VRG@u-NOgXDbU?+4q>E0oAylsuY6CLa%d?ZA_oALF&fef@xWLVkm!Y+K|zz9MI zx3{9rzdHj-%XZ-12KGsSUzZi_w#OOujk40+1e9djK{oQ@wX%Ib*qk$)x9sW;RTWEjvih4#Mt=b~A`T8`X{W zZjU%MC6FdHJHgICT$Z#Y^ie-)NqFy8YcvZSy;h$L*fK{x1mMZ-e7P;q%Akm!WJB78 zPda=QhOkrcZUftePd4nNHkPLBgvKP@@n=)oH|!sLMw3`Lox~})t_CXsDQ90K8brbO>Gf4STACK#L2us^)C%?Y(18*Oc z)kg;4(nfNw3@z19pN`FFx*MP`a3}m#4yw*Z8l6kd`*rGk$xF6_7sWeu<$*pA3i{{j zR(~ZQ*I*;hLH}CXh`Vrs;<*HuG6`+<&Sd$ZzD!j4UXViezAm)(Nw<)7=@XpwuIz&P zfP)vjm)=x)(W%CIi@~^*#W}oHugcWV7sdzBxf%;vi;nK25VzMwi;q}$s#yYlfdK$9SXOfULx& zzAqW&SDo7WJLfk8b#L#lqr39x=SE$sHfub_!+|c!FFPn)g}drk`)b#(C*QaXi0$_K z&JwtSC+j2bp!*`wQkxiG|1wj@*PtuTwOtH{!Q02N(@_0x?9Vki`m{Ok^R+;} zv2m3BF&0$)l1rsN?mleHb6$N*Ro=%{GINfO&2T$MpE}B`PLY$M7f z-!=_N=F#=yGM^VXvaYhw(Wt)!$DmDzqiZ91f3Uhqv!GCEK-W;ziPcp&{wnM8jbSeZNl{JRat0^qLk=@UPcIah|36xLwO{aGEF@vc6^Zj91KP^bFSzQ5Y*kFEMF&_*i3 zqXn(SEBU^M>9^GC;k7q~_4%wG+I`)9PmU zKDX9=+A6Z*pINqX(}C2LNb1fnSiQydp#K8>>lfalp9c5{vwqA@%|44ef_citx3dC# zMWy;LC>=EGH|uqdAMp5cPZVdrQt`q$y6aoauKiBk7`&EEpGCKN=q;Xt(jj&53eWcM z-=F>J9~fu7;!Qamz;%rs4)sgsC2#fB)28y!q@HWwI>$Mn-+7h&s>4#~O08C`NJo6C zCBR3;yDu4ayDi0gUzv%@QG?^{Ryrnbct@`J3C&1kArv~N8+1~8KsPC-YYERQe7laHov|@r0b7^NXy`5-U6WGasEH!b&WctA6Gb?!=J zfsJ#3BXQa8iF5zdtu_lmqkwFy4QfV_*rTofa^)Jd3F^7U7uV$sv>OZDHD36P10BW~ z9VUKx>P}8fCV!$Jal_T;O+SDtL$7*{1?u+sQss^kp6jn46hS`^j_O~k^U9Z;!;daB zmhF{X;6tl(;JWC5%XyXksso2?%huMRZ_=7%fy@hiq)R4xbkMo)$9A7m>-eV~Ju7a> zhr^1!|3;ee7KInXQeVw-92u@2Qzc|mPOmrdKwUWs!LT&0tby0)(u zV|AUn9jU&(EQrWmR6@JI6103Oy%I4&)>vKm#H|D{&kKKOp^Dst+9TL7ukV_|^lbywbS>b)`O3UZs+UbNnxQ zLG}G>55WeU2&oQ~h+Jawk@BTCU7*Y$7V->cMiL0a59BrZSp9@e+x3Y2)DyVW8>AtV zJ%LZ~f+J)z6tZy~4*5#U(eYCB8=4wa(7Vv1LFzOauCSXpOB{hW{)8^lVKx=Gf`)Dq zz=ld^qgK}K%GubMy`JqD^<~5?Hr~^;pp_FTGQz>>gBodR&1i?K9dr zFPx>bK$&Y$I17K}^-~{`o@CF!2M+Rqer*l21xb1CLd0?HT3=C@kCB&lmpp_NmJXxq z{y4#HPaPM+n%x_GXt0j0r-v=wt#_ij#S+~Z;CGMYqqT4l4Z%FXom;LLmN7j75%`qzLZz{q7TpqbtIrq z<1_Z@>24;gjX*mW{K>JRCGvCS8OE+o%6fn==^E5oh#5Q7>g0F^yh2O$>4>H@;z;_= zm2I@ahpJ=Dj%KvAMFfNGKxOcQq&L#7TeH~@yg3sNe9k53#-cAYYmZObUAlBB%N}{; zku_XW$r%lFN`I1e=q!0FzkdCCp35(L1&%e2x~>G2p~-5(R-X3yRgUIrUv2v5zYee% z!Bh|xw5$M)+ciB~Tm6L0Z7Et6@=0_659xs2qVciLHo(GSxAQh;YvG3sN-j-_F$d*Q-`M5rF8dEmf-Ov(^ZQ1=_*k*_cPI2Sw( z6l395=2{ts!v)F_NZL}8V%T5^*;dk49>!D|Plz*jUb693CUrP+H2HW0C!j98 zXp)a6b@fLv9)JAt#DkAThk6GO9&9I0oET8B&hHv09tiTr;sX_>A84Q#`YT;97P2JY z+R6%43G&RE17X&C`<-`^_T!-+@JvokQs-Pb2!#4mzkAxUlly$|5Ix3e9NmKqVQBFW ze`?(F^f57@3k~kqE<_u&3gYnSi-VmFyw`$PU~f3rBZrT)nc%5=TX=B#^y%aY{%P-i z7bol*9-!ZMVoYzp{dV^Km9Kmy`Cg8v0AjI}QjCX@vUUeJi@oyUuY{Y$(WNNYHezF&Pxl%6kLTJ%8K*x#zYzW1TKm!(InoQd zMwXez#@l2Zr>6GAHGQB{c7`G_j`B}*(5;V{CBHtsAU(>d9o<4%ocWprFd?n>YgLAe6kF9yU zsa>e5V}jyV5d3JWet^ly%^Nq{)oWMV-jHqjwy>YtPG+ZYI$jSydFkTicHe#Xr9IVR zv+Vv|D_V_y{_~%=^XJc}QU2y{{${&)@nU=7g%{eZufE#;@DKm6J@(jRDd?A8dMODL z1TYE%AAR)EBoZzFJ!ZHzVAlo&IPvG6doFQtNWc5LzngR*l5jEDb+s!e0hi>wkGr58 zmG*<-B@}b-CiKSzjLo^RnXquC_=k_^KX>k2PFU~@n8-Z!)KfXhFrI4n#v5;>bA+FO zzwm`GqyXUn6pewu`R1D`2SJdMl7;pRP#u9rKAQB6ulVg6PWTuC+2Rj_wXbKhQ>Wf;ue|a~+715D zJrfLu#`xGwXXxESXk=kU3u9aDfnp2fil6ie-vqUV zh3+|vqhZ5GkH*S2ShN@js55pEmm|&%R4dwdN4v6of90#k)z2-gx2r5hZ7=)|d$ zry{4dH{N`s9XfcZ9X@h6bpz0YsmZCdlj&&>;{`pjs0@*I_@Yk4)|ixL_3S76j)KuR zUxdT8wUK{vFkJRqN4fbW0*`{}Fx_>cd%J@d>n z>8t3O81S>7{j9whHvV7!m;YssgU<6s{KfI(#}hXw9W321U6torKB)Y@-W!cP38FIQ^6`(M#FjHyHh4D7t0@Yr&*CB3z4qE`Sy!HGicXmXHuUO?9{l1Lzeq(l+eDju zIMJc5U||yW)1Uq{%jKIz(iin=vYSla{1cr1xBu;bOGiMz9)J9aoH%g8c!-|@Ek4m<`T8T9{;HK6@LxUh zF*fxa(W_j)=~P2L@EW^(JeAO^5B2G`JmnHx_=5KWgF5Q74`ZYwWc#U4eJXWJow6-Z zc30Ox`A*o-y$Avfmwj_~wY_utOnc+4Q|)Zn>cnI?+ok1@$vbT*oUx!Z8_`(a)Sl^( z zu~LiZALQo5;nwVOOazAFxDWw-sf|xYL5Ni_z7aw7W)LtR`PvOdv_+@uD_5_ynb4i3 zSm~9oE1jWpbqz`nl?hmM^RNEuuiC%;xBoU{gkUAnPjTfh{^Bp%Km5Z#v~PUl8)%af+|N9mpc0JI3>s#My|KeZ# zizI^cG=t;ht!xAY1LtG}UXDQ-0w5J65Upd#fB3^6w%1>OJ=>V2m_1_{1{22jzW2R! z&YZ7ugj)%j*{jRZb1s}2$Acz=DJF6*2FwX@a&W2N4fy4xS6%JUirHYNoJ0i-$8u2m zLOU7-sV{x$OG&%n^~EoKF=uKNz!)i<2QceH?m*#jgzeCi|gVSAQpHSdz@q$r=!m|UVo##{m$EMer`V7n+fj=oEO6B z(Jzw{^u8SZ&4$cp!;oA9_nhbio(sy*{~&a;R-T?DW~k)zV(1VWUwuX0>urw-LG*_X z^jR6-4EeqO#_OTqKT7!;8{Iz`D+)5umprRPycfXqg^y%Q#>Rj@Xi^`~tc>(+EP@}q zP^Ts|#as2XQ;#judG+Z4d7;I4*d8Y#kr|njGg?f5;8#X&Cb!z5%b4htW9cy<8+ny} z)xp$)E4H>-S{-WFZp>x?8y%ZyPe1c)1h4}Ue9wlC?2URcnF~j~XYalY!ZQ)PUU=!1 z2+9}QrOQ{^#YiKgyiI*d*#*F+v#`C1nG|+e)9vc@ z+4f@8ldfF3mcegj#p-da#o{?u(4!%%y`dj=y7q_cuZCXPF?pgr^zb90^F!^eQ*XD^ zXD{Ru_RU!NUcYgx?cH}M`WtDlzj?C#d z(pLGYD}ndT@FCxialI6A2;T9afuBAd_9#yMN1FLF;$E{q6L{RiysGGnJ8loBX62IDW@7z3rST2z-zBucIh{FD|C$%LX+ z@Ws2o`J2DV;LTa8kG7Jj0E{*?o0wD?r|;aPNuL6RYxVG1UH#!P8tIDhFcAFKm-^~S z#-pvtgJhiQ7`HyG8u0~A+s5*&JoQa)4uoU-LQDeiflk43DEh>k)W^tU80RmXZ|6hd z?FL*9UG#9m%-IqbDc7klSjbw&v{Qnq6hL8EMR6d#6+B@P@ooP4-918lz#;0;+x)^j>P2ZYZY?IUbbCPf>g63NhL{FVQ9|8Dc(0aYC z2JKgG%(ORx26U-&F8aB6`Fa}-ybCeYkoVeKZ@0J4oNs5&Uu>_vaWW?rd-v^4+oR+B zM+MwI(5JEkwlC3bF@(<5VvcWugRQ_x7sUd$APAdG^J8=u)NL6y$0o!CcE`5VrRVU& zMgPSdwqnAroZXwKyYKpZGitMp4&UCKX$wXbtd$AY7-uCdU%)VPQO=>j%~7ID zP$ek1F_+^sxC%%F(pQ3y!kJ)tG2XZ-7lq?oDMKlr6+{I&AYVH{2<^)78vT-dIE+Cm z$4&{zsuUFe)KiWRW>)w|G1cMFId?ef{s&p013&TDxjZvANA(4IG!%XCRnpw0-FAf->lTO@%{+j(wU&`l~~2jg|m~inTfXaN?_Ion618U zbsYiwfd?K8-rXPcujIXByai-teA?ho$rzs`dCH6#2&l%0zw}vKdQYBgM4(kprus0> zl7)olCR%`u@tF;gap?*jP{!HN54$IJ1=uC~AcLY8IM%uLpss(Nz|d{ux<6|5=C;Pg zSf!pne=hyqp6NZQ_nsoQ?RY)(>-?pQ?aaBenXb>=j9?cN=PQ@ml^fS17+-A{uU?5D zHr|dNKh_Q(JJPO1-u%)+{%-ZbhaPO#ZeEYz7L&Ql7u)DWEKufW+v#&>BCvJ)% zE@)aE3R{Y_4020TWvvYy>Y&#XUbM5A>Hab4pjvNcW zJ2f3E+Sv@CZ$v;fQ5YVZY{!m2(DofT660EKCr^c+J%71fzZnzfx$p~NGwhD;vAxo5 zKC1MjY{oUemNp)VJ7sbRm%A1V_%m(kIh*DC1yczw!B{;<_1F)9lkX9@wPQbS zal*%r1z7oKBY1n5%zgE%F$qc=zi~6{;n@hb52o)h>6U`IA>aM!XYRlMf#~x@1lwcn zNCaHA&+ifh`=Kl7tKZVfLyPeiWT5RoiPb%wxg4{W>2@Rte*XFA!l=(jCr5Job7t1| z=PT_>5H9#0I4}q#OI9Y`iw}<9cRU9wS#8F|*Kz=a;|(17PAJ?JpLdRT+}4_yuKdN_jWRQOVXb8K>=9X)Yh~CtLkHXa4?f&ZJb0j;c;KN}+3szZuf;;;;-$7SG!pp_w?`kpuRZk0<89x; zBT;siq7J>ph~CNDEno{Y>Pjk^XiBd zCX#T{uWBb7me~^#1KM(`lAIfnff*gak zg5?Y{s6?O^oOJ>yB}P`lFavfpDD^O6qsSl4C4*T z-~UJs!Q?(@b2p(JP$^hH&$aPTAP%e&gRK?0F&mR>N~euF@+cS{;SZ(4EA=G& zQ%4Xt@xWV-le5O3;v-rp8JXEehUcqa{b~kLd=iue&)@l--^m9N@ET3%;LKfr`O9C< zzzZ)$$5UH5g0KFK-FWGPz64YE{sat(!s|odln^*dc%uzEi3T1|{0Z77Oa~4eOv5oD z_~IA8l;u`+f}Dq>+#7Lk8GdD+%0xe0cw}OCGiLF(A}KQ_<=m$r&1pRO}Nmwxg6gUPdu6YBPV@Tu)-hx=2lh6$T&+U$QGZB z8;{jhMkmOc-b;9jPP{2+0Y5owFO^-<4@dpTFaH0*AN)byCnq=g`a>suF`*KawW+|W z&q@Hjzph~I5p3xqSMb9VwtAbM`^MKIpgk0;$B8x@bymWw@|S+-$}wvv*~Q7lO)O}RMeu#((TCd?zVwCm zm9Ks&pMH<{7{R=w%LB6BG9`IcB0s$-@W!0UDwo`l9pcUxSO_TeZSP(ya6d5&e{*&w zCXd&0D_Gv)BN6=f?vJs|<`%a5%O1Kqa^!fFPv%2i?kO8&K5csk-RS4jE%wGoNOW9Y zExh<7x{o$MAL((@ALYu}7aZ(~o$-Nm)v;`g{^Gm(CiU>>%TZk`;IDn{Ywb_}^iR_V z3GjTchoi{ON|uihx6me;n5RGk_!2%zUxKQ>;dd?{{b^r;2mR<^=Y6;>(5jFFkC~Ui z<~M@wQSFZ<^urPH4@N+P&=Z+%24ez8z~J|V5ch^-uz!DFtY~#E!G}@WaqNuV;4zJ( zX7uU^mYleH9FCwv5S$HXZ&raO*XnYta1jbd3iwtK`an}TG(y-(Ksy?YsS>C>JTL)3 zw-tyn8kb-}SXO^%6u69;Fe!ufl!ntaCha&$0Y>5|jn_Dhoec1WlITyMvLYfQ0T?YD zzxw*1r0_8Sj@q?4`W74=Ic9j&fd>r|3a7y@~ zf3%{pf+0Ng&&(Pvb^#<45Qc|G>f=YrQvdLnb(0O?K#UPi{n1hV;|rcyF|!Liv-%`E zyiL0cnqBApqDa~l|L_2P_+$L|hjuiTUKkhMu`)LvIN{d5Xe;^vUKUi|uLBr0$H-L< z$FRrZ&)z)~?V%IL+e5MXeBi!A?f9YL7Flg90-N%wv5|K4(19pB)(*r zx5KwwI@iXc-J=iO*FN>w!|lGq2ip9tSV5k9r`^1IsZETmwkIA5e-ioA<0CmPFX6Dl zFWu7Fj^w$oR zdTflps+DCwHo&V58*y6&ZnnhcBzW~Nc9o53t50~@Dqq2dYn;l|(GG57D9ERd!;IQD zzxl29t#5s^V-i)1qYgMP52BbM9}Gqqq za6|^m(Fp*El*b`*8k`ZF22erRks$p35@R?AjN~XWzZ{JfjeHKyOofwC|F?eYw{qYc zm7%UT=6_h|J0rLWgyRLZBE$pEQ~=`ufB*M?Kj}p~z7R5+1ya1G6x!Nu5hy8yw#JR$ zwW`rKg_4J-@CiPyZKqHMIMvl2p9=KjX;gWX9pCI2kb$4oP+GDSWYFT8G7B)2o05^I z@sg!6`|T_FRiDPKZ7Cpn%CQ>@g;x*Xl+io#wvt7E?O4Dq8G~~5;Xo^1sH45{Tlu4# zzGzPu^+7kJ(hYPQlRiy=st&ryrt}mpdMD7rsl7VtJ4$$oHc30dnEvV?E_LObB;X(U z*k;!