From deae3a807fd1cc16b4149cf5e9c22447d2506a03 Mon Sep 17 00:00:00 2001 From: Harman Thind <63820404+hathin@users.noreply.github.com> Date: Tue, 15 Oct 2024 11:32:12 -0700 Subject: [PATCH 001/123] Update windows-autopatch-post-reg-readiness-checks.md Hermes v2 is being introduced. Added the new name Windows Autopatch Client Broker, to go along with v1 until v1 is later deprecated. Some customers will have both apps (until v1 is deprecated), and others with newly registered devices will only have v2 app @tiaraquan FYI --- .../windows-autopatch-post-reg-readiness-checks.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-post-reg-readiness-checks.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-post-reg-readiness-checks.md index c5f450553f..c4a299bb50 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-post-reg-readiness-checks.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-post-reg-readiness-checks.md @@ -36,7 +36,7 @@ Device readiness in Windows Autopatch is divided into two different scenarios: ### Device readiness checks available for each scenario -| Required device readiness (prerequisite checks) before device registration (powered by Intune Graph API) | Required post-device registration readiness checks (powered by Microsoft Cloud Managed Desktop Extension) | +| Required device readiness (prerequisite checks) before device registration (powered by Intune Graph API) | Required post-device registration readiness checks (powered by Microsoft Cloud Managed Desktop Extension and Windows Autopatch Client Broker) | | ----- | ----- | | | | @@ -66,7 +66,7 @@ A healthy or active device in Windows Autopatch is: - Actively sending data - Passes all post-device registration readiness checks -The post-device registration readiness checks are powered by the **Microsoft Cloud Managed Desktop Extension**. It's installed right after devices are successfully registered with Windows Autopatch. The **Microsoft Cloud Managed Desktop Extension** has the Device Readiness Check Plugin. The Device Readiness Check Plugin is responsible for performing the readiness checks and reporting the results back to the service. The **Microsoft Cloud Managed Desktop Extension** is a subcomponent of the overall Windows Autopatch service. +The post-device registration readiness checks are powered by the **Microsoft Cloud Managed Desktop Extension**. It's installed right after devices are successfully registered with Windows Autopatch. The **Microsoft Cloud Managed Desktop Extension** and **Windows Autopatch Client Broker** has the Device Readiness Check Plugin. The Device Readiness Check Plugin is responsible for performing the readiness checks and reporting the results back to the service. The **Microsoft Cloud Managed Desktop Extension** and **Windows Autopatch Client Broker** are subcomponents of the overall Windows Autopatch service. The following list of post-device registration readiness checks is performed in Windows Autopatch: @@ -90,8 +90,8 @@ See the following diagram for the post-device registration readiness checks work | Step | Description | | ----- | ----- | | **Steps 1-7** | For more information, see the [Device registration overview diagram](windows-autopatch-device-registration-overview.md).| -| **Step 8: Perform readiness checks** |
  1. Once devices are successfully registered with Windows Autopatch, the devices are added to the **Ready** tab.
  2. The Microsoft Cloud Managed Desktop Extension agent performs readiness checks against devices in the **Ready** tab every 24 hours.
| -| **Step 9: Check readiness status** |
  1. The Microsoft Cloud Managed Desktop Extension service evaluates the readiness results gathered by its agent.
  2. The readiness results are sent from the Microsoft Cloud Managed Desktop Extension service component to the Device Readiness component within the Windows Autopatch's service.
| +| **Step 8: Perform readiness checks** |
  1. Once devices are successfully registered with Windows Autopatch, the devices are added to the **Ready** tab.
  2. The Microsoft Cloud Managed Desktop Extension and Windows Autopatch Client Broker agents perform readiness checks against devices in the **Ready** tab every 24 hours.
| +| **Step 9: Check readiness status** |
  1. The Microsoft Cloud Managed Desktop Extension and Windows Autopatch Client Broker service evaluates the readiness results gathered by its agent.
  2. The readiness results are sent from the Microsoft Cloud Managed Desktop Extension and Windows Autopatch Client Broker service component to the Device Readiness component within the Windows Autopatch's service.
| | **Step 10: Add devices to the Not ready** | When devices don't pass one or more readiness checks, even if they're registered with Windows Autopatch, they're added to the **Not ready** tab so IT admins can remediate devices based on Windows Autopatch recommendations. | | **Step 11: IT admin understands what the issue is and remediates** | The IT admin checks and remediates issues in the Devices blade (**Not ready** tab). It can take up to 24 hours for devices to show in the **Ready** tab. | @@ -99,7 +99,7 @@ See the following diagram for the post-device registration readiness checks work | Question | Answer | | ----- | ----- | -| **How frequent are the post-device registration readiness checks performed?** || +| **How frequent are the post-device registration readiness checks performed?** || | **What to expect when one or more checks fail?** | Devices are automatically sent to the **Ready** tab once they're successfully registered with Windows Autopatch. When devices don't meet one or more post-device registration readiness checks, the devices are moved to the **Not ready** tab. IT admins can learn about these devices and take appropriate actions to remediate them. Windows Autopatch provides information about the failure and how to potentially remediate devices.

Once devices are remediated, it can take up to **24 hours** to appear in the **Ready** tab.

| ## Additional resources From 2f925278011f7b46c64edf61382db1a9a67ce10a Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Mon, 18 Nov 2024 14:48:56 -0800 Subject: [PATCH 002/123] dep-rm-ntlm-9544861 --- windows/whats-new/deprecated-features-resources.md | 2 +- windows/whats-new/deprecated-features.md | 2 +- windows/whats-new/ltsc/whats-new-windows-11-2024.md | 1 + windows/whats-new/removed-features.md | 1 + 4 files changed, 4 insertions(+), 2 deletions(-) diff --git a/windows/whats-new/deprecated-features-resources.md b/windows/whats-new/deprecated-features-resources.md index 7c53798b03..87ff332844 100644 --- a/windows/whats-new/deprecated-features-resources.md +++ b/windows/whats-new/deprecated-features-resources.md @@ -34,7 +34,7 @@ Customers concerned about NTLM usage in their environments are encouraged to uti In many cases, applications should be able to replace NTLM with Negotiate using a one-line change in their `AcquireCredentialsHandle` request to the SSPI. One known exception is for applications that have made hard assumptions about the maximum number of round trips needed to complete authentication. In most cases, Negotiate will add at least one additional round trip. Some scenarios may require additional configuration. For more information, see [Kerberos authentication troubleshooting guidance](/troubleshoot/windows-server/windows-security/kerberos-authentication-troubleshooting-guidance). -Negotiate's built-in fallback to NTLM is preserved to mitigate compatibility issues during this transition. For updates on NTLM deprecation, see [https://aka.ms/ntlm](https://aka.ms/ntlm). +Negotiate's built-in fallback to NTLM is preserved to mitigate compatibility issues during this transition. For updates on NTLM deprecation, see [https://aka.ms/ntlm](https://aka.ms/ntlm). ## WordPad diff --git a/windows/whats-new/deprecated-features.md b/windows/whats-new/deprecated-features.md index 386b0a681f..90993e39dc 100644 --- a/windows/whats-new/deprecated-features.md +++ b/windows/whats-new/deprecated-features.md @@ -51,7 +51,7 @@ The features in this article are no longer being actively developed, and might b | Paint 3D | Paint 3D is deprecated and will be removed from the Microsoft Store on November 4, 2024. To view and edit 2D images, you can use [Paint](https://apps.microsoft.com/detail/9pcfs5b6t72h) or [Photos](https://apps.microsoft.com/detail/9wzdncrfjbh4). For viewing 3D content, you can use [3D Viewer](https://apps.microsoft.com/detail/9nblggh42ths). For more information, see [Resources for deprecated features](deprecated-features-resources.md#paint-3d). | August 2024 | | Adobe Type1 fonts | Adobe PostScript Type1 fonts are deprecated and support will be removed in a future release of Windows.

In January 2023, Adobe announced the [end of support for PostScript Type1 fonts](https://helpx.adobe.com/fonts/kb/postscript-type-1-fonts-end-of-support.html) for their latest software offerings. Remove any dependencies on this font type by selecting a supported font type. To display currently installed fonts, go to **Settings** > **Personalization** > **Fonts**. Application developers and content owners should test their apps and data files with the Adobe Type1 fonts removed. For more information, contact the application vendor or Adobe. | August 2024 | | DirectAccess | DirectAccess is deprecated and will be removed in a future release of Windows. We recommend [migrating from DirectAccess to Always On VPN](/windows-server/remote/remote-access/da-always-on-vpn-migration/da-always-on-migration-overview). | June 2024 | -| NTLM | All versions of [NTLM](/windows/win32/secauthn/microsoft-ntlm), including LANMAN, NTLMv1, and NTLMv2, are no longer under active feature development and are deprecated. Use of NTLM will continue to work in the next release of Windows Server and the next annual release of Windows. Calls to NTLM should be replaced by calls to Negotiate, which will try to authenticate with Kerberos and only fall back to NTLM when necessary. For more information, see [Resources for deprecated features](deprecated-features-resources.md). | June 2024 | +| NTLM | All versions of [NTLM](/windows/win32/secauthn/microsoft-ntlm), including LANMAN, NTLMv1, and NTLMv2, are no longer under active feature development and are deprecated. Use of NTLM will continue to work in the next feature update for Windows Server and the next annual release of Windows. Calls to NTLM should be replaced by calls to Negotiate, which will try to authenticate with Kerberos and only fall back to NTLM when necessary. For more information, see, [Resources for deprecated features](deprecated-features-resources.md).

**[Update - ANovember 2024]**: NTLMv1 was [removed](removed-features.md) in Windows 11, version 24H2 and Windows Server 20205. | June 2024 | | Driver Verifier GUI (verifiergui.exe) | Driver Verifier GUI, verifiergui.exe, is deprecated and will be removed in a future version of Windows. You can use the [Verifier Command Line](/windows-hardware/drivers/devtest/verifier-command-line) (verifier.exe) instead of the Driver Verifier GUI.| May 2024 | | NPLogonNotify and NPPasswordChangeNotify APIs | Starting in Windows 11, version 24H2, the inclusion of password payload in MPR notifications is set to disabled by default through group policy in [NPLogonNotify](/windows/win32/api/npapi/nf-npapi-nplogonnotify) and [NPPasswordChangeNotify](/windows/win32/api/npapi/nf-npapi-nppasswordchangenotify) APIs. The APIs may be removed in a future release. The primary reason for disabling this feature is to enhance security. When enabled, these APIs allow the caller to retrieve a user's password, presenting potential risks for password exposure and harvesting by malicious users. To include password payload in MPR notifications, set the [EnableMPRNotifications](/windows/client-management/mdm/policy-csp-windowslogon#enablemprnotifications) policy to `enabled`.| March 2024 | | TLS server authentication certificates using RSA keys with key lengths shorter than 2048 bits | Support for certificates using RSA keys with key lengths shorter than 2048 bits will be deprecated. Internet standards and regulatory bodies disallowed the use of 1024-bit keys in 2013, recommending specifically that RSA keys should have a key length of 2048 bits or longer. For more information, see [Transitioning of Cryptographic Algorithms and Key Sizes - Discussion Paper (nist.gov)](https://csrc.nist.gov/CSRC/media/Projects/Key-Management/documents/transitions/Transitioning_CryptoAlgos_070209.pdf). This deprecation focuses on ensuring that all RSA certificates used for TLS server authentication must have key lengths greater than or equal to 2048 bits to be considered valid by Windows.

TLS certificates issued by enterprise or test certification authorities (CA) aren't impacted with this change. However, we recommend that they be updated to RSA keys greater than or equal to 2048 bits as a security best practice. This change is necessary to preserve security of Windows customers using certificates for authentication and cryptographic purposes.| March 2024| diff --git a/windows/whats-new/ltsc/whats-new-windows-11-2024.md b/windows/whats-new/ltsc/whats-new-windows-11-2024.md index 3fbb4a3529..0a7a2c5404 100644 --- a/windows/whats-new/ltsc/whats-new-windows-11-2024.md +++ b/windows/whats-new/ltsc/whats-new-windows-11-2024.md @@ -156,6 +156,7 @@ Each version of Windows client adds new features and functionality. Occasionally | Feature | Description | |---------|-------------| +| NTLMv1
[24H2][24H2] | NTLMv1 is removed from all editions of Windows starting in Windows 11, version 24H2 and Windows Server 2025. | | **WordPad**
[24H2][24H2]| WordPad is removed from all editions of Windows starting in Windows 11, version 24H2 and Windows Server 2025. | | **Alljoyn**
[24H2][24H2] | Microsoft's implementation of AllJoyn, which included the [Windows.Devices.AllJoyn API namespace](/uwp/api/windows.devices.alljoyn), a [Win32 API](/windows/win32/api/_alljoyn/), a [management configuration service provider (CSP)](/windows/client-management/mdm/alljoynmanagement-csp), and an [Alljoyn Router Service](/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server#alljoyn-router-service) is retired. | diff --git a/windows/whats-new/removed-features.md b/windows/whats-new/removed-features.md index 461b15d644..50da138236 100644 --- a/windows/whats-new/removed-features.md +++ b/windows/whats-new/removed-features.md @@ -38,6 +38,7 @@ The following features and functionalities have been removed from the installed |Feature | Details and mitigation | Support removed | | ----------- | --------------------- | ------ | +| NTLMv1 | NTLMv1 is removed from all editions of Windows starting in Windows 11, version 24H2 and Windows Server 2025. | 24H2 | | Microsoft Defender Application Guard for Edge | [Microsoft Defender Application Guard](/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview), including the [Windows Isolated App Launcher APIs](/windows/win32/api/isolatedapplauncher/), is deprecated for Microsoft Edge for Business and is no longer available starting with Windows 11, version 24H2. | 24H2 | | WordPad | WordPad is removed from all editions of Windows starting in Windows 11, version 24H2 and Windows Server 2025. We recommend Microsoft Word for rich text documents like .doc and .rtf and Windows Notepad for plain text documents like .txt. If you're a developer and need information about the affected binaries, see [Resources for deprecated features](deprecated-features-resources.md#wordpad). | October 1, 2024 | | Alljoyn | Microsoft's implementation of AllJoyn, which included the [Windows.Devices.AllJoyn API namespace](/uwp/api/windows.devices.alljoyn), a [Win32 API](/windows/win32/api/_alljoyn/), a [management configuration service provider (CSP)](/windows/client-management/mdm/alljoynmanagement-csp), and an [Alljoyn Router Service](/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server#alljoyn-router-service) is retired. [AllJoyn](https://openconnectivity.org/technology/reference-implementation/alljoyn/), sponsored by AllSeen Alliance, was an open source discovery and communication protocol for Internet of Things scenarios such as turning on/off lights or reading temperatures. AllSeen Alliance promoted the AllJoyn project from 2013 until 2016 when it merged with the Open Connectivity Foundation (OCF), the sponsors of [Iotivity.org](https://iotivity.org/), another protocol for Internet of Things scenarios. Customers should refer to the [Iotivity.org](https://iotivity.org/) website for alternatives such as [Iotivity Lite](https://github.com/iotivity/iotivity-lite) or [Iotivity](https://github.com/iotivity/iotivity). | October 1, 2024 | From c6668488561796ddec8ac3f511a25e7556eb9121 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Mon, 18 Nov 2024 15:01:45 -0800 Subject: [PATCH 003/123] dep-rm-ntlm-9544861 --- windows/whats-new/deprecated-features.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/deprecated-features.md b/windows/whats-new/deprecated-features.md index 90993e39dc..a15a56dfb4 100644 --- a/windows/whats-new/deprecated-features.md +++ b/windows/whats-new/deprecated-features.md @@ -51,7 +51,7 @@ The features in this article are no longer being actively developed, and might b | Paint 3D | Paint 3D is deprecated and will be removed from the Microsoft Store on November 4, 2024. To view and edit 2D images, you can use [Paint](https://apps.microsoft.com/detail/9pcfs5b6t72h) or [Photos](https://apps.microsoft.com/detail/9wzdncrfjbh4). For viewing 3D content, you can use [3D Viewer](https://apps.microsoft.com/detail/9nblggh42ths). For more information, see [Resources for deprecated features](deprecated-features-resources.md#paint-3d). | August 2024 | | Adobe Type1 fonts | Adobe PostScript Type1 fonts are deprecated and support will be removed in a future release of Windows.

In January 2023, Adobe announced the [end of support for PostScript Type1 fonts](https://helpx.adobe.com/fonts/kb/postscript-type-1-fonts-end-of-support.html) for their latest software offerings. Remove any dependencies on this font type by selecting a supported font type. To display currently installed fonts, go to **Settings** > **Personalization** > **Fonts**. Application developers and content owners should test their apps and data files with the Adobe Type1 fonts removed. For more information, contact the application vendor or Adobe. | August 2024 | | DirectAccess | DirectAccess is deprecated and will be removed in a future release of Windows. We recommend [migrating from DirectAccess to Always On VPN](/windows-server/remote/remote-access/da-always-on-vpn-migration/da-always-on-migration-overview). | June 2024 | -| NTLM | All versions of [NTLM](/windows/win32/secauthn/microsoft-ntlm), including LANMAN, NTLMv1, and NTLMv2, are no longer under active feature development and are deprecated. Use of NTLM will continue to work in the next feature update for Windows Server and the next annual release of Windows. Calls to NTLM should be replaced by calls to Negotiate, which will try to authenticate with Kerberos and only fall back to NTLM when necessary. For more information, see, [Resources for deprecated features](deprecated-features-resources.md).

**[Update - ANovember 2024]**: NTLMv1 was [removed](removed-features.md) in Windows 11, version 24H2 and Windows Server 20205. | June 2024 | +| NTLM | All versions of [NTLM](/windows/win32/secauthn/microsoft-ntlm), including LANMAN, NTLMv1, and NTLMv2, are no longer under active feature development and are deprecated. Use of NTLM will continue to work in the next feature update for Windows Server and the next annual release of Windows. Calls to NTLM should be replaced by calls to Negotiate, which will try to authenticate with Kerberos and only fall back to NTLM when necessary. For more information, see, [Resources for deprecated features](deprecated-features-resources.md).

**[Update - November 2024]**: NTLMv1 was [removed](removed-features.md) in Windows 11, version 24H2 and Windows Server 20205. | June 2024 | | Driver Verifier GUI (verifiergui.exe) | Driver Verifier GUI, verifiergui.exe, is deprecated and will be removed in a future version of Windows. You can use the [Verifier Command Line](/windows-hardware/drivers/devtest/verifier-command-line) (verifier.exe) instead of the Driver Verifier GUI.| May 2024 | | NPLogonNotify and NPPasswordChangeNotify APIs | Starting in Windows 11, version 24H2, the inclusion of password payload in MPR notifications is set to disabled by default through group policy in [NPLogonNotify](/windows/win32/api/npapi/nf-npapi-nplogonnotify) and [NPPasswordChangeNotify](/windows/win32/api/npapi/nf-npapi-nppasswordchangenotify) APIs. The APIs may be removed in a future release. The primary reason for disabling this feature is to enhance security. When enabled, these APIs allow the caller to retrieve a user's password, presenting potential risks for password exposure and harvesting by malicious users. To include password payload in MPR notifications, set the [EnableMPRNotifications](/windows/client-management/mdm/policy-csp-windowslogon#enablemprnotifications) policy to `enabled`.| March 2024 | | TLS server authentication certificates using RSA keys with key lengths shorter than 2048 bits | Support for certificates using RSA keys with key lengths shorter than 2048 bits will be deprecated. Internet standards and regulatory bodies disallowed the use of 1024-bit keys in 2013, recommending specifically that RSA keys should have a key length of 2048 bits or longer. For more information, see [Transitioning of Cryptographic Algorithms and Key Sizes - Discussion Paper (nist.gov)](https://csrc.nist.gov/CSRC/media/Projects/Key-Management/documents/transitions/Transitioning_CryptoAlgos_070209.pdf). This deprecation focuses on ensuring that all RSA certificates used for TLS server authentication must have key lengths greater than or equal to 2048 bits to be considered valid by Windows.

TLS certificates issued by enterprise or test certification authorities (CA) aren't impacted with this change. However, we recommend that they be updated to RSA keys greater than or equal to 2048 bits as a security best practice. This change is necessary to preserve security of Windows customers using certificates for authentication and cryptographic purposes.| March 2024| From 116f77bcba21ebb05496a020fc1cf646ccb35c6a Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Mon, 18 Nov 2024 15:55:24 -0800 Subject: [PATCH 004/123] dep-rm-ntlm-9544861 --- windows/whats-new/deprecated-features.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/deprecated-features.md b/windows/whats-new/deprecated-features.md index a15a56dfb4..559934b1a5 100644 --- a/windows/whats-new/deprecated-features.md +++ b/windows/whats-new/deprecated-features.md @@ -51,7 +51,7 @@ The features in this article are no longer being actively developed, and might b | Paint 3D | Paint 3D is deprecated and will be removed from the Microsoft Store on November 4, 2024. To view and edit 2D images, you can use [Paint](https://apps.microsoft.com/detail/9pcfs5b6t72h) or [Photos](https://apps.microsoft.com/detail/9wzdncrfjbh4). For viewing 3D content, you can use [3D Viewer](https://apps.microsoft.com/detail/9nblggh42ths). For more information, see [Resources for deprecated features](deprecated-features-resources.md#paint-3d). | August 2024 | | Adobe Type1 fonts | Adobe PostScript Type1 fonts are deprecated and support will be removed in a future release of Windows.

In January 2023, Adobe announced the [end of support for PostScript Type1 fonts](https://helpx.adobe.com/fonts/kb/postscript-type-1-fonts-end-of-support.html) for their latest software offerings. Remove any dependencies on this font type by selecting a supported font type. To display currently installed fonts, go to **Settings** > **Personalization** > **Fonts**. Application developers and content owners should test their apps and data files with the Adobe Type1 fonts removed. For more information, contact the application vendor or Adobe. | August 2024 | | DirectAccess | DirectAccess is deprecated and will be removed in a future release of Windows. We recommend [migrating from DirectAccess to Always On VPN](/windows-server/remote/remote-access/da-always-on-vpn-migration/da-always-on-migration-overview). | June 2024 | -| NTLM | All versions of [NTLM](/windows/win32/secauthn/microsoft-ntlm), including LANMAN, NTLMv1, and NTLMv2, are no longer under active feature development and are deprecated. Use of NTLM will continue to work in the next feature update for Windows Server and the next annual release of Windows. Calls to NTLM should be replaced by calls to Negotiate, which will try to authenticate with Kerberos and only fall back to NTLM when necessary. For more information, see, [Resources for deprecated features](deprecated-features-resources.md).

**[Update - November 2024]**: NTLMv1 was [removed](removed-features.md) in Windows 11, version 24H2 and Windows Server 20205. | June 2024 | +| NTLM | All versions of [NTLM](/windows/win32/secauthn/microsoft-ntlm), including LANMAN, NTLMv1, and NTLMv2, are no longer under active feature development and are deprecated. Use of NTLM will continue to work in the next release of Windows Server and the next annual release of Windows. Calls to NTLM should be replaced by calls to Negotiate, which will try to authenticate with Kerberos and only fall back to NTLM when necessary. For more information, see, [Resources for deprecated features](deprecated-features-resources.md).

**[Update - November 2024]**: NTLMv1 was [removed](removed-features.md) in Windows 11, version 24H2 and Windows Server 20205. NTLM is expected to be fully removed from all editions of Windows with the October 2025 monthly update. | June 2024 | | Driver Verifier GUI (verifiergui.exe) | Driver Verifier GUI, verifiergui.exe, is deprecated and will be removed in a future version of Windows. You can use the [Verifier Command Line](/windows-hardware/drivers/devtest/verifier-command-line) (verifier.exe) instead of the Driver Verifier GUI.| May 2024 | | NPLogonNotify and NPPasswordChangeNotify APIs | Starting in Windows 11, version 24H2, the inclusion of password payload in MPR notifications is set to disabled by default through group policy in [NPLogonNotify](/windows/win32/api/npapi/nf-npapi-nplogonnotify) and [NPPasswordChangeNotify](/windows/win32/api/npapi/nf-npapi-nppasswordchangenotify) APIs. The APIs may be removed in a future release. The primary reason for disabling this feature is to enhance security. When enabled, these APIs allow the caller to retrieve a user's password, presenting potential risks for password exposure and harvesting by malicious users. To include password payload in MPR notifications, set the [EnableMPRNotifications](/windows/client-management/mdm/policy-csp-windowslogon#enablemprnotifications) policy to `enabled`.| March 2024 | | TLS server authentication certificates using RSA keys with key lengths shorter than 2048 bits | Support for certificates using RSA keys with key lengths shorter than 2048 bits will be deprecated. Internet standards and regulatory bodies disallowed the use of 1024-bit keys in 2013, recommending specifically that RSA keys should have a key length of 2048 bits or longer. For more information, see [Transitioning of Cryptographic Algorithms and Key Sizes - Discussion Paper (nist.gov)](https://csrc.nist.gov/CSRC/media/Projects/Key-Management/documents/transitions/Transitioning_CryptoAlgos_070209.pdf). This deprecation focuses on ensuring that all RSA certificates used for TLS server authentication must have key lengths greater than or equal to 2048 bits to be considered valid by Windows.

TLS certificates issued by enterprise or test certification authorities (CA) aren't impacted with this change. However, we recommend that they be updated to RSA keys greater than or equal to 2048 bits as a security best practice. This change is necessary to preserve security of Windows customers using certificates for authentication and cryptographic purposes.| March 2024| From 56ba84506a2c7ede141b0eb071b5ef755fae71af Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Tue, 19 Nov 2024 10:38:11 -0800 Subject: [PATCH 005/123] rem-dep-wininfoprotect-9561151 --- windows/whats-new/deprecated-features.md | 2 +- windows/whats-new/ltsc/whats-new-windows-11-2024.md | 1 + windows/whats-new/removed-features.md | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/whats-new/deprecated-features.md b/windows/whats-new/deprecated-features.md index 386b0a681f..05a7036224 100644 --- a/windows/whats-new/deprecated-features.md +++ b/windows/whats-new/deprecated-features.md @@ -75,7 +75,7 @@ The features in this article are no longer being actively developed, and might b | Microsoft Support Diagnostic Tool (MSDT) | [MSDT](/windows-server/administration/windows-commands/msdt) is deprecated and will be removed in a future release of Windows. MSDT is used to gather diagnostic data for analysis by support professionals. For more information, see [Resources for deprecated features](deprecated-features-resources.md) | January 2023 | | Universal Windows Platform (UWP) Applications for 32-bit Arm | This change is applicable only to devices with an Arm processor, for example Snapdragon processors from Qualcomm. If you have a PC built with a processor from Intel or AMD, this content isn't applicable. If you aren't sure which type of processor you have, check **Settings** > **System** > **About**.

Support for 32-bit Arm versions of applications will be removed in a future release of Windows 11. After this change, for the small number of applications affected, app features might be different and you might notice a difference in performance. For more technical details about this change, see [Update app architecture from Arm32 to Arm64](/windows/arm/arm32-to-arm64). | January 2023 | | Update Compliance | [Update Compliance](/windows/deployment/update/update-compliance-monitor), a cloud-based service for the Windows client, is no longer being developed. This service was replaced with [Windows Update for Business reports](/windows/deployment/update/wufb-reports-overview), which provides reporting on client compliance with Microsoft updates from the Azure portal. | November 2022| -| Windows Information Protection | [Windows Information Protection](/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip) will no longer be developed in future versions of Windows. For more information, see [Announcing sunset of Windows Information Protection (WIP)](https://go.microsoft.com/fwlink/?linkid=2202124).

For your data protection needs, Microsoft recommends that you use [Microsoft Purview Information Protection](/microsoft-365/compliance/information-protection) and [Microsoft Purview Data Loss Prevention](/microsoft-365/compliance/dlp-learn-about-dlp). | July 2022 | +| Windows Information Protection | [Windows Information Protection](/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip) will no longer be developed in future versions of Windows. For more information, see [Announcing sunset of Windows Information Protection (WIP)](https://go.microsoft.com/fwlink/?linkid=2202124).

For your data protection needs, Microsoft recommends that you use [Microsoft Purview Information Protection](/microsoft-365/compliance/information-protection) and [Microsoft Purview Data Loss Prevention](/microsoft-365/compliance/dlp-learn-about-dlp).

**[Update - November 2024]**: Windows Information Protection is removed starting in Windows 11, version 24H2. | July 2022 | | BitLocker To Go Reader | **Note: BitLocker to Go as a feature is still supported.**
Reading of BitLocker-protected removable drives ([BitLocker To Go](/windows/security/information-protection/bitlocker/bitlocker-to-go-faq)) from Windows XP or Windows Vista in later operating systems is deprecated and might be removed in a future release of Windows client.
The following items might not be available in a future release of Windows client:
- ADMX policy: **Allow access to BitLocker-protected removable data drives from earlier versions of Windows**
- Command line parameter: [`manage-bde -DiscoveryVolumeType`](/windows-server/administration/windows-commands/manage-bde-on) (-dv)
- Catalog file: **c:\windows\BitLockerDiscoveryVolumeContents**
- BitLocker 2 Go Reader app: **bitlockertogo.exe** and associated files | 21H1 | | Personalization roaming | Roaming of Personalization settings (including wallpaper, slideshow, accent colors, and lock screen images) is no longer being developed and might be removed in a future release. | 21H1 | | Windows Management Instrumentation command-line (WMIC) utility. | The WMIC utility is deprecated in Windows 10, version 21H1 and the 21H1 General Availability Channel release of Windows Server. This utility is superseded by [Windows PowerShell for WMI](/powershell/scripting/learn/ps101/07-working-with-wmi). Note: This deprecation applies to only the [command-line management utility](/windows/win32/wmisdk/wmic). WMI itself isn't affected.

**[Update - January 2024]**: Currently, WMIC is a Feature on Demand (FoD) that's [preinstalled by default](/windows-hardware/manufacture/desktop/features-on-demand-non-language-fod#wmic) in Windows 11, versions 23H2 and 22H2. In the next release of Windows, the WMIC FoD will be disabled by default. | 21H1 | diff --git a/windows/whats-new/ltsc/whats-new-windows-11-2024.md b/windows/whats-new/ltsc/whats-new-windows-11-2024.md index 3fbb4a3529..8584ed1fab 100644 --- a/windows/whats-new/ltsc/whats-new-windows-11-2024.md +++ b/windows/whats-new/ltsc/whats-new-windows-11-2024.md @@ -156,6 +156,7 @@ Each version of Windows client adds new features and functionality. Occasionally | Feature | Description | |---------|-------------| +| **Windows Information Protection**
[24H2][24H2]| Windows Information Protection is removed starting in Windows 11, version 24H2. | | **WordPad**
[24H2][24H2]| WordPad is removed from all editions of Windows starting in Windows 11, version 24H2 and Windows Server 2025. | | **Alljoyn**
[24H2][24H2] | Microsoft's implementation of AllJoyn, which included the [Windows.Devices.AllJoyn API namespace](/uwp/api/windows.devices.alljoyn), a [Win32 API](/windows/win32/api/_alljoyn/), a [management configuration service provider (CSP)](/windows/client-management/mdm/alljoynmanagement-csp), and an [Alljoyn Router Service](/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server#alljoyn-router-service) is retired. | diff --git a/windows/whats-new/removed-features.md b/windows/whats-new/removed-features.md index 461b15d644..a838588ec9 100644 --- a/windows/whats-new/removed-features.md +++ b/windows/whats-new/removed-features.md @@ -38,6 +38,7 @@ The following features and functionalities have been removed from the installed |Feature | Details and mitigation | Support removed | | ----------- | --------------------- | ------ | +| Windows Information Protection | Windows Information Protection is removed starting in Windows 11, version 24H2. | 24H2 | | Microsoft Defender Application Guard for Edge | [Microsoft Defender Application Guard](/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview), including the [Windows Isolated App Launcher APIs](/windows/win32/api/isolatedapplauncher/), is deprecated for Microsoft Edge for Business and is no longer available starting with Windows 11, version 24H2. | 24H2 | | WordPad | WordPad is removed from all editions of Windows starting in Windows 11, version 24H2 and Windows Server 2025. We recommend Microsoft Word for rich text documents like .doc and .rtf and Windows Notepad for plain text documents like .txt. If you're a developer and need information about the affected binaries, see [Resources for deprecated features](deprecated-features-resources.md#wordpad). | October 1, 2024 | | Alljoyn | Microsoft's implementation of AllJoyn, which included the [Windows.Devices.AllJoyn API namespace](/uwp/api/windows.devices.alljoyn), a [Win32 API](/windows/win32/api/_alljoyn/), a [management configuration service provider (CSP)](/windows/client-management/mdm/alljoynmanagement-csp), and an [Alljoyn Router Service](/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server#alljoyn-router-service) is retired. [AllJoyn](https://openconnectivity.org/technology/reference-implementation/alljoyn/), sponsored by AllSeen Alliance, was an open source discovery and communication protocol for Internet of Things scenarios such as turning on/off lights or reading temperatures. AllSeen Alliance promoted the AllJoyn project from 2013 until 2016 when it merged with the Open Connectivity Foundation (OCF), the sponsors of [Iotivity.org](https://iotivity.org/), another protocol for Internet of Things scenarios. Customers should refer to the [Iotivity.org](https://iotivity.org/) website for alternatives such as [Iotivity Lite](https://github.com/iotivity/iotivity-lite) or [Iotivity](https://github.com/iotivity/iotivity). | October 1, 2024 | From 6a4640994b9e1d1c3d317a0c3e684ff0e4ac943d Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Thu, 21 Nov 2024 14:42:52 -0800 Subject: [PATCH 006/123] edits --- windows/whats-new/deprecated-features.md | 2 +- windows/whats-new/whats-new-windows-11-version-24h2.md | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/whats-new/deprecated-features.md b/windows/whats-new/deprecated-features.md index 559934b1a5..c1ee69bfef 100644 --- a/windows/whats-new/deprecated-features.md +++ b/windows/whats-new/deprecated-features.md @@ -51,7 +51,7 @@ The features in this article are no longer being actively developed, and might b | Paint 3D | Paint 3D is deprecated and will be removed from the Microsoft Store on November 4, 2024. To view and edit 2D images, you can use [Paint](https://apps.microsoft.com/detail/9pcfs5b6t72h) or [Photos](https://apps.microsoft.com/detail/9wzdncrfjbh4). For viewing 3D content, you can use [3D Viewer](https://apps.microsoft.com/detail/9nblggh42ths). For more information, see [Resources for deprecated features](deprecated-features-resources.md#paint-3d). | August 2024 | | Adobe Type1 fonts | Adobe PostScript Type1 fonts are deprecated and support will be removed in a future release of Windows.

In January 2023, Adobe announced the [end of support for PostScript Type1 fonts](https://helpx.adobe.com/fonts/kb/postscript-type-1-fonts-end-of-support.html) for their latest software offerings. Remove any dependencies on this font type by selecting a supported font type. To display currently installed fonts, go to **Settings** > **Personalization** > **Fonts**. Application developers and content owners should test their apps and data files with the Adobe Type1 fonts removed. For more information, contact the application vendor or Adobe. | August 2024 | | DirectAccess | DirectAccess is deprecated and will be removed in a future release of Windows. We recommend [migrating from DirectAccess to Always On VPN](/windows-server/remote/remote-access/da-always-on-vpn-migration/da-always-on-migration-overview). | June 2024 | -| NTLM | All versions of [NTLM](/windows/win32/secauthn/microsoft-ntlm), including LANMAN, NTLMv1, and NTLMv2, are no longer under active feature development and are deprecated. Use of NTLM will continue to work in the next release of Windows Server and the next annual release of Windows. Calls to NTLM should be replaced by calls to Negotiate, which will try to authenticate with Kerberos and only fall back to NTLM when necessary. For more information, see, [Resources for deprecated features](deprecated-features-resources.md).

**[Update - November 2024]**: NTLMv1 was [removed](removed-features.md) in Windows 11, version 24H2 and Windows Server 20205. NTLM is expected to be fully removed from all editions of Windows with the October 2025 monthly update. | June 2024 | +| NTLM | All versions of [NTLM](/windows/win32/secauthn/microsoft-ntlm), including LANMAN, NTLMv1, and NTLMv2, are no longer under active feature development and are deprecated. Use of NTLM will continue to work in the next release of Windows Server and the next annual release of Windows. Calls to NTLM should be replaced by calls to Negotiate, which will try to authenticate with Kerberos and only fall back to NTLM when necessary. For more information, see, [Resources for deprecated features](deprecated-features-resources.md).

**[Update - November 2024]**: NTLMv1 was [removed](removed-features.md) starting in Windows 11, version 24H2 and Windows Server 20205. | June 2024 | | Driver Verifier GUI (verifiergui.exe) | Driver Verifier GUI, verifiergui.exe, is deprecated and will be removed in a future version of Windows. You can use the [Verifier Command Line](/windows-hardware/drivers/devtest/verifier-command-line) (verifier.exe) instead of the Driver Verifier GUI.| May 2024 | | NPLogonNotify and NPPasswordChangeNotify APIs | Starting in Windows 11, version 24H2, the inclusion of password payload in MPR notifications is set to disabled by default through group policy in [NPLogonNotify](/windows/win32/api/npapi/nf-npapi-nplogonnotify) and [NPPasswordChangeNotify](/windows/win32/api/npapi/nf-npapi-nppasswordchangenotify) APIs. The APIs may be removed in a future release. The primary reason for disabling this feature is to enhance security. When enabled, these APIs allow the caller to retrieve a user's password, presenting potential risks for password exposure and harvesting by malicious users. To include password payload in MPR notifications, set the [EnableMPRNotifications](/windows/client-management/mdm/policy-csp-windowslogon#enablemprnotifications) policy to `enabled`.| March 2024 | | TLS server authentication certificates using RSA keys with key lengths shorter than 2048 bits | Support for certificates using RSA keys with key lengths shorter than 2048 bits will be deprecated. Internet standards and regulatory bodies disallowed the use of 1024-bit keys in 2013, recommending specifically that RSA keys should have a key length of 2048 bits or longer. For more information, see [Transitioning of Cryptographic Algorithms and Key Sizes - Discussion Paper (nist.gov)](https://csrc.nist.gov/CSRC/media/Projects/Key-Management/documents/transitions/Transitioning_CryptoAlgos_070209.pdf). This deprecation focuses on ensuring that all RSA certificates used for TLS server authentication must have key lengths greater than or equal to 2048 bits to be considered valid by Windows.

TLS certificates issued by enterprise or test certification authorities (CA) aren't impacted with this change. However, we recommend that they be updated to RSA keys greater than or equal to 2048 bits as a security best practice. This change is necessary to preserve security of Windows customers using certificates for authentication and cryptographic purposes.| March 2024| diff --git a/windows/whats-new/whats-new-windows-11-version-24h2.md b/windows/whats-new/whats-new-windows-11-version-24h2.md index 5c492a24d8..43aa6777ed 100644 --- a/windows/whats-new/whats-new-windows-11-version-24h2.md +++ b/windows/whats-new/whats-new-windows-11-version-24h2.md @@ -242,5 +242,6 @@ The following developer APIs were added or updated: The following [deprecated features](deprecated-features.md) are [removed](removed-features.md) in Windows 11, version 24H2: +- **NTLMv1**: NTLMv1 is removed from Windows starting in Windows 11, version 24H2 and Windows Server 2025. - **WordPad**: WordPad is removed from all editions of Windows starting in Windows 11, version 24H2 and Windows Server 2025. - **Alljoyn**: Microsoft's implementation of AllJoyn, which included the [Windows.Devices.AllJoyn API namespace](/uwp/api/windows.devices.alljoyn), a [Win32 API](/windows/win32/api/_alljoyn/), a [management configuration service provider (CSP)](/windows/client-management/mdm/alljoynmanagement-csp), and an [Alljoyn Router Service](/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server#alljoyn-router-service) is retired. From 849f540f3742fff5530e8b2e16660cee54ed3080 Mon Sep 17 00:00:00 2001 From: "Chris J. Lin" <36452239+chrisjlin@users.noreply.github.com> Date: Thu, 21 Nov 2024 16:07:30 -0800 Subject: [PATCH 007/123] Update mcc-ent-deploy-to-windows.md Call out "log on as batch job" in a Note box for better visibility. --- windows/deployment/do/mcc-ent-deploy-to-windows.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/deployment/do/mcc-ent-deploy-to-windows.md b/windows/deployment/do/mcc-ent-deploy-to-windows.md index ba27a5f82f..be4f2d9a64 100644 --- a/windows/deployment/do/mcc-ent-deploy-to-windows.md +++ b/windows/deployment/do/mcc-ent-deploy-to-windows.md @@ -33,7 +33,10 @@ Before deploying Connected Cache to a Windows host machine, ensure that the host For gMSAs, the value should be formatted as `"Domain\Username$"`. For Local User accounts, `$User` should be formatted as `"LocalMachineName\Username"`. - If you're using a Local User account as the Connected Cache runtime account, you'll also need to create a [PSCredential Object](/dotnet/api/system.management.automation.pscredential) named `$myLocalAccountCredential`. **Note**: You'll need to apply a local security policy to permit the Local User account to `Log on as a batch job`. + If you're using a Local User account as the Connected Cache runtime account, you'll also need to create a [PSCredential Object](/dotnet/api/system.management.automation.pscredential) named `$myLocalAccountCredential`. + + >[!Note] + >* You'll need to apply a local security policy to permit the Local User account to `Log on as a batch job`. 1. Run the provisioning command on the host machine. From c069ce9408a584269f8724a76a53f3225035277a Mon Sep 17 00:00:00 2001 From: "Chris J. Lin" <36452239+chrisjlin@users.noreply.github.com> Date: Thu, 21 Nov 2024 16:13:53 -0800 Subject: [PATCH 008/123] Update mcc-ent-deploy-to-windows.md Revising note about where the provisioning package should be extracted to on the host machine --- windows/deployment/do/mcc-ent-deploy-to-windows.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/windows/deployment/do/mcc-ent-deploy-to-windows.md b/windows/deployment/do/mcc-ent-deploy-to-windows.md index be4f2d9a64..e1ff1c2af4 100644 --- a/windows/deployment/do/mcc-ent-deploy-to-windows.md +++ b/windows/deployment/do/mcc-ent-deploy-to-windows.md @@ -26,7 +26,11 @@ Before deploying Connected Cache to a Windows host machine, ensure that the host # [Azure portal](#tab/portal) 1. Within the Azure portal, navigate to the **Provisioning** tab of your cache node and copy the provisioning command. -1. Download the provisioning package using the option at the top of the Cache Node Configuration page and extract the package onto the host machine. **Note**: The installer should be in a folder that isn't synced to OneDrive, as this will interfere with the installation process. +1. Download the provisioning package using the option at the top of the Cache Node Configuration page and extract the archive onto the host machine. + + >[!Note] + >* The provisioning package should be extracted to a directory that isn't synced to OneDrive, as the sychronization process will interfere with the installation. It is recommended to extract the provisioning package to the root directory of the host machine (e.g. C:\mccInstaller) + 1. Open a PowerShell window *as administrator* on the host machine, then change directory to the extracted provisioning package. 1. Set the Execution Policy to *Unrestricted* to allow the provisioning scripts to run. 1. Create a `$User` environment variable containing the username of the account you intend to designate as the Connected Cache runtime account. From 10afec4a8501bc49a2399daec8776630bf95418b Mon Sep 17 00:00:00 2001 From: "Chris J. Lin" <36452239+chrisjlin@users.noreply.github.com> Date: Thu, 21 Nov 2024 16:17:17 -0800 Subject: [PATCH 009/123] Update mcc-ent-deploy-to-windows.md Corrected "environment variable" to "PowerShell variable" --- windows/deployment/do/mcc-ent-deploy-to-windows.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/do/mcc-ent-deploy-to-windows.md b/windows/deployment/do/mcc-ent-deploy-to-windows.md index e1ff1c2af4..0c3eb345fb 100644 --- a/windows/deployment/do/mcc-ent-deploy-to-windows.md +++ b/windows/deployment/do/mcc-ent-deploy-to-windows.md @@ -33,9 +33,9 @@ Before deploying Connected Cache to a Windows host machine, ensure that the host 1. Open a PowerShell window *as administrator* on the host machine, then change directory to the extracted provisioning package. 1. Set the Execution Policy to *Unrestricted* to allow the provisioning scripts to run. -1. Create a `$User` environment variable containing the username of the account you intend to designate as the Connected Cache runtime account. +1. Create a `$User` PowerShell variable containing the username of the account you intend to designate as the Connected Cache runtime account. - For gMSAs, the value should be formatted as `"Domain\Username$"`. For Local User accounts, `$User` should be formatted as `"LocalMachineName\Username"`. + For gMSAs, the `$User` PowerShell variable should be formatted as `"Domain\Username$"`. For Local User accounts, `$User` PowerShell variable should be formatted as `"LocalMachineName\Username"`. If you're using a Local User account as the Connected Cache runtime account, you'll also need to create a [PSCredential Object](/dotnet/api/system.management.automation.pscredential) named `$myLocalAccountCredential`. From 9c29d9d59fa791138e87a09ce88ef0d80cd26404 Mon Sep 17 00:00:00 2001 From: chrisjlin <36452239+chrisjlin@users.noreply.github.com> Date: Thu, 21 Nov 2024 16:40:37 -0800 Subject: [PATCH 010/123] Adding cloud proxy instructions --- windows/deployment/do/mcc-ent-deploy-to-linux.md | 4 ++++ windows/deployment/do/mcc-ent-deploy-to-windows.md | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/windows/deployment/do/mcc-ent-deploy-to-linux.md b/windows/deployment/do/mcc-ent-deploy-to-linux.md index 0fc31cdf23..90c6496c58 100644 --- a/windows/deployment/do/mcc-ent-deploy-to-linux.md +++ b/windows/deployment/do/mcc-ent-deploy-to-linux.md @@ -26,6 +26,10 @@ Before deploying Connected Cache to a Linux host machine, ensure that the host m 1. Within the Azure portal, navigate to the **Provisioning** tab of your cache node and copy the provisioning command. 1. Download the provisioning package using the option at the top of the Cache Node Configuration page and extract the package onto the host machine. 1. Open a command line window *as administrator* on the host machine, then change directory to the extracted provisioning package. + + >[!Note] + >* If you are deploying your cache node to a host machine that uses a TLS-inspecting proxy (e.g. ZScaler), ensure that you've [configured the proxy settings](mcc-ent-create-resource-and-cache.md#proxy-settings) for your cache node, then place the proxy certificate file (.pem) in the extracted provisioning package directory and add `-proxyTlsCertificatePath [path to certificate]` to the provisioning command. + 1. Set access permissions to allow the `provisionmcc.sh` script within the provisioning package directory to execute. 1. Run the provisioning command on the host machine. diff --git a/windows/deployment/do/mcc-ent-deploy-to-windows.md b/windows/deployment/do/mcc-ent-deploy-to-windows.md index 0c3eb345fb..9beba0bc51 100644 --- a/windows/deployment/do/mcc-ent-deploy-to-windows.md +++ b/windows/deployment/do/mcc-ent-deploy-to-windows.md @@ -32,6 +32,10 @@ Before deploying Connected Cache to a Windows host machine, ensure that the host >* The provisioning package should be extracted to a directory that isn't synced to OneDrive, as the sychronization process will interfere with the installation. It is recommended to extract the provisioning package to the root directory of the host machine (e.g. C:\mccInstaller) 1. Open a PowerShell window *as administrator* on the host machine, then change directory to the extracted provisioning package. + + >[!Note] + >* If you are deploying your cache node to a host machine that uses a TLS-inspecting proxy (e.g. ZScaler), ensure that you've [configured the proxy settings](mcc-ent-create-resource-and-cache.md#proxy-settings) for your cache node, then place the proxy certificate file (.pem) in the extracted provisioning package directory and add `-proxyTlsCertificatePemFileName [path to certificate]` to the provisioning command. + 1. Set the Execution Policy to *Unrestricted* to allow the provisioning scripts to run. 1. Create a `$User` PowerShell variable containing the username of the account you intend to designate as the Connected Cache runtime account. From 37751bd7af494b751ee16970194c1ef87ae1c772 Mon Sep 17 00:00:00 2001 From: chrisjlin <36452239+chrisjlin@users.noreply.github.com> Date: Thu, 21 Nov 2024 16:48:24 -0800 Subject: [PATCH 011/123] Adding cloud proxy changes to CLI tab --- .../deployment/do/mcc-ent-deploy-to-linux.md | 4 +++ .../do/mcc-ent-deploy-to-windows.md | 31 +++++++++++++------ 2 files changed, 25 insertions(+), 10 deletions(-) diff --git a/windows/deployment/do/mcc-ent-deploy-to-linux.md b/windows/deployment/do/mcc-ent-deploy-to-linux.md index 90c6496c58..583667db47 100644 --- a/windows/deployment/do/mcc-ent-deploy-to-linux.md +++ b/windows/deployment/do/mcc-ent-deploy-to-linux.md @@ -46,6 +46,10 @@ To deploy a cache node programmatically, you'll need to use Azure CLI to get the 1. Save the resulting output. These values will be passed as parameters within the provisioning command. 1. Download and extract the [Connected Cache provisioning package for Linux](https://aka.ms/MCC-Ent-InstallScript-Linux) to your host machine. 1. Open a command line window *as administrator* on the host machine, then change directory to the extracted provisioning package. + + >[!Note] + >* If you are deploying your cache node to a host machine that uses a TLS-inspecting proxy (e.g. ZScaler), ensure that you've [configured the proxy settings](mcc-ent-create-resource-and-cache.md#proxy-settings) for your cache node, then place the proxy certificate file (.pem) in the extracted provisioning package directory and add `-proxyTlsCertificatePath [path to certificate]` to the provisioning command. + 1. Set access permissions to allow the `provisionmcc.sh` script within the provisioning package directory to execute. 1. Replace the values in the following provisioning command before running it on the host machine. diff --git a/windows/deployment/do/mcc-ent-deploy-to-windows.md b/windows/deployment/do/mcc-ent-deploy-to-windows.md index 9beba0bc51..30134d9e04 100644 --- a/windows/deployment/do/mcc-ent-deploy-to-windows.md +++ b/windows/deployment/do/mcc-ent-deploy-to-windows.md @@ -28,13 +28,13 @@ Before deploying Connected Cache to a Windows host machine, ensure that the host 1. Within the Azure portal, navigate to the **Provisioning** tab of your cache node and copy the provisioning command. 1. Download the provisioning package using the option at the top of the Cache Node Configuration page and extract the archive onto the host machine. - >[!Note] - >* The provisioning package should be extracted to a directory that isn't synced to OneDrive, as the sychronization process will interfere with the installation. It is recommended to extract the provisioning package to the root directory of the host machine (e.g. C:\mccInstaller) + >[!Note] + >* The provisioning package should be extracted to a directory that isn't synced to OneDrive, as the sychronization process will interfere with the installation. It is recommended to extract the provisioning package to the root directory of the host machine (e.g. C:\mccInstaller) 1. Open a PowerShell window *as administrator* on the host machine, then change directory to the extracted provisioning package. - >[!Note] - >* If you are deploying your cache node to a host machine that uses a TLS-inspecting proxy (e.g. ZScaler), ensure that you've [configured the proxy settings](mcc-ent-create-resource-and-cache.md#proxy-settings) for your cache node, then place the proxy certificate file (.pem) in the extracted provisioning package directory and add `-proxyTlsCertificatePemFileName [path to certificate]` to the provisioning command. + >[!Note] + >* If you are deploying your cache node to a host machine that uses a TLS-inspecting proxy (e.g. ZScaler), ensure that you've [configured the proxy settings](mcc-ent-create-resource-and-cache.md#proxy-settings) for your cache node, then place the proxy certificate file (.pem) in the extracted provisioning package directory and add `-proxyTlsCertificatePemFileName [path to certificate]` to the provisioning command. 1. Set the Execution Policy to *Unrestricted* to allow the provisioning scripts to run. 1. Create a `$User` PowerShell variable containing the username of the account you intend to designate as the Connected Cache runtime account. @@ -59,22 +59,33 @@ To deploy a cache node programmatically, you'll need to use Azure CLI to get the ``` 1. Save the resulting output. These values will be passed as parameters within the provisioning command. -1. Download and extract the [Connected Cache provisioning package for Windows](https://aka.ms/MCC-Ent-InstallScript-WSL) to your host machine. **Note**: The installer should be in a folder that isn't synced to OneDrive, as this will interfere with the installation process. +1. Download and extract the [Connected Cache provisioning package for Windows](https://aka.ms/MCC-Ent-InstallScript-WSL) to your host machine. + + >[!Note] + >* The provisioning package should be extracted to a directory that isn't synced to OneDrive, as the sychronization process will interfere with the installation. It is recommended to extract the provisioning package to the root directory of the host machine (e.g. C:\mccInstaller) + 1. Open a PowerShell window *as administrator* on the host machine, then change directory to the extracted provisioning package. + + >[!Note] + >* If you are deploying your cache node to a host machine that uses a TLS-inspecting proxy (e.g. ZScaler), ensure that you've [configured the proxy settings](mcc-ent-create-resource-and-cache.md#proxy-settings) for your cache node, then place the proxy certificate file (.pem) in the extracted provisioning package directory and add `-proxyTlsCertificatePath [path to certificate]` to the provisioning command. + 1. Set the Execution Policy to *Unrestricted* to allow the provisioning scripts to run. -1. Create a `$User` environment variable containing the username of the account you intend to designate as the Connected Cache runtime account. +1. Create a `$User` PowerShell variable containing the username of the account you intend to designate as the Connected Cache runtime account. - For gMSAs, the value should be formatted as `"Domain\Username$"`. For Local User accounts, `$User` should be formatted as `"LocalMachineName\Username"`. + For gMSAs, the `$User` PowerShell variable should be formatted as `"Domain\Username$"`. For Local User accounts, the `$User` PowerShell variable should be formatted as `"LocalMachineName\Username"`. - If you're using a Local User account as the Connected Cache runtime account, you'll also need to create a [PSCredential Object](/dotnet/api/system.management.automation.pscredential) named `$myLocalAccountCredential`. **Note**: You'll need to apply a local security policy to permit the Local User account to `Log on as a batch job`. + If you're using a Local User account as the Connected Cache runtime account, you'll also need to create a [PSCredential Object](/dotnet/api/system.management.automation.pscredential) named `$myLocalAccountCredential`. -1. Replace the values in the following provisioning command before running it on the host machine. **Note**: `-mccLocalAccountCredential $myLocalAccountCredential` is only needed if you're using a Local User account as the Connected Cache runtime account. + >[!Note] + >* You'll need to apply a local security policy to permit the Local User account to `Log on as a batch job`. + +1. Replace the values in the following provisioning command before running it on the host machine. ```powershell-interactive ./provisionmcconwsl.ps1 -installationFolder c:\mccwsl01 -customerid [enter mccResourceId here] -cachenodeid [enter cacheNodeId here] -customerkey [enter customerKey here] -registrationkey [enter registration key] -cacheDrives "/var/mcc,enter drive size" -shouldUseProxy [enter true if present, enter false if not] -proxyurl "http://[enter proxy host name]:[enter port]" -mccRunTimeAccount $User -mccLocalAccountCredential $myLocalAccountCredential ``` ---- +--- ## Steps to point Windows client devices at Connected Cache node From ecdd05bca34a9fbca34f1fbd7107cba517381423 Mon Sep 17 00:00:00 2001 From: chrisjlin <36452239+chrisjlin@users.noreply.github.com> Date: Thu, 21 Nov 2024 17:07:23 -0800 Subject: [PATCH 012/123] Correcting syntax for pem file parameters --- windows/deployment/do/mcc-ent-deploy-to-linux.md | 4 ++-- windows/deployment/do/mcc-ent-deploy-to-windows.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/deployment/do/mcc-ent-deploy-to-linux.md b/windows/deployment/do/mcc-ent-deploy-to-linux.md index 583667db47..6ca1ef6192 100644 --- a/windows/deployment/do/mcc-ent-deploy-to-linux.md +++ b/windows/deployment/do/mcc-ent-deploy-to-linux.md @@ -28,7 +28,7 @@ Before deploying Connected Cache to a Linux host machine, ensure that the host m 1. Open a command line window *as administrator* on the host machine, then change directory to the extracted provisioning package. >[!Note] - >* If you are deploying your cache node to a host machine that uses a TLS-inspecting proxy (e.g. ZScaler), ensure that you've [configured the proxy settings](mcc-ent-create-resource-and-cache.md#proxy-settings) for your cache node, then place the proxy certificate file (.pem) in the extracted provisioning package directory and add `-proxyTlsCertificatePath [path to certificate]` to the provisioning command. + >* If you are deploying your cache node to a host machine that uses a TLS-inspecting proxy (e.g. ZScaler), ensure that you've [configured the proxy settings](mcc-ent-create-resource-and-cache.md#proxy-settings) for your cache node, then place the proxy certificate file (.pem) in the extracted provisioning package directory and add `proxyTlsCertificatePath="/path/to/pem/file"` to the provisioning command. 1. Set access permissions to allow the `provisionmcc.sh` script within the provisioning package directory to execute. 1. Run the provisioning command on the host machine. @@ -48,7 +48,7 @@ To deploy a cache node programmatically, you'll need to use Azure CLI to get the 1. Open a command line window *as administrator* on the host machine, then change directory to the extracted provisioning package. >[!Note] - >* If you are deploying your cache node to a host machine that uses a TLS-inspecting proxy (e.g. ZScaler), ensure that you've [configured the proxy settings](mcc-ent-create-resource-and-cache.md#proxy-settings) for your cache node, then place the proxy certificate file (.pem) in the extracted provisioning package directory and add `-proxyTlsCertificatePath [path to certificate]` to the provisioning command. + >* If you are deploying your cache node to a host machine that uses a TLS-inspecting proxy (e.g. ZScaler), ensure that you've [configured the proxy settings](mcc-ent-create-resource-and-cache.md#proxy-settings) for your cache node, then place the proxy certificate file (.pem) in the extracted provisioning package directory and add `proxyTlsCertificatePath="/path/to/pem/file"` to the provisioning command. 1. Set access permissions to allow the `provisionmcc.sh` script within the provisioning package directory to execute. 1. Replace the values in the following provisioning command before running it on the host machine. diff --git a/windows/deployment/do/mcc-ent-deploy-to-windows.md b/windows/deployment/do/mcc-ent-deploy-to-windows.md index 30134d9e04..105def16cf 100644 --- a/windows/deployment/do/mcc-ent-deploy-to-windows.md +++ b/windows/deployment/do/mcc-ent-deploy-to-windows.md @@ -34,7 +34,7 @@ Before deploying Connected Cache to a Windows host machine, ensure that the host 1. Open a PowerShell window *as administrator* on the host machine, then change directory to the extracted provisioning package. >[!Note] - >* If you are deploying your cache node to a host machine that uses a TLS-inspecting proxy (e.g. ZScaler), ensure that you've [configured the proxy settings](mcc-ent-create-resource-and-cache.md#proxy-settings) for your cache node, then place the proxy certificate file (.pem) in the extracted provisioning package directory and add `-proxyTlsCertificatePemFileName [path to certificate]` to the provisioning command. + >* If you are deploying your cache node to a host machine that uses a TLS-inspecting proxy (e.g. ZScaler), ensure that you've [configured the proxy settings](mcc-ent-create-resource-and-cache.md#proxy-settings) for your cache node, then place the proxy certificate file (.pem) in the extracted provisioning package directory and add `-proxyTlsCertificatePemFileName "path/to/pem/file"` to the provisioning command. 1. Set the Execution Policy to *Unrestricted* to allow the provisioning scripts to run. 1. Create a `$User` PowerShell variable containing the username of the account you intend to designate as the Connected Cache runtime account. @@ -67,7 +67,7 @@ To deploy a cache node programmatically, you'll need to use Azure CLI to get the 1. Open a PowerShell window *as administrator* on the host machine, then change directory to the extracted provisioning package. >[!Note] - >* If you are deploying your cache node to a host machine that uses a TLS-inspecting proxy (e.g. ZScaler), ensure that you've [configured the proxy settings](mcc-ent-create-resource-and-cache.md#proxy-settings) for your cache node, then place the proxy certificate file (.pem) in the extracted provisioning package directory and add `-proxyTlsCertificatePath [path to certificate]` to the provisioning command. + >* If you are deploying your cache node to a host machine that uses a TLS-inspecting proxy (e.g. ZScaler), ensure that you've [configured the proxy settings](mcc-ent-create-resource-and-cache.md#proxy-settings) for your cache node, then place the proxy certificate file (.pem) in the extracted provisioning package directory and add `-proxyTlsCertificatePath "path/to/pem/file"` to the provisioning command. 1. Set the Execution Policy to *Unrestricted* to allow the provisioning scripts to run. 1. Create a `$User` PowerShell variable containing the username of the account you intend to designate as the Connected Cache runtime account. From a86b481580431f663a3f8032e9ea6f021c502633 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 22 Nov 2024 11:34:29 -0800 Subject: [PATCH 013/123] edits --- windows/whats-new/ltsc/whats-new-windows-11-2024.md | 1 - windows/whats-new/removed-features.md | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/whats-new/ltsc/whats-new-windows-11-2024.md b/windows/whats-new/ltsc/whats-new-windows-11-2024.md index 0a7a2c5404..3fbb4a3529 100644 --- a/windows/whats-new/ltsc/whats-new-windows-11-2024.md +++ b/windows/whats-new/ltsc/whats-new-windows-11-2024.md @@ -156,7 +156,6 @@ Each version of Windows client adds new features and functionality. Occasionally | Feature | Description | |---------|-------------| -| NTLMv1
[24H2][24H2] | NTLMv1 is removed from all editions of Windows starting in Windows 11, version 24H2 and Windows Server 2025. | | **WordPad**
[24H2][24H2]| WordPad is removed from all editions of Windows starting in Windows 11, version 24H2 and Windows Server 2025. | | **Alljoyn**
[24H2][24H2] | Microsoft's implementation of AllJoyn, which included the [Windows.Devices.AllJoyn API namespace](/uwp/api/windows.devices.alljoyn), a [Win32 API](/windows/win32/api/_alljoyn/), a [management configuration service provider (CSP)](/windows/client-management/mdm/alljoynmanagement-csp), and an [Alljoyn Router Service](/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server#alljoyn-router-service) is retired. | diff --git a/windows/whats-new/removed-features.md b/windows/whats-new/removed-features.md index 50da138236..4f0982e550 100644 --- a/windows/whats-new/removed-features.md +++ b/windows/whats-new/removed-features.md @@ -38,7 +38,7 @@ The following features and functionalities have been removed from the installed |Feature | Details and mitigation | Support removed | | ----------- | --------------------- | ------ | -| NTLMv1 | NTLMv1 is removed from all editions of Windows starting in Windows 11, version 24H2 and Windows Server 2025. | 24H2 | +| NTLMv1 | NTLMv1 is removed starting in Windows 11, version 24H2 and Windows Server 2025. | 24H2 | | Microsoft Defender Application Guard for Edge | [Microsoft Defender Application Guard](/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview), including the [Windows Isolated App Launcher APIs](/windows/win32/api/isolatedapplauncher/), is deprecated for Microsoft Edge for Business and is no longer available starting with Windows 11, version 24H2. | 24H2 | | WordPad | WordPad is removed from all editions of Windows starting in Windows 11, version 24H2 and Windows Server 2025. We recommend Microsoft Word for rich text documents like .doc and .rtf and Windows Notepad for plain text documents like .txt. If you're a developer and need information about the affected binaries, see [Resources for deprecated features](deprecated-features-resources.md#wordpad). | October 1, 2024 | | Alljoyn | Microsoft's implementation of AllJoyn, which included the [Windows.Devices.AllJoyn API namespace](/uwp/api/windows.devices.alljoyn), a [Win32 API](/windows/win32/api/_alljoyn/), a [management configuration service provider (CSP)](/windows/client-management/mdm/alljoynmanagement-csp), and an [Alljoyn Router Service](/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server#alljoyn-router-service) is retired. [AllJoyn](https://openconnectivity.org/technology/reference-implementation/alljoyn/), sponsored by AllSeen Alliance, was an open source discovery and communication protocol for Internet of Things scenarios such as turning on/off lights or reading temperatures. AllSeen Alliance promoted the AllJoyn project from 2013 until 2016 when it merged with the Open Connectivity Foundation (OCF), the sponsors of [Iotivity.org](https://iotivity.org/), another protocol for Internet of Things scenarios. Customers should refer to the [Iotivity.org](https://iotivity.org/) website for alternatives such as [Iotivity Lite](https://github.com/iotivity/iotivity-lite) or [Iotivity](https://github.com/iotivity/iotivity). | October 1, 2024 | From c1510158919997ca41bf4312e1febeb843f4a5f8 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 22 Nov 2024 11:42:39 -0800 Subject: [PATCH 014/123] edit --- windows/whats-new/deprecated-features.md | 2 +- windows/whats-new/whats-new-windows-11-version-24h2.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/whats-new/deprecated-features.md b/windows/whats-new/deprecated-features.md index c1ee69bfef..d33a20b305 100644 --- a/windows/whats-new/deprecated-features.md +++ b/windows/whats-new/deprecated-features.md @@ -51,7 +51,7 @@ The features in this article are no longer being actively developed, and might b | Paint 3D | Paint 3D is deprecated and will be removed from the Microsoft Store on November 4, 2024. To view and edit 2D images, you can use [Paint](https://apps.microsoft.com/detail/9pcfs5b6t72h) or [Photos](https://apps.microsoft.com/detail/9wzdncrfjbh4). For viewing 3D content, you can use [3D Viewer](https://apps.microsoft.com/detail/9nblggh42ths). For more information, see [Resources for deprecated features](deprecated-features-resources.md#paint-3d). | August 2024 | | Adobe Type1 fonts | Adobe PostScript Type1 fonts are deprecated and support will be removed in a future release of Windows.

In January 2023, Adobe announced the [end of support for PostScript Type1 fonts](https://helpx.adobe.com/fonts/kb/postscript-type-1-fonts-end-of-support.html) for their latest software offerings. Remove any dependencies on this font type by selecting a supported font type. To display currently installed fonts, go to **Settings** > **Personalization** > **Fonts**. Application developers and content owners should test their apps and data files with the Adobe Type1 fonts removed. For more information, contact the application vendor or Adobe. | August 2024 | | DirectAccess | DirectAccess is deprecated and will be removed in a future release of Windows. We recommend [migrating from DirectAccess to Always On VPN](/windows-server/remote/remote-access/da-always-on-vpn-migration/da-always-on-migration-overview). | June 2024 | -| NTLM | All versions of [NTLM](/windows/win32/secauthn/microsoft-ntlm), including LANMAN, NTLMv1, and NTLMv2, are no longer under active feature development and are deprecated. Use of NTLM will continue to work in the next release of Windows Server and the next annual release of Windows. Calls to NTLM should be replaced by calls to Negotiate, which will try to authenticate with Kerberos and only fall back to NTLM when necessary. For more information, see, [Resources for deprecated features](deprecated-features-resources.md).

**[Update - November 2024]**: NTLMv1 was [removed](removed-features.md) starting in Windows 11, version 24H2 and Windows Server 20205. | June 2024 | +| NTLM | All versions of [NTLM](/windows/win32/secauthn/microsoft-ntlm), including LANMAN, NTLMv1, and NTLMv2, are no longer under active feature development and are deprecated. Use of NTLM will continue to work in the next release of Windows Server and the next annual release of Windows. Calls to NTLM should be replaced by calls to Negotiate, which will try to authenticate with Kerberos and only fall back to NTLM when necessary. For more information, see, [Resources for deprecated features](deprecated-features-resources.md).

**[Update - November 2024]**: NTLMv1 is [removed](removed-features.md) starting in Windows 11, version 24H2 and Windows Server 20205. | June 2024 | | Driver Verifier GUI (verifiergui.exe) | Driver Verifier GUI, verifiergui.exe, is deprecated and will be removed in a future version of Windows. You can use the [Verifier Command Line](/windows-hardware/drivers/devtest/verifier-command-line) (verifier.exe) instead of the Driver Verifier GUI.| May 2024 | | NPLogonNotify and NPPasswordChangeNotify APIs | Starting in Windows 11, version 24H2, the inclusion of password payload in MPR notifications is set to disabled by default through group policy in [NPLogonNotify](/windows/win32/api/npapi/nf-npapi-nplogonnotify) and [NPPasswordChangeNotify](/windows/win32/api/npapi/nf-npapi-nppasswordchangenotify) APIs. The APIs may be removed in a future release. The primary reason for disabling this feature is to enhance security. When enabled, these APIs allow the caller to retrieve a user's password, presenting potential risks for password exposure and harvesting by malicious users. To include password payload in MPR notifications, set the [EnableMPRNotifications](/windows/client-management/mdm/policy-csp-windowslogon#enablemprnotifications) policy to `enabled`.| March 2024 | | TLS server authentication certificates using RSA keys with key lengths shorter than 2048 bits | Support for certificates using RSA keys with key lengths shorter than 2048 bits will be deprecated. Internet standards and regulatory bodies disallowed the use of 1024-bit keys in 2013, recommending specifically that RSA keys should have a key length of 2048 bits or longer. For more information, see [Transitioning of Cryptographic Algorithms and Key Sizes - Discussion Paper (nist.gov)](https://csrc.nist.gov/CSRC/media/Projects/Key-Management/documents/transitions/Transitioning_CryptoAlgos_070209.pdf). This deprecation focuses on ensuring that all RSA certificates used for TLS server authentication must have key lengths greater than or equal to 2048 bits to be considered valid by Windows.