^Ug0Ynz-zxN*N5@qnZEG}kLeD3A@`abpbL%qaDSJssIMN!p+6G6~s!0_` zqMdv^F&5xl+AR3~>OzdyFk{Fo%dO4N#!56+pL=3edLkAP2lh`!aCJ+emv(N1%wd2V!CLl~_67A2j&- z(Am@PByGd1%Ta%S`}}90ZF}i?1mwve;Gz4&hfT-oaiAlmADe-Eb=VhQ?V5hlIkw>1 zLPId*L+GAs`P$HTiGH$g_ED=;_1OS_<;bt_uY7{Ke3^VZoci>TlnEw!_*lQ?Wn1jj zlf`U;U0L~}2VSye6MUh7t6%k$Y0D&mx>a&g?1~@r*1Vq5G z8Jlb4;4~=*exL5#C*gxU?cq@mFW|>3 zWi`9RCpgqA9P%adlt;PIMG4VBp5y=zdCN0qV=`{-94R_lfc_+PobLHBRJDoQ!eQ_}4>ZwH69EmMnG)QpjhmO+?*T$l|n& z$yXQd5?DEA`PI%5tx^dAW0X1XLn%fbKMa&W%lVbFDo5qon2KL$?(;w$^c8;#;2>yt zI9SKR4NCCES8Z!NRTqAFc%WQcwCJxCDNsi{ zbSXn~)hj%X1@a|Oe68!E7f^2b_y;$T`Q~c(rZv-lnQsI`b zZRM2{la#}Q7Ij<~@9{@lPQYs0wlZV2ZEU5lJvz`@^vSDh;2aM40o(v?w8%Fm{nk-i zJXEfpymb6QH+*nN@VZv6-@;XW7q6sWRWQa5LMKAqq!2>{*iMI(3PAM|3I5TO$xE?f zBs+X_6BTdO^*X~nv65Zz5L2uYy#yh@3>7RK63L@+@igm489DJOY+ms86B2mI0e#BJ zi=PF4hT=H_eF66x%>YIsZ(=+q-Sg`{hAA=a#UMx?yb%`j34J?~CJ&2?%lQ_l(wouI z$cqVpk7-QUHV&GtZmnq1tzKUz;H^ZL@TK&%^t-N=(@En&i?KPvr>-)1>bmq<`_fNs z%0~e01y3^Q#=QQq0t+730(jwqmrvlk)T^-+ztyWgl+`4^aMxIiPW7c4H#ufm{0SKo z_(;1ob2AxOgsV)kqGl=r5{eKxUM}q#QItXlDy9H62vA;a5L}Ffy9S^gGT;G)6JVGm z4>RD_R#K-Jt`6K4WR>?B*oUI0jvod#I=^yeCA3PQ#*c2}0BMv#ziWJPF2TXz;H@AH zlE(qYr>%C%IrzTt)z_YK)eKO-^0h-t;f2dM;F9Dim+xFX=kV&IXjE3TNQJ*r(F&AF zKwJIbg?7%XTs!nRFP_39p{e+)UCFijhEE-Umqlw$hU66#&KgTW(NIUATwVPDbUCj) zNnPX6XCFt=E$QEi*X&%rAZw?n_@Ryb(gSTAYs|){Z+L;a+7-C2vB-B_=Vc$tix1A> zgWI`sZQ!pyE6K0(UsWjH0fEd@rudK_4v1jtsnq&~h6jT@01B)O<=f89k6T2Zm91|j z!|CT_oTuMvhGw)Sbwal6s(YVs_qH!Dt`7#MKIzvBRXok=Cq!fdm%!WCfpv=GJn)bq zUmml7tZy5c%<@Y@8R5IS4%+&@tQWl)8@ztrY3wCy{bl_)R~AUKrS?@v>O<*W_CL@Y zfM)0Py689V8c(&WdRDc@Lw~I{3zXrJGJcCbS0DIR6Yy%|Ts`^fnrNb}{Gk5itH)OW z*XWXG!9!MjsCH$S+Li6=x2~0?-o*KuKaM}axh~Mo&dp?jU`t`VFIHz7L8j9>=1bRu z7)*eIGEpo7B`8b)>euQPfd*U-9v(@)>%Ie!kI-Vec0hkcd@;KmseHH#ue#c9gv#5j zY`c)`8-PCR8gBG~KL6xN&gGSo$TP+gSb=(=l(F!uubm{na61+b=adOws()pm@aj`L zyy`1_Uw+D}Z}?op-l+=Zj`0e+wiE`3#dZP4HvttM3^f1tfK z=mk|Dz^@GN3t#mGk23A?L%F29ctW3RZ0hyFb>XPV4S)mvQqjxc%QgzC?|#2!*k$<6 z0o;;2cx!xBZtQUB0}fEQ>se|T=SNY2`>?GQ%!NSxa#^whFost+G=2N~1@XP@u%p!=jel$3iy3hCZKmHJUxF|4 zYKyz#6Fi{CQuv)0zm3JQd`xn@8rr%LWP#r@QjQdGC`B;|6ygF(l?-zc&1*nXC&YCq z9951WM+0^wU&pGAd{D9lRZn@z z0Td1nz_u~jsAFu}!cl!y--TZtb%A5Q@8VCL7w`3DoQ2=9k6$XBpvEdyAN}%QC$K{8 zzI4;sM(VsEm!%>9(19!qUUfk+K1G-Pb&!4dlRyX63Asn=j^WUw9G&uP^LqG6idjS67p^kNwMA~04aF)f)Cqka zs{JR&qiJAx2-ZdM_=h~`G(R%d|*TBsRLZACvT&DtD`NQ zPaY0vAVc}`1X}h`?VYQqZPB5xQ5R;sJ^7aSCBQ<2#rQ66alpoA{)m- zE~PS5+xTw_BrcLbLNDc%3V-3)2*m*XcI~@WjyxbQ`yABk*TIyUZ77GMpz3`TP<)X< z@vz2=j-o|g@ur|ZKA^6=&2Us%<(16jY42$4MMKrAW0e8*OEI-8{MyN@RQYtGkF)3~ z8k8A_vVyA9$Ej|=J&;#Hsh?kcS9`~e_=_$$HtL6?I*tH+>I3=xzLaTGvZ(7imq4|t zaX3n#+SGW;;H!W6>bRDV-lDnaDg6CB?fT_+s$Z$-b*`-==+_7R{NmNGJ0vgYn!p%= z(nCWX1h106biMO~`6)#sd#Gghln(gZQ#xL4t6in?k@9PGt8Tw9=Y^}<_s`4TL2ezd29tfYe`&d!eNzBW%-Mo)W7!X; zy(I(Uz>>ms?i-zP7R-+h0;$hM`SGvqV>jrtgQ#CjD&{zs4-#j9eD#XJDzANXvx;&| z#Q@;C2IL%$s%LdnPO=ZxwvHbLivGe?V?=ZHtxnYgH9PAIquTUotug?A%4UFv@U;QT z@zmJV0ptpA;Z|22`6f=qx5_Ww zD4f*?o=CM-t)4oiWBoA#__b56zWl;j0Jl_afVu^h54XO_qHt87^7W-IKGl|X(OWbq zhg-W!`c?-XZL5x1I6T!?=~$K5SV3R+3ul3LKv}f~)fQC!>g(45`aH@}$Dfo<{8Kg` z{;hixP-lw(53OuHge0FX2$~*J(uUuH3ud^w?P&TH@(MZNx#wW$0{OyW(V%Y81Amd0 zvK+_@)Hd*Kkd-6F|E2WFo!_wK8Z!rq+kAW@14yJK4w3ZMj#A*{`{Pen25Jz4`@i5e ze%(P&)Uo9ZjJ51keMdHe4rTPW^tF$#`cbY8DBV@IvA#O$O88nh`=Aax&|d$bUq>1I z5>QVY2|l1s*)S+Nizcu}WBgeaV8=$sLm=HJh!m)xvZv*|{ld&`Bd811ladk9b|iv! zbuPa;b}Za|kXM7Kehc7K-e;EUKJ@dYy4H3hKCton!$8rpkp`*Xchv*NDZdh^Hg#Rl zzb<|QxC^H`)xMx`Z-x_8{i;`apnoluysEs8rEpcR`U6!4>pGk=R3m~8)P8B< zm^=>|mEWS51?x12Z2ilXV*JaMtQ8o2>1?MPT1Q3pSwlrjSD3JITqx~JJXhL5tM>U| ztNMa`y7p0RqDpkrHxSd$~OBTA5^=#E}TI7KE0duQRB@(yBvYmkENHE)_;=mF4zRgogjvl zf42%Xh+X*Afii@x0;Tr9Be1 zMvYoQyDi);wGbro@8J6VpbNBHw!S1`>y)DeZ?+1*?!LVi0JlALYzuiaP-UwOQ)|U9 zy|)3P{&pSnE_}4GRrwd}v_sy7UD!$B3G=6}-DSc?jm~Qo;w0~N_Tas=Uz6=w)7GKu zHy!(X(r_DW%T~8jcl+>3_A{F;7H(V7u1268jzGI|hd{e6SmV>Z!+>4*@bFP6^mdKx zlL+_P1Y|or|8=1qR*Bo(tcQ)5Zo7^Kcj`%g;*OKe@ZJs3N2RU8cIs{ywrkVd)vjHTp>UGDHo4pD*d5j(@{{gJRkm3jc^&SMYgQN_ zd@sm)@4|LRP?P03+T?vdNP4!)^ZeV@-3mn?#HO{`Ngdcp*v#j77|wVy(4Iekw%vE% z{q5YjGlSyWVLJoDqwYa~LB5UeSRM0-FU|?`}4p-5aC3unW7e3%jrjI|#X=y?ps%J96Y$yL9QoAp3R@ zk+(X_FgqUh*!VW)JzK@S3m+eBch_ONTb{c*usQ7HZV#UC5%-zFK z>-5xF9((HQ+Upc=EAKOp5S6;0@w`9OR`gc3q(3O!D?0E& zU^7~3MVo=vJC65EO}Cj@Uw+sGqN2)MgOuEDiuiu8Q;uX8?jDfQcI32meOZSO(&kqg zJ}SGoSNOi&@$MMiK?l^`uU&7aDX*feavi(0zExYtKGc@7!YC?fWelYI^O!wJNa(+=RMnH@GgAxu$dCQ7wpRO?!ZpZ*f+bc z^l`y<#=7G^BXIXMzTeYry;h~ZecZ`ZM1<%PUK5bYv`F!MGXZ&Gju0sOoK<0Ss)r4Bmy07Cy;aI`gf4Hs&{*6}=mbb8xyv81hQoEp7+H zyMy@j89eJA7TXALc-N=)??ppL>ssBoO#Ewd8SrWVHMSsNjdy*> z%P1&*x(+JyT3xA|sSV2W@8;0Qy$KuM6Yf;KFV6z~_~tSFsQl`CW4%r;oBxDmqptM9 zb-#_epy~s4q~wpR4Q&d@%16Tcd?Y(KtDkzWY+lo&tkpsFQ}5Ni6V!MH#N1}bechDx zUU>R|_IxKV+7p+V`#Qh+IQ0o`&)XcTPC@aZkJor=Ot;g2dp~y{;E!?VBT<9CN+Qws zdjDiL09i#(S3H1To_2ZZ7%BB(09n=>&!CUY%hL_z?*-d^%4&!BXb5=K`Lyo5W?qdZk7u;!Qg2Mkb; z0s5>{F)S4_$J!e_=2EJ`z}J{P5J3HQ%GX9T^&taaADNn*$~O8{o{WxvD}$G-yY55L zRAt@oc{`!h%f01E^6EEO^(78fC3=wTry~gaYu(*&s&98|J01xv^Hog-X`RXq%4!(ra zT}9ol zEnW5nlgUZnpN+hz>_g$cc13USp8WI)-}rd<4dH_N@Ob_9B^ zarbSj8`I`nb$18QO{+rx2R^Zzh;|=NVHfE1={)1b>#j~WZuG00Z3aGWbvdxnu^eOf zm=*hV9T{um&ucyB7z3a7eKuzKR$)7Jw*o;3S_fC}2Yds5ksnBV33-y6kH^zfx@Amw zSMuy8rk%cPqmCmTsJzb3)^(+?J78z^W9v|K-4?U98bTV0&!B&7jK_AeEaluov0Yxt;I@AL-rmA0M<@`ZZ zS<6=sk8`|nEgy8WcTiIF#}BS9nXB>DtQ@$=}(rlEqeQqxZ>E!An=7u$$%4z z!YubCm^$C+bkWdO!Q^U2FK9^{{a?hp8z{r7OGgO~H6lRo99%%p~sgwLnW zN=7v%BSAmsnmRx~0#WfzeTi+A4B*-b@+9;*YTvKh=V71by9+s*__rK3S(BHJhpa}R zC8xECZj8%ESxV-e&fTsD$RmD^a6%=D^l z0h~D?G!CwdX2*hlUeXaX>8q5yUw5leZQ$w)y&(I_K352oB6@Ku2>+)75L=oJ82n=RTrIO?}Doq>MjKDtA5EfSF3PF8??zot51TdzZC6U zulLjOFaB>EGEnMk0C2)zdgz+d$ET!g(1|wm))<^ij5`fF>g0+y&~~fyf$qgoDx*!_ zC*8Lb-oM^h2FSof$hh$=PGVAmkL%+o{-~!f0GF}hYwCF%*+n{^0jR6({QO+z>#Jxr zHmRV-lsXaRiy$}_^!uxSI0epH_2T~;z~>r{z$s8W*UmK{m*PoRx5Jyh z!F7P^N&rp$)XxJYpK4S5O`93u0DYW02c7;`KhEc3Vv9bLN;H)o1w~O$i*77&B`eOm zcB!uc=1GzXQ}I!IawdlwKhUr94*w?R3Ed+6e3cDGh9cvUgs@J z#T&dU{(-_*{B*3cj|)0!4?vKco1IM~?1E-Ds4~KwT?e>Y8+eqbvBptK2Omx&Ds)Mk zfl?{A4OWB4EKbq3nk2|CS(Od?D@Fl-J6bx1rNfC-P&gec0ft&mPB|dxnn}rbE!mpr z&#<-%g}a2!h`i&{%)eWOcH1QBkmKmuQC(xu9&e|nCiBQ?TOFZ0@rUz*r`kx`j9RHg z-Bh~3Ly3(+dwAs+sGogtgi($jeUY)1%iP>-;=%{VY#%FGeNBu{WPYH?YpYlRKu}5A z!*M7_uXB0Zh5l;P)*~ErgW-i1rTmSj=n^EPS&A>U@Xc%>ETMZmw{40ks5_t>ZP|zW;6ll+Jpp9Vy zb>x>Y;8G@E9^feZupNPvfZ;6O0Oy6DgUOj~@Jaq?7-l)gF2HpC)l4~83z^gLKzYaS zu6-XkTy;2l4&FqjIL+ByI|f;IPl7m;i0iF*W}mW98I<}tGpaK zo)w+Rg8gcNyP+oE&UpV2$^P(;L56A1iD_Nt-80D)2hskBP)!OMq1tjhD z+)dKfd7WFx0h~Rke%0mRlkP~)(Pf3prqy$s!u?uytqmG#y!z00@j`ukR~NnHn-jUv z)5VZajwb+3*(TbvOE}zjCQbP71UbF|Z}nYAxN@9vUim;>Gy`?s3-^bE=x5oE4ZaQT z6Aol#H%H%7lY3&KGL!Z*IWZY+LQk}eKO|gq%c~KfA0K6wO#3`2-Ck=u$nQg+A0G#V zrXy@{_1<7?##`gy+uiGT-SIT^IZ`bm=u~G<9be=X^v7Mg0grP&pU$QK*`!{<$HBXz zGe=_336Yu3CkQMe(_jZ%Psy~XRt(UtRt{J|x^*+h(A~>Lb4RySw05h>&KbC_l`vlBY6dRyjk0Pd$anV^ zIbJivZgrSkhCkZXsu=&epe#6dj$S_J3rBZvHdeVYLCbCb9O3pMx=R|nJ~|v|h^$WM z;@r6KE9on~#(8d!#j-0( zGI47g#|-Gb@d(=8B(Td%h0a)pczeAZ^YTBq~!0UT>G8sI=fr5Zzrqw^V+ zU$`8LmP!Tk%W)U}odSH3toqSOhMYM*gHHE5y^GpOTk<@Tpj=~(5#>L_Fjn-}xFwJ} zf^T#pD)#x(AO9x}&|dbKvW>jrOX_Q+wK0-^_!8h+e);aivw#!m5oeyySa;Rr?@BcsxQN&4g@h>TMy=Jpwl z!8Nln({W9S(WWnXgr+{j>1N;S!FD?WfrB#WU!O%o;nt7-9bIDy=Xh)8R<78L@4$im zgSsA|;?S%FI=mMyTxfgtOt(Xa4zA7m;09)c9CX*`aykU^nu-;mF;ZIfv(td0P5<)o z4{fzI$yx5-w{LA6%5H^x(Xlu3ldj;6y0f!$*(XPH;J|_CZ$8E})28?ANj}%ZJlg?c z)-OHc-~?@sKDW&S=S0v2N`B;&t1Dv+5G?47z?!lTI_U};(O!euCiW?2`|`6 z$q|PfB{Hb7tA`gLWfSEEmH%-;P?);06-a#x8?K!f_Q6gL>^~6v41XB5Jrmb-1y9)x zUWyr|tHp18!3zoWdB#V9Dpyy+D{bX{Tzo5??gH&R<=qnlo67;b^2#fz(44`84?Wm! z-Mp1f|I(#P?dfNpX-5tpZZ{(6zJ2Oc8bSuK2%g7}9dAdE9Od=an9JcLlPJqzupA&Q z!}zz~emf1{J0Tx`;_zKh z^TQ86)Q%oKmiK2nr!*9GF1J%BPqi~=PN(wSci(;OvBw^d`g_*KX55_9wQJYf>C>mP z?a`x0+P-jf#<_RzbUS?La0KZ?S*G5(bLV0bb-mqp{JwVo{r9JgPo6y4&YeG>+p^Du zY>!7@R>iNs{(8FZr(8-h`Gvc9k?dsKb_Uzf@-@^|-+#ZTVZ;b6~jKxnY9)0A|bnJLv6CN}f7aq%h z_S2uv$sdCYF{RF^;~J11`M?Y0jvPsOl-vj62!6fR-hA`T zcJScAr1wb3fyoK1rLwk7CNqou&WuSCUJ#CHu%$YOo z;-!l*`I&B?{>-P7787MWeg669(*fcO9em=6CsOY4-;7DNqn|9j{@UwV*M#d2|L_mn z;UkBmY&?UDU}}Y|&#NJ;x5KVXyq|gYne4M0kMVZnKv(i1Xf}qT8Mu}TI=&9IQ{i9O zE1t4Zle#MF*T4Hf3x$-Woc!V&|M&9CFSlo({d9XI^v>-jdUGLc=gO6+MA8 zn>g~$+o_*VKKWGEtJ^%rp1g`wHXxNs$YA z`?Ej)vozk<-*}^)499aml!$`A6OR1nKl@pG?)m51p-_4bo`P{^R=*7H#?2eyiqtkyWt5(wCiFp80IYL6b*obwAWywH9Y zeB-1!XA1XnOkxCjoQigWE~6*|ITiGn zdu0T1dxHj2%BlPfvpjV*3KlBif@${{? z-VFIJ#>{ws?znWT`_2%_n*+oXvNoXzb`4S|V|WB+bW1f^F?Q|g4X3V-1kZPar{smt zM}v0-X5d$^UP<15{|7%vUEUMHOK=d#@XD-xE_VUeXXW?~D&XTETHtq1e+4w#%%xX$ zBj7XnQCC}KfR0x}@8A9X-?bnA_$R4f4@D3#CacqzLawid-3o@rVd8b_?Ng~^2V=}+ ztgqY=2!6TWY~peM0}mt)G@;#5IU#$1QUIqD4?Xx`(z9;E-R&D=C!apO${gX*XUUHo z@PMxV;upWja`IrW&ed@&Tsr~o&zg*Q;LxPy$3OmY`-{K$i=c5hX))n42|(kkufEnE zee}`PQ#7GJ?I?Gxx?f1}Whu+hZaV<-)Ghx(-lYSe${hRSl=tz%)`M)psaQERKs%|++0i&)3FH9#e4vLTk4?*w2a0rKEWv-6kP|8dgeZ}4i5Iiux zG8+90Rwfd7`Q(#NX3%`$g%>kuQUZ<$Z>*jeE+;1ltN&K;kn!T-xpQZO=hN-L!2@k7 zcn`X*)y4Kk%n+Y@?zxy{KN90yPJBQ4$xo7>$BrM%$qQwEE$aQ?hd&Ib@M=0vy9a2^ zTLTd+&YeFOtH^6Pfk7ME(W5TMj3@fuZ`&tUHC8Vs1jbAT%3q8iX#3b$CMIrwFyZ~c zWPogo_Z`s+p(#gfvpGH)Y}-FMVn_hOjdsK)9_89w-#jL z27CD7kABpyh8{fo%(Hph1drHf>VNoc{GsP;NTPen@fttyiC*9#|0iFY@=NN_ImeHh ze*iB*(7v|?S_bs5{?)&Z%zv4LF=R@F=&yeDtGObzM7QsQcQ*FeE_@(>Nar z;y#7|`{Qu*0)_3kmtT1~9gurh$}vtLcM_{AWJ%nfC0n&t`c!t5WRk3ZgGO zbfSU7=bRkTp>JEq9PMkbzt;ZX5B?yxVoe;(h&jRsVm9Z#4(E>V4DQkReen(_WC;a&1k7Xb=TR(N`?c~2n%aJ38bH<8~?mHif zeg(s=f}IW~oGYdHXO&II-V7aiG$s*GJo!WhE~{($=$@@{S&@+;nmITtU=AN&7^GVk z&pr2i8YW{SYdbMNj7f)EB>2Ig8LDK}B*=0A|M-vpI9Rc~nhq6DpMLu39B+TNee%@F z+&aZS+w1s?MV)*lP?`GxkR7UD<04}I{9Ge9etsr#&4y| zR;|h}MW4^V@OF3pKRUQA(7HkYumAP`Gcx`KkC%pR=4>T(?AY;K zL0~{_AtBrhgmbgq0hJ{-nl2FqES z(NehA-+UvL>$9KzOa`f3eFQCMgO++S_d=|`e*UwcueGJ@j5X_qL0btjPDYKV+GezdU=w5^k>{~npGLQ;Q3fMwVQ*L_&2`sjjUIzCG;L~ zZ#$Iu_1E7BsoUVI^SkFn7e z6RH#Uod{#?#_CoG1C|6tx#8Sjxnz=0?zL2SQ*of%)$DzMB&r_5{~YV}i*!pvf3bD)sZ3Pk%c2 za3-A*e)>%_Te1!L+%KO?de{I*=D|Ue2;=l{(!)Uy9pJ3sLMuKxYG)@Un3&_HXQ9zq z56$Q&gI8XDC3OQ2o)727p?xia3OQdme<69!&ICsF1aFQ|5Tf(+P+|uhB_1i~NKJx` zS^xMe7_m?CCqs0)W*_8WETtcJ!(qa;IYd5%9_sA60xffYz>Z!7T9Xezc5Y*k+pA$G zw&tID>Z#z@qsha+|Ms_&KgMSQrC#3u4`hNx1qs{I>e0pWWqgxcKko-0ZScLFXSZE# zh7i2;1|YhTN4 zkk?~SwnhxtLm!+12TtkSk1{~_=_Jfkhw_-wc<@FbhtJj($4A*XH34ZRW{nITqYuSw z+?F2!d3yBf)oUrVbLY;dB2s?aHnycO5+2S0lg)x^T*?^r=Rg1X3@{X!@B}1%=C~tq z_7Y$u<@k+_@G2N^0FrCv1^OdQftDc6R-J2ar3U2Zc4x0${(L4@?y}T{7tK*SmDR%m z#%7|Cd6`;{(>+4UG%+c_O(*ZH{NTq6v%J?{eJvj#^7OF&tpf3mve!6(?Lzm#O`s^R zdyLnvUklmX%yFX$jkY@T3Gn!r_euhfaq2stB#gk=AKzAh-lGi<%LtNBakP4-W1Ul5 zNQ3qyt%--4R_k_71Xp!Dv?CDUKm8+fIxV=;8#Gt2Q7#b3m*}A&LC?^k4-*s4kqq#m zKwl=0^hmHUS@cw~mA=WJdr|Vx=)phtFHhWmB6MUV`!W^|mu_8&KFO2AVJq7F|J%Fo zXUVSXKJ-oGG{7KZK;#^mz$j9ZOOmB3mo55LS>->*mMyAemH!RD^83xtc9nzlOe-)4 zfFwu|B$0C_at2iIBp^ZT*t9Bx&0i-4dDpSuIJte2Bj3$#x#FVzccYJJue}^z0FW$%E&yuM}Mp zg@A}=lM@p%y5fHx_uwB-0A1wkrAZSr1@5eD`5qeerx!H!#H#d11|~ET5*u`%eBh%G zZR6L60#o~R{=QOwWNJL}K?6H6`881@)826?x_vy4-I#dV9=_)4YkHzU_a;d0nPi*r z*txrUo^0ugA1acFaqvt2&XuXX0kj=0Kt@H-RzcYg8P091UyQ8c1-o-fw`6FgZz9bO z$Okrd^Uy;Nx2#OA$dJ!Tu6&Y>u|Ja!6FTuu{N^vQd$MC|Y{VoE9b)n{$$l8n7K<4` zsRYA72t+cp6=w?!W1p&-2xe_zaTwb~XYW0`1FgP9jZp^aIiw;m^y}PZjG`$4cw>}7 znf)6>Uk3Zu+rBL0#GZk;XZ1!o=)3;<>sk?JE*!d(O9@o))J&6-Je zz^Z$M>?p9>w*8Yo`IGL?u_YojDV$jW0+jPD+G=dFp*T+GzN2dZKhQ?Ke)?0kiHF1_ zQEDfc_+kk`RnpWma`9|)INE4$Y%klOS0dy1ael^2uKm%F!mHo-vV<{?zLEf4b$}~F z6c}yIaBM4}8*9b%na_M?YgYJh1wp$FpRP&O)ipCWR=)sJIurnnaqBI&%x?SCZM}-L zZSOGwo58c)5ii253MLcn5XDcg2+6gIRm{yd-#q*M-~YYYKlvyBq-nk6(o5PV%xc*W z-hS|dAGE_>dda1|J3tO-@@BGYwn88DMmB7WZ6skkV~c|lfOE-K{ID1>dBc;qCeEPSbKd@>M9G3pixg+>IkS1TbxM|r z6ZByW*YwUW;W?H8U-{Uda%wHyXpVj_uF2OKr=Kyqt5&3vqy^T9ts|F^A6c?5b^#X~ zP)~krP(2%AM{FuZoTMicY<5J>N78O~gHE&|AV<#V<0hE0CvG)l>Far&*}Pyuh`#B^Gd7OzB^xts?FrQuA7PIbg%`3O?iv5sin*-m(-s{Z zldx^GQ3ip#?%-3a5Xr1(@$&#c0i0Z&*}3-cX{TP{I1-Rql4mJq-rC#ZL9e7qVH9jt zOg?Z#Zh(;}2{zhm$I$lHq=cghgvNQM0vukf*3E`Jqj63a-r|1v;Ya#8ESX$<@xJ2o zj2fZmja_F|=lI-n&o&<|_Zr)b(9F-u^z&c%!t9^^(|bX!51BzYTJLfE_atac7O8;1=D&?nc5SCQDs`Kd}S?BT+TF5DrLWuWC%#ZiF6 zmm*=J%}ZEbwj)zcDY0c2OsKp0Iasy3>}!@m~?&r``>GwYMbCjR%m1!3FHdU z2Co92AiyppOu;mKIkGAD1xC-j+1@|<<3H{duzR+_jBmSEU=;x1m5lV4$UJkF2tA5H zQ?Xn=Gu~EBkfAdxAd^ookz7zSdd2helWJn7pKWO`l<`YR`g5QA-0X{A{Nn6Wx82qW zK6dWC0PXNbCU^bhuAWGf;l6$2&0-(T^Q<}Jo9x==hF9R^4-Y-`VA}z@`X#;M%f!#K z^&!jm+Rvg#en4L)Hz`&o3R@&IH1IJKK3mdc>l(m8Z(ypcbwYV^PyWfoZjhHVjVsWb z)SJkl)g*||o_gA;ZA)Uuz4wln&Lm6kUU*(fxgPD;$=Ru9bea0Ot(0)E8sm0zRK3v9J!FI7)gfYFNWsGKa*$T%j`*x;N!_v z{F3b8`>e zsaLE}d=Y|G1?Ig3WLsJy@bU-e<6sPuu@R0yfB*gW^%kVy*XE+k8bIkJR)Oql7wtia&We!9=(zz zddNV%KuMnZ!htXK>Ej3wr>1w4Ezn7)N`RBo{Y^LD)WOmF2)EvPOD7F0K6b`-1WT)1 z&ysxv#w3>9@G05RgPAvdX-f|h8z2X^uD#D1vPq9$6iLmb1iwW{2XHp;xo+$HhU>3mJZb z_CgMNB`-l0oo0mSW~hu7AMR!dS6|gDA`S{SoDwpblauW$ zGem}bT#7|&k@Q0vBw_m7uO^M&Oiso zd$s~B2k>l?EI#|$&$KSQIA;r)j^XbW&O|QD02=729i#g8*GX0p$lAe*IUjc+9|_pe z8;xj^pwO?dM@hv>?1baTHoJgL2OJiD@{mmN;948VHK&`MTvF|qbCmaXU{Ycjmy`Ww41I_Z_nO#s|u9})_`(;lttR~z^p(Jh_`pyWZ0 z#wU9^YdcvJRGO`Eh92zz*iJ_uJ=4E)JcwKB+P}{{tL5#ZX=oECKmLi2j|oTt`AII( z3%1;H^E1QUQ~I9{GPtsMQGx8H4t2c83Zkp*9#N#G>-iUjS@wg)*KN9DwXOz;vZTCLU7Y2^au1o zPZBM>&fz2n_ux~E*WxRHXL_z=JOPE$8JcbOS4vg{&@V8xBjIJNx{VLW7@Y*?xh{o6e=_YE%s?<%JJtI~U37{eE^;(xgksh9HD#z?f| zb9LloH8|ch{zb3iz0D}m(h=Tl`}v+vddU}VpjUr7M}Nj*hk(xEb}u_5odzYw{+e=wKFOMet0y1DbkuCYb6CYEwQD-$GnYl(g`i!M*WSR0oA-)Qx=L726 z8^<3p{`S|l8qY$Yzh1Fu;e)M{vMnErvaRlO?{w>$|Jlk%zcJXDqxeM^?2BE)Mdwp~ zI=&Xq(d2U;@9E~uwy{~cylBZ#W^|oJz9364&VBd zkJv;9fUU4K#r?!__w}Wdw2KTCZ39P2X2vn@`+mJgFwKmh6KP#{69sW|V%;YQ0wM^; z=*|iKQcJBOYV`?PIMr6*t&_&pGevl-CIW-Q*0hygKWi#ssZ;bHZ%mHw82vSc6&^Gw z#wJKkOhM|YLsg16r~+$?$nj+uT;0w#m(iyKgfcS>bgAd;MZ7(KDXa0b|5wfO`sF z=~8jewR*`EOuv{vZ91{db=>&sXfi<$CP2ZbK3~t6zFSbd~!$C z{dre?-A9iCn*Rd0ozsbS5o&sFQZl^ivCeh9r?jT=a_TLU!Jp?Di_f}Ma zZG;wTAtU$%fADVAqsMn0cfzT0Fwx`B1q_#x0BW2L)CG*4f+AqaFMU&IO#Nc;F?4-{ zTYbQ}zUgl)IMq+vyKlDZdb|ij4h(}~Spki$WGh^&4dd!Zu4aK&yROk6W3)} zi2=RPr8lOh-^;udptBAwJAcJfWEgvkP7TaPeZ;Ka#;tl=!oEmF(96mR{eXPX3#^#n zpi})~ALJ4sXR^=^JpeE2+|$psG5CZgEyH;t8v(aU@syXv@B{Q$BG-P)xZ1aGRbOK` z*Izp}At<+S>OX;LU@{5XxxynS&H9=g>l!_Q4(5_W{TT!OCQsU%$i&9TkDP2{T5*}Y zWX0PuBb(|^zVQ3_4_SG}mY_)9Lw3Uk^ow69p;;Xq(MRZQn&$05$Dq1r%+wtUOyx2? zAHV`jf3uR;yW3xZ>F7%-0N*4hw1|=Tun6D_nb^V8{MSEzNw(~)e^{c<$uzv6!KB$3 zCaSLC#5dVad0yoIaL8j>SS8V-3qOhP^eeuw9rf(hy-eD4)kmC3tRnZexw>{Q=N^}g zJ|lm?=Ngb3U{m^#A=$I}$STKmgK^NfBhmV`3QpZs1&-URu@O`_I-(Kptz$E0&_*cG zmm&W8JwFycW^~7u;ZebBulv5^<9j=-hOho+*yD>AKr`OVmw{DsA*>N_<|}{_nlX#u zuK!I1CtzH3ZqYOsuKu=WY%3&SQV4!1%Qi)X?H-8ZXb<3^RO4ymUV?Y}!j*G0fLx=? zIUbEI823k4D(ITwj%0g6kC7k57nmhb3D;YmJ*lWNWHERK`g-{Y;2G~@HCTbHj>aW7 zv&qn&6%NN2_~C1s>RPZsKg#JEP5KGu9gORo{;GMw=-c{eoPwY2*RdUmH;xcFECXiw zO=F#Rm@EA@{@|zs+eEK=@*2UfO0_|&;+_>*-iSx%n{T|;=K@>vSnU(AU2CH+h+}Wt z-=JelhV#Dafoomaj*^MW)UN4u2c9bZRhNaIKqWOn#kMY9$R5Ass&66b`p6*Q-m7Kf z#_-Y_QrW??vNfR=cf4odmw-H1)W-P3rpJUD&#v*B`%{Q4 z1B=(|gt8g}o1fQlLRz0rXkDbAd`y_dm*fp{We?hlS7gWT$b86qey{ogHb749#cs5X zZ>iTNwvzq_li|7`V|SwUt34;5?8T?C{p$vzbQNo!w88ln5{>NFcofWF^}; z$Vc=mtPIPbwtsCs#fjjaGHnDa0XWU{`&RvDpP$j5L~tCq>IgFiIR&%>3W=b#1=^!O zvqa|s?ScMLqV~Y~pnvc+9lK>!C3V`iY$mv!cLI^%iocd;fdHnh>)_HBE@L?=p-2A# zg{`gyw6S6uhE*IjAALSAw%sK^+jv$Zj9icx0IZndr#!(@qHtdwC+JCz1kk~wn$d>y!pCbdn|+%Cwc?WJTc05(79r~(H6gBNl` zTP9J?qcaeFfYE+?5}51g8ASIj`@&^HsEvsfS)sKjF?Dp`7I|O1UMG}f z>c1hc{(pWB7O#OTb`rp2`!t!