TLS certificates issued by enterprise or test certification authorities (CA) aren't impacted with this change. However, we recommend that they be updated to RSA keys greater than or equal to 2048 bits as a security best practice. This change is necessary to preserve security of Windows customers using certificates for authentication and cryptographic purposes.| March 2024| diff --git a/windows/whats-new/whats-new-windows-11-version-24h2.md b/windows/whats-new/whats-new-windows-11-version-24h2.md index 43aa6777ed..a0e80d62dc 100644 --- a/windows/whats-new/whats-new-windows-11-version-24h2.md +++ b/windows/whats-new/whats-new-windows-11-version-24h2.md @@ -242,6 +242,6 @@ The following developer APIs were added or updated: The following [deprecated features](deprecated-features.md) are [removed](removed-features.md) in Windows 11, version 24H2: -- **NTLMv1**: NTLMv1 is removed from Windows starting in Windows 11, version 24H2 and Windows Server 2025. +- **NTLMv1**: NTLMv1 is removed starting in Windows 11, version 24H2 and Windows Server 2025. - **WordPad**: WordPad is removed from all editions of Windows starting in Windows 11, version 24H2 and Windows Server 2025. - **Alljoyn**: Microsoft's implementation of AllJoyn, which included the [Windows.Devices.AllJoyn API namespace](/uwp/api/windows.devices.alljoyn), a [Win32 API](/windows/win32/api/_alljoyn/), a [management configuration service provider (CSP)](/windows/client-management/mdm/alljoynmanagement-csp), and an [Alljoyn Router Service](/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server#alljoyn-router-service) is retired. From c70d5933b7c2720d0249a75c012e2a9d2cce2d68 Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Tue, 26 Nov 2024 15:39:56 -0500 Subject: [PATCH 015/123] MBR2GPT Article Refresh 2024-11 --- windows/deployment/mbr-to-gpt.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/windows/deployment/mbr-to-gpt.md b/windows/deployment/mbr-to-gpt.md index ecd4861cbb..84a440a5f4 100644 --- a/windows/deployment/mbr-to-gpt.md +++ b/windows/deployment/mbr-to-gpt.md @@ -29,10 +29,10 @@ See the following video for a detailed description and demonstration of MBR2GPT. > [!VIDEO https://www.youtube-nocookie.com/embed/hfJep4hmg9o] -You can use MBR2GPT to: +MBR2GPT can be used to: -- Convert any attached MBR-formatted system disk to the GPT partition format. You can't use the tool to convert non-system disks from MBR to GPT. -- Convert an MBR disk with BitLocker-encrypted volumes as long as protection is suspended. To resume BitLocker after conversion, you'll need to delete the existing protectors and recreate them. +- Convert any attached MBR-formatted system disk to the GPT partition format. The tool can't be used to convert non-system disks from MBR to GPT. +- Convert an MBR disk with BitLocker-encrypted volumes as long as protection is suspended. To resume BitLocker after conversion, the existing protectors need to be deleted and then recreated. - Convert an operating system disk from MBR to GPT using Microsoft Configuration Manager or Microsoft Deployment Toolkit (MDT). Offline conversion of system disks with earlier versions of Windows installed, such as Windows 7, 8, or 8.1 aren't officially supported. The recommended method to convert these disks is to upgrade the operating system to a currently supported version of Windows, then perform the MBR to GPT conversion. @@ -41,7 +41,7 @@ Offline conversion of system disks with earlier versions of Windows installed, s > > After the disk has been converted to GPT partition style, the firmware must be reconfigured to boot in UEFI mode. > -> Make sure that your device supports UEFI before attempting to convert the disk. +> Make sure the device supports UEFI before attempting to convert the disk. ## Disk Prerequisites @@ -93,7 +93,7 @@ MBR2GPT: Validation completed successfully In the following example: -1. The current disk partition layout is displayed prior to conversion using DiskPart - three partitions are present on the MBR disk (disk 0): +1. Using DiskPart the current disk partition layout is displayed before the conversion. Three partitions are present on the MBR disk (disk 0): - A system reserved partition. - A Windows partition. @@ -110,7 +110,7 @@ In the following example: 1. The OS volume is selected again. The detail displays that the OS volume is converted to the [GPT partition type](/windows/win32/api/winioctl/ns-winioctl-partition_information_gpt) of **ebd0a0a2-b9e5-4433-87c0-68b6b72699c7** corresponding to the **PARTITION_BASIC_DATA_GUID** type. -As noted in the output from the MBR2GPT tool, you must make changes to the computer firmware so that the new EFI system partition boots properly. +As noted in the output from the MBR2GPT tool, changes to the computer firmware need to be made so that the new EFI system partition boots properly.
@@ -267,7 +267,7 @@ If the existing MBR system partition isn't reused for the EFI system partition, > [!IMPORTANT] > -> If the existing MBR system partition is not reused for the EFI system partition, it might be assigned a drive letter. If you do not wish to use this small partition, you must manually hide the drive letter. +> If the existing MBR system partition isn't reused for the EFI system partition, it might be assigned a drive letter. If this small partition isn't going to be used, its drive letter must be manually hidden. ### Partition type mapping and partition attributes @@ -290,11 +290,11 @@ For more information about partition types, see: ### Persisting drive letter assignments -The conversion tool attempts to remap all drive letter assignment information contained in the registry that corresponds to the volumes of the converted disk. If a drive letter assignment can't be restored, an error is displayed at the console and in the log, so that you can manually perform the correct assignment of the drive letter. +The conversion tool attempts to remap all drive letter assignment information contained in the registry that corresponds to the volumes of the converted disk. If a drive letter assignment can't be restored, an error is displayed at the console and in the log, so that correct assignment of the drive letter can be manually performed. > [!IMPORTANT] > -> This code runs after the layout conversion has taken place, so the operation cannot be undone at this stage. +> This code runs after the layout conversion takes place, so the operation can't be undone at this stage. The conversion tool will obtain volume unique ID data before and after the layout conversion, organizing this information into a lookup table. It then iterates through all the entries in **HKLM\SYSTEM\MountedDevices**, and for each entry it does the following: @@ -398,7 +398,7 @@ The partition type can be determined in one of three ways: #### Windows PowerShell -You can enter the following command at a Windows PowerShell prompt to display the disk number and partition type: +The following command can be entered at a Windows PowerShell prompt to display the disk number and partition type: ```powershell Get-Disk | ft -Auto @@ -417,7 +417,7 @@ Number Friendly Name Serial Number HealthStatus OperationalStatus To #### Disk Management tool -You can view the partition type of a disk by using the Disk Management tool: +The partition type of a disk can be viewed by using the Disk Management tool: 1. Right-click on the Start Menu and select **Disk Management**. Alternatively, right-click on the Start Menu and select **Run**. In the **Run** dialog box that appears, enter `diskmgmt.msc` and then select **OK**. From c1ce3dbdf4e798bc4a2a670f28e0aae20610f300 Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Tue, 26 Nov 2024 15:40:46 -0500 Subject: [PATCH 016/123] MBR2GPT Article Refresh 2024-11 2 --- windows/deployment/mbr-to-gpt.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/mbr-to-gpt.md b/windows/deployment/mbr-to-gpt.md index 84a440a5f4..51a6fb4e62 100644 --- a/windows/deployment/mbr-to-gpt.md +++ b/windows/deployment/mbr-to-gpt.md @@ -4,7 +4,7 @@ description: Use MBR2GPT.EXE to convert a disk from the Master Boot Record (MBR) ms.service: windows-client author: frankroj ms.author: frankroj -ms.date: 11/16/2023 +ms.date: 11/26/2024 manager: aaroncz ms.localizationpriority: high ms.topic: how-to From 6bed45671cb37ea45e105c980d83b5048fcee4de Mon Sep 17 00:00:00 2001 From: Ruchika Mittal Date: Wed, 27 Nov 2024 03:35:21 +0530 Subject: [PATCH 017/123] Update mbr-to-gpt.md pencil edit --- windows/deployment/mbr-to-gpt.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/mbr-to-gpt.md b/windows/deployment/mbr-to-gpt.md index 51a6fb4e62..1cca882fea 100644 --- a/windows/deployment/mbr-to-gpt.md +++ b/windows/deployment/mbr-to-gpt.md @@ -93,7 +93,7 @@ MBR2GPT: Validation completed successfully In the following example: -1. Using DiskPart the current disk partition layout is displayed before the conversion. Three partitions are present on the MBR disk (disk 0): +1. Using DiskPart, the current disk partition layout is displayed before the conversion. Three partitions are present on the MBR disk (disk 0): - A system reserved partition. - A Windows partition. From a934308ca98089c49f26b293d5119500a1b57395 Mon Sep 17 00:00:00 2001 From: Ruchika Mittal Date: Wed, 27 Nov 2024 03:37:27 +0530 Subject: [PATCH 018/123] Update mbr-to-gpt.md --- windows/deployment/mbr-to-gpt.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/mbr-to-gpt.md b/windows/deployment/mbr-to-gpt.md index 1cca882fea..51a6fb4e62 100644 --- a/windows/deployment/mbr-to-gpt.md +++ b/windows/deployment/mbr-to-gpt.md @@ -93,7 +93,7 @@ MBR2GPT: Validation completed successfully In the following example: -1. Using DiskPart, the current disk partition layout is displayed before the conversion. Three partitions are present on the MBR disk (disk 0): +1. Using DiskPart the current disk partition layout is displayed before the conversion. Three partitions are present on the MBR disk (disk 0): - A system reserved partition. - A Windows partition. From abf6cc5df58ae0999a084dde7839c499954bf20e Mon Sep 17 00:00:00 2001 From: "Vinay Pamnani (from Dev Box)" Date: Wed, 27 Nov 2024 10:56:39 -0700 Subject: [PATCH 019/123] CSP Formatting changes --- .../mdm/assignedaccess-csp.md | 4 +- .../client-management/mdm/devdetail-csp.md | 4 +- windows/client-management/mdm/dmclient-csp.md | 10 +- .../mdm/enterprisemodernappmanagement-csp.md | 8 +- .../mdm/personaldataencryption-csp.md | 282 +++++++++++++++++- .../mdm/personaldataencryption-ddf-file.md | 245 ++++++++++++++- .../mdm/policy-csp-admx-bits.md | 6 +- .../mdm/policy-csp-admx-controlpanel.md | 6 +- .../policy-csp-admx-controlpaneldisplay.md | 4 +- .../mdm/policy-csp-admx-diskdiagnostic.md | 14 +- .../mdm/policy-csp-admx-dnsclient.md | 6 +- .../mdm/policy-csp-admx-explorer.md | 4 +- .../mdm/policy-csp-admx-filerevocation.md | 4 +- .../mdm/policy-csp-admx-filesys.md | 4 +- .../mdm/policy-csp-admx-globalization.md | 8 +- ...icy-csp-admx-microsoftdefenderantivirus.md | 8 +- .../mdm/policy-csp-admx-offlinefiles.md | 6 +- ...y-csp-admx-userexperiencevirtualization.md | 4 +- .../mdm/policy-csp-admx-userprofiles.md | 4 +- .../mdm/policy-csp-admx-windowsexplorer.md | 4 +- .../mdm/policy-csp-applicationmanagement.md | 8 +- .../mdm/policy-csp-attachmentmanager.md | 4 +- .../client-management/mdm/policy-csp-bits.md | 8 +- .../mdm/policy-csp-defender.md | 4 +- .../mdm/policy-csp-internetexplorer.md | 38 +-- .../mdm/policy-csp-mixedreality.md | 4 +- .../mdm/policy-csp-remotedesktopservices.md | 4 +- .../mdm/policy-csp-remoteprocedurecall.md | 6 +- .../mdm/policy-csp-webthreatdefense.md | 4 +- .../mdm/policy-csp-windowsai.md | 10 +- .../mdm/policy-csp-windowslogon.md | 4 +- windows/client-management/mdm/supl-csp.md | 4 +- 32 files changed, 623 insertions(+), 110 deletions(-) diff --git a/windows/client-management/mdm/assignedaccess-csp.md b/windows/client-management/mdm/assignedaccess-csp.md index cc69b6bb5a..279c109882 100644 --- a/windows/client-management/mdm/assignedaccess-csp.md +++ b/windows/client-management/mdm/assignedaccess-csp.md @@ -1,7 +1,7 @@ --- title: AssignedAccess CSP description: Learn more about the AssignedAccess CSP. -ms.date: 04/10/2024 +ms.date: 11/26/2024 --- @@ -126,7 +126,7 @@ To learn how to configure xml file, see [Create an Assigned Access configuration This node can accept and return json string which comprises of account name, and AUMID for Kiosk mode app. -Example: `{"User":"domain\\user", "AUMID":"Microsoft. WindowsCalculator_8wekyb3d8bbwe!App"}`. +Example: `{"User":"domain\\user", "AUMID":"Microsoft.WindowsCalculator_8wekyb3d8bbwe!App"}`. When configuring kiosk mode app, account name will be used to find the target user. Account name includes domain name and user name. Domain name can be optional if user name is unique across the system. For a local account, domain name should be machine name. When "Get" is executed on this node, domain name is always returned in the output. diff --git a/windows/client-management/mdm/devdetail-csp.md b/windows/client-management/mdm/devdetail-csp.md index ef825d0541..a348f66fcb 100644 --- a/windows/client-management/mdm/devdetail-csp.md +++ b/windows/client-management/mdm/devdetail-csp.md @@ -1,7 +1,7 @@ --- title: DevDetail CSP description: Learn more about the DevDetail CSP. -ms.date: 08/06/2024 +ms.date: 11/26/2024 --- @@ -1259,7 +1259,7 @@ Returns the name of the Original Equipment Manufacturer (OEM) as a string, as de -Returns the Windows 10 OS software version in the format MajorVersion. MinorVersion. BuildNumber. QFEnumber. Currently the BuildNumber returns the build number on the desktop and mobile build number on the phone. In the future, the build numbers may converge. +Returns the Windows 10 OS software version in the format `MajorVersion.MinorVersion.BuildNumber.QFEnumber`. Currently the BuildNumber returns the build number on the desktop and mobile build number on the phone. In the future, the build numbers may converge. diff --git a/windows/client-management/mdm/dmclient-csp.md b/windows/client-management/mdm/dmclient-csp.md index 10c971f332..79e8b34817 100644 --- a/windows/client-management/mdm/dmclient-csp.md +++ b/windows/client-management/mdm/dmclient-csp.md @@ -1,7 +1,7 @@ --- title: DMClient CSP description: Learn more about the DMClient CSP. -ms.date: 08/06/2024 +ms.date: 11/26/2024 --- @@ -1654,7 +1654,7 @@ This node allows the MDM to set custom error text, detailing what the user needs -This node contains a list of LocURIs that refer to App Packages the ISV expects to provision via EnterpriseModernAppManagement CSP, delimited by the character L"\xF000". The LocURI will be followed by a semicolon and a number, representing the number of apps included in the App Package. We won't verify that number. E. G. ./Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/PackageFamilyName/PackageFullName/Name;4"\xF000" ./Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/PackageFamilyName/PackageFullName2/Name;2 Which will represent that App Package PackageFullName contains 4 apps, whereas PackageFullName2 contains 2 apps. +This node contains a list of LocURIs that refer to App Packages the ISV expects to provision via EnterpriseModernAppManagement CSP, delimited by the character L"\xF000". The LocURI will be followed by a semicolon and a number, representing the number of apps included in the App Package. We won't verify that number. For example, `./Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/PackageFamilyName/PackageFullName/Name;4"\xF000" ./Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/PackageFamilyName/PackageFullName2/Name;2` Which will represent that App Package PackageFullName contains 4 apps, whereas PackageFullName2 contains 2 apps. @@ -1694,7 +1694,7 @@ This node contains a list of LocURIs that refer to App Packages the ISV expects -This node contains a list of LocURIs that refer to App Packages the ISV expects to provision via EnterpriseDesktopAppManagement CSP, delimited by the character L"\xF000". The LocURI will be followed by a semicolon and a number, representing the number of apps included in the App Package. We won't verify that number. E. G. ./User/Vendor/MSFT/EnterpriseDesktopAppManagement/MSI/ProductID1/Status;4"\xF000" ./User/Vendor/MSFT/EnterpriseDesktopAppManagement/MSI/ProductID2/Status;2 Which will represent that App Package ProductID1 contains 4 apps, whereas ProductID2 contains 2 apps. +This node contains a list of LocURIs that refer to App Packages the ISV expects to provision via EnterpriseDesktopAppManagement CSP, delimited by the character L"\xF000". The LocURI will be followed by a semicolon and a number, representing the number of apps included in the App Package. We won't verify that number. For example, `./User/Vendor/MSFT/EnterpriseDesktopAppManagement/MSI/ProductID1/Status;4"\xF000" ./User/Vendor/MSFT/EnterpriseDesktopAppManagement/MSI/ProductID2/Status;2` Which will represent that App Package ProductID1 contains 4 apps, whereas ProductID2 contains 2 apps. @@ -4311,7 +4311,7 @@ This node allows the MDM to set custom error text, detailing what the user needs -This node contains a list of LocURIs that refer to App Packages the ISV expects to provision via EnterpriseModernAppManagement CSP, delimited by the character L"\xF000". The LocURI will be followed by a semicolon and a number, representing the number of apps included in the App Package. We won't verify that number. E. G. ./Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/PackageFamilyName/PackageFullName/Name;4"\xF000" ./Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/PackageFamilyName/PackageFullName2/Name;2 Which will represent that App Package PackageFullName contains 4 apps, whereas PackageFullName2 contains 2 apps. This is per user. +This node contains a list of LocURIs that refer to App Packages the ISV expects to provision via EnterpriseModernAppManagement CSP, delimited by the character L"\xF000". The LocURI will be followed by a semicolon and a number, representing the number of apps included in the App Package. We won't verify that number. For example, `./Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/PackageFamilyName/PackageFullName/Name;4"\xF000" ./Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/PackageFamilyName/PackageFullName2/Name;2` Which will represent that App Package PackageFullName contains 4 apps, whereas PackageFullName2 contains 2 apps. This is per user. @@ -4351,7 +4351,7 @@ This node contains a list of LocURIs that refer to App Packages the ISV expects -This node contains a list of LocURIs that refer to App Packages the ISV expects to provision via EnterpriseDesktopAppManagement CSP, delimited by the character L"\xF000". The LocURI will be followed by a semicolon and a number, representing the number of apps included in the App Package. We won't verify that number. E. G. ./User/Vendor/MSFT/EnterpriseDesktopAppManagement/MSI/ProductID1/Status;4"\xF000" ./User/Vendor/MSFT/EnterpriseDesktopAppManagement/MSI/ProductID2/Status;2 Which will represent that App Package ProductID1 contains 4 apps, whereas ProductID2 contains 2 apps. This is per user. +This node contains a list of LocURIs that refer to App Packages the ISV expects to provision via EnterpriseDesktopAppManagement CSP, delimited by the character L"\xF000". The LocURI will be followed by a semicolon and a number, representing the number of apps included in the App Package. We won't verify that number. For example, `./User/Vendor/MSFT/EnterpriseDesktopAppManagement/MSI/ProductID1/Status;4"\xF000" ./User/Vendor/MSFT/EnterpriseDesktopAppManagement/MSI/ProductID2/Status;2` Which will represent that App Package ProductID1 contains 4 apps, whereas ProductID2 contains 2 apps. This is per user. diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md index 6357958bf3..fc8a278aae 100644 --- a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md +++ b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md @@ -1,7 +1,7 @@ --- title: EnterpriseModernAppManagement CSP description: Learn more about the EnterpriseModernAppManagement CSP. -ms.date: 09/11/2024 +ms.date: 11/26/2024 --- @@ -6951,7 +6951,7 @@ Interior node for all managed app setting values. -The SettingValue and data represent a key value pair to be configured for the app. The node represents the name of the key and the data represents the value. You can find this value in LocalSettings in the Managed. App. Settings container. +The SettingValue and data represent a key value pair to be configured for the app. The node represents the name of the key and the data represents the value. You can find this value in LocalSettings in the `Managed.App.Settings` container. @@ -8193,7 +8193,7 @@ This node is only supported in the user context. -The SettingValue and data represent a key value pair to be configured for the app. The node represents the name of the key and the data represents the value. You can find this value in LocalSettings in the Managed. App. Settings container. +The SettingValue and data represent a key value pair to be configured for the app. The node represents the name of the key and the data represents the value. You can find this value in LocalSettings in the `Managed.App.Settings` container. @@ -9495,7 +9495,7 @@ This node is only supported in the user context. -The SettingValue and data represent a key value pair to be configured for the app. The node represents the name of the key and the data represents the value. You can find this value in LocalSettings in the Managed. App. Settings container. +The SettingValue and data represent a key value pair to be configured for the app. The node represents the name of the key and the data represents the value. You can find this value in LocalSettings in the `Managed.App.Settings` container. diff --git a/windows/client-management/mdm/personaldataencryption-csp.md b/windows/client-management/mdm/personaldataencryption-csp.md index afef3cb25e..1efd2767f5 100644 --- a/windows/client-management/mdm/personaldataencryption-csp.md +++ b/windows/client-management/mdm/personaldataencryption-csp.md @@ -1,7 +1,7 @@ --- title: Personal Data Encryption CSP description: Learn more about the Personal Data Encryption CSP. -ms.date: 01/18/2024 +ms.date: 11/27/2024 --- @@ -19,7 +19,13 @@ The following list shows the Personal Data Encryption configuration service prov - ./User/Vendor/MSFT/PDE - [EnablePersonalDataEncryption](#enablepersonaldataencryption) + - [ProtectFolders](#protectfolders) + - [ProtectDesktop](#protectfoldersprotectdesktop) + - [ProtectDocuments](#protectfoldersprotectdocuments) + - [ProtectPictures](#protectfoldersprotectpictures) - [Status](#status) + - [FolderProtectionStatus](#statusfolderprotectionstatus) + - [FoldersProtected](#statusfoldersprotected) - [PersonalDataEncryptionStatus](#statuspersonaldataencryptionstatus) @@ -72,6 +78,191 @@ The [UserDataProtectionManager Class](/uwp/api/windows.security.dataprotection.u + +## ProtectFolders + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ❌ Device
✅ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | + + + +```User +./User/Vendor/MSFT/PDE/ProtectFolders +``` + + + + + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `node` | +| Access Type | Get | + + + + + + + + + +### ProtectFolders/ProtectDesktop + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ❌ Device
✅ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | + + + +```User +./User/Vendor/MSFT/PDE/ProtectFolders/ProtectDesktop +``` + + + + +Allows the Admin to enable Personal Data Encryption on Desktop folder. Set to '1' to set this policy. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `int` | +| Access Type | Add, Delete, Get, Replace | +| Dependency [EnablePersonalDataEncryptionDependency] | Dependency Type: `DependsOn`
Dependency URI: `User/Vendor/MSFT/PDE/EnablePersonalDataEncryption`
Dependency Allowed Value: `1`
Dependency Allowed Value Type: `ENUM`
| + + + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 | Disable Personal Data Encryption on the folder. If the folder is currently protected by Personal Data Encryption, this will result in unprotecting the folder. | +| 1 | Enable Personal Data Encryption on the folder. | + + + + + + + + + +### ProtectFolders/ProtectDocuments + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ❌ Device
✅ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | + + + +```User +./User/Vendor/MSFT/PDE/ProtectFolders/ProtectDocuments +``` + + + + +Allows the Admin to enable Personal Data Encryption on Documents folder. Set to '1' to set this policy. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `int` | +| Access Type | Add, Delete, Get, Replace | +| Dependency [EnablePersonalDataEncryptionDependency] | Dependency Type: `DependsOn`
Dependency URI: `User/Vendor/MSFT/PDE/EnablePersonalDataEncryption`
Dependency Allowed Value: `1`
Dependency Allowed Value Type: `ENUM`
| + + + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 | Disable Personal Data Encryption on the folder. If the folder is currently protected by Personal Data Encryption, this will result in unprotecting the folder. | +| 1 | Enable Personal Data Encryption on the folder. | + + + + + + + + + +### ProtectFolders/ProtectPictures + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ❌ Device
✅ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | + + + +```User +./User/Vendor/MSFT/PDE/ProtectFolders/ProtectPictures +``` + + + + +Allows the Admin to enable Personal Data Encryption on Pictures folder. Set to '1' to set this policy. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `int` | +| Access Type | Add, Delete, Get, Replace | +| Dependency [EnablePersonalDataEncryptionDependency] | Dependency Type: `DependsOn`
Dependency URI: `User/Vendor/MSFT/PDE/EnablePersonalDataEncryption`
Dependency Allowed Value: `1`
Dependency Allowed Value Type: `ENUM`
| + + + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 | Disable Personal Data Encryption on the folder. If the folder is currently protected by Personal Data Encryption, this will result in unprotecting the folder. | +| 1 | Enable Personal Data Encryption on the folder. | + + + + + + + + ## Status @@ -114,6 +305,95 @@ Reports the current status of Personal Data Encryption for the user. + +### Status/FolderProtectionStatus + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ❌ Device
✅ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | + + + +```User +./User/Vendor/MSFT/PDE/Status/FolderProtectionStatus +``` + + + + +This node reports folder protection status for a user. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `int` | +| Access Type | Get | + + + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 | Protection not started. | +| 1 | Protection is completed with no failures. | +| 2 | Protection in progress. | +| 3 | Protection failed. | + + + + + + + + + +### Status/FoldersProtected + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ❌ Device
✅ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | + + + +```User +./User/Vendor/MSFT/PDE/Status/FoldersProtected +``` + + + + +This node reports all folders (full path to each folder) that have been protected. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `chr` (string) | +| Access Type | Get | + + + + + + + + ### Status/PersonalDataEncryptionStatus diff --git a/windows/client-management/mdm/personaldataencryption-ddf-file.md b/windows/client-management/mdm/personaldataencryption-ddf-file.md index 165f97507c..e59ad7a14f 100644 --- a/windows/client-management/mdm/personaldataencryption-ddf-file.md +++ b/windows/client-management/mdm/personaldataencryption-ddf-file.md @@ -1,14 +1,14 @@ --- -title: PDE DDF file -description: View the XML file containing the device description framework (DDF) for the PDE configuration service provider. -ms.date: 06/28/2024 +title: Personal Data Encryption DDF file +description: View the XML file containing the device description framework (DDF) for the Personal Data Encryption configuration service provider. +ms.date: 11/26/2024 --- -# PDE DDF file +# Personal Data Encryption DDF file -The following XML file contains the device description framework (DDF) for the PDE configuration service provider. +The following XML file contains the device description framework (DDF) for the Personal Data Encryption configuration service provider. ```xml @@ -76,6 +76,171 @@ The following XML file contains the device description framework (DDF) for the P + + ProtectFolders + + + + + + + + + + + + + + + + + + 10.0.26100 + 1.0 + + + + ProtectDocuments + + + + + + + + Allows the Admin to enable PDE on Documents folder. Set to '1' to set this policy. + + + + + + + + + + + + + + + 0 + Disable PDE on the folder. If the folder is currently protected by PDE, this will result in unprotecting the folder. + + + 1 + Enable PDE on the folder. + + + + + + User/Vendor/MSFT/PDE/EnablePersonalDataEncryption + + + 1 + Requires EnablePersonalDataEncryption to be set to 1. + + + + + + + + + ProtectDesktop + + + + + + + + Allows the Admin to enable PDE on Desktop folder. Set to '1' to set this policy. + + + + + + + + + + + + + + + 0 + Disable PDE on the folder. If the folder is currently protected by PDE, this will result in unprotecting the folder. + + + 1 + Enable PDE on the folder. + + + + + + User/Vendor/MSFT/PDE/EnablePersonalDataEncryption + + + 1 + Requires EnablePersonalDataEncryption to be set to 1. + + + + + + + + + ProtectPictures + + + + + + + + Allows the Admin to enable PDE on Pictures folder. Set to '1' to set this policy. + + + + + + + + + + + + + + + 0 + Disable PDE on the folder. If the folder is currently protected by PDE, this will result in unprotecting the folder. + + + 1 + Enable PDE on the folder. + + + + + + User/Vendor/MSFT/PDE/EnablePersonalDataEncryption + + + 1 + Requires EnablePersonalDataEncryption to be set to 1. + + + + + + + + Status @@ -116,6 +281,74 @@ The following XML file contains the device description framework (DDF) for the P + + FolderProtectionStatus + + + + + This node reports folder protection status for a user. + + + + + + + + + + + + + + 10.0.26100 + 1.0 + + + + 0 + Protection not started. + + + 1 + Protection is completed with no failures. + + + 2 + Protection in progress. + + + 3 + Protection failed. + + + + + + FoldersProtected + + + + + This node reports all folders (full path to each folder) that have been protected. + + + + + + + + + + + + + + 10.0.26100 + 1.0 + + + @@ -123,4 +356,4 @@ The following XML file contains the device description framework (DDF) for the P ## Related articles -[PDE configuration service provider reference](personaldataencryption-csp.md) +[Personal Data Encryption configuration service provider reference](personaldataencryption-csp.md) diff --git a/windows/client-management/mdm/policy-csp-admx-bits.md b/windows/client-management/mdm/policy-csp-admx-bits.md index 00b4cf5513..c31407acd6 100644 --- a/windows/client-management/mdm/policy-csp-admx-bits.md +++ b/windows/client-management/mdm/policy-csp-admx-bits.md @@ -1,7 +1,7 @@ --- title: ADMX_Bits Policy CSP description: Learn more about the ADMX_Bits Area in Policy CSP. -ms.date: 08/06/2024 +ms.date: 11/26/2024 --- @@ -348,7 +348,7 @@ This policy setting limits the network bandwidth that Background Intelligent Tra - If you enable this policy setting, you can define a separate set of network bandwidth limits and set up a schedule for the maintenance period. -You can specify a limit to use for background jobs during a maintenance schedule. For example, if normal priority jobs are currently limited to 256 Kbps on a work schedule, you can further limit the network bandwidth of normal priority jobs to 0 Kbps from 8:00 A. M. to 10:00 A. M. on a maintenance schedule. +You can specify a limit to use for background jobs during a maintenance schedule. For example, if normal priority jobs are currently limited to 256 Kbps on a work schedule, you can further limit the network bandwidth of normal priority jobs to 0 Kbps from 8:00 A.M. to 10:00 A.M. on a maintenance schedule. - If you disable or don't configure this policy setting, the limits defined for work or nonwork schedules will be used. @@ -412,7 +412,7 @@ This policy setting limits the network bandwidth that Background Intelligent Tra - If you enable this policy setting, you can set up a schedule for limiting network bandwidth during both work and nonwork hours. After the work schedule is defined, you can set the bandwidth usage limits for each of the three BITS background priority levels: high, normal, and low. -You can specify a limit to use for background jobs during a work schedule. For example, you can limit the network bandwidth of low priority jobs to 128 Kbps from 8:00 A. M. to 5:00 P. M. on Monday through Friday, and then set the limit to 512 Kbps for nonwork hours. +You can specify a limit to use for background jobs during a work schedule. For example, you can limit the network bandwidth of low priority jobs to 128 Kbps from 8:00 A.M. to 5:00 P.M. on Monday through Friday, and then set the limit to 512 Kbps for nonwork hours. - If you disable or don't configure this policy setting, BITS uses all available unused bandwidth for background job transfers. diff --git a/windows/client-management/mdm/policy-csp-admx-controlpanel.md b/windows/client-management/mdm/policy-csp-admx-controlpanel.md index b819fe73bf..db99a6aa70 100644 --- a/windows/client-management/mdm/policy-csp-admx-controlpanel.md +++ b/windows/client-management/mdm/policy-csp-admx-controlpanel.md @@ -1,7 +1,7 @@ --- title: ADMX_ControlPanel Policy CSP description: Learn more about the ADMX_ControlPanel Area in Policy CSP. -ms.date: 08/06/2024 +ms.date: 11/26/2024 --- @@ -36,7 +36,7 @@ This setting allows you to display or hide specified Control Panel items, such a If you enable this setting, you can select specific items not to display on the Control Panel window and the Start screen. -To hide a Control Panel item, enable this policy setting and click Show to access the list of disallowed Control Panel items. In the Show Contents dialog box in the Value column, enter the Control Panel item's canonical name. For example, enter Microsoft. Mouse, Microsoft. System, or Microsoft. Personalization. +To hide a Control Panel item, enable this policy setting and click Show to access the list of disallowed Control Panel items. In the Show Contents dialog box in the Value column, enter the Control Panel item's canonical name. For example, enter `Microsoft.Mouse`, `Microsoft.System`, or `Microsoft.Personalization`. > [!NOTE] > For Windows Vista, Windows Server 2008, and earlier versions of Windows, the module name should be entered, for example timedate.cpl or inetcpl.cpl. If a Control Panel item doesn't have a CPL file, or the CPL file contains multiple applets, then its module name and string resource identification number should be entered, for example @systemcpl.dll,-1 for System, or @themecpl.dll,-1 for Personalization. A complete list of canonical and module names can be found in MSDN by searching "Control Panel items". @@ -243,7 +243,7 @@ If users try to select a Control Panel item from the Properties item on a contex This policy setting controls which Control Panel items such as Mouse, System, or Personalization, are displayed on the Control Panel window and the Start screen. The only items displayed in Control Panel are those you specify in this setting. This setting affects the Start screen and Control Panel, as well as other ways to access Control Panel items such as shortcuts in Help and Support or command lines that use control.exe. This policy has no effect on items displayed in PC settings. -To display a Control Panel item, enable this policy setting and click Show to access the list of allowed Control Panel items. In the Show Contents dialog box in the Value column, enter the Control Panel item's canonical name. For example, enter Microsoft. Mouse, Microsoft. System, or Microsoft. Personalization. +To display a Control Panel item, enable this policy setting and click Show to access the list of allowed Control Panel items. In the Show Contents dialog box in the Value column, enter the Control Panel item's canonical name. For example, enter `Microsoft.Mouse`, `Microsoft.System`, or `Microsoft.Personalization`. > [!NOTE] > For Windows Vista, Windows Server 2008, and earlier versions of Windows, the module name, for example timedate.cpl or inetcpl.cpl, should be entered. If a Control Panel item doesn't have a CPL file, or the CPL file contains multiple applets, then its module name and string resource identification number should be entered. For example, enter @systemcpl.dll,-1 for System or @themecpl.dll,-1 for Personalization. A complete list of canonical and module names of Control Panel items can be found in MSDN by searching "Control Panel items". diff --git a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md index fa0478440b..3afb3d8385 100644 --- a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md +++ b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md @@ -1,7 +1,7 @@ --- title: ADMX_ControlPanelDisplay Policy CSP description: Learn more about the ADMX_ControlPanelDisplay Area in Policy CSP. -ms.date: 09/27/2024 +ms.date: 11/26/2024 --- @@ -519,7 +519,7 @@ Prevents users from changing the background image shown when the machine is lock By default, users can change the background image shown when the machine is locked or displaying the logon screen. -If you enable this setting, the user won't be able to change their lock screen and logon image, and they will instead see the default image. +If you enable this setting, the user won't be able to change their lock screen and logon image, and they'll instead see the default image. diff --git a/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md b/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md index fd3f6d2bcd..a1d1ae6ea2 100644 --- a/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md +++ b/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md @@ -1,7 +1,7 @@ --- title: ADMX_DiskDiagnostic Policy CSP description: Learn more about the ADMX_DiskDiagnostic Area in Policy CSP. -ms.date: 08/06/2024 +ms.date: 11/26/2024 --- @@ -32,7 +32,7 @@ ms.date: 08/06/2024 -This policy setting substitutes custom alert text in the disk diagnostic message shown to users when a disk reports a S. M. A. R. T. fault. +This policy setting substitutes custom alert text in the disk diagnostic message shown to users when a disk reports a S.M.A.R.T. fault. - If you enable this policy setting, Windows displays custom alert text in the disk diagnostic message. The custom text may not exceed 512 characters. @@ -97,15 +97,15 @@ This policy setting only takes effect if the Disk Diagnostic scenario policy set -This policy setting determines the execution level for S. M. A. R. T.-based disk diagnostics. +This policy setting determines the execution level for S.M.A.R.T.-based disk diagnostics. -Self-Monitoring And Reporting Technology (S. M. A. R. T). is a standard mechanism for storage devices to report faults to Windows. A disk that reports a S. M. A. R. T. fault may need to be repaired or replaced. The Diagnostic Policy Service (DPS) detects and logs S. M. A. R. T. faults to the event log when they occur. +Self-Monitoring And Reporting Technology (S.M.A.R.T). is a standard mechanism for storage devices to report faults to Windows. A disk that reports a S.M.A.R.T. fault may need to be repaired or replaced. The Diagnostic Policy Service (DPS) detects and logs S.M.A.R.T. faults to the event log when they occur. -- If you enable this policy setting, the DPS also warns users of S. M. A. R. T. faults and guides them through backup and recovery to minimize potential data loss. +- If you enable this policy setting, the DPS also warns users of S.M.A.R.T. faults and guides them through backup and recovery to minimize potential data loss. -- If you disable this policy, S. M. A. R. T. faults are still detected and logged, but no corrective action is taken. +- If you disable this policy, S.M.A.R.T. faults are still detected and logged, but no corrective action is taken. -- If you don't configure this policy setting, the DPS enables S. M. A. R. T. fault resolution by default. +- If you don't configure this policy setting, the DPS enables S.M.A.R.T. fault resolution by default. This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured. diff --git a/windows/client-management/mdm/policy-csp-admx-dnsclient.md b/windows/client-management/mdm/policy-csp-admx-dnsclient.md index dc1ec2aa56..38077183bb 100644 --- a/windows/client-management/mdm/policy-csp-admx-dnsclient.md +++ b/windows/client-management/mdm/policy-csp-admx-dnsclient.md @@ -1,7 +1,7 @@ --- title: ADMX_DnsClient Policy CSP description: Learn more about the ADMX_DnsClient Area in Policy CSP. -ms.date: 09/27/2024 +ms.date: 11/26/2024 --- @@ -602,11 +602,11 @@ You can use this policy setting to prevent users, including local administrators Specifies if the DNS client performing dynamic DNS registration will register A and PTR resource records with a concatenation of its computer name and a connection-specific DNS suffix, in addition to registering these records with a concatenation of its computer name and the primary DNS suffix. -By default, a DNS client performing dynamic DNS registration registers A and PTR resource records with a concatenation of its computer name and the primary DNS suffix. For example, a computer name of mycomputer and a primary DNS suffix of microsoft.com will be registered as: mycomputer.microsoft.com. +By default, a DNS client performing dynamic DNS registration registers A and PTR resource records with a concatenation of its computer name and the primary DNS suffix. For example, a computer name of mycomputer and a primary DNS suffix of microsoft.com will be registered as: `mycomputer.microsoft.com`. - If you enable this policy setting, the DNS client will register A and PTR resource records with its connection-specific DNS suffix, in addition to the primary DNS suffix. This applies to all network connections used by the DNS client. -For example, with a computer name of mycomputer, a primary DNS suffix of microsoft.com, and a connection specific DNS suffix of VPNconnection, the DNS client will register A and PTR resource records for mycomputer. VPNconnection and mycomputer.microsoft.com when this policy setting is enabled. +For example, with a computer name of mycomputer, a primary DNS suffix of microsoft.com, and a connection specific DNS suffix of VPNconnection, the DNS client will register A and PTR resource records for `mycomputer.VPNconnection` and `mycomputer.microsoft.com` when this policy setting is enabled. > [!IMPORTANT] > This policy setting is ignored by the DNS client if dynamic DNS registration is disabled. diff --git a/windows/client-management/mdm/policy-csp-admx-explorer.md b/windows/client-management/mdm/policy-csp-admx-explorer.md index e9a61f1c6b..ab3f86952a 100644 --- a/windows/client-management/mdm/policy-csp-admx-explorer.md +++ b/windows/client-management/mdm/policy-csp-admx-explorer.md @@ -1,7 +1,7 @@ --- title: ADMX_Explorer Policy CSP description: Learn more about the ADMX_Explorer Area in Policy CSP. -ms.date: 08/06/2024 +ms.date: 11/26/2024 --- @@ -120,7 +120,7 @@ This policy setting configures File Explorer to always display the menu bar. | Name | Value | |:--|:--| | Name | AlwaysShowClassicMenu | -| Friendly Name | Display the menu bar in File Explorer | +| Friendly Name | Display the menu bar in File Explorer | | Location | User Configuration | | Path | WindowsComponents > File Explorer | | Registry Key Name | Software\Microsoft\Windows\CurrentVersion\Policies\Explorer | diff --git a/windows/client-management/mdm/policy-csp-admx-filerevocation.md b/windows/client-management/mdm/policy-csp-admx-filerevocation.md index f62f39edaf..d75b0ff1aa 100644 --- a/windows/client-management/mdm/policy-csp-admx-filerevocation.md +++ b/windows/client-management/mdm/policy-csp-admx-filerevocation.md @@ -1,7 +1,7 @@ --- title: ADMX_FileRevocation Policy CSP description: Learn more about the ADMX_FileRevocation Area in Policy CSP. -ms.date: 08/06/2024 +ms.date: 11/26/2024 --- @@ -36,7 +36,7 @@ Windows Runtime applications can protect content which has been associated with Example value: -Contoso.com,ContosoIT. HumanResourcesApp_m5g0r7arhahqy. +`Contoso.com,ContosoIT.HumanResourcesApp_m5g0r7arhahqy` - If you enable this policy setting, the application identified by the Package Family Name will be permitted to revoke access to all content protected using the specified EID on the device. diff --git a/windows/client-management/mdm/policy-csp-admx-filesys.md b/windows/client-management/mdm/policy-csp-admx-filesys.md index 1b08f87864..7e30bbd527 100644 --- a/windows/client-management/mdm/policy-csp-admx-filesys.md +++ b/windows/client-management/mdm/policy-csp-admx-filesys.md @@ -1,7 +1,7 @@ --- title: ADMX_FileSys Policy CSP description: Learn more about the ADMX_FileSys Area in Policy CSP. -ms.date: 09/27/2024 +ms.date: 11/26/2024 --- @@ -317,7 +317,7 @@ Enabling Win32 long paths will allow manifested win32 applications and packaged These settings provide control over whether or not short names are generated during file creation. Some applications require short names for compatibility, but short names have a negative performance impact on the system. -If you enable short names on all volumes then short names will always be generated. If you disable them on all volumes then they will never be generated. If you set short name creation to be configurable on a per volume basis then an on-disk flag will determine whether or not short names are created on a given volume. If you disable short name creation on all data volumes then short names will only be generated for files created on the system volume. +If you enable short names on all volumes then short names will always be generated. If you disable them on all volumes then they'll never be generated. If you set short name creation to be configurable on a per volume basis then an on-disk flag will determine whether or not short names are created on a given volume. If you disable short name creation on all data volumes then short names will only be generated for files created on the system volume. diff --git a/windows/client-management/mdm/policy-csp-admx-globalization.md b/windows/client-management/mdm/policy-csp-admx-globalization.md index 6dc909c654..80d999ad7a 100644 --- a/windows/client-management/mdm/policy-csp-admx-globalization.md +++ b/windows/client-management/mdm/policy-csp-admx-globalization.md @@ -1,7 +1,7 @@ --- title: ADMX_Globalization Policy CSP description: Learn more about the ADMX_Globalization Area in Policy CSP. -ms.date: 08/06/2024 +ms.date: 11/26/2024 --- @@ -638,7 +638,7 @@ This policy setting is related to the "Turn off handwriting personalization" pol -This policy setting restricts the permitted system locales to the specified list. If the list is empty, it locks the system locale to its current value. This policy setting doesn't change the existing system locale; however, the next time that an administrator attempts to change the computer's system locale, they will be restricted to the specified list. +This policy setting restricts the permitted system locales to the specified list. If the list is empty, it locks the system locale to its current value. This policy setting doesn't change the existing system locale; however, the next time that an administrator attempts to change the computer's system locale, they'll be restricted to the specified list. The locale list is specified using language names, separated by a semicolon (;). For example, en-US is English (United States). Specifying "en-US;en-CA" would restrict the system locale to English (United States) and English (Canada). @@ -1097,7 +1097,7 @@ This policy setting prevents the user from customizing their locale by changing Any existing overrides in place when this policy is enabled will be frozen. To remove existing user overrides, first reset the user(s) values to the defaults and then apply this policy. -When this policy setting is enabled, users can still choose alternate locales installed on the system unless prevented by other policies, however, they will be unable to customize those choices. The user can't customize their user locale with user overrides. +When this policy setting is enabled, users can still choose alternate locales installed on the system unless prevented by other policies, however, they'll be unable to customize those choices. The user can't customize their user locale with user overrides. - If this policy setting is disabled or not configured, then the user can customize their user locale overrides. @@ -1166,7 +1166,7 @@ This policy setting prevents the user from customizing their locale by changing Any existing overrides in place when this policy is enabled will be frozen. To remove existing user overrides, first reset the user(s) values to the defaults and then apply this policy. -When this policy setting is enabled, users can still choose alternate locales installed on the system unless prevented by other policies, however, they will be unable to customize those choices. The user can't customize their user locale with user overrides. +When this policy setting is enabled, users can still choose alternate locales installed on the system unless prevented by other policies, however, they'll be unable to customize those choices. The user can't customize their user locale with user overrides. - If this policy setting is disabled or not configured, then the user can customize their user locale overrides. diff --git a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md index 2664598272..4eee3e095e 100644 --- a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md +++ b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md @@ -1,7 +1,7 @@ --- title: ADMX_MicrosoftDefenderAntivirus Policy CSP description: Learn more about the ADMX_MicrosoftDefenderAntivirus Area in Policy CSP. -ms.date: 09/27/2024 +ms.date: 11/26/2024 --- @@ -2938,7 +2938,7 @@ This policy setting allows you to manage whether or not end users can pause a sc -This policy setting allows you to configure the maximum directory depth level into which archive files such as . ZIP or . CAB are unpacked during scanning. The default directory depth level is 0. +This policy setting allows you to configure the maximum directory depth level into which archive files such as .ZIP or .CAB are unpacked during scanning. The default directory depth level is 0. - If you enable this setting, archive files will be scanned to the directory depth level specified. @@ -2997,7 +2997,7 @@ This policy setting allows you to configure the maximum directory depth level in -This policy setting allows you to configure the maximum size of archive files such as . ZIP or . CAB that will be scanned. The value represents file size in kilobytes (KB). The default value is 0 and represents no limit to archive size for scanning. +This policy setting allows you to configure the maximum size of archive files such as .ZIP or .CAB that will be scanned. The value represents file size in kilobytes (KB). The default value is 0 and represents no limit to archive size for scanning. - If you enable this setting, archive files less than or equal to the size specified will be scanned. @@ -3056,7 +3056,7 @@ This policy setting allows you to configure the maximum size of archive files su -This policy setting allows you to configure scans for malicious software and unwanted software in archive files such as . ZIP or . CAB files. +This policy setting allows you to configure scans for malicious software and unwanted software in archive files such as .ZIP or .CAB files. - If you enable or don't configure this setting, archive files will be scanned. diff --git a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md index f7467145fb..1c2b4f1df2 100644 --- a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md +++ b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md @@ -1,7 +1,7 @@ --- title: ADMX_OfflineFiles Policy CSP description: Learn more about the ADMX_OfflineFiles Area in Policy CSP. -ms.date: 08/06/2024 +ms.date: 11/26/2024 --- @@ -352,7 +352,7 @@ This setting replaces the Default Cache Size setting used by pre-Windows Vista s Determines how computers respond when they're disconnected from particular offline file servers. This setting overrides the default response, a user-specified response, and the response specified in the "Action on server disconnect" setting. -To use this setting, click Show. In the Show Contents dialog box in the Value Name column box, type the server's computer name. Then, in the Value column box, type "0" if users can work offline when they're disconnected from this server, or type "1" if they cannot. +To use this setting, click Show. In the Show Contents dialog box in the Value Name column box, type the server's computer name. Then, in the Value column box, type "0" if users can work offline when they're disconnected from this server, or type "1" if they can't. This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured for a particular server, the setting in Computer Configuration takes precedence over the setting in User Configuration. Both Computer and User configuration take precedence over a user's setting. This setting doesn't prevent users from setting custom actions through the Offline Files tab. However, users are unable to change any custom actions established via this setting. @@ -413,7 +413,7 @@ This setting appears in the Computer Configuration and User Configuration folder Determines how computers respond when they're disconnected from particular offline file servers. This setting overrides the default response, a user-specified response, and the response specified in the "Action on server disconnect" setting. -To use this setting, click Show. In the Show Contents dialog box in the Value Name column box, type the server's computer name. Then, in the Value column box, type "0" if users can work offline when they're disconnected from this server, or type "1" if they cannot. +To use this setting, click Show. In the Show Contents dialog box in the Value Name column box, type the server's computer name. Then, in the Value column box, type "0" if users can work offline when they're disconnected from this server, or type "1" if they can't. This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured for a particular server, the setting in Computer Configuration takes precedence over the setting in User Configuration. Both Computer and User configuration take precedence over a user's setting. This setting doesn't prevent users from setting custom actions through the Offline Files tab. However, users are unable to change any custom actions established via this setting. diff --git a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md index 01ba02840f..32edc6861a 100644 --- a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md +++ b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md @@ -1,7 +1,7 @@ --- title: ADMX_UserExperienceVirtualization Policy CSP description: Learn more about the ADMX_UserExperienceVirtualization Area in Policy CSP. -ms.date: 08/06/2024 +ms.date: 11/26/2024 --- @@ -7541,7 +7541,7 @@ This policy setting configures where custom settings location templates are stor - If you enable this policy setting, the UE-V Agent checks the specified location once each day and updates its synchronization behavior based on the templates in this location. Settings location templates added or updated since the last check are registered by the UE-V Agent. The UE-V Agent deregisters templates that were removed from this location. -If you specify a UNC path and leave the option to replace the default Microsoft templates unchecked, the UE-V Agent will use the default Microsoft templates installed by the UE-V Agent and custom templates in the settings template catalog. If there are custom templates in the settings template catalog which use the same ID as the default Microsoft templates, they will be ignored. +If you specify a UNC path and leave the option to replace the default Microsoft templates unchecked, the UE-V Agent will use the default Microsoft templates installed by the UE-V Agent and custom templates in the settings template catalog. If there are custom templates in the settings template catalog which use the same ID as the default Microsoft templates, they'll be ignored. If you specify a UNC path and check the option to replace the default Microsoft templates, all of the default Microsoft templates installed by the UE-V Agent will be deleted from the computer and only the templates located in the settings template catalog will be used. diff --git a/windows/client-management/mdm/policy-csp-admx-userprofiles.md b/windows/client-management/mdm/policy-csp-admx-userprofiles.md index f6d72112f3..2283c9803a 100644 --- a/windows/client-management/mdm/policy-csp-admx-userprofiles.md +++ b/windows/client-management/mdm/policy-csp-admx-userprofiles.md @@ -1,7 +1,7 @@ --- title: ADMX_UserProfiles Policy CSP description: Learn more about the ADMX_UserProfiles Area in Policy CSP. -ms.date: 08/06/2024 +ms.date: 11/26/2024 --- @@ -157,7 +157,7 @@ This policy setting controls whether Windows forcefully unloads the user's regis This policy setting determines whether the system retains a roaming user's Windows Installer and Group Policy based software installation data on their profile deletion. -By default Windows deletes all information related to a roaming user (which includes the user's settings, data, Windows Installer related data, and the like) when their profile is deleted. As a result, the next time a roaming user whose profile was previously deleted on that client logs on, they will need to reinstall all apps published via policy at logon increasing logon time. You can use this policy setting to change this behavior. +By default Windows deletes all information related to a roaming user (which includes the user's settings, data, Windows Installer related data, and the like) when their profile is deleted. As a result, the next time a roaming user whose profile was previously deleted on that client logs on, they'll need to reinstall all apps published via policy at logon increasing logon time. You can use this policy setting to change this behavior. - If you enable this policy setting, Windows won't delete Windows Installer or Group Policy software installation data for roaming users when profiles are deleted from the machine. This will improve the performance of Group Policy based Software Installation during user logon when a user profile is deleted and that user subsequently logs on to the machine. diff --git a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md index 9100a4bbb3..edcd5eab3e 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md @@ -1,7 +1,7 @@ --- title: ADMX_WindowsExplorer Policy CSP description: Learn more about the ADMX_WindowsExplorer Area in Policy CSP. -ms.date: 09/27/2024 +ms.date: 11/26/2024 --- @@ -4468,7 +4468,7 @@ Shows or hides sleep from the power options menu. -This policy setting allows up to five Libraries or Search Connectors to be pinned to the "Search again" links and the Start menu links. The "Search again" links at the bottom of the Search Results view allow the user to reconduct a search but in a different location. To add a Library or Search Connector link, specify the path of the . Library-ms or .searchConnector-ms file in the "Location" text box (for example, "C:\sampleLibrary. Library-ms" for the Documents library, or "C:\sampleSearchConnector.searchConnector-ms" for a Search Connector). The pinned link will only work if this path is valid and the location contains the specified . Library-ms or .searchConnector-ms file. +This policy setting allows up to five Libraries or Search Connectors to be pinned to the "Search again" links and the Start menu links. The "Search again" links at the bottom of the Search Results view allow the user to reconduct a search but in a different location. To add a Library or Search Connector link, specify the path of the `.Library-ms or .searchConnector-ms` file in the "Location" text box (for example, "C:\sampleLibrary.Library-ms" for the Documents library, or "C:\sampleSearchConnector.searchConnector-ms" for a Search Connector). The pinned link will only work if this path is valid and the location contains the specified `.Library-ms or .searchConnector-ms` file. You can add up to five additional links to the "Search again" links at the bottom of results returned in File Explorer after a search is executed. These links will be shared between Internet search sites and Search Connectors/Libraries. Search Connector/Library links take precedence over Internet search links. diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md index 885f96e31a..64cecc6c0c 100644 --- a/windows/client-management/mdm/policy-csp-applicationmanagement.md +++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md @@ -1,7 +1,7 @@ --- title: ApplicationManagement Policy CSP description: Learn more about the ApplicationManagement Area in Policy CSP. -ms.date: 09/27/2024 +ms.date: 11/26/2024 --- @@ -371,7 +371,7 @@ If the setting is enabled or not configured, then Recording and Broadcasting (st Manages a Windows app's ability to share data between users who have installed the app. -- If you enable this policy, a Windows app can share app data with other instances of that app. Data is shared through the SharedLocal folder. This folder is available through the Windows. Storage API. +- If you enable this policy, a Windows app can share app data with other instances of that app. Data is shared through the SharedLocal folder. This folder is available through the `Windows.Storage` API. - If you disable this policy, a Windows app can't share app data with other instances of that app. If this policy was previously enabled, any previously shared app data will remain in the SharedLocal folder. @@ -629,7 +629,7 @@ Disable turns off the launch of all apps from the Microsoft Store that came pre- | Name | Value | |:--|:--| | Name | DisableStoreApps | -| Friendly Name | Disable all apps from Microsoft Store | +| Friendly Name | Disable all apps from Microsoft Store | | Location | Computer Configuration | | Path | Windows Components > Store | | Registry Key Name | Software\Policies\Microsoft\WindowsStore | @@ -867,7 +867,7 @@ This policy setting directs Windows Installer to use elevated permissions when i Denies access to the retail catalog in the Microsoft Store, but displays the private store. -- If you enable this setting, users won't be able to view the retail catalog in the Microsoft Store, but they will be able to view apps in the private store. +- If you enable this setting, users won't be able to view the retail catalog in the Microsoft Store, but they'll be able to view apps in the private store. - If you disable or don't configure this setting, users can access the retail catalog in the Microsoft Store. diff --git a/windows/client-management/mdm/policy-csp-attachmentmanager.md b/windows/client-management/mdm/policy-csp-attachmentmanager.md index 63caf16da0..c6597902db 100644 --- a/windows/client-management/mdm/policy-csp-attachmentmanager.md +++ b/windows/client-management/mdm/policy-csp-attachmentmanager.md @@ -1,7 +1,7 @@ --- title: AttachmentManager Policy CSP description: Learn more about the AttachmentManager Area in Policy CSP. -ms.date: 01/18/2024 +ms.date: 11/26/2024 --- @@ -154,7 +154,7 @@ This policy setting allows you to manage whether users can manually remove the z -This policy setting allows you to manage the behavior for notifying registered antivirus programs. If multiple programs are registered, they will all be notified. If the registered antivirus program already performs on-access checks or scans files as they arrive on the computer's email server, additional calls would be redundant. +This policy setting allows you to manage the behavior for notifying registered antivirus programs. If multiple programs are registered, they'll all be notified. If the registered antivirus program already performs on-access checks or scans files as they arrive on the computer's email server, additional calls would be redundant. - If you enable this policy setting, Windows tells the registered antivirus program to scan the file when a user opens a file attachment. If the antivirus program fails, the attachment is blocked from being opened. diff --git a/windows/client-management/mdm/policy-csp-bits.md b/windows/client-management/mdm/policy-csp-bits.md index 01dbd07987..40fec4ce18 100644 --- a/windows/client-management/mdm/policy-csp-bits.md +++ b/windows/client-management/mdm/policy-csp-bits.md @@ -1,7 +1,7 @@ --- title: BITS Policy CSP description: Learn more about the BITS Area in Policy CSP. -ms.date: 01/18/2024 +ms.date: 11/26/2024 --- @@ -32,7 +32,7 @@ ms.date: 01/18/2024 This policy setting limits the network bandwidth that Background Intelligent Transfer Service (BITS) uses for background transfers. (This policy setting doesn't affect foreground transfers). -You can specify a limit to use during a specific time interval and at all other times. For example, limit the use of network bandwidth to 10 Kbps from 8:00 A. M. to 5:00 P. M., and use all available unused bandwidth the rest of the day's hours. +You can specify a limit to use during a specific time interval and at all other times. For example, limit the use of network bandwidth to 10 Kbps from 8:00 A.M. to 5:00 P.M., and use all available unused bandwidth the rest of the day's hours. - If you enable this policy setting, BITS will limit its bandwidth usage to the specified values. You can specify the limit in kilobits per second (Kbps). If you specify a value less than 2 kilobits, BITS will continue to use approximately 2 kilobits. To prevent BITS transfers from occurring, specify a limit of 0. @@ -98,7 +98,7 @@ Consider using this setting to prevent BITS transfers from competing for network This policy setting limits the network bandwidth that Background Intelligent Transfer Service (BITS) uses for background transfers. (This policy setting doesn't affect foreground transfers). -You can specify a limit to use during a specific time interval and at all other times. For example, limit the use of network bandwidth to 10 Kbps from 8:00 A. M. to 5:00 P. M., and use all available unused bandwidth the rest of the day's hours. +You can specify a limit to use during a specific time interval and at all other times. For example, limit the use of network bandwidth to 10 Kbps from 8:00 A.M. to 5:00 P.M., and use all available unused bandwidth the rest of the day's hours. - If you enable this policy setting, BITS will limit its bandwidth usage to the specified values. You can specify the limit in kilobits per second (Kbps). If you specify a value less than 2 kilobits, BITS will continue to use approximately 2 kilobits. To prevent BITS transfers from occurring, specify a limit of 0. @@ -164,7 +164,7 @@ Consider using this setting to prevent BITS transfers from competing for network This policy setting limits the network bandwidth that Background Intelligent Transfer Service (BITS) uses for background transfers. (This policy setting doesn't affect foreground transfers). -You can specify a limit to use during a specific time interval and at all other times. For example, limit the use of network bandwidth to 10 Kbps from 8:00 A. M. to 5:00 P. M., and use all available unused bandwidth the rest of the day's hours. +You can specify a limit to use during a specific time interval and at all other times. For example, limit the use of network bandwidth to 10 Kbps from 8:00 A.M. to 5:00 P.M., and use all available unused bandwidth the rest of the day's hours. - If you enable this policy setting, BITS will limit its bandwidth usage to the specified values. You can specify the limit in kilobits per second (Kbps). If you specify a value less than 2 kilobits, BITS will continue to use approximately 2 kilobits. To prevent BITS transfers from occurring, specify a limit of 0. diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index 2eef54311e..fc264fa2a8 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -1,7 +1,7 @@ --- title: Defender Policy CSP description: Learn more about the Defender Area in Policy CSP. -ms.date: 09/27/2024 +ms.date: 11/26/2024 --- @@ -30,7 +30,7 @@ ms.date: 09/27/2024 -This policy setting allows you to configure scans for malicious software and unwanted software in archive files such as . ZIP or . CAB files. +This policy setting allows you to configure scans for malicious software and unwanted software in archive files such as .ZIP or .CAB files. - If you enable or don't configure this setting, archive files will be scanned. diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md index bfcf5c6f27..5cb73b8c77 100644 --- a/windows/client-management/mdm/policy-csp-internetexplorer.md +++ b/windows/client-management/mdm/policy-csp-internetexplorer.md @@ -1,7 +1,7 @@ --- title: InternetExplorer Policy CSP description: Learn more about the InternetExplorer Area in Policy CSP. -ms.date: 09/27/2024 +ms.date: 11/26/2024 --- @@ -2472,11 +2472,11 @@ This policy setting determines whether Internet Explorer requires that all file- -This setting determines whether IE automatically downloads updated versions of Microsoft's VersionList. XML. IE uses this file to determine whether an ActiveX control should be stopped from loading. +This setting determines whether IE automatically downloads updated versions of Microsoft's VersionList.XML. IE uses this file to determine whether an ActiveX control should be stopped from loading. -- If you enable this setting, IE stops downloading updated versions of VersionList. XML. Turning off this automatic download breaks the out-of-date ActiveX control blocking feature by not letting the version list update with newly outdated controls, potentially compromising the security of your computer. +- If you enable this setting, IE stops downloading updated versions of VersionList.XML. Turning off this automatic download breaks the out-of-date ActiveX control blocking feature by not letting the version list update with newly outdated controls, potentially compromising the security of your computer. -- If you disable or don't configure this setting, IE continues to download updated versions of VersionList. XML. +- If you disable or don't configure this setting, IE continues to download updated versions of VersionList.XML. For more information, see "Out-of-date ActiveX control blocking" in the Internet Explorer TechNet library. @@ -4429,7 +4429,7 @@ This policy setting allows you to manage a list of domains on which Internet Exp - If you enable this policy setting, you can enter a custom list of domains for which outdated ActiveX controls won't be blocked in Internet Explorer. Each domain entry must be formatted like one of the following: -1. "domain.name. TLD". For example, if you want to include *.contoso.com/*, use "contoso.com" +1. "domain.name.TLD". For example, if you want to include *.contoso.com/*, use "contoso.com" 2. "hostname". For example, if you want to include https://example, use "example". 3. "file:///path/filename.htm". For example, use "file:///C:/Users/contoso/Desktop/index.htm". @@ -5272,7 +5272,7 @@ This policy setting allows you to manage the loading of Extensible Application M -This policy setting allows you to manage whether . NET Framework components that aren't signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. +This policy setting allows you to manage whether .NET Framework components that aren't signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. - If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. @@ -6825,7 +6825,7 @@ This policy setting allows you to manage the opening of windows and frames and a -This policy setting allows you to manage whether . NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. +This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. - If you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components. @@ -7337,7 +7337,7 @@ This policy setting allows you to manage whether Web sites from less privileged -This policy setting allows you to manage whether . NET Framework components that aren't signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. +This policy setting allows you to manage whether .NET Framework components that aren't signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. - If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. @@ -8410,7 +8410,7 @@ This policy setting allows you to manage whether Web sites from less privileged -This policy setting allows you to manage whether . NET Framework components that aren't signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. +This policy setting allows you to manage whether .NET Framework components that aren't signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. - If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. @@ -9325,7 +9325,7 @@ This policy setting allows you to manage whether Web sites from less privileged -This policy setting allows you to manage whether . NET Framework components that aren't signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. +This policy setting allows you to manage whether .NET Framework components that aren't signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. - If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. @@ -10174,7 +10174,7 @@ This policy setting allows you to manage whether Web sites from less privileged -This policy setting allows you to manage whether . NET Framework components that aren't signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. +This policy setting allows you to manage whether .NET Framework components that aren't signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. - If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. @@ -10883,7 +10883,7 @@ This policy setting allows you to manage whether Web sites from less privileged -This policy setting allows you to manage whether . NET Framework components that aren't signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. +This policy setting allows you to manage whether .NET Framework components that aren't signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. - If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. @@ -11662,7 +11662,7 @@ This policy setting allows you to manage whether Web sites from less privileged -This policy setting allows you to manage whether . NET Framework components that aren't signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. +This policy setting allows you to manage whether .NET Framework components that aren't signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. - If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. @@ -12441,7 +12441,7 @@ This policy setting allows you to manage whether Web sites from less privileged -This policy setting allows you to manage whether . NET Framework components that aren't signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. +This policy setting allows you to manage whether .NET Framework components that aren't signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. - If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. @@ -13373,7 +13373,7 @@ For more information, see "Outdated ActiveX Controls" in the Internet Explorer T | Name | Value | |:--|:--| | Name | VerMgmtDisableRunThisTime | -| Friendly Name | Remove "Run this time" button for outdated ActiveX controls in Internet Explorer | +| Friendly Name | Remove "Run this time" button for outdated ActiveX controls in Internet Explorer | | Location | Computer and User Configuration | | Path | Windows Components > Internet Explorer > Security Features > Add-on Management | | Registry Key Name | Software\Microsoft\Windows\CurrentVersion\Policies\Ext | @@ -14307,7 +14307,7 @@ This policy setting allows you to manage whether a user's browser can be redirec -This policy setting allows you to manage whether . NET Framework components that aren't signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. +This policy setting allows you to manage whether .NET Framework components that aren't signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. - If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. @@ -15862,7 +15862,7 @@ If you selected Prompt in the drop-down box, users are asked to choose whether t -This policy setting allows you to manage whether . NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. +This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. - If you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components. @@ -16472,7 +16472,7 @@ Also, see the "Security zones: Don't allow users to change policies" policy. | Name | Value | |:--|:--| | Name | Security_HKLM_only | -| Friendly Name | Security Zones: Use only machine settings | +| Friendly Name | Security Zones: Use only machine settings | | Location | Computer Configuration | | Path | Windows Components > Internet Explorer | | Registry Key Name | Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings | @@ -16981,7 +16981,7 @@ This policy setting allows you to manage whether Web sites from less privileged -This policy setting allows you to manage whether . NET Framework components that aren't signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. +This policy setting allows you to manage whether .NET Framework components that aren't signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. - If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md index d2ccb8d7eb..c2b7e4d9b0 100644 --- a/windows/client-management/mdm/policy-csp-mixedreality.md +++ b/windows/client-management/mdm/policy-csp-mixedreality.md @@ -1,7 +1,7 @@ --- title: MixedReality Policy CSP description: Learn more about the MixedReality Area in Policy CSP. -ms.date: 09/11/2024 +ms.date: 11/26/2024 --- @@ -139,7 +139,7 @@ This opt-in policy can help with the setup of new devices in new areas or new us -By default, launching applications via Launcher API (Launcher Class (Windows. System) - Windows UWP applications | Microsoft Docs) is disabled in single app kiosk mode. To enable applications to launch in single app kiosk mode on HoloLens devices, set the policy value to true. +By default, launching applications via Launcher API is disabled in single app kiosk mode. To enable applications to launch in single app kiosk mode on HoloLens devices, set the policy value to true. diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md index a3d59bef8b..898fb3e01b 100644 --- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md +++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md @@ -1,7 +1,7 @@ --- title: RemoteDesktopServices Policy CSP description: Learn more about the RemoteDesktopServices Area in Policy CSP. -ms.date: 11/05/2024 +ms.date: 11/26/2024 --- @@ -197,7 +197,7 @@ This policy applies only when using legacy authentication to authenticate to the | Name | Value | |:--|:--| | Name | TS_DISCONNECT_ON_LOCK_POLICY | -| Friendly Name | Disconnect remote session on lock for legacy authentication | +| Friendly Name | Disconnect remote session on lock for legacy authentication | | Location | Computer Configuration | | Path | Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security | | Registry Key Name | SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services | diff --git a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md index 1def7d700f..53395cdd0b 100644 --- a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md +++ b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md @@ -1,7 +1,7 @@ --- title: RemoteProcedureCall Policy CSP description: Learn more about the RemoteProcedureCall Area in Policy CSP. -ms.date: 01/18/2024 +ms.date: 11/26/2024 --- @@ -105,11 +105,11 @@ This policy setting impacts all RPC applications. In a domain environment this p This policy setting controls whether RPC clients authenticate with the Endpoint Mapper Service when the call they're making contains authentication information. The Endpoint Mapper Service on computers running Windows NT4 (all service packs) can't process authentication information supplied in this manner. -- If you disable this policy setting, RPC clients won't authenticate to the Endpoint Mapper Service, but they will be able to communicate with the Endpoint Mapper Service on Windows NT4 Server. +- If you disable this policy setting, RPC clients won't authenticate to the Endpoint Mapper Service, but they'll be able to communicate with the Endpoint Mapper Service on Windows NT4 Server. - If you enable this policy setting, RPC clients will authenticate to the Endpoint Mapper Service for calls that contain authentication information. Clients making such calls won't be able to communicate with the Windows NT4 Server Endpoint Mapper Service. -- If you don't configure this policy setting, it remains disabled. RPC clients won't authenticate to the Endpoint Mapper Service, but they will be able to communicate with the Windows NT4 Server Endpoint Mapper Service. +- If you don't configure this policy setting, it remains disabled. RPC clients won't authenticate to the Endpoint Mapper Service, but they'll be able to communicate with the Windows NT4 Server Endpoint Mapper Service. > [!NOTE] > This policy won't be applied until the system is rebooted. diff --git a/windows/client-management/mdm/policy-csp-webthreatdefense.md b/windows/client-management/mdm/policy-csp-webthreatdefense.md index 96d9296b8a..08d092b065 100644 --- a/windows/client-management/mdm/policy-csp-webthreatdefense.md +++ b/windows/client-management/mdm/policy-csp-webthreatdefense.md @@ -1,7 +1,7 @@ --- title: WebThreatDefense Policy CSP description: Learn more about the WebThreatDefense Area in Policy CSP. -ms.date: 09/27/2024 +ms.date: 11/26/2024 --- @@ -308,7 +308,7 @@ This policy setting determines whether Enhanced Phishing Protection in Microsoft - If you disable this policy setting, Enhanced Phishing Protection in Microsoft Defender SmartScreen is off and it won't capture events, send telemetry, or notify users. Additionally, your users are unable to turn it on. -- If you don't configure this setting, users can decide whether or not they will enable Enhanced Phishing Protection in Microsoft Defender SmartScreen. +- If you don't configure this setting, users can decide whether or not they'll enable Enhanced Phishing Protection in Microsoft Defender SmartScreen. diff --git a/windows/client-management/mdm/policy-csp-windowsai.md b/windows/client-management/mdm/policy-csp-windowsai.md index 5db33c8daf..00873e6e1c 100644 --- a/windows/client-management/mdm/policy-csp-windowsai.md +++ b/windows/client-management/mdm/policy-csp-windowsai.md @@ -1,7 +1,7 @@ --- title: WindowsAI Policy CSP description: Learn more about the WindowsAI Area in Policy CSP. -ms.date: 11/22/2024 +ms.date: 11/26/2024 --- @@ -38,7 +38,7 @@ This policy setting allows you to determine whether the Recall optional componen - If this policy is disabled, the Recall component will be in disabled state and the bits for Recall will be removed from the device. If snapshots were previously saved on the device, they'll be deleted when this policy is disabled. Removing Recall requires a device restart. -- If the policy is enabled, end users will have Recall available on their device. Depending on the state of the DisableAIDataAnalysis policy (Turn off saving snapshots for use with Recall), end users are able to choose if they want to save snapshots of their screen and use Recall to find things they've seen on their device. +- If the policy is enabled, end users will have Recall available on their device. Depending on the state of the DisableAIDataAnalysis policy (Turn off saving snapshots for use with Recall), end users will be able to choose if they want to save snapshots of their screen and use Recall to find things they've seen on their device. @@ -360,7 +360,7 @@ This policy setting determines which app opens when the user presses the Copilot This policy allows you to define a list of apps that won't be included in snapshots for Recall. -Users are able to add additional applications to exclude from snapshots using Recall settings. +Users will be able to add additional applications to exclude from snapshots using Recall settings. The list can include Application User Model IDs (AUMID) or name of the executable file. @@ -429,7 +429,7 @@ For example: `code.exe;Microsoft.WindowsNotepad_8wekyb3d8bbwe!App;ms-teams.exe` This policy setting lets you define a list of URIs that won't be included in snapshots for Recall when a supported browser is used. People within your organization can use Recall settings to add more websites to the list. Define the list using a semicolon to separate URIs. -For example: `https://www.Contoso.com;https://www.WoodgroveBank.com;https://www.Adatum.com`. +For example: `https://www.Contoso.com;https://www.WoodgroveBank.com;https://www.Adatum.com` Adding `https://www.WoodgroveBank.com` to the list would also filter `https://Account.WoodgroveBank.com` and `https://www.WoodgroveBank.com/Account`. @@ -646,7 +646,7 @@ This policy setting allows you to turn off Windows Copilot. - If you enable this policy setting, users won't be able to use Copilot. The Copilot icon won't appear on the taskbar either. -- If you disable or don't configure this policy setting, users are able to use Copilot when it's available to them. +- If you disable or don't configure this policy setting, users will be able to use Copilot when it's available to them. diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md index c7a7fe256c..64a1352741 100644 --- a/windows/client-management/mdm/policy-csp-windowslogon.md +++ b/windows/client-management/mdm/policy-csp-windowslogon.md @@ -1,7 +1,7 @@ --- title: WindowsLogon Policy CSP description: Learn more about the WindowsLogon Area in Policy CSP. -ms.date: 09/27/2024 +ms.date: 11/26/2024 --- @@ -349,7 +349,7 @@ This policy setting allows you to control whether users see the first sign-in an | Name | Value | |:--|:--| | Name | EnableFirstLogonAnimation | -| Friendly Name | Show first sign-in animation | +| Friendly Name | Show first sign-in animation | | Location | Computer Configuration | | Path | System > Logon | | Registry Key Name | Software\Microsoft\Windows\CurrentVersion\Policies\System | diff --git a/windows/client-management/mdm/supl-csp.md b/windows/client-management/mdm/supl-csp.md index 3793140f08..687edec2d2 100644 --- a/windows/client-management/mdm/supl-csp.md +++ b/windows/client-management/mdm/supl-csp.md @@ -1,7 +1,7 @@ --- title: SUPL CSP description: Learn more about the SUPL CSP. -ms.date: 01/18/2024 +ms.date: 11/27/2024 --- @@ -289,7 +289,7 @@ Required. The AppID for SUPL is automatically set to "ap0004". This is a read-on -Optional. Determines the full version (X. Y. Z where X, Y and Z are major version, minor version, service indicator, respectively) of the SUPL protocol to use. The default is 1.0.0. If FullVersion is defined, Version field is ignored. +Optional. Determines the full version (`X.Y.Z` where X, Y and Z are major version, minor version, service indicator, respectively) of the SUPL protocol to use. The default is 1.0.0. If FullVersion is defined, Version field is ignored. From 609048f7c01ff8f64535845876c8e4fd77fab193 Mon Sep 17 00:00:00 2001 From: "Vinay Pamnani (from Dev Box)" Date: Wed, 27 Nov 2024 12:20:26 -0700 Subject: [PATCH 020/123] December CSP Updates --- windows/client-management/mdm/defender-csp.md | 8 +- windows/client-management/mdm/defender-ddf.md | 8 +- ...-in-policy-csp-supported-by-surface-hub.md | 4 +- .../mdm/policies-in-preview.md | 15 ++- .../mdm/policy-csp-display.md | 66 +++++++++- .../mdm/policy-csp-newsandinterests.md | 62 ++++++++- .../client-management/mdm/policy-csp-start.md | 118 +++++++++++++++++- .../client-management/mdm/policy-csp-sudo.md | 4 +- .../mdm/policy-csp-update.md | 8 +- .../mdm/policy-csp-windowsai.md | 71 ++++++++++- .../mdm/policy-csp-windowssandbox.md | 94 +++++++++++--- 11 files changed, 417 insertions(+), 41 deletions(-) diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md index 9841e9f442..ac0fd65b21 100644 --- a/windows/client-management/mdm/defender-csp.md +++ b/windows/client-management/mdm/defender-csp.md @@ -1,7 +1,7 @@ --- title: Defender CSP description: Learn more about the Defender CSP. -ms.date: 09/27/2024 +ms.date: 11/27/2024 --- @@ -3775,9 +3775,9 @@ Enable this policy to specify when devices receive Microsoft Defender security i | Value | Description | |:--|:--| -| 0 (Default) | Not configured (Default). The device will stay up to date automatically during the gradual release cycle. Suitable for most devices. | -| 4 | Current Channel (Staged): Devices will be offered updates after the release cycle. Suggested to apply to a small, representative part of production population (~10%). | -| 5 | Current Channel (Broad): Devices will be offered updates only after the gradual release cycle completes. Suggested to apply to a broad set of devices in your production population (~10-100%). | +| 0 (Default) | Not configured (Default). Microsoft will either assign the device to Current Channel (Broad) or a beta channel early in the gradual release cycle. The channel selected by Microsoft might be one that receives updates early during the gradual release cycle, which may not be suitable for devices in a production or critical environment. | +| 4 | Current Channel (Staged): Same as Current Channel (Broad). | +| 5 | Current Channel (Broad): Devices will be offered updates only after the gradual release cycle completes. Suggested to apply to a broad set of devices in all populations, including production. | diff --git a/windows/client-management/mdm/defender-ddf.md b/windows/client-management/mdm/defender-ddf.md index 2055d5bdf0..1e199886e7 100644 --- a/windows/client-management/mdm/defender-ddf.md +++ b/windows/client-management/mdm/defender-ddf.md @@ -1,7 +1,7 @@ --- title: Defender DDF file description: View the XML file containing the device description framework (DDF) for the Defender configuration service provider. -ms.date: 09/27/2024 +ms.date: 11/27/2024 --- @@ -1627,15 +1627,15 @@ The following XML file contains the device description framework (DDF) for the D 0 - Not configured (Default). The device will stay up to date automatically during the gradual release cycle. Suitable for most devices. + Not configured (Default). Microsoft will either assign the device to Current Channel (Broad) or a beta channel early in the gradual release cycle. The channel selected by Microsoft might be one that receives updates early during the gradual release cycle, which may not be suitable for devices in a production or critical environment 4 - Current Channel (Staged): Devices will be offered updates after the release cycle. Suggested to apply to a small, representative part of production population (~10%). + Current Channel (Staged): Same as Current Channel (Broad). 5 - Current Channel (Broad): Devices will be offered updates only after the gradual release cycle completes. Suggested to apply to a broad set of devices in your production population (~10-100%). + Current Channel (Broad): Devices will be offered updates only after the gradual release cycle completes. Suggested to apply to a broad set of devices in all populations, including production. diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md index ea1f4f9b24..057bf0381f 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md @@ -1,7 +1,7 @@ --- title: Policies supported by Windows 10 Team description: Learn about the policies supported by Windows 10 Team. -ms.date: 11/05/2024 +ms.date: 11/27/2024 --- @@ -382,8 +382,10 @@ This article lists the policies that are applicable for the Surface Hub operatin ## Start +- [AlwaysShowNotificationIcon](policy-csp-start.md#alwaysshownotificationicon) - [HideRecommendedPersonalizedSites](policy-csp-start.md#hiderecommendedpersonalizedsites) - [StartLayout](policy-csp-start.md#startlayout) +- [TurnOffAbbreviatedDateTimeFormat](policy-csp-start.md#turnoffabbreviateddatetimeformat) ## System diff --git a/windows/client-management/mdm/policies-in-preview.md b/windows/client-management/mdm/policies-in-preview.md index 34a182dd13..0e4249d643 100644 --- a/windows/client-management/mdm/policies-in-preview.md +++ b/windows/client-management/mdm/policies-in-preview.md @@ -1,7 +1,7 @@ --- title: Configuration service provider preview policies description: Learn more about configuration service provider (CSP) policies that are available for Windows Insider Preview. -ms.date: 11/22/2024 +ms.date: 11/27/2024 --- @@ -62,6 +62,7 @@ This article lists the policies that are applicable for Windows Insider Preview ## Display - [ConfigureMultipleDisplayMode](policy-csp-display.md#configuremultipledisplaymode) +- [SetClonePreferredResolutionSource](policy-csp-display.md#setclonepreferredresolutionsource) ## DMClient CSP @@ -106,6 +107,10 @@ This article lists the policies that are applicable for Windows Insider Preview - [ConfigureDeviceStandbyAction](policy-csp-mixedreality.md#configuredevicestandbyaction) - [ConfigureDeviceStandbyActionTimeout](policy-csp-mixedreality.md#configuredevicestandbyactiontimeout) +## NewsAndInterests + +- [DisableWidgetsOnLockScreen](policy-csp-newsandinterests.md#disablewidgetsonlockscreen) + ## PassportForWork CSP - [DisablePostLogonProvisioning](passportforwork-csp.md#devicetenantidpoliciesdisablepostlogonprovisioning) @@ -118,6 +123,11 @@ This article lists the policies that are applicable for Windows Insider Preview - [TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME](policy-csp-remotedesktopservices.md#ts_server_remoteapp_use_shellappruntime) +## Start + +- [AlwaysShowNotificationIcon](policy-csp-start.md#alwaysshownotificationicon) +- [TurnOffAbbreviatedDateTimeFormat](policy-csp-start.md#turnoffabbreviateddatetimeformat) + ## SurfaceHub CSP - [ExchangeModernAuthEnabled](surfacehub-csp.md#deviceaccountexchangemodernauthenabled) @@ -137,14 +147,13 @@ This article lists the policies that are applicable for Windows Insider Preview ## WindowsAI -- [DisableAIDataAnalysis](policy-csp-windowsai.md#disableaidataanalysis) -- [SetCopilotHardwareKey](policy-csp-windowsai.md#setcopilothardwarekey) - [SetDenyAppListForRecall](policy-csp-windowsai.md#setdenyapplistforrecall) - [SetDenyUriListForRecall](policy-csp-windowsai.md#setdenyurilistforrecall) - [SetMaximumStorageSpaceForRecallSnapshots](policy-csp-windowsai.md#setmaximumstoragespaceforrecallsnapshots) - [SetMaximumStorageDurationForRecallSnapshots](policy-csp-windowsai.md#setmaximumstoragedurationforrecallsnapshots) - [DisableImageCreator](policy-csp-windowsai.md#disableimagecreator) - [DisableCocreator](policy-csp-windowsai.md#disablecocreator) +- [DisableGenerativeFill](policy-csp-windowsai.md#disablegenerativefill) - [AllowRecallEnablement](policy-csp-windowsai.md#allowrecallenablement) ## WindowsLicensing CSP diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md index 01753099d8..52da6d75c4 100644 --- a/windows/client-management/mdm/policy-csp-display.md +++ b/windows/client-management/mdm/policy-csp-display.md @@ -1,7 +1,7 @@ --- title: Display Policy CSP description: Learn more about the Display Area in Policy CSP. -ms.date: 11/05/2024 +ms.date: 11/27/2024 --- @@ -32,7 +32,7 @@ ms.date: 11/05/2024 -This policy set the default display to set the arrangement between cloning or extending. +This policy sets the default display arrangement to pick between clone or extend. @@ -66,7 +66,7 @@ This policy set the default display to set the arrangement between cloning or ex |:--|:--| | Name | ConfigureMultipleDisplayMode | | Path | Display > AT > System > DisplayCat | -| Element Name | ConfigureMultipleDisplayModePrompt | +| Element Name | DisplayConfigureMultipleDisplayModeSettings | @@ -298,6 +298,66 @@ Enabling this setting lets you specify the system-wide default for desktop appli + +## SetClonePreferredResolutionSource + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | + + + +```Device +./Device/Vendor/MSFT/Policy/Config/Display/SetClonePreferredResolutionSource +``` + + + + +This policy sets the cloned monitor preferred resolution source to an internal or external monitor by default. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `int` | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 1 | + + + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 | Default. | +| 1 (Default) | Internal. | +| 2 | External. | + + + +**Group policy mapping**: + +| Name | Value | +|:--|:--| +| Name | SetClonePreferredResolutionSource | +| Path | Display > AT > System > DisplayCat | +| Element Name | DisplaySetClonePreferredResolutionSourceSettings | + + + + + + + + ## TurnOffGdiDPIScalingForApps diff --git a/windows/client-management/mdm/policy-csp-newsandinterests.md b/windows/client-management/mdm/policy-csp-newsandinterests.md index 16fabdc822..df2f909bd6 100644 --- a/windows/client-management/mdm/policy-csp-newsandinterests.md +++ b/windows/client-management/mdm/policy-csp-newsandinterests.md @@ -1,7 +1,7 @@ --- title: NewsAndInterests Policy CSP description: Learn more about the NewsAndInterests Area in Policy CSP. -ms.date: 01/18/2024 +ms.date: 11/27/2024 --- @@ -9,6 +9,8 @@ ms.date: 01/18/2024 # Policy CSP - NewsAndInterests +[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] + @@ -82,6 +84,64 @@ This policy applies to the entire widgets experience, including content on the t + +## DisableWidgetsOnLockScreen + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | + + + +```Device +./Device/Vendor/MSFT/Policy/Config/NewsAndInterests/DisableWidgetsOnLockScreen +``` + + + + +Disable widgets on lock screen. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `int` | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 0 | + + + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 (Default) | Enabled. | +| 1 | Disabled. | + + + +**Group policy mapping**: + +| Name | Value | +|:--|:--| +| Name | DisableWidgetsOnLockScreen | +| Path | NewsAndInterests > AT > WindowsComponents > NewsAndInterests | + + + + + + + + diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md index 418199d466..bd79220cf2 100644 --- a/windows/client-management/mdm/policy-csp-start.md +++ b/windows/client-management/mdm/policy-csp-start.md @@ -1,7 +1,7 @@ --- title: Start Policy CSP description: Learn more about the Start Area in Policy CSP. -ms.date: 08/06/2024 +ms.date: 11/27/2024 --- @@ -9,6 +9,8 @@ ms.date: 08/06/2024 # Policy CSP - Start +[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] + @@ -513,6 +515,63 @@ This policy controls the visibility of the Videos shortcut on the Start menu. Th + +## AlwaysShowNotificationIcon + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | + + + +```User +./User/Vendor/MSFT/Policy/Config/Start/AlwaysShowNotificationIcon +``` + + + + + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `int` | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 0 | + + + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 (Default) | Auto-hide notification bell icon. | +| 1 | Show notification bell icon. | + + + +**Group policy mapping**: + +| Name | Value | +|:--|:--| +| Name | AlwaysShowNotificationIcon | +| Path | Taskbar > AT > StartMenu | + + + + + + + + ## ConfigureStartPins @@ -2247,6 +2306,63 @@ For more information on how to customize the Start layout, see [Customize the St + +## TurnOffAbbreviatedDateTimeFormat + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | + + + +```User +./User/Vendor/MSFT/Policy/Config/Start/TurnOffAbbreviatedDateTimeFormat +``` + + + + + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `int` | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 0 | + + + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 (Default) | Show abbreviated time and date format. | +| 1 | Show classic time and date format. | + + + +**Group policy mapping**: + +| Name | Value | +|:--|:--| +| Name | TurnOffAbbreviatedDateTimeFormat | +| Path | Taskbar > AT > StartMenu | + + + + + + + + diff --git a/windows/client-management/mdm/policy-csp-sudo.md b/windows/client-management/mdm/policy-csp-sudo.md index dbcd21af22..796c69e84b 100644 --- a/windows/client-management/mdm/policy-csp-sudo.md +++ b/windows/client-management/mdm/policy-csp-sudo.md @@ -1,7 +1,7 @@ --- title: Sudo Policy CSP description: Learn more about the Sudo Area in Policy CSP. -ms.date: 09/27/2024 +ms.date: 11/27/2024 --- @@ -19,7 +19,7 @@ ms.date: 09/27/2024 | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index a77f87712f..19a069926b 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -1,7 +1,7 @@ --- title: Update Policy CSP description: Learn more about the Update Area in Policy CSP. -ms.date: 09/27/2024 +ms.date: 11/27/2024 --- @@ -2522,7 +2522,7 @@ Minimum number of days from update installation until restarts occur automatical | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -2601,7 +2601,7 @@ This policy will override the following policies: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -3237,7 +3237,7 @@ These policies are not exclusive and can be used in any combination. Together wi - the IT admin to schedule the time of the update installation. The data type is a integer. Supported values are 0-23, where 0 = 12 AM and 23 = 11 PM. The default value is 3. +Enables the IT admin to schedule the time of the update installation. The data type is a integer. Supported values are 0-23, where 0 = 12 AM and 23 = 11 PM. The default value is 3. diff --git a/windows/client-management/mdm/policy-csp-windowsai.md b/windows/client-management/mdm/policy-csp-windowsai.md index 00873e6e1c..6b2b257fbe 100644 --- a/windows/client-management/mdm/policy-csp-windowsai.md +++ b/windows/client-management/mdm/policy-csp-windowsai.md @@ -1,7 +1,7 @@ --- title: WindowsAI Policy CSP description: Learn more about the WindowsAI Area in Policy CSP. -ms.date: 11/26/2024 +ms.date: 11/27/2024 --- @@ -90,7 +90,7 @@ This policy setting allows you to determine whether the Recall optional componen | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -219,6 +219,68 @@ This policy setting allows you to control whether Cocreator functionality is dis + +## DisableGenerativeFill + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | + + + +```Device +./Device/Vendor/MSFT/Policy/Config/WindowsAI/DisableGenerativeFill +``` + + + + +This policy setting allows you to control whether generative fill functionality is disabled in the Windows Paint app. + +- If this policy is enabled, generative fill functionality won't be accessible in the Paint app. + +- If this policy is disabled or not configured, users will be able to access generative fill functionality. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `int` | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 0 | + + + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 (Default) | Generative fill is enabled. | +| 1 | Generative fill is disabled. | + + + +**Group policy mapping**: + +| Name | Value | +|:--|:--| +| Name | DisableGenerativeFill | +| Path | WindowsAI > AT > WindowsComponents > Paint | + + + + + + + + ## DisableImageCreator @@ -287,7 +349,7 @@ This policy setting allows you to control whether Image Creator functionality is | Scope | Editions | Applicable OS | |:--|:--|:--| -| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5044380](https://support.microsoft.com/help/5044380) [10.0.22621.4391] and later | @@ -628,6 +690,9 @@ When this setting isn't configured, the OS configures the storage allocation for ## TurnOffWindowsCopilot +> [!NOTE] +> This policy is deprecated and may be removed in a future release. + | Scope | Editions | Applicable OS | |:--|:--|:--| diff --git a/windows/client-management/mdm/policy-csp-windowssandbox.md b/windows/client-management/mdm/policy-csp-windowssandbox.md index a22172669f..3c26ac2f1a 100644 --- a/windows/client-management/mdm/policy-csp-windowssandbox.md +++ b/windows/client-management/mdm/policy-csp-windowssandbox.md @@ -1,7 +1,7 @@ --- title: WindowsSandbox Policy CSP description: Learn more about the WindowsSandbox Area in Policy CSP. -ms.date: 09/27/2024 +ms.date: 11/27/2024 --- @@ -19,7 +19,7 @@ ms.date: 09/27/2024 | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.4950] and later
✅ Windows 10, version 20H2 [10.0.19042.4950] and later
✅ Windows 10, version 21H1 [10.0.19043.4950] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -54,10 +54,18 @@ Note that there may be security implications of exposing host audio input to the |:--|:--| | Format | `int` | | Access Type | Add, Delete, Get, Replace | -| Allowed Values | Range: `[0-1]` | | Default Value | 1 | + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 | Not allowed. | +| 1 (Default) | Allowed. | + + **Group policy mapping**: @@ -84,7 +92,7 @@ Note that there may be security implications of exposing host audio input to the | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.4950] and later
✅ Windows 10, version 20H2 [10.0.19042.4950] and later
✅ Windows 10, version 21H1 [10.0.19043.4950] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -117,10 +125,18 @@ This policy setting enables or disables clipboard sharing with the sandbox. |:--|:--| | Format | `int` | | Access Type | Add, Delete, Get, Replace | -| Allowed Values | Range: `[0-1]` | | Default Value | 1 | + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 | Not allowed. | +| 1 (Default) | Allowed. | + + **Group policy mapping**: @@ -182,10 +198,18 @@ Note that there may be security implications of exposing folders from the host i |:--|:--| | Format | `int` | | Access Type | Add, Delete, Get, Replace | -| Allowed Values | Range: `[0-1]` | | Default Value | 1 | + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 | Not allowed. | +| 1 (Default) | Allowed. | + + **Group policy mapping**: @@ -212,7 +236,7 @@ Note that there may be security implications of exposing folders from the host i | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.4950] and later
✅ Windows 10, version 20H2 [10.0.19042.4950] and later
✅ Windows 10, version 21H1 [10.0.19043.4950] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -247,10 +271,18 @@ Note that enabling networking can expose untrusted applications to the internal |:--|:--| | Format | `int` | | Access Type | Add, Delete, Get, Replace | -| Allowed Values | Range: `[0-1]` | | Default Value | 1 | + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 | Not allowed. | +| 1 (Default) | Allowed. | + + **Group policy mapping**: @@ -277,7 +309,7 @@ Note that enabling networking can expose untrusted applications to the internal | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.4950] and later
✅ Windows 10, version 20H2 [10.0.19042.4950] and later
✅ Windows 10, version 21H1 [10.0.19043.4950] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -310,10 +342,18 @@ This policy setting enables or disables printer sharing from the host into the S |:--|:--| | Format | `int` | | Access Type | Add, Delete, Get, Replace | -| Allowed Values | Range: `[0-1]` | | Default Value | 1 | + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 | Not allowed. | +| 1 (Default) | Allowed. | + + **Group policy mapping**: @@ -340,7 +380,7 @@ This policy setting enables or disables printer sharing from the host into the S | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.4950] and later
✅ Windows 10, version 20H2 [10.0.19042.4950] and later
✅ Windows 10, version 21H1 [10.0.19043.4950] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -375,10 +415,18 @@ Note that enabling virtualized GPU can potentially increase the attack surface o |:--|:--| | Format | `int` | | Access Type | Add, Delete, Get, Replace | -| Allowed Values | Range: `[0-1]` | | Default Value | 1 | + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 | Not allowed. | +| 1 (Default) | Allowed. | + + **Group policy mapping**: @@ -405,7 +453,7 @@ Note that enabling virtualized GPU can potentially increase the attack surface o | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.4950] and later
✅ Windows 10, version 20H2 [10.0.19042.4950] and later
✅ Windows 10, version 21H1 [10.0.19043.4950] and later
✅ Windows 11, version 21H2 [10.0.22000] and later | @@ -440,10 +488,18 @@ Note that there may be security implications of exposing host video input to the |:--|:--| | Format | `int` | | Access Type | Add, Delete, Get, Replace | -| Allowed Values | Range: `[0-1]` | | Default Value | 1 | + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 | Not allowed. | +| 1 (Default) | Allowed. | + + **Group policy mapping**: @@ -505,11 +561,19 @@ Note that there may be security implications of exposing folders from the host i |:--|:--| | Format | `int` | | Access Type | Add, Delete, Get, Replace | -| Allowed Values | Range: `[0-1]` | | Default Value | 1 | | Dependency [WindowsSandbox_AllowWriteToMappedFolders_DependencyGroup] | Dependency Type: `DependsOn`
Dependency URI: `Device/Vendor/MSFT/Policy/Config/WindowsSandbox/AllowMappedFolders`
Dependency Allowed Value: `[1]`
Dependency Allowed Value Type: `Range`
| + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 | Not allowed. | +| 1 (Default) | Allowed. | + + **Group policy mapping**: From db1d1634ae0f0e2167282c1900dd285696c196aa Mon Sep 17 00:00:00 2001 From: Robert Durff <43757104+MSRobertD@users.noreply.github.com> Date: Wed, 27 Nov 2024 13:13:57 -0800 Subject: [PATCH 021/123] Update toc.yml to Include WS 2022 Updating the TOC for the completed FIPS and CC evaluations to include the page for Windows Server 2022. --- windows/security/security-foundations/certification/toc.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/security/security-foundations/certification/toc.yml b/windows/security/security-foundations/certification/toc.yml index 33099035c3..98c1522666 100644 --- a/windows/security/security-foundations/certification/toc.yml +++ b/windows/security/security-foundations/certification/toc.yml @@ -9,6 +9,8 @@ items: href: validations/fips-140-windows10.md - name: Previous Windows releases href: validations/fips-140-windows-previous.md + - name: Windows Server 2022 + href: validations/fips-140-windows-server-2022.md - name: Windows Server 2019 href: validations/fips-140-windows-server-2019.md - name: Windows Server 2016 @@ -32,4 +34,4 @@ items: - name: Windows Server semi-annual releases href: validations/cc-windows-server-semi-annual.md - name: Previous Windows Server releases - href: validations/cc-windows-server-previous.md \ No newline at end of file + href: validations/cc-windows-server-previous.md From 7a5924e8b9b12f5ebcf7b625217abbbd5db732f2 Mon Sep 17 00:00:00 2001 From: Erik Moreau Date: Sun, 1 Dec 2024 17:26:10 +0100 Subject: [PATCH 022/123] Update hello-feature-dynamic-lock.md added Intune configuration info --- .../hello-feature-dynamic-lock.md | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md b/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md index 8c46258086..b0fc5d6b30 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md @@ -49,3 +49,31 @@ You can configure Windows devices to use the **dynamic lock** using a Group Poli The `rssiMin` attribute value signal indicates the strength needed for the device to be considered *in-range*. The default value of `-10` enables a user to move about an average size office or cubicle without triggering Windows to lock the device. The `rssiMaxDelta` has a default value of `-10`, which instruct Windows to lock the device once the signal strength weakens by more than measurement of 10. RSSI measurements are relative and lower as the bluetooth signals between the two paired devices reduces. Therefore a measurement of 0 is stronger than -10, which is stronger than -60, which is an indicator the devices are moving further apart from each other. + +## Configure Dynamic lock with Microsoft Intune + +To configure Dynamic lock using Microsoft Intune, follow these steps: + +1. Open the Microsoft Intune admin center and navigate to Devices > Windows > Configuration policies. +1. Create a new policy: + - Platform: Windows 10 and later + - Profile type: Templates - Custom + - Select Create +1. Configure the profile: + - Name: Provide a name for the profile. + - Description: (Optional) Add a description. +1. Add OMA-URI settings: + - Enable Dynamic lock: + - Name: Enable Dynamic lock + - Description: (Optional) This setting enables Dynamic lock + - OMA-URI: ./Device/Vendor/MSFT/PassportForWork/DynamicLock/DynamicLock + - Data type: Boolean + - Value: True + - Define the Dynamic lock signal rule: + - Name: Dynamic lock Signal Rule + - Description: (Optional) This setting configures Dynamic lock values + - OMA-URI: ./Device/Vendor/MSFT/PassportForWork/DynamicLock/Plugins + - Data type: String + - Value: `` +1. Assign the profile to the appropriate groups. + From eebf1fee53950150da3a9d66d624db0e5f49b024 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Mon, 2 Dec 2024 05:55:15 -0500 Subject: [PATCH 023/123] Freshness review --- education/windows/configure-aad-google-trust.md | 4 ++-- education/windows/edu-stickers.md | 4 ++-- education/windows/edu-themes.md | 4 ++-- education/windows/get-minecraft-for-education.md | 2 +- education/windows/suspcs/provisioning-package.md | 4 ++-- .../windows/tutorial-deploy-apps-winse/considerations.md | 4 ++-- .../windows/tutorial-deploy-apps-winse/create-policies.md | 4 ++-- education/windows/tutorial-deploy-apps-winse/deploy-apps.md | 4 ++-- .../windows/tutorial-deploy-apps-winse/deploy-policies.md | 4 ++-- education/windows/tutorial-deploy-apps-winse/index.md | 4 ++-- .../windows/tutorial-deploy-apps-winse/troubleshoot.md | 4 ++-- .../windows/tutorial-deploy-apps-winse/validate-apps.md | 4 ++-- windows/configuration/start/index.md | 4 ++-- windows/configuration/start/layout.md | 4 ++-- windows/configuration/start/xsd.md | 2 +- windows/configuration/store/index.md | 4 ++-- .../identity-protection/enterprise-certificate-pinning.md | 4 ++-- .../identity-protection/passwordless-experience/index.md | 4 ++-- windows/security/identity-protection/web-sign-in/index.md | 6 +++--- windows/security/licensing-and-edition-requirements.md | 4 ++-- .../data-protection/configure-s-mime.md | 4 ++-- windows/whats-new/windows-licensing.md | 4 ++-- 22 files changed, 43 insertions(+), 43 deletions(-) diff --git a/education/windows/configure-aad-google-trust.md b/education/windows/configure-aad-google-trust.md index 54bf350d77..146fa56c8d 100644 --- a/education/windows/configure-aad-google-trust.md +++ b/education/windows/configure-aad-google-trust.md @@ -1,7 +1,7 @@ --- -title: Configure federation between Google Workspace and Microsoft Entra ID +title: Configure Federation Between Google Workspace And Microsoft Entra Id description: Configuration of a federated trust between Google Workspace and Microsoft Entra ID, with Google Workspace acting as an identity provider (IdP) for Microsoft Entra ID. -ms.date: 04/10/2024 +ms.date: 12/02/2024 ms.topic: how-to appliesto: --- diff --git a/education/windows/edu-stickers.md b/education/windows/edu-stickers.md index 889b10b393..bdd5d2761c 100644 --- a/education/windows/edu-stickers.md +++ b/education/windows/edu-stickers.md @@ -1,7 +1,7 @@ --- -title: Configure Stickers for Windows 11 SE +title: Configure Stickers For Windows 11 SE description: Learn about the Stickers feature and how to configure it via Intune and provisioning package. -ms.date: 04/10/2024 +ms.date: 12/02/2024 ms.topic: how-to appliesto: - ✅ Windows 11 SE diff --git a/education/windows/edu-themes.md b/education/windows/edu-themes.md index b0d6efa639..727c1a26bd 100644 --- a/education/windows/edu-themes.md +++ b/education/windows/edu-themes.md @@ -1,7 +1,7 @@ --- -title: Configure education themes for Windows 11 +title: Configure Education Themes For Windows 11 description: Learn about education themes for Windows 11 and how to configure them via Intune and provisioning package. -ms.date: 04/10/2024 +ms.date: 12/02/2024 ms.topic: how-to appliesto: - ✅ Windows 11 diff --git a/education/windows/get-minecraft-for-education.md b/education/windows/get-minecraft-for-education.md index d5a0cb61fa..73cdb99f63 100644 --- a/education/windows/get-minecraft-for-education.md +++ b/education/windows/get-minecraft-for-education.md @@ -1,5 +1,5 @@ --- -title: Get and deploy Minecraft Education +title: Deploy Minecraft Education To Windows Devices description: Learn how to obtain and distribute Minecraft Education to Windows devices. ms.topic: how-to ms.date: 04/10/2024 diff --git a/education/windows/suspcs/provisioning-package.md b/education/windows/suspcs/provisioning-package.md index 677b9b7b6f..bde1800fa4 100644 --- a/education/windows/suspcs/provisioning-package.md +++ b/education/windows/suspcs/provisioning-package.md @@ -1,7 +1,7 @@ --- -title: What's in Set up School PCs provisioning package +title: What's In Set up School PCs Provisioning Package description: Learn about the settings that are configured in the provisioning package created with the Set up School PCs app. -ms.date: 04/10/2024 +ms.date: 12/02/2024 ms.topic: reference appliesto: - ✅ Windows 11 diff --git a/education/windows/tutorial-deploy-apps-winse/considerations.md b/education/windows/tutorial-deploy-apps-winse/considerations.md index 7f2a9f9207..54cb82322a 100644 --- a/education/windows/tutorial-deploy-apps-winse/considerations.md +++ b/education/windows/tutorial-deploy-apps-winse/considerations.md @@ -1,7 +1,7 @@ --- -title: Important considerations before deploying apps with managed installer +title: Important Considerations Before Deploying Apps With Managed Installer For Windows 11 SE description: Learn about important aspects to consider before deploying apps with managed installer. -ms.date: 04/10/2024 +ms.date: 12/02/2024 ms.topic: tutorial appliesto: - ✅ Windows 11 SE, version 22H2 and later diff --git a/education/windows/tutorial-deploy-apps-winse/create-policies.md b/education/windows/tutorial-deploy-apps-winse/create-policies.md index 26e022bbbf..6947d4612d 100644 --- a/education/windows/tutorial-deploy-apps-winse/create-policies.md +++ b/education/windows/tutorial-deploy-apps-winse/create-policies.md @@ -1,7 +1,7 @@ --- -title: Create policies to enable applications +title: Create Policies To Enable Applications In Windows 11 SE description: Learn how to create policies to enable the installation and execution of apps on Windows SE. -ms.date: 04/10/2024 +ms.date: 12/02/2024 ms.topic: tutorial appliesto: - ✅ Windows 11 SE, version 22H2 and later diff --git a/education/windows/tutorial-deploy-apps-winse/deploy-apps.md b/education/windows/tutorial-deploy-apps-winse/deploy-apps.md index 62442e2058..4ab613f7f0 100644 --- a/education/windows/tutorial-deploy-apps-winse/deploy-apps.md +++ b/education/windows/tutorial-deploy-apps-winse/deploy-apps.md @@ -1,7 +1,7 @@ --- -title: Applications deployment considerations +title: Applications Deployment Considerations In Windows 11 SE description: Learn how to deploy different types of applications to Windows 11 SE and some considerations before deploying them. -ms.date: 04/10/2024 +ms.date: 12/02/2024 ms.topic: tutorial appliesto: - ✅ Windows 11 SE, version 22H2 and later diff --git a/education/windows/tutorial-deploy-apps-winse/deploy-policies.md b/education/windows/tutorial-deploy-apps-winse/deploy-policies.md index 63f6143853..990f4c894b 100644 --- a/education/windows/tutorial-deploy-apps-winse/deploy-policies.md +++ b/education/windows/tutorial-deploy-apps-winse/deploy-policies.md @@ -1,7 +1,7 @@ --- -title: Deploy policies to enable applications +title: Deploy Policies To Enable Applications In Windows 11 SE description: Learn how to deploy AppLocker policies to enable apps execution on Windows SE devices. -ms.date: 04/10/2024 +ms.date: 12/02/2024 ms.topic: tutorial appliesto: - ✅ Windows 11 SE, version 22H2 and later diff --git a/education/windows/tutorial-deploy-apps-winse/index.md b/education/windows/tutorial-deploy-apps-winse/index.md index 1c09685eed..c96283ec0c 100644 --- a/education/windows/tutorial-deploy-apps-winse/index.md +++ b/education/windows/tutorial-deploy-apps-winse/index.md @@ -1,7 +1,7 @@ --- -title: Deploy applications to Windows 11 SE with Intune +title: Deploy Applications To Windows 11 SE With Intune description: Learn how to deploy applications to Windows 11 SE with Intune and how to validate the apps. -ms.date: 04/10/2024 +ms.date: 12/02/2024 ms.topic: tutorial appliesto: - ✅ Windows 11 SE, version 22H2 and later diff --git a/education/windows/tutorial-deploy-apps-winse/troubleshoot.md b/education/windows/tutorial-deploy-apps-winse/troubleshoot.md index 38a3ee9d4c..f23a6c4034 100644 --- a/education/windows/tutorial-deploy-apps-winse/troubleshoot.md +++ b/education/windows/tutorial-deploy-apps-winse/troubleshoot.md @@ -1,7 +1,7 @@ --- -title: Troubleshoot app deployment issues in Windows SE +title: Troubleshoot App Deployment Issues In Windows Se description: Troubleshoot common issues when deploying apps to Windows SE devices. -ms.date: 04/10/2024 +ms.date: 12/02/2024 ms.topic: tutorial appliesto: - ✅ Windows 11 SE, version 22H2 and later diff --git a/education/windows/tutorial-deploy-apps-winse/validate-apps.md b/education/windows/tutorial-deploy-apps-winse/validate-apps.md index 211638de72..4cfa11748b 100644 --- a/education/windows/tutorial-deploy-apps-winse/validate-apps.md +++ b/education/windows/tutorial-deploy-apps-winse/validate-apps.md @@ -1,7 +1,7 @@ --- -title: Validate the applications deployed to Windows SE devices +title: Validate The Applications Deployed To Windows Se Devices description: Learn how to validate the applications deployed to Windows SE devices via Intune. -ms.date: 04/10/2024 +ms.date: 12/02/2024 ms.topic: tutorial appliesto: - ✅ Windows 11 SE, version 22H2 and later diff --git a/windows/configuration/start/index.md b/windows/configuration/start/index.md index 0627e33663..2294ebe5cc 100644 --- a/windows/configuration/start/index.md +++ b/windows/configuration/start/index.md @@ -1,8 +1,8 @@ --- -title: Configure the Start menu +title: Configure The Windows Start Menu With Policy Settings description: Learn how to configure the Windows Start menu to provide quick access to the tools and applications that users need most. ms.topic: overview -ms.date: 04/10/2024 +ms.date: 12/02/2024 zone_pivot_groups: windows-versions-11-10 ms.collection: - essentials-manage diff --git a/windows/configuration/start/layout.md b/windows/configuration/start/layout.md index 81f5d11c75..af0a608300 100644 --- a/windows/configuration/start/layout.md +++ b/windows/configuration/start/layout.md @@ -1,8 +1,8 @@ --- -title: Customize the Start layout +title: Customize The Start Layout For Managed Windows Devices description: Learn how to customize the Windows Start layout, export its configuration, and deploy the customization to other devices. ms.topic: how-to -ms.date: 04/10/2024 +ms.date: 12/02/2024 zone_pivot_groups: windows-versions-11-10 appliesto: --- diff --git a/windows/configuration/start/xsd.md b/windows/configuration/start/xsd.md index 714f0aa70f..ba0f818bc7 100644 --- a/windows/configuration/start/xsd.md +++ b/windows/configuration/start/xsd.md @@ -2,7 +2,7 @@ title: Start XML Schema Definition (XSD) description: Start XSD reference article. ms.topic: reference -ms.date: 04/10/2024 +ms.date: 12/02/2024 appliesto: - ✅ Windows 10 --- diff --git a/windows/configuration/store/index.md b/windows/configuration/store/index.md index 09c92aea0f..b6b7609319 100644 --- a/windows/configuration/store/index.md +++ b/windows/configuration/store/index.md @@ -1,8 +1,8 @@ --- -title: Configure access to the Microsoft Store app +title: Configure Access To The Microsoft Store App For Windows Devices description: Learn how to configure access to the Microsoft Store app. ms.topic: how-to -ms.date: 03/13/2024 +ms.date: 12/02/2024 --- # Configure access to the Microsoft Store app diff --git a/windows/security/identity-protection/enterprise-certificate-pinning.md b/windows/security/identity-protection/enterprise-certificate-pinning.md index 55551c53ca..59d5e97382 100644 --- a/windows/security/identity-protection/enterprise-certificate-pinning.md +++ b/windows/security/identity-protection/enterprise-certificate-pinning.md @@ -1,8 +1,8 @@ --- -title: Enterprise certificate pinning +title: Enterprise Certificate Pinning In Windows description: Enterprise certificate pinning is a Windows feature for remembering, or pinning, a root issuing certificate authority, or end-entity certificate to a domain name. ms.topic: concept-article -ms.date: 03/12/2024 +ms.date: 12/02/2024 --- # Enterprise certificate pinning overview diff --git a/windows/security/identity-protection/passwordless-experience/index.md b/windows/security/identity-protection/passwordless-experience/index.md index 2301f86f81..cb555bfb78 100644 --- a/windows/security/identity-protection/passwordless-experience/index.md +++ b/windows/security/identity-protection/passwordless-experience/index.md @@ -1,9 +1,9 @@ --- -title: Windows passwordless experience +title: Configure Windows Passwordless Experience With Intune description: Learn how Windows passwordless experience enables your organization to move away from passwords. ms.collection: - tier1 -ms.date: 03/12/2024 +ms.date: 12/02/2024 ms.topic: how-to appliesto: - ✅ Windows 11 diff --git a/windows/security/identity-protection/web-sign-in/index.md b/windows/security/identity-protection/web-sign-in/index.md index 86e2b4b834..b44ce81bca 100644 --- a/windows/security/identity-protection/web-sign-in/index.md +++ b/windows/security/identity-protection/web-sign-in/index.md @@ -1,7 +1,7 @@ --- -title: Web sign-in for Windows -description: Learn how Web sign-in in Windows works, key scenarios, and how to configure it. -ms.date: 04/10/2024 +title: Use Web Sign-In To Enable Passwordless Sign-In In Windows +Description: Learn how Web sign-in in Windows works, key scenarios, and how to configure it. +ms.date: 12/02/2024 ms.topic: how-to appliesto: - ✅ Windows 11 diff --git a/windows/security/licensing-and-edition-requirements.md b/windows/security/licensing-and-edition-requirements.md index 34a527cefe..2e2dc3b457 100644 --- a/windows/security/licensing-and-edition-requirements.md +++ b/windows/security/licensing-and-edition-requirements.md @@ -1,8 +1,8 @@ --- -title: Windows security features licensing and edition requirements +title: Windows Security Features Licensing And Edition Requirements description: Learn about Windows licensing and edition requirements for the features included in Windows. ms.topic: conceptual -ms.date: 04/10/2024 +ms.date: 12/02/2024 appliesto: - ✅ Windows 11 ms.author: paoloma diff --git a/windows/security/operating-system-security/data-protection/configure-s-mime.md b/windows/security/operating-system-security/data-protection/configure-s-mime.md index 7781de30a9..456a0d81aa 100644 --- a/windows/security/operating-system-security/data-protection/configure-s-mime.md +++ b/windows/security/operating-system-security/data-protection/configure-s-mime.md @@ -1,8 +1,8 @@ --- -title: Configure S/MIME for Windows +title: Configure S/MIME For Windows description: S/MIME lets users encrypt outgoing messages and attachments so that only intended recipients with a digital ID, also known as a certificate, can read them. Learn how to configure S/MIME for Windows. ms.topic: how-to -ms.date: 04/10/2024 +ms.date: 12/02/2024 --- diff --git a/windows/whats-new/windows-licensing.md b/windows/whats-new/windows-licensing.md index fef13ecd5b..c50c610a28 100644 --- a/windows/whats-new/windows-licensing.md +++ b/windows/whats-new/windows-licensing.md @@ -1,5 +1,5 @@ --- -title: Windows commercial licensing overview +title: Windows Commercial Licensing Overview description: Learn about products and use rights available through Windows commercial licensing. ms.subservice: itpro-security author: paolomatarazzo @@ -8,7 +8,7 @@ manager: aaroncz ms.collection: - tier2 ms.topic: overview -ms.date: 02/29/2024 +ms.date: 12/02/2024 appliesto: - ✅ Windows 11 ms.service: windows-client From 423ee4656061168ebd2a5d5c514665ae3ce52228 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Mon, 2 Dec 2024 06:01:03 -0500 Subject: [PATCH 024/123] fixed metadata --- windows/security/identity-protection/web-sign-in/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/web-sign-in/index.md b/windows/security/identity-protection/web-sign-in/index.md index b44ce81bca..a48aa3c89d 100644 --- a/windows/security/identity-protection/web-sign-in/index.md +++ b/windows/security/identity-protection/web-sign-in/index.md @@ -1,6 +1,6 @@ --- title: Use Web Sign-In To Enable Passwordless Sign-In In Windows -Description: Learn how Web sign-in in Windows works, key scenarios, and how to configure it. +description: Learn how Web sign-in in Windows works, key scenarios, and how to configure it. ms.date: 12/02/2024 ms.topic: how-to appliesto: From 39deb112cde006feb7980057a9b0cac0eba43691 Mon Sep 17 00:00:00 2001 From: Padma Jayaraman Date: Mon, 2 Dec 2024 17:59:23 +0530 Subject: [PATCH 025/123] Pencil fix --- .../windows/configure-aad-google-trust.md | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/education/windows/configure-aad-google-trust.md b/education/windows/configure-aad-google-trust.md index 146fa56c8d..99b45ebcb9 100644 --- a/education/windows/configure-aad-google-trust.md +++ b/education/windows/configure-aad-google-trust.md @@ -37,19 +37,19 @@ To test federation, the following prerequisites must be met: ## Configure Google Workspace as an IdP for Microsoft Entra ID -1. Sign in to the [Google Workspace Admin Console](https://admin.google.com) with an account with *super admin* privileges +1. Sign in to the [Google Workspace Admin Console](https://admin.google.com) with an account with *super admin* privileges. 1. Select **Apps > Web and mobile apps** -1. Select **Add app > Search for apps** and search for *microsoft* -1. In the search results page, hover over the *Microsoft Office 365 - Web (SAML)* app and select **Select** +1. Select **Add app > Search for apps** and search for *microsoft*. +1. In the search results page, hover over the *Microsoft Office 365 - Web (SAML)* app and select **Select**. :::image type="content" source="images/google/google-admin-search-app.png" alt-text="Screenshot showing Google Workspace and the search button for Microsoft Office 365 SAML app."::: -1. On the **Google Identity Provider details** page, select **Download Metadata** and take note of the location where the **IdP metadata** - *GoogleIDPMetadata.xml* - file is saved, as it's used to set up Microsoft Entra ID later -1. On the **Service provider detail's** page - - Select the option **Signed response** - - Verify that the Name ID format is set to **PERSISTENT** - - Depending on how the Microsoft Entra users have been provisioned in Microsoft Entra ID, you might need to adjust the **Name ID** mapping.\ - If using Google autoprovisioning, select **Basic Information > Primary email** - - Select **Continue** -1. On the **Attribute mapping** page, map the Google attributes to the Microsoft Entra attributes +1. On the **Google Identity Provider details** page, select **Download Metadata** and take note of the location where the **IdP metadata** - *GoogleIDPMetadata.xml* - file is saved, as it's used to set up Microsoft Entra ID later. +1. On the **Service provider detail's** page: + - Select the option **Signed response**. + - Verify that the Name ID format is set to **PERSISTENT**. + - Depending on how the Microsoft Entra users have been provisioned in Microsoft Entra ID, you might need to adjust the **Name ID** mapping. + If using Google autoprovisioning, select **Basic Information > Primary email**. + - Select **Continue**. +1. On the **Attribute mapping** page, map the Google attributes to the Microsoft Entra attributes. |Google Directory attributes|Microsoft Entra attributes| |-|-| @@ -58,7 +58,7 @@ To test federation, the following prerequisites must be met: > [!IMPORTANT] > You must ensure that your Microsoft Entra user account's email matches that in your Google Workspace. -1. Select **Finish** +1. Select **Finish**. Now that the app is configured, you must enable it for the users in Google Workspace: @@ -139,4 +139,4 @@ From a private browser session, navigate to https://portal.azure.com and sign in 1. The user is redirected to Google Workspace to sign in 1. After Google Workspace authentication, the user is redirected back to Microsoft Entra ID and signed in -:::image type="content" source="images/google/google-sso.gif" alt-text="A GIF that shows the user authenticating the Azure portal using a Google Workspace federated identity."::: + :::image type="content" source="images/google/google-sso.gif" alt-text="A GIF that shows the user authenticating the Azure portal using a Google Workspace federated identity."::: From f03e6c2a8ebfee0b2c4e483bf5161da825afbc1c Mon Sep 17 00:00:00 2001 From: Padma Jayaraman Date: Mon, 2 Dec 2024 19:24:55 +0530 Subject: [PATCH 026/123] Pencil fix --- .../windows/get-minecraft-for-education.md | 76 +++++++++---------- 1 file changed, 38 insertions(+), 38 deletions(-) diff --git a/education/windows/get-minecraft-for-education.md b/education/windows/get-minecraft-for-education.md index 73cdb99f63..3268fa4f52 100644 --- a/education/windows/get-minecraft-for-education.md +++ b/education/windows/get-minecraft-for-education.md @@ -41,14 +41,14 @@ When you sign up for a Minecraft Education trial, or purchase a subscription, Mi To purchase direct licenses: -1. Go to [https://education.minecraft.net/licensing](https://education.minecraft.net/licensing) -1. Under **Direct Purchase**, select **Buy Now** -1. Sign in to the Admin Center purchase page with an account that has *Billing Admin* privileges in your organization -1. If necessary, fill in any requested organization or payment information -1. Select the quantity of licenses you'd like to purchase and select **Place Order** -1. After you've purchased licenses, you'll need to [assign Minecraft Education licenses to your users](#assign-minecraft-education-licenses) +1. Go to [https://education.minecraft.net/licensing](https://education.minecraft.net/licensing). +1. Under **Direct Purchase**, select **Buy Now**. +1. Sign in to the Admin Center purchase page with an account that has *Billing Admin* privileges in your organization. +1. If necessary, fill in any requested organization or payment information. +1. Select the quantity of licenses you'd like to purchase and select **Place Order**. +1. After you've purchased licenses, you'll need to [assign Minecraft Education licenses to your users](#assign-minecraft-education-licenses). -If you need more licenses for Minecraft Education, see [Buy or remove subscription licenses](/microsoft-365/commerce/licenses/buy-licenses). + If you need more licenses for Minecraft Education, see [Buy or remove subscription licenses](/microsoft-365/commerce/licenses/buy-licenses). ### Volume licensing @@ -85,17 +85,17 @@ For more information about invoices and how to pay by invoice, see [Payment opti You can assign and manage Minecraft Education licenses from the Microsoft 365 admin center.\ You must be a *Global*, *License*, or *User admin* to assign licenses. For more information, see [About Microsoft 365 admin roles][M365-2]. -1. Go to [https://admin.microsoft.com](https://admin.microsoft.com) and sign in with an account that can assign licenses in your organization -1. From the left-hand menu in Microsoft Admin Center, select *Users* -1. From the Users list, select the users you want to add or remove for Minecraft Education access -1. Add the relevant Minecraft Education, A1 for device or A3/A5 license if it not assigned already +1. Go to [https://admin.microsoft.com](https://admin.microsoft.com) and sign in with an account that can assign licenses in your organization. +1. From the left-hand menu in Microsoft Admin Center, select *Users*. +1. From the Users list, select the users you want to add or remove for Minecraft Education access. +1. Add the relevant Minecraft Education, A1 for device or A3/A5 license if it is not assigned already. > [!Note] > If you add a faculty license, the user will be assigned a *teacher* role in the application and will have elevated permissions. 1. If you've assigned a Microsoft 365 A3 or A5 license, after selecting the product license, ensure to toggle *Minecraft Education* on > [!Note] > If you turn off this setting after students have been using Minecraft Education, they will have up to 30 more days to use Minecraft Education before they don't have access -:::image type="content" source="images/minecraft/admin-center-minecraft-license.png" alt-text="Screenshot of the Microsoft 365 admin center - assignment of a Minecraft Education license to a user." lightbox="images/minecraft/admin-center-minecraft-license.png"::: + :::image type="content" source="images/minecraft/admin-center-minecraft-license.png" alt-text="Screenshot of the Microsoft 365 admin center - assignment of a Minecraft Education license to a user." lightbox="images/minecraft/admin-center-minecraft-license.png"::: For more information about license assignment, see [Manage Licenses in the Admin Center][EDU-5]. @@ -105,11 +105,11 @@ There are different ways to install Minecraft Education on Windows devices. You If you're using Microsoft Intune to manage your devices, follow these steps to deploy Minecraft Education: 1. Go to the Microsoft Intune admin center -1. Select **Apps > Windows > Add** -1. Under *App type*, select **Microsoft Store app (new)** and choose **Select** -1. Select **Search the Microsoft Store app (new)** and search for **Minecraft Education** -1. Select the app and choose **Select** -1. On the *App information* screen, select the *install behavior*, then select **Next** +1. Select **Apps > Windows > Add**. +1. Under *App type*, select **Microsoft Store app (new)** and choose **Select**. +1. Select **Search the Microsoft Store app (new)** and search for **Minecraft Education**. +1. Select the app and choose **Select**. +1. On the *App information* screen, select the *install behavior*, then select **Next**. - *System* means install for all users (recommended for most scenarios) - *User* means only install for the targeted user or current user of a device 1. On the *Assignments* screen, choose how you want to target the installation of Minecraft Education @@ -118,31 +118,31 @@ If you're using Microsoft Intune to manage your devices, follow these steps to d 1. Select **Next** 1. On the *Review + Create* screen, select **Create** -Intune will install Minecraft Education at the next device check-in, or will make it available in Company Portal for on-demand installs. + Intune will install Minecraft Education at the next device check-in, or will make it available in Company Portal for on-demand installs. -:::image type="content" source="images/minecraft/win11-minecraft-education.png" alt-text="Screenshot of Minecraft Education executing on a Windows 11 device."::: + :::image type="content" source="images/minecraft/win11-minecraft-education.png" alt-text="Screenshot of Minecraft Education executing on a Windows 11 device."::: -For more information how to deploy Minecraft Education, see: + For more information how to deploy Minecraft Education, see: -- [Windows installation guide][EDU-6] -- [Chromebook installation guide][EDU-7] -- [iOS installation guide][EDU-8] -- [macOS installation guide][EDU-9] + - [Windows installation guide][EDU-6] + - [Chromebook installation guide][EDU-7] + - [iOS installation guide][EDU-8] + - [macOS installation guide][EDU-9] -If you're having trouble installing the app, you can get more help on the [Minecraft Education support page][AKA-1]. + If you're having trouble installing the app, you can get more help on the [Minecraft Education support page][AKA-1]. - -[EDU-1]: https://educommunity.minecraft.net/hc/articles/360047116432 -[EDU-2]: https://educommunity.minecraft.net/hc/articles/360061371532 -[EDU-3]: https://www.microsoft.com/education/products/office -[EDU-4]: https://educommunity.minecraft.net/hc/articles/360061369812 -[EDU-6]: https://educommunity.minecraft.net/hc/articles/13106858087956 -[EDU-5]: https://educommunity.minecraft.net/hc/articles/360047118672 -[EDU-7]: https://educommunity.minecraft.net/hc/articles/4404625978516 -[EDU-8]: https://educommunity.minecraft.net/hc/articles/360047556351 -[EDU-9]: https://educommunity.minecraft.net/hc/articles/360047118792 + + [EDU-1]: https://educommunity.minecraft.net/hc/articles/360047116432 + [EDU-2]: https://educommunity.minecraft.net/hc/articles/360061371532 + [EDU-3]: https://www.microsoft.com/education/products/office + [EDU-4]: https://educommunity.minecraft.net/hc/articles/360061369812 + [EDU-6]: https://educommunity.minecraft.net/hc/articles/13106858087956 + [EDU-5]: https://educommunity.minecraft.net/hc/articles/360047118672 + [EDU-7]: https://educommunity.minecraft.net/hc/articles/4404625978516 + [EDU-8]: https://educommunity.minecraft.net/hc/articles/360047556351 + [EDU-9]: https://educommunity.minecraft.net/hc/articles/360047118792 -[M365-1]: /microsoft-365/commerce/billing-and-payments/pay-for-your-subscription -[M365-2]: /microsoft-365/admin/add-users/about-admin-roles + [M365-1]: /microsoft-365/commerce/billing-and-payments/pay-for-your-subscription + [M365-2]: /microsoft-365/admin/add-users/about-admin-roles -[AKA-1]: https://aka.ms/minecraftedusupport + [AKA-1]: https://aka.ms/minecraftedusupport From 0b421c2768ff8ddb9565077f86b968a834c85074 Mon Sep 17 00:00:00 2001 From: Padma Jayaraman Date: Mon, 2 Dec 2024 22:32:15 +0530 Subject: [PATCH 027/123] Reverted changes --- .../windows/configure-aad-google-trust.md | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/education/windows/configure-aad-google-trust.md b/education/windows/configure-aad-google-trust.md index 99b45ebcb9..65c6673c04 100644 --- a/education/windows/configure-aad-google-trust.md +++ b/education/windows/configure-aad-google-trust.md @@ -37,19 +37,19 @@ To test federation, the following prerequisites must be met: ## Configure Google Workspace as an IdP for Microsoft Entra ID -1. Sign in to the [Google Workspace Admin Console](https://admin.google.com) with an account with *super admin* privileges. +1. Sign in to the [Google Workspace Admin Console](https://admin.google.com) with an account with *super admin* privileges 1. Select **Apps > Web and mobile apps** -1. Select **Add app > Search for apps** and search for *microsoft*. -1. In the search results page, hover over the *Microsoft Office 365 - Web (SAML)* app and select **Select**. +1. Select **Add app > Search for apps** and search for *microsoft* +1. In the search results page, hover over the *Microsoft Office 365 - Web (SAML)* app and select **Select** :::image type="content" source="images/google/google-admin-search-app.png" alt-text="Screenshot showing Google Workspace and the search button for Microsoft Office 365 SAML app."::: -1. On the **Google Identity Provider details** page, select **Download Metadata** and take note of the location where the **IdP metadata** - *GoogleIDPMetadata.xml* - file is saved, as it's used to set up Microsoft Entra ID later. +1. On the **Google Identity Provider details** page, select **Download Metadata** and take note of the location where the **IdP metadata** - *GoogleIDPMetadata.xml* - file is saved, as it's used to set up Microsoft Entra ID later 1. On the **Service provider detail's** page: - - Select the option **Signed response**. - - Verify that the Name ID format is set to **PERSISTENT**. - - Depending on how the Microsoft Entra users have been provisioned in Microsoft Entra ID, you might need to adjust the **Name ID** mapping. - If using Google autoprovisioning, select **Basic Information > Primary email**. - - Select **Continue**. -1. On the **Attribute mapping** page, map the Google attributes to the Microsoft Entra attributes. + - Select the option **Signed response** + - Verify that the Name ID format is set to **PERSISTENT** + - Depending on how the Microsoft Entra users have been provisioned in Microsoft Entra ID, you might need to adjust the **Name ID** mapping + If using Google autoprovisioning, select **Basic Information > Primary email** + - Select **Continue** +1. On the **Attribute mapping** page, map the Google attributes to the Microsoft Entra attributes |Google Directory attributes|Microsoft Entra attributes| |-|-| @@ -58,7 +58,7 @@ To test federation, the following prerequisites must be met: > [!IMPORTANT] > You must ensure that your Microsoft Entra user account's email matches that in your Google Workspace. -1. Select **Finish**. +1. Select **Finish** Now that the app is configured, you must enable it for the users in Google Workspace: From 8cf70cc17a66c5ae6309b3dd45b7b8efd5f73529 Mon Sep 17 00:00:00 2001 From: Padma Jayaraman Date: Mon, 2 Dec 2024 22:47:24 +0530 Subject: [PATCH 028/123] Reverted periods --- .../windows/get-minecraft-for-education.md | 34 +++++++++---------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/education/windows/get-minecraft-for-education.md b/education/windows/get-minecraft-for-education.md index 3268fa4f52..1b8a44d7c4 100644 --- a/education/windows/get-minecraft-for-education.md +++ b/education/windows/get-minecraft-for-education.md @@ -41,14 +41,14 @@ When you sign up for a Minecraft Education trial, or purchase a subscription, Mi To purchase direct licenses: -1. Go to [https://education.minecraft.net/licensing](https://education.minecraft.net/licensing). -1. Under **Direct Purchase**, select **Buy Now**. -1. Sign in to the Admin Center purchase page with an account that has *Billing Admin* privileges in your organization. -1. If necessary, fill in any requested organization or payment information. -1. Select the quantity of licenses you'd like to purchase and select **Place Order**. -1. After you've purchased licenses, you'll need to [assign Minecraft Education licenses to your users](#assign-minecraft-education-licenses). +1. Go to [https://education.minecraft.net/licensing](https://education.minecraft.net/licensing) +1. Under **Direct Purchase**, select **Buy Now** +1. Sign in to the Admin Center purchase page with an account that has *Billing Admin* privileges in your organization +1. If necessary, fill in any requested organization or payment information +1. Select the quantity of licenses you'd like to purchase and select **Place Order** +1. After you've purchased licenses, you'll need to [assign Minecraft Education licenses to your users](#assign-minecraft-education-licenses) - If you need more licenses for Minecraft Education, see [Buy or remove subscription licenses](/microsoft-365/commerce/licenses/buy-licenses). + If you need more licenses for Minecraft Education, see [Buy or remove subscription licenses](/microsoft-365/commerce/licenses/buy-licenses) ### Volume licensing @@ -85,12 +85,12 @@ For more information about invoices and how to pay by invoice, see [Payment opti You can assign and manage Minecraft Education licenses from the Microsoft 365 admin center.\ You must be a *Global*, *License*, or *User admin* to assign licenses. For more information, see [About Microsoft 365 admin roles][M365-2]. -1. Go to [https://admin.microsoft.com](https://admin.microsoft.com) and sign in with an account that can assign licenses in your organization. -1. From the left-hand menu in Microsoft Admin Center, select *Users*. -1. From the Users list, select the users you want to add or remove for Minecraft Education access. -1. Add the relevant Minecraft Education, A1 for device or A3/A5 license if it is not assigned already. +1. Go to [https://admin.microsoft.com](https://admin.microsoft.com) and sign in with an account that can assign licenses in your organization +1. From the left-hand menu in Microsoft Admin Center, select *Users* +1. From the Users list, select the users you want to add or remove for Minecraft Education access +1. Add the relevant Minecraft Education, A1 for device or A3/A5 license if it is not assigned already > [!Note] - > If you add a faculty license, the user will be assigned a *teacher* role in the application and will have elevated permissions. + > If you add a faculty license, the user will be assigned a *teacher* role in the application and will have elevated permissions 1. If you've assigned a Microsoft 365 A3 or A5 license, after selecting the product license, ensure to toggle *Minecraft Education* on > [!Note] > If you turn off this setting after students have been using Minecraft Education, they will have up to 30 more days to use Minecraft Education before they don't have access @@ -105,11 +105,11 @@ There are different ways to install Minecraft Education on Windows devices. You If you're using Microsoft Intune to manage your devices, follow these steps to deploy Minecraft Education: 1. Go to the Microsoft Intune admin center -1. Select **Apps > Windows > Add**. -1. Under *App type*, select **Microsoft Store app (new)** and choose **Select**. -1. Select **Search the Microsoft Store app (new)** and search for **Minecraft Education**. -1. Select the app and choose **Select**. -1. On the *App information* screen, select the *install behavior*, then select **Next**. +1. Select **Apps > Windows > Add** +1. Under *App type*, select **Microsoft Store app (new)** and choose **Select** +1. Select **Search the Microsoft Store app (new)** and search for **Minecraft Education** +1. Select the app and choose **Select** +1. On the *App information* screen, select the *install behavior*, then select **Next** - *System* means install for all users (recommended for most scenarios) - *User* means only install for the targeted user or current user of a device 1. On the *Assignments* screen, choose how you want to target the installation of Minecraft Education From 7665c16271fbfb360b63d7d0597f0a3240e92e90 Mon Sep 17 00:00:00 2001 From: Padma Jayaraman Date: Mon, 2 Dec 2024 22:51:39 +0530 Subject: [PATCH 029/123] Reverted slash --- education/windows/configure-aad-google-trust.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/education/windows/configure-aad-google-trust.md b/education/windows/configure-aad-google-trust.md index 65c6673c04..4f9ce1a8ed 100644 --- a/education/windows/configure-aad-google-trust.md +++ b/education/windows/configure-aad-google-trust.md @@ -46,7 +46,7 @@ To test federation, the following prerequisites must be met: 1. On the **Service provider detail's** page: - Select the option **Signed response** - Verify that the Name ID format is set to **PERSISTENT** - - Depending on how the Microsoft Entra users have been provisioned in Microsoft Entra ID, you might need to adjust the **Name ID** mapping + - Depending on how the Microsoft Entra users have been provisioned in Microsoft Entra ID, you might need to adjust the **Name ID** mapping\ If using Google autoprovisioning, select **Basic Information > Primary email** - Select **Continue** 1. On the **Attribute mapping** page, map the Google attributes to the Microsoft Entra attributes From ec3bbd5adb51da0c017ea04dfe09b51ff7d996b9 Mon Sep 17 00:00:00 2001 From: Padma Jayaraman Date: Mon, 2 Dec 2024 22:57:00 +0530 Subject: [PATCH 030/123] Fixed alignment --- .../data-protection/configure-s-mime.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/operating-system-security/data-protection/configure-s-mime.md b/windows/security/operating-system-security/data-protection/configure-s-mime.md index 456a0d81aa..ef44453923 100644 --- a/windows/security/operating-system-security/data-protection/configure-s-mime.md +++ b/windows/security/operating-system-security/data-protection/configure-s-mime.md @@ -68,4 +68,4 @@ When you receive a signed email, the app provides a feature to install correspon 1. Select the digital signature icon in the reading pane 1. Select **Install.** - :::image type="content" alt-text="Screenshot of the Windows Mail app, showing a message to install the sender's encryption certificate." source="images/install-cert.png"::: + :::image type="content" alt-text="Screenshot of the Windows Mail app, showing a message to install the sender's encryption certificate." source="images/install-cert.png"::: From 78e45e6be2ec66eb81a51a0782d4d36f09df79de Mon Sep 17 00:00:00 2001 From: Lee Yan Date: Mon, 2 Dec 2024 16:29:55 -0800 Subject: [PATCH 031/123] Update policy-csp-controlpolicyconflict.md --- .../client-management/mdm/policy-csp-controlpolicyconflict.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md index 863938353d..62f0079893 100644 --- a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md +++ b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md @@ -37,7 +37,7 @@ If set to 1 then any MDM policy that's set that has an equivalent GP policy will > [!NOTE] -> MDMWinsOverGP only applies to policies in Policy CSP. MDM policies win over Group Policies where applicable; not all Group Policies are available via MDM or CSP. It does not apply to other MDM settings with equivalent GP settings that are defined in other CSPs such as the [Defender CSP](defender-csp.md). +> MDMWinsOverGP only applies to policies in Policy CSP. MDM policies win over Group Policies where applicable; not all Group Policies are available via MDM or CSP. It does not apply to other MDM settings with equivalent GP settings that are defined in other CSPs such as the [Defender CSP](defender-csp.md). As a result, it is recommended that the same settings should not be configured in both GPO and MDM policies unless the settings are under the control of MDMWinsOverGP. Otherwise, there will be a race condition and no guarantee which one wins. This policy is used to ensure that MDM policy wins over GP when policy is configured on MDM channel. The default value is 0. The MDM policies in Policy CSP will behave as described if this policy value is set 1. From f891b13d125b95f92c3f8d9c0a7137bc573760de Mon Sep 17 00:00:00 2001 From: chrisjlin <36452239+chrisjlin@users.noreply.github.com> Date: Mon, 2 Dec 2024 16:42:28 -0800 Subject: [PATCH 032/123] Specify host machine type in pem file docs --- windows/deployment/do/mcc-ent-deploy-to-linux.md | 2 +- windows/deployment/do/mcc-ent-deploy-to-windows.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/do/mcc-ent-deploy-to-linux.md b/windows/deployment/do/mcc-ent-deploy-to-linux.md index 6ca1ef6192..8280d47b34 100644 --- a/windows/deployment/do/mcc-ent-deploy-to-linux.md +++ b/windows/deployment/do/mcc-ent-deploy-to-linux.md @@ -28,7 +28,7 @@ Before deploying Connected Cache to a Linux host machine, ensure that the host m 1. Open a command line window *as administrator* on the host machine, then change directory to the extracted provisioning package. >[!Note] - >* If you are deploying your cache node to a host machine that uses a TLS-inspecting proxy (e.g. ZScaler), ensure that you've [configured the proxy settings](mcc-ent-create-resource-and-cache.md#proxy-settings) for your cache node, then place the proxy certificate file (.pem) in the extracted provisioning package directory and add `proxyTlsCertificatePath="/path/to/pem/file"` to the provisioning command. + >* If you are deploying your cache node to a Linux host machine that uses a TLS-inspecting proxy (e.g. ZScaler), ensure that you've [configured the proxy settings](mcc-ent-create-resource-and-cache.md#proxy-settings) for your cache node, then place the proxy certificate file (.pem) in the extracted provisioning package directory and add `proxyTlsCertificatePath="/path/to/pem/file"` to the provisioning command. 1. Set access permissions to allow the `provisionmcc.sh` script within the provisioning package directory to execute. 1. Run the provisioning command on the host machine. diff --git a/windows/deployment/do/mcc-ent-deploy-to-windows.md b/windows/deployment/do/mcc-ent-deploy-to-windows.md index 105def16cf..d55902c2ac 100644 --- a/windows/deployment/do/mcc-ent-deploy-to-windows.md +++ b/windows/deployment/do/mcc-ent-deploy-to-windows.md @@ -34,7 +34,7 @@ Before deploying Connected Cache to a Windows host machine, ensure that the host 1. Open a PowerShell window *as administrator* on the host machine, then change directory to the extracted provisioning package. >[!Note] - >* If you are deploying your cache node to a host machine that uses a TLS-inspecting proxy (e.g. ZScaler), ensure that you've [configured the proxy settings](mcc-ent-create-resource-and-cache.md#proxy-settings) for your cache node, then place the proxy certificate file (.pem) in the extracted provisioning package directory and add `-proxyTlsCertificatePemFileName "path/to/pem/file"` to the provisioning command. + >* If you are deploying your cache node to a Windows host machine that uses a TLS-inspecting proxy (e.g. ZScaler), ensure that you've [configured the proxy settings](mcc-ent-create-resource-and-cache.md#proxy-settings) for your cache node, then place the proxy certificate file (.pem) in the extracted provisioning package directory and add `-proxyTlsCertificatePemFileName "path/to/pem/file"` to the provisioning command. 1. Set the Execution Policy to *Unrestricted* to allow the provisioning scripts to run. 1. Create a `$User` PowerShell variable containing the username of the account you intend to designate as the Connected Cache runtime account. From b624ad7c80b3caba7fe7ed0d11f0de845ddb7a51 Mon Sep 17 00:00:00 2001 From: chrisjlin <36452239+chrisjlin@users.noreply.github.com> Date: Mon, 2 Dec 2024 17:01:45 -0800 Subject: [PATCH 033/123] Fix pem param for Windows --- windows/deployment/do/mcc-ent-deploy-to-windows.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/do/mcc-ent-deploy-to-windows.md b/windows/deployment/do/mcc-ent-deploy-to-windows.md index d55902c2ac..cee4f0975b 100644 --- a/windows/deployment/do/mcc-ent-deploy-to-windows.md +++ b/windows/deployment/do/mcc-ent-deploy-to-windows.md @@ -34,7 +34,7 @@ Before deploying Connected Cache to a Windows host machine, ensure that the host 1. Open a PowerShell window *as administrator* on the host machine, then change directory to the extracted provisioning package. >[!Note] - >* If you are deploying your cache node to a Windows host machine that uses a TLS-inspecting proxy (e.g. ZScaler), ensure that you've [configured the proxy settings](mcc-ent-create-resource-and-cache.md#proxy-settings) for your cache node, then place the proxy certificate file (.pem) in the extracted provisioning package directory and add `-proxyTlsCertificatePemFileName "path/to/pem/file"` to the provisioning command. + >* If you are deploying your cache node to a Windows host machine that uses a TLS-inspecting proxy (e.g. ZScaler), ensure that you've [configured the proxy settings](mcc-ent-create-resource-and-cache.md#proxy-settings) for your cache node, then place the proxy certificate file (.pem) in the extracted provisioning package directory and add `-proxyTlsCertificatePemFileName "mycert.pem"` to the provisioning command. 1. Set the Execution Policy to *Unrestricted* to allow the provisioning scripts to run. 1. Create a `$User` PowerShell variable containing the username of the account you intend to designate as the Connected Cache runtime account. From a0016be2399b7dd6c14563c04fb6f9ca3d56dca0 Mon Sep 17 00:00:00 2001 From: chrisjlin <36452239+chrisjlin@users.noreply.github.com> Date: Mon, 2 Dec 2024 17:16:34 -0800 Subject: [PATCH 034/123] Added desc of other WSL logs, support bundle generation instructions --- .../deployment/do/mcc-ent-troubleshooting.md | 27 +++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/windows/deployment/do/mcc-ent-troubleshooting.md b/windows/deployment/do/mcc-ent-troubleshooting.md index 0f5b02bc00..7acb2a1a51 100644 --- a/windows/deployment/do/mcc-ent-troubleshooting.md +++ b/windows/deployment/do/mcc-ent-troubleshooting.md @@ -60,6 +60,16 @@ There are three types of installation log files: The Registered Task Transcript is usually the most useful for diagnosing the installation issue. +### Collecting other Windows-hosted logs + +Once the cache node has been successfully installed on the Windows host machine, it will periodically write log files to the installation directory (`C:\mccwsl01\` by default). + +You can expect to see the following types of log files: + +1. **WSL_Mcc_Monitor_FromRegisteredTask_Transcript**: This log file records the output of the "MCC_Monitor_Task" scheduled task that is responsible for ensuring that the Connected Cache continues running. +1. **WSL_Mcc_UserUninstall_Transcript**: This log file records the ouput of the "uninstallmcconwsl.ps1" script that the user can run to uninstall MCC software from the host machine. +1. **WSL_Mcc_Uninstall_FromRegisteredTask_Transcript**: This log file records the output of the "MCC_Uninstall_Task" scheduled task that is responsible for uninstalling the MCC software from the host machine when called by the "uninstallmcconwsl.ps1" script. + ### WSL2 fails to install with message "A specified logon session does not exist" If you are encountering this failure message when attempting to run the PowerShell command `wsl.exe --install --no-distribution` on your Windows host machine, verify that you are logged on as a local administrator and running the command from an elevated PowerShell window. @@ -106,6 +116,23 @@ If it shows the **edgeAgent** and **edgeHub** containers but doesn't show **MCC* You can also reboot the IoT Edge runtime using `sudo systemctl restart iotedge`. +## Generating cache node diagnostic support bundle + +You can generate a support bundle with detailed diagnostic information by running the `collectMccDiagnostics.sh` script found in the MCC diagnostics folder. + +For Windows host machines, you will need to do the following: + +1. Launch a PowerShell process as the account specified as the runtime account during the Connected Cache install +1. Run `wsl -d Ubuntu-22.04-Mcc-Base` to access the Linux distribution that hosts the Connected Cache container +1. Change directory to `path/to/collectMccDiagnostics.sh` +1. Run the script +1. Extract the generated support bundle from `path/to/support/bundle` to `path/to/windows/host` + +For Linux host machines, you will need to do the following: + +1. Change directory to `path/to/collectMccDiagnostics.sh` +1. Run the script + ## Troubleshooting cache node monitoring Connected Cache node status and performance can be [monitored using the Azure portal user interface](mcc-ent-monitoring.md). From 93735fb47ff548f785ed441a2a3a3778f4a3119f Mon Sep 17 00:00:00 2001 From: chrisjlin <36452239+chrisjlin@users.noreply.github.com> Date: Mon, 2 Dec 2024 18:01:58 -0800 Subject: [PATCH 035/123] Adding known issues section to troubleshooting page --- windows/deployment/do/mcc-ent-troubleshooting.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/windows/deployment/do/mcc-ent-troubleshooting.md b/windows/deployment/do/mcc-ent-troubleshooting.md index 7acb2a1a51..e9dee50493 100644 --- a/windows/deployment/do/mcc-ent-troubleshooting.md +++ b/windows/deployment/do/mcc-ent-troubleshooting.md @@ -19,6 +19,18 @@ ms.date: 10/30/2024 This article contains instructions on how to troubleshoot different issues you may encounter while using Connected Cache. These issues are categorized by the task in which they may be encountered. +## Known issues + +This section describes known issues with the latest release of Microsoft Connected Cache for Enterprise and Edcuation. See the [Release Notes page](mcc-ent-release-notes.md) for more details on the fixes included in the latest release. + +### Cache node monitoring chart in the Azure Portal user interface displays incorrect information + +### Script provisionmcconwsl.ps1 fails when executed on a Windows 11 host machine configured to use Japanese language + +In the Connected Cache installation script (provisionmcconwsl.ps1), the check processing is executed until the value of the last execution code (Last Result) of the installation task becomes 0 in the following processing. However, in Japanese OS, the return value is null because "Last Result" is displayed, and an exception occurs. + +As a temporary workaround, the above error does not occur by changing the language setting of the local administrator user from Japanese to English and then executing the script. + ## Steps to obtain an Azure subscription ID From 19446c58d60c1cc8ae1f034534bde2837afca6a4 Mon Sep 17 00:00:00 2001 From: chrisjlin <36452239+chrisjlin@users.noreply.github.com> Date: Tue, 3 Dec 2024 11:20:27 -0800 Subject: [PATCH 036/123] Adding instructions for generating diagnostic support bundle to troubleshooting page --- .../deployment/do/mcc-ent-troubleshooting.md | 21 ++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/windows/deployment/do/mcc-ent-troubleshooting.md b/windows/deployment/do/mcc-ent-troubleshooting.md index e9dee50493..5b8182d820 100644 --- a/windows/deployment/do/mcc-ent-troubleshooting.md +++ b/windows/deployment/do/mcc-ent-troubleshooting.md @@ -130,20 +130,27 @@ You can also reboot the IoT Edge runtime using `sudo systemctl restart iotedge`. ## Generating cache node diagnostic support bundle -You can generate a support bundle with detailed diagnostic information by running the `collectMccDiagnostics.sh` script found in the MCC diagnostics folder. +You can generate a support bundle with detailed diagnostic information by running the `collectMccDiagnostics.sh` script included in the installation package. For Windows host machines, you will need to do the following: 1. Launch a PowerShell process as the account specified as the runtime account during the Connected Cache install -1. Run `wsl -d Ubuntu-22.04-Mcc-Base` to access the Linux distribution that hosts the Connected Cache container -1. Change directory to `path/to/collectMccDiagnostics.sh` -1. Run the script -1. Extract the generated support bundle from `path/to/support/bundle` to `path/to/windows/host` +1. Change directory to the "MccScripts" directory within the extracted installation package and verify the presence of `collectmccdiagnostics.sh` +1. Run `wsl bash collectmccdiagnostics.sh` to generate the diagnostic support bundle +1. Once the script has completed, note the console output describing the location of the diagnostic support bundle + + For example, "Successfully zipped package, please send file created at /etc/mccdiagnostics/support_bundle_2024_12_03__11_05_39__AM.tar.gz" +1. Run the `wsl cp` command to copy the support bundle from the location within the Ubuntu distribution to the Windows host OS + + For example, `wsl cp /etc/mccdiagnostics/support_bundle_2024_12_03__11_05_39__AM.tar.gz /mnt/c/mccwsl01/SupportBundles` For Linux host machines, you will need to do the following: -1. Change directory to `path/to/collectMccDiagnostics.sh` -1. Run the script +1. Change directory to the "MccScripts" directory within the extracted installation package and verify the presence of `collectmccdiagnostics.sh` +1. Run `collectmccdiagnostics.sh` to generate the diagnostic support bundle +1. Once the script has completed, note the console output describing the location of the diagnostic support bundle + + For example, "Successfully zipped package, please send file created at /etc/mccdiagnostics/support_bundle_2024_12_03__11_05_39__AM.tar.gz" ## Troubleshooting cache node monitoring From d36c9e8cb867bedd1bee39a886cfbe896d4a6647 Mon Sep 17 00:00:00 2001 From: Markus Sarcletti <56821677+msarcletti@users.noreply.github.com> Date: Wed, 4 Dec 2024 09:38:18 +0100 Subject: [PATCH 037/123] Learn Editor: Update configure-with-command-line.md --- .../windows-firewall/configure-with-command-line.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/operating-system-security/network-security/windows-firewall/configure-with-command-line.md b/windows/security/operating-system-security/network-security/windows-firewall/configure-with-command-line.md index 61084f5184..85561cf109 100644 --- a/windows/security/operating-system-security/network-security/windows-firewall/configure-with-command-line.md +++ b/windows/security/operating-system-security/network-security/windows-firewall/configure-with-command-line.md @@ -32,19 +32,19 @@ netsh.exe advfirewall set allprofiles state on ### Control Windows Firewall behavior The global default settings can be defined through the command-line interface. These modifications are also available through the Windows Firewall console. -The following scriptlets set the default inbound and outbound actions, specifies protected network connections, and allows notifications to be displayed to the user when a program is blocked from receiving inbound connections. It allows unicast response to multicast or broadcast network traffic, and it specifies logging settings for troubleshooting. +The following scriptlets set the default inbound and outbound actions, specifies protected network connections, and disallows notifications to be displayed to the user when a program is blocked from receiving inbound connections. It allows unicast response to multicast or broadcast network traffic, and it specifies logging settings for troubleshooting. # [:::image type="icon" source="images/powershell.svg"::: **PowerShell**](#tab/powershell) ```powershell -Set-NetFirewallProfile -DefaultInboundAction Block -DefaultOutboundAction Allow -NotifyOnListen True -AllowUnicastResponseToMulticast True -LogFileName %SystemRoot%\System32\LogFiles\Firewall\pfirewall.log +Set-NetFirewallProfile -DefaultInboundAction Block -DefaultOutboundAction Allow -NotifyOnListen False -AllowUnicastResponseToMulticast True -LogFileName %SystemRoot%\System32\LogFiles\Firewall\pfirewall.log ``` # [:::image type="icon" source="images/cmd.svg"::: **Command Prompt**](#tab/cmd) ```cmd netsh advfirewall set allprofiles firewallpolicy blockinbound,allowoutbound -netsh advfirewall set allprofiles settings inboundusernotification enable +netsh advfirewall set allprofiles settings inboundusernotification disable netsh advfirewall set allprofiles settings unicastresponsetomulticast enable netsh advfirewall set allprofiles logging filename %SystemRoot%\System32\LogFiles\Firewall\pfirewall.log ``` From 732a9871f6f0269ff49d683b1318051e7d262beb Mon Sep 17 00:00:00 2001 From: Markus Sarcletti <56821677+msarcletti@users.noreply.github.com> Date: Wed, 4 Dec 2024 09:55:19 +0100 Subject: [PATCH 039/123] Learn Editor: Update rules.md --- .../network-security/windows-firewall/rules.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/windows/security/operating-system-security/network-security/windows-firewall/rules.md b/windows/security/operating-system-security/network-security/windows-firewall/rules.md index 3daf29314e..2d6c97aa0d 100644 --- a/windows/security/operating-system-security/network-security/windows-firewall/rules.md +++ b/windows/security/operating-system-security/network-security/windows-firewall/rules.md @@ -30,19 +30,21 @@ When first installed, network applications and services issue a *listen call* sp :::row::: :::column span="2"::: - If there's no active application or administrator-defined allow rule(s), a dialog box prompts the user to either allow or block an application's packets the first time the app is launched or tries to communicate in the network: + If there's no active application or administrator-defined allow rule(s), a dialog box prompts the user to either allow or block an application's packets the first time the app is launched or tries to communicate in the network: + +- If the user has admin permissions, they're prompted. If they respond *No* or cancel the prompt, block rules are created. Two rules are typically created, one each for TCP and UDP traffic +- If the user isn't a local admin and they are prompted, block rules are created, no matter what option they chose. - - If the user has admin permissions, they're prompted. If they respond *No* or cancel the prompt, block rules are created. Two rules are typically created, one each for TCP and UDP traffic - - If the user isn't a local admin, they won't be prompted. In most cases, block rules are created +To avoid this, **disable** the notification prompt. This can be done using [PowerShell or command prompt](/windows/security/operating-system-security/network-security/windows-firewall/configure-with-command-line) or in the Windows Firewall with Advanced Security console on the 'Customize Settings' tab of each profile. + In either of these scenarios, once the rules are added, they must be deleted to generate the prompt again. If not, the traffic continues to be blocked. + :::column-end::: :::column span="2"::: :::image type="content" source="images/uac.png" alt-text="Screenshot showing the User Account Control (UAC) prompt to allow Microsoft Teams." border="false"::: :::column-end::: :::row-end::: -In either of these scenarios, once the rules are added, they must be deleted to generate the prompt again. If not, the traffic continues to be blocked. - > [!NOTE] > The firewall's default settings are designed for security. Allowing all inbound connections by default introduces the network to various threats. Therefore, creating exceptions for inbound connections from non-Microsoft software should be determined by trusted app developers, the user, or the admin on behalf of the user. From 5b958c6c0b8e0a6288d1d5bb81db7702a24e9857 Mon Sep 17 00:00:00 2001 From: Markus Sarcletti <56821677+msarcletti@users.noreply.github.com> Date: Wed, 4 Dec 2024 10:09:15 +0100 Subject: [PATCH 041/123] Update rules.md Correcting the description for non-admin users and adding information how to avoid the block rules being created. --- .../network-security/windows-firewall/rules.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/operating-system-security/network-security/windows-firewall/rules.md b/windows/security/operating-system-security/network-security/windows-firewall/rules.md index 2d6c97aa0d..97ae8e2f47 100644 --- a/windows/security/operating-system-security/network-security/windows-firewall/rules.md +++ b/windows/security/operating-system-security/network-security/windows-firewall/rules.md @@ -36,8 +36,6 @@ When first installed, network applications and services issue a *listen call* sp - If the user isn't a local admin and they are prompted, block rules are created, no matter what option they chose. To avoid this, **disable** the notification prompt. This can be done using [PowerShell or command prompt](/windows/security/operating-system-security/network-security/windows-firewall/configure-with-command-line) or in the Windows Firewall with Advanced Security console on the 'Customize Settings' tab of each profile. - - In either of these scenarios, once the rules are added, they must be deleted to generate the prompt again. If not, the traffic continues to be blocked. :::column-end::: :::column span="2"::: @@ -45,6 +43,8 @@ To avoid this, **disable** the notification prompt. This can be done using [Powe :::column-end::: :::row-end::: +In either of these scenarios, once the rules are added, they must be deleted to generate the prompt again. If not, the traffic continues to be blocked. + > [!NOTE] > The firewall's default settings are designed for security. Allowing all inbound connections by default introduces the network to various threats. Therefore, creating exceptions for inbound connections from non-Microsoft software should be determined by trusted app developers, the user, or the admin on behalf of the user. From ed9d46c9fb1d059ed927c06e9540267fa8ac091c Mon Sep 17 00:00:00 2001 From: Markus Sarcletti <56821677+msarcletti@users.noreply.github.com> Date: Wed, 4 Dec 2024 13:35:12 +0100 Subject: [PATCH 042/123] Update windows/security/operating-system-security/network-security/windows-firewall/rules.md Co-authored-by: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> --- .../network-security/windows-firewall/rules.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/operating-system-security/network-security/windows-firewall/rules.md b/windows/security/operating-system-security/network-security/windows-firewall/rules.md index 97ae8e2f47..c8d1b08b14 100644 --- a/windows/security/operating-system-security/network-security/windows-firewall/rules.md +++ b/windows/security/operating-system-security/network-security/windows-firewall/rules.md @@ -33,7 +33,7 @@ When first installed, network applications and services issue a *listen call* sp If there's no active application or administrator-defined allow rule(s), a dialog box prompts the user to either allow or block an application's packets the first time the app is launched or tries to communicate in the network: - If the user has admin permissions, they're prompted. If they respond *No* or cancel the prompt, block rules are created. Two rules are typically created, one each for TCP and UDP traffic -- If the user isn't a local admin and they are prompted, block rules are created, no matter what option they chose. +- If the user isn't a local admin and they are prompted, block rules are created. It doesn't matter what option is selected To avoid this, **disable** the notification prompt. This can be done using [PowerShell or command prompt](/windows/security/operating-system-security/network-security/windows-firewall/configure-with-command-line) or in the Windows Firewall with Advanced Security console on the 'Customize Settings' tab of each profile. From 89c95ececa7f7ab08f81b141288344ed6510b0cd Mon Sep 17 00:00:00 2001 From: Markus Sarcletti <56821677+msarcletti@users.noreply.github.com> Date: Wed, 4 Dec 2024 13:35:37 +0100 Subject: [PATCH 043/123] Update windows/security/operating-system-security/network-security/windows-firewall/rules.md Co-authored-by: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> --- .../network-security/windows-firewall/rules.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/operating-system-security/network-security/windows-firewall/rules.md b/windows/security/operating-system-security/network-security/windows-firewall/rules.md index c8d1b08b14..64b6580098 100644 --- a/windows/security/operating-system-security/network-security/windows-firewall/rules.md +++ b/windows/security/operating-system-security/network-security/windows-firewall/rules.md @@ -35,7 +35,7 @@ When first installed, network applications and services issue a *listen call* sp - If the user has admin permissions, they're prompted. If they respond *No* or cancel the prompt, block rules are created. Two rules are typically created, one each for TCP and UDP traffic - If the user isn't a local admin and they are prompted, block rules are created. It doesn't matter what option is selected -To avoid this, **disable** the notification prompt. This can be done using [PowerShell or command prompt](/windows/security/operating-system-security/network-security/windows-firewall/configure-with-command-line) or in the Windows Firewall with Advanced Security console on the 'Customize Settings' tab of each profile. +To disable the notification prompt, you can use the [command line](/windows/security/operating-system-security/network-security/windows-firewall/configure-with-command-line) or the **Windows Firewall with Advanced Security** console :::column-end::: :::column span="2"::: From f4bc28bdeebcf6f19823a030eea974d529cea11a Mon Sep 17 00:00:00 2001 From: prk0ghy <52127333+prk0ghy@users.noreply.github.com> Date: Thu, 5 Dec 2024 12:11:51 +0100 Subject: [PATCH 044/123] Add notice on account creation limitations. --- windows/client-management/mdm/accounts-csp.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/windows/client-management/mdm/accounts-csp.md b/windows/client-management/mdm/accounts-csp.md index e32ee78e33..454e9ea3a2 100644 --- a/windows/client-management/mdm/accounts-csp.md +++ b/windows/client-management/mdm/accounts-csp.md @@ -68,6 +68,18 @@ This node specifies the password for a new local user account. This setting can Supported operation is Add. GET operation isn't supported. This setting will report as failed when deployed from Intune. +> [!WARNING] +> The username is limited to 20 characters. + +> [!WARNING] +> The user creation will only be successful if a sufficiently strong password is selected. Special XML characters must be escaped, i.e.: + +| character | escape sequence | +|:---|:---| +| `<` | `<` | +| `>` | `>` | +| `&` | `&` | + **Users/_UserName_/LocalUserGroup** This optional node specifies the local user group that a local user account should be joined to. If the node isn't set, the new local user account is joined just to the Standard Users group. Set the value to 2 for Administrators group. This setting can be managed remotely. From 9b587a3d306d896431e20734cfdbc9f7549fe4e1 Mon Sep 17 00:00:00 2001 From: chrisjlin <36452239+chrisjlin@users.noreply.github.com> Date: Thu, 5 Dec 2024 09:08:04 -0800 Subject: [PATCH 045/123] Acrolinx changes to Troubleshooting --- .../deployment/do/mcc-ent-troubleshooting.md | 27 ++++++++++--------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/windows/deployment/do/mcc-ent-troubleshooting.md b/windows/deployment/do/mcc-ent-troubleshooting.md index 5b8182d820..53ab7f2836 100644 --- a/windows/deployment/do/mcc-ent-troubleshooting.md +++ b/windows/deployment/do/mcc-ent-troubleshooting.md @@ -21,15 +21,15 @@ This article contains instructions on how to troubleshoot different issues you m ## Known issues -This section describes known issues with the latest release of Microsoft Connected Cache for Enterprise and Edcuation. See the [Release Notes page](mcc-ent-release-notes.md) for more details on the fixes included in the latest release. +This section describes known issues with the latest release of Microsoft Connected Cache for Enterprise and Education. See the [Release Notes page](mcc-ent-release-notes.md) for more details on the fixes included in the latest release. -### Cache node monitoring chart in the Azure Portal user interface displays incorrect information +### Cache node monitoring chart in the Azure portal user interface displays incorrect information ### Script provisionmcconwsl.ps1 fails when executed on a Windows 11 host machine configured to use Japanese language In the Connected Cache installation script (provisionmcconwsl.ps1), the check processing is executed until the value of the last execution code (Last Result) of the installation task becomes 0 in the following processing. However, in Japanese OS, the return value is null because "Last Result" is displayed, and an exception occurs. -As a temporary workaround, the above error does not occur by changing the language setting of the local administrator user from Japanese to English and then executing the script. +As a temporary workaround, the above error doesn't occur by changing the language setting of the local administrator user from Japanese to English and then executing the script. ## Steps to obtain an Azure subscription ID @@ -50,7 +50,7 @@ If you're encountering a validation error, check that you have filled out all re If your configuration doesn't appear to be taking effect, check that you have selected the **Save** option at the top of the configuration page in the Azure portal user interface. -If you have changed the proxy configuration, you will need to re-provision the Connected Cache software on the host machine for the proxy configuration to take effect. +If you have changed the proxy configuration, you'll need to re-provision the Connected Cache software on the host machine for the proxy configuration to take effect. ## Troubleshooting cache nodes created during early preview @@ -62,7 +62,7 @@ As such, we strongly recommend you [recreate your existing resources in Azure](m ### Collecting Windows-hosted installation logs -[Deploying a Connected Cache node to a Windows host machine](mcc-ent-deploy-to-windows.md) involves running a series of PowerShell scripts contained within the Windows provisioning package. These scripts will attempt to write log files to the installation directory specified in the provisioning command (`C:\mccwsl01\InstallLogs` by default). +[Deploying a Connected Cache node to a Windows host machine](mcc-ent-deploy-to-windows.md) involves running a series of PowerShell scripts contained within the Windows provisioning package. These scripts attempt to write log files to the installation directory specified in the provisioning command (`C:\mccwsl01\InstallLogs` by default). There are three types of installation log files: @@ -79,12 +79,12 @@ Once the cache node has been successfully installed on the Windows host machine, You can expect to see the following types of log files: 1. **WSL_Mcc_Monitor_FromRegisteredTask_Transcript**: This log file records the output of the "MCC_Monitor_Task" scheduled task that is responsible for ensuring that the Connected Cache continues running. -1. **WSL_Mcc_UserUninstall_Transcript**: This log file records the ouput of the "uninstallmcconwsl.ps1" script that the user can run to uninstall MCC software from the host machine. +1. **WSL_Mcc_UserUninstall_Transcript**: This log file records the output of the "uninstallmcconwsl.ps1" script that the user can run to uninstall MCC software from the host machine. 1. **WSL_Mcc_Uninstall_FromRegisteredTask_Transcript**: This log file records the output of the "MCC_Uninstall_Task" scheduled task that is responsible for uninstalling the MCC software from the host machine when called by the "uninstallmcconwsl.ps1" script. -### WSL2 fails to install with message "A specified logon session does not exist" +### WSL2 fails to install with message "A specified logon session doesn't exist" -If you are encountering this failure message when attempting to run the PowerShell command `wsl.exe --install --no-distribution` on your Windows host machine, verify that you are logged on as a local administrator and running the command from an elevated PowerShell window. +If you're encountering this failure message when attempting to run the PowerShell command `wsl.exe --install --no-distribution` on your Windows host machine, verify that you're logged on as a local administrator and running the command from an elevated PowerShell window. ### Updating the WSL2 kernel @@ -132,21 +132,22 @@ You can also reboot the IoT Edge runtime using `sudo systemctl restart iotedge`. You can generate a support bundle with detailed diagnostic information by running the `collectMccDiagnostics.sh` script included in the installation package. -For Windows host machines, you will need to do the following: +For Windows host machines, you'll need to do the following: 1. Launch a PowerShell process as the account specified as the runtime account during the Connected Cache install -1. Change directory to the "MccScripts" directory within the extracted installation package and verify the presence of `collectmccdiagnostics.sh` +1. Change directory to the "MccScripts" directory within the extracted Connected Cache provisioning package and verify the presence of `collectmccdiagnostics.sh` 1. Run `wsl bash collectmccdiagnostics.sh` to generate the diagnostic support bundle 1. Once the script has completed, note the console output describing the location of the diagnostic support bundle For example, "Successfully zipped package, please send file created at /etc/mccdiagnostics/support_bundle_2024_12_03__11_05_39__AM.tar.gz" + 1. Run the `wsl cp` command to copy the support bundle from the location within the Ubuntu distribution to the Windows host OS For example, `wsl cp /etc/mccdiagnostics/support_bundle_2024_12_03__11_05_39__AM.tar.gz /mnt/c/mccwsl01/SupportBundles` -For Linux host machines, you will need to do the following: +For Linux host machines, you'll need to do the following: -1. Change directory to the "MccScripts" directory within the extracted installation package and verify the presence of `collectmccdiagnostics.sh` +1. Change directory to the "MccScripts" directory within the extracted Connected Cache provisioning package and verify the presence of `collectmccdiagnostics.sh` 1. Run `collectmccdiagnostics.sh` to generate the diagnostic support bundle 1. Once the script has completed, note the console output describing the location of the diagnostic support bundle @@ -162,4 +163,4 @@ If the issue persists, check that you have configured the Timespan and Cache nod ## Diagnose and Solve -You can also use the **Diagnose and solve problems** functionality provided by the Azure portal interface. This tab within the Microsoft Connected Cache Azure resource will walk you through a few prompts to help narrow down the solution to your issue. +You can also use the **Diagnose and solve problems** functionality provided by the Azure portal interface. This tab within the Microsoft Connected Cache Azure resource walks you through a few prompts to help narrow down the solution to your issue. From 3d286ca6116cc89b5f67e219cdc5016e9cdbe343 Mon Sep 17 00:00:00 2001 From: chrisjlin <36452239+chrisjlin@users.noreply.github.com> Date: Thu, 5 Dec 2024 09:11:36 -0800 Subject: [PATCH 046/123] Acrolinx changes to Monitoring --- windows/deployment/do/mcc-ent-monitoring.md | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/windows/deployment/do/mcc-ent-monitoring.md b/windows/deployment/do/mcc-ent-monitoring.md index 9a4894896e..08e45da417 100644 --- a/windows/deployment/do/mcc-ent-monitoring.md +++ b/windows/deployment/do/mcc-ent-monitoring.md @@ -18,25 +18,27 @@ ms.date: 10/30/2024 Tracking the status and performance of your Connected Cache node is essential to making sure you're getting the most out of the service. -For basic monitoring, navigate to the **Overview** tab. Here you'll be able to view a collection of predefined metrics and charts. All the monitoring in this section will function right after your Connected Cache node has been deployed. +For basic monitoring, navigate to the **Overview** tab. Here you can view a collection of predefined metrics and charts. All the monitoring in this section will function right after your Connected Cache node has been deployed. -For advanced monitoring, navigate to the **Metrics** section under the **Monitoring** tab. Here you'll be able to access more sampled metrics (hits, misses, inbound traffic) and specify different aggregations (count, avg, min, max, sum). You can then use this data to create customized charts and configure alerts. +For advanced monitoring, navigate to the **Metrics** section under the **Monitoring** tab. Here you can access more sampled metrics (hits, misses, inbound traffic) and specify different aggregations (count, avg, min, max, sum). You can then use this data to create customized charts and configure alerts. -Between the two monitoring sections, you'll be able to gather essential insights into the health, performance, and efficiency of your Connected Cache nodes. +Using the two monitoring sections, you can gather essential insights into the health, performance, and efficiency of your Connected Cache nodes. + +You can view more details about each cache node by navigating to the **Cache Nodes** section under the **Cache Node Management** tab. This page displays cache node information such as Status, Host machine OS, Software Version, and Cache Node ID. ## Basic Monitoring ### Cache node summary -Below are the metrics you'll find in the **Cache Node Summary** dashboard, along with their descriptions. This dashboard only reflects data received from cache nodes in the last 24 hours. +Below are the metrics found in the **Cache Node Summary** dashboard, along with their descriptions. This dashboard only reflects data received from cache nodes in the last 24 hours. ![Screenshot of cache node summary in the Azure portal interface.](../images/mcc-ent-cache-node-summary.png) | Metric | Description | | --- | --- | -| Healthy nodes | Your Connected Cache node will periodically send heartbeat messages to the Connected Cache service. If the Connected Cache service has received a heartbeat message from your Connected Cache node in the last 24 hours, the node will be labeled as healthy. | -| Unhealthy nodes | If the Connected Cache service hasn't received a heartbeat message from your Connected Cache node in the last 24 hours, the node will be labeled as unhealthy. | -| Max in | The maximum ingress in Megabits per second (Mbps) that your node has pulled from CDN endpoints in the last 24 hours. | +| Healthy nodes | Your Connected Cache node will periodically send heartbeat messages to the Connected Cache service. If the Connected Cache service has received a heartbeat message from your Connected Cache node in the last 24 hours, the node is labeled as healthy. | +| Unhealthy nodes | If the Connected Cache service hasn't received a heartbeat message from your Connected Cache node in the last 24 hours, the node is labeled as unhealthy. | +| Max in | The maximum ingress in Megabits per second (Mbps) that your node has pulled from Content Delivery Network (CDN) endpoints in the last 24 hours. | | Max out | The minimum egress in Mbps that your node has sent to Windows devices in its network over the last 24 hours. | | Average in | The average ingress in Mbps that your node has pulled from CDN endpoints in the last 24 hours. | | Average out | The average egress in Mbps that your node has sent to Windows devices in its network over the last 24 hours. | @@ -79,13 +81,13 @@ Listed below are the metrics you can access in this section: ### Customizable Dashboards -Once you select the charts you would like to track, you can save them to a personalized dashboard. You can configure the chart title, filters, range, legend, and more. You can also use this personalized dashboard to set up alerts that will notify you if your Connected Cache node dips in performance. +Once you select the charts you would like to track, you can save them to a personalized dashboard. You can configure the chart title, filters, range, legend, and more. You can also use this personalized dashboard to set up alerts that notify you if your Connected Cache node dips in performance. Some example scenarios where you would want to set up a custom alert: - My Connected Cache node is being shown as unhealthy and I want to know exactly when it stopped egressing last - A new Microsoft Word update was released last night and I want to know if my Connected Cache node is helping deliver this content to my Windows devices -## Additional Metrics +## Client-Side Metrics Your Connected Cache node can keep track of how much content has been sent to requesting Windows devices, but the node can't track whether the content was successfully received by the device. For more information on accessing client-side data from your Windows devices, see [Monitor Delivery Optimization](waas-delivery-optimization-monitor.md). From 74f2546b0fcd507c15b12e06bc404aeec23fc9f6 Mon Sep 17 00:00:00 2001 From: chrisjlin <36452239+chrisjlin@users.noreply.github.com> Date: Thu, 5 Dec 2024 09:23:01 -0800 Subject: [PATCH 047/123] Add cache node details in Monitoring --- .../do/images/mcc-ent-cache-node-details.png | Bin 0 -> 18830 bytes windows/deployment/do/mcc-ent-monitoring.md | 18 +++++++++++++++--- 2 files changed, 15 insertions(+), 3 deletions(-) create mode 100644 windows/deployment/do/images/mcc-ent-cache-node-details.png diff --git a/windows/deployment/do/images/mcc-ent-cache-node-details.png b/windows/deployment/do/images/mcc-ent-cache-node-details.png new file mode 100644 index 0000000000000000000000000000000000000000..f73bd2e006e061aa96880bad4e6a4676b89214eb GIT binary patch literal 18830 zcmb@t1ymeew=IghyF*BDcXtbJ2{dlO-Q7KCfZ*=#5Zq}jIKkcBU0;*$``vE^5Wv8|kflG1tAK$)E`Z*b!@+=FZR>2IL4Uv< zRis40D#wTpK>t9QipYzAfz`wyJ{!D$2ygdU!x0P&hvNMgTw3MRIT)DqM`>}9FK)Ug zE8cEjcG|ffnFZ6b~v zD7F5jZyi^|x)C<gwAv^Gi%5kp)U>x;`6>CuU< zr7k86Z`Ylpj-$wI`>M%kYQyQ8_uDB)UI=It7XN26J&^^%|NEYu6{$8n?C(|^B*KaQ zcT-Me9;77yyA8)FFSwmA98Jc9`SFda<41(Cavp97uB?eE;#j_sLL_$Fs?&GAXf8Xg z;H`KiEbn$~75f}`uhcW#;jELEZ#hl>y*4#p?Nt1W$8|n|8D`W>xNpt+)7u_YBq^q^ zrq6|*Sd;rD-j_CJKPnHDts zPO5&$tTMb#lEgP{&VO+lfW1#zBjHp~IG|cT*~H0V5*jh;Vgqt4*I)x@ILGqqIN z&-8YlQ$y_!>2_dqkxl?K1s(2Ya61%%Bp%ee=*= z`PMxbIn8LiV_EO`Rw1xYy%aJmj?Dkp*GbutfyZ-sRDX1tw~lW1soVq}rI(#5_~V7m zs7N$cV_@}`0;#NewyRbns7}*z3l;>KZt`gaCRI>v0-SWkY_C3o7Yn2!Yx%qKqv$ZX zPu+yA`l8eEt4`j|jx_C+^*Ak!&v>h;Mqu8YA9#S@2wZPEOmz%9oqd$A@=4+IJ~!iL z1d@1PaL@3sRnY|+2t|!V&n&?zZUCP*-sqEd9!FTtC-;Cu_{}S?cW!&*i%+um9S}l2 z<*h#cuB#8wv^(Px!vSu}!;MOUYx!9}l7AY&i9Q7zNA3+ln+$t1<@LhzzsR0=#!ueS z40*w3b`sVlzQLeH^Ti%=|6K_?(V+1=GFBt&aE(fp;I#qaw+@8H2hwa$x`9uHVE&{z zwU&as39Hid(*b8|!S$=Ve|%#qcR=eUIlxnQHL%fPow5kkw&R9v8HFZUrjcaQf6cm= zZ|ADO7-KQqTFK+V%MDGmi|`)ZgdsG+<$0FGiJM{3P%FtGO(#V+sM7Rjwj~t_y631m zB(ga~?UH(B_m>zt>8ecyeup_G=C7kz=LSAWVu*%F13B2^>j$p&1*rVKTm(UPMOwG? zk=NiGNl_#mJz1B$eo2`x$iv4fkFHa9#!vXGUME@h)ADbT(ZA|}S+4vae*0RYu6jM_ z%1J-s6L-nFMrhz0_R8TY3L(~aG{D++G{6|2J(E+hei#EL*p3g#YyFb;w+&e<`gSGX zd}iF%{CEbwVz20x{x`fi$OA=gGj_|)r+Mb6yjILRFkDlsBGW2=nkFMW-;^X9rWdLP z!M;i3E}kB0zu$QV6U&=f?l+*f9??@ zmx2O$WYL+5hlq}F1Wp_Bo%hPNm+;GRoUf!R^Ucxc+Dvl(`COtsKITsT1uxv#Duv+d z(J-MH4Bsr)48^$Pf7eecX#HGmj=$LZ8}RCkG_bE}jQD;m7nA#=6T-L^05dd~mqZVz z6n0ScGqai%`^A?rfa0rHrBWdF!mRP4&q^(l&c2jykFJIPiK+B7aEk!GP}45{QFr+mfZWzo?z)fHP|>RwZOMD5zpv1Gb!}@P@X0D zF40t9d1N+!e@OEC&HjOkAtv|v^Gfma733i=Z@S?*mZTXJi+{o_<7t`!zZ-_dVv|9d zeYcS>+*vU`6wv!v>hot@*zF>#h$?!1`zKP{(OxDOl+8gZ(?|(vV!;P!lD89s=a@IT zaX`ZC3Ef<_)e)Ph%*#T1)pphocK#1(B{$87QF^Zs)K86GB*wSi!(M{Yx&O^#ATi(& zDzjtc+^_gfukRzgCpc)a&<{=5uboK=6&jXeM8Y%{><=l_kmP})6zs5XAk3Cn5-3P~ z1YZ|=Bf|0cj+$L0doYx!5?f%u;c#%pM2S3$t=b_#`kA+bmzc-e>wzh|Z%E~1H|vLa z%mK=gr{ZYXBvq%M8uqZeNpCR7G$e)`D$|!tQV;T5=P_w-hV(LKW^l#cH%#}iN8DcC zhJ^>4g$d^Z!OhRPkd{=q)g%R-*2CV5kj;wUd)sVpK^|dI$p9~@zF9FGo1wB zmpdF#dHbB#STXCKuP%b*4+IjY0!>#oML&OrOw8;mXHZ`Vz7|5f`QuqL>Bb*|iL~ew z(&(^p2J%Z()eGC>A1obMQK1=|YQqj?)l+*&Oc3i93e70*`tC`0Z~F0o4j583?FFqx77Qm`1yO5cml=$P!?jq zEc|n%xJD0I+CK#(wX7sEXag6f#$rwUXF%vW81y(1_ETZS|EVp}Gl&Z#{E-7oZf-ir=94`z2Y$`#XuoBq#d`=W82gB{g3xsxhE zhquW!WKw3KypU}O zlLdWtCo&K(L30dxp$PWbtb%Uf*cPkXf+pZ*)`5SP!z}%TKVI?62$9?CH)`{$fIpj} z!a@&3BMmRoCs*S_1MPRK5&Fzwq;K~F^KI^R_Bgo_tKr^+6HWVSzw1BGHKwdt0d2s# z$RHHydyWU#+R#I|vKya$++ZW2#Y>P+%_Oaxv5El<(=47p5DD*y6PQq`Teq;M7*?M)De9st(55^b90jlI2H8uh>?p)~ zo8a=xR~c42VMAyw7gyBx>Y9Y+jYTDT%7G~uoz>m-+Lui|ehHpk>4Cn@CM`?AnX+9* zFb%aU;A=t5d@4wMNV!rY&(1_ILicvZ-yMt9G}&dmGPEtN>)-X;+UMn8BwK1a^cE*RI~PcWKwOsqv~fNJkMQJ2?FYMAndgrOx=>4^@kTPdWA z=wur}zjyyR^LQ7frTo%F8i=nA_j*D4hJLr~h}v=2eg+Q4*!k@6ywv$Z*l4v7P+7^i z(w61(NP|Meot-A>qzre`bIKMBSgt2(B)t0JyJcPcaDnk#5@{9Mae@G5LK(HJ04_=Z z48}_|X58tw4y7-yr*<{t4LDq`vo3l$Vp|x^+75}aQHa`pF=~`UYJqde#^UFs5XI+n zeqwQ-9SXZ?JKS!~W)u~ZhWhAcMOd~{ zT%Ifd@&M8UL8`&Zz!%*p{CQ}-7(4HmJkks*x#DI^$>AHQ)bIK_>!L?feEJPvy7|D; z=i3Py9CUtrSn}{c1$m@7R0uf|`8Pi8fTFxf5>uf1sN4_Lloi4m_NSDeqw^W13hpdM zku1+IEO=~!qz@0204tOkPTPLUBiqE$u!Fxq>*t^%EMjdg|}6Kgghd0U=W9u<1KWKS1ZAJ4rO@}jT*3l_tkop%@lB})-_P8zvrRuc@JQ9K@G^5|YDDdCP zgGnhG3{NGY-}jQD*)7>y4delu-O=uMW6;eSA*sb*WckqVzsjeAQNx^xG2R3DHlBJ( ztDh*Sggw25663+?&w+P+tMW6hM~y;M>mil**!w`x zkw4evrp_t3cHCv+-$j^wB4^5I+x?Ci8BQv@vQ zxPSHBZQg1&@=)Tn-Dt9rFH+x8de=E?=xRL~`grxRC6%?KwH1>JfhhSY3h7X3Lx)?t z0l9m^WJckjf4Ie&+s-r13Dv9v*(k=mj`sH5bI+ID!*gfC>vvj{+}5a?xLo?vBG#D` zmaY1)DcWz|a}fit>H*%JSj<4Y*VlZ5j;GGvXgr8ko^0xrbog4M7ZETv{RTW)EXw&a zEx3_{3p}o|?+&5Z-1bNV;7Bg+8-(=T!+IP;4Ecx~Tr9Nq0+fM z@Pv^v-Z~JeU3+-=NR2K{)@?$u&+iI}KC;`4#azs%lkuZgOnbOv+qQj=3Z$HQ`^ICU z_~Uk~CS+*_D;IDlc`RrowS|djFg70AY{7%GR!r}Oatn$=s@#W3Mz>g)Ccae=IADpM zsY>2Pg1^81qy|Uhv%?c+;%w)K8+nm0=8Wl14hSx0gf{F{Y%q<3$E! zIxMSFd!uYA*3k&~NnE8LT!30}x8}dJ%g_sSEznv@Zu5#HMP9$O9~@6o{ZPadG_4k9 zzXkl**#*?oU>`6G)9*hCSy#r+EJw-suCe~lOU1T-v1tBi6o z50l6PqpwbmqUcJd+i~1S@(a+kT5g2-yVGPUdsy8m?ocj!12Rrpi2(6FE@dTD5{0sW zod?(WVew#oODjwU4?^=E2jp@`0p={YaYwtCr?gn+DjI;$Ypc-9+?Z_6^4F>MTRVtJ zve6`A0kWr~~86)t#*bbeR$BY&oB9ZJv|3g@p7f_9Z`xtOE@J zRbONV)*Tuo7@nTu50guf7(9Ya9(q_F9jrHnvAWrW2L+^7eo+uV8=@o2t|HA;u7nF{ z&1HMYftBIR9C;8qMW6NqN!L&Z(s_~v@<=}VQg&jGnW}gDEJrNbN{dWWq%pd|v#pS= z=!wC5NGbR_5OldkCY{L|AsoBaZ=u5R&jqCf>e82JhqnWVNhUvkYKAE+<1_B_BD5jI z6z z(I=8cvPFmni3Df>RyZ_=FZ(%>O@z~AIb7~2OdF`qyE=A;+!J&u2#J?tCmRweWrj9 z){E=wWPUVFjHJvd2>z~bkzpP+{88gGZ>GM!D#UdLG|YKuU6G_`GiOVQnp^4O2|&C$ z;usq@q(-*Z>KZ;}XDYbyT#0ic=j@Z8qj1MMsG;_W;xm>*WKJ2_yTRv9XT6yfWp+!R zx-*R?_gIcCZoiw58z<4N+{}|c$a4kky(W<+8%u?sYRDMH3bo=Ksm+o5+Cg%*e@FzC z|63f)Ix946Z2EN2qP96! zRw~@Lcy*N{{LbJHxBJj9-0B1>wlX@=Vw%hGj*F!pa!ss`FMHQ^LaSDSfk}qkUY|=jqB||< z6-ZZt<#iT=B?zQ;rA7jEj|G{-=Ce4v>UflQzJ3c>G3XEX)e9eJA;%+1NYq;UVZ$@j zbV)U#LeN);vH{`xBs#M_Q2nZ>W_0H-g4FRutJZiT`s#|?<3pjJX)Pw`W%lxebg~=I zMd$@?wnPANVJ+*+fR&p~V4eg2ZKXHV>Iw@I3JN)a84&o!JjUe}ibC9@_j-xD_08*Y zh{|m*!!f%<9s9agCrZv=V;rqi=pftAn{*|v`^?ve zkMynVie$xKMcD<-`qxM9@)mc3t42_L=U~b;m7vF4)ymzxST4c)bRBYPRzg?KPz=vk zblqlM4DFoYP4dIU!dT-D36cv>6JjrT;q)6vQI5T_(@+w!w+XwF@qcw)4*W4Ys_Eg> z`aT<~&O~6dVv1ySb=(z=Q+^D7?8+2W|Hq)xR3B2U;iPAssw>&DDoMp*D#uHgY&>g$dW&7t_|Em{Qy zdI9XWa~e88HKGSIt@^Or*iNtsiB9jk!S@~Bnj3qL+n z95&*lH`4cfHsV|c>rRmZANrT0rI?eFNT|XLYQTqY*6#5v6XKN&RlS%+Qx|4hL%W&|y zl_!3~CE%n68WYX)zQq9Ut!Wq~eE-szl@*a694BJp3@Yq_R>QMX8 z=o$=Qz~oYpm$s+51r|b<5c2y&Kr6#%#Wd3U15sYgRv(oi>KgN$(y!?0ml=)mh&OFsNMDgMg?KLte#@!yz_SiS~o5z zW^d0@*|dqURsIiyz{61FQF}1OZZSiRg^j%t!PL`rp`-*6tPUp)bDKG#+5n}m#`OOjM&44KkNkggJ8U4X;$I<;n(hA=dGlY4 zQ1~O?0x61*KK;jk4Kh&r4@X4K%O{6R_0R6%|1}BpU)T9xGfU>aJ!N@Y9QE$}+#c7( zHPj#7-QCUXc$GEWlWP8DUiNcA^h)MchHdY3BTRpPKQK4)`sSv4p&E(L=ZWuMvJ8Dv zg2KAxelkx=ibx+)*xvpk%(MGn7chP@f44aI_)sG69by6xQURXW?}!o~aSWuIAeOEZ zGb_B0W0(kZU@oF42$M>{Lym)vDqV_Fjo-JY&<-V^)rBrA`0Un<#ysXUD>H$CkXJCn ztz%TW6uF+LnH&k7AaOv*7v><5T|#|zM5L?`U)etEX!kO@d)Ei}rE~;KbBIQR?51o@ z6Y$5uoZVy(5bKQ=L5i|fA_hFru-g{^kVfmL*+0VFxQ4PE1_uI%cnp>hy{lbFAroGl zIzxRxq_PuuZBKv+cbyZYJaBW-U!OV>^m9^4ofvr?BEv(jf$IGTM9DqgmoUoxe&dJx zr>$e6d3KAHokW(2!|zLAr#N^v4%$ExO};w@?5_*s8W&WrpGW9lDm!U@RfXw|Km3W{ zV4C-PV^|OQx$QiAEib8%2k%V0_O%yTm9X3jSW}9)P|5lx0FjzzO zv`Gom`Oy(cvH7XmEz91+L3Iz?V9*(|kN`1kKVbX3Tq>va!;n0nuyw(VYvOE=B3yrXHsJ0)l+v$l|MZyollH^yiZ-C3L|s?q(0$HYtU~FCZn-5by{)aD!B}T# zEuPypo906POK15jC9O?sivW278ffNoW-2&|V8sleTGRCXA;);*ovIu-^Xw|L8)qZc zil)vn16@S~$Pz~*Q2Pu|NbZrQv4)1}rxAAE3Klyk7d*z8*bopSr!f%urz2zS$^As@ zurkvQIgfgwicIBR!^TjnfZ9Z74f=b2{|8jvC%y`=5lmV{N$_o z%Fmt6xyq9}G41AW7}fHa+=HKvw29n!^iI(B0b5R)VIO}1LLr%eL$RCxuHFym+UyK^`OI1QUkJsfI+^@d0S& zfRa%cDrrI&s_=nBIrU|?sTse^BW-oAN^)W@{lphg&?gf;<+u!G5tRE~F58f^vqF+o}814l4C!m_i@Olx*kJ7BsM}|g2twu#x-@5fx_hfcKd&=QrkW6<0&GzkJ6m`n4!?eT2YKT#@ct{e(P{<<;&P22V zOmR!Xb@*U(q>9kIJVC)N6OhlFlVn>d@2m66L@hoa*+9%#WjP`H`;9Z{Nx|j{|G@rH z{Oqb&WOp*6-?`tzydG@YiRP4phQnfadJt4qjAsHCcKv~Ul%5?aO^F+MktYDJZA^ii zzd`A-fFpdwYSh5WRb$6M!)9K^n)Gu^=9j*srkXvqxw0i4@GMOev)EfO5?3Wn0}%$! z;Mrbq*xBHo`A^GNTQ|A(G}V<0jB;!_F0yz>wBQ4aPzSpLWs|(}O^Ue5%6N%^-z)ES{p6c-6earG6LACO(#RD~(7#-b^_F5q&VDg3(Elc@H zOgV@t>INfMrL+EaMA&(%j2n@+^R*KvY;C(koMA{x(qYFT)cX-Q=#8Gd)&ZgH?i=F6 ztf8f|563B&R48>u6czRQ&HoIFf14JlhN#~>9h5_b$U=H?w2ENti(+_jsMzr0UW<0c zf=`&q-YtM$tnr2a63cEy5V8_C{-jQS3VGgxYW+}W`;g)4HErDem*t6D9X~@ zthQ%!rlJc*1+jG|wH@jx{+e+llB)xP4dG{Ya~DeJRH{{5c ztGp`GX~wc0kmzxbCh-ky3hz$Nk|7B$qD=lJ(#jZxY=LE#C1-Xz=yMvbt_~{tq@6~? zDt$tivUxeu(@uHfXozL_M764ZXx`^a{US>^_B8akHzwo7FU7_+W?zc!ik6sKl%O)r zIlp~LQED}YrMJEm$gRLz+96}ciL!m=P^>F`LuDWJAJ5TYlPDR!ja&|?{ zx8)aw3X(XpV`l>vdSa3aLH70FBC$u?mT@JbrxQ9tgAhFo&;-YXJn1s{r3;-|07R*# z?@~_*gAmn?{x});e6s?us|le34a*2VDRzn7*1)yDpg)4kWvGXRQVvN>SBXZ|4sJ8` zI&4P-Z6WBVgdtzv7LGNErYX)LW*m#yI84!cR{9!}92wa2-=5rzCwYjO%0^(%J5r+0p{DRFtG4>qd+soMXZ%!=%L z*djvJ4OW5G2Q}bGc*!!1=~brF85Nc!bN-i!o$pPw0TUEI88an8g9VxoVa@dLRNz;j zv7v;GMOU&Sk!{;>erxzde)FXyat^-cgVLbY#nW%QnS~9%ORhN19{jrqMy&R8XKJGw zV@TaES_Ji(dZ_COfn4z#M~Z6VcO&hs0*v(CkA3YeCBu;_Rzf!(`LOD=cMaQX@V$2; zK9mtyfH4tEKr1Sc!=xyiP_=?xrk<;7Z~lj&9tLxvqZqsw--gnx-fRg+5AKX%{DrQr zQiQzasM*gzhcZmN!IB#qA+h~|Bfb`lg4!5u6qp5=c%Xivy(a5i48HE!={6H0HXMt- zKtR;+wlo)66CAbrbYnc)o#PZT9Ie2bB93{tCj_D1WWcs^RXT(qca)D@msn-EpLQa@ zTV^Ekq09GB(tDJ>c|!=2T0NM#BQyfquzgz@1wy^td?yiwpR)z5lok|YaZ?D~J&*Oy zMoj*ojBu~k`%4ecF;OmV=AzDBkX90BtsZYGulP}S%M_j~*TD`%= zxGW3Cj)d&_`Q!>j$>~FhG~QWl`1Jyo`I3&R@XS9L`B^Phl5A6^zEkS@0A#0;gMM_Fe@;|Qei5gCNTZg<8DH-6bH@|-W+EDf>Q31 z2T$Tog7c|!Vt2*SAVTucM)X_BtO~IOnr5?Xk`XkkZ;P7+g&BN>R8Fk!X-cEm+M%v~ zD5T(h;Q<{d?S(1tu5-_12H7b6ilyZ! zejD&`(1dJL&(7_Hj4K{@FUeqjY+@2+oGLnF^P`fdg!Z%)i2!1Bx;(7j9qotb1t@+U z*lvjt90Vj$=gC;~onVE~-t^3UfHk;$sg);Ys>s)pHHz#PcGf9K=lG+YkxT!ot=RGM z##w$7CVKj(M~seeqLdx)r`jj)Ouu^4aMen-yfY2d5Ep%kAM7xE_KN(m#~KWctf6+D zKRjD|Q&7(k*#CUYg*uQH5<3v^2sT2uyo1}?=!XqF^ktx!ULzmxCVPtHzr|J2zuO$> z8lC&>zn9OF?7ppPl?XZZdfM6JES~B7__dhll7-}}r#I^6JcGju}e*^h!rMJbB9bh)}nMN{W`=9^t!%V z*;xZ*qO(=}r46r{z|ORySY~#{WTQp1s=C}pEh76FZZ=A2jr_NzCC**@ry-UOJg6IF zWEx;6)hG5b00XkHSp4EWu~};1thob1Rk{v~D?ot3iH4ceLW5xnatK2wRE17N))g~W zIY##}L^!@30uB-TWeNc+BoN-SWnXj_QBNvBSpH5M?VznsbBE-kkgcfsx(-4)n_&Hs zRl)M>AV9nSeCR0ch!gRN-rKbv#`1%};yl?2R5}gtn`yrvX@^}v7Bro+QEQ%RtJ?3Q zpgg`m?HULHn7#w5ULnvXK|w|=bLu&SsJ@MV8wWt@y~zqICaAM(fZH9wsu#MP=e1{S z*Ul(Z|C?3$uDa&+l=-*AxmB|x`Qhp-T$8%Okl-~*d6`gR;Cjt`3*1!T7%0y(K0!FU z`k*AWw83|~V{XnOjsRwY{Q4Df3|~9K5`f5q0^?JSkFCATq%D&3zXAcz=hEi*?lMHq zZ=ig`zt)JGUldJefrD+-dmRX%&o7U7f;aZ1)QvKW3(d0j%t5V`o?_kfDO@qVXxF4P zq{|P@w-$!V)Aer|pYrNi`v>7eZR^Hn=)9~LBy7=X`pNvW(+QE(|%=RyRfIj)~qmioh{|zEjk6hEtDydcl|EGm_PigT#9T;J( z@tivUwkU+L_Wox#we0_d$qzw|4ubZ}0Lgz$74PlJI{ydclMiG3Z}w}%)eCL>nY8#@R$K4{Ag?AXXnl+E^iz8fAnOGKaBm_FxLv)+%z;&mIV1{-3kyw-1(C6-)RAz z=l#jNk0{mP*-cGueeLW28jKrP|K4GuvklW$+}MQ1tdInq`dw*-giYbSkvSLY-2pmi zhUbjM0j^!#?YL1i5ZfCO-L2Vw$pI%Ccy{dW#Tm==^dBIwN@yGw#%Ll?iN5v`WBB&b zp$nSyn=NSS^K`k*(!Fdz^EDg#ao!|7lVVACKd|8`*`5{D5L-<#EFRXN-rdrLxH3bM z#5+1mBw5`oPERo$pv$hQ!nOV`6gLbqZSh#JuS+ygygttkF2(Bs9}G{vE;i11#}N?x zIXILx|1H<9Ff1Za36-_SEZB;*mvTxZiv*8OPr>@o#v#?c|`lPPsmo&E}gvC8i` zX_gW=%e<~-QO+zL^u1^~FOzJPe^&QrErk4DR>g1s*zu~eXNfyle>%q2*C{Q2-E@n`kHXGS2T}kC%NDj#G%bNn^hBvtOOfgi@ z;c3Q*-Vrg#77YY9cOY1yf^f@8*Y}s3%bO`s{2OMy^!WmTGv_crRT1x?TB3F54)YJ5 zZ@E@){j#S~-j3jS$JcOUQzFoMR7CXqsgR@Fke-j!L%X^Wdt@z~Ip71A70_LhZ1&WD zocjVJR#oKo`M?O>)A7lRHttG^Qob%>GPTrv!r zXRMlATKaB}2bg9^lq?nS$nH+P5~Yxu%BfHa`=4_d^+BLagT4+Zt6~mXCh5wfClo(o zYZvw>jwUDdvVdlT=|lxwfO!f#%9ukFZ3v40fd>_H-0Q_iu4ul^u%YmM+1 zr3jo4=QTfh{9Y!5+5;O+4hX)Q(W50FE*CQ>z0&&UVT6hAT(y8OQ=mf>TTbJL4i<#i zF`@BSO1JG7nFfUxW>D2HxuMD8hgFAp-CG-%W!i3b^;O?9E;8#2K7KeGb^evFDs^Py zC%w3h>r|>0$*GWgyf*8umV9LBO%?*6vs)KpQ56K;CIO8~1(QT$*r`vfkC|5KSn!tt zYC;FvLEv?nlH)dF&i++`|`|n4v%i{uE9I+#dYaYre!Re4b$j6ar`avqpfx6Y%VjR` z(bAtnMy937TO2I_d!9+^<*@l1z&FuDZNDdW<@h@u`BR16y!_!CgW>iU08&IHiwuTa zA$~AOg8Eb$&j{y`CmrZf@g7k~0A<$>>Rnvpc-IsY)9`ETT}(&}6A&G`_d&o@Y_kwm zcr0gpEQ9jEIFTQkpAchmoH5h8l{;L9cJJAbbT8Ch;8y|6p;T+yOBQCc{13Xc~=ZV26cnp z>zer{MHFpR@1Wa{Mm26NP3e@^k5XOj{dgX=cv=iaN+h`FCQB^*JAwfMuBpt|`E5Ex z=qh8Vpm_n|Y?XzH%QE{2es4(1;gRHZ-~hF0DldA$w|)eUc_rPWoX)vJ$cuMINM@Zp zx?y-9CPmz!W|7RiRvpaYO!4;`{I?2GxrL7$A=Kd3f02FoHIIvv40gh2QqiB-(vb6g zQS=T3`UR>-3v|W7Qu45ggx>t3ekv_QbYw*(5ld$W;(f~gq6WVCjwNV`5Jr7DwgpMcsxbp5*#tYRV5rNPQh}CU z2_ZwvxES4(aa@9$*-ci^Q*628hd(UCnM8=SRN05SlNQ45)@w8~a#=`nudMVr@hVl< z-Arh;+QAP%3FAb*&VW!#>9;H)Z~F7@gSw*+i38@c0%HdJ6!{g9V7JIU!DThhnKN}L zU{`xO$kgU%PYQ;4#^jvTQ4sMqU1HPV`mCJAMneU6^5RanM1Ug1o*h^K{(xpUSACtb z65?Jxh*!&(0rPZni2uvGQ5zbfW-6s1IX&p7;NTj5qGYcH`&^ffAKZeF2p>GXovrcf zg_`JAlbg2T<%i0geDO*x3Bcl*CO1MOy992w@;kjTOvxOfgY{do=;jI&LC1hgR6wEO&BFH!6IL zoNzKMPF-1wMw8xl-9#@!8iLJ;YyYY|R=6y^)jIRtZRCB2)Yf{^v;w24tsac>0m`i! zwS3L2(~ZC>M?-c)+UD4yBs0?37RL_{EW^7&PVWz}1PS6rX;DHZJ0TxZ z`b1BBpgC`pYw2kM7{+(<_gvd{=M$nOcov6d(yKtaWgHFc4}>Zb1g1DFdcJj!$Di8z zx&q{JxjKD-06B4XISRW^M3xM{S`fJ!gy%G_zY)$4|2`L}BM`jZ->w9$wf&$@DY*l# z?o%+Y*VQ^1caFwask;bl8Kaok<2I>b~jmz9EL$u*vyi zgrqDLQBL(NTOliy$`8Sy@81p7s6JV8%QYwrn_nuWG)czGP`&I?a@c9LJ%MZD;01c`LMZ zfE18jvYG7Ttm||&l9fPMRTtd+W9`q*k+mQ90<7d(V4Ux<((b&2T(td5rDHuk z{BPS~(I55M4^7P4fjr&wT0Z;iw{kNO&l5R{{VKvJ)uW-6%BsKfTx+S)!p1TyG(2P~ z7kTN5a)3mp=t^5?E-)0tLrl>hI0-qN({fJ~i@)&XnY_oHT;Mb{dRbb0EX2cr+ z4-gVbM2W$#zpZA#cV^WACWXx^ ztig6Ycu1lRs$CU~T}1XjkS(yfW0^m!GHiK7p}XaKhD+-WeXssP(A zC~cB5lE;?qdhCe8Q}hjmCR?$&15VUn!yO*d=RP6x7{qHEx_nVI9WF|wI(v8KHa(QV zaihnI^mznr2?!QM!B=bh!c?jY!UR!;DQ4J1pFg5E&2;fe$#o)dNL_E0{BpK@5_AS) zR|iEGqw@9U+?~$|9+VttqW-#O<|5DCmMdN%&lfI{naGtbVP9QNFutDFN?p-ZR0a{S z;YUh7r{Xq$8aP64X!M{P=CS5B)4Z0+cVNuYwT2Ip=ZtgwnO2OBUsbO$gr*(z5}g zL)Kz3EYJy1WmkHd@qKOjpEKb43+f9ssCKG#?|G3>TOsp3&0I0bH%(I~_sjt{G}Q_n zF^j1MSuXLjbAA)-C#fKaTi!`&!i@xUW6-HxbF;BfvHqwb*2c;%wQ}a3Vdq451G~j? z7_?O$l3t*x2e0XLmmr8mE3g3FaNd*)$UXMNjdQ^TE8)XcAO3OX z_ApDbwQYcZ%X=%qeE4&GLzl78R2CI&$*~At#Nhd=5%+OD^^-j28|vUzi5^sAi_JuV zcxPR+(thjl^(Lx^|6?i;|z;?eBEJA5QkG75U0?SL+P4HjJ) zB?46Jhc|8;RlTd0j31iuK^Q~%6x31cq01&JA^*54{SG~30gFx-AjAU_F!8BO%d4tT zL3$@}NL<`0M>TVI2<*Li{`1fO55V_+bs*<4ytp`SsIV$}>5>s}$TSBxDv=h{)jmxDD&zra9#Qe{ z8Ze{9yJ3uQ(h!T_Or^MPKSn3q`#`W^cerEXfn#05Irl0)EKKElgSv4u__N{EyDA30 z^-Y73v{m-gpdg5bld2x&PI-4bE=Wp5FUQ&Vd4d!OqSg?sC9VBy{65b_0NMBSvZc8d zr#TkiMPBKw98Alq0FFxZ&#Sl_f95|X9(8gpa$b)VEOG9@J!t`RO5jtO1n7Vm4@8N&lj|ocvBc zB+EON-kGZ%G901hza{lduK~X^we$lbY!tM(_}-7@rInA%fGyfO^qkG)(%cWLVN>d~ zMkin2yQ()#esg@G?31Zu6%ce5kX95h4#%cz>4gjFfdkQL{jZNfSsy2x$-gf18Q5z? zNu+`^c}=?v?wR8q6>=EaEOW?Vn9&COf#;@;q98w5+!2Q+0+NIIK^|>eLyH;IC(uqC zoiio}Dg~-FmW+MEz7aQ2?vP!P_iOc^t4PNUoLh+OX}H|`tIuMb7tqRr)WX98<(rn4 z73_YD2W^f&)@tK~<{5wW*TV-6jE~FXxs+DwcNFm<6T0;$uBA^Mpd;hzkfYz@F&+*dd}X$0dRQ;qQZ4NtO6X$bU!0A@ zAj3?jM^!D9S{-0(iSn_j04Ep-kpaS?J@a2oIdQ-smBqh*|B(%~uYsIp6pH4AC}Y`h z^yM9oit+4ZgK`lp(eR#zCb(1+>SVp~kf*cJt3ubG!c4?MUMeEu4ERbt7PqBbz(z^1 zhe^cT9JH>p7DA1IrX`YmdltOJBU-A-Y$F}(wS(o{21Y%5QgL0%F?RKSV?2HD$CSTl zMEhb?yTynO>N1>Q_p5odPWnGuE?pKVZ{uvFvX=i&F&OS9BP?!pB{%7Kor4kp27s7| z(p$#6{u>8dPZ2t;HbwOWk@5QV2`RIIKL8G$S5FVYWlTkbz_ziHtM8ykzCV=qfjF2~ zlk%R?HmGPBGK@bqgg7}WWNP|GCnVmnbgNymE1JfRO+SZ+Zw_l)(i(CC&_MLNa^cGS z!81bh(>k2ANCb^WpzOamy?_dY)9vP?zBYj>pTppg6omWTW;8!|7ufZyk-aTpEb3Z| zJyS(0ub^s1`5kAfb+&Av2IVUXQ@PQz{DRvs4G2 zU;!yxT8sDmL^qSU?)*bO{VOKpdMIgR`hn!9BRBQtBt!t%j6UAJA$k$COKtjzD8{*W+`XnZfX=&>>J{h9f z8x346W1gcT(sGx0ydw?CDB&|2F8EkfNlGDYU>GM;j#ome&S0CZmrvnVst0XMy+s+DzSC)nDb z5$X{IrtMLD{3mXVn7?K)gC`#O3&1)S6lH`_^IX+qm81msSBLo`av7BskO)#^!_@3} zplJ4PiuNk$<9KAqtQUWwMFNo^a17T@(I6GLq(iwEq>I4(8Y0w|tL6*J=GO3=d}giI)`e3fAm3hi)@1& zxoU=%Z&cD-Szdl0-4h##VURyBUK_%gnN5ka?flDUfk4lUFx~Cx(qTS~?#mOb)u<*} z*5f?I5k8ZM>|po=zxg9b3WfTU=}|MM%R9S}kSD_FcMv@9;k{W83P~~5ldR~339H5+ z#q1UY)X&KL0^P2iy98`&dEcH%<;0^d2RcNW`Z5os=dx`!_uzznyjqO|%x)jRGc zO;7afUj3Nx4ltK>J0VqmG(Ddc0gJa0Ryutl@u-DEm4_%)==j~lE*d(9M}>}_ zVWdJ=##*R>vG$Qih0;@^r)G9)bfOem2vqoQY92`yccBctDzLl2Gwe7;hoK6}s=#A@ zva$Oi#OBl^6ifM(ts;9jZL2z@A4bMr0l}H9#4Z2Ir(DIY;{YKqG37`UWS_GqMqi4g z%aUW4n!}9WOeIegC)P~0dnP_O0eM)C)Uy{;Kra>}d&r_zX=Hix(%zDN3f^aY`+0%) zqL(;f&wx7jsefJJjk!br^CM&a@;H+D(t$)?f1W_scrQsv;JQ)QBpy#x$r)3oKpQuVxs(&6iUi{g_IDu3+3D6R=$%`p>Bj4L!s1 z|Jt%$XD?kYYrXcoL;K|6%C^-D#AaWcRjT{q(&Urg7nJTi~BEFU@ty+2)Qr%8A;=9`))gdM>Ft z)MUi2c@Zt5??RgLMht`@FrEUR@+pKaaY zWPJWk%(C+?4K^;E8YZ)YrX5`r=fb3l?E1uJg?^U>D8`(^70jPEL(s(tnrsm3f=3`q$nx zs0Vcvb+119p}X^|P2Mjt^Qdhaw+-_Ay%*)r~XEh--WZI<(!EqdsE>w%Kt zP3;Cgd9KN60aF$%-OV|1>7h?fOOF8i>xZ14Zr;Mwn#iW5@?Gt9o0iDY|5p;OxlHC? zXt0Dy|6tYEs5H0b>lPZny}jif%Anfnir3~2ChorvRwfj>{b_heD1%<@0oKhOtx7s+?S`Syi!aqc9r#(ackhMM)MW5%6&En;M_gjG zxU}sEXytHh#HD53&!0YBxPJY4;JV=2+S(JRPlIN#7J1K@^z9tDtEgv|S-r{HD$aTK z@#e+u{lKNclcrB^XIm~jb!s{AbRGx*?py{fe+7e6KDSB=VQe0lF!-PwNOup%UhftD z;{SgfDNL4xcHMZH>kmQA*YKX92lNvN;LuEbm-OU+{;F3KQ&X1sYyh62#Ng@b=d#Wz Gp$Pz;n+a6_ literal 0 HcmV?d00001 diff --git a/windows/deployment/do/mcc-ent-monitoring.md b/windows/deployment/do/mcc-ent-monitoring.md index 08e45da417..98c00bdcf4 100644 --- a/windows/deployment/do/mcc-ent-monitoring.md +++ b/windows/deployment/do/mcc-ent-monitoring.md @@ -18,14 +18,12 @@ ms.date: 10/30/2024 Tracking the status and performance of your Connected Cache node is essential to making sure you're getting the most out of the service. -For basic monitoring, navigate to the **Overview** tab. Here you can view a collection of predefined metrics and charts. All the monitoring in this section will function right after your Connected Cache node has been deployed. +For basic monitoring, navigate to the **Overview** tab. Here you can view a collection of predefined metrics and charts. All the monitoring in this section will function right after your Connected Cache node has been deployed. You can view more details about each cache node by navigating to the **Cache Nodes** section under the **Cache Node Management** tab. This page displays cache node information such as Status, Host machine OS, Software Version, and Cache Node ID. For advanced monitoring, navigate to the **Metrics** section under the **Monitoring** tab. Here you can access more sampled metrics (hits, misses, inbound traffic) and specify different aggregations (count, avg, min, max, sum). You can then use this data to create customized charts and configure alerts. Using the two monitoring sections, you can gather essential insights into the health, performance, and efficiency of your Connected Cache nodes. -You can view more details about each cache node by navigating to the **Cache Nodes** section under the **Cache Node Management** tab. This page displays cache node information such as Status, Host machine OS, Software Version, and Cache Node ID. - ## Basic Monitoring ### Cache node summary @@ -67,6 +65,20 @@ This chart displays the volume of each supported content type in bytes (B) that The content types displayed in the chart each have a distinct color and are sorted in descending order of volume. The bar chart is stacked such that you can visually compare total volume being delivered at different points in time. +### Cache node details + +The **Cache Nodes** section under the **Cache Node Management** tab displays cache node information such as Status, Host machine OS, Software Version, and Cache Node ID. + +![Screenshot of cache node details in the Azure portal interface.](../images/mcc-ent-cache-node-details.png) + +| Metric | Description | +| --- | --- | +| Cache node name | The user-defined name of the cache node. | +| Status | The heartbeat status of the cache node. | +| OS | The host machine OS that this cache node is compatible with. | +| Software version | The version number of the cache node's Connected Cache container. | +| Cache node ID | The unique identifier of the cache node. | + ## Advanced Monitoring To expand upon the metrics shown in the Overview tab, navigate to the **Metrics** tab in the left side toolbar of Azure portal. From 066807a6806de46a55aec6465ba2902fd6040709 Mon Sep 17 00:00:00 2001 From: chrisjlin <36452239+chrisjlin@users.noreply.github.com> Date: Thu, 5 Dec 2024 09:25:12 -0800 Subject: [PATCH 048/123] Fixing cache node details image location --- .../{do => }/images/mcc-ent-cache-node-details.png | Bin 1 file changed, 0 insertions(+), 0 deletions(-) rename windows/deployment/{do => }/images/mcc-ent-cache-node-details.png (100%) diff --git a/windows/deployment/do/images/mcc-ent-cache-node-details.png b/windows/deployment/images/mcc-ent-cache-node-details.png similarity index 100% rename from windows/deployment/do/images/mcc-ent-cache-node-details.png rename to windows/deployment/images/mcc-ent-cache-node-details.png From 15fd6a6122ef8b95915045bc6136968531ecfaf4 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Thu, 5 Dec 2024 13:04:55 -0500 Subject: [PATCH 049/123] freshness review --- education/index.yml | 2 +- education/windows/get-minecraft-for-education.md | 2 +- windows/configuration/cellular/provisioning-apn.md | 2 +- windows/configuration/index.yml | 2 +- windows/configuration/windows-spotlight/index.md | 2 +- .../data-protection/bitlocker/bcd-settings-and-bitlocker.md | 2 +- .../data-protection/bitlocker/configure.md | 2 +- .../data-protection/bitlocker/countermeasures.md | 2 +- .../data-protection/bitlocker/csv-san.md | 2 +- .../data-protection/bitlocker/faq.yml | 2 +- .../data-protection/bitlocker/index.md | 2 +- .../data-protection/bitlocker/install-server.md | 2 +- .../data-protection/bitlocker/network-unlock.md | 2 +- .../data-protection/bitlocker/operations-guide.md | 2 +- .../data-protection/bitlocker/planning-guide.md | 2 +- .../data-protection/bitlocker/preboot-recovery-screen.md | 2 +- .../data-protection/bitlocker/recovery-overview.md | 2 +- .../data-protection/bitlocker/recovery-process.md | 5 ++++- 18 files changed, 21 insertions(+), 18 deletions(-) diff --git a/education/index.yml b/education/index.yml index 1da8d77fdb..d70de3747c 100644 --- a/education/index.yml +++ b/education/index.yml @@ -8,7 +8,7 @@ metadata: title: Microsoft 365 Education Documentation description: Learn about product documentation and resources available for school IT administrators, teachers, students, and education app developers. ms.topic: hub-page - ms.date: 07/22/2024 + ms.date: 12/05/2024 productDirectory: title: For IT admins diff --git a/education/windows/get-minecraft-for-education.md b/education/windows/get-minecraft-for-education.md index 1b8a44d7c4..8d3050097f 100644 --- a/education/windows/get-minecraft-for-education.md +++ b/education/windows/get-minecraft-for-education.md @@ -2,7 +2,7 @@ title: Deploy Minecraft Education To Windows Devices description: Learn how to obtain and distribute Minecraft Education to Windows devices. ms.topic: how-to -ms.date: 04/10/2024 +ms.date: 12/5/2024 ms.collection: - education - tier2 diff --git a/windows/configuration/cellular/provisioning-apn.md b/windows/configuration/cellular/provisioning-apn.md index 8fcf389cf7..860024c72c 100644 --- a/windows/configuration/cellular/provisioning-apn.md +++ b/windows/configuration/cellular/provisioning-apn.md @@ -2,7 +2,7 @@ title: Configure cellular settings description: Learn how to provision cellular settings for devices with built-in modems or plug-in USB modem dongles. ms.topic: concept-article -ms.date: 04/23/2024 +ms.date: 12/05/2024 --- # Configure cellular settings diff --git a/windows/configuration/index.yml b/windows/configuration/index.yml index fa1a297ecf..a1e1606862 100644 --- a/windows/configuration/index.yml +++ b/windows/configuration/index.yml @@ -11,7 +11,7 @@ metadata: author: paolomatarazzo ms.author: paoloma manager: aaroncz - ms.date: 04/25/2024 + ms.date: 12/05/2024 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new diff --git a/windows/configuration/windows-spotlight/index.md b/windows/configuration/windows-spotlight/index.md index 6c056b86f1..ad39469d22 100644 --- a/windows/configuration/windows-spotlight/index.md +++ b/windows/configuration/windows-spotlight/index.md @@ -2,7 +2,7 @@ title: Configure Windows spotlight description: Learn how to configure Windows spotlight using Group Policy and mobile device management (MDM) settings. ms.topic: how-to -ms.date: 04/23/2024 +ms.date: 12/05/2024 ms.author: paoloma author: paolomatarazzo appliesto: diff --git a/windows/security/operating-system-security/data-protection/bitlocker/bcd-settings-and-bitlocker.md b/windows/security/operating-system-security/data-protection/bitlocker/bcd-settings-and-bitlocker.md index 3e29796ff1..826ae7e556 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/bcd-settings-and-bitlocker.md +++ b/windows/security/operating-system-security/data-protection/bitlocker/bcd-settings-and-bitlocker.md @@ -2,7 +2,7 @@ title: BCD settings and BitLocker description: Learn how BCD settings are used by BitLocker. ms.topic: reference -ms.date: 06/18/2024 +ms.date: 12/05/2024 --- # Boot Configuration Data settings and BitLocker diff --git a/windows/security/operating-system-security/data-protection/bitlocker/configure.md b/windows/security/operating-system-security/data-protection/bitlocker/configure.md index 7fbff47e8c..5ed1607787 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/configure.md +++ b/windows/security/operating-system-security/data-protection/bitlocker/configure.md @@ -2,7 +2,7 @@ title: Configure BitLocker description: Learn about the available options to configure BitLocker and how to configure them via Configuration Service Providers (CSP) or group policy (GPO). ms.topic: how-to -ms.date: 06/18/2024 +ms.date: 12/05/2024 --- # Configure BitLocker diff --git a/windows/security/operating-system-security/data-protection/bitlocker/countermeasures.md b/windows/security/operating-system-security/data-protection/bitlocker/countermeasures.md index 3eda5bed37..4e0d64f71a 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/countermeasures.md +++ b/windows/security/operating-system-security/data-protection/bitlocker/countermeasures.md @@ -2,7 +2,7 @@ title: BitLocker countermeasures description: Learn about technologies and features to protect against attacks on the BitLocker encryption key. ms.topic: concept-article -ms.date: 06/18/2024 +ms.date: 12/05/2024 --- # BitLocker countermeasures diff --git a/windows/security/operating-system-security/data-protection/bitlocker/csv-san.md b/windows/security/operating-system-security/data-protection/bitlocker/csv-san.md index 80b74ed970..131cf2f9c9 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/csv-san.md +++ b/windows/security/operating-system-security/data-protection/bitlocker/csv-san.md @@ -2,7 +2,7 @@ title: Protect cluster shared volumes and storage area networks with BitLocker description: Learn how to protect cluster shared volumes (CSV) and storage area networks (SAN) with BitLocker. ms.topic: how-to -ms.date: 06/18/2024 +ms.date: 12/05/2024 appliesto: - ✅ Windows Server 2025 - ✅ Windows Server 2022 diff --git a/windows/security/operating-system-security/data-protection/bitlocker/faq.yml b/windows/security/operating-system-security/data-protection/bitlocker/faq.yml index b2642afed9..fcbcadf1b9 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/faq.yml +++ b/windows/security/operating-system-security/data-protection/bitlocker/faq.yml @@ -3,7 +3,7 @@ metadata: title: BitLocker FAQ description: Learn more about BitLocker by reviewing the frequently asked questions. ms.topic: faq - ms.date: 06/18/2024 + ms.date: 12/05/2024 title: BitLocker FAQ summary: Learn more about BitLocker by reviewing the frequently asked questions. diff --git a/windows/security/operating-system-security/data-protection/bitlocker/index.md b/windows/security/operating-system-security/data-protection/bitlocker/index.md index 69d9822b91..2b1e13953b 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/index.md +++ b/windows/security/operating-system-security/data-protection/bitlocker/index.md @@ -2,7 +2,7 @@ title: BitLocker overview description: Learn about BitLocker practical applications and requirements. ms.topic: overview -ms.date: 06/18/2024 +ms.date: 12/05/2024 --- # BitLocker overview diff --git a/windows/security/operating-system-security/data-protection/bitlocker/install-server.md b/windows/security/operating-system-security/data-protection/bitlocker/install-server.md index 1e9c124e9c..687f2418cd 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/install-server.md +++ b/windows/security/operating-system-security/data-protection/bitlocker/install-server.md @@ -2,7 +2,7 @@ title: Install BitLocker on Windows Server description: Learn how to install BitLocker on Windows Server. ms.topic: how-to -ms.date: 06/18/2024 +ms.date: 12/05/2024 appliesto: - ✅ Windows Server 2025 - ✅ Windows Server 2022 diff --git a/windows/security/operating-system-security/data-protection/bitlocker/network-unlock.md b/windows/security/operating-system-security/data-protection/bitlocker/network-unlock.md index 15119bdf05..ff99a2de31 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/network-unlock.md +++ b/windows/security/operating-system-security/data-protection/bitlocker/network-unlock.md @@ -2,7 +2,7 @@ title: Network Unlock description: Learn how BitLocker Network Unlock works and how to configure it. ms.topic: how-to -ms.date: 06/18/2024 +ms.date: 12/05/2024 --- # Network Unlock diff --git a/windows/security/operating-system-security/data-protection/bitlocker/operations-guide.md b/windows/security/operating-system-security/data-protection/bitlocker/operations-guide.md index 645cf45add..2a6e018234 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/operations-guide.md +++ b/windows/security/operating-system-security/data-protection/bitlocker/operations-guide.md @@ -2,7 +2,7 @@ title: BitLocker operations guide description: Learn how to use different tools to manage and operate BitLocker. ms.topic: how-to -ms.date: 06/18/2024 +ms.date: 12/05/2024 --- # BitLocker operations guide diff --git a/windows/security/operating-system-security/data-protection/bitlocker/planning-guide.md b/windows/security/operating-system-security/data-protection/bitlocker/planning-guide.md index c54ad2e21e..3c563aa624 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/planning-guide.md +++ b/windows/security/operating-system-security/data-protection/bitlocker/planning-guide.md @@ -2,7 +2,7 @@ title: BitLocker planning guide description: Learn how to plan for a BitLocker deployment in your organization. ms.topic: concept-article -ms.date: 06/18/2024 +ms.date: 12/05/2024 --- # BitLocker planning guide diff --git a/windows/security/operating-system-security/data-protection/bitlocker/preboot-recovery-screen.md b/windows/security/operating-system-security/data-protection/bitlocker/preboot-recovery-screen.md index aaadd7678e..842b2e94c9 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/preboot-recovery-screen.md +++ b/windows/security/operating-system-security/data-protection/bitlocker/preboot-recovery-screen.md @@ -2,7 +2,7 @@ title: BitLocker preboot recovery screen description: Learn about the information displayed in the BitLocker preboot recovery screen, depending on configured policy settings and recovery keys status. ms.topic: concept-article -ms.date: 06/19/2024 +ms.date: 12/05/2024 --- # BitLocker preboot recovery screen diff --git a/windows/security/operating-system-security/data-protection/bitlocker/recovery-overview.md b/windows/security/operating-system-security/data-protection/bitlocker/recovery-overview.md index 808550018a..3db9407c4b 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/recovery-overview.md +++ b/windows/security/operating-system-security/data-protection/bitlocker/recovery-overview.md @@ -2,7 +2,7 @@ title: BitLocker recovery overview description: Learn about BitLocker recovery scenarios, recovery options, and how to determine root cause of failed automatic unlocks. ms.topic: how-to -ms.date: 06/18/2024 +ms.date: 12/05/2024 --- # BitLocker recovery overview diff --git a/windows/security/operating-system-security/data-protection/bitlocker/recovery-process.md b/windows/security/operating-system-security/data-protection/bitlocker/recovery-process.md index a3cded5a34..421165a49b 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/recovery-process.md +++ b/windows/security/operating-system-security/data-protection/bitlocker/recovery-process.md @@ -2,7 +2,7 @@ title: BitLocker recovery process description: Learn how to obtain BitLocker recovery information for Microsoft Entra joined, Microsoft Entra hybrid joined, and Active Directory joined devices, and how to restore access to a locked drive. ms.topic: how-to -ms.date: 07/18/2024 +ms.date: 12/05/2024 --- # BitLocker recovery process @@ -26,6 +26,9 @@ A recovery key can't be stored in any of the following locations: - The root directory of a nonremovable drive - An encrypted volume +> [!WARNING] +> A recovery key is sensitive information that allows users to unlock an encrypted drive and perform administrative tasks on the drive. For enhanced security, it's recommended to enable self-service in trusted environments only, or rely on helpdesk recovery. + ### Self-recovery with recovery password If you have access to the recovery key, enter the 48-digits in the preboot recovery screen. From ae7f72702ad2455ebd7d06628b913812deb19bae Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Thu, 5 Dec 2024 10:58:36 -0800 Subject: [PATCH 050/123] editorial revision --- windows/client-management/mdm/accounts-csp.md | 26 ++++++++++--------- 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/windows/client-management/mdm/accounts-csp.md b/windows/client-management/mdm/accounts-csp.md index 454e9ea3a2..2774e66244 100644 --- a/windows/client-management/mdm/accounts-csp.md +++ b/windows/client-management/mdm/accounts-csp.md @@ -54,7 +54,7 @@ Available naming macros: Supported operation is Add. > [!Note] -> For desktop PCs on Windows 10, version 2004 or later, use the **Ext/Microsoft/DNSComputerName** node in [DevDetail CSP](devdetail-csp.md). +> For desktop PCs on supported versions of Windows 10 or later, use the **Ext/Microsoft/DNSComputerName** node in [DevDetail CSP](devdetail-csp.md). **Users** Interior node for the user account information. @@ -62,23 +62,25 @@ Interior node for the user account information. **Users/_UserName_** This node specifies the username for a new local user account. This setting can be managed remotely. +> [!IMPORTANT] +> The username is limited to 20 characters. + **Users/_UserName_/Password** This node specifies the password for a new local user account. This setting can be managed remotely. Supported operation is Add. GET operation isn't supported. This setting will report as failed when deployed from Intune. -> [!WARNING] -> The username is limited to 20 characters. - -> [!WARNING] -> The user creation will only be successful if a sufficiently strong password is selected. Special XML characters must be escaped, i.e.: - -| character | escape sequence | -|:---|:---| -| `<` | `<` | -| `>` | `>` | -| `&` | `&` | +> [!IMPORTANT] +> This string needs to meet the current password policy requirements. +> +> Escape any special characters in the string. For example, +> +> | Character | Escape sequence | +> |:---|:---| +> | `<` | `<` | +> | `>` | `>` | +> | `&` | `&` | **Users/_UserName_/LocalUserGroup** This optional node specifies the local user group that a local user account should be joined to. If the node isn't set, the new local user account is joined just to the Standard Users group. Set the value to 2 for Administrators group. This setting can be managed remotely. From 93d9e761519d07efdb1233ae0948d1299b05d791 Mon Sep 17 00:00:00 2001 From: chrisjlin <36452239+chrisjlin@users.noreply.github.com> Date: Fri, 6 Dec 2024 12:42:32 -0800 Subject: [PATCH 051/123] Adding port forwarding fix to Troubleshooting --- windows/deployment/do/mcc-ent-troubleshooting.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/windows/deployment/do/mcc-ent-troubleshooting.md b/windows/deployment/do/mcc-ent-troubleshooting.md index 53ab7f2836..ee7d14c089 100644 --- a/windows/deployment/do/mcc-ent-troubleshooting.md +++ b/windows/deployment/do/mcc-ent-troubleshooting.md @@ -116,6 +116,20 @@ You can use Task Scheduler on the host machine to check the status of this sched > [!Note] > If the password of the runtime account changes, you'll need to update the user in all of the Connected Cache scheduled tasks in order for the Connected Cache node to continue functioning properly. +### Cache node successfully deployed but not serving requests + +If your cache node is not responding to requests outside of localhost, it may be because the host machine's port forwarding rules were not correctly set during Connected Cache installation. + +To check your host machine's port forwarding rules, use the following PowerShell command. + +`netsh interface portproxy show v4tov4` + +If you do not see any port forwarding rules for port 80 to 0.0.0.0, you can run the following command from an elevated PowerShell instance to set the proper forwarding to WSL. + +`netsh interface portproxy add v4tov4 listenport=80 listenaddress=0.0.0.0 connectport=80 connectaddress=` + +You can retrieve the WSL IP Address from the `wslip.txt` file that should be present in the installation directory you specified in the Connected Cache provisioning command ("c:\mccwsl01" by default). + ## Troubleshooting cache node deployment to Linux host machine [Deploying a Connected Cache node to a Linux host machine](mcc-ent-deploy-to-linux.md) involves running a series of Bash scripts contained within the Linux provisioning package. From 925e8de75ba6cfa5ed64272244bc79a371a8d9df Mon Sep 17 00:00:00 2001 From: chrisjlin <36452239+chrisjlin@users.noreply.github.com> Date: Fri, 6 Dec 2024 12:43:42 -0800 Subject: [PATCH 052/123] Acrolinx improvements to Troubleshooting --- windows/deployment/do/mcc-ent-troubleshooting.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/do/mcc-ent-troubleshooting.md b/windows/deployment/do/mcc-ent-troubleshooting.md index ee7d14c089..c814c909f2 100644 --- a/windows/deployment/do/mcc-ent-troubleshooting.md +++ b/windows/deployment/do/mcc-ent-troubleshooting.md @@ -118,13 +118,13 @@ You can use Task Scheduler on the host machine to check the status of this sched ### Cache node successfully deployed but not serving requests -If your cache node is not responding to requests outside of localhost, it may be because the host machine's port forwarding rules were not correctly set during Connected Cache installation. +If your cache node isn't responding to requests outside of localhost, it may be because the host machine's port forwarding rules weren't correctly set during Connected Cache installation. To check your host machine's port forwarding rules, use the following PowerShell command. `netsh interface portproxy show v4tov4` -If you do not see any port forwarding rules for port 80 to 0.0.0.0, you can run the following command from an elevated PowerShell instance to set the proper forwarding to WSL. +If you don't see any port forwarding rules for port 80 to 0.0.0.0, you can run the following command from an elevated PowerShell instance to set the proper forwarding to WSL. `netsh interface portproxy add v4tov4 listenport=80 listenaddress=0.0.0.0 connectport=80 connectaddress=` From 47f916c111d7a940f5e50dacb1643f7f0de6f8ad Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 6 Dec 2024 14:05:32 -0800 Subject: [PATCH 053/123] Standardize capitalization of "local user account" & shorten support url --- windows/deployment/do/mcc-ent-deploy-to-windows.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/deployment/do/mcc-ent-deploy-to-windows.md b/windows/deployment/do/mcc-ent-deploy-to-windows.md index cee4f0975b..275b637871 100644 --- a/windows/deployment/do/mcc-ent-deploy-to-windows.md +++ b/windows/deployment/do/mcc-ent-deploy-to-windows.md @@ -17,7 +17,7 @@ appliesto: This article describes how to deploy Microsoft Connected Cache for Enterprise and Education caching software to a Windows host machine. -Deploying Connected Cache to a Windows host machine requires designating a [Group Managed Service Account (gMSA)](/windows-server/security/group-managed-service-accounts/getting-started-with-group-managed-service-accounts) or a [Local User Account](https://support.microsoft.com/windows/create-a-local-user-or-administrator-account-in-windows-20de74e0-ac7f-3502-a866-32915af2a34d) as the Connected Cache runtime account. This prevents tampering with the Connected Cache container and the cached content on the host machine. +Deploying Connected Cache to a Windows host machine requires designating a [Group Managed Service Account (gMSA)](/windows-server/security/group-managed-service-accounts/getting-started-with-group-managed-service-accounts) or a [local user account](https://support.microsoft.com/topic/20de74e0-ac7f-3502-a866-32915af2a34d) as the Connected Cache runtime account. This prevents tampering with the Connected Cache container and the cached content on the host machine. Before deploying Connected Cache to a Windows host machine, ensure that the host machine meets all [requirements](mcc-ent-prerequisites.md), and that you have [created and configured your Connected Cache Azure resource](mcc-ent-create-resource-and-cache.md). @@ -39,12 +39,12 @@ Before deploying Connected Cache to a Windows host machine, ensure that the host 1. Set the Execution Policy to *Unrestricted* to allow the provisioning scripts to run. 1. Create a `$User` PowerShell variable containing the username of the account you intend to designate as the Connected Cache runtime account. - For gMSAs, the `$User` PowerShell variable should be formatted as `"Domain\Username$"`. For Local User accounts, `$User` PowerShell variable should be formatted as `"LocalMachineName\Username"`. + For gMSAs, the `$User` PowerShell variable should be formatted as `"Domain\Username$"`. For local user accounts, `$User` PowerShell variable should be formatted as `"LocalMachineName\Username"`. - If you're using a Local User account as the Connected Cache runtime account, you'll also need to create a [PSCredential Object](/dotnet/api/system.management.automation.pscredential) named `$myLocalAccountCredential`. + If you're using a local user account as the Connected Cache runtime account, you'll also need to create a [PSCredential Object](/dotnet/api/system.management.automation.pscredential) named `$myLocalAccountCredential`. >[!Note] - >* You'll need to apply a local security policy to permit the Local User account to `Log on as a batch job`. + >* You'll need to apply a local security policy to permit the local user account to `Log on as a batch job`. 1. Run the provisioning command on the host machine. @@ -72,12 +72,12 @@ To deploy a cache node programmatically, you'll need to use Azure CLI to get the 1. Set the Execution Policy to *Unrestricted* to allow the provisioning scripts to run. 1. Create a `$User` PowerShell variable containing the username of the account you intend to designate as the Connected Cache runtime account. - For gMSAs, the `$User` PowerShell variable should be formatted as `"Domain\Username$"`. For Local User accounts, the `$User` PowerShell variable should be formatted as `"LocalMachineName\Username"`. + For gMSAs, the `$User` PowerShell variable should be formatted as `"Domain\Username$"`. For local user accounts, the `$User` PowerShell variable should be formatted as `"LocalMachineName\Username"`. - If you're using a Local User account as the Connected Cache runtime account, you'll also need to create a [PSCredential Object](/dotnet/api/system.management.automation.pscredential) named `$myLocalAccountCredential`. + If you're using a local user account as the Connected Cache runtime account, you'll also need to create a [PSCredential Object](/dotnet/api/system.management.automation.pscredential) named `$myLocalAccountCredential`. >[!Note] - >* You'll need to apply a local security policy to permit the Local User account to `Log on as a batch job`. + >* You'll need to apply a local security policy to permit the local user account to `Log on as a batch job`. 1. Replace the values in the following provisioning command before running it on the host machine. From efcd54d4ac52379a9754c4bdd02f5fa03808424d Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 6 Dec 2024 14:20:04 -0800 Subject: [PATCH 054/123] add wip to rm list --- windows/whats-new/ltsc/whats-new-windows-11-2024.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/whats-new/ltsc/whats-new-windows-11-2024.md b/windows/whats-new/ltsc/whats-new-windows-11-2024.md index 8584ed1fab..3fbb4a3529 100644 --- a/windows/whats-new/ltsc/whats-new-windows-11-2024.md +++ b/windows/whats-new/ltsc/whats-new-windows-11-2024.md @@ -156,7 +156,6 @@ Each version of Windows client adds new features and functionality. Occasionally | Feature | Description | |---------|-------------| -| **Windows Information Protection**
[24H2][24H2]| Windows Information Protection is removed starting in Windows 11, version 24H2. | | **WordPad**
[24H2][24H2]| WordPad is removed from all editions of Windows starting in Windows 11, version 24H2 and Windows Server 2025. | | **Alljoyn**
[24H2][24H2] | Microsoft's implementation of AllJoyn, which included the [Windows.Devices.AllJoyn API namespace](/uwp/api/windows.devices.alljoyn), a [Win32 API](/windows/win32/api/_alljoyn/), a [management configuration service provider (CSP)](/windows/client-management/mdm/alljoynmanagement-csp), and an [Alljoyn Router Service](/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server#alljoyn-router-service) is retired. | From 6518a76935eeae76c067374b1d929f6ec7b177db Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Mon, 9 Dec 2024 10:31:34 -0800 Subject: [PATCH 055/123] rem-dep-wip --- windows/whats-new/deprecated-features.md | 4 ++-- windows/whats-new/removed-features.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/whats-new/deprecated-features.md b/windows/whats-new/deprecated-features.md index 05a7036224..d42d89fa53 100644 --- a/windows/whats-new/deprecated-features.md +++ b/windows/whats-new/deprecated-features.md @@ -1,7 +1,7 @@ --- title: Deprecated features in the Windows client description: Review the list of features that Microsoft is no longer actively developing in Windows 10 and Windows 11. -ms.date: 11/14/2024 +ms.date: 12/09/2024 ms.service: windows-client ms.subservice: itpro-fundamentals ms.localizationpriority: medium @@ -75,7 +75,7 @@ The features in this article are no longer being actively developed, and might b | Microsoft Support Diagnostic Tool (MSDT) | [MSDT](/windows-server/administration/windows-commands/msdt) is deprecated and will be removed in a future release of Windows. MSDT is used to gather diagnostic data for analysis by support professionals. For more information, see [Resources for deprecated features](deprecated-features-resources.md) | January 2023 | | Universal Windows Platform (UWP) Applications for 32-bit Arm | This change is applicable only to devices with an Arm processor, for example Snapdragon processors from Qualcomm. If you have a PC built with a processor from Intel or AMD, this content isn't applicable. If you aren't sure which type of processor you have, check **Settings** > **System** > **About**.