&dG3j2fyIv>OAk23D|)}s1$@M0RYK~@_E zoIh6-U?l}Jp$Zxt*l0s(11E@pyIu8(&|M3vQ^7ko<52=rMYZycHNiP`>}lKGO4>{d zaBqA?o`5%kprhL(FpX`%4z|Xv3fn8rb6rSaYMChd>2qSq)Hs9oYFFo>$NA7*jpc8S z2d05{@T-1GKS;gy+KuY!32%XWW}kh}b^W2`0_fp02{ z9`Ufil)eGRD%l)gviXhpL#DRy%cknOlPI3&vg~&0Q?lvzROYf8f*Jm8=RiL)kZ{3n z{N+05t3q(DqYQq?tIG7eioYUyyVUjQhbC3S=DOXy@0hsF?{|bBx^H`{V<0+;oIq$| zM@s4=yT~u)gTS=^2PuJG(W*dX65yf1Txt{eU@Y#0vh9ZPgYxr>B_Ik~7m(fZa5yA! z04P@1!)>sxSC-2IBc7kG36{5;5VAZ$%iGM+Cim4~Ro`39msZEW3Y3K*XnwT>6fK=V zmVkkKez63sTaN!w;Dgx9p~}((0FF+ySypE&(`?}#!9pFH)vdxUy-*QlNuS9ufn8z4=P`_JNuSb_(uTIZ8af5aG$FT|@h8(wc z(&|5OSXZ?0Ij#pHtmTEaPNy8aE(`0FOF{9uK2Bj?ANEyXHJN`fSl(tr%W^bztEK4= z4M&IESA}&ZA8_>e^=h=No6jTRAIBnm7;@aPqE&&2!-05gi@r1t(%Y9vNIPCObu)NKLmgQ&~{xQEeC>%X9{~)mLz;^Wb^=h=No6jTRAIBnm z7;?0Lh3DAYItD9jr>)Z&!Ai<#Qr0J%^>P~Q>m6lTI2=xJAXwgR(6JgVtF z0~-=zy@}1 z9Utyzv<+(sJ_+{6YVaxI*O_eBgmyq=z6tz0Awpk4_{)m0lk7&`8`!|H3On99KHMwX z@yvN$Q9praxd4R8b;4>7*wL~+dK&Xu_+3rrM*@zf7hzV?Ytg+th`k)DEZ6q&o?>U=c(@^qAB)CBChL;Rx`Dhm4*Y&tr@bG`w!VQ4 zY#@1cN20Z&^##vXw=%IhUj*)40ZGQm^sW`FVs*;#$8Z1Ig4Vw0Q=9&E3-}7Z&lmYl z*nB^wcD}zic+e0SeaA0^_^!-V0uNla#^LQTtE4Vp&=KC$gYdWvgx=r<`UiLJ4G7+y z`1AeG`0wxVt-2jJs(*iJeAQ_K+}|3rN+bev&UXX%-#3;r$BQ4b_WiguNROkPFG8== z){9@uFz)mV`r%|hWI2_^vH%Cr7askimno#3`}ytR@m;^~|6bGpo+3;1J6D`*3#T>! zp5Q`9cnM9@`vV3&e$W6OZ5GE581q2)cY`_ETYXmP8=lB9{7-2Q-@!TMH+5;Rf9?e$ zNBH$s`g@z_?V_vw!4y|uiZkbl1)(=KcBCNogWlMr>#1y}yzIu;6!4)e$}{zg_go(c z4mRG01>uEV0CdLxoa1rIn|hFYQ*bYBBOBMjm9iV8-~R5e6GG=ftu@4HoL>V8OqpL~ zLT%rf-ybk<+owYbTQI-wGOyYJyH+j_@N$@xjO~aIg+aKtDg;*`V@>7bIL^m-WNA|4 zyl!kI$NZwoPASZBRDCC9cy@?;)HQzhC*v-{T$_F0Z(?TrDU`|fSi9lq_H)Sn#x`1bRl;wsqc^adJhjy(kbcHUN&mwIQ+$UT_u&9EMTYBu_r=m0XIhRWh`lLb z8J}I`GuOd0Z8N>z4W@1P*XBsTjumYfah?+3Y<>*fFW*=}xF=aSPG_9;f7hAe2ZATe z_AfTf1=PP3P6z13BU??Zdlz;5@W#*}z1n>8H4_EEwIS2IBqQ~$PV$+~~|z5e_LCp(C~1zY`-VBv%dWLtSzX!@%Emd>jHbO893fVOGl zJmcqFKj+a&?g3*sM|X7Yd^f;P+J}aWHEb!{rE^-U1gGu(DFn};;@|+|suRobIOSQ% zH3$zt9lypW-N*LTM~Cjwd-NPW;GE*pPE62G+l&XIt7SkxxPpJNuX`Z0t{cLy@yNmW zk&n9Yxj%mQ$NT=;FGB1ou-NuMeLqaVAKF8oYb8FJy7)Nzo9aD~ehP43N#9&A+Dh7| z?{wTF1)+0CqGd!e93?_>&ow8CGrC78?j=a6Yoqwczy~tZ@A?A4+g}oG7|)olo4ERO zAHdZ~r|yeV<2mhe5d6l62hGmWoUsCpe?`!r+?2@1IK~M6@Fp=1LmE8geg|yy&D-KN zKisVyoM7M>GU+2k1^%BV$WDOO2aleQTZw8Tsq2^RY0&)&&s!C2O+F$c$HrfMt#1AH zEO`6vVFT!HTvfD<4Mc{yUKS!F0H5>d%2<(W!2QTJGz5qGv;pp=?G)6<$wRL(L1az` z+PDthz!!St2XMmiPDZS1kzu0BU6sEYQc1JhUK8yW8 z`t9%jI>C6x??j7HOlF0ugo)fseT1S!FwO(++qyjA#Nh<}1Kf3N$9Fx!qZERzfYc6D z=PimlN(c>AVPXJRi7Z|kKDX~=DK$V5TSjw z6<|*;+&1Hjj@|0l4aV%T>%ZngMFbJYbk4BUW1evdesO}{uB`e9 z&N+1Nykk~7R#*vO`Upn)Ng^SjVb1^7Ouw$(7m>6He&+(uz`2~z;K75WqF=Uq)H%jk zfI1MGmj!ewi@|4lEGQ61Jm<> zK2sc1y9iGA7yBOUdYv$p!7_lh#Xk7rACBxO_LYhC{`i^JYd^KaqZPvc`(B1}NeE#C z%$qdiT>Bu=FF{cdw;~c)KpaCGfkyizT6KbvbM1Pz+UcTjcdr^xnd7g9^JKHUaE*r_ z#TcPyakT`r0co=g-~s)?flhU<6*wjN(@r~e>zS*d4De>PnYK#$6F^U7ieEekhSPDZ znuaQdyt0~d-%(OER-Om9o~l?ao6xi#$h+D&*JnJ7-8nfzzpZ*JW_YZwBPU~_)ioTF zj&pT%xeDm7gumbg(FZvu@oGD0J8s8Vsc(BJNMHOZ?&lh~Z!Goz@DLpEYM1-2wRdlO z>>(?YOJip82}j#lwa+e2Y_4BqTLK1!{vT({fN_=9CmX19W1<&0$HP<}_*2qX0elk< zeR{GrZ=-+Y3a|Pk^3zX0z3V|_99X>gQk%{pXye&@jvgPi+dUDzy z>_#`7(Gi~YpSBAPi+C4t?S^|@fL3K$n6}3YAirsSY-nnm)BCPdK<>GY9R{X-js`$S z(^~(5X3`PEUZxQg2xRZxy)B5>Uw?h}^2;yJ&N=6tep8l#_|+fnG0O-!*%@aHN6X70 zVYs(Ot8Ll?W8{Ynyohu5*=KJNrd@A~R(GG{&pN9)CYwOZy~d*(a7wkadU~bwWPJD~+Be^Lv+1BCL0&sNt4l(Lt5?=1ju&9) z8XxM7Z*pU3ILHv4bY>jw5)k1{Sp}wg2k;q-EcWc#(>52~Mdrp%iTw4~#t&sUKlj{o zyB@t$nv4~_!K*!B!{Hv1#2mI3{TUY=Ob&+v#>hD6B1^JhPiK`cq7l#P z$>5@kE^7I$3i=u+GMn;5?(QwhagpzJ%3%?vayb}ihX?in*d6;L!+hGp1dW}sNAaKE z;78xYf<;?eycd|#2FFw`M^Z*p2rr#z34;+Mp5pJh=bmPs;oNe|Ep71k-FIJ?&wcK5 zvr8_yq=U-+_ut=r1Qrf@;e{8rqn&>Gsat|@G+3NR@M$NlBOJzhr-Xe@3HiF~uWvfM z87qN!cBpM3=r?nRF>>%mwG`luGT_C>V~;)7LG{{euWh;|Bgzd#QOg3}j6rU|G4kY? z0<`hS(RTVX&ptEz;SYaMPWnpo{M*0%+iiHB#hOfz)00m=IlKGryJt^5^;F~e=tn;~ z``qV0-$6R#7*|p-QF-8j2YSqX`}WOFIrWs;cfa%9*+q4J)sZ&~kz<@Pfep>qTyxFr>Z`AA8+-7<2itBW2V*<33vz-3FX+DO zuDkmD;~)R{mX5Un#!={+ebUb_e({UG$0qPWmf8U0{qToBY`!kN^wJKhKz}dwy<4_= z?|t`{9`2u=x#!H;jW^!dv;l!cp7e~H4eMjVxD?DykxAkWIOZJec1=G&``OQ0euCF$ zKl|C{#Wh>`@sEGpa^~Lx9^1U`y6c)ReaX|khaP%p_Jbe%pabN;{Fnc-Wr+UB8{p6V zM<0E(<#f|cH?>`|k11V&MOvpIp~0WvdGEdVw*Kj!JS8{~y>x6?BcMegH+J`$UMGa6Wk5SV zNPa*ZA}=z$vSJf`vK_uhr|gjJur2&Y&xzk4<4^CUE(Ju6?&thS$|+z>G#&qE1)SwC z{^BoY|N3A5>vljvo?%H$0w;rFWZ(JDcRJ7rzJeJ635aH!aB%8#&poFDNj|c|d2C6x zplVQCoRX|@o`2!_+0TFe^G+7Fl?6EM;NrBDWV=&)=LptLLV|ml0`xN;MSu6Z-);UV zI*B%hti86YC?tYZ(9T($Gav!&&O7hy;C9(%m$p2A`qR5Q7~=>u|Rss zB}0EjWCztVPCujhzyJORnvPcsr{G3jR>#$>+nI@Sn4kRQC*2>90`cXSU*0t913#Gx z$g2jy$PnmDHk=Y~#xo8&*^8jgModtQMV9oyInm8FB}VkJU;UzE?bsxK+P>O1bZefF(yerxt@jd^bA>cR^y*wW{# zuf5v1Vpr^WnbNlY-q==4iJYeA(}Kn)o_J#R_kaKQtt;0O1A6Jv9NNi z?K%^QQ%*4<@l8+TBXD+M=#<~1pUmKN#CzVPCu{iO?TKr#N}f|+JXi_9O(!Nx^ba2z zOsde3w$Z^lft*dw>G!|=xBphMIkD~TqKhu<1S_VP)R+vC*CJ256%$4U#5U!LE-cz!!VO)Awp(|Fy4ut&^!(!k8aXF z{^5M;4@&4Drz0(^uYBbzvr4fe(IWaU|MD+qfBL6?+QeE>5smlGD2>+?j7j|Rd=58<@3 z2>u;2=-1o$1!I9i;1$rkNTi>0^d#}=Pht3w#2jsfaTv~#fB?|xe5#O~yB9uEH*IGu z1uzD5g%63HV;cYZ8vB$oGC>?4X6qMJU^YP^tA`$br~}u{H{a3;(z#%B*518i3%S}^ z?UUgHh41kv9-rNC{SDp5mb1iu&N=6nA)nS`KK|I_CCA^?7#GeitN^j+j6EGNPCW6X zZiin%`OLG^*C5^J~)e#v5bHkjOH2qIK{nYH0S6^w~AAW>?JXv(V)cSb$-SG$l-AQP8#XG(eY#ix` z+)Rw|?7j&QodgH@NU}HGd{a%dPOAycLp|v|^UOV^^Rvp1POQoCyR&!SduR4i$?olU z-kM#sPhxq#?D>hJl}-P0_FBn}PAcuso_*%&mh--S7tMb8{ByG>%7$F?H8k@9lS(lH z9pvgB9iSP&6}{`jCh430C2$jYJhBtIcfLO0=O#MuG(9GG694HXFE+&nUV7<;-o;=i zpZLVb`*ZS7RZM%PWbyp-FSMTe<;LSrn7#PIi#6fBzh&<}-tkR8z(h|SxsU<=*!XTc z0|&c4njrav&GSj|o*$VwIkJ6vCMUZgj&x5RvGw@3y2N_2Vqbg!9Wo!1w;ZzOIAGS1(e0f;Sjhv4B9D)GK~W$n+!mlT5(PWQCO7bm;eBrN5Rg? z7k}usRr{$=ezNHXKe_8CvukQH!*Ojv3i!`F{Y)F^XFl_p=KtkaUao%6H$P~0&$Cyn z(5H)6^1JP}Pgg*?qpz0+Y&V+7ql+C@S;vCba&^E@0^``&Uq~# z6Cm3-Xe7rU{_sat|3>pkhM)fQr<*T&!WSEWM=)|OC`KN;mEC~+@kL+883E~;4$x$S zcaFs_&?sP&6+6WnIs|35M!&HK^sBe}h6^5a|L_0(zq^0*W7RL=k_$U9mQ^9g){niS z!^D%Fc7mDnA^^Yn#_K&1@-mSX6;Q1 z=z}cTJ6Z5!e3~HLbn}hX=KPwRJzqBRV)?#nUp`P11Cet1VEmIr!r@j}@$y;%W2U9?NE`^sj%^WAUHzEk`>_uMZ#xQZkET!56| z$7-(JaN?7FZ`zD39P-GATgzxIrJ-v&y>cm$ulFgEZ`?lZt^DQ^`IMZN9aR2O&|9E!oHP^JD87~#u2IY9qK0BU$3dD-O3MHaLf-pf4dGl)D2(OBEl9QyNjgn-EH$|J=OX5hGf<9zn9JG!^SA7bHb8n-1F6$#S8YolGCsaj#aAJ|X|`PF=U;F^-_sUItmN>{eDyCF`dlnoeD!~Q zb@t6~e6xcf+5|d==_M$WsLL)JTeSDwbMNfVJAYip{&3^nw{Ijn`bdyOx3=ge7h}=` z{VvJ_L~gr5D>)M`ur&r~z$_p}ifPSITbT(FY9z>+5yz#_D&|O*i%n zXvVwo#v9t+t#VDEJmZBEO$r;gGV-XvgzSr7{9*?ad>fw*B1ZuUKPDD*OMd(T{d8hg zEnsV-p1!oz&dZAZRiJPA7?}4a*xY-)lC?^oePq;Gaiiz4#~vxXj}_m?&3^y)f3Je# zXZ!KR_iz7h@%wBiq8DE92*?&+CH$kd)4Lg%$tZE!>NAo+AgKvD}8?9e@ zq^mD|=}TQqY{&=Qu?ffZ!g%(M50i*fPC2PpvL1`waKrU2>;Lbs|EeYzPnMi2ewNSL zjj$VqzCZe-KWy6RijKyv)(iboB6}kb6IqE^VvtlM5k4+vk%1&bXZYUDmyQKsqx?EW zJY@Uc1tCNBU_!-4#a!p)g=g~PckDQmOZE$oNu$YrCf8)exA}i|q{KY2Lvn{NKJ#Hg zCt8j-1&m8d9GelCEf5gnuu9-0f&wSWws8Wi1mT4z{gsc_?B7a&voJWg2#b&|DM#CP z(Y~5N@9Dk*1Sb-#E~|T^|F*0C+-32K9v_9W9oz}Vcy(W2D<9*( zU9vs-O={5oORxzF5so(h*4H<_t-P44taHdbQvMm~aDf}XlheBu)w;5=)x zk|ry7(1dRK67)=v;3Hf0^uV}Nmp-ckTuOjGS>gJx002unNkl{KG>pUORkcq1dA5n zzT)LXvXfb^z4n^f6<1zS?N4t0jcfcji%&@k-zT1MV##e^2StVa$(61IRI z(t>8Oh7O}|ZR5+KYu#WR?}v~T{v}j4!-p=o;QZNhzkF_Xcli!k`=}kdvx9N7XyPQ^xaxwxj>mw{oM*$K;enwB5ypidgfurHn3IKu%!+fk} z)q;lrD#+NbBydWxEky|uh^;sZG9KKVA2@a(C<8_>e&AD#$=MnI2pq!^;^gSr&FF(a zM@73NisrM9t~so?tY595Y%KEIQ}Th8!J*eVzC}Xx*@mBfZ?V$f6J3s*1YLvoD%mzN zFjlXS>&W5Bh2bSI`miN5nlvQQW|Gp$ zaXvBfu_K1*al`4SonGU3>vQl(O%gAffuzhf?SSAxTR7DXTE~QiZ3=QJY18&yNY#-m zyEJ*DU$zvvPxXOTIMtJZ@{G;~FLro5 zx;nWFx#gaAj_i;w=$DP#L1E|7*Rcp>qOiLZ{PJ0o5j|ipbMAh9_Yi1F(r3&Iezu4Uu|A&8B6F1 z$oOTfzy!qhKOV@>wfn|n%x38DOWelAFDHm$r%YkDYkf130OXA(_td-ZTs=DIn>>uq zE;&?BC4O@AC|NFQ1R<@6*gj}T+_M`+pSD%uKvROHapG_5gnqPBWA(DXAm2!5_vzwF5`XXq zzu#NNURJbv_k!V`Gxs!YY(`vaz1M<3!aVD&Gn;-kNykZ`cvHxLp2?VO$P$kd$hvu5 z7vK-ijP=w&2?Z5h0|EdiIagGSXh%Mufee7fH2$tv=;9#D?aDXHsLGSFd_qK36 z%ODg^|7Hayt5ya_XbJWbh?!zmQf4{cDz=R!Alb(9g3lGD6fg1EI+k2~u9HzlfmUMz z1-$5`D71Q}OhJrRJN!rpj)ICh!JI?j0S>g|QSwPJMH>ai$(0sf@c>fSJe3hSXAChS zb>!s*8E^WkGY*3=b48zzfIR=p=Vw>dip(3y5+wt%GBC;UhN!oQr6|vN1!DBSPzhNQ z;Qa6b&x6p+$r-NkLJPUk0lf(9jF%44;~cFW_=|6{L>v8UPabBUXk*A^L}%Jtxsj0- zrKF6uDY#AvOt0gRfPRdHX7%W0JLJl_=z-0U3t9wb^m1I20(eYR^koMUmOc_K2Zx`o z=!DGJ3m))DZXDLRAg3KXk}F;5!%pZ1UNS<*wbxx+_%H9>7x=vRClI5TOpTMDKC}wN zDtWukk7pPgem02)AH|ZG@PmG1!i6UKLSys?virghZ@cZb*0r{6M>URXa-?^7Y-jrT z*af98<6e5{WfchX%{;S`$@8smUlZDo6HYb}8j~~yPgh=XW$VHi-UEOKZnRx>)ivE7 zkQIHJ2)oCw@T87j@nKwn*mWi}+K4k`Y`m6N;g6543rYg@--v;)zy4bBH-6HReOoY` ze)<_L19Y?Z>nq-Qxy=gLqn_wIJ~;F~ww~4Fm7ejYO%enjg;(5iEr#l+ePDVH7O#&M zKo`F8M0RB9C@!;W_wdTr$(4U;qn|!xNWT15oZ)M1osF>{wyrH1Y6myFfy0sS8$%n{ zN@SJex?#s#$Eir7MFiziG^en2hf&6Wd5&e)&S^1>0RmufnN@hrALFN=!C1x{blUsq zgXd6Q4$)V8g5*g05ttbwC-Z#Qy?iE7`-?8x*Kg^XL23`@^hFiMt6o6OL;w&t-q3Fb z2`_xEDGYt+*Iu0@0tAq3Q~G7*7?LzAhb0Ag^{pv9Td z0mxT?hF9{EAe;*lWZ|5At-|$H&p8A_FCkbJnY^$QvNF~bR=Fl~kck={8 zYzY?s=rb8)tI+}8*_Ufaj~CJp4mz3An&j=MuYPPPZSjY1GDC~vWg)gsc4+kM+?R&z z-FtQ?S|7uTUE4MkjD33=eQHncr;%rkdqv6l{PWLi|1jQp=Z$TzGpv@XKc7GoxuDsY zaN`HCLGnUlCOhiT8=c|L1Ol)zd|qENYk%;qVBN`?JxAB(%xq^PdNB@?aKE!wrm6WbH~;UY&z z_xX$>>11+2R&eOM2nX_=qYcnTPx!zu8HlI+l|Jbe@9c(b=-fRz)?U4dw*KM*nW&5W z^wFQZ*r!;|M%a&g!1(c*z>$(!677y}hQbI(mLL#^;SlaxaZh`M#_;tKoFlx~UK?LU z2h8jl9=0SDZ^@e7!o{FGuhh@EEmUu6ni2XqkmtJult7}bRq#hXGPWSl!CBE1=TwJg z;2M1#1#kK=Wb|-oJZP&9L>cOwYX>*w!vmrqIPr~->A9n#J;yPwde>G9iZ@Gb^TNeo z$OTsY@M^v6qdu=zKqMP4JE7ed81&78=Btk01pUR&$F~|?dF53-!4M>YKJZ(?ppmhn z1%FEDGA=$DZjV3bCqSk>Ue%KooajQoRg`D;R*-fU-~jIL4Xs_Iy6~oyE=n^@Z(zbR$nh{dFjxLPafO+?ce@w(|Tnk18;77A&;G)qu&`Q9^#w* zB{D^$$pl{Cd(R^lFCdPIF1qj#TKHDSg{nsvKvQ@PFRp=e1!$kL9w__jx39-X{ydH` zVKAOW0A-=iwXalt`>jf>l`!yaYh54hL1GHIu`xQ+Z`jT7`N*SV!JOa7N=e&5V7uXWzSfO{SQ z2#Fv=2WLNHo)`cXst3m(HxfKL^h*#iPH1y9cG@XZg~K&f2pIHlZ+AGRPsUcaMbmtY z;Gd4Ao=lvhYtYD$j+?z!!O~W`kMfWO9<=9Z+FS8*+N#{b)rqaz`fg(2V;Q!OO+MZz ze8#f!5qLSdF~c7x4*lu_?)P{_TO2+2T?756N3`k_y5P0?6+|RE{ne%YBIq-PTt`-D zGKT)KH{i%lfj)`^Ynxy4vFgss7cJz~GOKp@bA%HPG%CiK>J=DYTjRMGe$f)UO5f1v z2L;?K%KC9f(_F=UxJ())U~OFkIPk3KCqcn!M+Oh0?dT6*<1Eld0q9F`HkSIF!yBIT z4gbJB?fjHwVb`MVip`tczFD^Av)n$%?n^8@zOgzmN%n3)lD~d=i{800tj5vdT`F7T zd=*5NXjr5xJmx;VQ`ct1>OS)^<68Xt5grUUZRhHi6>zsLfxP5cZQ zZog0lTstQx?OkUKb&Bh>kAE2h4MTqej+D%dgVyblCxFQa1>wq67$8K4Va%k?dEMwD zk#;|fDRtiW3*2)aVj@T@y#Do{NxdV{Flg5)+7mFEwLvSG((jmSknzKp>(ptJ(zML$ zfx0bP>fRJ*&QtFg=W*S2Rd8VCo;n5S>(ADsBnzu#-1mEoVW3tHO0RyZ-ZMeZ*nD@f zB&+F^4ltDu`qit`rpK*<&)f&82l~3N{j?7d6a``1l4&!Q*%aKH!t{EIGcpF#`p^-% z*($Pv?U&^$$!E2IrqG~o`h_>g*hwHbr!=J>Ap6)-@B{?ayrnDAD3XyP5sh7#kqEJ3 z+Yt_Rk`bH&f(eqk!SD8t5m1LVdXrog=juoMoe;YNX_Iza6RJr!NmRWyeze01%_Er` zZt%U$7uVRsU)Y_#uA!Uah0jFVb<R$Y!bwN7pIAxlYKKXc_w6 zrrp`#r|7J9y~@?TCebF+c9e#Gw`qh6kCB0U1Mi4O^yNBsmhq=DJJtXX(d!iOsJp{M}FaFrinphzbK7K0(;E*@E+_F@OkA8-hqsz~sB{ zj+FOTw_v^2X6-&lLgZ7G9c>=95 z+;grDoj^Zz@Z%?24EjN z?ITC`rhF>;yDw23e|+)audcn6Wi@N3BtFr*D<#MD2gYKnCXU)}^{={Z+q24}ulMU& zJG4cnno$AF7*WoR?19&DAppCxTfXF?t$oKl>@P3Fs!1Np}UZV>Scmw#*h7aLA{Hw#W zde_=3uGu`fkVo3O$7bM$(=qqpbl-L44BS%}n4Yf_Lf8AA(Jm4cC96ZU`?&_L(vrD2j1WO^1I=v3jl?p>1J3oqO9a12`y#&3LCJwZ|298U z*zKNc;CgxL8I`={3 zmT|zepL@niV9_pinm!4#N#sD=oCg<3AIJT*ogTHzePz2JKD4O%K9v21-uW2ar_buV z?sY$%=0|PE&21d&yhkzU+?G=ybVP?!K7jLqWB0ybw|fVJ<@=z|1oT(sgN~zbifev4 z>`(Lh&prNEH{X4)`05>vZ9h>TTiC|4%`=F8-CNYzBDi-TIN1FU3R7BkqiYeSeCCKZ zyiWUvXLTuQr%dIM_PKTpS;Hl-oOWelH-#0Xg6hPxtBhVt7Ln$ zz-sm-8c77=;Ud5AydPI_JF43c4?NboZGD|FZ{2=(DEN2dd!4dagxzT0k!V#Q=unv4 zhTvEpS0~w}n@4cV3-Cw^`@n$7<>j(E;PYtVbpuB~tY(Y0nwJg{<#QhO9Gmty5^b$p z`+OV1OC5JqTg!&mNt+F<42P0~j-EKb4auvAe?{B8t|+V`WThTktG9#0Q6>BjBAb<< z23RNhHNvWTIy{rY!vUdt9d;HT*UamZr1y$;Nm@Gf9EE{zDL}R@<4(4V{JOc5uTHYf zYwGKG05Kg+w*EnMv~J(~Ao%yk$C0+dMcT8X9S>qQuz?M1U;`W2z*=Ap&uEj;SDTfr z*80FR#wi?Kv+55fo8wZzBWZ)X(Y@mttv4RMF75U6!vi(oN-zAZD2x@h zj*l*w%VhI1)cfFQbok|9opKM4M+>j3$^A$Mxr4!KwBWH4?UGx^1Lk%AhrbL3jvn9J zre(_W;o^T)JQl2rAg`ja6Rj_6_Thh@)wHRUqv?S zw)dln7O+Yjn9?)t_hH!HZnBYA)pw%xJ+;2*d-}6hhXys^3ahqN(yZ1yj|Ya`nE&vA zT;|8a4u!bUt|H5$2Uc~AqeriydmVBQk4Foy%gg=42y}-Jibsj|Ba18AIZyAKR8^v# zAIHgoc|Y20{b-_R64Ftj??Wsh@TI!e^JTOc_Qd>FxQf3O z;8WR+{-cE_d9`V*|5_^uo1Y#cz;QV690)#KL;he8nXFSbk;$JvRLo9*k%Lkfc+)fqXm*z*OX|d$HNWBvJtOSHj&B3!9NsOr%E?)$go;$ ztG2zO)n~EaZc0(N=zkxc@>Y%GM{}Y&80^OD;pAr(S?)IOjzsHA|NWwfZ+-zmo{srm zUf(wf+|8GY_jR4W_ulx4E~V=x1j6HI^YRsL+AI>KUK`(GT&=q8*7sZ1Uw_}_{QHdy zc+NdAj{m2; zI8VW|W6N{GzdFZ2cu9LOy+4I1?hguV5KQgIsN>s(24tN2SG0_}&>u*f$cs%o*JjiY zUEqKEebIs7OI^;j&pjoe+16#9`^^WxDGU70E2yqrH|(z}wud_~Yz?z)2jdt2MTBt% z-}4&>fJOenlrMMN->YH=@BQD9Y5y!-{pCB7C&VueQ<($T)4J){tHKo5GVqb(wDmo^ z+dl2jcR^#EAFE?uzy4KX8s0T+ETf1q_x$EicHwK-$ovZ{{F2N7NJmiV#Mpz>bp=6*bcm_`uls)0qfV+#e%<7a*}Ly< ze>|vh%nLUCSb!fz_7hSAFQP_qt(~6<>z^De!_~HfMzzrVy>~}&9DP;;fz_`-I2udw zk*4Me@;T(*2Lb(jJPJ;9CYTSJ#}5MdF$CE2Tb0dQ-vxuOzF+^1GJa&>y(-i8O3SVO z*Cs#F*7vmQy6v$;Pxy6?|EWAu(muTGc7G9qFXMq_`b|N9WkAv20WA7~W7yn#WvlPK zH)tC?Ozcvh<{Mvg+nnEr$2~{=@=G|W$AdDh%X#`lUV(9M+fV%c`qyy3RprgC`d|OL z?EYQ90t0`yTCNms?NR664>WC6H^zRyZLJEOESDFe?b-IH=R%H52&*7dH5IUygE(`kRC(*J}YPl4+jvUR1$1i{Q8MyH?PDW!G z{ac<*+xT6}fW9UuC!RQdehld2ho_O+KQC2(0-xWqB`bK1iypM0MafT5shjc+)afh9 zh6nfcL4*5a=05tvm-FVYihhc^MVOAY2$BOC_}M@|g-8z7p|2Z%@s=MI*Uov`!P|Tm z9wYck#ZFRH(ef>MW^&^?vhW$VMF@@BD!C5-K;6I_IlNaZoEo=ia*alTmp`BjG%kJS z=gUIIUl!mFe&abupNXrVY3$#^E#9L?HcP*eU(?y0i?_LK!)MMx%cK6-9a&86!x64k ze^j9RRe@_d?$obRA3Bx=c$SB1JAWCfV_yxW`>^-%i%U&I{WZN+?6y^>t+Fb8#}2fW zjMH79HJ{rpqiyJ(rQ80wz!Q$|-|E&nnvQC z(#D|S8C%gcMg;^o(96^s$psths7Sd`vnc#pS zyN|T(DRAfy`~D?xcwkKAwkNqJ945WL>Pg86WB3e@;ZL%7rxKdqU$yf>6fKX5O!`=5 zt6yD2X4y(L`RR#9$^V0JyEV@I82ka(i*@S&0`GCdi4+lDWAa3zET>%JanH}dE z`Q3ifCr&=E+5-2w?c`j$1fi6)3FLa}Txqv#Nw9McQV*u%PU}~J^hy7z19osNx_gW& zSTJc3xvAG%MmavRA>G93XkGyk-m$~lt_;MzUMrY|_F zO@354WwA{_9e`6iu-Il1_IFQzc-;3J#Y)qPT=?g7gHbhhSWc)_z8@b?a_c^YBQy^f zWA?oQV`(2+r!?sknMFPzw5f}J6@DT>NVe+73P{a(798DH>;9`wjc;AhW4>4VHcprN zS3H=!buz3Y*`h+*)?3lbhO8XleW&=w2mc=^n@>Ds$ED>m=cDD~*jF{Nt<{QTYnwkZ zTDHLJ*z%hf5Zjp6tsBrWY$3KETVf->s!7Q^vv=Nor;`RCgYXepy#7BKn$HDR)wRvc z{{pSYI=b(1Lnq$IcaA1~4*Zw43qbDk(*f^mal~Q1b^LAxtCPxr#t&1!BQO{9&a=JN zMpp(VsMU?W&-t_wwAvV}og{I>i6?IHMwr7;w;hN>C0I?jgL0jqtzYitTASQo2Htq% zjXs`o$|*bg!5Mt$KU9Dx_y9g!r!)^;N=EY_FQC0$4$FzraPr9~Z{6$dy~4o|$qW6A zHb0C{z{ViQx88btc1rbi-IJg>4US2&c&AHrz?Wj&)H%=fn{U3kb^Y3Ful3OuV~XpQv%c(8^9ifXJqVwo@l{m1p%p0ohN63**hfM>t;al>3^UcBMNk!91C!IVd9-38M zO=Y@0(B@F#aNsz6fXN|`z@lv1i??JkX=)r*|L8TM~e4yX|&@Ndj~|1+=13 z(ar=Vbi?mlUq|;9=WwT}LyvPbEQ0$}m|l}ZQM!dcG8E)(c~0r=Rapi0^lvWbJZ4v= zlU=p*Vx52=THOQFF`OrexBZta9Mwf8APHD|dV)_|6d*R*93)a6|$yTo1QRKyY5?U(l7WFpdIe2rei~2ED0Hd z+=CBYCOGO6Dp4~I|N@ZsO?Q`?6L&3p#{-~I>tqi+?u!K&@o z3%J~tW$Y->rxRI|m6*^_e6S}n)53%wm!+J8qD@YeQ{ z3!tL6LP`o8jWP8$l2w$(0#^w{0R*N_AO!FTZq;-Px~>XbVA_}S41?V+Xi&hEt{D5O z5C>hvv3RZ|IIRM~t1k$@t`lU#M}yNEc8oo?gvYk>$hrHMWa5qQqnTQGB6O3Qst zzsXI;Ori@fqwSFGlsDJYq?`9Kzr?iBmG0$fnd8$^{>fXuh^?} zeWBUHrJ$w83_q^bTS>6dEm_Zd^fqbzjrz!O$PQ$j(2P&THC~mp1!+rWWCPrH-fuS7 zeLE0MTiwgns_P!3uhtJO7h@M~*#R+r6IIYO*W`uGpj{ygajLB88#HV6pE7KpOvfXdytLTX zSbYY4gT^TzQ`lequ?B8a(AH-39f>?f4G2C80NMrjGLU`&c-0w4ah^7g@K3j{4hDjA=*ub&UNV^mWx=@l zoL^fd>UY{{r`44t`}XXWS6`i-b>^8BtgM#CmYM#7V$b#~$mLmO^U*zrtQc|2uIg-; z!kr@c!K2-1JNQ;-TUeVj&NyRB2a$*EW2*^YBc`o-1zn)Gx~osd!EgEpM?igGdLC%{ zd*{TK=b!`h5l%8K85n~MJjSq+AeXGT*`)i0r29CwOnUXZ&6~PWKkUvqK7lRz@Y-)j z);XN`(^dhIA@Fe?pP7x_1jKJun_8%s-J(bsmqsQ8C8$`;cS#bNTfus@j&P*fu|%!=kKv7i@lhqyPu@r31JR^z!=ukD$Y zll$5}_Sj=>_wL)qSGT46kNl?X>eVV_bXMu=^qxQs`v9>ufBr2C@0Zho0cy`= z$&ReZd%>Zzw@4?gr@+wkxF_V3J2EuJ#b z!@tQ6942-zz5LSbjo063AJ(@huX`&nT0quh1gCSfkSjg2S$OG=EYTQ$TLxNBO9S8a zk`DbJ*Rp&4_19)Eyzt`eg7Yt!oqooixN+(aW}-d* z&kDRf_wWAQU(WvRzx_AOoyXE#qgNd1m(FOE0z~k1e?