Support for 32-bit Arm versions of applications will be removed in a future release of Windows 11. After this change, for the small number of applications affected, app features might be different and you might notice a difference in performance. For more technical details about this change, see [Update app architecture from Arm32 to Arm64](/windows/arm/arm32-to-arm64). | January 2023 | | Update Compliance | [Update Compliance](/windows/deployment/update/update-compliance-monitor), a cloud-based service for the Windows client, is no longer being developed. This service was replaced with [Windows Update for Business reports](/windows/deployment/update/wufb-reports-overview), which provides reporting on client compliance with Microsoft updates from the Azure portal. | November 2022| -| Windows Information Protection | [Windows Information Protection](/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip) will no longer be developed in future versions of Windows. For more information, see [Announcing sunset of Windows Information Protection (WIP)](https://go.microsoft.com/fwlink/?linkid=2202124).

For your data protection needs, Microsoft recommends that you use [Microsoft Purview Information Protection](/microsoft-365/compliance/information-protection) and [Microsoft Purview Data Loss Prevention](/microsoft-365/compliance/dlp-learn-about-dlp).

**[Update - November 2024]**: Windows Information Protection is removed starting in Windows 11, version 24H2. | July 2022 | +| Windows Information Protection | [Windows Information Protection](/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip) will no longer be developed in future versions of Windows. For more information, see [Announcing sunset of Windows Information Protection (WIP)](https://go.microsoft.com/fwlink/?linkid=2202124).

For your data protection needs, Microsoft recommends that you use [Microsoft Purview Information Protection](/microsoft-365/compliance/information-protection) and [Microsoft Purview Data Loss Prevention](/microsoft-365/compliance/dlp-learn-about-dlp).

Windows Information Protection is removed starting in Windows 11, version 24H2. | July 2022 | | BitLocker To Go Reader | **Note: BitLocker to Go as a feature is still supported.**
Reading of BitLocker-protected removable drives ([BitLocker To Go](/windows/security/information-protection/bitlocker/bitlocker-to-go-faq)) from Windows XP or Windows Vista in later operating systems is deprecated and might be removed in a future release of Windows client.
The following items might not be available in a future release of Windows client:
- ADMX policy: **Allow access to BitLocker-protected removable data drives from earlier versions of Windows**
- Command line parameter: [`manage-bde -DiscoveryVolumeType`](/windows-server/administration/windows-commands/manage-bde-on) (-dv)
- Catalog file: **c:\windows\BitLockerDiscoveryVolumeContents**
- BitLocker 2 Go Reader app: **bitlockertogo.exe** and associated files | 21H1 | | Personalization roaming | Roaming of Personalization settings (including wallpaper, slideshow, accent colors, and lock screen images) is no longer being developed and might be removed in a future release. | 21H1 | | Windows Management Instrumentation command-line (WMIC) utility. | The WMIC utility is deprecated in Windows 10, version 21H1 and the 21H1 General Availability Channel release of Windows Server. This utility is superseded by [Windows PowerShell for WMI](/powershell/scripting/learn/ps101/07-working-with-wmi). Note: This deprecation applies to only the [command-line management utility](/windows/win32/wmisdk/wmic). WMI itself isn't affected.