|R<`ko@cfA0P6MeYflo>1ca?EfsTIIqu5pa;4!I{f?a^szhISA{$570wx=GuD#&!!yo>z^_P1AlLM2S2dn>2O13YQ zY$W2Adog3eU<FA}|BM(0^yYIgH zX0Mj-S><-pE#I@FaMFn<^_#Srl)PFKxaXdIu3v<@`s%B+i$;pYcg+#j&0HLFQ0pEcCPp@8CF>ah~@pVQQ80Iz^3MBb+Xuc z-SCyKd}UTCb|l(gz4vY>+CTfVf7`QR4tn4H_qTwqyy~jiqcxlV=C{5z`|AJtU$ZN& zys~G%k5}EDKmKtU+e^sl69^>&M~;F?*Mc%fkyr(6NkNd;Mo@H58^Lla zM16;Ij|8f{BglE`Q?#dO=VngE;w*xY;3Fvr3S%b9Ubd~|{R-SaWL&(ap9J--lG!)D z@r@qu(n~MxiN)PNySsxio}aJDiN1UHp4BTQfrL!%zWeUk9e3Q`xFoMfE8tvy+2y^m zZ3C@(!H|r8_Vb_5zEwO4?(pARLG-I%{c6)gPZwQuQOooG(&yj&&EGWt+Fn_DBopIF zq(3h_`8{HCfx|uY-EqeqJsD9ip_&*yT9Yw2(PJ!q*$qC7DL^g4qD-gP{c(^QOC32r zS7Y3F|9!K&e|mR0;JM8|xZ?+RbW#K+b;hS-TcWn2-mDeIOE11O`}@ED`<@6~bImn9 zlg&$d@UuORZyd70r-`HlgLaF`9;=#kuXj2g(-M1e_wsOEz-`H{U^g2(T=1J-t=pzPuI&82*6n}z5C8XU&z>`8`)cKN!37ue1oigv4Z8o- zCqLOMZ@dh?2ET#uoZ?!+v$A+E^&rQi113E6f7{oK5V|dH_`(1DAOCaqU;pcWZU3?G z5O?|O*T44lo>YDGl1qBB;_({Uo1hN-RmiAqX~@6FS?)-* zi2jSe_;<5^^KbsNgAd2C;==q5*I(a(RUjs?kA3W8Bhi*K3s#crndJl$^qw*_{cr#N z_bV8Vm7HKK!C_jE5}?d#%wpWT^UgcF4+oWu;N|%0IWEEJqpjrST5v#%z-WB zYxQRAR$~lbFyxSmi38`*|ArfG=wPV7Hh__HYJA0^T|1{ZbSijBAJ@ROHXus2T9B9| zq3f=@u8r;CngL&5GClwN3$$!rCH;?n^rO}1xLUTVOSYTfZ-HGvYi zw6i5jw(j8>ezLNPL94_@2lS2)c*(^0bSmhOC0-=)Y`+HJ3*>xybZXpOb2NeW*=L@e zJ@V)yvr8|zv?m7IJoeb*vp0)Y;~4+-IzRcOlV_)$ep)9?@_pv%XL_rb6LZQ3?th@$ z(hKKiOIE1tx_1mpPq~K=@*s0ztR@pCw$9GmzuGxLrpE_IH#(e#a*JnSw`)9Lf%Z5EO)#vV#rR2q~fl1Z(%ddX? zlOOk_)=KK6lTX@u?nQ3e;FI6d*@-8e*b`rRW(U1HQTAo){e~NFoPF%pTl*fl@f|q! zoKXR==zFz31MxFZ7~Qe-l=^G0_pH$Q?fS$;ZTkUGP_a#eV2^ z*xCMJH~QBFMl#$~Zd>R5Zz9twmGYWraocVbncz!o_CAVlEaN|RqvRH`*De;@xVz%| zFMs(wG;JS0Dck3_WW}x=P2}Kv&Ur;b5#7%SaxfBQRaL<*-$!exYvQz8_U z^4x_0BtHhm2#v=fjm;pFlnGLC&1gBIF|^^B>5n!%!HXY-!3v_Bm2sn)@}~ly_HmxV zSr~iTI*;+EUO!_1?K7SNpYbFQ<=k`6n_YU@rAYn9>o zABXmGL6{B)oRGK#AU^3i~otTUvvu?Y#Dx!XpDDX@j(ywu;)sYCTaAj zorx#=ez8{Ta45Hb|MpJKd=D+!!i|2D-)pY9c6N5@hEGWF^y)=BtJ%}a2TY9Fr=Ta$ zc|<`TwumK9lNj6d0wjLm;b#IHT<+n+?gRT|GkCYFV)AQ($c7ZMmPpWM5+G3GkNxMG zevN@o_yKvdRlLywJ{@B(hYPlCalp9R_I)wKB+J(L3v>O^6}n82oA1(_Nm4$$E!Nr9 z;(u(84(TWMfmik7V{DUr;2{&SO^gDuz1ZK;0z2ilQ-)|YnIt2H?Boz}!mgf}K3>ur z>5m<=0r`R4#n307c)aX}+{UA?d&|E)(r}-AC1kREsBHAkJAd3VQ*RgId*AzR$0D|E z2XK+TBMCbat^YA6$a6vgrdJ3>IOqKIZMU`X1fZA7NxYzPX05OU3r1%f`RQ6sFd)HS z5q#hgEX>vjSD+M}&0wsWI654h*m&B1?sK2(Ej;}=A%{cnaP7v0b`jaQ=m;7N)`75#*nlWZ3K=E>J|J?uhmyp zeduCf3{J8Y+|Xo&=IzFQCUn-`?RM{sqOIie`s;5r9$Q*__ntjFuM#fV;$tfrmA>@< z_{TrqZDaVxanFQBaMRCfj6MVdb?(DsY)6IM6#*0<+Gk~pSGKS!=vPAQ75Vro${|;Y z&+1KJyW8&bR*L{*wt{nplGx8{Z!R|=eytSwkE-jifwey`7>ESAHS4*_m*BRzx?v{p`V*nl+50G z`>oytmXBt9NFwUlX4|ok|IlM4PV(S`=;L?KR3iA|7r)qi`Em-6M#!8@J!d0V ztM{j$db;H*IVt>5qJc{?^1cV!j4x2SwvrW0(L)-f#CEOQ!%ipBeq~WfbT$nI@>QkSZ-Ezw<-Hv?lOt)-;OgtjvGi1uv zOiFA`(xs%;DzVXfSvGVh>74euZKP(v5 zIv?Nj7Xj5vCg)eckVwrg7!l+6!WX{KjM^45i)AzdZ3o9P1`KkNbIv(?E6H$nNmDS8 z6bV3ZBXkZV@evp!BYgGns*{8{qhKr0IWk%TvpVB!oYt6vJX$DB5F>av(d8&`q0fE6 zaeoerh6FB!JRE^>wVx_1{q;*ANSz?Tz`~msm;^ES1u=ojibL{)Q-T_JYV11dF9APS zD_3tk`e6YdBT>kQ@krX|oHO2dY`W&OB`FAC9NA<9-+~(X(5vz2=hL75bj#WViQ@|< zU;5IQI`P`}A$Rx$2jg-Afdt)jN+)pRKa;LigM%$5lyAv*-e1zZ^pZ<@tN-SkZ)!U@ z@BErfoPACwurtrx(_73B6;CF5CWPpwGqPlBwz}CFdg(K^a8o5!~(B`@+MU$Uh$lMC16PybU|+*jh0>jDYX7@pCZFq!z-roX)G@6t;zX?lM8 z)4MBqK3Z}(wR!NKz|ifCRwqa^I1bf9t+otIe>6x)f`#__3M>>PiE?blEm6Cl=Y+PS(26z=Dyh3Rdz3WL z3%9Y27rH{X0Av=em>IRQDlnk~ZITEc^g*-Y90=M#T^!$7=+Y)Z0SHp+U6UO?ywPbT zVRcHzjES7I^NhjFmJ|BAw+k*9&r-)14OF17KRhwyS6_W)ixxUGF#_6KVM&YxZqMHhCk@^KWpMb8^=dYLnvaD1qt=H_+C$l9`QmW`GikfFdBPXZV7vBYHa^ z6@8S3_5>!gNUJ-=EZa)J%Ffu%tw!SbNmPMc$AOfVL-Flgkar(F{RU?x1^i3kaKG}( z%WZ6u#@M2JtUt=)g(uF-kv&^8p}`kE;a99kta=zCL$!r$EWD!CQSdi=wAE(?8Xb^T zR(F|A<3$~LJ3*=>Vp zpucMVp+UcOjMcAv<&II060bzcd9N==w%uf_iSxRD z%BiRHtmTFqZfrv$AO^?D8I@VAl`3cA=p0BthUFO|MHo}!bB{7?WpZTwDC4%PMym966JhXJ_O>r-GgYY_j1wB^_B2OW1I@ zwjFH;fV`|o=z`pA;~R@E7gx25=P7|cSLQmkDnp0BeR0X{oO91{t7v|ulNDY$m1j8g zN1j#!pZ)A-+o`;Htlk^Cua^$Ih=C7VlJpL&qBtoX366q1`J*2ng1rfsdlCy7NM3AO z0wCvyAAYEl#;qT_b#{IAH7Oxi@-(ikTuIc*RGl}bO#m(~`TNZCBQ=>4IN>~9JA3mO!jVoRJLP@8 zGJ(bGqXp1qyO`bMg#&vW$wtKSo@|tT(kmOhwQS>p3ofkoulC0fy$Izoq{-`5S6$h$ z&f_<$VG}-Y8XH6Gvxp(XyYKd#{GNVc&71OMXTm5UYa2-&DVgQ1$z&Nj!l@GiVoY|XTO?V7Opyfb>_tML+l#|uH0)b5X2%7;3T!Ls4 z76D}?Az%trf|Gm3mXOfpo`50oaayY}xC99}1WXAWUdq!~y>SH`LB$HhY8p;7WVQ{^ zrp`F}=Dyhx`rt_r0?tEcR&}YTNPHMixvC}@r`9AyfU;7p2K~Yc8RElRbsX`^GAJ^| z2bp^Q!`M8B^=#Hw7Vs@To{M?q-Ag2rh>v3Vh>rw~RzZqP(WT%A?~z9mLU@oQ@QFWi z#k+d4B2Rop#_&m|_#C3#-aC7E+tva;pM z;cTzkn)L#O=a`bqZ++nljZG5t7Ok(wGmdX9%gPI0e9$Yq61>S8;2-U15b&Z?ZOB0% zJhK^iylg@DwotvOM7CM=Ytu=+#ure)*lIniCq&xVPV;SQ@JmknDroBur&YXX@FrsP z^h6~fI8CsC=lfm^;d5*|e9@Dnsm=>fzOgBEkT~7qFFxUO$^w<=+ZuS;jy%49`}cdr z?K6-6{L5eNvAt|%0s;6o`@*yKc<@#!U3j11wBn2XfcTQ61do_OmuMw#_C@w=QlfQ@ zHu{OowWAMxQVu7?uiF-XV{Ez~dh#fTPR={;{N~%F#Y<}R0({Q<*VP?QWM-kl*7y|p z;LANpmA=?FJ(#S}!?30Ca@^E+<9Aco={N7cUN4YQ;Jc8STLuHj{q+|;qSt- z0V`8>CL!V-&pt9Grm1`GxnH*K?dH(GIQYbqPxMFQT(c{-&hFThYl)Yxd~4UKr=HgJ z;skly<(krVq-16s^65nDtHw?|Vf;)U<2GC92iN6{1T*%*%dl%1&tbFy3=bl2jak() z2-{fw;z0EcXipFsbefz9Gl~M7&^27f)&?$4Okl2q&ry4Z+H}-4XVyl4<2cXQ3JCs; z?S3G%P27a!wXYhys03>n21-EUlT+b}V5 zU6hwj{j}Qnq7UsHB{=>CA3f1O{A_}4^baQ#E%?SCU>n+KJC$S+&|98#18iC63ltRN zu~~hr8ol9emw+tPqmxd5@WUTAFSc|)``OPl-TJHZ)_2=_{psW5K*sbK#9QNb8hkxy zS9mb&I8&2?J_nQ3)7*9gr)y8Qbc~ z_=~(TT=I)d@Tt9P^pG*0%%%frt6p33l}xk;bZH#p(X(;1rK>6bi{~lZz(MM-#_0OK zXJ@7KRB{r~;U)`U%zlBbR@WvRpZ(nD`i)rhnke?OwQ8du5cu^Mw1IXCTESLQV)Iq! zUJ@;O)Wv>4k5l;A@6gq7?0%W6u1r4Zg@dD2d#hKoZuDA33flM~LwaF#o%=r%dKkxN z!<51lNt-z;=arQvm)x4m#1vMEq+S?{<0lSPaEhS4T7hZ?*Z+hVE%vjApCv2aU z?K!Mu=stX0Zl0MMDCXuynY-YDqLZdss*Ixjg{#xaypqEuyPrxk3S{|wU30+9vwjPtHYDCSrRU*l zK>_G%ug)jVB_jx;06~H+1b?`lG5>e4D`zerLks)16ZEL2rv?~E)HimVKVzbE)Le`L zK$z`c8}#3KT(P;6*Y`1$XBk%mTAmYhyI}kxLg5INY%yr1Dv#UbqBh+ z>?^z-5PPWcQzNze&vq>-w9i>ODsF)`4;mFah(}6}05HeS!v*l%?!H(Ny@`&Zlm-CA zmTDTzAnQV%z1_$6!?u*MQ32Sqp|ATsYOBsHML}cp4rk|%wq=Kmc>k6Re$*eH#E8=~ zM01>QT>=a|+9EaTWr}c&WsGeHw*ikui+DwF+nk^g{S8|KPWguhkne#`&$Ff3mBNd?Atn>r zTeR3-D=uG#W>J%@L#6s^>teEU*U9508j@~NFE?&0Vj;p%avx{?mRqXnvvY_tYZ>WO zw*Y0~F31zRPpHySV^*b5H*RS)RT^JUnDmMJP<#Ek?3mGIV#{&9vO#)-@P;S6_+`4L zO{d$He#^I5y97;b2}hGg@f&9-$`S;d-iQ0$?IEaSo?5kG8O8A|lxru`9*p;#sU|0f z)kTEe+MLIq5|ydAH&2_k#N#JpJjBZrMfu#6WE?Rd(&7fCq#7f{yy!C*Xr(peI{DYT zX60Nvg5QEhUzOs-nmi=UR$i|RvR|0s zqKJfem$aCi)S(Y=j4b7rQ}n+$%Te7?%))@v*w5{?+=N4$FcjTU_A=K8p9jp4Z9aW{ zp17Waa1DZ4!2TSoov8qLjfzhT+a(q>?Ccm zJ=K-5F3jbV!_dV|S0B3zY!=@$mgh}N_J=WVgKM4*gT+H>5S~QNcH+4Ok0oO*0xz*fz*xie^QOLwpHZ?g-keR)0;(o-+ zJ`P6zsOXy<|1Y*FQ|~V&WtTx4rB8u0a1t681*+&QR|&5aDiu`B3wsY!4|;;HRe&F# zSt9KK&S?1`8WaWSowR?=T10ka@}lFsh=zjLwr8Jje$+ZgLZ#}_-ZKEsGrZ31yw;bc zRPJQuX5U45cr{LC#&^p$=f|6}zO=tv!SxPE2)+iabKj{dMHyfplqKy3DtYj6F zQ1!XB##$vL*|lhb`9oc=ajuu4Sl?A8#4Igl4a{0orXBjf3>~>U#(tW;Qp#~?`H668 z<8Bf5{{XtYw*UVp{1)oZF)ni&v?~Vj%RI4DHRmD!KYPWx*Q=_V5vGBP4w>=**>gVV K=1^ttcllqq{rQ;y diff --git a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md index 2a98e5779b..3595276771 100644 --- a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md +++ b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md @@ -19,7 +19,7 @@ appliesto: Use of personal devices for work, and employees working outside the office, may be changing how your organization manages devices. Certain parts of your organization might require deep, granular control over devices, while other parts might seek lighter, scenario-based management that empowers the modern workforce. Windows offers the flexibility to respond to these changing requirements, and can easily be deployed in a mixed environment. You can shift the percentage of Windows devices gradually, following the normal upgrade schedules used in your organization. -Your organization can support various operating systems across a wide range of device types, and manage them through a common set of tools such as Microsoft Configuration Manager, Microsoft Intune, or other third-party products. This "managed diversity" enables you to empower your users to benefit from the productivity enhancements available on their new Windows devices (including rich touch and ink support), while still maintaining your standards for security and manageability. It can help you and your organization benefit from Windows much faster. +Your organization can support various operating systems across a wide range of device types, and manage them through a common set of tools such as Microsoft Configuration Manager, Microsoft Intune, or other third-party products. This "managed diversity" enables you to empower your users to benefit from the productivity enhancements available on their new Windows devices (including rich touch and ink support), while still maintaining your standards for security and manageability. It can help you and your organization benefit from Windows faster. This six-minute video demonstrates how users can bring in a new retail device and be up and working with their personalized settings and a managed experience in a few minutes, without being on the corporate network. It also demonstrates how IT can apply policies and configurations to ensure device compliance. diff --git a/windows/client-management/mdm-diagnose-enrollment.md b/windows/client-management/mdm-diagnose-enrollment.md index d36c8fd5bc..5022ba4bf1 100644 --- a/windows/client-management/mdm-diagnose-enrollment.md +++ b/windows/client-management/mdm-diagnose-enrollment.md @@ -24,7 +24,7 @@ To ensure that the auto-enrollment feature is working as expected, you must veri 1. Verify that the user who is going to enroll the device has a valid [Intune license](/mem/intune/fundamentals/licenses). - :::image type="content" alt-text="Intune license verification." source="images/auto-enrollment-intune-license-verification.png" lightbox="images/auto-enrollment-intune-license-verification.png"::: + :::image type="content" alt-text="Screenshot of Intune license verification." source="images/auto-enrollment-intune-license-verification.png" lightbox="images/auto-enrollment-intune-license-verification.png"::: 1. Verify that auto-enrollment is activated for those users who are going to enroll the devices into Mobile Device Management (MDM) with Intune. For more information, see [Azure AD and Microsoft Intune: Automatic MDM enrollment in the new Portal](./azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md). @@ -49,21 +49,19 @@ To ensure that the auto-enrollment feature is working as expected, you must veri This information can also be found on the Azure AD device list. - ![Azure AD device list.](images/azure-ad-device-list.png) - 1. Verify that the MDM discovery URL during auto-enrollment is `https://enrollment.manage.microsoft.com/enrollmentserver/discovery.svc`. ![MDM discovery URL.](images/auto-enrollment-mdm-discovery-url.png) 1. Some tenants might have both **Microsoft Intune** and **Microsoft Intune Enrollment** under **Mobility**. Make sure that your auto-enrollment settings are configured under **Microsoft Intune** instead of **Microsoft Intune Enrollment**. - :::image type="content" alt-text="Mobility setting MDM intune." source="images/auto-enrollment-microsoft-intune-setting.png" lightbox="images/auto-enrollment-microsoft-intune-setting.png"::: + :::image type="content" alt-text="Screenshot of Mobility setting MDM intune." source="images/auto-enrollment-microsoft-intune-setting.png" lightbox="images/auto-enrollment-microsoft-intune-setting.png"::: 1. When using group policy for enrollment, verify that the *Enable Automatic MDM enrollment using default Azure AD credentials* group policy (**Local Group Policy Editor > Computer Configuration > Policies > Administrative Templates > Windows Components > MDM**) is properly deployed to all devices that should be enrolled into Intune. You may contact your domain administrators to verify if the group policy has been deployed successfully. 1. Verify that Microsoft Intune allows enrollment of Windows devices. - :::image type="content" alt-text="Enrollment of Windows devices." source="images/auto-enrollment-enrollment-of-windows-devices.png" lightbox="images/auto-enrollment-enrollment-of-windows-devices.png"::: + :::image type="content" alt-text="Screenshot of Enrollment of Windows devices." source="images/auto-enrollment-enrollment-of-windows-devices.png" lightbox="images/auto-enrollment-enrollment-of-windows-devices.png"::: ## Troubleshoot group policy enrollment @@ -78,13 +76,13 @@ Investigate the logs if you have issues even after performing all the verificati 1. Search for event ID 75, which represents a successful auto-enrollment. Here's an example screenshot that shows the auto-enrollment completed successfully: - :::image type="content" alt-text="Event ID 75." source="images/auto-enrollment-troubleshooting-event-id-75.png" lightbox="images/auto-enrollment-troubleshooting-event-id-75.png"::: + :::image type="content" alt-text="Screenshot of Event ID 75." source="images/auto-enrollment-troubleshooting-event-id-75.png" lightbox="images/auto-enrollment-troubleshooting-event-id-75.png"::: If you can't find event ID 75 in the logs, it indicates that the auto-enrollment failed. This failure can happen because of the following reasons: - The enrollment failed with error. In this case, search for event ID 76, which represents failed auto-enrollment. Here's an example screenshot that shows that the auto-enrollment failed: - :::image type="content" alt-text="Event ID 76." source="images/auto-enrollment-troubleshooting-event-id-76.png" lightbox="images/auto-enrollment-troubleshooting-event-id-76.png"::: + :::image type="content" alt-text="Screenshot of Event ID 76." source="images/auto-enrollment-troubleshooting-event-id-76.png" lightbox="images/auto-enrollment-troubleshooting-event-id-76.png"::: To troubleshoot, check the error code that appears in the event. For more information, see [Troubleshooting Windows device enrollment problems in Microsoft Intune](/troubleshoot/mem/intune/troubleshoot-windows-enrollment-errors). @@ -92,31 +90,31 @@ If you can't find event ID 75 in the logs, it indicates that the auto-enrollment The auto-enrollment process is triggered by a task (**Microsoft** > **Windows** > **EnterpriseMgmt**) within the task-scheduler. This task appears if the *Enable automatic MDM enrollment using default Azure AD credentials* group policy (**Computer Configuration** > **Policies** > **Administrative Templates** > **Windows Components** > **MDM**) is successfully deployed to the target machine as shown in the following screenshot: - :::image type="content" alt-text="Task scheduler." source="images/auto-enrollment-task-scheduler.png" lightbox="images/auto-enrollment-task-scheduler.png"::: + :::image type="content" alt-text="Screenshot of Task scheduler." source="images/auto-enrollment-task-scheduler.png" lightbox="images/auto-enrollment-task-scheduler.png"::: > [!NOTE] > This task isn't visible to standard users, run Scheduled Tasks with administrative credentials to find the task. This task runs every 5 minutes for the duration of one day. To confirm if the task succeeded, check the task scheduler event logs: **Applications and Services Logs > Microsoft > Windows > Task Scheduler > Operational**. Look for an entry where the task scheduler created by enrollment client for automatically enrolling in MDM from