**[Update - January 2024]**: Currently, WMIC is a Feature on Demand (FoD) that's [preinstalled by default](/windows-hardware/manufacture/desktop/features-on-demand-non-language-fod#wmic) in Windows 11, versions 23H2 and 22H2. In the next release of Windows, the WMIC FoD will be disabled by default. | 21H1 | diff --git a/windows/whats-new/removed-features.md b/windows/whats-new/removed-features.md index a838588ec9..d36d9e8174 100644 --- a/windows/whats-new/removed-features.md +++ b/windows/whats-new/removed-features.md @@ -8,7 +8,7 @@ ms.author: mstewart manager: aaroncz ms.topic: reference ms.subservice: itpro-fundamentals -ms.date: 08/23/2024 +ms.date: 12/09/2024 ms.collection: - highpri - tier1 From a88245a89d9393f1505f1e51c27cd426bf6365da Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Mon, 9 Dec 2024 16:01:17 -0800 Subject: [PATCH 056/123] add note about upgrade scenario --- windows/client-management/mdm/policy-csp-windowsai.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-windowsai.md b/windows/client-management/mdm/policy-csp-windowsai.md index 6b2b257fbe..8633998eec 100644 --- a/windows/client-management/mdm/policy-csp-windowsai.md +++ b/windows/client-management/mdm/policy-csp-windowsai.md @@ -1,7 +1,7 @@ --- title: WindowsAI Policy CSP description: Learn more about the WindowsAI Area in Policy CSP. -ms.date: 11/27/2024 +ms.date: 12/09/2024 --- @@ -718,6 +718,7 @@ This policy setting allows you to turn off Windows Copilot. > [!NOTE] > - The TurnOffWindowsCopilot policy isn't for the [new Copilot experience](https://techcommunity.microsoft.com/blog/windows-itpro-blog/evolving-copilot-in-windows-for-your-workforce/4141999) that's in some [Windows Insider builds](https://blogs.windows.com/windows-insider/2024/05/22/releasing-windows-11-version-24h2-to-the-release-preview-channel/) and that will be gradually rolling out to Windows 11 and Windows 10 devices. +> - This policy also applies to upgrade scenarios to prevent installation of the Copilot app from an image that would have had the Copilot in Windows pane. From f75356dd78775406650c2a30ed5fe25c5183ec66 Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Tue, 10 Dec 2024 09:15:27 -0800 Subject: [PATCH 057/123] Minor tweaks to WQU x Expedite --- .../manage/windows-autopatch-update-rings.md | 4 ++-- ...ch-windows-quality-update-programmatic-controls.md | 11 +++++++---- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/windows/deployment/windows-autopatch/manage/windows-autopatch-update-rings.md b/windows/deployment/windows-autopatch/manage/windows-autopatch-update-rings.md index e68df90cbb..81669a6614 100644 --- a/windows/deployment/windows-autopatch/manage/windows-autopatch-update-rings.md +++ b/windows/deployment/windows-autopatch/manage/windows-autopatch-update-rings.md @@ -1,7 +1,7 @@ --- title: Manage Update rings description: How to manage update rings -ms.date: 09/16/2024 +ms.date: 12/10/2024 ms.service: windows-client ms.subservice: autopatch ms.topic: how-to @@ -43,7 +43,7 @@ Imported rings automatically register all targeted devices into Windows Autopatc 2. Select **Devices** from the left navigation menu. 3. Under the **Manage updates** section, select **Windows updates**. 4. In the **Windows updates** blade, go to the **Update rings** tab. -5. Select **Enroll policies**. +5. Select **Enroll policies**. **This step only applies if you've gone through [feature activation](../prepare/windows-autopatch-feature-activation.md)**. 6. Select the existing rings you would like to import. 7. Select **Import**. diff --git a/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-quality-update-programmatic-controls.md b/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-quality-update-programmatic-controls.md index 77acf64924..2aefa858cc 100644 --- a/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-quality-update-programmatic-controls.md +++ b/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-quality-update-programmatic-controls.md @@ -14,7 +14,7 @@ ms.localizationpriority: medium appliesto: - ✅ Windows 11 - ✅ Windows 10 -ms.date: 09/24/2024 +ms.date: 12/10/2024 --- # Programmatic controls for expedited Windows quality updates @@ -34,6 +34,9 @@ In this article, you will: All of the [Windows Autopatch prerequisites](../prepare/windows-autopatch-prerequisites.md) must be met, including ensuring that the *Update Health Tools* is installed on the clients. +> [!IMPORTANT] +> This step isn't required if your device is running Windows 11 24H2 and later. + - The *Update Health Tools* are installed starting with [KB4023057](https://support.microsoft.com/kb/4023057). To confirm the presence of the Update Health Tools on a device, use one of the following methods: - Run a [readiness test for expedited updates](#readiness-test-for-expediting-updates) - Look for the folder **C:\Program Files\Microsoft Update Health Tools** or review *Add Remove Programs* for **Microsoft Update Health Tools**. @@ -269,7 +272,7 @@ The request returns a 201 Created response code and a [deployment](/graph/api/re ## Add members to the deployment audience -The **Audience ID**, `d39ad1ce-0123-4567-89ab-cdef01234567`, was created when the deployment was created. The **Audience ID** is used to add members to the deployment audience. After the deployment audience is updated, Windows Update starts offering the update to the devices according to the deployment settings. As long as the deployment exists and the device is in the audience, the update will be expedited. +The **Audience ID**, `d39ad1ce-0123-4567-89ab-cdef01234567`, was created when the deployment was created. The **Audience ID** is used to add members to the deployment audience. After the deployment audience is updated, Windows Update starts offering the update to the devices according to the deployment settings. As long as the deployment exists and the device is in the audience, the update is expedited. The following example adds two devices to the deployment audience using the **Microsoft Entra ID** for each device: @@ -299,7 +302,7 @@ To verify the devices were added to the audience, run the following query using ## Delete a deployment -To stop an expedited deployment, DELETE the deployment. Deleting the deployment will prevent the content from being offered to devices if they haven't already received it. To resume offering the content, a new approval will need to be created. +To stop an expedited deployment, DELETE the deployment. Deleting the deployment prevents the content from being offered to devices if they haven't already received it. To resume offering the content, a new approval must be created. The following example deletes the deployment with a **Deployment ID** of `de910e12-3456-7890-abcd-ef1234567890`: @@ -309,7 +312,7 @@ DELETE https://graph.microsoft.com/beta/admin/windows/updates/deployments/de910e ## Readiness test for expediting updates -You can verify the readiness of clients to receive expedited updates by using [isReadinessTest](/graph/api/resources/windowsupdates-expeditesettings). Create a deployment that specifies it's an expedite readiness test, then add members to the deployment audience. The service will check to see if the clients meet the prerequisites for expediting updates. The results of the test are displayed in the [Windows Update for Business reports workbook](/windows/deployment/update/wufb-reports-workbook#quality-updates-tab). Under the **Quality updates** tab, select the **Expedite status** tile, which opens a flyout with a **Readiness** tab with the readiness test results. +You can verify the readiness of clients to receive expedited updates by using [isReadinessTest](/graph/api/resources/windowsupdates-expeditesettings). Create a deployment that specifies it's an expedite readiness test, then add members to the deployment audience. The service checks to see if the clients meet the prerequisites for expediting updates. The results of the test are displayed in the [Windows Update for Business reports workbook](/windows/deployment/update/wufb-reports-workbook#quality-updates-tab). Under the **Quality updates** tab, select the **Expedite status** tile, which opens a flyout with a **Readiness** tab with the readiness test results. ```msgraph-interactive POST https://graph.microsoft.com/beta/admin/windows/updates/deployments From 0e916bb8fb0073f895330169b4e227e50b3e112c Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Tue, 10 Dec 2024 10:03:59 -0800 Subject: [PATCH 058/123] 9598546-copilot-key --- .../9598546-copilot-key-settings.png | Bin 0 -> 3098893 bytes .../manage-windows-copilot.md | 70 +++++++++++++++--- 2 files changed, 59 insertions(+), 11 deletions(-) create mode 100644 windows/client-management/9598546-copilot-key-settings.png diff --git a/windows/client-management/9598546-copilot-key-settings.png b/windows/client-management/9598546-copilot-key-settings.png new file mode 100644 index 0000000000000000000000000000000000000000..e4c6e3ed8dff21046e3b9002a43d021635f8061c GIT binary patch literal 3098893 zcmeEvd03NY_O>%)wNn*z>WB*(t4`g;1w{nOP^%VPurA<pnSvdB)-$|$y|D2k|T zwTfsFqeVnyNfi-g6(~ex3CI#KLVy4v`*)v&&TsI#KIZ%W|9NE`-vY_|KF?Y1`#$G9 z{IFsD>Jguf|7_5pK_hIw`Fi7^L6a^G8Z>(Er$g{x{`Q2kAOH6!kBzIp8g#GFxCIx3 zovqhd4;u6!beL-QC%FFWv2V6{3>viXH~Qb7X6)NuIcShJ&gN_D%|1>as<(OU6MZid zaoYy{&E-!se(DL_d*RaUL&^V0j%a%nKlQ*A%g^ib&n$tTQ-gVVdD=g-}_Ff`RBVqzJ-y~iz25>I44_MTb*zV1N`xE z`H}59z}NAm+R!x{#t--{wR1neM9cAi|KpQ4IPOpX_b=lsH4Ci|4fqY;rL6tm+xYhi z{qJi0dnxdb|6Ps$U5)=-f&cvX|Jug??`q6G!e+~Asy_YCpZoaVs`k;JoisDc*pd+KDL~^H`DEau7{`0#1FXf@D zjY6`m2g#0Y=sDV)<0&-$IXOVs?U(WN+Ao`D-Pt^g_eq>ZbYZQZ#B&+jN^MabY9kYH zm~*Pd-6gImrH7M;h^0sW)g;&c)%Gv{`OY8x`?uKdIdggnZc8Ki+#T#w2bKJg-#b@y zuX7RY%qZuUDvB&DMT{u}r?%ejTY~rcXE;5nc75CGWnf_NYeq(NVq)Tl*4DU+Be(F# zm8}L-lKAYcj~I96Vs*xZ%#6sxBa9nAKDWKSeb<>YXKvaj#9>LBy4UUA;S6+@e&y^x)qedgS`rgzyP=3GrcVJtItw!^)KhF2HIO`JIKZZ>oOh9?{E z+}u1XuJ~YsTq;WSmN<G!+r<;;RrjtQ{|gTX{cM;~!@ZEDPm@a_4q%_-gILUM94 zf=WEzwCr$PY0L0G7iTz`RJ+Q&C#gkvqKB2O^xB?iI{xejiG;onR*!G3c8%XKgYMmN zp5eQa_P`Bu#%!7wQ7Z2KH90vPHl=$4C#OP4?1nfzWkKdimis+zL z;fuOtVTZkq~+ z#ciCKynSx;`srk{CR}-*Dni@Ia+lO(;N59~>=PPc`|{=+q3*43lcTHxm%)~MwKExzU_C`~3Ya@Nu7i{<*n# zo1^AEPcw@vkKkVQ5EbH6Mof{WPmBv?YI-HYfipt@^Y0`S3kvpgI99k{zTir1EW=Xr^1{@hU9NXF=V~;Za)BTz zGc%^3pa7o6st%l`1-R|H0ev7?> zL+L@&jq@U~Hyh`SS+sCr*o6xhhL0G5_^2t~Q(`{a%LG0fkq0X|WICSg|J}Pi@CbKN zVRThyphYNyxjvyR7fw+aZ4oidXkNp!lf$mY#uhaXF)W5h?c(C<>{aq_D# zviG>PCvBef4;zF)L{g7q$Ic@nZ%@4Z;K75n>(-4pQNn$>)UWH{fddEJ8(v;G6B-ID zq@Xpj>gbZlp!T+>Ppxws-EZBxg~v8OEp8HTU?W}L80=Mdw1st}+SRPp%OcT!HcTUX z&w`;thgQ6K^RlhY^+|QxWXqj1MsG~C-;_{>RbW-Jvz0Klgjy{ujT=)-p34=ZqOTswHc86P_9NhOm3&$dP?qF0<83nY{IgR?9!Dkt*D( z@tH@C9wi&Gi?u3v_Ux<6moL-3z*DioQOo_8@O!gOIxohmriqGTi#~ifvTF5eR!D^x zcHi(5$-g-FGZ<@y$XAH56lT)AB~7Jv%mQqvmzP)Av~IuU)7MA63}$ey$ZGseoC~8~ z;XPiwc(D-K4~YRO!7EMObe%(s7;gIy^UGs~`AyEgvJ)Ya$qAxI=8C7HW7eDfkFXA|-^?AbLX5`OXF z!-ty)jxZY^pQVlN<||gL7&mFs`b7H)&yN@m<<;%nGGp`*7ngneropXkHX>5FrjSdO zm6d&HYcnX{^I+@RM0?6Ir-Fl7X-)naH4_5_CDn_pd@zjcM0ubrn*<_ShMBe1}7=ggbeRFmQF+g@uu$yxY3Uvcw`Q!X zeL^@a>W>6go#rilH9fZBY0%J$nws^=+Y5SoeF&V01w2uPtR^qjL$q+wqKkeRF@RQB z*fzoUy}~ix^MKiV{SZ3=AIrwe&olgsi~A4N?Z0J48?L3hcu;J zgmPE132OA z;jze&VU>S&f>~#o1FNy6G=AIm?X)HcJnr4^%L3Y;4kf=Sj55C{m&=h3;sDS9bpU%R zTQy0^Z&}{(XP7dgdu3&%ue@{r7$YNTdtFw5MlMQqt6xR82D7!Wh{PK>KJlE%R1}B0 zYgBT$B`{??;L@|-waKR!b1nZ1Q6eiungpaO0q5y>+t}C$x1Jsw&}lQtD&UF(&uKqg z^6aXq$Tv3lMqyQTN=ay8j|jPCk(E^p?ca2!+(u_%*l=^N4_gt?z+&9R<%z0zZC7k( zg>!6UMUpcie?%2vP^pQwk)JPA6$l&PIq+j7;u9qSCgFLF$nDs=bf1nXtibLqNvbgZy2ivQ{R(+)Zuo3--_Cu=DR_L2*v-fP{|W2*q~Inm z*~WpE(ssjV>4N|%I~yZdO>i38FeH84Ex;iz)vF{`>{lXJmMFMa8S2p@yAuQ7od7 z1red#T-)(yS0UluijSu^h3A1(BEu;RClTd~jz&&9Lg)}-9*YYIFpc6r;vixQq648J zL~5Wt@LIxz__J-tjy&KVkXrYSci9A@SBFkohZGiHI_gQI|D6pprr98>08;-_b{L6n z==Cnn{3pc+_rXiC!eDyD7QXQZJqDGY{B<>JhnoM7S2Z;?lfP7x`@T3k0S>?Zazw<% zX}C*skEXR0HYgMlE{u#^li|djYg-+H)|F$%U-hdh4J`*NPNDWkaapZZdrk+-v zi(e~fn*3#8&xeXACf5pSrV#x1+@$5#Xqk$NwAS?qT10XWI6DIeY??6|%!8zggQjFR zh~Pi`@Po01*BsQ3!~@%~+jn8?G__rB69P5eVINb#?zEADnoN za6>DqQ20TLp!7I~l~6XM2-Xzzljohy@RC;OyFhal7At78ygz~#!e;Z zc+W943?#CVybC#zU<fA;(cJ4HZ?UZG&75M_3G7dL&JE1 zn5ZOTJp2mQkH;ZEk4QwQ3rhz~beG3-K7M>LV#7;tc!V%|4gibKY^6c3Lrp1nB$VL= z-^V>7kKiA8YI?`BtM-mO>zYzYJ~t+W2&m5O$p0X!crHUe&x7%kzY)jC@HZoWb8;fH zMrNfaAam+$%p>YWi59nwkFsvRCb|6I*UNfFlD1bl-yr9vvcs;|s(EM}06X}T?!(f3 z7v<&U;hyM$?`(?KQB5Qa=c1SbLJ-(BB%u9=56@bC&RAZ4gAo^lB}5cBb?TJUFk6Wp zk^y*-MM6rVoC8Qtc>#fs=ai94N(u-thz;WM7TDJrgr(kXbH=cStu;huh0p=U|46o? z7{&$5vCT-fZ>1s?&A%OY9Wy`Js^1yXqG=0p*)fLJV zVPV}Z0+Atq&6zuwmIo{E+wpECxX9o*xwY6UEyyJm+6odh{>HlCwRu)!ZS7>SSd92v z0KiRhkA%RjKx`8R_-VaX(N>*Cu_DIOHw>Q&jz9^Yf^)Z6-~l&_TIx0hP7hlPI{)xW zSDN*Jb+X<()wdtrN=fal*TztMLF!xYh> z9iIiBPN)-M7?!cn(lQD`n!OwmwU3lwS>UaR%|O1+h|Q!}fR;hQA}%Qta+!Dsq1>!15pyf%l5umnEdSH~#pODRZe>xet*Wqy$NCR=6#G791FVBW*lNNdXU9^teqa zyM?fY@PHrxL(UGSE^Ea#+qegRdH68-5 z>l=KI3bT1KA!~*D{5+MpnD>2_`1Vk8^pOrf8$2r(jy}p+^g*@rT-FyYFm122<)>|AQ&ZdT&DP-vNSu^Y z0I)q|ZPg^ofLThVQi{00|Gt^hHUcxE7Si_9#oFLAoSz`_-$JGZengxYf5ynfX&+!Z zaBYMMtB^=Jd=1~w0HF}ku#i|>pIHE+>&?QJG9We^6ls0Dv}sMSB$~5pIcsRN(&e_} zJZIbj*bs$Vyuxj9kEC8B){=ablynhFmnBzYN#P_@)tN^G2k;4bf}~PP<7AiQN(hDI z+t|dVPBO8wsxGy?dKN4>&wn8GU%Lf?5ih)_QmLevf{(@~0^PAf3Nu|gay3y39&I`N zi9QuH9!O;fFOgCEFK@tpn?!rSo5HMMLn%X(#eK=w%CuI)h7F@dUCju*M0pfx0sdjT zK6+U=78srjYS-n*-TLC;h8e@(r2y;E;;EG~UA#~8HX#xNJqsegl&2}<=kk@_+IbSb zmhZ3z0{= z@4b-_0+@(&$kmjt6UvZiuyACzU4B)PZ32$_2!>+AHZh25fEkPH2|JCrgvZeZ^IUY8Mb4 z0n3LG#BCh+wTm$Pd}Ey)w}=;R*YWYOFSyDSZX{okz|SShsi*CroK>Hse?B;_PRRq& zfrkOx=mNPj_$z5NI+<7@;1_~0QDTPcOhaxMH*Vakj`|#FjlZPPh~K-CqpD|!5NyD{ z@Ku0dpcgDPw|%>)b!KMjK;0U(kyz5F2lYw{KE*?;QCGq6i1k9mo3z~T5>oX3-Mj0e z#|Ddtx6)V1WayS4LD?rP_Sre8eaUf1|JxIxCh2K8DdI!~kZZBbfMAIJ*ik3~Vf&zQ zL381$B>+r7@_L~FD*2Tzi}n8{--X-8k!S?=gm6WXlgdQM(@(ENM*2^GQD@#Q^84`S z0jM*%X`}nL?>_&I`2&&+KnniG`t@Zs7nj+9Fp#caAyLBwkeOg}VK*T^00rVpK@R{= zAu1vr;AauG5RIF@@C_b~>=ju5QJU#@sY$>)!OQTjO3sek1)@d`iy@uK^v>KsSIR^qi7T^!n zr>USUzsswH~uT!F_=I1FT{8&WS zfR1b<(n?&bpM={n)usfW$;#N;R(=6rZl?W`0uMF}Y8wbnWbi3TGJF>cgqI!%V!iMO z@LL45LGQ&;i&-MXC`j`*VQ>W)n`vYLtYq!lwGAk&$n*HBJXLQFvk-WebSOYid>bMo zeH*gR0^gKR2dvuiFXGd&JxKC;GN~()*3?Y;*A=Ls7ULdR8cRO}KgfYl47mI6qQg^{ z@4PP{uJHe^izpxf;Qu192;Z*eZ-LSxDpS}ZVsp5}^OC5GABPDMj@zf`6P;?fS~XET zqj`=m=>ZUErUm_ED!EmXgG!r>?K-%hW%R%B*#uNE_nRFMUjV_Vn6P&3KEPG@#?@=r zasgK@7Arii#l%cHgWHDL8@!9*9z0@H^9YX%o5U02W{84N84M~Y5$8VR@AJMZSH4N! zzAlVuyXz6;Wds&N8#1@)?{4ERTd%VwA{aQZUN9iHYEB&PR^S zp{m%`Mb5Mpuo##N9s-MsEyO?Y!d(!Nu#I~fcz5%x5$AH!veO1aJ*xGJ>$xyOyazZ4 za;o)xIk+qDlSpB<8~Bj5qaWfx^7hu`PvdW!rUzy?vFFzY-@`IMrbEqk!we#Qgm00z zJ)m;wR5=(fl^}3edvne;l1j?&HPTLDDl3XQrLkH|rn<#W`gACR$P5+kfsNa0GAw-B zNI1fOgX$B9P>zq-c;~b&KPY`_|DEr5^_%1_<2z~v2nW#A^#LGv!IKv)S< zzwh8dl=c4s$>HQzb;*Ju>47J|+I_#LHu&zpx3%o>eo$WE4dNHBRgW)F+^Ne7rgB|| zQxO2FuJ)pPh7gu&3R5dDlG4L)JB+v&08aKJrU3cq?7u4YB2~R%|EXLp2QdWp5XM_k zUj8O+^}rF@UJvvU{thRRtVRsuTQ1rI%b`@qu6UQY71YE>Z6XPdr^fuW=rwijA0RTz2uus^J_5i99lh%m} zF9}@4#6f?7=BN-%WP#*SavPWt;%I!et6|f(v%+hlz7+mxz#{fMgUu3LVA4tu1!^oIE;OPpCQbqL%$w*QKOO;NeNL>r2ryFSC=Oh zgJM+;)8)mXoJ&CTO^|88Ws#n+b-)^wf9J6>qex(6%3s-al1t!wh+a54<`+boNl7w9 z_?N#=(D8v)Hx^t8@lmEdP3z|ZA6*2vsJ}VFoTCl|;ux+vgnLDJMr{NP(;0yc;)YFz zlU=Igqe*gWARXv_s4w2XKPpce(mwd>c@YUsq* z=}=)w9{?OgT+-=|PdpEejB!Od85{tW!KC~5&j%YanjoJNX+qJpudGqpU@>`ydbtBi zKV}a#Xmw(12IQgv&OoGqL0^9PrF&EURUMi}JqHMe$lkP|W{Us@*_jUCVjHRN0<|EL zTcOOkOPdM^dO>X@+<=3nKZB@&uD@(XneWk1Jwx@Q%M;p}dGQhzv!wIj> z<3UM`ETsPee@RA!wuvuicN!tM(7i!gfP#)X)zG5vB}mxwPcM$hYoy`;SRCOJvK0dG zNkvw9keUHuXrrjQLj4e(b-|3LK7}7iC~R860cmpgYiOpR?kMNtv8i?fe`0WYcXJTv z8mK^q9m7IMVUao(4%IQU_gzSUyiwQ70#zSh9a`)%q6$i8mu#!9JUQ`}KYv%Fs9E;_m;bpOQQDRiWT0?wuKBhPS7C92M z)jo-`2|_f1Lg?c|T&|;t zhLgyLXg}LP4rn_Xm)3za zrBwbswb4Hwc^5hv{zkTfXb(+|0)+!BFxcQ(_ulZ9LQE`%JBj|?|NIRVTF9!mNeH4x;P@QKCH%7Ch%2t19K z$kLepQ5w47z3IW$fYuk~u+78CB)tO$(?&sgI{DQXP&XRgEA|Xz1-;)RF9-E@0!N|m z=OR5tVBqq;UWKYEN0K~9g@h)Xy#46w=a$A%nkDteHaroC=|kYm6lL(!6uN-su*ZZa z322|2XtCtV3g(>UC|UvqP+=2*qPJU>IrHaXl3(5l7PJ6D0sCMdNuzXgTadyQ781gT zXHzK)Y6d76>1R5M!RIU|c8yX5&;@)w4D}y8;e;tA6~grZke+Z(z-QIMaN(;Tp3a0<67U}AbSuy0?vM6dYs$6P!mxuHp}M9%}v z7AdnyqgGPyTbqy{3&q13N)-N(SAY>`=mIM#z%iCrNqnCbj$jH)XFIM5hKhg-V&;{t z$bO_*0-ye&Adzwpdn5D>eKnx`!2-$S zfBiKKg#s$x5}Yq7*$B`!#$Qh{ggexaoSALu@C+Cyp?VUq zxmpg@u#tBV!T)G90*IKm^T{Pr;1Qt^3)UuYpZHwBUl&A`dvu+ZZ#5{8z~<2uK`kL+ z$mvhr6h#m$coPMF0m{K~!rj4plgu|C6QWew)N}y-D!-!L6y}ZKhg}4SA}u>BE9*o_ z`YrDAZvG$?nem0EM%RV=Pfya;k>LKKH?k%~BTx1kU>%p<75*khE$8jqTto*zMhb`U zB#Fgl|C}0Z5#1hGDhc}12D%Y;%qcT~6mDH54Dw#4;(Y>j0B)T_vIg}=4P^wJ?^lyV z!>>&kd*a15i>k4$LvID6^m#O&W9kR$f(QbTJ5I&rCsl-IxE#(5JW(RK&+%NsGC2o6 z1rMdCKotN=8NQc*n|%TWWpDz$!^1*{7Bv>_&@Ow=+Qctfs#0YMHUcqQHhFvZM)k1W zgQr#_7*@M_ALAsl`e%lIR|>s`0yzf~3E@`);ZRb57YQ;hiNxR3s0Y{&*#(>l8$9IO z7UsULtP-lOpud#b6yVUrIjLLa`i7Sc4g1KfsO1Za4{`&&RZ1l<+heh^H?xKJ6eJC@ zJ{GV6T7?di1KJSxfdWCuun#Cvs#ME_MF3QkoxrAv3qx!xZK0kL4F?DYt^^8AJ^_Lq zF!8D@O0Rky7`_ZxL@ywQq88aPf7a?2UyIN1bcJme?~grCDLafdTk0l41`GPc6ImC0 zw6Ez4MGQnnD1*-r&7IQOJ=Bxi#lJmK^V;e|!F^ArUx1IXrc!3jUDr6Vx5T@5d2=W% z5Rc`aYB^RI;W4b=BKN!atLO3hwQso-*Lw z@n>H|rUgmD!LvcpVOXR*@VQLt2O_pY)pZ1A@+c4ol0|e;n7R+Kd(?gC?(Tk{^R~4o zGEE!QC9zqY?c8vm$(p;^{oJcKjhpAh}ZsSf?4NSI17!GOb&@ z*D_y6@`6%;J~XVZS}?ckx>+ zS`v|`!th>HJO}S2D6v#BgHJ;^pq49$sUR0&xcAJ|Gl^es{VNnEp-Yp}g2n-m z^ruDm4$|N}Jv~QWZevJxK4~%tj$IR1;$jU-yZj29TcDb!5O=lvwMx*uz+N^KcLb0H z>%$*HvPsTGe^gbFGSI?VNST14ZeC3&4DAy`UC`2`ei1kTLTbF?DrF0ozFobLeB)DJK|m>nP6jxo&y>T9rXd_wih+E zN-9&MSY6uEfY>N6(#n}4u2!g(ky)XSg*syTYLSLa)qKL#)TN6N6J6-j!Nt&;c+0A{ zAH34AAVj*652>$kLZg9Q2pGy~Gz4;d6R|5a~q@8tJj1VhXYXwoMdT$J5tpf&~U>#tzt z#B_-2L!zC;ySAwXB&9Gl=7gP{L7M zz6rb4%YP)dE$0@Op;mXVs8*{d8rX76t(0apa6tq;+7Wbo{E=wTIRV3sDehAAB>sfb07M70{vZ>3 zrLo(3LT~X`NxK!sU`wxGzuq;mM?}>Q@FRRAY}lauNUGx)E;o-7oYi0Xd(}T3sR|TU3%8^?YR-P&s_6kzpnIXLRgK12 z>hTLP$$SZU1ZwMLZ5_9l(do^Vc|*+NgyB<>E}r^h(5Jlr2KKvB`Myt?t<1>8>Y?wJ zG)$slWTLQW)Ht`NKhmZ%H}hK^bgg{^(-8oXksCqvDJrUM)cPY3(`*q%aT2D{5R7|7-FZUSVeRI1xxfsFuDTo^fGZwRUMA!wy4JDfqYLBQXCQb!_TPWbvT_U%`MUf4TH+4!E#vj{)* zMPIaz=vsDAM=o*c*lzZiX&20|?aInQ%p>*LO8Fs)&@D}f>5&B#fD9+b;Ok1kZXiq5 zk$)?{=)|D>O!0;Zb)ED#!YU9-$xGp%^&AI-*dPE71mIqG1vm#}F^C9%ft3(qLAyC6N)omQ;v;j7uy&SbpY&vWEW*t1X`?1jX8eZ$!2_YJXvz-EcUq& zvKGziL4auhpd^Y)+B`l3NWY0{WW=x}!$(XNe@3$x<7> zo<_-$c(A@plcj#|Ag9iC3vWpcwfCY-=Rqx|Xy~GzBWimwHHdoAZ$U$JHBiepJ@GvU98(zg zPcp7?PN(wQ&`7wedZNJ+nc$gsOF`BMO?Lj8_m~<`Gp{EL#%$4b?nh4y1-ybB@}yzZ62tRB-8kL%F9p_?P}XZmFTdBVpj zzd-Opej$Y5VwM|_BQol@5&bT{^IpUE6-dTUY7?sOKvD)uQ5W9QOk#emZgz*`r#f;H zTYQ(!sAfn`AWdz&W7_Nc_y;I@tYJ^JcbH5~6?SH*!iWm35&vZo zS0g3gMMo;)CLU*Iz{K-b0V~A1-W}37&aRJN}^1sfd%^??{zQ=@~6@OK(J!@w-+)F=)jGZ2Oa zjYKCcC9OpJp?~k;qzg`5=P~}-hF&~qa!4ugT8iCRGPnpj{u_WnD6o*@BX-mFAa|pn z2H&UjN_`W0c13^(=C1o@Ksu}fJZ!|zCBZ9R@z-%jAd7+L3Rb~TjzSKp+ttloS0}!W zK6Uh7V#1u}Na3PG#76)=5r|H%aFc0_4H!H|o>lr>7EhRwkwME1u?_+wcyG{NZmElp zM~3~Za8Q3^b9ZWR43hdo4MA2i#nT3fCVKT6%S2v2HNiz?68C$CY_2p__=0WG!);w| z6`*4K9p#JD4J7rlt663R15mbF#DfUgq*#|D7H&|8?{1xw z*`wktecXQhcXQUzn@Z~s0n7QC2ZpQ9;Pw!NcC8QAPREo*+b*tJI{^fi4kc()yZMZe ziQWo1KE|BHVD^vd9PmX@sc_r<^W(F4-R;ecG_F;RrGVdJ$(<0)3)ej0w^Rj|J`hGJ z%`zTk32N9S+DfwwZ~jpO)Ip9J7_dbB;>Sl9?Kz#Tzg$<<7_8o45xt(y9RQX_f+9H< zVn4EGpXfnJkI9ThWWdU0j4^A?@hB6>*BP*;qSIrfMO%)CazR5T21AQhfvez^RIwH> zy(*5dLbE$4Ber^RMdEg|ok{G%?t+fs=GBpg!Pk^G__qug_3aCURW+POMIbZw>pqvFj4!czKg}uir5p_m618hbvaflC0oe{Dp0YF581=pj9>DK;}yJDHcA4k~82Y&Nd(p3wQ_HM-hP9*g-fU=@8*8 zuFSgd*1I5WX*_c^b_Gpi2wnhIx-mkoBA!dLbVLBaVX3zt`AOHpLgEXcogJJEOM^}x zj|gtNzjB>hBWF%3awLGnlw9_yz>w^B%n)lCL-v;? z>WDE$)}MM%JLg!nv{axy(h@7ys1$A=G(}lC+|oMP&)OtLb{j+1{=krbE-R-kHdeDh zxj>3od)nJ!R=B|Gb7g%&>cq^#%tHo&!J-X5Q>|*aMFzpogq8;Vw(6q`l@%D&&z#$) ztQ-~~F5x49V~R}!HFQ$EuyoBgS+ zwljjC4>^?31j=hDd(b#ZP;Un{PMMl^y;YVQN_q@d{)EZvZWaXT-9i9yd?z);LW}@T zMqkZ3h<*uW;|JeT@-U=8QJK1W5#TWoLiIn4t|^yYj@mbpTZ1MX8vKBSKwAf$4?K=2 z1SG&d;s~P&=&cKu*9IB7V}<~H14;lwHenb-3D>UKhS975+E(djp~ET^irTR>l8*FE z4G%3Panu}7y&I4s5uYdvOBu)#zyJRGuA?bv=f$WT7!^VzjZc6Tp_`^pucWRIgqo3G zw*{Z0c^J&2_LUdFzmPm>+zgL}A3zDB578oEfWkmi8UE+rX<~Ya$3*Z}T6gdv)XA`{ zhJP;Pw`^|?zU(n$d<}|=kU#*QXceJOkTk6C4uxo4yNIVxl7yQCVj7+R14codZUqV> z`6l>r&bf(sK;{ zNNa)QZQaWcW}i6AOU;chaWF4P{o<GkL{!#(y6jSwYPRBAo_S?Z%xpTG<64?)zUpadF20wvTG5-1@WQLT=oHeib4gTtS_B0K@~2$<}FoJ%Se zO`)h%s>vs+TReyG(og~?eS=u1wwIyZON0$^?y0yrrz*1G0Ctnm1JnU@1X|}m!O<`% zyU9C3xm29p1E3ZJUx4NnbfpK73u^{rp&_TYfv7%FLpV`3{20waBDaIcE)}rv zNjRpK!S{5HtjKf_2&lQ8dXNwbz=EkG2&4s(1Z)gq3=PRaeFqM!eS^IxrhsYRFtA>l z7rzl|rIUlHM-Hu*$O>hLkB{`TQkg%5rGppHBL|5;fJX!!^v3f6XrT=NhSR5sLp7i- z4zg;x)A;zIf^V1&>Z5`IpwOT}m#j3s^?a_!RIV}Z3HPcm&JdIbfP_{Fiv@WD*~75f zh-Y!gFO~4HjxOPc4uWn zvTctUgD&>oB}mF-o0v|=YW-26rTP@chN*f@ZF^`Eq<#>rDD2nzekzQ0N+v~@QEf#$ zDC8UOOtZmV(y0-udZuPC^-@w?MD8WE$8PL6u56V^>d2XHhUFUefrDZVaT8>@4t&KHUD=P?5DN6}7^x6AZ{UuJf(j>MnODX}!2pgmm0HNoDWey{ir6kkYQt z_WNL*B*oK~rqJN3Q(6-ok46<~R$RAm@MoZMg5E&4sM!=C?B_Oi)&?|)We@e$Qc@|< zsYiDRDSbrK>(Dha-UGAxTEGi)&vkv3H|kp)6Jj-xUNfjS2$}Oj_g@m!gN^{+>5B?O z7PMfOASWSXLCw;|e9&;z3tdM3b`)EQ^I38vxd(LvGAK-wK&~77WWIz9wako8Y=I+L!!$>5x{()ir)l*(4?DnE#0 zlnG&nG;IsZM7p>Mcm-?@n*p6gsHEk=*x2NlDva(I*KuB_L*s;$2(JaA!!5&rX!9u8 zA=RVnfjed}co}do{V1{@vMikihG0TP19OirAsCQGgz4fTBJki5g>K9}RffZnb^xn} zH`Q?GVp}MF5Qql-K)R#7!Y5K2Fp>lr3M`+R1ko~L8%F7YDiM7LPoQb4#gj6tNOu+$ zrjV$;j*4wIr0f8q_2C~xLh@cn!4Q9=k|>;CK^o_e8O=sh0LGE8xI@DZxHXZ(l^*wb zg1S7K#jz&s%M^bSk?Y|N;CkpCKt+wynl2Mc5TTK;pcRmb!W3zJ=^!Y0zP^N^lUAal zjPv=}5>#=Wa=^CW_vBgDgHe_g0pZZG9B8dTwgl^?WCLhGcegYRTZ5LBdkGrl8$Rbr z^}PY7n+6HD@AmiKF;NB$ znPUdQy6Ta384+&)<+>X0j>W3;-G6y)L&k;NMmiA9)KYY}vyx9keV=B{XjX5cg-#R( z5QE}D-3~Opr&mfu=!DmesjXf;RMJxSoe%J_$7eyc?kSb)aCpMtgjl3L(!xnAqJjm| z0(R~C_3I>lAs|7+Lz#?PZ1qRUp-+vDWI|UH3=QRYYR1M=>V{1&sKq;N(052%OK%!(fDA1#O zgBl!2*8(mhgQt_Wa6BCKae&{x%cg1}jD6Aa<qcjE}7ivoX`SMt@Be;i)| z&t3HCNme3EQ}l!3M2jO!aL@$GUQ0gx zp8BJyZ3*>DlyoMi4}2!psz1h2J6rX~gCX>hWC!X&y2cexUB|tCB67mN)+wL9L3pIW za4whI-n(-=q6=kFeaxj?3N`R_b7tPR9~e)v9te@wbXr^#0Mt0(^sYj1UvLM+&q{D4QiT%eD|TH`6$*|IEXIpzok!=+lGd)YzILoVTKZ?if2p zgUz@*BpgQqwNLrd@p*p8d3i^NTWU1k508VH(c!0!#OYWnx4QJLhR8iO?mj-cHam1|{ky#$ zN!{GaiVi9v>!AiZ8ZG8v+82%Hz${dj#jfMW)f~R@iulr3b#=SfuU`)ZEeQ*Pkd4)t zX2TcSg)J<%va)iDxl!5L)ZRWHA$HQ#s+ymbpeC{twWT!NHtY}DPBg; z_8Oo1vs}{|YT$2or&vHHFs06`X5-I-a?oK8Gz@~2L<26AYcNo$uUPG$mb&pyLvQa= zNLz44(h1S0IBo|z0r#h;erjttB*>V-a7KeIVd6i|qN7PnDp4$0Z~?J~h#!(3O=Z(c z5_B&rijX=!zkc!3b!l<8J&p;Q+@)`5lc8$7wSM*L)w*qHOOxn&6cL~iu&H5}x)x~> z@LuD3VA#Jb`>HHGC!>y=A&StWaI$>>FLgr#UE)>{VqA%Pn0lM#E!W%Z%@g} z*GO^)uv$pJfZECEx{;pKsM3$#7*$t%>}XO&esAyNpSnc(&C7m)z5>OnuZp~zm6LyKG93m4?U39Fvx|`QFzADqPPL`L2%7`TK)sx%W|&Nt6A$U4e%7-b zHHV311T~|Pvc8fLq=PgJ0l;|+5e{-wXOz2-+At}j=$%uD{4Mk?)OARugGxd3Ar$s7 z!$oH=01U&yBMKd=1iR(~Bo?A;*IY-{}+* zk)d+k{=RoSPR~Q+LU<M6n88D^aOf0vh8g1#K{!kTa}vr9qxTdUnFduB9#MDX zFsO|OH57s`C|zf(a(OCSQb*8HhabIu<{KkH?3F7sayI9)p#`s~wSflCT9u=Hpua6i zfXIR%7!(w$snZ%z+cp^_E=e6&w=TShe1+B-8V$;^lwW{i@I|sFclU+eMi)FK1D)?P zNHcSA9QRb=khsv$P>lAFj*gSZB(g=u2B?PR{!@HV_2|uyKCPmo6DG3YNx;}BXJGkq z6X&HXQokJ>CpOtrf+i7yO4RI)FoL^@I8g$yPqlBVRRKdo$)naTXaK0znlE2IS8({j zkoP8gGPCOL54RPt2455i1kyxy;B29)$;<-{9tfr6(CE=9pqLZTvWAsQ*$wUlueqg~ zH@dD7ozd81L>ctIVCbGCKRCS&bs!+rh1bt0-z!~tbGZ#k3NjfT`iX2wjnr^{sP7~d z)dWZjs7(p0Xp)^$bWgTt=X4x$l}7_8R)Nr3~Qo|gwU3|)q9l9q!Am9qz;4Q zyuG|QUs|^iy+QcK@BmmMB^Vx#Yi$ys$}3ffscSp#%#2VDJ03C-fC82WV2kbot>4K; zPusxR5O!%lzi6H^0|)4k%CGCD>3wSGuGOd)9?3u)NfB}^`0_~pRTD^B=*T1Y$vf}a z5tWmZgZkW-LWc!RNYntYfE9pIB&hbCNW++Li6g7_rhZd=5`}L`x^z8RBN9J>X<*&P z@eoBD$KsqO(h^}q5qnDTc1UF%11G}R+kQQUs;(d392_M`MCnRbH0)jTMH#YH-Lb7h zZoxS)G>;P4no9HniVn|yv3S9PZ)@yE#ZMeDOe)_nI1G&+*wg$hAHrdhMSH#z7Kka2GPj?h&PmA zNaby7`_g2}YdT|u;029BKR$N-%wHidravqPn;|Uo2kyc#6mWu;mP6;xog)?pB_!en zj*ZKm>^3T5-p^TOkbeIX`r;9kPUy6=WsDJPjba1e%2%zZ%uZcZJ-dzx=LZ9CZIqy4ay4Hp_KvVOeLC$}*)t)&!#Hnv6 z9|nUIoIZL+tBi~fFPktFfAEI;&@GMTX)?#Esw&!kQ^aO?0Tr6@tO$|-`FHHK!p3Ro z3i$@h;3q5yt^6(Zw5`$ZcK}Wcz33eJ7EkwpfGGG1kf;0bY&GZdF=?~a4Y%fRZ;1TL zG|tf(J@KtFyDiVtLgsfOYe1@?^AH!-TB0#=dty)SmE)s|X}?iwL9GrH%gHhaR2lDx zXm?W}4wvqjaiRoZi@JUQqaY;YUg_@abcbDn>v0e+L2 zjhh7en6u*H4eLW4Wn9k6V?H{jL46BCI_{e^SAuiY^Ra{9y+bb0Dp(>zO|7B+a0`i6 zBN5GJ$!(DcOd2qjO*6wkwZ8}wwXRO6-_a#JdW9YLq^#VNr;}bZ2W`+p#p=Og#LH(=QF~Zv*HNa(qTiE=Eg{s#T~tnyFPwL^yAXj+`O=8bOax z{PgM58$HHPbm>TWr}}7@`(3u%eF1K>Wc)dVbA*!plaFJ6fWGl>Dx77WemBOg?A;aA zz_8~aPsqLiA}Wt0Kv4I!U_PV^n2z7y8(tJ!{L*dI$VsTRf&Wqy99)d(U1Ca2E>XRd z8o$}>^o~`Oi%=&ZbrO4l=s^`38q0#{PcBSQ9VvO7@ucBHsBImr8B`Qqa$uu?NT?M7 zPlgfdr>zDqq+%!n0zX^{#AT;3PV5lbVUy|`iBGDWlF?$dYvThFu{IqlQs zzf4ilEL_dBNYf_t_?PwkQpB}KC{MJ{o1w-qDDo88Qr=i;``@pN>q6QCozlJW(Q^M$ ze)CS0WUFGz#NFVaKabr^c&QX)- zkZaIrlBINAX|!#92mTTPrx8g~3@Pjb@9OHNP|+x?0b#)n<7*c6+rW=5R1XKo6%`-+ zI_1;ed3yeZHO3z4@+g%(ft&hbmepaIWpOVi&%+f-IE#(!ayfX@8e;``wT|VwrOPSQU<6i90X5jo`%L#}a+? zHH$33>NEV+-)5(VcprG6Ub^zq6T~3&{31;e?c_8%aQ>l#N6_`)V$)thvZ~=~)dAui z!d%@MxdiVzBXAmjW6xQ3z*M28Cq)OXDvvH0@ONf$nm7RuF2-&jWiinp7!HCQ_zJ-t zusQd(r~c$IupWxmsCv_=5$X%jV{$@cT;`7raD7zlmN9E-o+z(*`!d8f-KabLjTcfn z*d!@bB>o_R^23GdYGDCe+rt(WmR&y^gRawk@bjxWM>n^oDLd}j;H3rpoYx1~q6a6R( zUn|qb;4~n9J{)$Z*#<)ypmp%tal?o3fB#lG<%Q*VUu{n2#T&6_heS)Kd|IPR ztf~@Krfv7yUXJM!?Y6V$yt~xyJyM66C(2=b=u7sM7MMvjaaPqH%*+QBB-KMlb6D3ledI3v zE_)CC)i(A<@f&xX!2>MV$JzDdlCmEXnf@@IK5v9-gBt=FTyJN`8pqb8A5jI2JNLD} zot+&pN?!71U5_5H5FABH2$!4&dCvm}Q3HzTf58m(2vNj?E`kuZ@NY)*etx!c-(#VK zhzs@JQaMzkl;{rsCX|z|Y)kVcgr6Y^l&pS49q*8!=hORok*Tv152v32##L zegaZPxtfl%fXtSzQHbe~C^}CLkqG#TBpmQO3RX06oyE}1mt-nkGo{gz20Dg^N@$1* z0AP?|B1BgH?0yUW(M9`3oO!^%`Dqx=XrT25tL+1m09c@+Ves*3q%G@fc?O1t5E*mN zd%Dfry@?Z5{9C*8Hj``)Ob7}Is6*qjotRUEH_&;sSPpE|5X|b0t+={?* zkveo{jIg=LF0!(?=*MmZNAAyqq|F^GPX~0pu}kwRbmRj7p|yviD#U(bC5WnoZGA=2 z-kp$ib=gwP6sBKhyBAxC$hCzN|+&c?@9V)aL>*zfYU1XNjB z3&+1n#3{4@Qdo^X=B_6tkb&tyC9*SAh5_PAgcnWJzr3q5a=`=j~TS4Y!9#<`v<5;{Hp;j#{ z(jhzYb&?tOOX%my3a87G8x(HQ6oq}-Bai*Y3qOOrN>JTMEThGm>KxL&nUs1)>7HKcC zLa#yI8VutRtKf+a%f`J*(PMi15l71`s(S_>a?+dgh;|zjZz=32+n=pdJ z5G!3>=g}FG`r$H!VZUo4&3*vSbnT zNGb#Z{Q)jqs4i}2kNOp}7>&tjF{Yt+;3*OYSc;N}&Pd1u@?3|^Fdn8p8;k5JGdsh1 z4JjOPO6LTA#{_v9!ectleIPxSWK+nRq@4gt)~omTY>SbGE*hW6-C~-4tVg=1RdrMH zOL2XOhiY1m(GZgl9rX))Rh6EF$b|NT0(@-5E zdJH)a6$+BWAy}T`)ZHz9%!Y!UQaN{TgUv?#(iPpX1pOn?UR&IHWUUVvi;LvQ+NCzw z3n&v%v(WQR+xyZ3Wn{z^V$A4-`VZxn&f07{SEO*~j1TDXm;I9JQ|9Z`ox&Q7=h4Ba22ZxX zn^K&5+diRDD18^5g31U&B)lA*`0%_UOYdws+KkaPL(h*NCB++h6KQXB%J6kWFd2pY9SIsKPgWfjH zUXg|WJ=X7%Lx3rQZ}~zxqMe#!=(tR0=lJ12gccSw2M}Z*e-^kA|DakM;4&kLIflaPM;yDKth1v$kFSk+YFG?p`c6`ww%&cA^2l z({kl`9C{O{m~zVsaS18})I>(wS(MLoRfq&jSNuOj!!n~UT8m$MESMg9z*CsSTpg{h zO!%tQ+~ZtQ4!U7QJ9YgUsMnFS4j)9))*Us0$tB$EexLOAU(DwjO!sZCix4 z0_v&lBs@m#dN?&QitGoRlR6*txCCB^W6T^}se(yoWPq|0qoYGX;aF6`z+Qq-_xUw$ zq2NH0@d|7Lb+rJx0a8$v2y)s|V>+S&be1SG(OkUmkX!I5@ZfQV^WOaiTL#moJ%=^Z znFv@qZ1glba1A{=S5Io~+%lme;RWVe_^rMS2#FM62&U-)D!=i*`pCl!lx0M-?wKPt z)mOH9;T!N(xOnb&ZXFWV!+*MA17VAV`~V!#n$FZK_*6 zGA|vgtcS>bg_al;m64|iQ=vnI+MiLn=&Kq)sUcJgP(<1seg&14qWMOERw*o!Wy&(B zAV&WY7?Q+eI+6|bKB^Z0LqeMbpGOBCv>Ck3{!gEr zei&MK6cwfV62xdS0+2c?B0w)kI~0liNa1$`Vw08kLMD5GJ30+cf$`8L0F&T7sX^y| z%49kfo(jJxb|OnIgfJzM<(=<_&;_naXHwD4k`4i-nP4$$vF>w7EP?!mvu}${~af>;*uNn`!i$FnkCtGj5yCh9!tc z5Er{V?!FZ&Qn5$f)Yxd!*Qp7YxC?18Fi9*dfj2_nsKe3u1VAOw=Sd*+9q4q}?}}_U zC_H{X-GTw8h!YR-Q~!s(HxH+BecQ)1PfDdCiAJdunUb+dsYE-Klp$pdA!MFXnnXop zE|MgaF*0VymSMGwp$y5K78WhD?|CnMcEkJb-sAK8>-Wdr$8)sTlGb{jd$_LiI#?9iL}=Fb-oFUm)2j=MeW$n}y=2_&(CRZeRr4M*_B1c3n7A;8%a zK>0gy2 zZi_8!Fk2Ju2Po-paP)@qgeNcYM7$+5_n_f-cg#foE%bY5G!a-e|6)zN8THlxuqMN z$442=&ajwzENlf}LTu#!w1zV`|KqpaQ(c^eceGRdSFvhb3cI0Txxj4G&h&k69QUkF zgUsyn`oU?c(sX3`poD>0CX0|+)rlLLpyyw(ia~JNTQ9F@2ND48kW4xhxugXzs#NcL z2!+C}8yi1m?aCbeT1(~^90=y5FzLipryDM&3v^_$8Hucw!6>6Kv}#O6dr$7ZmXgA3 zyarN^SUBRd2AY`MFj7;b?-dCv0|GXz&JVA5UB&Yrn+zEhU{I1bKs5k_2H=3PpfK*l zs9@Kiq~gHsPgHvx->drq5RjNnlDEK^19C%PNO)449?;>4cfRdl&;vkHg#0`a(}EOT z5FMY7isgZI^Y(MB{Dc*Pc!~5>AdxW243roDow$U{fE^@h4}e~z@7A9w!DezeXWPTG z;bJM~6t@M?Uu-6!2=tFmNC*JD2v3}olXGBY7fPhaL12WXk(Au9s~r43))~b8-{djs z(<6|DTh5dA>l|%RALG6tf|xYu5QM6=t?+(+8|z=Fff3_00pqYfZ{}iM3fN3 z?jZdPZ-{5*_22sw%Kqiez|*M_a{AZJOr9T&t`Ihm;-05f6FIZxt6fHK0+qffzo+oQ z%nckpJri6qChD6|3EKp=o!ByX)up$b04T@`f%JgvFJchz6XLpnp~3f%=_RKo;qFM- zMj8tOL&KixzDqf7`q~anc#yQ+7@l{RV?h%FE2uqCorU0o=?P#WiDH$=5ee6TRa5vJ zz66$g9d;=UE9pc>s9wQJo$^U&Z4z!Gpu6JXPO_p&)(|PfwHuBufWTHqm&bmXPHJ%TFvE za6Y&a{;EOr3nF8R(BFslK7n@Pm&NnbTjok?-Lors!o{$@37HU%WoX8|Pnp@VWSGNM z+sS+}#ip+sV~Q{apQ;1b2+oOwCE)bkN(qSu)B|v_bh{>?CHy3u4Po*D6cG@Tf)}PP z>px@{v?v7oO-PCS@*o*0>;X=}E)_PAL3{u@5Sty_fSZR0o+{d7Up>kpz!?@2D@`^e z+}cFmK`E;q{ik+=hGL$;0xcjyJlq-o>Qa5TO2o_)NhJ`-SoLT`x@lKFsWv3l`(#$& zr7-6pUNG&19D@?jtsuPdlT(&f-sO#gIKB6R)VI74Nv)8L0+56GKoW%L6^M#WUmqD( zU|;o;QLtVlvq*ji!3?3933G*0oE^>{8iG?8tYc*Q5o(p_ln}y@Q2^{AqMM17tep9w zAv9DV)(0^ZiA*4=Aff^=iA1RgS4YdTS+|%L@o}lw&6{flFTN$~40Hfl8~~yuHXwB) z1m*#(f&#$6lI-fYKo<(op;4#Qc}ScR1_-y7zQ|{Dh&_f8aUQY!=Th)2LD zwzMbY^qyvg-5^8?vJQmNAgUrFO#``!=hq6@Mf)umPQ+)SyTW(Wp}S<>i5rgrGYclf z5pUj}>#<$1=v#O{IM93uv4NNnLR2gqVzZIw#}q<{{*4`D_C`TUpt%wn280xkd*Q{1 zvWfJP0Jm)0baN{?Vuvg`&>5H~-SU(}Pg7u<5JCv^%V6JOefhnrL~4PsKmaC0cL)fJ z@B$021==@{2#zf+tN0wrp+5K=@W#Z>t*+5`Bgz)ApRD`QZcNzyJ;2L^x&x6g$sz80 zbG3IO>rVFfp71}MBCi{HOiw2`*~=>d#q;n~!p7>mpP@kL+o_L)yl0;GhqEVAxOXiG z4FSnd*3H&>2N6K8q4N8EB-8^GC%_fp#c};eI>0X>UBSX3#FyY6dw0K&tWY3Y;;mrl z0oDn-M3@asG?92<+v4YdpAf`Wob8WzcL8IK%>!JwZ5hO5Y+_bK)yB3*% z0^kb}FYYOe19eD(9842gIp89+hU#qmeixoGGs@eJO*Oi4=-h%i;4gI-*@#MLe6D96 zyI6Q!AWQoC3yTFq%P~JGa9OY+WVPc_$@9a(z>t&d@dO1#^5sPL0fLd)Q5$EfRmEvh zAOzx zkppb-7MfA;tD3WQz1&0Qgg@wqCK?xb=hCDbX1$1p$kCxhb4b1#>K(AsC*fqyltS%0 zqO^oTs?yIUy|LAR8$xc^0*jfjg#_E+d0=q}4(|u{Z??qmA>lC) z4z|Y6Jj)>mh(ok{t#x3QiDYcw0?*BrHN<;E4xx_b!h}V`lf!9(gL`udSndL7ly5c$ z9wXM{5(niWr}CCZAN@&RAuKMEw>W;Be^+Dpq)ynlyPXauCNbQF;6n*2r5)L`v-u}q z^~;;?vd7qU{5nobi&wU%&-5q6)!(a+)El9`2emH1bcms0Y)NzhYYNgDDhQ`6!AnC2 z!midY$>~9aF=6h=CI<3=%?CiiZdhNX^gI*X*BzfN9k3aML&3@?t`Cj3qATpyp9|q| zZBDrUmsyW3qEy5Z@E3S;qWFUKoZx-V3tT3-qU+!yp$;b%pPGMIBdu_gAVXWGAJN;NC3NA8Z(3q56;r3@$;%%>OmX#fi?ivCVm!Q2Bik+%=XPI z;<@iI0Z=nhG?tY3Zux>u2ri23Ua%3w2Lh}Dz!1}k!6)UW@RnFMqfS{KmW*L?`Wr#} zL^e;@8?+3?;7ynuvi}hq6D~le_7D6s0Aj#mASsgZASJcnq=>c6la}O#)Ja%+p@(aTM8T<-mFroP5lH5QwA)o@bqv-9xdupmhCtaB%DCP-@e4 z`OuaNk^HFinMY9kOmY*b!Xk9YSc~ZxU;RMdR#GcS4rUtf&>D>%`D!|Tfn>h0 zodBrLr@xlu%=oG-?Cz1i?#A$P$1guEpI_c|Cv=Z5Rvdi4>?RJItU%O9qA}P%zzU)% zW9EO3fz?>Ld$GK3xxvgAGrOH?E`;pK{Zl_qDlKEfOzE^o&ZYgMO<$bLt1Uur@`qY| zRgdEuueR_UN<4GD{>GWTlpe#LPrO?zmFb3OY${&da0EXDmy7+43rh-p@y%=7EF>ma zECLQuA4*Q;k>Dn0Zeu@_+&HKzpw1_Pb>{MlL%bGW1N7rUZ$ImQoM7?G6aD;le9>LZ zFmKGI-c&IznN6puOe-RXR23|($ID|{f0|SF93E`$QJa#hKmPT}DSGtSSMPzu&aAT@ zwy(uB`-iKuMkVgvZtJZM-DVLNmqz;|PSUAw#P;?3;N|qTZP#PowSLZw6Xx1o5~)s0 zc#=L-iep?>szo)}$nyQ`<9k|9_1#OzSJh09zV3*&v2=1U+R6GMruJr}VTK%GX%2i81>cbJO2)mWK*tVeLqj2malp` zWZ0wX5_89fQjwkvfsU08zfj z`Se5&Nc++8+G|j!hqW(zI=_~w1|^Xq3?jH zC*GJ4ZiKUfK8Cbv11KikFPtD#28PDBA|#7VdO{%W=wsfo2He-ud83SJKTqOM@3JXu z%sZjp??Y;anbrE%U4w+v=tuxlin|1GAdZz!Bj%Vl$CftG<;1drLz_@(lE4vx6{$Kw z2LqI+T;v>etaAZy6--)3}2-p}`$-XKC$ zl?|!Pp7jJJ!s(AxV~+#wimO}FmfN}ylv851^PJfEZ z23vt&p7y7=Bhm};jgbUADD*`qe@tlXt{5lx3;qYD1Q%ZPGFGW;L>;-qQT01(=@P1c zv6N-x$n^%g0ZZD|T^uXhD5phbHAd_$f4eWWrdA|4v$#0VUSROkt^M+5;19T-Db30( zPG>=qM>uxkz3ps}sLeBbZhHuNswpR0a#ZQ<hB>Iq9__zvS_NSK;a$U0j_!ONI7sR=QT1m6^2my zPlvg_rJ4?93KquuD6Ty!u;gxGi;u#ZMMb+}y_F6}S(0PtJe&Ca6*qVn@Z$+}FcK4i_$Yp9mB z9|`X{Ue>`~e~&bxT3tIodmBl`y(G*i_z zFTC9s4R3cJ%clPa#IaaZk1JF zR2**zzHdA;+Q0KnaB4tmLgbF}JCp0HEQKp{B=2su$Yp8EW?LgOH`=M=Dc?4)+v4j> zeAjLqVR%h?>#Mu|wgL_qo1WeNkURg6RgKcYS4=i)*T%EYTDvegX!p(no!-egWxsj0|M6D~_-`^Q%2u>T z#`&5Yi2pQ<#Ja0{?(Mv$=Xp)H_vGGo564?q_wWaNP0t@CL`hfO?X<<5^-62Sw!X2D z8FUq-FcuGFI@J5|PCY!If9B+AcSZ&&A?^xt&BJ3}D@)}b?GL@M;YD@8INk7Z;;cWN zhJtMmC7To^v&Vntb&CvjKTsRrHKoA#J z2wxIQ{S^li95$n6=VCR%|M4LI{DW-UnLc^;tMAQ_+IVYnahC6*shQFgm8^Qz$TF&# zMENP9x41BSr{1b&$-T9aF13-S8n?*Kbr;`3y*=N6o;1s5p0l33NVt}>w@9HJ&3?!H zpdsr%quOL7(tL{baNsTZQz`OpfsPNQ6>pCSEIG1S6@TIvoLCb*)AO=s{PX?&kH4Xb zOpfT8_q+|>FIA)*ykv_#btvkwW7hj*&OrNGJyc9B%ZJyye!t3+Ru^h3*O4}33vb#OA^|!5L zet96;YCKNKz!vUmUtKlj@#V*{ez@k%=&(%d=uhilo6f~L#5HfIY4YtYse7ux>fG8T_i|6t-qEhByZ;QYfod^e))lL{-Re(kect^5LASo0Hb4la^afSyh3Ku$R)9xh!>X zj~3caOt%W17oKc#GQbZ;(iPR0@;yW0EtBdnn^ zl5=?Pzp+;7FY_S%ol#BNr9D;F)oLqCl?%u6X|>6)eV=SYut`?kJ~VN}F791CaBgly zXl9E~af=T;MS-3VmV2=d*1hh!&x|nj-~05RZah5;JM!d;TYaK`y-Q}_|8AC=@1|NO z$%B#XRxdS@YBz~-&0Su>R$(Ao-f1Ohe}4> zR_dvC{=#^r%cg<13=>QjUb}Rs;2|u>`PB5@!SoGxuS1iuKO%lZbNuy)Fqja51HDtU zDjl@`3m=yK^3rz0bTJ3^>0JjxXv7JKsOB~v3O=XL!|xboH+sD5!pYo5h1kx^EA!>1 z?~{w^?NLonGiXR0lsxezleQ85GqBj*we;?O`R4O#5r@^PjrX)$p1?9;4fAwY3FR>O zZzkMy&g2O5wK8+(Cx=X*ebU#VzRFDWNM!A?l(Iiks*XaY4}*rwMzm5#l6WNIl!U!o zhvPR%v91w!Ef2V&z|QYztJq-CSD|?Ql51^pjHP6R@#aWH$rww%aCPxW2iZ7WJ0ILP z7LQin%%N1Rcx;vOZx25BX=+)rPkL@QRNtn&>tX2h9kt1;3w^QtP826!V5C@@J&W_+ zqtSI?Z*Go4S=7dQ`kHC8C$ATZ+p)qZWVi9fo3p&eY}I@h`=$=o#0yj>udPj9JoQeK z1YF;SB{xu)Ksv)5*+8yiMjQP0?|*a$;)S2T{&(-PPhQ5Yt)DO(-mQiG(g)YE&vl=I z<<|AZr1OQ-;|nii8czvO=HkQ$9W`HUfcaA!rHe+)#O@t3EsTFP;hX^hBs{Ob4#R~5 z*|EsbhxSRub-aa%TzKuzs9C?eiC_M%ZpqaBO*e&C=9ZSZXj3fEZKnK7VufK!MY|;= zDPr7nD>^S!bXwyUMT1K|+27HvKF_`P&Zl7~PJWY%4`=ygp7{8nG}+_;-LZ8zlb|5x z`j4*;g6Eul`66x*vbqh;*Y`Ky!H$45*Z8-hm|yPB%nJBmYfJv2#!Cy6(Q9{TG_#|B zH7b=1#!qSWH>KHSWIig3Qm?v8n=$*-0oPe!c`yGgzqVqgPOWn8D;4G`$;j;{CMQ37 z{aXHL^wGt$r>*ra82D|P^Osv_*uUx!m#IgmU9U95@K7R$fhZ3YZcjAjD!+_*cH~>Z zVjRp9QS*)1y=o=Q)^O&<6*IMZ&IxIkQr82G?6?mZJuM>Oh-{! zlowElA5K2e^VViq#f zoL1B(=Q0B48?uXgSYMfSM_kJ&GjvlSnzJ9~^Zr9T@F@Po1ve0J_zzq$Csd-;4@(An z7BBwYE&TF#b<*$v0cv&ubBwV%*BYM;p+(ozItK<6hKKDXC1pzs3a+IE#{wCsQ@kfn z4mUp`ZH#kU;2;eR4fjDXcS2LM^3|)0SS46Gi)MxYKL7gDx4Ue;3DbCtuc(SZWAs0I zlyg5$FCii~e9Cejp2twLRCO6jhXB!6GhNCsVB)&tT-w3UOr%CaXv09VWG`2oh0qdP zn_Nq7ylJJs(My0L{nG!Dqy6btm=j~vY8wl8Cm9@z3MESi2Nc3YTzDCQK%zir6@~t3 zI43Im)V@pmR_mx$MxAQIGF9`%mYD!H_!Il(+iJyXxm&1v30>w| z`r?T4E@zW!-?bEmSg;cIaJjKKxtEMl#|kg63L2Yeu#%421x~K6VJC+R*%tn{+6~@X z3j3FLbUZ<^(F3DpRYziu5=^;2;**3D=kEW;J;<$tdoX+@WLR5iDSR}pUghP7V;N3Q z!<%-&fFuQMnmc_8VwhT|p_g|)*=lkM%vJX>sf`!d_;jzYE?gV7=O)2TMktAcs~X&? z`TF#}=JWdyZoym0Zv5qGfA`iV2Kyu;Uf@7%=aXvV_J)S-sQi|clsuGBU2Y(H2b6^oS_`Z+ZsxDHve!WQqoK96>bib*vA~0Pex{j_rp&3Ikv{L*?w!dd8)r_20RdFJ ze0kc37v{SlOMzfa1-lbi*V)hIw}Pr)#vzW~wbW*D~oL!W$38TsV;5zq+C` zU(zt>@rScU65NL3R=ICA$%2HjT5*Ug?q-zf9UyjKYhYA-F-$?yv7@jF4-Or9a7*?1 zai1oMp6Xw|=yz|kBM`#I{Rt=P8`Ez5NGUQ#FCi*87)|R@C>|DP> zfh+E0dM3PWVLbdA?jh=UY44kOUq9cZ#Po;F&AJF;RA~Q&n{_GNjaj&^t2Ud=0=^7o zza1}}o&qbOCP`9Kx?D&2u5PuqndSVcSO>Bj8}zl+j&UvuR#<}#2}twtW0wRx^oq~dv@-Xl$Jh{P<<$+w#-KQ_Syr<2k(oj-(ckxc>u2G}Hn4r8y_{C--WF40VD7qffSf;u*<+d`Y@Qkk?XjB$-m zjvTsQ+OI3=&$`%9u9G>V;kDvRySvGIq%g4AM;Gzd)+9T&aBg){DwO!ABR$pS0To^? zys$G~AnBxuj8m_Iz5Po`X~`quRABzQwBg>2$Q-J#ZqNO>>f5L@Uf;VC!RNgX`Zt&| z2nqivoR8x9T0hvgJ!(h3=lwjtJrj463jvP|F4$E-fAYs$k%!s(x}NKrd3}{eI7Fyc%NRfuK1m}WQnfFoS#1X` z@KieizCeyBuH(9yCn+miT3N{sR{w8#!TRhukOIJ?tG*#8LjZqnhS5htjv={NCcflG6FTdEvo1BD20__&86n%)F->-0eu+kOA$&Al37xipg zGMGjUJl{b+_SD#o#DX{tgzR4R02h|1B44Qa+j)PV1ON(+pOxX@IAnUkxNmrsB1yPsgfqZ{rD9g)0l&*56OqX(N+yR@n2I5d`s z>+mODCsYd<=i-iol{Vr$PxZ}4+S)rV@7w{dtvusSq6ls|eHPrOIX8&ADl0MWc?86F zU9dWTKFr&j-AZyf^p)tev=7+s*n>keDQi(=mh|k|{nO9+^UW7c%{dTU_D>)qeKWTF zQrr|<4QJn#jteg(C8Xba$LxJlr7Rk(7%}MfsmM*#<~VnqUdyB?z9ThO8k;t6?m#sW zP#uv-rm7Rl0bCLMhuTkLo4ri;RWcACNF)>}hT$L%buEXU%aAC8FFqVq?*E_&Rv?*l zp1{Bo3lbaKfj$dEXpNGXo-P1NC@of+BGo_Ex@AX7OXi=LBmga?$Z!x+cx=>i3$YYU z1#!6^CoE!^@$b(9abDiJQr+2t!ok=)IdV$GL4%jGNXKN!ZQK5U>Ki6k$|=GrD-Kw)-gzi{j|dx2h-*r);gpsN#%OoWV`y?wetzQQ$uhuc z@D4a!?%njhpyVGKO3>VFX67GVoRQU-9yf`_CJ>-QM>q;squFEhc<6wJ+D&%&vj|M$ z8-^p=MYc{y>}v>EhS&)!yAutvse5@HAKtyYc$?>H?EkbcQ4Be+rMxd_rtMYf2D&fG9!* z3nxFE@hfqy=nBmBQvkC45n<<3pE}6G8b2I#yvyQZ9SY!RA|;(HR5H|Ksu#xYQnj&e z{6%c^xs>RP3>gzsQzKJTWrF%-Wskl5P>HEE7WZC*eY*Gt(}ix@WO(KbL0V-sH8^T7 z0O2!^@WG07sE^e62ejd`)qT6+rHd=x8n>K%%lo*(_^h?FGOG9AQmMBc#@nZ?E}qh8 zb9{Q8Zp)$3+2*@5Rt@7m`qKfR{Ki_XXbbRz^ zuJX&5*nr|kh>s_jSoNy8x#@5WyCOvVJ$eTnI0YO#D>s=K8w1^LxUKLPUD~tJ#`JY< zK&x$sr6iVaRY{2_TI}SmFl4X!VykH*_{^kM`?2L_zd3FZXr*t3e;xDmDSu$`{==L* z=d#!^?ma(ZDNx|ptL)#or^VE;$lRxAUH8!LDP0;>6)082csDja$Q&QDcSNJjnwlEa z|CNFnLaxG6a&CU~L}mx}>~NHUt*sjBM$?=|(@>8Xfn!Dp_C^XNlV&6yNPYAZ!1-=O zvX|W+_&{@F#Pyhd{Gi9f&CzTd!i>I>J-s?5CEityyqclVdy6%lt!T{qe!PV88(5>+m`Q7Ti9d7D9I*Q@~d078L10#&$B|nh5kb*0oW@kA#v#C zhk0)2BFm!4%H|XgRuc196or{a%-(fD3?JVAruqE-H47WJ$T%sl>6X2kk_1NxE(i-* z#;#8Rs&X8-5&5bXAE90)Q&EXIhUh=-1Bo`lJR^jMq1|wI_7wDKq=_SORQpvVpW_iP z44glUjiaL0n)R&SIIpCpwzdr2{h|f4Mh?r3bi2VxB0yBSX;EzZ>6FkR^cBjgXVb#B zAQ+t>FJb!DELiwYYu|f+t68gi!4h^NDB5B|mS1|j#AN1}tE_&)?+Ax^ph1L0)>)`T^5BJ*UocZGFqcJogvS{Qn!cc`rsz!UfCt%G;$m#sE76swuW}LwJGeF zPm)@<6@u(SXB8xvoJ5NnRufHFNE~@E=R=0QDhipw!VpyRL51dZokyjZhNgcoVu)1Q z(dVWDEruX!N1(J23um}R%#QmjfiyrPWR0S&WL*DNXZlv09C8T!H0^_AXGZqRqQs;X zGhey1!K&uw?)s4BtX1zko`H%4ly$x`H|@)~{(=3oZHPeO;pfN8QHarJjdPLH>>07} zHFpX=MI|4Un&M)8W7{5^5R`F0#K#oqEaX`hR&}6mE6^FR2XpthYvqquvSc?uXJWQY z8s?&XVBk1vJ?#d%AIOf6Sd5~-Ew!@J7hwhrTWNcrNR?IbHi8vF|3n<7q91;LVExFR z@jm78hg#@`4|jEI4e(u!@b|6p(<__RGku)A;5V`fk6=}5(00mMOX{T*R@Tv%A7=5I zHQDm8J}R8rR!*tsXbHGwQVa44bQETR8HF?P6PA@%E;omHb%~K_+!;mN#r{UAA+7Cz z9q3y!)OdwAF*P*`4RMvwTIOv}&vRIQx4Q6FA8KbBEK+MK%5R6zgE^e^V6G&+QH>D8 zU4}Xjf93O^5m6k>~hH~SteUm&g zY3#_~`r1lF*_yquJ*2o&>rm3M3OH2sk3r!Xj`bk;)U&&peGRA+sueznM24TxYPBZsZ`$Sj)Y6QcJ3sLaS2lK~5W`+791ezH! zl_lNk>BfcpCM|OQir+vl_8b`EvqnY-5bh((e`nG3{h|4EY1@!UfO&ukG~(HgE*zDx zJt)07y4erk_G-J~sC7K5{Qvv8AgzWI@uW5mgR$aFl34ggg*mu)4q_5O&3o;Q~|e~b^V zs;l$s@xun-^M+L<9-BkU;Q>x++=+ES5CAX;JOXk2kxgL_Vp~S60Jq42>yhXz?o2gx z9zF^G4-XFif2sA^rJTt&YEyqeBi|>9g=Jtpwz=}u9cCR5R_&M%m}}(htOdIc3hi(> z^-x^BcdP8&TjJVjBP*rqtXmrAJ=(Np;Vh(V0n|4ESz(E#oU1D>?JX5yJNZ3gbFsc@ zQp-erClPiMqc}E@FV}%X;twZOv*unkuJz37PukKb(?Wkgkvqlo<3d!a$j9!k5Eyk_ zz`d~y8Vi!XN|qK(pT^=6-LYZXek77%DFKklRj(#=#HLc-rib)P`Q=>NJ)DU~meF<@u_#`B7L3n|#?y-jBKQ<> z`|1H(vb_kF0<_eJG^+yyKBAQb=Z4?{9g?u2wL9jqxTFA^fMtUBFJ=A(`4Z;CyjwMU_QqXdE z2z})_Mswvx+)$?+3w9Igg%H1?%yGr)DK^d;59@D^cXi3v{R8058&p1+E!CVqWBExa zF5Ggqe+zZ6+;Va(=Evu?+$(v<9=A#|L~+f+$UJZA^M^~7`Me8MCgndG%ZN2^ zKB|{j(K1Af_HkXh@gQ%Z=f82)OUpGX|=O5L4j+hrHA8nM-5h?;DZek}7&fOcX!j{wE%9(uwtPHv?1P28f zfNe%wsY)R5J5tV#5%<3`xXybY(j)Z@0!oqVhSdWuH5Ny} z`Hj4RtR z{W}FPH96O4ojS2%{!Qs7a--}5o;Ph4>piv7e32NXf9z9w{-qTZy#$q}c)#VX8O32u zUsS8lskHQ%pOaoQcC=+~!w2>*kuXQAzI3@7L705Z94_GL6*JqEzYpk-uhcnROKA)0 z85NyYNhvAO@a{6zc4069ji(-GI}hD&ZJV-%MSA1d3W8H$W6*=5yYVCVnb^*}`q|$< ziM9ru;dVojZJu<+HacYsLS&Lbc2%!J%u@jnVJ5-qhPH6-=$!G*sgU7Cb4&u#NRV%4 zb|0%hsn!JHGm~RGaC|-si(rArg0M-3g3BiBd1g@?5)JNA3XA60s38Poum)_;0`-9l z_r_eM4?%-qJE6ZJ{>1A>GfvOdTKSHtJ

|YAI6}WIk<^Zqim`abdX0u))`sH6qoc zG&-yi8de*KR~n|*d9<4HPd7;GDK4FRHAIn*Gz^$`rBNcjto?Dd@e|FsXk2(v)j2`s z+lDaerrizL5^Ly1HOfjmB_;ac8TEPm(x%c!lQ^lFcH)7-)vDGnH9*R!IHJAK;mERC zatBsD=J`H$KfKB=Y?!4*lQ`hZL|(_DtIO-^LNGc>&d=iX!ogK=%5v|b%Q>~K2_qJG+Dx75f=kA7)N8D<@gz?n*~KR}YhL!%8$BDOA0UT=Fz%Ph05 zcZ|ex!-7JkyP*X4S;^oH_hyW1eB~@nT);l&kB=gP-afBua14Af+`g*qfJ7n|X4CXnGU#s

KsdHJ~%<;y-D%h@*E^xS4rdu&221Wp+*=1+wvDz-C3N_K8bm3y&- z1ec--`1TRb*2y$Mi!sxS9pR2vnAQwUpp+2sc?-W*jN>%rC}p|PBje~GB1gV4&6*a1 zR$|Cm!_IuNt&{q&_kVXgFVwHqkAATp=Njj$JC`$(V-YZ}J&dtLDw!;UmoKB?08XUa}s~?sGg}&+tt4hY)Um#7EQbAMBC>)fW&am~CjL$WTlykh~`I0s7Yd z>=B!W+qO2&mclDtftNeErV_CmSV;ufHC@T5jOKjorxY1l9lJH@CJJ-c+8N_?Hjuys zf#u}5A_5m>vq?6Q8msKi+=W~LBzc$`fh7cBAf4At9~3&Zj!S0=hfG}niy-(}oEQTe zYb;L2fyXQ2uc1G^qWIpzjDn+uTmZNyDM<`SjnE>^=LgGs{OwnmFAeLbG92M8Ra{H; zg5DX6Lu+GYWApgK2Mt1X!QSIvKdlE#jDVNK96`_KYPj1-iDS zxbx&Lf?q6*53X5=c!e;Wz$yq`(cX#x{=(+XqT0}-rN|+WzX}a!!`s|Abw+l<-nhq5c~xAmf{-j z=(FCUOx(@(z9owAaf)IeI_tIp8k|s9|77au!cgzy^4~VjJMRkVn`0>ndY1~DfX(+R za|j0oy~U|EG4_lvhS>e+P{h4eCqWG?Gg1K0LY-8H|DgeZUsHADX^kFXeh?Vuu2`}UaD|ZUfURgn*w>IV1;No-OfF^*TN&#Y)Wf|i=O(kb=*zqH zBZ5F2k1Yz09WR9aS#zx@QXv6nQn!Ujd4>a~B3znaPNAgY$xoG=<5$dZgkynw!R-k3 z(Ym`25$YOv4qr$jNsLN68WUF%fB!8&MY{#8AuOFU`SgzA=&RFJs)=eV1}hbxk56_# zzIRtG<%CmuFtDj^f*OJVWI}KbxQh1i_ol2YHlad!e-;X#K_m`Y-{0E{DXmv5h8A5t zXl*!zAfS)1HVG8jvdB=UC*#A;<8e4KXlxhK0`i>4Btes9X>2)@mXLRWc5z@(=fR=3 z;JLx7P6U~uOI!0^Q&!)29X3H+VLd{7#FQNMMZHz6k?wZdVp7L&yqSLn84=id5+&H% zpZt&UA7#{cA`U49DZnv0#>lD~ACw#4OYXvSw8zW29L-`Z;hlj{!Nq*lY7KV#ZeqUA zDGST?BOk4^hCgKGWnD|rnm-lIL$CxT-^sl#`Qk~8pP@B$RIjd_>3%k+A@YXoryR1Y zMZigb98g%JB;%2n+%-`9o$_pmIW0RU>3`U+o+!$G!B>~81~SLrsEGFEzMr!oW8JE> z%`GBzZ8|$O|ARQ@xt%D|&j3yc9R)n?rfYr4K+1G+i!9Vi4<KV;oiPftdG`tHQ zf;h*hBdW5Zw;cRNGT+@FESYDan5V4Wac3!q5}&t_Vh2_moHT4OD8IAfr2AhZlGe$+!q$%|2F-lHEoTLH;b?iMc+Yy- zbN1C|6dfF;DfTV)agwRA%f>cshdqipR`!cY!`x^}i02KzzOHW6*V-xvTUxBAg6@bl z)zwV!cHu%|N=hVRMlghg6?deg ztu$;yIKD2xxN^4!)ZZKn8O%hG%;&vf(QIT&PH1RUbk(NxBkj^o44jr0NvE|mwOT*t zo)lEvwP6Eo((+D&?y5*;26$7@pjC_#nR(BIV$)rdMrg=?WwFOgv3`2FHC!=36`vGC-2`lU8T;NCD5Ib=KGe z(GD*dY3P%nmIIkbkZVm1!J$^;V~!xQCDMIsus47ckR#w^1!jN@8Ox9`m*|$+In>{Y zxs03~anst?V~LEQBI+|D4)?Y`ptVRo>r8_uY1FAX2dY;#v+Yg*f;Zqzeu?S;)PXpK>jX zX2reNvk4h3WF5)MM?S6`AHw9qniI6p=S2HUgm8Wp(wy*EkYe7vIrjrtwr>Ulk0R{v z!JWU&$`~O$f^iHEnRFaQFojS&ND<(N+AGA&mWG|#L+Y9oA;bXuN=irw$1*UmuuwsQ zhNO9r{be2x1Obn4E0Izl+3`(k9d*4f#ok|0YR;;hF2Xw`rkOXnlWZ4m1}F@RpNRdM z^ywjRso%&Y>o4!AI6?|b@0H6REZHwNIe7@@UsX+&wV)QLyQQ{S1t#o{Tl>1zSS9V>uyxo*O+6R=Jo1&-;uK{67K{S~Td=mu%C{65v-G1vnu zjkOD}JqsmK=)IieK^2o97tiTL>q3Lq8G+?SD5X|1DWsX2AgH_Q|$5VWDR13NJcNesk@ajtXO`j z-jL_c9ZKs_j5frnAR4g_f~CL=cQc^Nglocug@Ox55)D)vTiWh%7%ghe(7Uq++zF2t zE`<6398j_f`zvzJJ5}s<8Dg-qqAkck8Hfi)O|Yog=uA$UC%5UMElVN@-H5}`3LqU$ zkTiBGJ^~po+KsfC39@>^XD*SXgi|$rK6Zv2lIq@|7%0RT@!#GK)k@dr&uswUhysBgkspDWg!Mk%QO=khIV7ZC@u-KRE;W@q z$nv_2XeExOd$bL_cj!X(SAmWV?KBE7fGlN0+48GVK!CIzwgdS(WR9@=!%oC3iA`9) ztcDA;R?z?@UI5WE&_o*?J;*|&aPcp2A&gn4ObQSNlY$5mjV!Xd$Fba~C}}xR&qVwj za}4n2~n{9HLw1qcrR5m_fmb|J7p zZVi?a(iccx$rV@(poyBWR$FLwumy3~*l>F|gMy0naxKpMr0U+I9Q#njAfjd&+^76#Lz4!OGt5Ie!eS<&ibMnT;o zB2+~M1OiovNaCj1z^j)b(E?otT9P8yDJiCRI_Ue7{_#~q80tauwbo`u6uAktjNd_g zVVNcwRYmskhYSspY!c-P9%`}}o4?#9L-D0(983!alq6A+&dkemN2_zh5NBxL$v&58 zN^+M_Uu0Q(8v)p#6DWQCRZvu%y_|DP|MF2Tz7=bcn1Ct+iA;PBLb*mtC`U4*X>{S8 zR@?I$j3YA(k;n)1GLtw0Rm&-%Tb*f#*9g6xx+Hkry%~BXL{fzCizF}!X-(`YP!l!_ zQ!g`Xioy#)B+wu2c1uFsMiO3fh5dq-<3^Jw7x&nrJ7GPc;&ENkJ{!_{nV5adEJha#40#u1mGRcIDQI?T z^Sc|NZ!VSj3!yO|;nQSny0z^Gggpef+D2v=I15xfQE3!5 zBkQMLmC+|@RGeEYrp3W-2M0_<_UBR{twPXFa`xuQ)gkaF2(R!Vh;>AAXNPVTpTUxz zQS>|;3dvd%M;rk@L=PQjCi;XpAuogyMwT&DAP>H^HW?p6K63*9A~D>#t;NQovbQK{ z4Ko>(d#iQlgB9|g`Ep150$`Ph774aFDJ|^@&?E*Z8o7`&XFP8UeO9<{iTQ!gBSbmq zB(fNXS^`b`J{6##>BF-w`CS#83TMX|Etx&d5xv5PNKe!Ms(eT@=TRvJvf&{B8BDrisz1(8Wy%i8Se)hrlZ&(i%> zXcUK16T%B#9CDP*k=_HN`OYI(#ztD@NH+e?D~eOtXyUf7kQ5O;C=RzOMd$vfIKR0K z$L*9Omm9);tLtMXpO<}kIJzJ<*I zWmZ@UkjSB3b(&SDFY&YIQyn^Xh<@L5-Qq$!c;wa|f@BT4Ltq1lYnU#L$eYmeTS&dl zmaWFisS<%Fp~YcZa52sNMBN1vgK)I?2_XdM7q`ZQw=hoLds_q)Tv2h9@HdbbBKfM# ziPKWSp!qG)oXV0N{VewQ{lrz;E_?&kBqPZ&Jpzywfk$0E=hPiGL0iwv7V(D$hegkc zcOdGcYbj7GfD*~=GU}b0L#a zEQd0AlSPX2b0-}^MdOH9b9m|JM>vRnnpeRn__aR(T_S)wG05!iVm>d5u&|DdavTZ()D z3!ok#jDaXY3SBWK%a`-Q0)eKhP9D{i=AZiFY>}H$k((h(ng*Wz^)3I4=We$gDjyDG zGy2gG=VhXXkKGtNqSf$M6FkG|96Pvx@*R3CUu()>yiH%N&;M&QlkMVh`W9 z^hx!5^IlaqlfzLgEWhj&&z|MuvSw;wuBBki@jck$NFF1G0Hu3EtJtRJ;EetG^0oeh z)_oQCVAVM4V6(d(Ggh>g+3GYQpCodyfFIzqt;_j`>GctJ1&xr6q6ny%29N^lW>=Xn8g zV3&b;H2uOnbA@)~9b0o~2i@~#d7S|wRTw$9(&d%Uk=PcQps?o#QPCMO~Q`m^V$Y3 z=5?*fRF{Rom`JQLdEW}~CGZ#9UD`&F@~j3}bgLw2t!Qh0|G;xue?|8uHv~K9%tTNZca`nXu?gOrfcn z=|gS`2K1Yf7c8Tl(Qz2^O(JZ?ZWG*b%1msgrQsD{sKI{#S3#Ymw_hKwQM^4I$w07v* z>D`%DDy<0V1Mcv0<6g35h?&=d!5_lOU6!LmRsi}!EN!boDFOGNB8klmUWkGkgkPf> zKa%y38lkwuY!aUhg;bkuoM7?;inErUSWxJ%&TPs**>GA>!XQ27b$;oiQGZfi zVYYzUFogL>d0@Wzt7}5-DF^zTtSw9;4)G%wk2phfh$M0fo0Tr_(|Q=P+v^XI_}&GN z5AjQjj28w0P9Y$Oul_93Sj8>q8meXKu#A_Iw~j7?FSOWCz3>lXn!R}E{l1e>@q+Co zaG7_xk-oL6{jfb!7XiiUJZ;m}S5m*W+2S;k+bBW7Xj&qjfPeu@8fk`slixqLAz1g- zMa9PtXAN{ajvsmP$yP<0DeHw_$=ScdkAVOx%Dfdx`O@{KctC zeUPr88V1`B;6_QW&Tkv(DNtsJUxthVVdtEM)%3lgy99Sx_nU_`NO17;}MhvesOcG>tUabNMSh#79Khz`iG z!skKTMm5+S_+1Fot$E$)*wB+k9;BRHiJ*_@S=b5V2gx`JA_3^XkxnEpfX&~O;IL=@ zRP9svJyKR}BQ3jl1G6wM`{kcg+u-k~qam{iaov!d65mR65;z`V2N4H-_;3{2M~H8Y z#Zgd%9_ z)rW>QAVHb$f2`6@5W9wMw_i=TZ zBgEJb4!a1P5}*vwx8*kt6zm_Qe!Y(4ue9Itu@uG&pb82URnDnyMTN@fODmbn)2w1Q z#Z-oZ80C+Y+6q`}l3=RJ8as+!;Jid`(}Bb6Gl-&{DMALKVb=f6rg@3yq`#>7_~2=r z(RD$Z?z9~%>KVC=yjJI>Dh^}cZ||2^W@SH78PAqgxG*H!Wuwri!?o(i$&Gj zFcMB29ugt`L@^h7d)#WZO+54cb8Kc&@ADGw9Ni6ImB5Ok3dgevs%#R-6H*Ag+Fb;x zr=H$$P%=VUn#@(FY>U;9hS&lAQC6!k4{T_dL zWwsQMyKo>guE&N5te`r`TMuICq>a^I4D{MAtm+GZrgP;q< zz&;gAO}(+WGat0pWSaE!OB)gXGD|T2OI$p+hq0F*RsWK+8{^`g1vjK^qV@|lWw+V+SE;H++N8erW9QA6HWlvdj{jJA zlftm|u3o1qpD3-Rs-c+fIy4|0R=Zq_#&M8pl6JLFpf%ymB2zi`1}SD7F%j`0c7PQ` zs04V4BmwtWOfD8LlASPe01P%>eMgOqY(_VW+!}m37}TE;y`m;%501VtcPd>(Gu6@$ z6sC_xb)KtaSUqi0``FB*6?#KaKPF-QjRdEy{)%r9Ig4d_Y3{KcZ7LL|dpZlsj`}of zt?jw6sJ;ZZH9DYD*ce$EozPKk8&*52;=5GiLb{T=j?CslN(Qf%^CPah zHhC3?@p1LA;Z>PR9R8ZR8I&jbk4!z4_3AY(>;9k)o$}?-D6uW{P^J$3?`6Ubqu)jP z9q1DRz8flK1cMU=GgXKdSKYov8&>@~NrFY`hHQ2&)UsnN(QUg{0At)KSi^Sl`*JjE zzV~c00%w0kOL*qL)xuZgoaf@YtY65du!2i*esGa~v0y-v zeRv#|@+`b?bldI}L97f4g%S`Zm-ScL9zS|~vwoe$?dEik0m+OvX~9V$Jyzm{LWSub zcDB`FR^3l~ulg0r7p@tqYl~L%RMWGRshi5a+mtfpXxPftJzdac*IuCZd-?823@Wy~ z-Mpu;Op!Wjklg-cOQ&V!*R1{9{w(~I-g{MW+)B9CS78nOA0b#FPQ{jlN7^^LYHP{o zt^b<@!IqSp?aO2pF;z*9J4`9=ix1O1?Q2bK)~qNnR!;QPxG>HWlj~QlSrSmC*41ov zHP$+D%wN*5GQYfMA};_j6!tyav_!G`GSEq z+t#ic9#}P8HR5R-mpX%Le8ypE&-zT|FuH?Ek=^c2?ZktD{bJ*pe_aSk%IGois>&Z2 z8`~zI@}a!;#@A4)un1k!G;~i&ZMxuz5d^*U-FEBqZfm~yHKQVKi+ zw#`Ikb>$YH7xeZ|Q9CCsG^qP1 zp=PvG(pj{bcT=mMhQ5k^Q>Xr$m3Q~c(0S;?uv(6~sC|d3HUBPZD}$6B>K=taX-Be3 zsDn+jr9UF6Yo_#A>1L0n=UL_-Gx$;%@#=9(G7SqxV2Db^O))(1_HS2fysFhF(j8!eA zHm7aUlM2%{7-e<5sD`#fap@(Gmfy1tPAO@*x3Ip7+APlqZyEgpiVxx)3=zpu(-;wh zt=oIVmyH_ZcmYG`P)Hnb;>2vNgzC>x{WjD^G4*;Vs`8b@N(s=3STW#vwBuU~oygrmjwN;FQ?+kH}U&BO5LjniIfs z4e=nlZ-He4^^HzYq;!5PHMHvgG4>|lRIY6saMMX)L;sYBvXdWLnZUDLI@$rxJWGX_@9sV`@P@)z2AR)|322S_B!^iH9XIKU&DEw z=Xsyv92j+qfvy2?0G@#uO$IMlJAN(J2pUL?P_(|Cdy{((F}QEBzGXlxHhVGbaGsR0 zMGKXe>Xfgs?C;!a7@n$Yv_oKTUWdRHnz6|M@;*tKjHJZqE>x3jCa)4)9EqXvOGP{?Ytmr zIF)XHShFmZD=$dbzE#b_uQ|J=yFiS|N`U1sd1kCi(fD0h3s2rs{iK-vc#?(F_Wnng zU31A%&x>zvt-tX0ss z-1Ewse$rTM^yRu#;fU$e{l3|;M;LPK`t*VUe*t_4B#LJs#i&mK;*{C_UwXGF}GpE>38suYLUs4M!vQ3OUZ~Br3|mHvH3xn zEwB%?>e8T?S8>hF8wuC7DYJAO?Y~cXPBAFr)LqWV+Eet)D$!)uLc;u5{KJy!=0jAM zzW%W}>*hQ;4IH}suaC74IwM+rMz5_>R@PsMv|Qqs&X#kOE6roVuqT<>&>BA2;PQ=pq= z{=D6=&#==hYf@gtZfC8FZvX%1BGm&M(SOliq;o%*pW>zigxrT=+5_4K9JP0BvV4$b zQPzHy+Ubea437;HF6Ak6qj9WT96^@_ zcV>l?1^W2R71@>fiz03aLGboiOkKWQJX>o8oAPj0SpRoZ<&0ziRo?Kb*k-xRVF)qVS8!{|0Krf_Rj>yK1*!oFr}^XUxw zKI2n@3||GQf#;2+epLHEz8!HB9u&oaOLg*}Jf@xIMT&IB?ER0K#g-MbbhPx%vqVf& zwg~u}Xp2)QGj<_!TRS|)4rtPhIdf`fvmEXb4(~;A-C|!-R9}3xYikFG3&&8u`1zT_ z97l<=_LBwQ$k+OI3LK-pGu>O?dxbhTW$PbyqF}Rpwv>(-`H*K$MqAkI&4MS-DR%X< z#dM(8T9*S@BG4wX$5IAS>S7Rt0XxytG5V^EinLp_XTc^8Ju~P(=%H3d6E{aY5tGuP zv-EW2uQIo_rkx}~1Tp#TVZT$a$z#fVkx@o#?&=d(J2SN7EF;FxU?_ArsNc8w+}=*+ zy6XaC>8|zZBNbyJZRcyu>}1NPNB#TUVoaod?>%w8-u*q_IqG+Ugo|&6T}9~rK*%S$ zuHvpRa1VJO#8>f!2Z`L-O>ik8yZQ&o$8-xmFCf|gnDC}B9?s4&X_cE!I}qDns2n0G z6MbIbn`*5~PxZoq$)U?~)t8OgvwuwT>pZUSk_poAKF~i<+%s9faBS{a8TIiEjpyyA zb2`|+1?I=Z-0yR|ARnTbNStnWD_D#zubEFu4{&F&V#(-I^;fVdfa*091QZZ+N_Z^SjZP^&-w2KP3ovvb)(D}IS;4jmBOK%$bFrN|H;>p;NOA6R*lH?Ls@VqD8q$AIyP@yJOKMs?8%GT&@t(J|(pXRrSM0ANf*lMvH zHxhB64gVo{AYGu{X?~2WT6m;Bv&2L@FniD5yn+F<1yG(YWOn%#McVs@>DqA?)d`DE zezfm+TkIGy$6~<{$ESNU_Uh0ZjZs1lcv|PvLpRs1s7ci%`lyk6Vaj&8QPUV@fCG-H z7YMQ|JPz{mf-*6OLe(Am68NLyE)ff9h!>I533>szkgow<58;4Mg7bhaGdw#pTd>HK zED|RzKfj*BGq?ZWY5BjuvJzPHDm4d48LCjqB&euQaqheht}U<$iOKcd3pZxkN1xAs zCT&?Y`gp)ok>H;Yx+?^GQbP9G^(AWO)GT?n6v7O(db}cvXMW8U&;-pE*6(H*4@6drIKW}kByAaEx7zXXv zwt9fC-p!1c3A6#lk7^RF%wnf&RdLgk8(4(b6hbuT+)VFrMW)%q2rDS8=ye(cU%$ADV_&nTRuFz zYtasZHsJX`!vfItG4}R7^ZxILt zzYylQOSz`RSaFql0iW#($>E8}oiz8lytp$`Z~4x-b5B%GNEx{(?E>*xPb1u!Ia>E& z>t-_!ezU6gUxYGrG490!a}f37nt3Iue8uMNn;weUe@o}XazsGHT8xG!MU?FmEc&JUy~2)F&^pnzt>z00R&nW zsEX=MwoTovpBg61#v5lupv8vm=RfFi#Cj{s3pJ}&El-@4J8?-X=CX0^oJ1f~RxCC@ zEQqf!Jnf&j8z@Ay!S(xNmBt@-%s#+R*h0P`VNy)L-DH``UZ)W4CJ0%nTB$m! znVTamM5_a)$YVF|wEEN!8V+5v6JE@chRVjV`Vl7&hy)7#|U4+FoxPV3K>PoDyke z?8=ejtf)=x?@2(vhJ_5o5mYXaKcGA$lp0;5W}<9=xM;vWu}1$rcpxkau3Q1+Vr9d)M$y(F<)!sZK{Mj3lFh>)dTQhABQSo_C3!qcpSBdXdSl3E%o2eJ){s zv7R_gJu!Vc-}kNLNlRFy#YO0}lX$_`4u)w;Vp0$8I|eYb}C14gvT- z+=WVmZ8e@U0xw3QdftuB!M>Cla zUgG#r2)T(#DcT7f|HisG8d6*NG6TeS>hIoa|wg zj}72hhXFSHTs~5Gu|@ex93@UgOkEv%l%RscgUwmUiE4c_rW%id>4UD3nV08$JvMUe zZ@U14x?;s*y_D!kN@U-+nkQkU?a>-mXygflQzPX`79&@aGC!klR&}E>YP>9lL)p23 zSKE5g`x4z6hR{*9IysyVDh<9e*B-fTlgl1s9I>Q8b$>r`$jB+~TTLQyz?-^5T#cgJ zTdo$Dns>4y5$Phm#$`qLmfrx5g=sxJAe&)@Mhf>Br^@1OiG+#MkO7NQAMbBmhEFH% zug5H{BHvVgvb< zO%Wrp&`p5xYu`L@WK|<`?Y!bLE?Fk<3sg*AZZ3kH)iLiZ0pr|Y$G-n(7)3amXllZ! zmY&>2zJ9J=^6|YVK4JeQGDU4d`~;6Nr~jUt{{7nV=9c|#uQbL%WX$G6ALI2@Ra*I1(d1d3ZCXvzeS%;OUqZ#OiPewHk>dmW|& z?>=7}5A+_tkFarE`{<*1{DkPk_v<3Ut=BL~Vhr>#_$Me{5INIqjaWrT)yT>{jUN4o zmYm%&A3_k}z?x)>djmk`d_0r4ubhl>%R;9grt@cs4FzfzhKQL(MI1B%y#2RRnn|Kg zkg4wxsE27~^u`B*y~a}>HXPpY04DfbAUzPS9_CVs=AXpN)tkB!@+Xp@hea5LiUr_Ne0N47wiOQRY7`60D=S-6yv%k_+l z_d5^UTf>iZ<<#%GOwaX)3QTqD=blwau^MqkN^;U4z<5b-@#u+IUiPvHruy$;Eq_ZJ z?b=mN%r%hoi)Qxu)%FKl;WFJm$n=%o-ftvi)g_a*TQ zYzD*@d+|l5rm_h3!paxTZV#QP3E!hrH0JD%=>_ri{@6d&{FZRxi0qv&!j>Y0ONE8W zIFwQ4#K|}}xiF9I5sUg$sja6$lpy$KZu1VT6~=Q-{=)56ZTB@E(+c==B-SJj`j>}n zk+bEaucQ6p7buHb#IZoQXKSOk;%kDIH?21zJ|kRX185VN81$ZmnG$LySXj{0c>WeQ zbJq1ST*u!jR?! z!J1m}t$<*R@U1`rgG$}7-uY3a53lNq%M}GRBVy-eu_(7e=gD-%+(`F!_F^OI?!j*B znHq5%Cwn)Q_o|&RLqL%C$I^&A6W$Dh`I_W|RxK&4J}oUlIc`{SS217x9FzpCmd%#g zCDs{WbOOpWbyp0Wj*S~e!&d$llOVltD^xIIQIA9z=mMIjk>cEoIcfHuYA=YW5w9`N z*3eZ6yGVU|LFAWc&tdBIwrpA>5o+#m`X|cv8geCi5@3XOpd}D4URG813=%Q zgl^HSA-&MwAtFzfwJV#XlMnQrB5jd$POeMJaO%>SZ#0+1wCZ6ZDYY7O9m10FuQDco_R{6Ce>`vD0hjpkPmKB zFY}1UmE^~mlHbH>=YHWg18>SozzgKA>)EH5W@d6sNqLP~+@G zrD*o$;J|QwH)0(3D}NMg5Uv$5xq+|GhL0qBb#ZFgk2$HhdL?e24J)M5%~*59jny5^m+ZEdR-^EC(qzrQLtw&7vX$3H3?L`4p1*VjEgdyhmN#(}H9 zgQ^62y4U2e{a|1fXJA9vj9mAbUh_+%8J7=MYh@rIZ>7OS}^}7JZ&| zU}sl0FC+(+s@&YAF+RnSSG$Hu;u36*5JoDGP_+2>8FL&oZJvKVovcNpa$0G(H?6FY zo~EbM*DTuKg57rs!<*0mnh#~uw|CLj`Zmvk%sEWD)V6LH;xsX8?Ylk1`+lEhzph%V zI`wG>cu2qp2)8##?T&3rweo9G7~;tqQX;*g>uJZ5x?N zkTlUb4Jqt%!_yywl-dOiP2y0b-~sX|4*fP>6Y^tZrhkjYgC!Dsi&s$OTg8mRxWH0M zH%Kux?ts$>F4NBHUYn{K*$$-$K7Rf`T%o(YV|i8FZ65TgXP#!Z_Mv4X=z%M~7IQ7d zLntgG!ANV_r&+}N^BpRE96e5Fb45$*(lw6#yEsL{dw`D<;!eWs=Z`4?(L^SF_FosT zYiP6_z8HnWFi`3s#}VK|tn0WhVS@o5IRyEsf}YU6dEUbx6{`-+RWPSNjOBT(q($Dvr^xqF#kCFsr|crcyC)4_(8AXhJXXd zl_4gC23lr2zh$#T-jji1U8C80nPuqpcw5-;|xDC zmD_zr!mvyr$q8t(D9xzbah}R<`cgVU+TRv1`$Jz}L|Uw8ePe84iu7JhhT7css9gZl z5y;AlXAq|}oo7o;c#Git7b*#v8JUZyUkH@uACwYuBkcdcN5<6m$3-|Oc9Q6yx@S+j znj5tRaPIIgqga6&w$dJLT&w(Ik2mrU-MgY;TlxZbm^C=VeYb^@&}vSU%S3Mm!4%P2 zpfy}dq2$^0cgLZI{}+dG#UioPn)Iv2vrcL8V}7ao>9wzFB_s7;qV*GYGefsrsKemd z5)>3vVm+vuxLs$hVE@&6iez8-)zfuWwc>C8&>~@cgR0@bl*!i}*+u$!>w{GfiP4aP zG~#3!9(Fb0b51!Uf2tS9yt^jSG z1l2^sfOl@DC#b}>l6V6m+x6!OY)}@PB!IP^bYf5kk5fW3giAy45+1uOEHp>y#=_-< zaOYd9_LvozvsxZ09#kuyyUgkr1#^O$R3^D{!#>GAw4+29WNjd#DzfM!QB2SEp(1V< z2I^>t-^L0yHZ+71T`%r2;ptp$2qXS;$2Omy?y=(t?zsMrutktr98{hIJ(R(1y5lBj zBsP5?TK+!qlg%3R_u8nVD2VYW_9!gYmu2b6VN+mCTM-UdLj_T0E}K7S&$!|wLgE;J*JZ~Nfe7# z#fz%3?sEwQeF#8G1+_pVb#ElK90Byzt53t&RT$S zkOh~B=tXdkh!^m)t%&qFSU#_BD`$QT zu}c&C+?Hnh<5N}#l=oOKm(33k*!^9c8h}$9x|5X=tg;7NQ)fHEWrO0uI_vh}mGh1GVbaC2Q6t)`b!M zsR&M|nde*#=L8wpgczE9rTGreS#JdE(8o=V@}ZiPxk}C7X~4@#(97x8eJ5+9i4$Lj z!I1pdKUSef81DYBrVIUUS*FrQmAM)5yZ5v5io)17*6Hu+4jSB>$-=xX;tpigs4-0OYLKPI$dDl5@XUDX+dz8 zvfBw&^1tXy<9#O-cxyf?^6vh0gB@uUYlX1R#O>>q;Rqs_q3E*U+hGccE!b_a%8YN6 z*q(RoBsiBrK?wR=Xd=UR zA7J`rwr2jvhkNyl#yUz@gu!0@M@J;fs`T}F1Yj9Z-xr*I$L8+CF5TjB@Me`s(IGK?$Mx6mA2L;cl_;kt6m$l9ndp1*u2oc{i+qtbwNa$&)8uZf_zK zH>ilJOKP?#O8HxPxQ_ShS;Zwsxi@9XG!{ozPU!Zrn#?saaTq+eN#%aD&Qe3!F2s;tK);lT0jOh@7q5m$eE4lwya;YaO0Xx|*5} zewhn*+hSO?d&3&~zHWV3a^WWHb#bQlkGZ)#;zd$5oD{XM&I|();NBFiz?JM8X)$|gV2&1V z)%mI-)*maIPD`MMVxmH*4hViB*yWJHn-}#Pg5c`4`s3u(SX7Go!cE#{ps%;%@G~kqSwCf8pXGhDB(uZhn3(>KjOE&C zB`HA*;kNk5tk+JlEEdZ3v%06+KQ>*J53K$#N=^wyC@%I$G3O|QqV5BQR{*b4hzg0* z_4f(Z{ibtqv7Sd{EF)bO-~#{xFT|9s`Xh9;mQSKC}LnGk)-1mWN7ejpG1XX2ReT-4G!Iu(%g?J7F37 z8Nr5Ve9^!8m0n|&TYN73w!fbXJq_iCFar;vh5$SSPI4L5ETX>&{B=;?K|P2=Z-V{_ zVx6;)?>shy3lR*SV2yF?TOILJ!6zn!>A!wiiu1!lHhwN>K>Vv>+{mf+_*~v*%H&70 z_eP4lq?Y}b78|H@e*M0`PFqQ*?AlD=;>3LcB^Mku&OnP7J>CQEPtM1u_qP~9h3M!` zDB1A?;Uoh2Ic9FiKZvQsM4FI0{qgT)pDONih66guo?cQ@C+>c9Q%Y^P!V`@vVne_C!FGW@K zQ-QmLHSY^AIv)}|kKrHYRH(zGTxSS;27`yl+LEW_wrPx!BbT+cA$$J#@g!@Y4%ER} zOf}>Wwc$3vzI9T4$~yt+3EpxOXOC&?s&}|HH|RgnR3BT~UYH=;r>S= zRu9YKw4v?NxA1%5F6yKEXB;l5)fOZ3zMk}R&)nNP10`a=9sGWguPz;zqFyjOG;VE4 zT_ykT&v9f*y2*V(l5M;dR&RrLq6-m_04*qq`}8}--|->v96$(!mYyJ=;8+U83C{!1 zyM1_neyC|&x9?ND$%Z?$1FYndoh~6;%$VL@J*iPM73sppNWE33Mjs|f*|F{fEBCdN z;xz^zxoY}<_GOF@I1mPr85;knT>vD3nzSO@M|358dkMtj#pxj8*V6PvSTiuSU2Q&4 z#Lo0JSdkYP*hgnglrl$Cp-oM^JgX#r&nG4>d-suQeY7Q#QuOWpaK|FzL$|TP8nSBxCQ# zk?%)OaDQ#_a@o)LWJibbSf%-cgj7rJFQ326W1Lty*9IV0T+x&QuPz1II9WQ{R<9|L*XaJuc>}suG}a<=34D! z)Hya8s9c{lS}R-o{I(JAnXePo(2>EIW^%XCs7K8NSDchO_4pvBwLqR>O=MfXy57M; zrAN!=g3<%e@ z)H~xaSz^h+iZAQF0QGW2x=^nrxm*j?3`!aF2;k<>drqKc_;^DL6wS4PJ|*2EJ-it* zJ-s_)pCgM-|0vJE-Nx4b?I^)YcYfDi2&}}*e689O{hCKjj_s)R%&KLrjP}`EHf?&X z^VIMxYwF4@5-#^RwGNa;%v8>WuFRU9zy9JxyS*G+xO_cy@7czT?qlzo)6=)Td72;Z z@^H-S^nx~N&b>U;_M}LgjcHc(t_G9*te;6CSy{(Kq>hOsKRp-UteH6d-M@TrM+M*N zZJ$@o71exOwT){p=^Lk7$lvbKF)`3Bz0gcfxtBRPwpFdBWY}9>9Y=HSk$fa(8RK82 zb-FErgY##J+|a2qoy4@1M~>E#(F$9R2^(ZL4sK)C|D`W9XRt&0ahbEqkK;l6#!dGu zX7n;`RX8_%Zdjo>vbxvW&dv*H>32}%N+ClHViC}JJ*HUp2zX83B}y}AsDadei<)aS z9)`7h%>dW>nTz>nWQf33izhp}*62;~q$9~XS8IrUj%3Ny&}`_29Vvv4)t1h*B;DaL zi833O`>8?QjK=c>XlUy^PuP2?>hl{N>61MAf#l8?c5Y(cZJWP5$!UBY%o0Dew(dY4 z)AT=EG%?=vpyH(rI<$phW0?}9irvP!&vUe+;e=*j$!Q~Y7F&n_I#?s8y80{Ri_(Gb_sDMt?xTVnxoRW(}f7d_6&{z^$@8Jd(Nj$-q}jJ0W6Vc3bp@ioAh=_2n@`KrI?mIm$o z03H@Sz*KEudj8N@b_%<;_gnRtSNj-goAwoKdX}j(oj!%_h&lRox1$_E-PYndi7u7d z6UiZG)}dDb_fhHvJem~t7Ya7t8Hd4P`bFt+()nMtMl~9f4qSs4bEdYs7DfB0g%a$W zC$-e(C>RtB4-fC=2r4=IOmvUemXjO)k0+Up`yVc?iXiu2x4o_K%I{*rJ)?}=blO$3 z;vu!Ghuh+!FgLq>d=(y;BH=Y2IE-5-Rn5YC&>_Ex=6QPBE!pC8P7 zrI+@ouY4!uQg)|zqtr2YDI$Ake}BW>zxrN!Oc#9l%ETT;7re;O;_r6I4^iYz%g**esl^>fG1$yJvdFRZ6~1cIc|h@@ z34UK}qD5!Z3nCtT3e8N6IQxXp@Q@JqB*4CI(RI-mTbz&OD!r`r71j1?$UCF?>8??3 z>Zkky5&LLip)UVV3*fFO9qbsiQ%ylmy(-k%X#FjH|Hbm>v?Z9?gqi?{rt^_iKhiy& z=hE0E)9~sAuuX^jU5oCVNIJfnAP)^C%3l>@rF-agCg_;0Q)FuDG*6%719#$x71uUJ zuI+Hvq`qhE?WFSW(r9zw0+R-l6eq( z-pFE6N`(wYB3{1PV>(Y`rU%z^J$xJut&SZX8 zx;Ns}&V_H;E(+N4RT{JS|3!oA|D%&c6HcMZDmpuf)BhcR&tq@M21eg?7}B$EE`LWc zHrA8Dp114x@}6 z!w&h*Ru}7@#ZrVP^yBdvURDj$l~U^Oma4RVwd6kDAvKkHaOa|?*n?xxZ{n_D$E&Kg0Knbazrk+$_mG>)hvn=C*@tmXg6Dd~%JtOvfLU_fvL4ki?8W88t zI3qHL$95gH;B1}SWhW~?dFr>E4$Bu!*Pr1nuAVvnSK^-i4~4&^E{my)jz#{okc_@& zvf&kvyK&1lg?U$LuM#~x-l?X6fYsnO>kp8#51$_YrNKrO_vd~4P=<$}$6>waYUZ*w-R3GTeKZ0GbtWB~ z`@c67Rg?#P@+T6G>=hpv5QwtT|Fn^K5*^(=Ft9;Dr{KLmi-5I_&7Es$_rQAS6BmvT z?U%eL);IMszIyJfWwt*ub<6>bX9MW;@=L?JTu2;_B#x%dlQu;g{nMl!;DEt4Zmywn z_`b1$gMM^;zjiSv>ueUr2|5C6j3T z1EKR}_EJG=Jh_i?uskvcSIF^$k2JR`_>-o@`W>@M`v-#odUevzVTFMT@`aNI@p zH}6jomW;KTbQ+N zn!-Ts`a3q{J5-`86Tb2w20%U1E5rF+}@2wdL>q+b-~jHHqZj9b2fdWV}Z)v~N@o z>q%`_s}{0(vgEoC#10pio#+#`DKPz?Da32b_})7w2N{A_GWHuWcerj`f6)+S8FH}kx0C#96%S{alKg)pF=P@kYPP$i3u27)?4b}0}au&`S=NhV~(_KW$qdBZD#%+@A<0}73FA-MVdvRi8>;n%Ba$`*^op}y zJXpx^DEzaBgUU;D?iA^D&oZ@?S>_Pgv7YSjd{P+fFt!HfamJO&*ibF1F{;ZId zWlt?1%%c=<>gP8My_3FsD!?C1#L5 z_cbj=%3MLc@n&^#%R82{bFOmNF8?|^S8Fe1erohkocD!1m@5=rD3+0M-xcNVzH7pz zn6B`NxwqnFxuK(571kcd$vr(5FY4dd1T(acOg$nGsMDWFuSojX{X2Q%tHWkxwLnX1w$Zu*GxFQBleX**jF9aQMq&M6%rGU4diFKvP7)5AQe2Z09&${r85m^&z%ribdErgN1fs|287s5Y5BFg4S8HUUeyt2Hg+A@5`X2_g5-eyOTvaCGSv_tQ*iT9Sr4^O3XR=W6X9q{n`j9hni!m2P z*%n{lZ2-Tv)tot3YxDh6YgJ@VnZ@)EP4|vDZrSX!HK@Ev^CF9atQkwx+ek0sPa+CS zHCl*8vC`4J`SwctLk>&f`8yw;GM1r33Mkjd?tc;++cPu6O5~lv!2>AS8MCX|RND%l zC|^6iB$|C}artHP(4zOmSz)n~U>%CZm+MJPV#)0S`r1-e1!A$}y)eV*3d=MdH`|r4 z69B*&?&t2K{987>A92u^j(wq%+Ox30E}&cVslI+IFktH&H*RYtd!ux14ijDu7Jlep zP!yNT{;J?rYA}2ad0B(X-|$V&-tQDROn+n2eqKu?lqGk`K=?#)*XehfxMx?kCQ({~ z$qFuSHIo%;lBa3G5^J7cXWKy*eP)O8anG`~xK|TvP|f7-$sTL*EgRP1AQ(Kh_{wd$ zf9lZ%%_7}St7VntN{n=_sqK-Qk-aGZ; zYg^m%3z7eKv)~oXxkGLA^{LK7Sj~-<>qZ>fzlx{b(@D)vH(foO^Vy@mYtW91l@8pF z9(XFu{O}j}?XSDAMrOX1{QE)d!a7JE%79z_#<=wnF-|7AFR;eCP3<7;uNKC`ia(Lv zr$k7uGh5(+jd&Yo8GKfn-ykF8Rhmv;=h4|<1L zg=Ezd17VF^ zUe|2e`tD3?6h*bpFh$umdT5k&z$wIqd5?cnu!{;-Lc`2lm07(+e0+f)nNjtQPnzI)x%Ob*ZA|2Bgy?k(HTT0_R7Q;$};>#~jX*;RrZL4PM)BCZfvf+*oL+efxXWVok9J=J9@ zdxvrcNAVD~55Ah~{75#@QjgD)G?SbCUh8Lf*$=g^YU15WgEb~UM9=n3y$OrXjZQk(=a8Ds;_Eis>MDI2DPVC7 zfBF%fHM*wsFXWrrHTFgP{1epFL*&F@TT97oiAte9{az}kh_lo=sl#+>xizN=wyi6; zVve)puOjy%v+>a%i0lYfAG%?3UR@=-&wyWbFZ!E~_3sqjJ?oF?n$K}7_;1JigXeW8Mmb)Q1V zoty5if%d}M)iprj)tzqZoNQJ|Xv`<#8PUNlUObeh@}eV?HtqtKs{1 z81W0LPC>T&SL+RG=CpL@BnGeadt0l7ZTcKHz zKLoN?m(O+U{ppo>oiG z*wvdiS#TZ$k2^>}KcF{7X_k8bzH{MO;pHpKxzgU950zSkm(4rKwYIw#=laHXk8ZZr z5C}U53uSoRJc)_0Qd9p4so5l7@eVU1_iUbb6y2!st$;89mJrEQM=HkT>tCc%} z^gS@?{Fb%nwgg8-{s}7<=Z1MRTaVn7rBu&Z&Ay`6Z^{&*edr<1|3_{7zkoioH$G^u zm)ZT;o0Qc~K_iQHHsSu?Kf_99{ku6i(>1(sv${r4^D)apj?vuA3~3;!12B~MF(!`3 zwY0Bg+k(o0i>OJ%d^QA$X2ZJgc9LBtOuNRr_l)QarMHhfM~jR{`^cO7ul@u1@%l#R z&r4}~MLO!XPqv6$Sa);6NCULK6DV_EUHmXRn;UwBW#eBsLagQG9!k@q2{o4<*6l~K8hugtmoGwJD%0)T$kWFjo-W>S8}Ym1@IG&BGJ(i!BCkt?v9(9>S?UcOxh*#Pto1KFIZ6NOA}y{pE(-cxkVI*j zQxCd~8--J@t1K2Ka<_yO6wrn$c6tvleup(>$|_mKC~FwATT}e)>Q6`z`wwb zzl+;e(rs-xEIM7=H!qycfc3vzlu|G`^?Z7H6=Dq{4mNtz%%5uI(G#6tRNio^Ufly7 zW19t~dYSxR-}+wm%P&W~R9+n+Tib7oy3Q_N`^)tsL}}Ms9rgzkmM_#nXfHwZX$s#v z&@*}2cAafRWVMq@y5&Hzp(P*VPaw*ukpZ{=lQEmFC)aH4G;+`P18Xv zA0oH;`)@)A1B7KVB~SX4W#ogi5c8ooPjqyYgpR08WzX~nr4&~-#*@-0^?NI$ma`>|DoCTEb zLFH>vlA`xE%76icKN2#@Wr|KYR=O1R&jp;9%}V!H(BL=aS7QKaJ#Z-i1LET1?@@+X z!#+S(#2( zZ3N=^eWT1$@UR~AbDaTytDHEv7t;#4(h&pU)d9xhmf1V`!^~bW++Zc^G&g1J@TK)t zD%4HiVVg1L7=Qu>HxNIvz;%`pLBJ%tJ)GRHrqiSSOjlW;1ep#F%_!Set^vj$jq%Di z{^ZXwN4oqp%g5>MqU5Ib+Pry@uvn+$-ITj%p76JjVDY9zv7%6On5JH7>W22d+y6hRZ2PGSU-D94L55 z91PFv_hV&%nSq7|n6sXUn9P@>hXnNlvGLYm`f*{umm;qxsIr&@I~MA^OIV*%S-sD* z^y@@6qAZF+b-w5ABasYy|0CSn{55xTlxq}mk#)0=+QwZqT_3K9-bgi{N!4fmUU9P+ zNHVr#)Aj8Lq77Tu1e|V&F^5TPi0`%RlYq#9MKx4*L8aLPL12&EQtg4>B2qaQa$w$z zsD)7!V{k-i%Q>YDg$K^IR?l+)EyN9X$k&dReQR>j@711iAn8Dm5Zdv4P$sM?SYWOVMQcV!17r}8H$EPy z_x^1gF`U5~Qz$AFt-R88^x~<8*t1t2jpG<}j*yW_e8a--ttV= z`-`;OgUXuA|OQh~h_-aUI|6il}yh`N58?PbnP5eN$5caB1Vpm~10nKfAC2O9?b*>>t9A`99ly z8dL)49fGGMV#)QC$qNaW zg30|MwMHS;y%+eH(bRpR)~vu=P)U0C+R#ST(hvjFg0lgYvwD&JmXWb%`OdgtPK}*{ zZSuwgB)IGDW;*+dl(~%zEe~M`6IEJSNsI0e@2VD)Tp{vy)-@&OF8_Vw!iL8aHV+-H z@t0Ir{XN?9xJ^V}!v(d9mX_A{A3xTh(!kuW@?&p?jg-y2da|lGd*Gw~=%~5BHI5aT z>RL3#NL1Q}Qn-CjF-Lv3tv{j$oVW+1^g$j2(Y40aV1;kciEB9ly-(@Jf|U6r8ES@4|)lI=Kgv zv+c%Q{U}<0n|x$qy|!KIEQ!{67i1Aw?5HnZZv)M1()rPTN?wHLgEv{7*f;wiP9V@LY)Ro>9ZGL8sCTLIZ zqnuE(<(p-t3S;gRpeOHos`B_RPMZN6V9Dvznu%M^E<9@=F(5jt$RsVV{t0*fy16z0>OM8*OedWE&%cnT)Jt^dZkFF z0_Pvpw34#xd(2hb&gNE2jCkjeN#~Q#G44J8Vx)3`7%fZOBloN5XXesZ9a;SpvY1@h ze7}b&YfmljODRmp9O?C(FeTi-?M_Lzx=U?hup=W1cnlRoi$U^v<9@~9@#mqo1*fFJ zl74D#Xz5|4JL0yjLnF#RF7&ZF4-d46mA_cJSy_JZK{?D&h*JW)`WAHWx+_VfO7}t9 zbAFoBAKO-HW5Cn=h z_M>zY=nTaD$EgqflFW^ga%FU9ZGzCqxfkmu&&u;2<}!_#1|p7vE{85HjdZR)H9KYb zQPzI9DFB$2v6*`Yr&HVe+wR-HEOjj6C4YH2+{;m`@A+1+&ui89>G?;3?Y%Y$<3$H$ z@cY}5B2ZQlm?mgOK)&U$LMp>t%bqW84k}gmhpq|9sRzzZjtetFAm0Kz=oVYo$($Su z+XF*u9FUDuT7er6<*z_BTmTbc5C{_hsH9dDMbY(s^#`s}#&2bEq!SVNRNM0U5# zul+{j{4Km+mg}k|Gz-6Y?Dr1*dn9l1-4z4vNqXmlsD6V#9;Vb=AF$puHr^V;C>F^oB}H8M-0L1~BDNgad3Z$ZZAzpX=N2kk)G> zzr51~FJ9qGlFZGAC6f5vgP<|Hus6_s1=X< z)lV;LTzY4!gKZub*}*}7vgGJ zj}R(r)VXZSz?|Rc+UD{H*!z{taGWYD#h9WD-jK;vG@4hU*~l7+O$SkeLmuJB<5QB> z5LV@Udd}>?+CuFl**fDRQo2p#!$M}i;(30NILKAglD=|lA{1%BbAFe9SLo*M|C!zX zmqhF3ns;IU;%z~k`b1Nm{`XkLSA!ip#ZK(u6ib)5WnRX3|5Vz$cXz?mM+QT3&z>uF zZ>@N*XWqPTCtr0RXZoJdqOEIZXFgNTi+xB3<)BfimDTS*KBtrAF=RW*{s+*k|AX~l zteGkMQaY;0tVN!Niw(kKh5d)qSxrWr?|n58i%LGjgtUVJJUIHH5<`Y&M`$lR>#a7r zHzX&%d(G*PExzh)qtl1F(<@r-_V_+gN#SXEP+U!xSKlMdxK%|xV44dRqvZ1C(GwL; zVODz{GRr0HwYdv21-MeG3MPRdU=0}_p5_tuF%f<9vm3Mo2c`XoC-sERrXl0ubD?2j zOsiNNu-|kzg)frtj6p-aiJiRTUi%dPkCWjKxRz!I@+`fTf4J9+`h6-J~U=SP964> zv4i$UV#z`7Aasb2fO)E-smEvU@50Q)hlr8p{bMnlWyL z@eo*teDuD7{G)dg0w*2z8Fo`=x6si%dUEPhP9C3{fu(a%Smd`$HExO5I9l;A*(+I>$5s?nG6xR$ZYe zH8^@%^Y;vc#C(X+)Kml=1CsCk%MH4q1@HyTdVLDgGVX}&dzl?|chA#DSx^kNl)YM- z1$5rW&c&P^{zIF^Pl9gnK&Dfo4zp2B@6XRaKigPptG_!?$=XAmRrPA%TFU3^<09sh9MUbUR-EJR4S! zd`@y)#B{GDb(S4e8O)0j$2k5U#=bio>;3<~&goQIMkORGGqMVCj54y4k}@*NNOqB# zaVm+(xRLCHN>+AuL$;Ketdkjcl9lcLJ>Gmi-#^az{PDZ4`|3KQ#Ctqn&*x)3gOxM3 zbJ}GEc-htt%;2_7yMcYfdyf~H6g)PuFJ_|p^44~z4o3q@|KKpsGa~GjY?f_5k&9c;3jmMM7xw*zWLLV?&$R62PKePLG=S` zg(~v7jy8`TMIq0=NlQzVu|7uGr+TZww$ zaeC@zoLfqGT+6&6XVm_>g;}!7%4n^rikcF0%qi}+SkXP(Qbk-07reGUBC91(6HNP~ zerM3VeG`Nn3?D>_>qZm^%v}=sVhPr-iRaFn$1g0NaYy)Cj&qE(j9k6KsY$Z1d`BN( zZoV=u8h=Z*BIgH7V|rTkr=543Z>M+Je8~;cO3j;Eic}x(OfzDca?~5~tL(L}DKh-x zXj}F@C2nk_bwX8HNLlh;>&85{T<9~#Ke}n?y^OtiB5@`~-m=I$AbWM z{F3qQpb1d_lQgoyU6MR>=|fDVZ);KdN=k*e-0seBv+vMAqQpQ21AIon>4BW=hct}J-X#u4juPg*#c*y*v75g`~l(67M!8wn_BMguD0L&V9-v90^%{hf1 z>Ggb@_%utnnE?5#_3}<_F?46%v6%o$(9HNL4>C;2b3Dm5 zzR$0u*6PvwYM)dbf&#YoEtil(I%91|adDeDqt>(Hqbg$;eyEdFIytknA~|eesQKL2 zSB(gt`g8TIW1jr}5jZzYeL>qS)&}pnPQXV65-8_nE58nesuOy0T}+jT9bv?Y|(oa%&ve~r^MzJiN;Dpp-RikSAW>B#UlcemR4=S?S)%f5N~yQPyvPA;BuG&U*sK2X+E6RX-=UwX<_AmI*o+kxO} zT?WT9o`IoKM@BkLYMv*T4wjNb9yuLj<{ycW)nQF*P;I(1Bf+ll`LN@kk?g!i`=*ob^cGapAp5M!MxwG;N3E7_elGr_<(I4!=pyK%@(Cx2=h)Xlu zb51ue2{GoH_a08jW^(*f=7U-HK~`$_3a%!S?B>Kgv}Xk4w9ZU_MbyB9{G8$ZN9`qa z&lZpId)h+6C>3{-JM7J`U*drBU*_k}MxW9j))5UV+L4+z6PF_>5*fLCaS_ew{m~o6 zqQQVGAhNdl!ERdK`bG-<4U2wBL=G#U)HMuR*CvEq$6(dQ8Qa`z{$WDQOVgx>Sur>z zl{@Uiki#)q*(wkfP{|ryqu8BIM=mk=}Lfg!ulSj4`|eO#6ck?pFGj-)c7#eFLteqR+VVk)KDmZr)C~ zbW^^BXo|~RXNU=+`)84_DLGkQk>|BZ-g4oCK~p`{j?Y@oHg`dl4@-UW?=hSkg)4XMpDL4(N zIVOQ9?t+JlhE^uD08A_Tf^oZn7K6UQ7|j31zcr&ZLB%B5>rS+pUL-xhci8>ecDZ6R%gsP!OY$N*nQa2sJX{V5FpUH=47p^f%M=0AJuD_4f7}(eAjc5vU^Y`q7f# z+Pt|$18JhLPj_>5dWmmqQe}GA z_(@>~#Rk7Dyv~?pxqL;d?{j+oV81RnP+YTh)_P2(qR{}~3a}-i@$K^>4O({Es_$^ZHEBdmAbB-u9i%U>xG&%`V zj2NEG-{n3O>7}tKJlfYdd*x(BP~|c)2}lOB4M`kn7jf59^D;L)XwGYWM9<=p={ceL zm+X&o_cv>fb`5?RUj9}?Q8(r?|1s;{_W97H%lXbwYU;9al~UENkYDU8q`VS9AB$Q6 zB2BP3jg2(Nr&mdxB@Ho=&rH2bn!Ctad`7>CjJp7}PtvFV3VxugBc>VzrjG3Un4H@@ zS6BKTyT3$!g5E&7&|gh*6lOy0htwCs)rI{dvw_N-;iA>eBN-%!OP+jsu0K~_M)rIf zp0I3V8E7mj1a=A_;+RyX=XU)>3hA zp@JgMzHmzkJUsl%_DK6Fanr_g(4^s5ixe^@L=FI80RWxT5VtAc=f69+nqX52Z6OTL zZ;|^*110J7?<=}j2c|t_?=`w|KRo@6@crOhCEftJmeD+SBi`v(!0J$z7W18k(i7y? zj0BpsnR9b<*%cMR_`PCR?A6@k73I-eeibw8X?BUOpHnz4v~Swuo9Q04cQ-UeSzD?r z-kWT^_iiKLRTKt1HOwq5{cxtgsBr!H_eLVzq}_)!Q*@0x?8I76?%QLBX=(nUQd0$g`rHZBCoA%@OxKZ8J1w!1BIb&{Ae`%7~B|YCORg9 z<1f28_Y=ndHQg1w7;UfEZ586fMs0QKB;rmVM9vvHH)lSlXVrm{P3}%x~uCe(SiwvrZWwmd6m&KL!^BRnX2V?UcHE;{pV@$zYZl?FSyb+ zW)n0>6+y3JKmGP$1IQ{W;daYk1Zjw1II~^6h_PNq&0?XRC~UJXp_0Dx>|8v1uHP?pWHZlH--hW>Ij!wJ=rJ=M0JXSp&_Gi$ z&opH!e8~4e`yQ*XYQSU?H0in=t*EHT>a1}_pm|3q&HbO}Dn*OaRXH($ory>ViT#9$ zFAY{AA6|?eRA&JUxO*!$Nd$g|(FN{Rpr~q((zhR0R6I00HtE{>=Wp(1NG9f*4I5C> z<(xv~@n*o*K97O+p+l?@ zpQ4wyJmTJS!g{~DLMh!5#XN+opY7-4Q>V@OmXqVBTFkQT?uFz@M}uW}le;ku&bnVd;v=h*uX^Igd0nVCWLm`XXyhC*gK^!LheCn1RP&uf^V09ZEn<|AktxsJ@xTErC zXm;Ji+(DYH=?y2Ay(;SN2nMxIoLHnTV+}2eefQNBNMf~Kho91{C~oCXCX>mR?BPL~ zjB_jCj!*O8q>F}bVfXPcRX{KgxJVa2}-vUGd4)jB4({)i%2tyN%DwXEc&;))&&K#e|aU@>39A!Gk4H zz=2TS?jXDAg~Oi2)S04BSG6M&jpFgF<6H%t5fL*}?@*@U7B0TsG>&WKtT2Q2N`RmQ z7b`2>7P>5Fg-p8^vzO?^@Q`P0w5^h+-oPD3g$GJVy{DQoANmX767m` z#ml_I_sI01s;*RnRcQ7mV%{NQC4hmE1n(e1B^y?Y$1AO=#xpu>4G>cRlP9k~?IB5Y zc&X1?`0zmDgXj9t?~Zy+fg}1TBy_rv~WDQ7(XcvZu1xJ$&R@$6mGiiXnH0cqGrZw>4kL z@D zojJ9)Z89Nq{5Uc9$*zzue05XkqtFLu%m(&!9&7Hd_}8gaQ}TK$6d;2~Ff=d`GYW$r zI0U1OIfU9nUF0zQ5y&bvOnqEVtxZRwP7$v%Jbi+Z=Mm)v-GFYiV#%V@hSy)Op+P$2 zc19|W&><3hf?5hND+2zq`8@8-9~#UFa!9d~gZ<&$zI5Ne9U+C63f&Zzr{Jx88B?)r z!n+{{zD_7Zv}V2ZBo=?RA$og2}@!}l*g3gsRQWoGQ;FL%PT!Azs^ZDtQ$sT{b@we*R6ZcIB% zht_HH&dGeit?Nqr9=p#wEep18Pl1=MT+rJA4nR7_ z4Qfwu65y^~_|kN~MyAW|1n=P*89j}uL88O&Zn&DGVdyKca>ppBnWcdvtcbl$JaT|L z8D=B(qCapSc85>B`YwIDk!I)pYbSeCZmHIAR;%gN+%y1ESzE4Hz^N7e7dw4~b3vxD z6XVn}Z8cJM{ytyLE&K+##E>p*7-*7$irQn0elWkkZw z3wIu(C$2EXXMVW<;Anu-eSmFWCHjqr*~nFg7_(+XAuUzo78e_wSY$RcOyF37 zQ1y(wlqEmytoVyy{TB|w`$}8cqOel$a?2HdhMjQ(-_4klKDXIx*yq?Rq zutTzN=I}5%D%3fc^$c%DM@;1$ig9kIqG05^&dw;hQ>S-cf4Sf&rFD-!$(ZCN4WL8T zAXu|Dt4Lr)|3H2BiD3=U2sjva-BXz55zPuO$ma8&ax6Pco+C1?zn9?d1-jjq6oyon8*5-fvm$tiTHu?fE`#5y5G0$&+GL`4(T(W z$RW-a`0k})QF)Av6xwI8>Omb#UaBCXfqkMgLrzDcbegc7MT;CR4|I$elL)aZ;Us|9 z4M*UGrtrsYTzL!88Zi^xbX46XF4Wk1Dv6lQ09^sRyZOyo-^|(Oz9PE-blt9dZSH(b z4_-(Y-7bVlOgRaBYy!j5%R#&aS zJx2UEIOwXumSUH&+KzAI%KZoNOgZejE04-y6@REBe4e!WI@V$#>bfJ_iO|NZv{G_EJO!}R>c94P{PAfRld$?Y9My3+=C{#DZd$CNW=36=28%H{fT z^f!RAp%&uZGX=4!)$SNB3Gv0}p&EN^#ACkjp6t7NT-?O1OR8N$7v4duupy|R?F!Ws zXL$T(sI^AWR@yFd?EmtwzqF>LatdIz(wR%2IFFFz(%5688n3A35sJSxxgYeYm>V~S znVnSb{Tf1XDKY>*1ZL!_uCU|R4M~(-#(qIn2g8LTjWB2bLCvWrk#|+t1blV>G~0S}wzNj9gMF^l zLp?E%ZQ|;;i7w11K*FE~NY>&b)QmW*m68RXY&LA?ls`qQF?Rb@s496@U`QnHG+c~0 zJ0VcS!1d9t5KsGgw{!&`2E2FpQxMyqM2LRV$Q|Oe;soCH%&4N+Lov&KLGD?LzY6E= zHS{%Z@7c#)GywzAq-`?X4}G7PLALpS8cPH`th+9LF`gK+wNr`j_EnLJP~)SzC+JSa zK+;Uzvf|ZPYqxc*{e7|r$mbVx0_{{!C9;JT!?X%HW~N-F4{^Wz8sDgEr%Kd5!HZOQ zR=L9njUUcmMD9TZbDqL(&ejo<(^7wSLTJVzVZW$;=%rCxlO9jq|R-47|1P8EZ*yepJC#SbYRaSMI+Vc+%pOi?eQPKB!! zYadF~K9u2CH6vZWLSA_SBM?|uEs&=K2m&}SeWvGCGNrvMW$>)fks@z@Td+ZkL6D{c z%Elc#2poYvfbR{Sr{Z?z$`=om#n0`JU?44HB;isBFC|}Rzs}XsS}g88op}psGmb!L@aV%9t$Hw}^v1(z?X!!_p$hj)KMzbkpAwIJ5YNhYZed!g zW^(?xPqUU6>ThEOY;oXn2^E{gjNBj7ufEPLp|xp^)gAs@G+~l~?i!zh<3e;-S!KZL zgj2#@?&D#y9)?CKajNA*J%*v)&=Y>%aiZ(#uWjcT1?^RNZGTwX_|gc6s$8)^o{@(zV4Eg3WDQapzs(&Qc#L$TqfF-=>G=vZhBRe&CHIB9 zeln%fUshoi97pb7M&-x1j{<}qNZ$4^T1^m{x=g@mcg}pdl7184I2?9AVQGU)TaD_B z(#J!dDA0M`Y4t<$(k#^grhX!rm@vlv$JEz9`D)B@R{Zi07cSL`@93lC4%;eM{k+Q_ zz_RNeG9UQIPlq@kg^1lT3^g6#Vb#f^cBhbm!@g|g9b`Vq^qC2uY6HH#nOt(vJIJKH z-0yfk>Smqf$h0J8DX52_Q86m_@F(JxVAmOUUdmrcHc+l&g18g|KFS@}co|4_!qzdp zaH;d>O<8wuPA6`+max_+01i{#7t-#YOv)C0_>Q;2>3X@Yz~9%7g{Y-m1MUYYA+(#D z?!1YxIOuMWu1=TGOs%f(;>}7&()0kuQ5(aYmh}eb$>iT}e%~90Bh%_Mr~FSRCqdiy zqc<{Vs23eK*HWOP7)UevAl%qE#A3EW+m0ig{$Z7Y z{^CYA*>U_HR3_r=!PIfiGefo-L&l3(PRYDg?Yd9P_M@gl3opZAH8^j6(CuBcWY*yM zFL^Z&QYHwHjj_UuTLkD~;HC5TS^ROLT&Q`#76tK$v9d{zf#Cn5)c^V4LNtRLOZJ4gAV#b5hSZ6| zE+u$`ruvXj%U|KDDJyMu#K&bJVA;WI`s5#jEhqZSDq$$nP>yNjhS+@bosCzjt~C7f zYtl@a9;dJvQF;vqspu6*qDOq1Vfui-cHLM6bWQ6?utwh~Ic6@P`(!14AQz=&Ypk(? zyM(Z!L3@57jn6+mUOAn%1>G~uAZXYBbN&&5DvBJ}7;c}Xy;GC0T|v=JkK}R=c3zH9 zKe}(ZcaM6q(<0$3 z5;V~%X#e(Bh4VKA>L)Z6a*%#4c#Ms3#QZ`o8iN+w5jta#fdiASN#ROChE`KYXpR0v z+YnjoR0DE|*&R+6BvKLIsFR+~uD9JGwclo)V3X>u@Mc|FT2j08LS3U_E-f;YSf@+6 z04+IJI;>1Yb3-8ABOeZ+yEwlqGUApOD~X!+RZSTbD^7ATKNbuxWk%j*7YjIXduB3@-r|Ah&(cc&HLHz~{Tk-j4N;$`Lzq#=zo?sQwhyFWFl zF@EKM)|TxGewbK5&E6%D#-2tqQFKL+b-*@w!41X3a z{8Ogt_8T^sk6`P>b4p75a|dG@=hcD8_cVP_spBHx!XltlNaLfWQ>jh$i=i=3 z?~0VG1-g_N0!V@5j{j>XFs--Jk{8CDE&XB!p^n=Q3kJc{cXpmY{0YvGflp2*^7g^a zn|tge{*&&8#VX9q%xqDoUMwJ0aSeSTZaJDtXx`4z9ihECYO7E;k@L%BH43yCC*7Og zUKYfpH3%YqDgJVjD%wnD_VR06+Zy9GW0W?*^em+%+|v>)7!NY$aPldzRXbE z`zF~BI&CuDCE!?z-UW`9VO947#_big*8vOQnxJtbo&;@H!6{RuRNob`Z>~P-*csgd zCZNsgE*?oRGw{Ox_#p@>5kX+!#6v7y0Q-ZIL*hfPK=kA50ujZR?r-tvo7i6qKbsGZ zIc&b8YedR8j?U+j&%>j_N1o;hb6SBiM2bK0*WzI$E__J_e{Ow9ak$%U*$Qq}p+yFZ zY+aO16j+StA+=^i@x(4b&~bR<#3XW=I9@~Ozi!`$>=u>@_)Q26{`DVIGEHx4pFOB- zhOr&Oxoq9a$w?8y#+`8?V!8FQ%EiQtIrHztj3?@bXAbDgZ-i|cLqG|~Yx<%z&gsuw zl=dYv#&^ItiBdeBKw+*}9um5a8|GwZ>2gINdI#f%b!#Nf3WVm8`o{(q&1+;X3eW@E z#tx9LJaP+EUQ=NS#6t)F$#&E6B0f2XI1u7E95D9-Wdv=DLFcurFPC)_Fz@7Kh+I&M z;65ueqQ*Egz0=WFkD@O?j}eG?-;6yb{~!hkS81=&Y2kFqgg`yg;IbC?)REL&4M%^C znqyWhG3GMt*RusjJK`Bl3zB07Z<&$_JR4|3)!c%b;2qNg(nl#-bvMGG}!^ zk~^gdn97f*`vKYs{^ zcv6C~4>R5@l!33;bo~zu#Zepn5*0JU$i5GE7z!;2vv8Az4bNpB6s3LELIv0eZ8@@j zfU)2)U-vn3eH2lrQIvYjlgoA@=+lrrP8cXVL15rmMz|IK>|<|gTd`y#yvB|SnaSHz zAc4L_H(shfD8(@X=ZxC-V$?+7xWsIT`--{1C{*>PG|REL4-s&mg&Tlo2CS9g7tkOe zmYC=F_@VFeseY3K;xV>d6&zX4MFtxlkEttigLW9Zz`4g!fn~tC1ZXeO&!D;!UzT`_ zVcL0%#4#Q9?!$JxK2iHQG(%Ngqz(`a6wZ!oB==73&GZUpL+CF&{r!Z)YT>2;;dba& zDob@FS8n+4z8=^>hY$opt3Z4~R62y@fj_V|nNRC2(`9-Rf=C}|>``RE(k+J1?WKI2 zdJ*}ogRBG$IOhVb{e5Y-%XIce58-;im`K-+Y-2o&ZCem_$5r)d>C_Q-X@MQLa{Ml# zWncKI9y%52inKl)*f=V1Q3-$YuU`cuHT*dnC|*F@rTj>tzQ^tQY2v0~SJ9TnPzOZYj7EiJ*y`4Z{=sr4b^-`0a`z}X~}V4a2HH^hx$O@tr; zPT)|(L?~wG$80F1z}Mn5u0)Y5d!V;-BYZCSrp0l3fm}%UUB1>LGrCd(SIBfJ*mgYk zLwiL()%PD?wf(VW#@W>n;?nfN?qO@AhYjY7*=z%SxFL?0Xr)hcheg~hO3%F15TWSB z9PmE;JF1heWFWF%nxBpMC^ z0Y@do697%ni;5$d%|x3tXDG&kk$A(1(I4APeiElLl(c9j2+hrqMul=oPv+v)1w$W` z>{lG&1xDxW4ox4}fd7f-hya8L@&p4Rjw<+Q+A=%XJCOE-TCwi0#F3;}*!BL@%@3Of z=CUyX0lxjega*Lk!X=8~)*|fk4z~69Uht`^b54@bOZ=7~+x)1&f z5G4A$RarS#)?#nL+@Imin-aKoK=h&DPO2p$ly(`JSXL8qo0_+%Tzpt$D;h;KbpLl0 zPGTlI?*(qfae#3cJ@b&6osd@0?(xpd#w*}DiAI6A24FeTiv3R}jddOp)QeF!8tQC; zY61ydv}%|JsYgT#0|GVODXATWt1hW7qiOcH^LQ8wXRV{U$WJ+|zj=!Nvkw2Ookz_d ztbW(_r$@*|3lp15S{d4eFk)hEqumXqtwr36R}P}cLbhq!k4=w__x_dMSF^?6W5QB| z(}sf&EFdaoBscEu;4ylIUU7s`umtODYUXf|hO%0eiI!D!M{3vkoXwq;ePH*&p}uhx zpg-5Yb%lAm!VWklK8-sQAMz|nt#D55ppGnl6Gp5G<0Nq??Bz?MJQS!N0~e#;bq{b5p3|3bo36{&GF9r7 zdIjmkR-$93Dt5seDN14pP~=eK_0%({ZBmjx!V(;z0+NRJa!X7&wcFgcS<$%DkbVFS zBZAo0kukjbP=Y*CQyw#(NJEW;$r$I#+EiMpcJb!9K_-q~1nj9j=64v4i;IgW{|ph0 zNK3bo-EFTvxTis)z%ceebCDq<_|EVYDM3{aZ9goTg=5O?h6CcE(=n9g){oWYVB8>k z!|AkU8NXAzx7mJl%dE)Zs8hs|h6)Jz-2+R!(v2}QxqK#;1A$4rAU$q)lV4fR52B*1bi{xAhqy zDx87PU_srq^%dKPAqiC0c5Z1N1 zrM7wVw)jGWLho?Sj)+yrmD6T3WP=@x3|=x=3tRHImm_%q9Wn-SxLffnDC*)Wr_fRa zZUWvU4nWBJz(#`jCR}9WL#~b$b|S;nz`xK2uR*`t&`o8j+Mt-@OAsItqJ+?*am9;A zCK=S@1q37}SrB+H=k$zwnf0{Gfd;4N6t}Qx8SZ{UAm)Os~g*dAn^+?@KF67gQJip&FktW<7$M4erSVrzjNL zc#70*KV)>=VRM3q{o{Xq=0I;zDOyEh#(cVW4NDnSn^RnNH*|#vjRPON6A zKUb=J!kSc{Zg)T4;?ak~Rz)rHkC8(+sP5+#q6-1%-S2X)cj$|Hk_@z^XadpCvB#ax zs`0`q?Z^J@jdM2)2OZs)c1KyU(dg2iKgmH0VUs}qBhiEAe4^3#^J}%ZY)e7rkG{PQ z_7L7Co>B47Mw!G&2*V?(Ilbf=Qc-a;wR@BhK0rr>ry6jOQ@2!uIlC6#puA?gixf@dN zp&v%Z4G!Wb22)=z|JaQb541FRk=BB7H=}6)!|tA?E_-nH@c8x(>me#A<^L+X|trZh`XQlEP3ny{SOO3KfWdWR@J!C9-)J=OO zaB}HtNAB%Qre-g^$I=BVW<4MU87cS&?0sr$Dwfi>;y4YQ0B_DZ#Y&Vo{5_|`v{!Px zW~EeY>fLULJj<&92Yc;U`fycb{+5+h`YHpYIUrk#$a9j4%VeI*3>Aet6o)Pb8p7rW zuotO~5WK$>ZfA@6F)F3f6Y!`D4-~j0>}ejEe)IL(hRBB9oA|!EY7psDjtX@N zZcXYnG85>@3;HXyOs)9P)2&5(Id-tt!g&gJEfI_5Tmq^nvZ@;bC0t(M8o-y)JQM95 zs51;)Tn8e`7jhg8@5XM?zvyrb2j6d?D+w5BecF1Yn73&0uxc4gBA*~kx%*jOwT7+M z$0o3)1X+lvNkoFd@blngo9pAO>Di^oUr@)PA0RTX5v8$~J&BUi%22E;Kx8~YoC$K0 zP~!wB5sYV`WM=Dt7Fhx!W%td1JOJ~cag7uN4DLV)E_Q;69cJr+X5 z1*#mkkMi5mh0)DHj|CleqcygA;xR=$sXlph5~3d>5E_+uXvDTFr^o=!0XR$a1jO`#CK+BbLS0&#Q4;@t=9Dv{nNVTC zl^|geWaU7wj^4ji?f-K?UwHZW%;FY8$4$h-E>X6pm@C{V?0NYY&D6k&#qFL0?|~qR zSN%IWg8G0VNf%#R2FSG-cDpH0DVu^O5N-K!sDK`$R>A=FScvRHT+YrG-_PRFh=9F_qT(g2bYhu zyT^Ca`N-QUy(k;F9Jtze!w9#5@2h5kPayzqwLT*&3Bjg5%?=Ibb2s;Yo7=bnd_7EA zIHc8RfHD!vvp5V)!^=7i4K`9l~@+$V}guo>+Z>#LAX-8spFbjo1m0d@q1Rl&;C>EIEL7!VfxDLoA;_<9C z({>XGEY}`XmN*>j^k|?SfyP+rG%}4Z5#CsAt#>q(V@Kl5dW7!Pqi*S@Lr+$9X396&m3Ep=9s$1 z3!-^cybCkEWK!211JP%k)QcE(Ixf=g_ohKZv_&w{8K46*IlC2%K7ajW4O%LE91**Ot;&-5VgyPnqrnIVPo4?ya;Qw{6XkZbL0>Zj$ z9CGi9v-=Z}sS{j{q!6_!!Hyz3@5zFiQmp#qVBWQsr8}zWeZNU|X$KU#I6$n766K7` zR2k*TNrUbVf(Q)5y#ZcK;8W&5~l|Prv6pYf;H?s_^qQ zJiT%KdNwJi^Sc^=E+R)OLTx?L3$Or!$<*izRd2B8Y?b^lFv&}MdOa})Ssoo^L;gM* zNi+irgdj^Om778Myksej~Q<#wb5({*w8jH_YNPtk55&n z8y4=e-)yPKqG#-Rx>RaAC^gknggkz_PC$*v*&Yv83adu8_e3HJS!z*4%NMc<;xWyW`7Es*wz0|7@nK7A9W z;xTU=cD{L-_Xn-iIt0gcDx#^v7IkVQTR(%JG!Oq-WsQ63qfhl(Uy4h&U=Lilwr7t; z-yiN#Si1^U8rKtyLj=NUoPSTp;ZEKwKwrg z@#ms#E5-QM;a-}x05%O`ceeAR&sTS&+2S&RQQK>VH(Rr^>T5Ia#F}2Ni6+P@S26`0 zB37o*DMYAo5q^|Idm&-mi=~0T*t6kZ$9Ychs_-qLhe24Z$`PSIn>0eQLByiSu|pKQ z@SrlIGRD9$wf2v!mjoKn>o1EUnZ;iuB5Qx9VG-n@qTx<||S{Q(+iuMgx5@)11hYz2;2&@@T z2|hra`Q=CFZgmIaufa{U-Z6R+SZB1d%1Y@@EpLt?`pb#3a=qHlQlgq6oSwW3uRe8^ z2gaar!(4@ZDXOMJ2d)N)@Q@as;ZNI&Lfo_v=N8C0s1Y(B&ak)E0r`AMpU#kboK(6I zD1@dMsc88hx}hZNH_?k3^~~+D^G@Sz+B%cXkC9Kj9}AAUK4LKh8UJAY1@J6pVD!EY znppWmSobjfqFce#wT`f%DxRO7=U;&A2Et7AWH2)j;Q5dPkTIgtb&yf=@GC%d{KNhP zWq}9zBfvNykpg{6y!e1=FOaMk0zHC4x=!|c78$$+GUz2Azj89^EckE8XHXDdGw}DB zc|9#WJj#mWy3}Z*Zkl%5k-02bI6=MLXo^|cr;#k{*!9gVOe|TtsS7Y4Xec6l5JCqa zqFzEJSuu|j5Yfqo&NJ>bbU6Dl#i5Gqx@Vd)(OKF2ZNMy}6*=N)=Z;*emH5|?^)KlW z3PcF&K8e1scS>p1O^?tm+@-7mv^hDGTfHX}Xr`VDJlGkB79Tq?zHEvMAwRLN6kEqK z)^hWJVYUr-h5kCTez70dRQv}c)S$QKRn5l341HrLxn^OX zuUP@?{&>lcGG%ypr;VKG-J8uMilH!R({n(@_@D#zr;j^5lEED+4u3ehF0SJd)|oe- zDK%C2y`FKod_(W=rPo$9d@0Lo<4Vnaza_)+uq5>)+^N`Tza>#xzr0)E_JAcrQ-HJx zg4+Z0j>sd18!-J8864VtV=`Q0w}$$T^0b`7t0o`UBERON&*%qrh2Oi&ZbPJo6&b)H z3B*>-OTgw(VWHC4AHJ@-W}%Si`L{|8^)#$$3WzZa!5SE|v|3yuypO1Bgd8+K^uz*P zQ3?B*ho-%o5uhHTB=x{cb&+=Ek%mgAn%t70V(9R6jhMvylwP|ThDh;4s`idkF7RM{ zNm@4il7{!5k>5^#i^F#fS%qF!cj?0qTomrDK_SrS5;$+h1z=JelbVe8d4C+k4jMw` z^nW8WD%blabJMz*CxvA4B|9Pan9kPI4dV)50vmomfFE(S$^CBW&*BBHi7lzYgjJ>) z!dYlEsYVn-o)#W>RK*k3RD?7rSOM3^kk|!IN4V1lpJ*`DY=k`<@u@S1EjCX|zw|iuP zeOz-t>y+`V7LY#QWxwrmj2WXE5p;pw^npNLkPD}KRBu@-851ZG(u(sIiMVgEjsUra zh=OdLE>Gi32S5fhG5&G_AOgP(SB44TH8f5ir%Hb?`*hRO;V{EQz>0nzTnLCfs*%h3 zNj<~e)uT5KrRIUwZ>nfmxf2w>B`V0k@1D z_S^Xm#&G{mK%>C=GWvy+n-?c_*r(wcyoVuz;A+Gw-u-{Y3eilBUR%ht9&D$H%Ck9i zaKGPF`Q^Ul*6ZQhUFi@TS~c z#+Tz?ov)TFe>js6psnxIOxQS(!4=_$-Q|~%sgkYx`ie?e)zobo2-3O)%Lun$Y&e%JB`8;5uJO#>Ih>9U}c z2cfmxI~h{sVYl0`A+dgor)&c0dH}O-P=$tMh>;6$TS0|>EVYcN)R$`ytgKKW>1WX6 zJO57v4rD@{jm63PpIXOw7x+6Rxb2={pm)R0Ss1V1ToT5xT$0y2E3La@A$#jgYs_&By~N5VPy~<-p0N;(!c3d7l_U{2Qt)v?c@ZhLNFn}% zyx%WSNFfvI!U)a_o4gi9$eGVrb20wo&&8cS?-mv8wx8bj6~>UX>42-JEP7^VmSZTH ztVtA#`J6z9u1ki73S)i3;5+%Oj+9T-kVXS_2jmWz4oE1Hn9weNg-8>J8Op z(+Eyu;^JfRu0iYqD0@ zy9-WTeq3ELvlkHt5InA9zE%e~VdC{l&8VOI_3IkwIiO3JaJWJct~#b4nXf4?s4%=o zc-ROH&A9W;j5GSdO(_NR)9z&;Qh?VG-_++9tT$s+6LJsdd(=qT_IysAOHwyYXWFqj zi%O$!lc$kowk~Fr>kujsnsm^T_<8uvO{z?!!|2XBqb4Svc}*e~b!6a< zNexRTd&%mRfK$Qu)LrDbg=lNI!_cQ5Y8uYxV8>D}BW%t4k?5Jpb$m{#WyXk}U>cQ%e@#-JmvpU{)jaSBW<^w9` zw=a+BRJ=9D|LA93{mS}tM2^CU)Jc@tZs~x3{N1G@^cuV}C`vZs5h`N{l*jdqe2Q3Z z!YuFr)Ho6=ar=SR;C?C%3pg<5UOE{m?-vUz?z{EvNU+f3a70~RXA96@)DE_13v<@v zA%IW@ryqbG;Z2U@-hH%*KFbhCp1=xD?2SSAIetymE^gDt;<;39?H3o)&_k=a@^FOJ zZ=zS%;O2NMQL5nY_qbjxxg6;Lpoj1#(n(hHwvekomm}^bZp$76sRL_nz+#DO4VV#PP+Pyty>2H2h9k zbJfDNl>)w>W%q1D{Kmmh6*hdB9$=RZ^ozfpjB(pHF>26mlpObMnx`z|o9z{8maIT3 z(z+egil_O?jPt>X;+^;#ihKr7RCjAW>dG;y8aAyhIe~=@9I3< zMff~P?|RHmmG7MSWtrOv`xy~40Uz3|yUy^#$jjNfK!i6n(w0xL(_6&_`1wa~DvxugWq zzW^fvY>tatS1cV?O9(R7^$tV_BzrqVLW#8ndSEP20P2pM?)&Od`!mQ2hpVJ&0rjjS zm{5b_V<1SZpIKgBzR&{uB9>yh$6tUE8pz4TXvVi4PLAA`G1ChM8Q$Dswb*(XR3_+9 zzTmMdhP_cEMT-EVa2A4*#3YY?3HO&tXjbxhy8T8#t55VZi1;I7dlmW@wdU214%?TCy8`;6Fe0cgczQx3krWj>3SD4KsG%lyLjn(yC#EcY9 z7MGZJ+lRj%MdqBw$`cMwZxHn8pQ#%53Ai|zdU zkMFH!He{ktQH@trb7AScY9v#g+l}n^Pbchd6y5Q#Ll=W_5XA_Oii?X*?G=vDt*90x zg&N6Cp)v%zcJd$>OWV-(D~vuKC#TREfLSG02f!Icm|Km#SH#MRg*n7BlwV!;_F|q` zoio-=bW6Cecs9po7f;eYWh`TM>Wx^I&&)kqtB6erbp8ep`?}1CZ^7{8&v(Baua+?;rUk^;aMgZ)xO&yl9aQFey zA<~`TMk>G2DcMV3)|btw^&KyePqU8y?|pkx)jjPvrs>k!+y_LAVxptJ{Zv2mcD|Q zL+nA);JIMneUMH0LFP#8vm(ytpD}&Qn<-1)6#M02iHbLJs{?Yq?u(7~UU&NNALc74 zbCk86Kg2R=4BBWcXa7{!$xxv8ZDlMxI!6+>gx~IS{QCZ1Lc|+)n!puJveWmr=m!=N z3u~UWoJi3++x#6GTtw615(A5V{Yc^4K$i4AykvlV2niC4tcM@;P+YlQ3DY+6m!kPq zOVC5|n|`qkvT%?olgZqz)_0>kC1Ki=tpn{bS}M#)7~b)lI^3P-GDGrjLrV;N7=dS) zb!T1UmId-BI0tW1{af?-zq%ngS@DT&@^%rpLYO?E&;U|}BS_q+=)=j4J~TPIJd+~v z|G*vNIm7SxbhUDI=m0Q(kpGBnpKQWHr1{w_?+27cV@jGDWvF6#-!d8_uGL}t)yS5jmOJ8z_hwRs?vyH>f@ov+B%$Td2SJ1o)XamRb{nYUI<_DX%l^7f$M zVBo8btp6OgtV1S_9FAUYAH89Bs<`!9OVhY>i5f>kks3{s_k>lxK4xW5FvP?PVJBfa zq7TSWvAE=6pM0=+|AJQr5SkA1-2A(Yl&tc_ZN{Fnd%Y-2eFMZEs19TA2gK`v?PCxn1JKb&Je4;vkm_Fg zDVe8$TtJ{AN_#!n95+RNm*asR`bC#XdIhU-Bu!j9vxy^;eeyRAHc^&fVki}$C)TJC zwYkZAHTOksR>dk4v5_6!Hc`azdP8e~>+f7r#=)P*Kr*8pHo9;xGO=UyEzLntBM>Rf zuC|i^5UKIaoZT~`mt|1KAIK#~C_TGf#)XUgp|UbE z?}^F;PLX(@7N$oai5R`VX%(m$Mgq)AFPTWaE}j*GJxSFcz;YpB0fn3Z7_vH0{##40 z7v`y1t9X!5d$s5J4X<1h8KlG9qP)|Vvv3` z_{hb-=oI>22aC~*c4?<(r*#AKG$IGY&( z3PFa45w}eWTQHDIOCLZ8C<$8#fFZ~{fJf;^3eA@=3_c9?QdX=&rc!&SJ0&@bAL?Cn zT{yEbt`o4r`i#-H+U5POZ@IDW?~aO9vDIqIJZoX}>Jru%ti6^MD_s@uDa#3z-IV!Y ziXZVXW8sgIYyz?V2~`5Lz&PIx@N7Zs9miGMUG|NCDDTP{xrT^MXfqQ2EYDJmQIXmOc^ zR6pI13}>@RPumh^2;B z`Oz=QNFZA+o)!6Eb@7U`&?ut?XJuo!0JJmiLPFau#K_ z;%ARbU+T_X|JYzrGfVR(ux4LJZDQ7naHm-E>+l9oE9LB=Lnlae*OCOvZN#c zAwy?)lgov2nY5HvZeCqk%Du}TPVBu0fhfRVJz8DYH?-stI`p3%S?>e(;TtZZ6E1h3 z9lH=F=pv2WMI6BhQvd?L=+zQyab%Ga)2HF8(|4Zi1OR~GzR^YlRPq_}9NhS24o0Wl zghW^I24A+MQNts0#ab{O(XXSiah)C8OVkdctAU~l{}K6Hc&OHAUX)Y>#=-@F;~Pc* z+yU%_p$c+3F=FoYBB_wQHp#1;TpGqkfsq}P4px{(W_+tI6PnSD&?PNSyGnPw_>+${ zfIU1O+nU$CQXC6iCxy=W%jD)w7CU*I;~buq?R?=cCJ_-4WMnrr(Iqc8*X&xY!1)T{ zpk+oAVwN{BAcOB&Tgjw^LtMTabwmsA4EO*nEy2b354MY=Edu&GqDW6qJAx_04r$_; z=Zrnbx(^F~cj`SBEaYFKG;y8aX1hAQBqquoHNqk~0lEf!y3WLR71r6zj}xkkl9obA zpH%WAQRi^nA{UaA?0z%#LfVUrJpu0{#KZm{V{ZagW8Z!On};%`R74Syq(q7|&>+!> zP#P#SOQm!gNl7J1Qb~hC3MCCRn<{BI8aNshnma1Z_f^_@tnL#Q;EhiZLI=u1tbqgE#j@ntX`9{Ytl|M$(KaVQZs2`m4pGzW z2(>y2R{{e0DB?Hx^7zfdUbcXB`!Vr{E6bJ=Xa-VkkK_+ZLG_Nfbi8iRv9$GZ$Jvd& zv&OOeC(nooB21-P85*}7^wKF_cfQm&((65Omd zCS+L#usywk;ZX7M`O>+%yqXRypnDiW5Ov7qIF_=GLUj`3Mqw>{~7 zM$eBCdjf^&G3w~|UJoV;JId(w3_|?s`dZ!VF|ucJY6J_xrvA)lt_>aQ--xJ)1{U2b zm`F#A(;_Nqo7tO3)X%e{zz+nn3K`Eo!aL&AbL!>Rh`2JFrsJ+gs|H*nst?IsQ+yzO_hM;k8#OnjAJg*xp+xI{ zpGG;ptpBU%jm2JPIX?jrM`t1x@^-Pb(dg&k#f#2xu5`azQ*x$X?J))dQr@qhi4AF3 zHm;y$U8@PI2^{l~_jzdhX$v2Z_>FQ;1;;a{+_fJLO69FtG*7{Q!qXVbn*o%f1Hm>4 zvL~&{ZD28qFH(-Mnhp~4(Lg!({hA9dJ}&S$Bfl&I?koZ{a0@ls)bUTSV>?4b+52{FM( z3rP%RLBGe$f)sKQ>R^%xuLD@P!`OZwK1|dgi>ErE{ zrpG)Jh(aDOAPlG$nT$3Ozk~zo4q2;l=tIkn06=D!R8zu@T%wO(vKfl)fDkO|( zAHb;qtp_Voz>?nXYIu7r`Ez|hF6W%)JYmB-*x*D~PS~>2DE)BjY-K{U}Zo7RukbAFv!MOA5fBah!J`Lu|{Iev8;3aSXDKXb6D;`Ner%Z}q2a zGs^`u(14b!!El!}vrNbhGJ~g?W;eGgo}Vq3d}gr%*vME!!!S@CclTqkf+*rBzMJN4 zk0~4+RDS4e>b~f9I2>c-4`oGol!3EAJ(u%LYmNhlWYOG^Spi6~)^eeuA?3_SHkGqq?6avx%t?%OcdEM5KJqg1qxrr|xnyD9 zxO3AR*Yi~SHBZ;g8<}7Li{Ii!r?;uz%<1X->nQvmU&?DVGLmO2n2^0vbHEc#Ts&La z#<@Q=-gef;NXggVdqOo_6$&5P{z^?WI_uzjDXZkYE}z-~1{7Hc-L#(OBWlYp;R*jz z9%=10DIw^H(I3n_z6ezzxu(^Yx$UATJ+9si@AA4I>D8T20^gNcz`P!hK4#1CH33~( zChDHnm`;DzYpdQ~ z=h|$z+fd}H2{bXVX(uIw+Q60fY%rW7qGIBQhRIJu)51vbj`ci?Hqpp@C#Jp6F3>RP$` z^08gPPUqm=f&JUem8tOEzz%G3-y2NU2)>J?5)tG-6UWBJ=-c&b1q1S*i}_X#gq1$B z6i0x8^q*9&1e#-h4)TG%9E+BvFgsOjRUk)`y}CHvqE}xVwDWwSj&P7L%xRfy9s{*WiH? zh-A(zlprs7>HQjX5ykTXkNTFpE^A8O@woFuMpG^RsEbmVb6|X|b?l0KaSj`Um(qsI zgB2*Kf|`<^m$7BNnYWwDxmFeF)PkwFhe zpaA3CW!}1C&VG4`;>;;HkJ${_1WUyy1TA(q+S2KJ%HrA5Gu_K!J_QF6V<8MKvV#66 zUpX*>TYSg5#{?F#IOyoc@M3sOS82>v*neinirU}cT)xFe=MErp1N7ERxg-?Q5c|6w z?u7h}G@Q_M)}7klR90lL|0U&%qtrEL&K4OL_m9+>Z&))XCdH>2T<8qfajq&-JpoxE z2^mosAs9UxSgjzQ*R?6fh@fMF*%YdFB%|-=M?&bX9+&|x#E1Yh1|YbPyv$)?3X%hW z4ESN_Ki~iMkLoAjKe(yb4UXOz6&!ZN-1a^cS=v5;)#)2Clm-`EEb#B;5B9Dd{c|}E zUJqCDmJ$4B$Eq{u%)-+QV*|hl#22DzcR&L$q%E~&j;)`^M@G(-lRNj=ytK@mS@WGdqmWk}MQ<(>>LBa)30=gjl$cZCF z$?G3qI%l2BQKywo^nV63S%Bf0djt11@Ofqh7fqMiuf|5=s4nf7?<>xL7(Z8OxwB8}GscI?R z(`f!~&9;S1`i<*ZqYW{{qrB5U3CzL7RmvNYg^1X&)< zkEQdh6`lWtXBXA44gh#Scl}2|jq?f0I?{mt(oVXyV&e)I1*Z__kg@2g`-(*wBf)33 zx>h@0FC1m?a2#AZZ}w2bsngf*rMQZ%(TkaR8R#A;xhR;h`v5N%A(}?lZB8<3bfMg% z<#-vXVuFU731L`y2CQB%??&~2!Y7;N*vz%Amz}Y)A~O9s{Y6i1mC;~(h5%oc_(#U` z9O@+>EEEyt9@^sqNDA}Z=bZ{||7)W#HFo+^-S`I>jiAOO^GpnM1;;nr$j8}UKb4{X zWxqIn{-yk~Z?ru6Io-xu!$y%@lB&Ys@Su|rGc}knI!5)piK@MQ^jCm5;TS;51$#!R z7dvRF)~nsV2Rhq&SzE5>>j{^BakpFqB@s{^4D^W+1Vpcszs(fh!@?jy>#>o?a9Yey zGlhwj#OUD%OAGb}YHY}aaNR+|e|C%>DCIOBerp%u=P}hNs84}NG~8+7UWr-3Kn)HQ zq|U$8q%vxxA7chj^bDZ~@wd1RdVauE2}cvHOUB#hjVVD)W4w&M=Yz$6)le<=gT1+C zX|;hNQ*v2_x8C{Rs71(vKGkjz!h9mB0zg81i^6Lmeq&a^WE&-5QMiK%UY8C%65b^6 znr*jHkLm`2-W?@5^J!{rRE>n{6^Tg=6OnhDWXf7MH&y#zR}T}42y#DuAP?6c-6Hsw z=rW;9NArkZ!QBU4^n~c$z*h5{JbrR&%Q<%_HEeA%{B$W4rwz|^o;a{k6cmue-1)E- z*3y`s!ZN)#$C0D-?19FzvD`%ise+615`T2LuT_jGJ)=u&b#J0gWRd< zM%GZ4)i+>bf-?|IZ70stnDWDgI)z52@z8*FUOYCZ(gnM_J7x#mumvAjf8EeN8-nf=i@xq(lDJs%y`WJ-t_OeXu|K*_MP6KT6q#7OCLj z(-L$1v7oc$VQK4jGG6w~1Q~K<3-Nk5a8BvLGCZC*>wq0@m(80s^R+?p((~W?Jqe-dXU99xzcO$p^dq3?vk-=0fUB%lFeJD0%z$z3oF4A}{TkxjyqQ^_VfX+y` zyK!QIm=T;{-J#qVjeCw8juePQNRZY~{rHrCoiJxtszrUug6?syOU}H@9$gST9=Jaq z2^)XjrUc3uyd^<5yrnLL&AOl-mizv#^qf7`2&RvSU3uh&F)<_MB}kgE6T)3UYzILB zRUfHp;MVh}kjMB(sd&K$1UEmjUx0W&V*FsGSo}!H$)mb=^nCyKbOY7oEs6phckZbu z2q@mp?NsYJ3pgtEM7Zt1v0LMxn@-xvL;>OHHTY<;KWJ&dx<#Rv%+dRiYXW@<8LNWD z7~DQx+~_H#b~~#5=ZJ2jtFhttFHXOgIHi7@yI}otao+2BBGsI^GdesO;O(FQm2n<=xU9;?vBXv>W z5(mw5(K2DHAF56G57U}I@y$*6JX{U-0q0hAwI%j@Fek?I_pfU)k}V1_0Eu(fMv|yO92@D7^`5)lF#k3 zbo000>1#J-otHnfYxS4l^-D_JElP$&(o;{M*hG5(xEA;W5;;mf#4t{q-?t2|wd|Ee z5eTCy7 z42To7LI9n>Pyb@+e#Yb%{vqB9M-QE1pR=gYuPFC!%I6IREb%OEpMTt59WI@(XYfD3 zXMOf6S1xUO`lVPpbR+DjWYG73>APjimJ@n<`&jmw_CXhteioQ(6z%w3UuSR|(t z6??LlyVhU?j&2%FDrzLydL&fOoPp8?i4l5W!a^41R!`sCiS&Si`EcTfSx;(93CWa6 zB{@Z*tb{)h;5?CSbtb7qYk)57?Af_s91De5bUFNW4ZltMMn`t0uQi9nk2|E~Vi(Zw zLRaCv&|SR6^xCWlK?0UTEV42mAM?(UTf`@Q{>S(bo!rQ;G#UhaKhb2qUNN^^`}NQ2 zT~@K)nrvquUOu94?kZjkqOWTmbmosYKKy{WaI<;-tPak9+I8gp;gM$(V z9S7;aF=+voF1c!-xKCyE_LS$lZRymGF$(63^&d!{IVs5La}@~hBrdn&YHU8H^-h1eY%@>JXA9> z_cIRcvIVDbHjgJ8ylpKFOHEJrM%@93%*4R~-WaoxodImC*Hrv;p_PhP7&t&)Vb2@Q7*$T1=X`K*N4N9e5TM;%!Rw(r>%aU zmV55*WUW^JRM-_aH=}fFm#e}SXfIgR8oFn1MjPf~0V;5A!+;K_40Ez4Nnj!ES}~~9 zsx5z>Yij?4EEJJw{=vGt!3l#96S!7mVn)EQF}Gh0(TkPbzTc#l-t4OMC|IhZgU>tp?-_8*2##|!0vLct0iY;w=}zQp&vgk%2a-B9)^3&1;sTv03)I<-yq72~a# z{Ma|+7W)g0jyVf#-l&|IKiqYzo+rBvC)DJbXvWsigDN*-dYJ?-kfy=jh}(*q@7Jo$ zyo>y;)*~Jl)j8Cjjqw@yIwaE_eG~W(i_wjl0}erd|Mum6AAAh%hJ~fReChS*(MH%{ zw0ju)b}h~JRVqzWbaxozXQLR^fA~hR%Ne$eZF*7ZK65fg-a!d@-3 zG&;(9RQJTix|TBBV&L59=%JujKh@pm4B>}Sr(cn|fcA^LIAQXxBNHht!}-E^d@%FI z@Ei9IqQp6`UGt2dB`5#-6uRZa$&;upR&dUG1v?Tf5Mi4ORvByJ47ze{$|)Z7W>*p5 zP=E~4X?=mVZnFyp_7q%gVtj8Z?49cA{na!X>3KE9z1!-9v9agF=+l3dA=SbcfCYh) za~j!K`h3G1o`O-8+=-qXXAm>{e8k;;s+VH07x=2th21uPOo${( zfzW`fDEQf7*J^(sug9(Z1G{h@LET^~BKSZnAk+gmkP*L2FmP4{0yq;`7$if#Bq~@C zbCX8#dTPw2ACsV$lJNcb@81{ezHLI83~CmT5MZ9@;&G5cWIOWSqgda3kI(eK+K%-d z54Y`NE5gJZhgWceJc<>NVUbk$gG})m(V0Ab`V_bC{ijcCh;N|A@*WYIzbG|8O@6wy zkAk}m@&iU7xaUZ%FcwG>kT`U{3EDJZCAg&cHxK{UbPsh8AZlVSYzM= zcRQWDKfC4{4g-XxmE5A@;>5zYcSI|&Fsy!Ek(fx<4H9ze?}0517HaO$*OQ}FVfo(1 zqdvxO!tw_B?OEq`X?d#l2t>8JZ>Q|3$iDg43HU$0j26(`?N)?t;;60)R#e36sJ@z@a?a1U zG_QgifS}N)i&+K`J00Q7&rjl9^!WojgfQxpN+BmIKP*cRf}vdajaP>gN&6h78IJ(j z)EiJ@r!G_-!NW#B#x=Lr`k4CBL}9k0x+_BVRE-1`n4uU?ZwflHyz+|ZIdUD9F17d z<$NbDIN!d#A&0-YXt6+4WfWT%C3-^FLw+hZzxkQa z;SQm|FSsoz20(v7$SdZv&Amc`7h>D82UVy{AX~hngD4TjRi|9BW1er3Ish+@I%QK8 z08`*PAXE?n6=ss);X~W26`0|CjNARI%C2+2Tlbk>SsP`A=;9v-XzL$uVz~NZrPMoR z_N+&@E{@6GQV7u2yK~hJQWb!nz?&Bo;Vhoe*MEn^_fO74Gx;nf#ni#U!BWr22%cw` zQGe0P&QAThT{?G&LwIc(Q$?{32ZGrifKG_iENb108-?o?q{?J~XP>xOLqF730i)xzf}13tIn$rNLQ(J9q_`GkIu5(oGM7|$m>Wp=*=$5 zR9|Th5V{%8nDCRzvIXBnCMtS77k7UsB3%r90d#0+*44{4PES1b{Z2VOeS#tgr=_WursWf3B#*1?Zd=x{348@`Y%xB-Z62`L?R- z>LSlcWLanE7oOS{&JY=1j=Bzq2;5wfL6AxcO-#H-YD@Z7{wI*}Exx614!Uy@b2|$Q zHSZ{wqYq&91l&AORs43EIJ&Gg!09W4AzLY<&3hZgB=#$;UAF9W`k_OI z040)7w?7`pD0$7hijRy+n!I2L&t&nU`H2&aEN{!2aCVxoC|fw!t7;dvc@hU?oDD#i zE_q9Ibqjgf#~fNDg!-GP9yE)N`ys{l+Seyk_PupXmo3RIzu9-1%H3Vh#L*rIvsq@W z!b}Y^6$m(lOHH@dM14|-n$2lb76t$Zk26a1WB@$cpBYBHS{* z&3&&=m@gtj2h_#5PTh-hzCF1Cn|X;P=`8+*{&WAn<0xc4*Y(soM0YJon#eOs5k7fk z?PTq-^K zvfjxbYTxQv6BgG*!*m2S+z-@$CRwBa)E6_(zp>?b@()y#Br~ukMHrdw5{OaZQ}2cc zFjs*U)avkegqZ^w7A^5TLbGY#*UN|T5e#IpARK5SsF9yq`)h2iD_jj$n)1|B=m7~E zjRmxgucJ-Abf?`gq1MW$`ty*FTel|v@q+T4#CPGs&~@Z z4yPS=7Dt`TyL%M0G{=%OES2j4y}(HdnliNVGi`1^Iqv>)g-o<$Ul1NvJPddNFXiM@ ztP^1NiigyT4zX*TBYr|?Gns14$K2x+EOI-ZM?95a*5FqFW#HEtrAY78i;@kFM;i