Azure Active Directory is triggered by event ID 107. - :::image type="content" alt-text="Event ID 107." source="images/auto-enrollment-event-id-107.png" lightbox="images/auto-enrollment-event-id-107.png"::: + :::image type="content" alt-text="Screenshot of Event ID 107." source="images/auto-enrollment-event-id-107.png" lightbox="images/auto-enrollment-event-id-107.png"::: When the task is completed, a new event ID 102 is logged. - :::image type="content" alt-text="Event ID 102." source="images/auto-enrollment-event-id-102.png" lightbox="images/auto-enrollment-event-id-102.png"::: + :::image type="content" alt-text="Screenshot of Event ID 102." source="images/auto-enrollment-event-id-102.png" lightbox="images/auto-enrollment-event-id-102.png"::: The task scheduler log displays event ID 102 (task completed) regardless of the auto-enrollment success or failure. This status-display means that the task scheduler log is only useful to confirm if the auto-enrollment task is triggered or not. It doesn't indicate the success or failure of auto-enrollment. If you can't see from the log that task Schedule created by enrollment client for automatically enrolling in MDM from Azure AD is initiated, there's possibly an issue with the group policy. Immediately run the command `gpupdate /force` in a command prompt to get the group policy object applied. If this step still doesn't help, further troubleshooting on Active Directory is required. One frequently seen error is related to some outdated enrollment entries in the registry on the target client device (**HKLM > Software > Microsoft > Enrollments**). If a device has been enrolled (can be any MDM solution and not only Intune), some enrollment information added into the registry is seen: - :::image type="content" alt-text="Outdated enrollment entries." source="images/auto-enrollment-outdated-enrollment-entries.png" lightbox="images/auto-enrollment-outdated-enrollment-entries.png"::: + :::image type="content" alt-text="Screenshot of Outdated enrollment entries." source="images/auto-enrollment-outdated-enrollment-entries.png" lightbox="images/auto-enrollment-outdated-enrollment-entries.png"::: By default, these entries are removed when the device is un-enrolled, but occasionally the registry key remains even after un-enrollment. In this case, `gpupdate /force` fails to initiate the auto-enrollment task and error code 2149056522 is displayed in the **Applications and Services Logs** > **Microsoft** > **Windows** > **Task Scheduler** > **Operational** event log file under event ID 7016. A resolution to this issue is to remove the registry key manually. If you don't know which registry key to remove, go for the key that displays most entries as the screenshot above. All other keys will display fewer entries as shown in the following screenshot: - :::image type="content" alt-text="Manually deleted entries." source="images/auto-enrollment-activation-verification-less-entries.png" lightbox="images/auto-enrollment-activation-verification-less-entries.png"::: + :::image type="content" alt-text="Screenshot showing manually deleted entries." source="images/auto-enrollment-activation-verification-less-entries.png" lightbox="images/auto-enrollment-activation-verification-less-entries.png"::: ## Error codes diff --git a/windows/client-management/mdm-known-issues.md b/windows/client-management/mdm-known-issues.md index 4fa277cae8..8c3dc27e89 100644 --- a/windows/client-management/mdm-known-issues.md +++ b/windows/client-management/mdm-known-issues.md @@ -32,7 +32,7 @@ Passing CDATA in data in SyncML to ConfigManager and CSPs doesn't work. The certificate setting under "SSL Settings" in the IIS server for SCEP must be set to "Ignore". -![ssl settings.](images/ssl-settings.png) +:::image type="content" source="images/ssl-settings.png" alt-text="Screenshot of SSL settings in IIS."::: ## MDM enrollment fails on the Windows device when traffic is going through proxy diff --git a/windows/client-management/using-powershell-scripting-with-the-wmi-bridge-provider.md b/windows/client-management/using-powershell-scripting-with-the-wmi-bridge-provider.md index 204269063e..d3ea09a030 100644 --- a/windows/client-management/using-powershell-scripting-with-the-wmi-bridge-provider.md +++ b/windows/client-management/using-powershell-scripting-with-the-wmi-bridge-provider.md @@ -1,7 +1,7 @@ --- title: Using PowerShell scripting with the WMI Bridge Provider description: This topic covers using PowerShell Cmdlet scripts to configure per-user and per-device policy settings, and how to invoke methods through the WMI Bridge Provider. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -44,7 +44,7 @@ The following script describes how to create, enumerate, query, modify, and dele $namespaceName = "root\cimv2\mdm\dmmap" $className = "MDM_Policy_Config01_WiFi02" -# Create a new instance for MDM_Policy_Config01_WiFi02 +# Create a new instance for MDM_Policy_Config01_WiFi02 New-CimInstance -Namespace $namespaceName -ClassName $className -Property @{ParentID="./Vendor/MSFT/Policy/Config";InstanceID="WiFi";AllowInternetSharing=1;AllowAutoConnectToWiFiSenseHotspots=0;WLANScanMode=100} # Enumerate all instances available for MDM_Policy_Config01_WiFi02 @@ -86,15 +86,13 @@ class MDM_Policy_User_Config01_Authentication02 }; ``` -> **Note** If the currently logged on user is trying to access or modify user settings for themselves, it is much easier to use the per-device settings script from the previous section. All PowerShell cmdlets must be executed under an elevated admin command prompt. - - +> [!NOTE] +> If the currently logged on user is trying to access or modify user settings for themselves, it is much easier to use the per-device settings script from the previous section. All PowerShell cmdlets must be executed under an elevated admin command prompt. If accessing or modifying settings for a different user, then the PowerShell script is more complicated because the WMI Bridge expects the user SID to be set in MI Custom Context, which isn't supported in native PowerShell cmdlets. -> **Note** All commands must executed under local system. - - +> [!NOTE] +> All commands must executed under local system. A user SID can be obtained by Windows command `wmic useraccount get name, sid`. The following script example assumes the user SID is S-1-5-21-4017247134-4237859428-3008104844-1001. diff --git a/windows/client-management/win32-and-centennial-app-policy-configuration.md b/windows/client-management/win32-and-centennial-app-policy-configuration.md index 5af3714a87..b6502accac 100644 --- a/windows/client-management/win32-and-centennial-app-policy-configuration.md +++ b/windows/client-management/win32-and-centennial-app-policy-configuration.md @@ -20,7 +20,7 @@ appliesto: You can ingest ADMX files (ADMX ingestion) and set those ADMX policies for Win32 and Desktop Bridge apps by using Windows Mobile Device Management (MDM) on desktop SKUs. The ADMX files that define policy information can be ingested to your device by using the Policy CSP URI, `./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall`. The ingested ADMX file is then processed into MDM policies. -NOTE: Starting from the following Windows versions Replace command is supported: +Starting from the following Windows versions `Replace` command is supported: - Windows 10, version 1903 with KB4512941 and KB4517211 installed - Windows 10, version 1809 with KB4512534 and KB installed