A?T%?jP*R?9mI*?U@^! zqqltirK{R}2$7L=42QwPLRg6Ik`1y*LHX?YbJC~a8AeRO zsPu+=?Am2)#^i1q;?QSi?_qk&z6yVE-qu5KGT9+7M8D6@uD4nSduONr+lIz!MP7rYOy z=QVEykJf+fDX<^VRRilivwiGi)}^ujvj*807ZQn5L&JyhaTz?%$oGZcma!>5)OKd` zhQBr<62=Rdf8w&e*7+RUE>1q<-Mfz~R;)U{0(|a)F>=!Yh~Db37Vye55YpdUOX=Dp(^#_v zMz83E5;ISDd=C(OMd#eQO;eZfe(j=5QzFeW8MlouePz7=rm`;PDX?W$ON)YoCDw$b zOEKp=w|g?cr=J%V08zx1V-*{sTeo7U@{dE4wUh!aGdOi1&Pn}zHTReL!I7iX>RxFS zQh-^(t$A%kqP&kHkENfo;1Ty7GMhR*>f)q&L|Y~<;B5KFA=7~nAsAVX7k-1Rx5)Q> zVkS>reyEaGt1Cy^L{!%@^mvI!AIlSlISJ zdiCAVc(}I{71{ZbnD-~OB9+_D?&oX-GA?0JM&G|lW0E+^WAQ8y1N1n`il0Bt)9^kb z5=w^i#GkubOQA3!#>4;QtMfm&ab+Fnn(%@{+ zj@W^0o@D@X6kbS;g6a`BzdY5K^2>DxKmuhQ2zEl7k51@*_Ym={c03$5`%w&`=)gRI zwPS;rwD2xEwLJoaf6VJpzi$w#VM9s@u>zkOu>}Y-uw@Ls5l5aRjeojZz|$(r+2eNC z=$hkS^N)#V>gj8NOs$Q+1eyhcj>A^mxvOvYdLOS8^sTtRaZ!g}ELEO9QkH+MXx--> z=aI?)Sw)sRo#qKB+`d9alFz$OCaziQY>?L;oKrN(NEyy;x%v4wNiqRn?*oA>E;YIH z^yW{9$%9bdTolOn+Npb$m|?c}(2ygFAE0)Le|C-mx%JM7e>I(aNArfmQ>{wATu6KuLTr=rX_V=En-*&D^Nvl$O5S-Gy zE2&)#&vfi+=A4b_Zi$9aWCdXMj&wVNfp zLtE+DvTi4WKOhESXaoK+w0m4bLj!y3W2=jn9e$&WRu+>s5D8ga=7J_)%>>sCqS`$< z=z?H-0k`@atI&*E8;4jEI9H| z;m9cvl6-2dquJiy`~K>8tHW1Q>67PlbyZN5KmFpBlmyPlk+Z*4;(I~9Lf|Dre3*DS z3)fJ63PVBg3NM|$KwH=x2spayH}%Q)sh*= zm8f74<1yyN>)&91*Zg>*v504Tb5CnYcSceY!ZUF?fHhaEJt`8I)d9j|?{(Z(B$iw| zFqJ0bnW(VA7-o7zSc}tubW<6$yL4P7i2v}10FVj_Ix8iS3LUk%#g%T>FdvD0PPh{LW3kYK_?z(Dz!e#O8qKzb zjs^~gh^&(W#{mlyD%O{RP(*hAl$-$|J~L6%^LELN#Ag}MGL)W06+`~&aCbe4h3CI# z`(Q!_{EFkD+}&ANg}aDf*7?uJ@kRtlLJ0%IqpCA~!Ty-zH({z>*PR(I=>peRLhb0T ze^uB{hST-+^?3ADr6N`0E5q;Qwo9(J+3u*K1N;r^9yVq6;(HNE4*-BXBVUY-?d@un zBi9BCi5_}%7?cWme29(mW_VX{r`1Iz;a~=atYwDsZa2t)F})Wb=CFxzGqB3IXU_K* zwjw6za_$gS8&2U1-bXF=@wn}yxTbSQ>x_Ht8Yy!{6vP&JA(W)%58n5SZi-;8!woNQ zW6#4??#t~Ht)I+}-M%SI>A-`ZxX3KJ1j?q;(o&N5QJefTA|pV=vu6ZWWp!*1w9UKp zGH~?XY9$2v-BQ}qVQ@ru1(G?AV);3T(+30tJ$F+j9@Df}hP~%CQ#w@9Pob8cU^jZS z*TSXkP{qsh{kxK?Z_aeJm)UwD9TY{RShSx^im(ZartC1IJrhPa381xmNc)=R0TP_-=D^`+Abf5#;)<>6`wSBUzLfwhU#gp;T6Hv6(K4u+YkLb zS7R&FYbM8TFK`}(|2AF>KQZRP0r|Rk2VHf-yF$FHw6uMdsW@NOjna0Jj4*&Z*o5c( zuFCP59=j|co47T8#my*Va1Jm%0bmsuG$L51T2$ecyrxCUM(5;)k&UerIxxT!3Q?PM zy7Erp`7yeW0ah2ie&rBtHI;@&$YhbEj~Wl#T-1JuIubWeHd1SDVq18ktLDY$TT>z@ zr`K;C1mr^){o2B7Q4xV*R%s1=dJ~wwtfyF_WKs=JBI-<@x%;GCd#^kSX&ZnFsQAG(mDovNDk2 zZr*e}L@4W6oiQFI12L-M!AG}GV44nz<$?u0BNHaet<8(C2|1vgAO+%_S*WrR=Ym$J z(B^9Vei$YcY&mEYbMx%3^duHs_^bo!Gz%?5rY0{_nc}U9Z;Bd znCy(1+C0?}G_}BU*v#{qtvmhXXng_WWbX9T1X2HUsa!Ei@%;5>D44qqt1rnSLa^+M zM;k}-eH9qh3Wc7Gl<5_o{hK_!dfj_nM?2z!&?Xi>^a8p|6t~3cwP1=~P-Hw=XsrIc zS75qNpqV=LoB9W0If3515q<=9mQ3N?@tMFX0o;>#NBjOZB*hkqq2w&5r$NYbsIn zty6gQmFSh&D#Nj$?{&Magx;i!=MqLkTXv{bH;oRf_AT@=P`6~()zT@b0 zd*Jao&S!kr=OTWc1T3F&g~`SL%SweW40g?etW0d<1NXx! z4wM`)B%r1PCj~u_N`YT$z~1D@Ry!=OfDIQVX*Pr)em*q49G}r`*M+gZXW@jm6_VX%-_3J66syY`X7cI3U?VjqiSZ zwle!KbmhN?%y0CLFIq?4_nB8AI{Q$8gt!g=>Jt0Xc!R9@RG>2DD^o%<$*1 z1ugtAU$WLqcBNRT0NZ^;#voD2g=<1LQoQ{9BqdtUZ088!rO5K50fDhNibBxuQ!5OF zjKwj(s?iDDZ)*8&xl=Z_IwN5MkOB^cj_B>F88dJUOlH{v{}YJkV^C!Od`cF?Wnx^F%U3=w7r`mZ@ z|4zWBh=)GIN6^xs*=+QjcAxw)U*XNA{DC!Yy{=8~nIX2kX>zd#JR1XITX0@b6q0{T zVja_RgcvsVg?WyJjSjym2<&xh-!s~CsUU#)8{=uZ=g(q=DT$tjtg9G@pcuG0+uajL zH<9}G6$>=`Don2P_;Xd@y3Hf%81oHC*ky+7kw#Zi#zFdrav3ziciqwEocAg{rU-4m zU?QjBJ@aG2C8U`7F^P|){OFI_s|5s*YAY5KnF;B1Bv%oVqL%0Q5vJ8-{zzW$PZEmr z8Qr$cWKMs9{&lNPqi~rUYDEF}K@Jc2)&7E?!}M08>8M^eGs}8-%T3KBKQWC-DLpMrT#@I}~VL9on0{Nu>;78^Eck~ZZ7C>A8i4vN7 zm$cm}zZQwN#A(M%r)R&5FuepHJ@&u;)FNFz(-7F2*e)&J|6A;S^vK zq$4<=bFujp&#TaQXy*zH8|M@?CK=G{>%&Qh2x4{E!)a=#o2j$i=ZBL0>4?i{dyYNb z`1QyV_WLSyICEic{(=QDoC1P|z8cu;4WGDvv6wCWyVsAHp5qzkuk&Sic#80)Hf0rs}Lp?k`sdx+uDAccRU&SOE9`)Wb^Big{&8?jYv+ewmu z>`nhUdrJ3{^YCSk>(ym3|LH@@D`UFZ4by!x12b)%_E0S|w~}RzPC002iSsCW9l`>} zPYaIdyJxK){U>rV)AXN{(GQb9KvH0>b&&VLQkxW`oFGtRQ4A5{o|XcGE5>7dGsb=B zX|_?y9OX@a|B9748#h!Awm%4LK>S8lw7RrY;$FZz3cj=Z^g|}Qy z=Kd+qt8dpTK7p-I#}T>YipN6_9FOa+Ko7!*Xv(>t*`sx^(TvMPgHdS4F#MmoLN?(-S>L(n&zElipK!ik7h0fVM8B7}ldkiqaz=GKi<~MlM@g#&ul<}w0W@lC?j>}_QYzA9`*)h1!u_zMBqk(1d&tFIWJVnt70~X{qBQqiFF6eU9#|egHlY*( z4DL*2T1at(XiKjOR24GW{ghc$A;1#bG^8kEvq?%h5HP_Z1y6;DNASX}##sO97t*c6 zw)YpzWnMedxz9J|`jNd%P)9Q9;pRz3GKcas=}?U0WT1)tFlRUVI@E_*2AY%gAe5hP z$`90%ADbg>+elcR7;c4s%*1XJY^j0u9^Qw51lUXS0!1rgDGM1uje*~T4N5v@LM+E$ zxByUr#Wd~PjX(epfG8FKFMJz@9Pzr}Wu7P=dspM<$B@|yhj&J55N2xWS&7uq+-xU7 z4X=9S6?{bep?3>DJNA5l%!9cL2LX<-z|a--PWY*jqyXMw2zHZ>Btn1- zROmX~K<@$5t*5{Lk3cC=6uo#%FWrd!PG+q&o^8QJza$4mF*|usJ=UJODJe^azD;j8P6pR>@6HFbmd={VSieP~D z-UWH*@b6|A?0%zjPI6VktdPyZ{pl|_#$BVhWi?vwf0DN8HPgM;u?x}qNs`FBfC%%R&iIw#mQE36=p0Ln&hSwfexSEnf-qP^3uTd_~~d4fc$u)kS%S7r2UY|3huU z#-t9~jYqdGS?+0ZI9oZU*nY#UN4p+ChjMIsuKe%Ty;rJGdwR=tJ-m=s96F8CBA;7S zb7qCTo^!)Q%nA{Q^)@$X)=fV|8KEU*I|Cr|KYl@%iDt`tWdxsfM)QDfaSKbE(?g}gMy$E}LKjWbuRIlw|)Vs13J zsCLG_b+=09E(w=EwC57|;)J$|i-G4K&lDL_U~`#Nq)(ji<*&X{(8VZJ$#i7IegQ24 zclm^@Qe`&mKjC{63(#0Vl9fD|xw@GG#QU8^K?_3!IpD)U`$;hV7tq<_fSB~(3zk~< zhr)gDfSpqn9}7PLa0BWl;ec@m5Lzul+nMbe8utdWUDmvc%8U?NsLSOu`w{h&EPp%; z2r^0ucwDiB8NVO>p*aZYz((Xc&-Znk@%PV&J$q`G4Nd7x*zf)ifPYFg;OFO!XMv z0b~%sfNEW8TDsX$o=+jwxBR#t8wzs)#Pbc3A77vV|L(qKfoWcZH!L$XI)Sa1WVLr6 zc`L?9Q!&{ugD68*sAM~`qby@6Ojau}IGIvMGLeBb8kp$6i%-RAyn8In28i+xam7MA zJ1HKNjXtos&ydcO(#xK#(;FO-u{qpV%XmnmW5NqTQ zYbz~&DuH(4-Klfxs|EFUr{32C?3tlTn>#4K;>@(Ev*o7a%uLfiQa^laE}_n+nhs~h zAb{EW&@ccSgAAC%U>Dyik$9?r)y$h*zwPwH7d#I_3Y=*#6w+Dq zLU*jU`0xc`pA_wn+;R!-w;7K7gJYaq7hLmt*t&M)r~2!f+@S{&d+aYquWozU;r`pr zT%hX27Pgc}Gfv7J8|XSV)(aK{XrxGp=x*RfTSKweUn&2z)?Vexlb|h!eiz;jnw^n_ zIp49TeyOq`65%`{h}~H?_N~Oz3~(G8NtQbm0;8Yuhu3l6cDR$IW?!h{0Q7ACIH0Hmg-UdhPVi760)JORF9oBz#4<6<>L<2Jv{?v-_`y+7bmdpX(Fe=|>mhbn4hin z=UMN`&k_>m1+O}XTyTMj6Sw3lZLlRvTCy@!#p}`(JhDYW#FpGIe10QcC=es5{X z+C*ymdqgSRJ3>Y_$a7hNGXij0J@)O{zM-9!LWyw;lK{emU-v5q?*|Prt24%p0C8aS z622i8F(GQ2OR^O-i3=@)4F>)Xu_?xS`C98EF>*|J5oH~GJ5bF| z*OAV$A(wJw&Jv|aWnZBg@oL%Tf@fx+zC`{aIN_fl82*j^xVjXD6PTS9a*2ML_jX~) zpSniuemW$;cos+yC6*bO@gR0;>*}g+kg|RElBMHBjp^23vI#?FDN;kh7T#_2r|)Qq zmWLOKlPJBgp9asQiF=#75z8GO0~ylHlfOsMO;R$xwrT8(rAkJY2dzF%* zJ>eNq5yz3Y@g78Ci_W7DVT-Ijg`hyaZoR;vI(hT@W1`%JnT$Wa3Li+|L#L~I?Qhaq znu@9Np#DeExd%^*-aQf{z`@3k5*<$mKrL@kluCPDdxmpovvp9o<(flcc2o@{9^d%; zC*|Jvp!V-({R0OnlN^kQqFW%u;okx42O$p8jY9-I2#zg5QC`oalr3ajlH8v>t| zIAWOK0meLni$XuKPyDV--EQ7|4!o3mGx>dD8H?J-@uU+45;R;` zzX&piQ;tg1pSZ58wF9IMjXlR^9A>Q4GT=Qc8GH(u@jq#5rMh$1Zx61UtzQhrH8`SO zKPmL_?Xg21dbDZTmj1OtiE&dYZuw>FV~oK@gCcowF*vf>-;;$oIk$Ru=ej4Q#Ze!7 z@IBXhbeQ93SbSwiYH{c=C`+Iz5gdRe-qB&J_26#jFcn`ORgC@$RAc~>NE%^chVOXt z|IBq8dTLxq%OBq9*1E;`?VjG;tKj}%TM`_6>=h#NB%eITgM%Z&0z!{;*9ppW>mN&@ zq0)^tN+C8hk>&n&ztWoBV|Xm9QJk@8MZ7c!*iYAZeUI5$cL|3bMIZR~L_vq$>-djI z0(cjFure!QAbHP#oeUx&p%4&;F`$nNLtVNE(C8DfAjZF`R#Zl6Fai?{0P$!@FqX!S zCKMkg3UVn^h1GG6x2K<0C!4Nx{h~tw>i4H(L>fglx*u}cwD@VNo`;X7fRTyM2RZ?Z zohp5BQ>Oeody0ARZwDZqe%G8NJ7`Mq{emfWJ3S9i^|ytMzYuoPp;G0rgO z)V}YN8_WxIT+=$fb!NC)5HZprdy4ytOy9p?q5t~j@Gse>hyzBPoHolpIz3$suqCOh zCTOabep*oD>r+;Gz;ndh;YrxqEW2e0e32#4W`MS>ctGnUnUq))y(MVsc&@?kq7V6N z*R#q(Qws|Vk&nZ6oXRhbhZ*nyej*jj>8)XYh34B+KyAZx7XXV;>Z}=5`HOHXi zf&rZ=A`@~L5MwJVD?%S(Qc1dBH5EnL=KJA6A#+n?fZxZ*Z-BOk=>&gNjBo@|3O)7q+)T zm-%aSly}U{=*~|0k-x%cv;gD&UJJHl1IfGI(R`I@L~McX<=vpU=qJ5s6*>0)*F0>G zZoS{!W;5IMPVUl}Gco1-^H+rl&c9HVb`De=X7jr=g~lFKyk60vwSQCmOGy~9p?pnB zS}<^bB=N7uXdjb{1kb*kr{Tj4C)KoCJL>Gb= zx)AtuU?nOqW~cVUaoUvCR{MTKPdLY&F0uSSN@8Epw((s-*pz5&Qj1Oao$!FilpkCR1eVBe5`PQ^xcXf~)fl zudlpn@;G_pkb85WG=U^>IA7JvttdL=o=tmx^9(3L6`Qr|P-5-9DDpmFeBVXGICK|i z_rA3tg@N9be2FJx9d-6l)44DTeOgqTZ(+AIJ03qG?gcFZsv0hpndvUxM!pgGPc+%r zWtmPrSiwh zZGRE3;y!rb9}%7IX=3b|tP*D|hxqKDdE)A@O}>=dE@y_Zv}QgjG6$=*QeVBAA76Q0 z+;gmSbOe2NGxIG-6I$dst~I@o_!tKokA)h)C5kU1C0Y2Yl}dpMkJPVZ3Qk5UVAMi3 zM4n~Op_HkAER}ICrymG0GXmi-6p4^g9&G0T8UX6e+rvRW_|C7%7Gno z*B$2l6wV~Tp*?{?gO;BrW;Hz8D2Bt>TPt`UpUZSHp) zXgXYT0pR+_T~9q2WTj;Eu-0)mb+}qSY-EDcIQ{b0NRScxVN^b#M8_E`w!d%AjQIr8 zvntr9EUx0C!x8nOScM`S+e{(~>TxVkhcGJ;EK3To zyO4G^AT=xyH0d)pu>VH|(qsIJG>Lf+b2t@Y$(i*#E#P2sq=pbD>S1V2fH+u7@sYq| zlcSzsXocDiqjele)ER(~a3)cLRMOt=crCs*9x+d=$4bXo8pN8A5-@D8TQ#L+S_CP@ z?BEY79MT5)7Hdaf4G8};#5_1{nwPdZJ|cD(%w7O{{a~gCX$V>8jxhvWc9=Y*h1hPD z{yboK{qrzQb}twpp-Y3vK@oi3_)1s{{0gtwlT3YA?KZ5O0%!msrXm}9b@Je;7}FX-A24w=HvRkg z`48#E;Q9<<5Qls5i~moqV{CVeX|>*Q!bE>Dk{okpT8FWOP_119f1R*@zWi3&Txsl|wrM-M z=gy0t&odkrw4a$AEzzlc8X$Cj#9M5P~yZrKe3;^GV| z+6B^|=ew;u ze=j6i3`7nmUTmAu9L&96BgA?Q>M`aN#&ES(&i9)@l%Zx|eq0#%J5F|`Oo@1O(>xXz z^lvHfGM>mVes4QjWcx$fb3nQe8wKf1)f+x9w6-wt-xx93l`iZ>(Wp(e)@@@v364%5bKXkzrA&(qa4{x~LKJGd~? zea4LGK{e%lN8`eA2oZ*`k^`R*RD;Q1;!}bi44S8*HP4z-E*^_pN{{5 zIus8-D14e4^ByK8eai%%ZlC4W*8lfYQ*q5}9m+zGOBQ_X|JUuFLT}9 zN3Y;tTtUdmfcCJBI&eRJU{Lh%(#o5Dvbv^mHY?`GKt+LxU-F@C>?YqH5L~o-bFG5p}S3gNyAnJUig%1A-h+ zGJot#&s8E}M~hK)NDSZV`kb)2AYCCb3OEtDjx09rv8N`_DyrS6X^Im!hU=S$1s)7N zmT!VckZn_fr*XRbQB4bq-p2{wn`tO(ikmt1-LDaN>~Nt{{*jFU_QQcS4L>z``TdB6 zuj;Yol+!&bVQW};=WNml7n?pwVuQ&AMwkG-sO>7AZm5I%WqVy)Uz&bSUPxGgU%@OD z;k=Re`y731mhFb=h}5u|89FmS7=lV-8Ae~A3SE?WP+fE^#wqVmtC6lQ=8mNQf#E6c z>96d|b=PZ$f9G~gbm-HNC7=$smQqR>$^fYYJC5xJ+BDoSG9akg1*k(2>hYOS{sAnA zuN?i*zUBE<)LtXEQPkpJuo&V9rK5*DZd8}TD$yXSo1;3x@BmbcZUQ%v$Xc)~ z4$2m$?8$HHQG@5znhJV)z6$JYp^_#1Bs_tvF1SbOWAPu0O0$pdS1GM+c0&5o_s2u+ z$4;h4Ulbi;?_rl1ei=88wQ}gy;LSRNOj&Vk@i}6@G@%CfE>|eo9ZO5Lcycq^d|eq< zc+@AVQ;xXH^7*3gMimf;P7t{i-jw~$rCPvqTM3Pn#{R;`q%tnc0>R5BPHJlrLzHcvyj z+{iX9L?6i<=O+0nKV;n?l(Nz`HnkH63_KQK5JSrbum_!!-zhW9<#036AOal3Z|pp( z9zGd!^RPTzQ;cU9dG8;&7GftTVa_S&H-QjC5z*+}ytv`D-E5#+im=VXRYk!8neAyB zSSRQQUVAWPJ8=6OiSOy=wze%H-;&+mE8=l$b-KKs+D=XAEc@B99)b**b%>spfG z<344%VYGnPAVG?{q%JTV=Hpv&`0}vTK;?ipB)$%v+ou~rVrIoDsB=)(YNz1u-^bPH z>(j@y28PKACx+!ET-fBNi^AjY5fH!~3}FpJT>HuO=n5N;+oCbW;>qD|xjZEg!(PJ5 z1O5=GW6*a2EXNDI3Y0T%VIcrZGh*nDV7fo8G26x-^fUHiA_V?q8|uGmDQ&q)>njMe z%fjw8;0I#s=9^bZh>Gh91VSUdHJfPY83}!|?o4~QEyREK{S#y|t{(Iwgy}!Fn_{W? ze%~?$2{ose!#}xS^(YV|G6$jYJr`E#s$c8U@8?$q0%BN&g_>d3%VDQNg-+hb#V6vdI2?g@+m+l9E!ENcX`W<`_K8^xyeexBCFRAxsrOmSjdF?$bgMkv#bqqn5qa_(pIb}0Q}IgpPvi;;&(K|TBZ56u%; znV>GzxmPAZ*zZmoR|q-@q*0y!vE~K*f8UH!6mlX+YozCIsB6c05s&drd2v>G9_9xi zN73g_@RTy`KWM+wkw)N2NO(M<-#`CE&PMfeE#|{@A24Y}gPk+gzF2<>kMLG*+n3*p zF0J+>9Qg1#L0iI0p{UCxX7LE^vzlLGNIY-}IUD`ym&6d;iMA%?JgGk0n8_}aj8Dhj z;q#o0W~Y4L&uigaBYM*1R<*RmD6#iZ1TS#H+v`4)*3Q0*5>Qy}q25&^ZHr+*t=m_N zo8_eSU$heQAE4=w|5Uiv5)C6}?%X&R`I#c6*x;QHoDt5J2?neVlQ`<^a^A^`b*eQQ zK6ERZJy2>y%l6mLj||J|4NR@!3<2jejkb>Thq92CFn9y$wp-09XO1tpOLirT8t4#nyAirRW=69B8U7-d; zH3OHP9;rO3aKE(12a|JZMbAqrr3R0dOf|EXXba_TX&RnExBzGu)Y$k6@LsB{ z=U0|aUO%uC>@l*?qpdfj_R8e|#w1H+)t zu_9!eFhn`P@mxC{Z4ZPs=ng=A!J~lqw^)tx^c25Orvsd2)w&A=aOgq1;;{gMjwb^gAp+X+lqFh^pxLW-b9F$D zhmJd}HE_^TNs3Q_u$>T*Qbz01-8@1--lX2tXeGe`0*E5UxhwOm(O`(Vf#x zYcbHF)MMfgp^D&Am-_{92!UQ$?y?Yo%XRile1zqOCOgLsU(wxLAW&Gw{(grp!Td(n zVs50LmyeGir%fjJoF2`NwyIzY8xDN1P1zn1xg5SfW&?I|p`rZN$ z=GzcBAr#66T!n@O6M3k05vWp{g6Re#@7_=2c_!_|wThTfSXF@IN+XQvr4{rc5cp(6 z$4#M~)*qi~%ctuMHrJ%(K>P$00kn-@A<4og0oHC}GY0&TOW!cx^_3p=&? z)kzmkx$mAm%wn~GmEs6Qh|NTAWZ9$;a&g(ab+U91f_SsYj-p>jOj!!T7N1gRt+uOT zxFD;I^j+mZs9hnx8GqHwA!ie|;hEg+rKft>$dq~VW3BLk^jtkV@gK&vUinq~dDHXj z1{G+n$%S^a*(##G6>Sx+jheBvma4C8U_)2Y=Xm2uvv~SAr|(9T(f~wsZubY)t1Yym zP92|Pi!UXoofu+J3yjSTDTH|Pv2ahiB%fIxkfYxHP$f<%`f+&?UI#eK#&t*ZPxU#A zvtsFthlMdkaHdPAQS51fbDX%$uJMtH+p@=hpmS$5k#CtFP{;DDEfoy_D4xMUY<<^m zk^zz(_NHdBtXb6*)vl*wGSJOo$_@XTK)u8sH>f%R4hf@c=v$y!!KuX{D%a!5`XbJ1 z3wlJrxtz!V4#;`acmPhKkzi4 z^~mQR07~ioP~D$rvfOiSrm8ojiJp=7W)761h~4Vk9!@=w zs-Zms%^D~qYVPE`h-YI5ECj%30;~aD_fIL(o(-SVI$F8$1^WAji#&8Ms!(%)GC^wx z?2%K^5>JI}-dOB#0y+V>ki?G!V}rY7xYMS{u}0Eq>i~7I6-5ov=A+D|FL1Km$_b01 zw$z7xNeR7bFl_vP3Bb+6!_zHX&4Jaj_RD$)1zOKZ@7%!O`h)U9m6VMR z8ag8!1JR#B1>xM5Z8VCcrSMSr6yM7+iX6$@pjeMs7Q=B?cL_%w+chF_DLnGlX}o_6 z49~?>3=9t?38oWi6{5C-lM7GP)e9q9{{ z;eIn|Q`mJw*M=ww7J?Y`MMa1}PTxdqQ6HZ9juGEqSZe;*zSChn#$ecg1&Ny%RNcSt z-Q_sUn?F@`9C#6(-N56bFCiP~8kYyN21JA1frtW*Nr0!NJuoZy1UDbc!P>uIo&^{5 zc=G*O2eiFbbS{VeO%n=Y&bWZT%MG{u_U@|zAtxm0VA!)>BaukvKZT)S0NX$ye0<$} z?QzglO2Kj1$n8<)Y`l&2U-x8oq?pVfZ6voH5DDC97eJB}X)GQ^62{gN z!uUNjbPvwSKdz<7ms@XJgdsk9jzdU+CJ0))paTdk0~BB|TZ5GmA>=@f3gVgEPe^fb zHQ8b7rJbS&5g+Zrd?nli#2LI7euMac(ui27g(n>Rhxnaef8Y%X{VU->1Q{6~L-75@ z1_v*Hf|cbB0ST*o1D5%WRkB}*9tvKVjKXT%n*pP;^z6?|lQ7un*7u@>1;PuYYiO{* z^`OWkB!k*?B>^O2OWA!%VzNXM=H#==mL5{Q%zvWVq68kCy zWDj0|a-cJ+?zK3+D8A9FvV&V^dK?J_4>k}sG0u?)OBzY1PRctLZ?7I0L#>Q?t(di8 z1I2b0S5dtiaa&%Afv1I=F-))+F~<#k`-;#UD9EeJ;}u^aim2p%uj4?46pIr);E+A&8d*6zuo8N>`VM&ID& zO{~D1s0&|YA|^o)#-WkMhS}S*cPn2fc zkB4QiU$F=z#6D<`1dH7IP9SY@aakC2&HcrkVeeTzygc$u@P6Pxh%^DvyIiOIZkBwi zME_z74jxPcSH=z6&9eqPYlgv%Bj^Z=h!94OmwDE~2G6-EW1uz6>uEv)P%+VOg7o|6 z&u$rT<~R>E_Rbph_5`7THaFqTLJX)PfMhDIGiQBup}tMnB3?Ei-v)7fP?&@*M(J)b)T}>hh}!1aD@PPr^{yZQ2VFSmpKq5mI%z%YNufCZDObBUNN83FdXC! zdHWIBaC}Y=bRqO{=q5ph@qLDoS3MWJ$+F%?8YBK^OboHn98D2G5I}nVeVY|eonfp5 zVFC!qA5mtEhX7(u&`p?F(ZY5KBZb-Y8BY|1%iU~Qv|~^MU!jwH36&qp5IAEHaV=Eo za#CZw@I{c82oX3f%d6j%6eYzf2!-*GV(I-M)u3kUX_}8O`$^uPub)IpTVyKNQm+(Jb6b02~U z@w^d<DyZ!Ja{g>wzale<)QWp+3<5mysJlCT&ATc$N&VP|94E|*(CJ5;|4nASOZ6ykP z2-6DGWZ$0jh0JbVz{naL{r>D`CHlx%iwRpIqQhKrrzW$aZ4}TuZaZyRd0T-|TZ?bR zI#$o$?W zDXaNt(h-J*Hd#6;SZJc~j#fQ0y&hETw1$L27wIK!>oFKP6Ve&L+!aLtTB88IDB3)j z^RtX3!Z}+F)tNDMv;Bcyb@87p4Wm{&f{l8}=q^HqfH_Y>W&E_xf0EAX%oV=jLv4eeLS5kJ>;S39bX z@)5egl@S(TT3lB|WG20Nv@h$O4A9K6tOR}l|AsCMUib~f@a=PWUh^*Z&X(ag;?oZo z0=J#myO-wpX6s~seX&tV%#y=+0(pOV;1ctS41_wK7$+pW<)PheF!3<8%Sn3P_NGN@ zIHRz`NNC#}4H5UDl&_Iz>&E8ngOZEC^dO|#`wwff48FU;pc4)M2`HC#6P7|58lkyA zB-l_XjDE;`ijMOdnQUVLz6KWB=j; z^)~jrPY}}r@DM>~=zC#~`42HtW?1x;dvXJG4u2b=%+3-T`en6$l4cfRFoL%It%ZS| zy0dp;thG`kI0Kquh=2kp+a$H6z&w(cxq=vNS##=Ox^rj$dFqWL+hfMOzs$XM&wPHR-pDfcFN(ks{cc3lI^+3kJ*vA)HH~8r_#x56pY-8qx&j9eKPr*n&u{=z~qKiAn?v!=Y3gurefyrx5`LVFr?>04n<|p2hU|cv4W@}11doqi~te{tXMqDtw zK;)ww?h$77z9(Ah>g9)wii?SB^szgD?o^nZ{!5w@T*o>9F(JsjW;`F*moK1XqZ*)> zqXn}XVkH~aBQ@JkN@}QA_4DGB;fq3h;$szdHd^*eDSQ|E+eajy52imm2m;;76 zoV*@I>uihhxM9Dbrg@yXpNwhM)q0Zb7Vch25;9-C+TvSwAin2)`zmgitTHAN`k*PpRG3 zi>mo!^s@cQr6;XCbP@0wkGyqMlT%xE(h+jQ74_hXZjgviH-%B53C?Wg(0K2F^Rz%l ziU$e(b(B6!BT0>Xa_G2<4vgsVSRno3`9Qt}jsPnI+6G7&{YE2FwA^UE(y)w5(HE>M zfE;9-hxoSFq}Evscu_~nnhcJgp5^H-!c1I`YZEXI=IZn7lZ79V*mA^Ba#n*tTgXVYi@6 zMu(G-{$qY~>u-e*iBlB6v|blNUIOp`P>A!g4`WagIuP&ls7Yr*qwbFSBJ2`?RR#{M znr9wJ zvFY*A&xeF4aG>_W2Sr;3@T-_m;iA1ugkA9VxP*8hzDpjwN?+NSG=0maD-TA2p-RLo z6<`*8oJ#N?5Y-Fb6n&Neg_!u^pet5;`Y|fAVXbV(4_GWL&j)anaKv z>%u0o-j*vPaAhqM1`gZX0woOoFOAmJOX1yw{$g?|c;VbE;Z3q^6R-;d6bb^U$!uC> zV^g?;?hx&A3@l@R#u>8F_0>VucSAcyUT^kfwv$X_JXZah1wR^5>8hD@wH)KVqO-jl zd4XcEAvxe@F%pCay^bLQXrRI=g@g={FItB=IZCk%3W*{6&b$CRjIsgK*lq(*!WdQS zdO^tNh@z?@qw)prKP@F8z9C@3z9&#NgL2=+E*_|WYK#C^ZCSUlq#Pk;^(wITP*xHp zDMoRLX+$jfFcMNCl^6s3qCrjc_<^T^{yc=YW>@q{L-`Fc*nw?ZZKV|N3&KF(^_tMh zD~R~$L$wWAL8(@CJnT2df3ZdWIUSb|D=C1!3SC>4xhuJ4f5h zZSm^@dCT^~l;$Hg|H^-I13MD6Q(y%tlcUAF`k0XU_4D6$M!c0qP6q1*77){|VY>O1 zzWu|mueH_~9SCEScGQLrXG5GQ?+Ns79~t^sy#o1i-a-Kc5=ex7u4$gXchU(HF_wvr z-8CCkBwje65I%N|PEndMH_nlwuIXk@OPGBHNujI(mN4)3$&Hjjw13vmEmT)YLumbIrq$JGh7pl zsNq)_7dWIQu= z7;)d-c}jP}rrn4%&>qBl$+J3l&_)c+zO9!FdnhzZt^|$#MAu z(MKc_Qt)|Rxy@C!DXUi*lfe6|_^+AIy+h|7wIJIj?o*PbDjH+efvIo@P4z8%8$214Bw0^?7}~>| z?q9_sraYh(;TYV?E&9g4WV9i}!Xzgt$ey*rsAH2xcK+wtJO4!;rjyRV0$xFr#20&1B-do5JDLa=84H&a07+sWQ`Tmmj=XbcJFRelvgvSpN zIy91$Xhjc8_XW>_9)K=%Tf|_$=y;#C|LlIhJ(MSC*i+=I3thrIgw0=SD=!SCHpY&f z{m@~hb32nw?p)GE#*;er%Fn2u5V8Tr5aUp*J{wY)|5Z+vNuhm)E*Js;5srLLKUy#Z z=~@_`lxXnv<^CZNVi;Yr!Q|+9`>%&Q)1B8Pg#%b3vk-HuRyk;M#YiWI(>fHCYPk3h z?d9%*niDj$--R8c%81iwC88OFwju^)ioY1&{FbJ1tEAcUuO>|!zJq>e@%7+513>+V z`o}b-Ma*mLJleXbxClWcEDC_iBfpB8I@#{b=|B+&(P)4XsSlS?TFCul#AR}e?O*i< zGp}EL_h5F##0E$#Y#NbWb)+L0S@?TVdiBf_&?7-otQe~RW%PiYLoP#BkL-*de?4qv zQWUoYXo~UtPq*l7G?t!G`~uYaYb{@k<)D`iHV>(eSV{|r31~lL*<|?^3QwCKGSWe~ z2epl``3?S}#DX@s6k;ElZgp}??@X*MFnpvpOqc*Q@qlt@NUarI(2!o@V7s(Dk$$Me zR83RPC9Gq8Y+#3y#u5%co)GYIKw7}#Cx+~+BK0EbT200HUb!iVq&umo8$iBKO_*wD(V6~2^sp=K#ONv|*0|NgVN6=sJ36~G|4HQyy~p`Y-&Gd!zs zQq&X!W?S5eDFu|`6Pn?`)Bx186IW{NmD258TMN)JBFqdj1|>h_lg=*jjUP`iENvBZ zZw$HX*m`Sn5okG5F>;l$Nie7}^g*+?JS%dVB~MjPKxIVO45M;ep4?)80S-nwR^m_~ zuZy<~_4yDLbqXRn3Z)SIPeZw)G|X#GmVRD1_$&BI5DIEVZjq+dD5rp+2}Fx>jLURi z--;p2oiXG8lg%>!tV#EY!PsR73LD@g#;3L3Q#uzWy(dLgg09-6`EouHRoTgC_6|)J zZjRZ^wo&UfPjp03P?d=i4>nXRxY?;f^ZOOw9E0&dV#B8!!kG5EE|5$Bdpz(zf2#0c z8iF9k0Ahnwzr4eUhH8JOd{f zkBxa%NJQvHVTg?yxc=-gY}z}_A?NBLw&HO3Uf(v^vhm_+qDuc(dm{|dX3aqrN35;G z4BKZ&8qg7EYcYI>)b(8Wo)Zj1i0@lp?OG&s@QOg-Z-q6{DX>oe`c)Cph=0cqP&NE7|B`^fsU|1B~ZiLVj7D6#%5pKO~FdFMf<8?R|2xE~Ar`HHK^ zkTsN1bdhGfUb8Ka{Ec+V}SX*LLUpLo4{=XDfR2xW345dHJ<}O6}g~N$1xKBFD!b z6&o9G+D5zoVtTcf*h3}*&3|gIkm@kmRhOnuQD~KCdL-Sa)yXogGoK?c8vIXtcyBn_ z)2h=vE0*TNk5RVDwZ8^345{imfBBwSF|I(Un$Wr}zz?&z!w;$iNtPaA)VSD4 z(>UO8oD{3&)jOy6<5%@DcTiR6taveVDe7kL;XUF{V->$!^|UF6Z=l#5`e7UNeaU$( z3r86CaN>=WBdnB$t;0?jV=$xS^>Sx{y|oAj0$c+;;AW}$3;Uu-Cb+zL@CcISV#)X* zlGME1m2&Zhc_QhbmTcZs8~-9EC+j z!zn4A&#s0xdOyo@TRcZ9^|1?odfzghEWJAZvPIX^^5+PHsA(VxjVMf4CQPeaXUHSY zmu0o(9lPMrr@x4>4UQNJv74o6RL<2IelbJSUK;p)E}Sbw$nPu`a-DGP9)sO6aw*|7 zBT00DMhCgLFUsfb#!rTRF7L=*ASGYOiGowf+RAj30 zYmJK5`?`n-r5yf0E$k@>I;KK72v&|Lnbu;t-}P>9y+C8$H-#G&wxB8FLLqN7d}=|rbw%7N>#z=d#_l)&a2)Uuv`@(o43jzqFcJ$ayidl>p+10*HVH+~^@1KiALzSTA#b6~N z97h>DY8Re(6Jmdq9)EKfptG(=26AqEp%h!EcCQw70c5_}mObm9m%R=!x;-oYmr!65 zXa<@K4om1vB2*Eu5AF5q(%EvD@BrMw4A7?=jY8*(KqLBYacR6)i%?03g|A-ylhL#G zfK@E|9l&zvBojp_Qs#fR%*dN1^rGM17g&FmEVp_i(0gnU~4xc}1V>-G{rwni`8;4qC`_x>;39HboiUWfJ3( za(VfYVK760BJQ}Z$>GeJ=*{capr4B_%!Z*Di_LV;Bc91>gnKaG#N6QL>?qXp%d)ov z#adk7VB_`pXIT()kXBRi+Jiz6rFq<~0zr%7{T}l#Ubc@8)2+>`Vc3OW0$skxk*b!S zf(=ji3mAP+1GYf($v+Tn*N?cv*^uP?WDsamkRZnjQbU3k-OE|SSBq4aT(LhQd20CW*GliiMyo!1u_ z`kT8=;{x@J=`MIC3>)2uQ^r2kDD83y3dg5_g{0dyv&{( z7Nh@o>rnbcC9ss1{>97lp~tF=U*&Zq$5DSI?HZML2t2*7pGjLAcE+MaYoq9S`SlC* zdVH9-u6KVk^ z==No5zrw>T*QRu@7Q`QdI@7{>4Nj8^qown~r-lzUErD!>W!Y~pVks&H?kC6rb+M5> zIDFV83vU*Jfg)`75Hb-=r!!bGF4SMd#|6gH%CVvir?&SK6Vmw5mZ6HJ*X;JhbzOf( z=|d0U1;d345zz0A3#afr%`n|Cq*hDf0s3~<+&7m*uA8m4SA0F}0RRqt9>B`)Iyo z!*=(-`3e-z?y1@ufD%Ggu(+*B%h( z{mIz$@@#bcGaVx;Xshc;UTiME`3ZZQ6}PYHD7J2SDax`t>tm_9N#&(!gO&Yd}d` zcSbhRoar^ZoJPLG6>yE6c2xCt)b94v_qL~3J~UXN%h4-969Cx@LT*4)2ylyojrJHx zlxW=ja+yvo^4UHV(~x%;D=Rsz`^6p6@5MBxsLR9jQgoNA-1rXT)lS%}v|C2B+U>q# zZ;x2FD@oAYtdM;-^cr{8gGUDrdmkpMhA^QJZCCFry4C%oR$qfeihtF-ucc@ z7kt9zX-u&#V|?kg0cv~qOO$G-D~_~8q;ADZSl2RGm2E8%tfl#+bbJeA5-SXS*f#}~ zGrHyI3+#Y^eZr9Lc15362(NP=0|{sz-gMk6Dp#?*83mbRN$x0?# zKb(y~6$vbf!G?X~V!UsMEc>Tr>7`;+4s#2pt@dG}xsuqxy3rxZLX7UaL{g=;5Mw-_ z!p!v*N_%C#8583zH%l(>+QsSZk2NfeNugMbb$w(%t@WkEh8*f8$y-J`{u$Q>VFOYA z*NmI-O;!V%p96XEPvPGYDTNsq*hxYtkNGJ=VSU9p(2GUyN$L_q1692rMJ?hn=xSmS z7c4IU8=%_*wXq6fcrKbGL+S=cUami_De+9L7@tBrlaM8R-n1FpqQ)kmpduk)@eJHr>x%>w-Iw+5H}GZf4p8fc6covnOJbrKgFI; zfr>0dFs)*_4asO&|33d&U0>9$-NGm=?M$-!b^H6C31cIx=%mqAo73OxuYe5SH(hP)j>bOD0?omN* zQ}t8IaFc@|7FtB`xVxmy`2IEY@W1|Xq~UWBw=H)>LbNAkOI`6HLbeg;&EX2>i zJ8eJNwd-k#{NhtiWnDhOgm54}Y&VLn+se4FaLg9^1*nkZ;Ln3fF+;;GA;EjZKUMgk zKBTNEO%GtLOZWua50NLA<{Twzlq#J&;h4rEv$g4w=BD&!Jf5iKo}>);(;kd`w2CPX<~IR7dI^9CvY0pp(dp(ZkpO zWLUQZeV4RougV|u+pAcW9Z0Yq!vGBWLKui4SUj}m6B{UBs7m{91*5P;a|rt}G3Nkq41IU|2l-!%s26eb5%5 z4w-1JLZ4NRd=;Z8{#FW-{9{KKF4`TcNA7SjNgvrBLYE(7DV?r8)i~-9xS)io7Zd@f z4+#8uN3PB0rEQem&B&*WQL~Bhv^&(eBr+s$qd)_$>NQ9cZHNhtZr5I$&W7P9^cc|r zp}DsTDtlro5-c8OB4F(VSYOf{dhwEK;EN@NQSnh7F{xlxsk7&qaCD%jJI}$Xp|fB~ zeNkT2t|PL2legQVj%8OvS3NO*1??lT6)Y*MvzYKe18bL! zwO@8ONwWd)rzH>a|URwBHkgruZL1qCP#^t5V zQ0o%U$lo)ZusT31K3#9JU|pr_^~8k7$N5P#oCJh;dZbmWK}EGHvkffb%z`N^;GHhy5AbVB8Qh`*CEE zL=4+6+dpmjXTuN1!T>A^?Dm{%;`CJ65#hXX=AdcD&J`PvAl18vI-H>90LBJ)fEQsW zG2?i*US5BMJxU-28#R)@;szkazUnyiVp#k13>mYLMGLQAA(K7EWq65yfM<(f&O98x z%c?^x<#5Ezu1)K{+sokSVO=CKc#D=Z3gzsVuT3Xnj|Of`g3nT z(%!4H6k^v|v7|KWuGOXDgb9048aUT@k5>%`)6MD+gH?p86|#>Bg&UB$AzY@;OnXYB z=Q!hXVA}^6{oo1tl!l{d@uRE#{Ei@_qLwHsCz|Bw6G48CDnP3TMLj^+*7mE!n&gCI zh2+Tm|C8wVu<+uA3C18J-!rvqlZ7TWE*$&KBel(tk6H2N3123ZAb5dE-@02dCE|?v z;L)@Xwcf$9_fkEdaLm3s6Kgc-+q6Tm5&T`i<#_EB^5z%LtfyLCzd`+jwkBS9_&uZ} z8gw!4hVQAsp(had!+Bl7T>h|*4tE)U*1` zy&eCNleAp>|Jt?@r3hlcRxVOl|9!q)j$=ynZf8|)Z+t4@v*z>>K|5?Me#C#!hKEbt zwd4RwQ_GQFy?7wU)K}yPfmAM|`;B^$Zc3O2MC>JIrC}`y?KgZFH3mw3(I`M@Q~NN; zbWt%vC4IrOoH8OQc1zS>Mie{`!1?~ZJDv9Am)3|5i49_ZJ}ZEX5m}(93nl>v%0DD( zRPk-wDRN@N%+ss z#HRawXsR6ZkFQi|wgvVZp1tDUn?Kas1GgYTMsCr1bNjJ|hUvnz?Z)@MsL!c{%B;@d zGl>{~Js$mst@J2gLm9No5C^R+v%zm5O9WL>Pns(KYxJCnVeeElt~dJgSbS~mS`~<& zjNk!I87BsNt0dir>;RllNMZ%}WuAvPtH>Fc6CI+YvHJJxzM*B6rhgIXth_wpgN?;& zS=G8u3}u~PI6*op|tWi8j1~bZxml-teXof@;B6w2qhAPerip5X>p1nW~C^v0MWtr z4Xjbo0UwS@Gju&r{t&NVMQE>9U029~rZM+NXhCP=nFYe>3iDBTpr9uq%K86UfS!{h z`X`s-!akGI0c&|oKwguCtp&OrfF_VckfcmZ`$+sg(z;0(4*@J-Ir{*8ZihLJ0uJOr z#@;Hqg?do3O5G{ARoHJv>|ujd0sbmJBFs_i3!j}YQiq0o*}wwSB06MyeapnRJu4Wn z{^2txGDC}ZhAem`2LYm^wEA>wHM7|v5+BJ6X&S75leHP+0TRo&@oRPa~qxSoEUEANj@qf6v=;xsV%EBRM-8J`V*JSp&@veS( zu~xe_+0H9;$Ck2v?(%8lQMtKe`(607wmw$6==;^c_oh`L+ujcb_7^YQkiF4+{=$Sh zcf!R)hR}YL21u7s?<6HB55Zx!wYAle>)GyOiIv&96jQO##xGwUad2=52@A(uPcQZe~xkvJZwT9ST%nb?lUXx;jj-ic*+zQ#dg& za7V#xt7)#y;PcHYN(Z*h=1f0YShTFvQwYTH8>VCN_BS8Rw6}*8R9TfyMrjL*S7p!T z<}aqkYa}IT9cH5xswFl&AE%y;R)r36HlVjrQ=GM_y80P2GqcU&Z-=j6zs9R@HCt8| zgiquLN*WX@qgilNR5Tvz2M4i$Vdt)0PLWQI&P$R|#;6MfzBq7n=jPGzaZ?u;9f<9~ z#TP7+Os$JR0SrKWoJ*o+Ha0e@CtWmi5liS=z3PAa-)-9?)Q@TwoVSkZ3`h=D%-o)6 z=c7PJc05(@W8mdR*Wp~oNmRF3lYo8ASb2JUo^SMtzfapOrvh}lD__6R!Tv#IoIUvH zLdpl5-qyA@wWNz_jAB6^(CoaKoX&EwqvMeeG~HyvNGmUZ zEE#Z(ZR)l?f93Gng`e=zPOuS6x}F+WQ*&NXLBYt;QKPP|E+{0V9#0Lv0dL;MCZo`T^Nq+tad`_qkqw5CsXm!5Zw{&jB?-$IguTx~IyZTYNMtsY(xUCtj>cCaqF-Q7*o&WeLuP0CN z5i4KDUWN(9_d?;Y&Gu3dhlw3KR$W!)h1nAZw=;RGQ%d(tDYON?-7mNpVA=1$H)_}R zvOA9aD}bN)vA$)^KQ*mKF#UM;z&7F2%1S4mw_Q>!Shv8R);5~Zz%X)@>T#vA(AvV{ znv_e+5L=o!IW4?MpfnQqNl{VJ_{NP-tnS6DHTmwhT%7s1^Q-7H(JhcoXxbZeSajsf z7<%ayGT!)+8M`rFWZ0g1@@ZRJn|tx5uM?wk4HdouGuMXpvU;=8`3aX^wmvK_By@wk zwcS$uPS`iA;iflTgEsX$-?{`XbUj%eb1V2WZ&q7aSbvL!s9n@w0kd1ThS9{ybzaED!p`WYPoK)@*8Z@)I%at^RLS(t9j&RUsi5$1 zDI4Wt2@#3MEs|;sWAm+_KDllVMvn_WXEKDk#UNN=!67VGDHhH$F|ar=GdDLuhX6wj z4G-2cq-SNtf@UmYOCJi~d$%RzT)?+s1QcUS%kxoDQSM`W*=>E9(SwH!_=kfEzdN&i znm!5{kBO=2Ih{KbZkxF=^*Tw}m+qZt`i#?i$7Iu=cni8ADl8DWU z6vA+`U}3f`*P{D=NolE{0tbU%bOS?XXJ;oe!%NIn`IIu-s~(zJ6Ak4~MovyVBq9wa z8Jy;I7hT?666E(fp6YSs|9|6O&U=i9F}v#xTgbGLJFUR8MI*7nl;I5QpXt~(j&>90LJHvUP6spY$Ia@O8$Ho-fBgA6%rk{~Dqb|bXsK8HwP2Zbr(4Xzg>8{~ zenwAPT%oxPM+s-tcJcST3^isWt##LNms-c-I{ukG949D55=W0l3w~DgTlfZD=VLHaB^PY_CvxLwfvG_<#|2xt99`b@+%U_ zQ2_yLD}AkXIQF)9@_W&e;GQPSOkEX;gsw~^=?0UAb&+_QT2-bkt~D7?_xJy`fo6W; z+TcxL(+9jPEG%XNEx01M{F~Eu3(W>C?ih>m)>PP0?Ahl2Rr1>y{c~Is{AeKwi6r9d z;&|f72?`4C+_UEbhi~dV-5(jNR;8?)3)os1o0gp&hdF-vu3sf0(=fs|ad2pPxRzR& zVwXqa+R!SYOvhGQoMKyVRX_7sR67%C8N9_ARpHf21};mu?b8agH5$aS7M=6GEEhSr*5A)8@rslYipkubb6Kc zs4i&@oN-&D@O8owi5-Hd!g03ThxCH|>L>qz%*4djw!zuo2mueCrm2^2UQ-$E3CNtJ zoNPsc5LRieC-E@*zLps^tddd4%PXEc&|cUbwjWq1PXa!W)rR4u80y@3qDIo$1xKga z(bZuhbwv_nHKCmsfYJaKdV60V*3OU1>U2DpQnZ+h=krBH--v{XwS>tmr{HXE)3ygC z-9LweNEHPakC2VSM7DVt85x~s;nS|q8!t@6MNo!Ijl%$IToXeULs8?Iz<2R3x60d# zbTl;H%{d$5;S>^jEz2IE6szZb2IC2u47y|E?Rs8U+V#BWMK{o(|9}uZj0$D>YN9{* zwW_N1?y%u`HctJankjKqxlZAh|A3zK@s`t$T-zz<7ruzQWb@_NwipQ!Sp?R?NpIc^ zz~`eC@ndnZ5cXI}YSu;c|35(d$M4=Jy5C}ya?^JCo(WA~XszsnV-lTrj|>{5#iOZ4 zpmc;q%19b{8k-P@VWnG59WP1=Ul=i@V9#tq`0rj$io46N^#!o)rS$qL+hDM87f%5` z2U70d4NOl@jlK?lQ22`>e^aF_tD&xd7Yj^5*yyfH9y|7y(P)Q^jEp0SvuSKoY@>XX z`Yp4N2*2NHd6#K<3bBE90Y<&4#IoFhFMVCVgI%JCEwznBi%m-!OTWXHtVviL*+^^# zz*7#8vs=s#J(mlK7tC(nG%_<&MEll`=8yg2K93-lzi`+;BR4kz7s#(dA5R8#PJZKk zECW5a0*Nsbgd)XV+h1?@KNrYCp!>*b#=DrlBGMsL|HS>#(AI9m;{vpdAt@9U_np6a zQ9G~wT9EPI_`y<2aI1Fl2f?wTF>*`@{0@kWrlA47s=v*|cOv#Qulj<=;1yfFZn1eG z&z-JIIFkD~px0|KO(}?hH~y|{Gn(QK^2>lZ(o+jIAI1^u`fbh(_A0x|H{KTh(1dK9 zYt{F-DqQN;M^CJPUAUw8YofH<-2Y0x^9Cr1>ybR+LH(vl$K`52IlKt~hrq614a}-N zcfIeHH2ihc=83cUqFsGYM_1sxk{-)GD^XyYmg>LLe0z^ichalm-$(n9SD!(XztPCEE!`R322k&!nzrbNu2n6N~a*~LEK zmB#n@_(hO7=xyNt*}Qo(kgKeoo*t0iyHXX#b^5G~tfpFH0k9En^Wsn+Lc~YH#;d_( zM&*@FwUl$gCK}FfM>f#Nv2VqRYa>{FTO7u#xi)94t*!Ass$!v;5w$-iyb~^cOzQe6 z5SRS1(lnrHg3>S8a`Pg7mWGyAy&FBt$n9G+t=}iIu@*Gqr~In-i612-*DhF>qlN(- zBf=(ya8F%;@o6MXXidCf7kyTH>34ZS=h4zfCrgjcZMUnRsQmraBD^&J<$TdNbyoZR zXHS-yh7{)u%i$W{*K!CtHO0mEH(LvLCx$BZS6f!^_Eh}CI7h1ysM2PEVoSol7Rq-| zKJ~-?f1Rl@nvS5-A13Fp2_rcGHfugK5;9q%6F$AOygq51imQ+0o>4j!5wTB>-A88h zTJ{W*$)BE|>rFD!3k#FszA^y&7Y$8KwX~KOA+wfjRIZZ)f=l@5h{MD;&#~^uEzui) zicZFS;Zn6j-}!Z+QvuH1i$x74#!gO}1mb1Uxf6j63|JH^LtY)CKeoM}S|}kB9u!my zIoWhZ3P};0Ov4TX+G7urOjFj$C1<_rB0H-&mbuo3g2FA0Q!E#jv-9)_)H!e!F z4&|?fV!q$^leKb)qUBFdIov*nFvAqvaGNK`AGZ`j9@#aAV=%gqiZ6aO+u|fn5_0v$ z!~VYG?M<7!`MZ~P#VD<72#*(3sN0}R$ ze$?cwt-wZ4ndAK%G=m2K4}`~`Eq6?C#<@MUHAy5byVTb_3#li@D(4NRaz;l+i~tnj z%#qME>|Ur`lD+w#fb*Zf$q!mbuD@3*pmSS<@ue(R1nta zq)}6yIv5kr?DtQ>?s^+{XU_mPo^nKfm3>&Lm8KQLB4CLe7QJ=&`P%6as@|A{$AJ_1CeIWB*(j z@yEyK7kv+>h^n)^+FDFgr-RBz7Nco4|3#6QCBM0wVuigom1%nmY|sNl6K){VlXKdAd6}{~Tj6f2Qujg3P@~hz3Ey!F7m21oFgJ+7TtWfk8=T_w;l+5!{tx`=m~0*PYos)YJX>w^_9q z-*blri$E`pc1Q6uEnoXNaSd=i_Qay98riO2qAX~KxWCKMR8pj;Fmq6^yU_Ra0YFu} zksm%JxgXU4!&9G_E(HaJI2EqlbVulJO})ybZz`*^nDhN<8gj!yqkBR4_wNTUqlSho z+f(0km}9wbT+23Y`N%gf~Y^TIMJ zKabt2+FIOm=htpsJG+axJBS;ZAHM&%(>z)f%iFFUBe_0f@Ku*YqMd}7g(&NV5|%4U ztH|!6_SO4K+@qN1#>r0Y8;Zg}Ivm&rPN@-~mk1_AiuUKzX`GyV$IQYqI&mFW=;Oza z$a@TX$d#!)Bj?-ny>z>+`K*6)`<*4osM2JF7aV6Ln8((_Kg(=~p`jsBPTUlxRyzbx z#lrgIm+3g-py#?Q6=JJ(6trl|WNUjnm^-zUrnKQ;JF5rhzGi3w_@V}vNQRITgWP+# zKSpJ`{81;2dIuX{Q88rh0TZx=)TzBd9?tU=4WFT`u7s!~*Sg=U@Yi>G08JxAbkLdv z+ccit&-UZ!frHGRAV`gHF+1tC{;uU?V~>i7B_OFFb~@>Nl8D{pf4rTuWB8J_GM8@| zSD-?x^XzL|r;Dx?qm3uCwTo?UEbi$&W_IjRyi=NM+YJ@bVtvcD@wmy*7>mI5e%93j zM%1vZS1y}%DLFZrp*V%ei~p0Q`>R6h0D%hnjgtSu=~s=fmzi^|+?LER<=CCt*e=3m zlQQ#reu}_QM40-I#LnUCFtAu{EI=Nl79wIGdLRxE^a(&&sFaH~@y15mKU7YggnEhB$cVBuo z8M~!l;IMr)AfmwFpfOROfn*^lkrgUaA|}{rRg7{Dx!>F~gd%7=&}oS7&+PB_`Au*? zfGL;Rt`M7intvkVfBwc|R&KFZd9iniercOGyc*IoGW6F-6)b+@jGd33PAk7@$iu7_ zuTG#coD-mv(Do_?yPxdYj5PsA1_@dUz?nq4N~8&t51pN15WxVh0ki=D;Ac1BHE6R% zQNgI#Zr9U?SFzk|bJtPdx`HpGCD*#oFk;#dPBcV7&&Y^&EHLLZ_$9#KwtMY8M4(gh z@`x*a)WYkjmv7Hp(#X(gfbiQEB|}H9?KuJ$pg;`04f8!CW8*V~^Scd-N(6&u53#QS zh8(lo)3b+R?oWFXv)-WLHh1J$%R`)R*Zz~VRK2zlP@Bl-B^$$%FD4Rs1)Wy)c=eG0 z{gQ;e8*tGP)A1Ual8dU5X-itX@fV(4w1P6nS9r=8Mf zi>D8)i33q}c$8uJ+WsuX1!1gLDU^hxOGkkd0YZjmIK>1Ro4rv1*dcWx?EmvXm3BLX zk(OY!Xr!knL)@S8^2fNlB=6$TV^aAb0?=+aqlzGcQvtdI{CMy2h@_OAQ;Sa=$c;Q< zjMs)9w&2L`;=g*F^j)T7E_#7w)3by`N0)c7JmQ zKWXpn;y>1>h5nGpHpxi9b+pR4>Hpxt1DSgp&AY(e3x6tgod`HlY9nSQv%8XNs;rvH zsh{~*EkmtM8-`xES-sH~YQ45WM7%sbx-HD02>;D&+M$>|A4g5JOY<`~Mp}G)4$(ak zl0Zo!m$ujm+3Np4&fWwb>iz#7Z*eP?RN577m-Z}03e$3LrEI00XhX7=J#f)r zsn(A>02={x*>6LWlke}kUzsyWg;70w2UF<8Sb63Ux)lKot3EejCUjlT>8)E^9W$A>dB;u61AS$j7E2^c0jWr=(OZv96_y(ao;8z>&2+KQP6}h5 zx*Ql-6~j@V&Z?$i13yhkxkUm-5O7F(n>|(sG(TVJpWuJ1cc)GS^%L#OjrdBZDw>O- zs7w$rE7P{=d>*g*TPV{jlxfi|ala6wIvYl;Lg4i@H#ZrJ7dGRr)iOLqLZuUSN2Opa z>qX&XM3Vz-6oO^(-Vn?&ilcsz)Nc-LV#Y~|X`ziHr>Rer&kQw;A6jrgn9SZ77nRSO z+;d85-rkG2M&W?gx~z5MKQg^tTwU>CWI;3C!&w^a8otONSGCpl)dX!XRqvU4%iOEC z=Ps*A-fH0;CoS4jpTz&LGrgu-=bM;OsqJYWxYO=|=D}-#l;qX-lwLj)XZ%je%SV_A z@rx&_TY$vhdv|oRM50+8ZO7I9qETS4tuyt~&$#b5mD2cwZ=D0%{9m>0Sz^b>If5#q zSz9{tZ;!mvgQjrhU92d@h5z7(P%Xh+PmpB8?J$0*u3~nKM5!s|W_j zl!SE_eNqXca(5%|T<0CvqGn|hq&IHZs?4IEvpiqu#Hy;RD@Z~Ge2c);{mJZm+NOE> zG;e?$v&J!nBsv8ed=%IojrP%Cx6iKX!=V|;he{&!nHC6yfk3b#?KDLeBcilJ1^liy z@6hA#`buUhK9d~w>dsoMG`eHO!QxAoE&=*T?Ia!%Iexz@FPN!Vbm*14`-5w@k>8+K z0VnWou2kt`Bl(s_~-SlH?nsukfFbA&Pk$FXlG7zWIsf|UY2y3gp9uV~tl zz^`a4`|fCkH5~;m;9{$!bsysWT2^%0B(vT->A-7%d@%6B{PUJJ$O>#r{E9L*B(p4* zOz~@s-drZXK%gfwFJ5`t(oR&f_X%C~ZRDkhQcEF~970W!J=}e2O=gL~wUj@ccc(O^rX z;D83QOK}k4JhHpUU>Nr_@5W>V zjK*pNt4GWSevu>`{4MU$(?G^{M-lU_po02M4%73T*;=AbjW7cKRZPtn^X*Qj`ZDC=(TS2|+4gEp@ z1;mfvzI}^roA{BPIvpIaM-CbKO(Qzt-#I2{EcvZtF{4BQS{ z?7@Kjd}|vNgcgin#>daocQ_mN$N9BQ^zfK92vP|9H5}ax+MAP~AhjphND9-i9IO$+ z8MoXyRFHvvg7~hfSeHwH5d?ktX2+e@(Z9t5V1<5!#67r~X1(C?Vbaje^H*Sak;{G& z`m#eT6K{|;2V0Gw1)91q(XIgPMjX|b8qJ@WYEnG^naf^u1w^RTS!vH`5_4raIWkEb zABDjP-F9ViQu!N4UE8%bX2oA)b=tP3{G0ep89tFj@GyTn6L(GS7;aT0KI}h5J2r>s zi`0X#J21ag#eCz(vPCDj{wHKO_cS1Hq48;;i%;fEyGVO|tH;>iH!EScZp`dHKVi+b z6*Hc$n^t$a0xME^u5*p9_E2?V$IaK*%8d(iUNufgd)nJ3|KZq56He&!jY`dj z*N-!yXfuX>>wU2xPBq!zl3`LJ|lvV%3NA~Dl7qy96< zA_8Q>tP;BH(#s7DRmT-G2*6Watv_jj^ErMzM{(a)pa~s?mmTdMtSU*L(z;vCychZr zox26pXg9H(Y3Z@Kzxy=PY~R+4b6_n}Q&T5;?3>dvCZ4eyesY(r*nv5t?%}&`&Mq?MyKO<$nS)^XAR-l0o2g?CCy|QS|mcgJJ;SvaU|cw><^1}n@}?&SU14h-ELt}S7MtZ|3VrTnm>qNAF z_R*LAB$fng*3-(Pzk$XYEj$+I@M%kHcS8hwNSg?%o4T+Qn0WqH#<$t?)WnPbvNAQVkX)m7u50FR`Q}09>vZqAzkU1yv z#=1`1)ECv|nj#yMs4&0$)@+9qMF>?P>9V94@b(qBCsiW;ft@6yL!r=A!@c?rs& zt=lpDSUv!&`~>p>ceiHU?XcPyzH#Kyx2?-gsEuE# z^awIbC^7Kz%-oN(JV0%cyL!&^OOss!R4~li>x>cNA@B|UBquRCma_yw261?3Oxjc* zL?OU73CiFgAu?GX8v|$*hj$Q?4yuPVrEvX)+G@R$=VEYvoE)kpR7pCs_r_|XX3z@o zEiknJwNU`!5kw;k!mxQg{#odwEq|Hki+^`{W=f3iAYyxxnR%b&OE{aR7yV8<>jG4p zL4p8BM^9h96@i=PPQcm%g*IV<$$xlTYS4S3J|vH(54gNERBr9U4u2fMJ1%QT zbzW6e1`m64rC=3IZbCvrfFW0?e_q@Z^Oz@&HBu`=IkRC!ya_wvWujsl?W*bB1n~?t zw?8U^5^lkpDc3ljwKLumz)p=XzI>;_T@G9;!IrA3aOgdX+EeQ4Te~tOYEh=DqYHJ` zWj1+K(UyIFQt0w_snL~<`6FJmwzX}&nn+KpZe^TZ`bn;ywS z1{Sk8M4sWnFM4penKO%0oO5IIe3j8h-Nk`8@?q$47xT>NY~$aIfqf!1$Ls$4?N3yH z@~cRn5>#-V$y*7x?{8(YIaseX+?nz#8{Mq}1-r3Uj-|1G6$Pz)Lwmh19e#Rix{Yn` z(2^HQa)r;nIKZ8;+2ufi&_M3Jz{{CJ+d=Ub*(;UW4|~m#9(q**$_Ei7sAkArpGFQT z|3#@rnN}QPt10>Mo$Ns&(VfBR!+`%Z_n`PdXr+CHV!al%x?^OysF)whychbiW1F^4 zfcTQ%62e~2@lqS_i**ae+$-{mD4&g)MK?`+x^pSR!7L@JE>%l>R4sVh3wb|!+40Y- zjI+bE!VDd)xqXq10nfvFwdxCF>i6n<|oW= zLa2b?u}7mi-Abd+bjf}zpJ=SNj%Rngz`b0x z$SYJ+a`)Ld*W?6IyWTHs*W#Xb_|W|qqSm@<$0<|=#(&Xc80d&kq_KD2dS`xT`!>t~ z-n}%pVRTwTQ@~eg&#oNR2lnfkMLkEea%BdWPKbKfxgnHC-l#IN*j_7mcuAXyw z;L52mfZrsupLye_)|)#Fa|c^ z{P`dD=bR!UHUzg_eWDdXyMqqBqPv$&;M?S8u)Z|tS7p~Is0J5*ExcTB7wN%TnXApS zY86KK&25Nug8&bi<7&Dzi(q!hB_R-0d8T@xhKE=X~N7Xh=vCOCrjL9aiP7($A_!I z8`co%1IZ$sT9;Ls++`aiyI=<%A1s5fRj~*L!-YTqPRNzQ zbbWQU+>oWow9j!r^wuh2hX+z8^!NpgMOl5Xnuw-qN|;Qx*fg%XX2O}AIbMUmVK+C(_2Dsnfo>bmqt+&%15aA!Ahwi@&lHDek#{oGWC2lp*;rxEwoBGT7Hnl*sB9 zn}0aVzyD#q-}=t>I?I=4M_3M+tyYp5LExvT*Y-qWpwg{aak3sZ< z4B7P1K{Zcb>!RBe>>i_KP$FPp0)PX+hB+-m$O)wn_|vG+yr`JD`d`oa8tMg)36(+1 z1(g}1#N6i;Yni3(<}xC(G9YDx2m`|5Wshc}mn|TqO>D7UXcw{uOdaLuz*J&yrd6S)CU zN@ONXip+{}>f6N}QFdF?NJ{q^WW?jHY{N1oSt?8@hFb7h+~Bh_nMF`d2qPiZb#!;P zfcb_%+8h=KFD&+cq^KOf(XUzS{9t)f(#ax_em1e>K+p(tPQnUxO3y`FU%e^`q?$W7 zTmhEXA#kNza(ha=J4)8HfuvNu7x56Lo#a+HFuk{uNsCjJbr+mOBXMYq?nsa9Ys(S_ z(qtmK4IV1@7DRY!q~pq5()!~TlBm~?)63yX_DgV#@I9ib04VXJSSinN%l-FdiuCRck|u^U zL5d^acY%V~9bf)?o0tqQ+ch^4tFO6}Wy6Ya%}GG0l8FO+|NIYmT0yfo2jLOPGxukD znUFP%qYWhD7*X97$lQiosH>@YAnGOS2qE-0eI`w(t}st7xZCuh8QgzLrT(ODoLr)K zetE=@hF$kd)!3sfIgP3C}tiz#0>xuD+`f2X(@yqzZT8s^vg2v9_s@NaS zTT{@KoZYoTV1IU}ab~#aHxASAF4x9*PmJX!<%RdKx zg%0%@)X0DFG*9;xf1rmhOp}i@>hxb`Qrj{>`c%k@t~beo4tK3g>F8Z|16nrx9*Ij} z4FooJEf3xwOQrlEY1j0YUFq5&Fj0MDm*Qo$LVQC$>#O+1cGMc;SMY4KSG6Dm2q=UN zhP^krX(Z#>S?RRJMvyeY1P~1|>@ZRZg)Y64^oGuYVhA|~Ff20lXavP-ZEZa)zV2Y7 zbbAFJiJ+QAMG!13LVUO__k`FtaaTF$qonmu`bbkfh8(p>TAXsPJ`12uu?~SAb;uGfw;r(iA$2(Y=h{*W6>I zQ-6{i@KIW1_sZH^A8l*Amgv;q>|s4gmXA0Qv>}XE8!PV!Xz|w$isiAu9{}1y&5grL zp5aIwf7Dbs}|QMMC{JGf1S^E(ABm@WQJa1ZdP(IB1J+TIM#)#Hn6Y?&l!F^m8c%`Rb%2@C|Od zWyf_(D{ky$1{8-L%F8ysd)v>@sYL0qWXPM%vg-FU8ODCmI^IsrT^mHkjlE!)h`1ez z7Zj03h7U9xrvD)+?4VZpNiw9 z6^=+B<~Sn7fC6Dx!jA2Rj5OXeOn@ zWuu1qC822-(LPdfZg?rgvW^r*$D~AtuKNEx{O*;pAHa+OYqyr^--C>FhFEpwjc|8=gxUm4!TCo0s#Fq= z!4O8fhSxiG`y2_B&z9=l?=jBN3t@zYLgup_s-M!_-Cv&+>_VV&)G5CF9a?O4;tU8r zk0Q$;xahJF)n{sM$(M?{z;dE&!)lqme;7o(Exd0)!LM(g@3e+;Pi3U0Dx{B2ow1{~;?4*NE1mL*TFF9EK zWRW042I;h*apd>_(MWge5Ma^JRT0H24s{1tKqj5FFfK9AR!1t#>~YOk2fDg?a?}bw9@yc-drz%jp@a{LvsCeR@M$esZrOFJ?RA>mD|Hj&aRMUBT zvuNIs(XnbGu+_UlcOUf@XtBb z<{KUL8yb}C0BQr~>Cw=e>QS>t#1}qEcF5N`Q?`A9`7?;FK-1v+zZTR3ciIBgMPL{T z_53VVPqm+s@}QyajmYg$hJ$+Enu5JGb(vKu7@dwTwkw}V9ti-shvI zv^7gaTo&vDCa>iuvuK_JZlGU{N`fS!Mg^J;sTtHUz-o}4b~eQ`n(2~c*&T{ZNMWHn zU(09he*Em*jn+SI+MROgQeTX6Hk2Ad{{ksKqBRy!;;5LX*2#-!Tsa21&^7Dpg&LaJ zdDtEKYa{*|!-ot7C?Ub)kmwB_g32uHqmCC!os(I?{YqA^vOeexhfm8fZcB^!ZCF}K z5pNujapcY6lG>w6zg2jx_u>p0YcTg=p2B)`oDZM{zC84+DF33#^L0h?b~?^ljoOpU z^2Yp75;pre*q04U!X+BEDM^JLvpTujkV*hQQaqpZj4{Ydr&=Yc_`iF;k5)+i`{XIfWpqZtW`_n9>7^+hmEK~V6YWygs87TvG3%?}+II~IA~q}f_0b6imO%8k~>O*=f- z+mN2yEvcPl5e?cCB;ygSg-m&trZaR(VBLtAV9T8o3nD){x3%YVKGu++>;<0+@(0jb z0wM`etT_f#SI^de(~kv2KN^)v`3rYC|AwvbbPh5 ze3P4#|#R9)<Un@j%*?Yzn3HyZ`>cK{SR(iz(H+JIG(ex$#RS6j8)TsR~dT`xfS`~~;MET81 z7ypPouJXLFU>1+VC+E)*(SUHAyGnha>jgc=C4dW7C!nH)Ew+|fmtC4RuP8O6z!6oE z>!Q^jmd|8XzcdJ(<(V|ABX>9scTwEWyueh2%2Ht+I$i&|=FGL$ryVgYH{X(sm$*~n z+a5o@i8gR6BZ?0j1XSLD*#DHFYyL(d>X3>qcTq&t3NK2+QCV*;i|>F*A3+0l#}c|V80 z!(AmBV$?TBS`4&Br@k$5Xa5nY7%n8jaa80Hds{AxJk?#j-gLZQmMrR5LWDTGXGA)0 z^5)zM)zKDr;J&kKsu2!j^3Y26q{NR?_jPe2W7ElK5=25_MQV_-vH*LEx5rUU?_V+A z3-nK6EM&{XvJer?j#h>Ak&azB)coWE{Z-H_IZk#rpxhm2lKlfy!~7&uw<=X=`3kObnx{1#njWcdaqY*bXRB&ERRz~jc#*QR#%MV zdv!pBLMNv~Vw~WM;z{NWsK{$>(DM9{Cu{6A%&Ux5N}Y5_5e?AnKe=lNjSw+ed+w-0reh0Gq3fdwH*pCbv$98+%?Pl@yHa3oz?~7n2uhJKV_HFSG+sQjC1? z*$9J-G9*g5jpV&e6RAw%G3ZIaPY~;7nl8FtX6c%J$EN4H%{$0sJ?rv*fG8h2o6QnK zN$rc_{rPmiI|E}6SlDny*!?xF=fkKtOYkUABAhIqM5FH-VAK+#+8enV;u z_6_N1w{obsOASInI`S{RKQMl$3i|A%;C zzWI#5+-~G(?bvMjA2jADZOY!{IZ5f%Aw$;#(MZh_*I0~HTk$-rfVZs9GoPaPDJQ5= zs%#xNdaa&`-I}7VFhh@OmZt5Mjt#qu#5Q#&7?WMt8P3g8&i=M-Bc8_gu$(F0nku4d zX86LbKJ1b2nK7MtxntbZR$49Jv~>AZ-Z}qJrmev-v6V|tvEhMNW%k8-d z?P@PgTa^_J`d4oC?nqZW&tGkI!Ocd~)=TD^&UBa}49lyh-Ec9FI#=j1v&N!pv9Qgd zbFqa=TCRTKx6swzL5mBh*&!DbltlVlhWC2zN#}-tInGnIlW3$d!Wkx&)v^H9!_kEt zv%r%a4Ury4c)FdhKgPvC@g7Aq&F-8m*?bMkWRf!5pKa3Qhd%N(Kk(_+IU8;TU-?f7 z#Arfb;u~GB6{KA-Tj`X*Fu*cNBW>wCiJP&-#(amI*eY=S zPVQ^v2Z(>!ThvzlSaDGr`$Ox*B>uV}>U78>44LmIcz%0O^^T)ntrbSK3|bh}W|f=4 zWBaSPhgU-($hqcM%FpziwoG)qH`v#z{qnFos7xi)KhE&!%;h(_?Dmlzr@KaTsY~@b zYg;$fy=*aaG4PR~GQVVMvD2l6teBHN6`u?P#O~=T)tYvtdz5I-qHao~XLUhXu0j>P z*wJ8X5IfL~qRr0;I?gDlD8ALKVMYII9scugYpUE9#&co;pp=0TAZ#E0`$m<;8qK!e zX}{FGN~jMh4^lbEIq(BSy8dUO3o<5j{9rL2)~yIN8d5a1Q|Thn`##OedO!-`0j)pU z(^5LMhhsD}I;8!`@Z@3M6EDRIXMMZieV&;eq!{<;_lf+F!TmT4|c zupIq4X>RZR+_I;RtZ`R}ShKf5H#Z@fF5#aPJY^AZ`buEnTT0#MbxFWfn1MUnScMzE{N$JQ_qH-O< zK5Eu|-v>Zd1R-!E^0||!t|AHwSaE8bAGe%d&m8++tAp)_R$)~<7K3RW7w*yBQ z9VH%aRm9pRQjtS~f38fz<)h8%?`R(<;3GC`N~7`9I$-_+NGVY7$9~BS)QEiY@cmY? zb|j^Ar0OZiwtwtY-$Aqp(n^ZhzE{GPQK64A&@t~N7F?7gGLQhOj56%`tOV&aj$VO! zf@A=sN+Ma>oZQT!30OoG&aTO(#dIL-CxB8v8qJl7>5ixpHl%~2NXwNtOFpW7!NWSLJ)?)u&bMCB zQkJDEv$b!Y-B&~J7PUUxB%f9oBjV(@6$Hqn5A>I+tPpN&~bI0%(HG0=h-Ek zxOVP}*{2SfXJ$|WWU?&7eD{g|sVoIKy=EI>isjV0-sv4}+dMxTGKEt*3iNYTOAdGa zAWVDM?)6rlaYA(7{*8X_!u!gf8l;@b%hD1=xC!2hbK>{gE@kG7xVEO60=p(_&|>mb zC+wO`yKH%5_M{x&3P*j@+K&5f=I>*8$~#8JzfUfzH}(y5FBvb5u;d0U3aWHjK52$m zWEXAkIq}wR{kIbF@r(kSS&z8sBi_fdH#W%X3}+^}TUeKy6*FD*steA`T%*^VT2`AR zUUHsalvuE?)9!=v4#fsa~yT?X-d=gt`_;nj-jSzf)E(aG)8`@cniywlz{}y*8y5C0Xw{3bd{u7u zR?zh*_`}l#3-=_+gOVU)uABIxp9*ToQx#Rsin%sAF4R!5n%O>NYTjjD9_%-YQ4zCt zC({+|-^TJvm$`&-XkGJ-$G0CB*;wp;p*{8*+-K^UG61VNNo@O~Tsz-eVE2PuQn;BC?V`Ru25u5^yf~1VR z5V3vwHQ0EpTUGU&>DCP|qZSN}&#y=ftNwC)=pV_y4p2+VhBk@2^6w))gH#8tRg8iE zfeEVHX<8(rqH!}R2F8}Tv)$pq_;1)%1cM?9WN&X#Y?qN*FzLWV6Q|KF`!|&^zpyrVUzAX;&LE@l$e)F_Pff{bIkifS7A@2T`9Oer%!h4 z93@Rj>RZZBr>}V%V<^fxU)U;@-o?K33J*NlT3^w$_pVv}He0=WeH+tFMkK0Q^Ol^n z@;jeacbCD4ukT24%NUv!o>$*p-XboTZdo$JqQQP!YkWdsy-$@Eh5yY!(WNJ!+T)PX zxu%gg)~ zEAq**qWZv0TBvWekt%)HIsS_dP6##gF9Y|_zax!F-I19zw|)87qu?X~;8tm?G&?(y$bQ+*1LfaX=isJ^ zV%jxVl4|WISV_ca@Fl?TE8bg+!4+MZz4FRv;pM7%YfNCOD-(PNB3?$A-|B>DrZATHATJSs4 zbj9ADl)FLVK%VpH(bpe5$IC%G1?dbvJD?XwA)2ET5%Ax?#D{R^;FL&2)qSWc6H~T5 z;p6emlGE+bB$4Jb&~A~UCKP?*5i!|^#n#CzB7rBcd@{?~0OLnK3ng=an1M_W)IYTx zW+?r&AZr)Yi5xNeSU*VSsmoiAU&^eBk?;5_3q1);C)>I$_D8Ga0<=2f@U#T&`jq+u z)_jN5Cf|^r+tsQ1#a(05?uh%AZ^&+(Ch5EFDb%V666ZWw$O^uE$3IozyQ+EG_+{*E zmwby-mIz~LUvj#R-?-JwJYLw6(;8gC49$__Cdr zdAx1@sj~EHnjm$XXj0cyVPB9EjibJ|nzhK_SLFIFo0R0gX=yx1X1peYsY)xpb%R$KKUTQfC4+Ih zsP2Snz#1Lz%>88j&rkrEPB`&_zJA;LyXgJ;(_FIy@5^rdPe#oz6O}AfgYHdDQ@mg!I)15VS*&m3 z)Gx=`T$)Y2bgE|pAp=1wU6?#!Qdb0P;shx#S(eoh4uy-?IZvkdcmODclen@{> z7r(S|(b&j%)*MHRyHPVIY!uhLc!>s-8dEqN33)CN@)Mj;* z;iS`jcO@kP^>vijo^aKwwC-3E!~((djTU`8z}|g@=lhLnvu-@329C%+ULM+p(wJP4 zU+z?E$#t}7>#z0)*Rv0W4iMf#1qSPd#SUl?_1z>oCKbXEia{s$>&9Dk@vDD_fc+F| zgZ@=K1?60|pgvBD-MOnrvcvObUPxj~RquO-a`nwy(rOFfKqD$)l8 z;V4fh#f~Up2DSiQ@MqtCNoGH419c>kVIYD4Itc9*Xe+S5s0Ch+qz58ho#z>B0cpAc zP?g+0Xg5-UwdM^@IU?=Kh&q83MI)UG;482tIJW0KAQn=O0SX!=ny~F4M~ui=G&VLq z8h&R@R3J&a6b-xAk`xTnqOesJ%Dr`E16A)k3>owm_kY*z&I}Pp{V3$5Vr7ztq)5L8 zbxPXkHW1}lKrRQFmc9z5gEK-XNk$cG;TK}`NquqK-X%~vK+H|cjVo`;y2cF|ygX*e zsSGs69Y#km=BTcvaqybjbJ4aJsmZ^lOj&>fH&Mq&)H7J<3|SwKaMhr8qJ7QXV932P zuaYiRq*sBdX;o=SY;5e*i3^;Em6#lGhK%plyNAxA2g6bs=Vyp(A?{$jFipjaR6 zLGQ~a{FzVNCM+-rWhpj|JG&N5La-=F%dd^MdP}@>l(3x3n>>i?=`SyCksf??9GoXA zme6U@G#*sL7qK)!pljEHBTcD2Wows0L~(ldOTb@Kg6r*YM26k*HeP;;p+*V11Ek|4wnCn};R`6)fL`nQ6Mc`Er%sSN zgKbPC)b2AN_)U#+DA?5b<3EfV`NwJXFB29F-Y{gy^TYiUEn(4})wMo?7Q-$$#Z@=& z)f>4b!mSt?0=gjL{*d<*!WO$bRq$u(l-32iJ}$;OV}^5FPW?n2CYz3HVKHa&*4H_`8(PcKMhXW`1sMQ~sGUl(L>* z|DrWt_Q|I2QhW2N4JB1lzYlNSuLa*Izr0l4w?*htCiwT-UA0th%fGMo4@kR@Z29j~ zp)2E49rA85S1bL({(BuYc{n|65RPW8_yT$mQ7B%iGno;YoPkbH5d0C#1BMY6qvdf< z4lOPO<3aK!)G8A7D`ef+c94xFv;15H;(OW$*-Y*3zMp+3h(D*eeMqf;aD8OKCidUy z#lNQLe_d$r8;|V=!k*(2V&0^E8$lx~b@5^g3`H6ao&K+2zF_O%Eyj##@J!1_b3?2z z)c?U^LlOaT0d-*rlpr8@KoyhUWbrEnFUybT-?rJ2OSQI!GEBc9t$vl`7rnPeh26Fv z4gc3IeE*;Ar^wA=Xz(KIa*NUu$)_KXKCjVli!oMm;xu`b{8W1!CO5wP5fuk%<*e9> zZBL1K93d$=my!GW8MQJ)ymh=>YFp~Q#P)mN|D=C?#}x3H`hh%OwjdRakh_^aLt#MR zCFf7nn}kEWLTNXQ*SbPrKWPDVmrt}k|5aa~){?q!nYsB*$NdZbe-HnVA(4i|?wFyE z_&~T`HU41M9(1@svwOJJ-#5?iwm7O^c_!Xa+OpNQvS#d6o&zqIhy zLRVaaeM5xsqOQd+{uYZ5d9qMBYVb%c$DD#N)&EOYHX z8SVUE+`^vQdzdpVPC=i!X42=GmtKArOWhqqW{;}icf!FS14JI!pBIGcGyPg)3tIVTkxPm% z`g`OO0~8(_`mnIOyE|-u-j|th{^$aXQ{K;%#TQlFYAXEKM}Plt$bZ z`=$=CdiWED9bwuX`9lJa)$osypOJJ09Mehws%StBUEJpR->mrga$82OBc@W)5l?v! zSr2Lbg!#o8!nD^3NJF63L}x>EN&!_9pa6E;Bw}WZxZO>Qq6jZH*0O_M)hwb5B)QUdp*;+#bvp;yHMPI%Gm$fPWulvd30gxx^AjcY3t)**l?0|hvhh$p`YyS$JEfvdgh$ZF z5JA^p;Sb^~D74Z2;kML!7K111`p%%PQXn8bz1K|kW`q%%z~k|nG-Fefuck~}FblE* zIl?mcL$kqVhVPK_Vd+Pm&Wqaf=}G9trSl!I%pmw%?cExQ$P-1)*SFk3gF)xtgu*Fu zXF$$xRh}<^^D$lUNh)3?w}lejCJty85>z7Z{vfyXeBSpRX?;(fP3>3Gy6rdXET6bp zAl@N|$l}zPaLG+Qg9C02#yDfU0G=;3~Q* z;a2g4S2hMsR=ZL!f3~(X{cj=5Ah-6vF4cArzpfU!YSh`OGp1aoAF7%USR8>kSvSaA zQ1#Jop!MFzSP4&JkzC(G2J277Uaa}UGiA}ds07-HU2o5%psYk`$#(*X|Mj{3{~Y-6 zbKjzus>!kBwuEf?k%*#@?O@CQzWMVGc98-X1;TLrIz(^;Hj^xLIWDYa z=u3CU%DBfQbd6~UJ9&^LIM~OMYyF1%`MIg0liBTz_Ot0jnGj<_rGy6ySRXy__tzHZ zCq}s03Dcn%MT=o19Hb;ZFmMrCD*V3rwTS8)t^kh ztCWLPd9aO#G?f<_poaoRt zBQai*0t3pRpELNy+QKv7;Wg&ux1LRzhpmn`MWHz)R!AWR;2qMh0nu2$pZuNYi(0f# zzR~?V7&#-{+JNE4++duDv4&(5nyR_K|2ALwdtu|Cw{m*aHN)vjT250U4G=fukzuL+ z3=Yw63C&+gt77cI>WHk$eK2!V7o{Uf7GVYa7v1dc*Ba$oVmHkOL325&sE31nA#| z9ZFjNg@YL4Mm9iB8+0f_T zO5hs}_XOieZU?S_w4_6qgn^1JR30Ji8R!b<_2!5c%mR7wgixN4Cgg~uBvSHSLVIzjjzTDpgp|&)4RfKW7Hx>vY85H&m0FtPgeu9S;@|Z->NgzOiW|GDj ze>QROfJA}-okRhMRt4mTQL;poSJ=}L#boqmTzMbk-oZ9XUnU z7(p>IOn}=Yx3x~DJW0=WT`^-Iqv;acs_h7GTlXDfYHf$*xfYfJAuCn^5?k5y<-hgA zO4!V>D+5skayPW)-)AfidovGv2}pZ?Q?s<-ouRparV$gOWe;15t}Hn?O5;&7b(h*L zq_9Y35N+UN@7&72_JdlkXNe&g3CU=Rcl90K(~_tAlvQsFnR4Sy6Lo)ms6PoH_IWlS8!3&_|X z)dDY@=Gk^iADqu-LlWS8X_IrXgLk>wzap*I!mQ=CzdcS+=8BwOKjZoKD$438=XU>n z^2Pr=+v!c;^vy5>{h=KMOc3J`(t{$dWOj(?GSRc+^%uZdU@iy(^}G>?0+M#1KIj$) zX~m!Y_(`icR1Ba51krGXEUErhj^%eO#q+&CA+qkPWJtmQf#R*vWdJBc)aTkljh^Rw z<*#|E|Eh6z_QQjvYSXF|d~|Yk*$0LZI8A|}L)Sf1MohIJ{N*|2%rjYbkH?5y?KCBy zd^;4q*Wg|7UUCuv{ti%^hp@qfpmXnz!jqGhZ9%%+p=1Aokr3yXVgxp# zj2e3qkMclXu(9=B}S#h>ynOv*g- zf%%LPdIAfGv{J>~A}GiEZgOecYuo&$ZKNN7DWYga>IAP2UHMg&=~qo+I^G#`ewsUh zZ9@fI^S9ROf1cp^#n84Tu$|&rIe;XA1psSDGU5qylB0SwwCzU}8ey*@1SPNS3*pi5 z0*UpeM>_p~-sT@)EmuNXT$?Lp$?l<;5_%#%9PDF>UgklgON?|?IRkQ8{G zl~7cm@AUK9@2!#z(QF3S93G0K z7xG5A)%Phw&&m7id_h46j2K=z<|py^D4Io^yuYb5T!+EIOYw(|lr7`sbbir8aDk{7 zK_}c2wg8MPk~8cA$THVDD6JCw35}-lBX|Y^ni38zxUvyFt)4H$M@@nm&8=xrqvt=t{A}ny_z82r;liAkYvFeA0MS*IZaRn0QaKctV zH4mZ`N(|WcS)&6{kRDJquXV&NdvZI~aGR$Q?h8 z3fsnfMM?$4W8f_2F@-rE>)yu6!cPkUQlJGhQYK38Ez0QR!NPELoyJTbvrl*1g1!@A zv_IApUwmwDK7S&LMK_HYU4O)w8vgA1kqx*1Jfeg^s^9{_QuQ}@{_ufRMgakV-6Go_ zXKew=#O7~zR9fb&cExRYtl495%s|mW9__ksJ5|YNf5HxM-9&AS-y?lVq1PilGO^MK zX+$*OsGUcd+-dvrwCIgKYfPR$kr%6U2>0$MhtynRQ`}Z(Non@Iv;VzZhD53fv(ti? z4e}jwDQi*mvW%{+Zxy6Je(drHGq*$tD0c>)4hDmCdlGj!@6V;}CuP%Dly%YkDQZJ( z5ywSju8|~9-$l`2Nkl6`dEPe6b1E=d1H1r80a6y`>A4dnycGeew7Y~UB8O9;PH(`E z!oQ%MUGrLp5S}lNMFD+>=#h|k1@+4XIB&~I5^ZPsiIG=emLmJk#0>U8-RcOU zxFx|MG*AEB$CwZJ5ik_Ez1cpU_fwG5g5d+_2>CWSjsQ)-fO*_}*BHC@i#j9+3Rhj= zo_F0RZJayLWHWWUKyXgIrRBWnzMS$OtB=^>@!Nsb`x0 zH_%lpSgw@PhSf8G0YKRgyo%nlTxRRzIoNo7=bG6?#Qfb-QEoCcq*!tT3yeMF%dPd! zHb2JCS^zr^Dg=Ej{;uC3&0(DXC~yF1gpnGR*}B)RnS}0e zFv!K=T2^mW3l8|8436bRwdBX^TTmi{9^nY>8`p4qO#dGq{f!w7bD30JY(m%&d;5YB z-71rhi5KY=!;8^i@lZX55R#a2v=t_d1fWUap|CdOIE`wT1+9C>Zqkv==}X4>d04!7 z4WM8+Nevo)m{9Q32%E?$5H4wo2E6*v)i{+19yPVKAHO^4LI6ubdH#j9UynRFi#(xm z6v%eecLR2YA_t*@q_s`z^8fIVP}G8OBy=YfN0n>$A>z?D-zRbVGJ6zq3$mht*}^|L zzzKn+M(n2ep1*f&5N)Db^&W`;r&QvZ2w01g3ZCGEBY;i=@U(Bu22VFDdp$R?(Ru%j zAk*}u4nI$}EnGN$9{ESp z!rl;h1yc65@m6YE&gDxBaYijHy81oEnGJz9F0#RH>O0rmdP#&0n0UAgm9a=4JwO23 zqiz}8Dzfct(l?D8ZSO2Z%^;ObfgP!Kk3p-^mHB++WpQg4q5fX?KzCo^83+c1PStQ%40b$ zX-F!G{tQkVFGRtJuW^gr-|kOTa}E_~QE}ujQjnwAhbZ+#t>Kf{Ds_Rqnh#pLWp5vI zuq+;+)Ig^Evi@s3*9W+$znGqDzj2kc z4yF#oQ25yQ$EZzbZ!4r3f}ModzzfGW#pVuYqVeqC{;7`gUo7ZVKM-I7n|ok?W3lBN zsVj(oBew-1k1~-X^-C4VQ~{r3Y788YyQ zVEgctq>VC)v`UAk5dG!C{!`wz= z6AZ=Lys{BpOrST+c~VzkRw&e0j;S7Ko-XjpzfWxnT|LKm2GgGah-SziFaC6Pt;1k9 zKlruU>2u6`&%qZB*h>7F#{O|gw|x4X>UHC1?knOJf3wxTYk1oJMT-s4hQIit3%mb| znIca@8;##a3_jz^Jp|P(zESMMBSTj4jbl7;*jAhSp26>K(5uluT;0G}k2?h@g*lu* zan3KD3&-b4%=DSJ4BM@6Y7@9I#H2@8yq)%6jJN)V+X05>;qKx35!Ax^QTMF?GKIY>f_{^ZUj*Ix1$A;$zSOz$upXSct zisX;H3LX2rp@Rf}Q42R0y%0^FKC6Dojyu?spNEFN{Xz2VceqK`=OK7CzvrfiUR{m!N5 z?w?>mw(m8ILAj>4_ip6nXra}A79}FXeTi!Q_S?GhIU5KR#tn~6Iw?aF3VjH`YYZ#I zeW~LD(U}~a&1qiipL{M*RnvL4P;j{0K?f`Pt+sn#L0#*;6Xuz_a zQ~fqx>1a)V4KS%Lge~56zjJ$6VZWvbP?*A6G+QR0SWq7%a8z51!_qL7Fc2sN?eA9! zI00S|Iy9Us&>fpRvt0M=Yyx`%`5rg|lYrUq!hj;$^S?73gI$gs27qM2s9_`$b9Qzh z=?A(olXI2a+-9SnFz~@=wKetNiz@Z5kPgEnjza}D#t)qsN%v-Cv8jU3a!VPuYI3U) zyCHBJ;E4WIgy}?F=lKRzb4Oj1s`tlzcrdI^C?x-s*OR)U>DcXqKthAvF}dc0uD^z{ z{m~54C+DMW$d@p#lhLug$s=%VI<<1b0!d5c#u$$Q>w)%>DCeh1g$zC#90Iclh|UMh zKWmZmuo(Z@=5Q-eLEu<1pxij5gs6SDC(LIGRWfq%K4vi0*m@Y;|IqnOxn%Q%0Nty>;$V1ULgND1a^o95DJ9tH=bTh)XM-g z=Bh85QDFb-ZvWVQx3Nb0&WiSsr{Ft=OFex3$hrQ z-awl7^3c`W*2zLVd8b zfLbO(oG%gES{8XRHp-6kKP0k3VqG{|05;jXFUQNXrH?QDGqqi3&}6HlA;Pu! z?e)c^KIi?QBR}}XNG%w+b!dM>AQhnP#B>AfMeTr2pXhE3JLJ8C+?EK9dUycjg#a*! z0u2!?HFm7i$=*LzxuOm+cId#kUm)pXRrG_-kCUoy3(4p z!)i+oJ=&GvwAYKxaWU(7(U)Qvp1X3Bwvvr;k&#&%`_eAQ#qV$K%UC{J{g;4VQ=JG>xA^O))G=FRxvZEag)1V8JH!&JXC4dDGR_qE=kInYzQ_Mh`&Fx_ zbd5F+$9Jh1oV=Et)4K>xsSs^dzIA`CkBo{crpZ?OMz3qSxnTPZ+h1>n{u~_7&wl%^ zo_BDDk(7Dp4c%z(jfD5d78ai9s>->yuE}Bi$=;KvSOv=$NL0lyI=pB!L!2v<;nB36 z+zo{7tlo_OYqvcw{6txFtIy=uo15>ye_LH`)hnSPOVIxPNDimx^;eJZljSy1=M7qj43GG-^U zi;9cya9n_`*;rk6{c7^=a5>$0=g$47GIB!h-P2MDa`*DOf#$^&w)FmrojW^qb5&d) zV@y!X+2m2yCeo%*7^p`5zaMaeBS+gwK&AySMAA=hrYFf-fC zY;H*^=F*fjS`yV^jYe`-jebcEQaO_D_uK#ZKBw6J%sjr29I11@-_PfLdA(on_viiI z9_(YF(|A41tT>$@Y-x0+y0Vsw7oWcr;uU?4;Px9k{fOpPNH%jrMB$VB?&>_Y_|~|2 z%JDvzeD39#`cEF>KRI=YsiSIof$ONKxdl=6D_`chHu`O6C1!EEE2CvGs;jGinHz5N zbNTvq(LtRiPVKuZqb|L`qoihE>pzrR|FCyT+vjaQbPRrsf!$6h_{wW8(8vw$2LM1F_}R)7?8uK4jcst^+|q z$3jEXOFT**?H{)%Ec9wdM#geqbUkAIG|y0t3|>))|-Fi?0`Mu(o#a^|iG3F1M!7 zdGOXw`nk|V8F%gkd7C*$-P$rJ_7)ZV1NV9t+={BB-ZHtS#GF`7EpOSsMz1j9#|9v5#Ln>iYrFRds@X!}oM)hSJ2aXtgu1vlz{eXy+4!>X#`9Dca&XYb=L9(0G^=&MhjtR&}; z2K3!^<&w4Ch+S6}ca2yPo#`JC@Ckbpk~WdAm>OR2)n;$xR~7khrsd`g*}iwS^&TFH z2b7)Xt?3Xr!ouP@s{7q{->vcV962v<{hEfM97n*0ik(hn2%>;Gwb z%)G-yeSQ7B$BzdBWR8bEimJO7ID4(*S3R7S?c_~Ybp7294^Bm4AD zT8J;~w8UI5@9y1R2w=>H%9S)H&AuJ8mI*k0nuIH7kJ56!-_ok%TK13 zyO;h^_uxUF!zl)I3650Go8I~TZ+c_z{EMpdkDyxvlSCd@tQbT-?01w`?(FQ@eg6)I zTK#8t!z-AYD~oqh{Czua!!TcZ>z0IA*1s>Gq>8gTcIsj244b`6O?4yI|K{hXbT_~5 zZXR^$$XY|Q(H%Zfd?%G2QFFmlOyt}zN1$T7sztYN6}bMp@xb3IT3B1>+)LP6O#{3D zvf;y79VC?N{ck?&8rv!;I5gBQb5&Wif9u0cXrk9oL7nuy;J9(xax>N0^p`o_7ItQz zryBiUQQ^uE;yAAwb%;mFgNe+~Sc_P-o20ltU7cQEUA$(0>)om^zAq`;faj+pKbSJM zz9O^wl9A63<>lozOJ2$!R2B0Sy->Ak#$l}?nQ87`)JqJ@#fxJ!;zGq@%-O5XA5Gq` zpAhio&g<#QNP}-s;a@Tf_@sdY2R@+FN6h;CSr7!OegE=6j`Bd%>FQbf92mbtFNbbZ zBGEw>-ZkT1JGx2V%4YBTNkg)Whg1K7VN^bPw2X1)2M|&q-y8pQB1j{s7d|-{JAAYL zIQS+6{QmvV@BtVIps9^#yN!xu)BcpO0RAF>`DM3{!m>8#WtOakkJqxxMiY3i=*;9_ zfBlg6;)Kqnu`L?&!S=B)s96(q#hIAvg@lH7 z9y@s3uPwc1YZNF1*v3!P)&nAWvHNI*`!fZ6{*}AUPut@cY#;Y-pjE$mAIpS$#(`E& zUA?>PZXF-C?LReOO74%((}2MB{{l(B{%L!|>&QF+?DXl=JHbUvINO%+&7@aVm&(rn z2v?Av?=ZZFqj9$*nFYr(mfP9(c>a!_eW&V&HzqY|-cLs-^4z)oTefU*0=xR+px9ju z7CZyqbp86FSby05_)oOIyHWpA+3l^RPtS5cd&i<>F~g7TTYU*ezq%P@EDQ_^a>R>? zuYDY;ENODxW2dvYPDA`{ZCfokHZX~zrJ2@ySPmw1Jpg0a%%7i(|0YVgWZm@sKGRgL zJKd~DZ}Nn9 zkW@#{jg2#>caA(*mYVvhPeo*K4o$+b`jhYW0@=<-MRd{6bjXXESff zM-_Roh+kPvom$Gt)(7<7QF5^Nbab>|$`aGs`o%*$96jzPgPRd>Yioi!%x%X1{`WhB zd?IZXKBK8~em|*1*)X_?DZ0CLruB{G=a$s??n`?CYvUd>Iq^RLo?TZSyq(y^BZl_OVTLX{@o%=2UT9Zz;k;Cr$4RlRy+ji+bgOx`IZt=NIa3;;@3lQv#Ms zxB%u*tJNmi->@H=r|2L$@80pXqxLPary$U34rrGqS~d(8Bt7o%bg<6y?rkhSfD#Dp z&*^Fp8r7|ZdIOlD;;7EHZB4O%-GZRm({5G2`Ai?1UlrZ=N}IDl^_~H?)iJz}d}LLo z!T0g6;Z-S-!fXQ2xZrJrheUSgqv?!NY0-0gc2pX~LwBZm7LV!EHv(D`2rQk20WA`ck^#>xhWl{3T zh`WRUU_%Y+#}w{98r|N`ZR~XOQXAN+?(JK5@3>V!Deyb&M#-}V|9^SUr!OPk9GdDk z888){DZe#uUeeX8lQ<btdmo8avOutqZY1et|-0)d!yLb|Oq>sX=?@NyxMf4h* z>PK(I-|OnU1ovsZ51S^scH`2eP3bccmU2(INt75-A`9@d`O}+v!Hd|>k@*iPD#9(& z#ZrtSXaK5d=Miza?-;a;IJ7M|pU+?)K^C?#Yu>{Tp>4{6FC)8J#Olf$YwaaI;UpRn-5}zTRJx z)Bxx>EM59ODLETEJFDo-DK>jQPc72zF99Zc>BuMJI1vhVkFBsMefkzJcu~|AzVHfN zTTh%knM;Nz#9?K!-O+Zk6*|_wT>pot}Q{!hmtp zYTly{gGsmcYt*Sn=SUDT7ASCmc>Wdv^HK z_j$pKqHq4Q+ou&`3jV>Ji0tyHES`q5971$6Q`c^c#!&Ch@%8GGzAOs-xtP_`E(g&s zKdJMg;`?WxW;gir)QGRpk^FKFfCte>(}^%t!-P$lrfWAnZ*yw0qX};)p#ZZ1g1??v z>-93ZxDW;==rVn;gXlDXhc_kmh9T;w2`4XYn$2=VW&%M_^%LRYvb*w3>G}Vr&C|Kl z?~zlyt3=EEo(NpICu<8aF;JZ1j|PS(+s1wjYvgT3^Wgo-j%=?e(wQ@R5${=H>sJqb z_UzBUy4$6%L48}|F`gO7AZmtV;tkkcv7-=isq@+zMJ}D}Ig&&FVAFv{Motb6@3BDs z!NE9j#o3oeu|;iX==-#qayT`uMM0AqA}APO_ldk8tKe)$X-+!}4 z@8_h>o{2RA^3(l%H|> z%;PsGF_f3AGn5C`6HaiRED;!f^ypEvfH;d-VDYn6c>WdD zvVQURak-dBfjLbw9cSm#H6nS-zClIV`+PcbU}vwN-`ecU+XWu7eZ614)~(;%?Q@B> zMs9JP@;gmx3{Nxm$fYCq5?5Q~+F4uku>{PrS|Ds;$k-1Dbr=Bhpa0mo^*2+uz3P7BoLhjE90 z;J0qadYEvOY!(77i1h1;?b3hUw%Vfad`<%4o+Ks^z*s zr61*WDyzl#p%27>PJ7=vwMA!<#{S{Uv0D!w-3W_uEtrcvNLylRX!z2Ech@xf1*c z|0Du}+OgDK_gM8_(oUISdeaWz6m|mywFVyb_PO-~@wXC^qoaazrJ=Q`KOq!d#qO#Wnmbm|a zP5Gl6+Wr3*_ROUl+`H}c&LDZwd!nPY@Z91FwB#&19~zo*`hIFrmTg^Z=dnLv??oBV zB^I<<5Nbl3BDrUG{g+o8hXr0$zfFP+pP*G3Stb#EfyH1!LZ^98KI^07ezRIh7BF&2 zEt?@(K9L2jmnGQv?4=o|4Bb$cNzvP3s);EZ;>I_z9}W zlWB~)ORU1eh3{-1m+im)FE{+$%ZXz+*WrR8Bu^-|N7A<-gUxH{vPI&2lfAHE-l`Zl@O;QY_F;?D*^`|V!0e<7g zviIy0*Cw6ry!*?wgVpMpdmUiGxr4Q(xykad1WLe+4_~@Y7lwUm;Vr>OOiWC3OpL)e z9UFVVE@BwLr7|?M|3nU>;$#JSK?mnRqTvExzWx`YKehDU3`PVW4IDH`vqUH(ZJ*oezkb8_hl8f1 zqq|;>!$*tn5|?Xec>TxJiNxBWq36zyjJ?T2MP^(hLclSusV>QB4xtwqPq3-ceVJOc zXc+R|%$>jixjmc92gn1AO>>&%rbORD@52zv#1~b^7aqYhPCtPZ_nCAQR@G`}T2?^+^ss69`=@MGBJ#7Yree z&wu~Nl5g?RE2BjUP!EjO05R|4>t!Y8hC6+hT6AvTlk_xtQ_I>)ti@`{KBAC-yKT*( z{qwgV-%$nh@2^^-yH}5R(#GbBSVo+W?RnQhqGp<~YT{0bvnggcd$zm#QY^HlwgHLb z(b*@Q3Vx8;Y8Yu&>?qSTU)mjLqhju<=;+z=54Qay4YvM=OMkB(~*Ly3IYA#4b@DzQg;J}js9k9|Nx<5Fwu z5u-*W(FczN!{zMa$CX${{5Sf@3kRDT-`Pz+{g=Pozn*D5G=GP1nK79-;d zv|+St5cxsW8XIy{!-sVH^W}VQKxg=)s|qhC7A)h|t*ewlmOQw!OV};gSE-C)tRR#q zx?^pP41Rsq)adJ`A{1dKn=`#Y1XfG7`kBo_o|BJ+_FoNkB!BL1A6D<178<&S5)Sgz z@FE#8Ezw^%=#(W`=c9HJ$_8au?GOL;tNVz_8?62=(ncC>V#USzbnGnaR$V%`e_cPs zN1!sR5M1}5pGR#$bmXa1f)_EY8Jp(W>{WHk-lCso+CQ)l8k$)kp%(|Yt}(zYKyr6l z@G`H`esjP}4T0}=7sF$}MjIpzA-uvTN-QEA($ml)g!hK6ZX&FE+MO+Zgzj^;OCEQ7&%n3l)K36KQ1VcG^GYy zi`5DJ;#l=XFb8}~=SwDO>r??mbr5Q+hC^xn&czFmLQQ>xNpaH_wTRCuYn-jAi?E?~ zfqEMgy&X;pDStB61qq-B?TR;;+zB>ti8FV+hKwMdTsRX|p%WlPkPC`PEDrN|DY@z6ihBOr zM~AUXlu0I{Igs048dVe**+`%JYTDan!-&0a^(J=Wr2Z#M?*t*J5*1$y>(GfXG)u{mX^jIJK0T}K0q?D zyZ}$JC5WfspZxNmjApywJNiW#FZXguAzs+l&mg(e6O@2*0x7{E)5+Op(T~I(`c71T zkPXEpPJ~(3ShL8@AGPtC+~j(49_zn`3!wUdn;`Jja-CAP1VrV^FUMgrQ^IiNf3>Ty zQL*#cT==HF;IG&k*^axH-rAkp#;svNAugQK0r5Rja-AwTu7Nr+?jDVwPQt9 z-?X3B?X;Qf$qqN60*zv7D()JalZ6*b-+fVCTZDxs9Z>w*QIC6gBTD9_WKb5oNzPaV zast}S24xHTN&9YVGqqF4kV+5lDQ(^izI+&Z2_VLzL}p0(hOanZKp86_ga!JB!4d=N z)1+P(N;R_e?3uN%{(389h0t)RlvuZJH$Vxs6G?Y+>L-2$!-c9-l|+QQYjM{u7M8^| z5)Ol`@qB1$XsA^4Y1SSnEmTT@tCXn0SztdYs$+)Pn`^WmyHWr9f7yreYc1M(H|20V zO8PK-^!J3Vol0?Z%UxWQ9ovWGA5i3!uk&e9thQ|3MAM20+Sy%)+0szcR{N84m-pPf zqiF@|ivC6CjJ9*2;_;IwQgb9v%zpF4R0)$`;$l@y-~Qs}FI$;c zNX-ck&*M?O#>Jx&wi0W=76~5;=?Wa99HiW{{@0sLI$w3@Md|aum_0jPs$R@~FQc_B zMtu!MJQVKm;NnH52AN-x`|8wb*Vj&O#gUBPdWgC*WM4L^ru0^Bo3rmbj_#-i*u zpG^~dDxn)^2aAlvx__P;`zNx=Ng)b(Nc2XYKOZ0{@u z9+*Aq_X8{Qy-w`czg&G$vF*owmk!Gp#oOD*LCR7*u$+^wfJC`8xi4+w520jZmtm)BIv34_5!*#VbOjgm35c-uC1R@nSHlct5K`|4lBI0E8-4S83=7Zeua zsG4fGZr+^5ok_jQHYpT!dXo3+-J3ezY32P* z4f&;9-n2Fw{dW9|_U;+#KUwa9=1X``<y4wZOPkEPkGs|Yp%Y@$&t$2R+_YZk22 z^$*fpVAbhkrE9{=RH9ZYSavMrhwMix>|krW}ff$^jGIMI<+~dGHd*?@Z9av zBJbAs8jd-HDBVT|cCsYv0-nm)RK2c2D^c(Xgdh}+ScRBu7}R8M+}Hn`y&=2;iB|ao z8gqbzlK56Xe7MAQly--bz8iNKfJ)KzRrx_ZmcvKsc7h=w%leG9BdiqyZTOb zxl&UiAUyKQXn1tkAbGJYimy(kMpl|#qnw*BG z2+y56cGv)#uN$8aykiMsK$M8*hUs|)1-lhj>i7oLoT*l(MR&O1y}H4zI!03>j3=c0 zCZhlkN#rgRoWRkMff+6CPIPQjkd|5cLo@klx8n2E1HMM~e~x%1ZLMKLWa$f1HdRlq z4~y4AhBtTTZs!&;(Zd7ezHpr)^m=;NpX?ZS*r|1V&`H)7FHiLPI8R-8z0HY`HW66& zGj*NF8nJnnZ=a~nY^h9hp!gaq)pKKXW&zCLVjsrJe_p$ID6=ykrrS8t4>j8Qf ztUgN3^HZj8Ho%?X`nBNNqVm;S>I&d2X=IG%!2bsJfekUEsKKe@&jdireMmr?1w?Wx z+bg>y*>SB|RrFK588CL*{?d2UrG@#W<~qG~&Ws)!cVU6&^F`8szsF8Pyo&QmqcN(o z*KDnTAYvMg`xWX2kCRa+v8bjxJmZxW#Pz5#QUPMpMA`oJS&AF$TI7(c!ws{5pwvFX zvi?z4-EAETt1Ti0GC^5r+>>zoVK+P-7vz?{I>tAxIrDy}eOhC`pa$P_2g~yF1Aa`Y zu89kt+&8ka{_*4GW;j~$c|+22j+Gkj585!TiL9!PtcA&URS+5b#6P@0;`s+|;dOp# z`_w@Ya&r{Q;$-_lv92g7n;!6ILMh*jqkX+H?uu7-RW15hV5U$1gfmnP8o9n&*0MUqx=B^2JP?L!CBvzByiprAZ z`!63;jt>cm22U!lG4w|p()#BO$5-j}YrcVJe`_3|W$S0LpXT1C+U!-nwhz7nCJr>x z%=5|lF6vMH=sS_ybiNBj7g*O$eWzd8e#TqdFGylv7XmLkeHD zj0p8^8bpn#13)lz{6NFNmfj6Mn6=TPr%>s%ZlqNANQ#pbmt=m0`+}U6(pj`lb7rPu z^1!#7@A&E88yht{AZ$YO_f*?3WrqeP*(~v3*)TWYXO0<4YzMPYLRq`8I#Q6&F}5|0 z4fVo1AjhPc5LT(KSvQg>LM}}$T;yAgKxzm)P&GP7@X1#!_Gu`hkg37Bygi=Ib<+jY zWutYsJEmz-pWt^&^WeEaDr|>Px6m|L{_mrew_2lK$D%$j^L2s%(RYHyNWNaYZ z%q{{o(A@R=Y4T}svl6`Fia6mU&qIj?5g~yYM4}|+;D3dHlzbPYjaY=d(Q(u6dChsA ztGPR+cQZTG{QRCJgAIR(+G>!fWZS7%H5li(cbiOjQz>veJL^EHJR0w%o3 zmQljBt4MIA?)KA&O`A@752X6FU$ECsdexcAu@;Nk$B_g&Br8Q)D2e7UB6dMr?IcNX za!lk5MdP%{7+Z@Uu-rD$cQ&>J&nNOvVZZP&LZo|D8M_tUNv6WLgr^mb7EhR%nAqfd zaFTLnalq`852z=mu;A7}gE;b0FxGMdh)K$lx(pw6%T~?X^z`q$Q{H*u7CLzT>K#5S zpj8ld5yv8=lh_kc#JphNAdy!osO5055FkX{ME4pCMna7GX;GP9elZPT|L}RjdV##T z3S6b$!F*?-IM1fo3nSTanNc30cVpSakH^gH*ip)uMOk4t@w-c*S5HSp?U9XTepHP1 zK*0XcP|4))*|SG-;V3Ib5t83{CP_!r^T`JEvoDNJ+oofCkH-4SQYM1tG2fT{%xIHm$ePQ)oM8vS@u$;rIH?W`{+T} zOB@KT*mg-m5}DgRZc*0-K4fr9u8%5wAo@g)JIUrYms4;eic?S^*~2MSk?vJxEk9;ct#H294`h9!* z&Z|<^DXNau-@6~bdUb$K$kNW9x(Dco2fRlWPytNPHxa>=LS^odz(J@xY%ov)v%Q!?PC$%J7t+fl4xF5BIVnK3LdTL^wrd0 zi)8!&zL5I1(lGn_{*C2|hV(i{3||q!a!x<#pe>Oj0p(!R*FLz;*GH`E<92z0ojwc> zuAGvT`{C}I`>GL&2ETUyA_NF<$tpWka@QF6X~XVP$k}@Z}?lPrN+NDGn&=KQV0BUg|4@ zn8?Ji=Gs#$@a5zsTo-<*Ve|izRZ=K|*&@(6k1cjIW4T3S;qxJF?E6|X@}Iw(k(ep= zji(2i5QyXMalyCGyBUdd&>YsPD^8Tek-#)0ov3>G%9Xjyy1%0IZ79`>zGo z)Fwq}XkndCkiCl*BcX`G--SN%Z}(b!nA*(93iyc_X%5R#-49U*$|Dj3&@@F(RaNe1 zlvbP5$f%Jd=XCe9#5GI!4 zj&EaqY-2-hbzP~lv1jj|p?gJ2VB= z=d)}!juHzYcb^z`D<${3cO0L^s8o8cBwifIG1yK z5U9{kQuUe~FswA+z7c|{JfgHB(}kL-a{r$=RZAkoBiFk@dB9fztZAag3A*Gws+^PK zMsd$hNpkWrzSO(IPrYcQrPSz*41`jZP?_B3k2ly)IimriEQk~ri13l=C6t9Yqblh9 zl6zhUYtNgzJ@;@MXTM;}sPm6jJ4?2LoK>C}bVh7{uQBM}6*loTkHQGDaFDW9ayU4)0HW_ZsF>qF>BnGX#*cD}u8CK5|5y|CRk9I)k_%w%Kw*p)Rxv zR#n$Os%x+&XROl$iFB$+EX_O~x~%KolcD`J8TUnJ>IoFALP}>VUQqoQ(NYuStbP_0 zSJ_<;{%w#!{hEF8xoMRLLqmybbFtXfjKd42ccO1{ZJ{EV4#7e%L&yqt7tzz$IwRle zBxG=H*If>))rqi4Y6Ynd>r{ve=T(Z4a@mPubIMyUEe4^Atfs->@y{gmL zu+DO%@0g31)O9|?=?y4cqLxtv;81(hc`S^NWUJ5;Eg>Ym0yL-Dj!;NJPYK_I7aV9R z8lt6wHKDU+e>WE9)J?q2CT>+b2lWx^3E2P-(w`=+?unZsNzquV$ct23B*E`3J< zM{_jKDsvL#fM-)-pd6#}S1KY@H!dYg{N#n{slL0pQ%TBr{Txd4W=MD_`rJw1;u;@; zuuADWNfAn@F(D5u-xwa;$;mg9#t@E`1lceyT%d9;s29pQL|n1_LNXG$!xtemq?aW3 zMOi=ePyOiHABrp{rBF zXNmj8!b>Hp;CR_;4u60sNUsfST`!e?EWg;5W+H@h=7L~Q>FP&e5o_e!J<%621RAdD z_Jf6Q@deX;qdSZt&$^iGq6qcq(Sh^bjkkXmtax)F1c{U{0WX{2juaCT9U*7XRf19F zgdeT1dpAX@l9R_VTSl(XF)8w%T3*<%@DUw5yQ@9!L6i^MLF*<){{%1s)>-0{p0mnJb9UrWD^6jc{ z0w(5^;wuUFrLdi&n}qwkv1H+7qd11_XUUz)Sz#oicJe`8+>_Hf-S2}MynIwaPa>K( z`LBP+-uZU-fSXZfJMnt`Rv*} z--f(K*VTQSpW7>-^qy+zPtnBeZ$@dVa>-cZ$xaV+8nYlsq0XOgZH*x*5wugOX!LHV zO0>+SD>}7Q9P^SgVR1;2!Sw?ztFKIzB2i*Jumbrx^N^nk%8L73ft^L2g|39zz|X!n z5krB(5|7C-D)v&=Q&Zf;M)KLV?&esUCU00O3&aNsN};pW_wW@2c{nZd04}z^%g$Lc z0+V+Yq7JMlq%B_HX_Wwnvj%<;r_K4xZ)BNSo>W&}t1djCGkS`C;-98Vd|-8<1GzUz z3G%^bBBoSc3=Iv+c-|ev8l)Ak(H6-q_gTHt_7r*h1EjU&_+qotH2a5a|M-(+j^O5q zkEMNuVBxyr9lqCs8_GhYB#qm}IuS0iay~m1wdWN{lxvH{gPfNlI@h4teLQM>@YrI$ z4ZZTR0Lzybqo!M!%#{!KyjjeUbLcqg$Ct;CK#7vB`A;d z1xes-&QmKB)E2|D?p*RdrKxPKA@BR3Wj#KqB%kqGXIOLVlk}x2HDF_TI z1-aZm)<;gUVZk8WK_eN?mVrU(`Ijr#T0E*h-D+P*@FuJn`5R$Y5c=w@LLa}zQs0KD z4Kzg`D%1;6`{QELVCa}r@4}~x*!-fXw?NAa+nyEIT&ScPK6{k@AF`4tqQECQKjvlc zu)Ho@k-!VkJe&~Rg;-PsDoxH+Py`sct0dTI0;z`z42~S3>^q+fXN$5(-S?*E3ZOX1rCfX1yquG1a9(jWht^Xo6&n;hhP;sXH^-kzYq| zWnq7pMG0g9wPMMo^9!njkC?a<^Un6jDWkdJXoe=JSbtBYpHem|r_QGd<{)dzI|&NY zzyk;BGGdtt8Fy1y=!}ev$G!Ktw4J0P@KH$f93%Eq!c?Jm@L>X~oTx^**85>vUNZyJ zyr7^0Q!NDiCN6IDyH?F!vnVjIQ(zEw2aeBw7ljm(>4sV-S=P6Ia_RKFIRnp;r9$(9 zAH-GO37DeqRWwH0%#a$wZRBLRsgj?@SaKMi(>T}e>{$9{-PR%Ag&_E*N?#V@y@^@-0KKzSN2tBL>Po+b1KfRO-nsc-PV9$uduP9uvBJud*lVW ztpQ((^GAvz>s3C_Il2p-)OGu$tOUW)6pa6+x^|J-F=h1jWcctphrb4vG!Td{9is+- z)MYB_=QUI|HmItj8Ah$KH(BT11iMf`SeK=$pYKx|pn4$N2ZQVMLk^h>>l=@~YY$Cc z6i0&$ZK4vnow!pIR_vlf#RiL*HxKFYln@j`Bj5<=Gr_V=l(o@L`PA=p`#RN9fbK(&8yWR2Vhbm8w zNUy!QqBLQo{;MiVG=*`82frQfJxcanNLmyak5JHcRe{q}nF z$48sW7GR;8Ac)9-91+3MW5Pg^bozZjn=1`>)mZP_Xy1_DSYuCP2~Er+9ho$A)y?pE zQj(8%f0lB2s$xc8XjAb~fD_*a7agZ&C6k_tPP=-{_ROsh>z`C>n3;3y(D@YOK1+^t zFPK!i7rj;FbEt422qS0HR^oVNj*DmCCnVkV08E*`l&Nf<@dr$nE$!$I$e%fZ~E|d z`qp#px##>#pQS8|X6k&m_RAQgNzYqa%W~aY zHOJ6zo5yo{_jEViBd$$T`zTy)EKZ#>e{h1aosEg0>I(t2m7%Af{*=7%DY|Bq5@3I> z(DgiX=xDNeE;e>11A}?+WXD~qLTMM@e@`k+eHkP4;i2zs4gJ>F)wU0d%2>W;c#kzP zwl{Ovjf~jx-45N3TW^*FDPwF6w|w{xW1X_%z2~7V{xEiHy(==D&bbu^!4-rPj4-oE zRzAP{s`0nZdHS7(>Bsr(NIXo-ZHCA*0E8aWtA-EUns5lENJ{!-z?`#l2F~4dvufeb zEWuZCY3kjX1$)!;87sMqD?Q))o{G(9)jajC`K(_rze6u((0@jO>xe)r5Az_M?|L@k zvG?+;3%eOzGl}#yTIACZs%lQl{cTO2{^M@qr7F0q>hx^=W_8f~U&IhyuaVu_|5;c$ zv`5GARdyz4)7!gw+nnuxCuqc%W&u;`ee7u>dt;e3f+x+gA3X|XyJ@TZpxl#o@1~4s zqeu22Lqn#hB;}X;xK!SExOeVwspEkHk5v^9*JlQ8ZC&eS!IUf3Q5q(%TxmsKd+wY$ z(+vIS=*qrCxAYmm!?#O7a^L98L4HZno}Q=1?J_C&C#C_WsVD68vIwU4F0BM2_v7MG{$O^Dp`qd8$c)Zyw=h3N6#vqtv4lHI zKl|+0b2_wHjIFNx^}xHiULLzH*sguDuiYE5b`df)n3-)!Im}*>S)14j_JQ4K)$)}Q zf!CeaKC#X-u{6m$k(5LJB`qiCD0(hKS|ZY=qe{2-onL=#_m#z5yjUEaIkd+c@t12C zepku5b58EgM_(@dJ-c|$Lh?6r5orI(m)o|a43&8y7&Us{mUzZtfr!vfXBN;teZRkd z%Hzi;WF!i=l<^|SWR!aWdZR0#a^WQ~x z-uznu;Kt}7HSeu#c~ljgvikA5k(dGurkGwpzf7*7l{Z302XE%=$nqhOjE>#(!G&e{ zAGJL`G$NzIeCDm3HCOUV-|yV^{T>||K(mA;Zkt_R?R7Ku?fD1(;ABO9`H{RuOIIFC zDdu<)riPE0K`Y?M3_+f(jd8b`4A8>VAg@suF1D{_(c-6mnQ*AQ<7v!Ij4cb(w)JM| zAgrAZ(EEp<&$yeP)U<5>Pqmjt#&W8^hB7G&)n`tI+$i(mSYl9xOqe

8u6o%=Mzr z@F0taERA}*{QXiz)hg}c#acE-^zN@+ zS?$-2oqkoXk$^USt}>FwT0*(p-4>c}O;RKhq!~txhD@RWg{D zQLiH4j0Rg^ykvAgL%&bndh0Ej$Hb`8+qZ8=Ey~Nwi&!Cpr!VP$)p3ilZM!u=IhM{kxtkO!&FxN!CqJ zVoXlNe&^>_ruiF1hjb%4nA-JwUA|GY?6toiFw*a4GVRB#vpp?ebHn4 zIN2m*c7d@$g0V%_*shL^E6g&ZK3E!(_CD9vgoRr;GQVQ}{Q2stsyQ%FjGy_lrsf>H zC=-~DGJt8mogK15mG@HPZnmTRSklj9W*pxwV_YqQAG@BXQx2oWx)=~!;?*L0?xS^baoruP~pVUp&Y(28^ib z;K2)fI-ePK%hkBsZhj^`KdR+*#fpQ!j7V3li_BPFX!^g~%L`Z37O$u+4PEVX5%xx{o>U_`R4q}=gTpg7SnRd;qrml2Ouq!87L8*Tkqv{A|c@;a!CyO zp!Aat3v|^md#6uI6`Nr34R6TL)-pmY+crMJ%=^h%Fv>7|ERVM@jS>(e>|i zpWkbU?zv?Rx0jpAhveiqcyk1_hMa@T3TY-;22J(|s#M03qLCbfi)z&mTxtHXsT#HHJpQQI5u+)k{!eLK%Vu_43k z*7bmHoj%bo$aBxMkM@7(rptx~zwSMiDT6%&3al5^uD_OT=XyOwX&0qTUvW6`+sZtL zJomH$>lHpT4rez^sWlm?bH`fIEP((2@1nHDZy!(ZP1D}lOeLd;(X+1VR70_T<8;Yy zl{4+oit;?nHSOMUOR9<5kquRYdr2z#*`KNl`!=N_w3j}c&ihcjns9F#s0>6aPp|Q6 zL)vGLf2;2byR9)DTEEJbUwI~PQ!2a+#gvC+(r10Xq9IIzyN6K7e-IVVt0%*eM*r30 z%!Oj)XSrvb^R_AN6TVN(o~|8B(Tq(-2I{mtI$pV>(#6X#cKO?ZwR}8}1dfigE8OCJ z?MzL5JQp)kWMi@uGxb&RMulrq{yhKsyFR&B1vu9?YlGARQimwrn_ zPS#momi&`Kukmjk(%knH8&y`;);lk}1bjqhKnV9%{SN2%vq1|NWsmU_krx3pkxoi+ z$H=Pd`9aZ{;ecg|P#)2)3Cl^R!t`6!gTI)h_%>^$UyxFd!RQWxlyz&? z{K)TOFfp4n+zM8P0J`1H4R<6iigIY(G854r*^_nd*|Vn_8^i*#g+wG57ffR;5^fZI zxLIF)>bv5t3(Qw}txGH2AV3)Bu3m>12SonD97b50p#f8fm9oyR{s@@DZ}T=hlW}`> zbzL`?4eLx)ZtM@6!zWT%CK)OhGplOD9Oy7ICHJm z=}tni#rBn&q12geTMbKGQf9IAfs0LaX4H3sGrPrIPHFh|%!rYS_%|Yra{pIZ>+Sqx z-=gAk4RDgty3c1@n?&NS^*HCX`w%QFC>b-E?1`|-j0DnXe?EC~()!gaKqFjOpp`b3 zRKGXWvM9l1uA5_Q&~}^I*Nodgd6zdU>iAEftoQ?URMb!zl*u@WoHaHq96>JW{Bz#5 zXCUzz+Hzu%&*OVPIv)I`4uVfgvS-moF_7HN8!+moHWh@1RL zGnI4F&I49?jM+=JHEsV9@6WaQ;)S-is&VaSl%LsiYS7PlqGZ6ZSrCf40^t}pcf$|K!E{ajBMlah{TsUJAZ;XyIBRj zE3-LJP=TS0)eT9D!HD{l2e)yz$C0uO7^YiUSvRg<|BiJ$k$;=l#QH;@Y#%4#xmiH6 zu3PCH#rtb*uf;Q$ie?N1ojBS@_+Wy4qq4-POD~;8WktQ+V_cSeBJ}do1CD%G#l$M?+AqR09w} zLpO^pE8d)5JK)Th9e`L`+6+b? zaVBR1%4HQY1C19j$vmci$B9$vWnKQ@%3Gs1R7{476Ss;$fZ`Z(g+&0k05;Y)q?g~Qi;KB? z6(ck=eAapokEN~5Ecq2u&Y}W(mOjhNomfMj{8naW8gDV_XllDx(z7|-ng@+>vm58% zo!73NAs;E81{MeCAS#<*9;zy22(AbNg~)U5>~4~dD8GC0Rc9}zSPA9B{7b1-tjhaha#4Rwwhvha5oS(q3QVo!ClXTcxDysO&QtePj&UZ-WtE| z?)&=F8YYp>3-h|y|CdSch02E?el_XnXRRjb_w30W$xn7lP+%~6*sy*Il}pdYMfT={ zb@zIDcpPsUHTmiB2|L*+;v49rU+?|QEb28e2LRa&C4PTLqDktl#(+ek0z!74I=!JG zp8dtc!#&~Q4gJ!9a<+8f_RECee4pjWSuG@1XGtOApf z@LI}dQduhkgYI(dY5lr&M@mcAG7wZV3w^$DLUDEwdCtm&^f=#S)%GV87!j?lcXd71 zWUk=xMCya)^qc6QNBNuSGchY!zicwWq-jLXr}o12aM>~p0iVDXoO0`dlR z-8Ry~LPpQkx_=A@s)vSAef`ZB>YvtZIr_&9UD9k8R5?T01WUyss*!)=wr$F9r@|N zKnSTb-+A~g+U}N!fePM~s-n{jp%De{e?tVX(wcoYtEe2DAZGaliKTKiT zRdii-3;J?*|B0QEbpP z_<_eQcRS8FPVG3*%mTZ4Cl*(bc2z%qJXz#m-n=vZw+kkQ zT5c8)wJ|yNX7MQq=ON;XvvebIn^<-Z>dtxRKHiW41Jh5<`Q`J3Hk&U-nJrf){B&M3 zG!|sW#b6%7NZzN*!4-G@F#uk$yTBvsrxefbxKN&hVgd45sW7B4O`;BKVubjG2WDP5 z#3FhcX0bH`nvyo6yAtl5o%L$M37a8vx4ouPr05RPhR>=&FOe(8%APrM47n0=^v1F) z6+tbJCR^0~@g!tKBF`Q5({I_ua8)0&v#%7|3lrxkj;o~PG$%X+85LIMtcmGNqGLiI8T*cngf)U91F6Zh=rC){pr8~j z#Q@ym-AS4N+&pKEQ#pgiaa;s(+#SLzNs#kd@U=UMxF9x@hfK(O<+kH_ z$BnMhnR_5sp$sw$&Rnj~zZ{>Yeu!7(x5bhPD5xr4#L(@0yfRRXfQbm3#bX{I7hwu} z2>yTxx>beE4Vz{#Cta64EUiA#YF%!Rf6SVc#p-S8-g)`WDd?fFpUf^7D^9JL&Ct0x zxsvKwY5_xnsqddVcka1an@QNqgiQ!{yND#hwd~^G0S&ykx5~C%U%d$BrouLwQJWWP zKl(c7e!8{GbDQ2&v`ciTMz9rr<7iaXSh z^y$~GeM`=NsHLT3N+$H_?U(f4`K*=6*(uex7%PdLLfV1yOy^`CD^ws-2^Xp+N`$j< zKh&veVfXpwW!|`OQd5B7qn}=BtB1Yr-*sCPb0n;Jbfyfpo!pn18NxbWS$v|!LU_jn zV~O=5(yh6U&t!BY6lYFpH6xZ8W^12OnBs9~W%POiO>%f5=s+*(Xdk%Avf&2&Rg6w(iILM^~@0QR;&otzbh;G&B-4!AEo4PNJ_c{lyql>C!3 z`^&QtUk8oea7+t8nsBh*j`6$?>^vI_iGS*{#hyuUo=wtO zB&WXp$8LlRHrNfD#CZFYUHY!LdFiZgV?0M|cxbW=l2W3gB;U!h*1w@@N8=pMYC$*6 zqLb?o_|F;|-E1nzvNjxvVIw6__034#E;ilaxtQ-)m zl<}WD&h%by{`{S9TC2BmX@xC0LvZ3DlHjH{NX4p*=(uo?5tGc3I*I#%0G6o~kn-Tgg{nmv}J3QmZxw@82D!`)Jxy5;bIM;l80QtLuG;Z*jLEodKpXSt~!; z3Fk>ljBF;*i6I{;)eP?$+O0k7D4MfpPZtoRM246^$O%jfMnyJ|h==5xS-=fK7O(|l z9EVyRR(=pQ*ZSzEzyNFGZhyj7cv+~T#?H^(x2(^!8t#)_=Hjikk4x}0Oy1zMp&|a0 zKL6EH><7B^g)t2;=Hw!$*dJBaB4K2GcnvxMp=19=v_Qm&Iy49d2+rPg=un6Gc@O`$ z!CbGy){nptA2tPfK~U5GfXhX52E3sMR>zg(U$fXD$iB7 z|0`Jh%j=E${W2$f^^0TzZ4L7QAi_!mrZKAc4^qkxT+bu$>+^38%8K=v5xp`i6{|*s zKx7A<3zh*(Ogg#~XoHWHtg~UH8Ghm1EZ@bkM(&MYYCV5phriD5=TeqsG_-V+q-qTR%@o$esp}?6^mRSl}>4$qdVqO zbdkBPAI^Do)5fTSi@j{GIe&jd%Z>3KI^R-F7Ew0tpc()OQ z8j3$4l;gn#p9>96)=_kmYL9asrN=-Dr0?*~GW&Z+V)&}1-~#HxqZVDC0`eiCValh* z9KJicFuMBjqw3o8jFz{HkW~aWNOS>~$M%v<#wxD^c1W(B%CsB5{`$G339UkSV@Wg* z9xR?ezZxzZKMQAuNP*IExLThJqC~*CI&MwSjRtW7PhtOvlE}M~Xd&mfYWVU&{m(-) ziN_f|+I!Gl1{BX3law2mkJzpo$=h)uwt^HW2UuYI2Xe&^udjSEU+#-q4Y2$yI;Gh% ztr~TJ#YA>Cp-N`IREyt zZus__|4l75R)fs|y8Lg9(3!tbyoOxreRC+fNR!@H;D%JkE?2EP8I$=(Q`NaTc583K2TRWtvdyoluo9V z<09frS4LxuP!37?h)EmL9Ww?&htS^Iu%O{de#P4ze)paqaQL005x4Tre^!xnU^9*e zz{Ao)w!;f@kYZ1}3F9KdkkmN?AAy}fbl^Hx-7H}H2kK7WVo?h}P!o9y4F^gfO+q8S z9v!Lcnpcx%Sw91eW0^+LRrm*sObmu=CsGGm4e+0Q6;6Z@g9-x#95K&Y3F{$A#v$Fw zxMF^sPX=sTUFP-5?87P3m7#tvbZ ziM6=87zC1iSLU(mUD|HJafes#8rQWQ_%(lcNZQivneG~H3eJJVD%Q1G~b(%KUJ- zmte1wuX#YXaLZg<<3wW^S5k>QI3Iw<5q{zSk!X-B_@7V_sKMQC`e0+_KV?=gOufCN zo_-dG5mE>MA~K&Sx27urMn)8l0^2 zD_gq1xxv$O*_N9Xo}-ucd062P;L*{f?hMEnf*1KKDfv_iuwYN{WCSVVW`!3$a6r^0{C`M7H6k~j-ni1o(s`O!9ht`|Ze+@A4{}$(sO^{el zB4uuKR+!Dg#BAIQ>ESMSmbV^0Ot%B5fhr}j@0e{Z9zOwQ=;FA%BB{Nt6k z1_<_=+5bJ#^9ZACPGO;#Y8r_~6>h#G9`h zP&L8OcfTYlSRmy-%_5k>n_c9=34D*wJbgz)ito0YJNNXjzrFjzS2)V`fsO{=%pvC| zF-T-gNW?DeHf!4YI6Kijs(UmvaW{o2Vc&phHQW+NP@8hc8A!4l+V@1v_sYD8RucoV z^;l;O-j|XW%9E0n%6aMelw};BDX}IyhBo?L|HtsD&h*=xJ%;3OSf>dxVZE0TDT6lz z!a$qh$N~Q>A?b=J^du%`gxI#tVQq(rrzQ>LkMB3Mn4f4GE-YWoXt_Cc|`xNL$t@GLfp+7_a_khJR580YK55F%uZ zd>!}zmq}2Ekm9EY+;%secFU_Pq|Q{BF{(D2R2v)xH;A|sX+{0=%MnVSK!!24Cv|E{ zPA4Ol{*y^gF2yjB*aN6T;Ylv!&@_ZcxBDL7VYddLJym^YY|YOL9wZ=a)CtStaF|BH$8BQR9alE!ZAiuxdC#iinp6_J}e^ zW=Pg>Wi%C2@n+LFKPIMvh@RWmk_5;od>;Px4~{xX<<^8gC0ApN&r#Ed)F3;ILAQD5 zPb?_=#&1cUwcIm1tN9Sf-%J<(xG?p%CH052kQQEx9Fze4u!#6nnu`eYgq*P8_}r{> z>pu~{bpQU3ef#wj7h^U)|I2-OUwzzLYO%N-K?8tE^cqN_2IrGps9}h!q$|WWWAb1o z>U~s?vTH+UYX*&~+WeiP+Sut^EI)XKL?Nga%si(Aeb3?96!??x*Mg6dPsroIqY)EYULsgfodMHKQ#~T|| zjpxfVR1F2HNA?Xl_GO$`5`G+u%rehvQM#l^-RWXg@7=Szcibv<3F-N;H~bg&*yxMW zmJzhf4F6#1`7ED7zyGiO#ERPb)0vI+&fbncl{{R17zM&%Tn1O%Wn2re~bb zplP0jW~lH@G+zsB9Ei+2ZWUA`C1lhzQXcjwEdZ#9?z+Z*VL3pB^VfCX>o6PJ zdDHCSJ#NDOOVwy~wFmyjdHVj#m#_9P(gY*IIP6Ho-k-=fZvPQn0d5ozE3sNYz>FdO zyA!iL4uz+jdb{IRm;ebuDFLItsP$&aepvY0@4HuO)NVHo#d%iBUjGDyT~{hWV94i* zjYXJf4FP#4+Ecl2VLCd(W^=O=na%7^9)(pRXv^OEPZD>x9}}2Z(Bq#Te~9(vT#u%- zqCnL!MPLJ|8G<^HayciAA8{@>owhbWh$T1P?H-6 zP7tNBP$DMU+EVZbigd!Wr^^gCO=8Hx)Ma+gfBvci7b>qCw?}it?F1y_2k<f{1d#V9W$DWeWOWoXNOO^vWsb}ePg0sI5vL2)5uIno@ID+l025RecD8%It=a)p3`TT6iyK|z)hkT)QL2?7Z!2^u00b+|qV{%G&bX|z`W%Y2a~%Fpx7 zDk7e&-@{`NF}SO{kd0=+krb8!qmsP3&>MoPRyYPUl%s&HU%t1tYTSwYYYK@q%vFpv zG@Kutc{%^v%y-I;h`!~b`hA#TT4vrpnU;^)np8Q&e_Clir56q>5Ojq@u4KCe7$lg_=v<~7t1UD# zTbrc*qMK*mLitfqL3oCs2_c1}0)QL8_wJ!H1~TG9=Fanqu6u0i>82FJy;!Uf|1#G; zQ{A%R;Wy?kZ{?Z=Q^KnBe}iM}^o=?phxttR*sl-2`FuaH2<%6f9@eb}_$uPsc?Bo| z^Labh5qN+ELw;HYiw6QNxG{LWFo6iSDA6EsD2k{&R3HZto(Da6%X2>d-b+IXw$$m| zEi2Ai~J=i%Rn!mwa2A{k8o162Ry|*&hAY8P7z(7$KfcLPlX>uv) zF)s>VU-QvO_*l_e^}ec4|tBuB%pX(e))u#&2YSk|!XD1nHp+ zB*&0lkY1y&RSNO0Httg91;+g#Y@mPLiWb0@vz{fIGX4OHOp+H=iGqN&K?J9n z1%)egjAuBfUF=Wsg|q;|vu0%h9(=!44bal($Prm-RMx=GLE~djT4(t+8s904G1t8y zB)O_iAnCIu5h3g9>OvzxDP-ihI5xNnaxW?=+9Fc?;7!@|H3entt_6y9Up zEpj6YQzEHKB)Kwq2eAO)1H@3WldG!T6vi*cI$ca494E5I`UlZ)-Zv8B!(A@ljtLK8m8yD{C)C9*q{BEfl z*M8p7{=wgakzU+#4%lMuwbkolH`~hn8mi|cnDBP5;+b4PJHWNx+8b_v2tk^6^gk5 z^8!A33LW^O9R73i=CqR;w`o~bfGvFq*e-dEX8?hqDi*?Bg!(hj2k<7PoDxwcBqQB! z$WLG$(sr^Alz(zak^ARFqH&on22~#Oft%N z4t6S1J3YUWZyN9L=R~P1V8{YC-enC6B|=@m4t#f;1a0ORxIC6xdrbb*j<0E9yDqj$ zX?`?0s~bV2X?}%jP=HP&T8ZdF!$y$I+u@@B`TC@})~B5G{acf|0}06Y$}B zKJR}5kd-EjB}E=XwbJrhmX#j=Pf#yB!rLbDg97moGWM}chTV;J+oVhkSxDI=u}x$k zU7cNB10k%2b{<~v#Qf^z_?mRcHv&2w5LzgR*B_7s6$)&$pJn~alM}~^b&VWpiunx? zt^|3?1&Rjp#Brlv-qlcd35vR4UDgBn%lh_|`9h&87a4deRrZ$a587@{lUq+|CBnY* zcTW{$WT4nYYeT4m@LRC-ZcsK39Ma85@cTImU{5#?LXQY;SObhbw7jE|c@A#TuyS)6 z;ghnKu$%FG*BJG@r0-VvCZA!;4mJ;i)hw(S1T1lMrlq6fLMBZZ=sl#cFF&fS)=uPi zpNK?F;0`tv36pOC?45V)a^hphK1MZk>!Lg*7_UQCGxKb}?6QsKAiGe=yhgcF_)pqC&BNNq{*-g{mB{imcx_Ns_^BtxMzY%4@as(LLoR(i) ztE`_$T<9jrUF>P$jeUBb3>jxK&$DIm_YS!#ElZSBqsj2s3+#7d>-t7AOof0|$NN`g zE2J=i1Zj8(PAC~rjfhG}g^NfR*TfnM=>$JR@jzOV798Q0avtVaxF!rQaKF%aDhEIX=?+?);k1E&S`M;4i< z=E6=^4T0SCUo&JPVvS5CJ(|FXxl;ZHBO@eO@mUCkwfPMV$?)%=U( zVb6V|uNZb1Gji+jgjoI3B5(JR(?R)xr+KJaiC5-?XqwDNuwd6A(qi8;`yk?NwD?4E z1OJqT_iTYfU06jmoa-$h`Ta1vDL|uwX7JuvVS-`uPH2>1G*Hu_nq|XI6>-(JPlb&{ zm4y7$UZ3hP{fPaYmVHeVlw$5{L_bmjS@JgGwI z25G~?ZS&&WmSr7Tt}K)>SO&e|e<-0v7)ABK5=J-1)G#0p{S?gR(rrV16FmJb>v|-u zs$q}Nk#nP%*D^v^!5UJP$xJ8$rHZbWXfN9&E6ayeDgm!xJwhQmJmu8hFxZ!Vch1z-g#@oWP%H9Y+_$w zZP9_8z2i_+MK#(aF@kHLN@g*0jg|drd=HHDs^jwvqD=elL%k;gT&mQHDCFK5`62h$ zxIOfF6P{7Blnx=|kG1Q@_C`h|)#Lj0bMcYQXo9M!Dwk-V12#FIep{gBtihB7t2bVb z|J7Gp(KF!wQV`B{V?`=dRvmb^_KBjFrk+60ei2fVRd((EumFomk$a@{UAR7uX0{^C z`c&ZIF;{Zdsmn&Of5Z5vBC*#-8H0*x_4ZrT9RQ<)t1g2ng2NilS4y4+FQM;PF6T%;Cg0#w7bpuEi25~hez%pKO8EO60jKJSau`^n!@VsfJ( z?J3IOKf#)0T!L*Nf|p)y-7>arOmXhu?Y_gc_2x8yEtcE7CuNY$3dH8w*5`|8sRtX4 zWd-%Q&Ao-L8rJ?`4l;4pD+#RsRBk)KgG#=TUZ?jN=C9>FZBF+2)$AA(4f9m2LH`f- zF-_dnif5!N2I9|XHO=>Uxy=VcuZfI@77-z)mRF+VDp%@ra1+|ywPAH0Z=d$0wU3Cn z!0VvM>{i1uA!ntJ1yf$T_RoO$oL(C#ct#{;w>zh|HDbzVVQ*Ymc}vor_ltiqp@Cp2 zA`h8hpwIy{q6J{hz&$Hf>Y!k0P-`OzSWwe4Np^bdL#;iuzSB*}dAg3VZn)poaHMhx7A|yL zwcJq2dabN)Z|`gSrZMgq4rZT$D3CiS`eF3YbYlV^0@qValS?4)0c-Dow2K-HLAZa) z#sIyzD{T(wd1PcWqAB%)#{n`d+XJ={#S5#Hc1U~{03iwW^KmOUf7j6>`9rypRkw}a ze{Hm?D#m;BDe2zqAL(oc$U&IT}jwBsS2dF!il#WU!uig zh7s6U=ieCI@Mu`Wr-rqeDVHHqXh)gBJ$q-2>%T0)Ajxf{7(^Xp8Q6l4giAU!E$-cQ zXgCp|F{=6b7scCAC7_~2f0dB84}gf$gXKwdh<*5ztK!lp;1tLRo8-XkFzOx{8jv-R zsXW|++a@&Ec-O8pV~O@p`3m!6}9mFoGu@ z*tT5b-Li$raTaD@M|Ri5eds*Ip5<@wfTn60qwZ6m3Q;PQIU_+I?81@3#A##w!FXk? zeQjT;K6#Mv%Y_Lt(GJ_XIs^^T{G89LazwDW-)9;DiKJaCaH2sK<;pb-t;~X+nzVPzu)r)1CJyKCxX{X**|} zTk+BzPF|7o1JKPb)Bj++8jy(<3DWWe2dXgT?Q*M_?{->wx2sd!0x@TsE`AgZPdpnw zmpfUm(U|AfngD#74NR$+=QdMCDb7RYQRJ7ExOe8G~I77a~ zlX@!JR~6bw+lg<wUY2vsL6 z?t#R|HB$`?%{Em&i7wi3jeJGd$ifV;^`*`$FE4MKS2G}+>n&T2YsD%?_V~@{y0q7a zVqd-Q&i9hWs*^67CP_j=IXj@AbXRl`WNUhvDj9a?OQ~{G9 zflEC?;VyW9RxqBwZEEzh%-WCfKS{qguGf1OzxTFO+fEfSvU2k$54M#$-%0MJNWHj` zdgE|;)wMUCd9QIMb*#Rbxg7`{-%9*JD*(ioT_mmxLd^g4(=in>4~Rw)#YR0Je|zKH zwm)C6U6x+PDK9`%(lw9*MGvNA0xs~@xpNiKl<66T3+hk0D$)H8U0#>w#d!YwX~e3(uirwPC! zP*w_I;75u$OSdwYk{Nns_eV5jo-1DcR%VBNVc#V?@4(pC@+~|J6j}CrJn#Fi$-fH3 zSaany#lovQP9v&xtRdkW2n2#?-{-Q+(ZarL_wkHNC-&3UM3@xY+vQpe{Vp}i2N?sK zU4{@SY+Y)eo)xzp(aFga#o94w>$?5X&*O@c8q|1qkoRl9-tdF`Pj}H?7p;OcL-L1~ z2xyFLtCD8(v1)u^s^i12%W{V;f4*w_Aqac968e6YeNrk5Hs3Zo{4`tpvst+#>ehj$ z6qHdix>c@nI}=@VK03{^Ij11UVYCA|F!Yz?|?mJ5WT|PxYFg zHrC4Msc2u-=b~YUEgf2I73OyAQ56bD+dy|l=P>VF`IAqFloga(m)DmLI$7&c^YQp8 zurDBNw95R=$^dYq`)~>w4BlWE4iO(^WX# zcY2(V^mwg^p9ln09#7Yau9g8umH7povasvS&F91o>sedsq+^hem%(fer&n*!D<5yt zIG^hC0ry>nl8AUHwoG6%5v%+80TSU8b*TUO$#L1~@6?1QE$mKGCmjH0gFQ$L!i#O4 zKqKJUP4;3+_4>TzW2Hu`ZLG~L#I9eEz?>XE0Ud)fD6J5>A>s;}PpLt{ zLFWe&tx8_Rg*8`9ubF|PP)ImN2BO!6qxkxIAT0~;hVP7%L#qkFw4 z{iTkGzk`DY!3<6yHqb;0FoD67HCA z#Ona;Qho~l`P%)^__7%ZInJIQYxazP1WgogCLlgsW|Ho`n>zeO;{)auhHOqV`{u{~XrzeIkhb&cIf*lL@BXD~zqdu?aArd_+qpPfcj&_&aQ=0ye|E@Tmv$z8mY9v%xfr^W1u z=L@J~y%HC=pCKJHPlje)&~3(fz_|DmS+YjE+qaRcdm3~&@LVPIS8Dy!brrL9Tq9Yo z+~Ajx!@R=^;4{WeLoQxC4#qRmH`%gyU}W4q>@-$pqhSH;lo?E3R$4IC@!x2i*y)k5Y$*ok6P`2E&$XX@kL005kz`pr3e0e&JFY z*G()^WQ@uJxCm;IpiNhlTv(*2o#*SQ{+0FKSo>xb;N8gL0_M%8V@DaoWrQ-|CACmQ% z;X$7zUXtgio7Sp{|9KA}iCWnuX4>l*TA_NyjuJp_?~&W~%=r9U-`$+b-@ z)?J)Tai`K=%Ss9kJ_!j1O(O&YqgXP$OSt*h<3B@=EezIx5s*>2W#6S5>}hZUb$IKZ z3U3hRcymQiX4xEUn&0j+VE7|@R&lbKcRtwjnu3p6#TX$TYiHWATd zODuDWy_qz_7eS?6$>0VP?SvL$q87BroNiv2S84rl;GV`=B_Vqw87Me^_mW?-f8STl z0Vx|WEP=mu=QI&hd zBs`gutt9S}$SuTb02bk^AIh^TDe!{a6nbHT&s zBKlx2@m+Ewa~m5Joa0e5u-+d_WThsyu_mbTM>JsODp4Wjl}-7D1~oDu!vJI+Ss!c1 z@IX$@r(_a>qF_K`j$-3l*0a7ow=wc%AO`Pa!7lfx$2Uck8NiFOAfoGwY%0Xq8Y!;p zX}78!Znp()5WNCVMd3)(woonM(dbuh+N&RK^7rd-dfqMb2NmZ2h6fv@4vxwAi&I9- zxRtFA`5Zre@?qLZ_YpZ02}cYXz7#O3iYGCPg7+2uI-{i~L8fhg=-vJd}L*5t@5r7Myg&vF zmBdQwfuPii>f!{nKw>k^}% zjEb)IkdQ9af(sKUI4r1a#+n8^WW-nLgO#1zFprZnwkg*Y`Bq3F6{Q${|G877*{e6^ z)sLMGCl@|HT;UdPSyE@@p}7A{vE#PVb;rKbe?&eq10fX9lB`Q5jfQ)vZG5(N><`JC z{wPgpA8Y?`qs_7rRgNRB))017qGEVK*8RK^ONc@x{peU&_Hf6_b*ZczCaU(41X?4=_DYcE^8%X~n-CzNz*Xg*L&<21jde_0+MuHs`9lro3NtESm6GSaR z)<{2sKRqJ`4}>_SD_sDiPJ;AoU%I%hokr1}s?i>~UN*5-a9bul8|QnZ`r2pKbw4^T zugIq{RB9PtcpKHoldxhq{0jiC3VbAA))qQS5EOG305M%6ZHUZ*OMK^r5H-Z&h17(h z8|Ft&^_OflqTf_KG^;A@9#A;kq(j~gtB72UuW|*bf3W^9t`H@+=!7T?*~N51gnnwt zOsi1KrQtR`1`+*8(Bg22>m`|*_(-^97K1tj{tA^Qu=KI?QNw$jksUImt7w}=VT1Z| zVZgNg+(s@iQ^7PxO z3Az1$&RYCLMCH8S4T}Q4zgy{hnfV3qo6Eo&GHfK>zv!|4Ew)oaa56|P*$TRW({Kih zt6Mn3wIXg6MSrheI28c{2wp)mE)c(M-gZc{F5l~`o9R2N-$MI-!IsEJNEInp>vG@4 zDOZ);wWWt=rWu^vdBwh)&(3F>Vlk@t^;yCBJ(alt48F-CNT|Wkz8ogs+`?iiY77t- zdN0BW>V-7&Gz&`XTU?-6m9Gk_NfajROtKfvG98SHco5S9^hn5zq^6)Byy%u~`zH08 zYTxDN_|Bj8+C;~u3@|2WUphcu2%_nE_7}RJv)umM9}dTUNH)9H^_$h(kD!)e9T3ok zu#%1ulPHVIh- zj`mMOvaCWgOgzJKv(+>_ON+AA3|;GhJNDLoGa9V!a{M10z;Xu$VNFX%!PJ_ zPw3fw59WjP#A@>-WHl;Q*{Im#qS8cXFPxQE;>XISd|^WL9#$PG72AKtsSzAAV2j#wavK6rlKzrvMaT8K@-k19=G8O>)b3|^5T z*g)IM!(L6XuYIh|Xh+Q;rc`Qv)B9?E(uHd)(q~KLFG+sAdVOIIeB7(WG*eWiXd3~7 zn70v#Mo~+sXyP(8JBN3jUVEu}>8-(b25_xBP+|_=qY&>|x_dxomE$Puc75GwJJ-G2 zuca5R7dnqL#%7i31c3>?plb3%f;Au&t;NFQK|$~O$93=@b7gX_SZX4{z+V4Xpist7 zRB&1s^EK+V>n9g{ANI-Qlw2>BDxWr&2qmj-gvcaB8Q%OB6nl7uY zwvV2IeM_d=`1rb@>cvkSItEwo!2^|Qh-4>)8&DN2=u4GA6JR0xOT`XAq%BA>Mwvb$;r<^Xg z&9&6s)ZEtgOF^rYx+37l^krL8$LOgHB~=7lz&tR4yEvySxozQ5c$8IN7&8j1RGn`9 z+9{DX;2n05jGkPHt`FddtX%0ZxUQgRkUvV=PY7JM@+oeo(8|PWGbtKW(aF#`uS^6+ zAalrq;oe!-$cRACxQL`Qd10)?h~b`Yz3oiP?o$9YHT|jynQzLm6DG zC=)~2j0W{R>Z2O;eF_4Uvse@Z^RBMz|3TP>Sy5WQJC!fQGiD}ZI!F}PTplbH%{0Tuq`wwFUj1ZA4}+i#z-5w2faAdY0@aiY$^p>T z5aV+zg>Z1Td%cWj2!8wO4>a3*w48=UM}*om3zDxXqj7`c1yed!V5OQ+bHK2=lSEne zo~)N@XBG=rWmx;QBR#anYI`reU^6y4$>^?1Lc*vL*qKlzL#%Cj&3kg=!we7vi3 zl66WqW0&lxS1;6SA6J$32vB^ga%6Y?YtUWRYW90=4#wM^JbsnzDIErvhAvNR5it0n zJ);a4xLV3ui3u=hN={|P(D$?p_J!?S;#@nHQ}5pT@nnLJA+t|X6tOL2)C(s=QMogY zMFmU-A?-^V=V%fsa01}~siSrwTlO2HVWL>06YC$He4~rqE$@_H&hNQp8o4y)awb*; zE_VvG{g0-usxfw$t1;QXBE#6-p)N7Yp?k2k?&l42Cnq!%R_c1!kG$eFytXQ|cvnV6 zg|$cJ!x`~!vJGKMGtoStvy%4Rq{zEJ&-t~WQ^HX$O0pCy5+=iyW8wX$qDiO06V)H~ zoT7FuR+zS))!Vdx$$+;mos8D7vC*#zVV7gPOzM(x2V#<3MFJ8O9^?)SW3Z7UgRo)^ z67xKxqNSm8etm7Y!^rTIYbEQ8_N3&Nj;UK8^}I*<_7u;X`o+G_8_z@q29(;l-j8ye zu_)-z@Z~0oTCeKx>j8(iz0eMPn%VX+4N}7P_=@wF+U-3 zw@Hw0r1|-N0tDHoiRo3&?AU~Srd{Y6>zi~wBl(9>rI*U~G}ik170$?Z%^m~OY-+yT zxhK#@Xlbse&DQG=Lh9`gY{(h#O{TNwp3vG$c88ZYo|%wirV*d5R$o0MP_fb^J-W2W zIzFwkPxc*>~ZgX0=YrI9?D>sJ9l{K(`Cy%voA^OM{buT%KVqC)6umF`YBMx(#Gpqip!eoZ+LXuWNk z|Iwos6uxXS0f$gl^EO&-y>5TUrpp8UsA84oI$)k0njwaNjSVhJ?GV98+B2Gc8ax@n zCaj4~2;+w0ON7o&3Ao;Es2cO1FY~ppJeZ-zOyRIb$GXp6{rZEsAVw8sO&!!F%hx(6 zi~zDj@=Een=C~>QA}*ak`pUvXm{X;(M1aFG^;NgJqdrd_I+f)%&-Y~6)0MuH^H+kl zqmMyAAU6x3Ry=D|BS#z_@GHP9A|6C`O^PiTd77LBeejB!8G1Crmx6g4q%Ax^e1wI!d0Tfz*Wf?|>77)0BstySNC<*AMRP0T+0sogl z2X2bMgO0S!M_WmMz5c3Sd{(l2k}5?vnfbi<`lc(SZj*#|2Y`QRdZ{%D9(25ni@_?; z^s4kkl%YKM6n0V!H+7Xtql|@1ZnLzIj#-;&L-%H|ek8ns^n#PfJO*}Mpi)f)El;J? zsHcG@h@As_nw%}7$WQxN=DgRc`HfR=&NVTfJ(>ormNU#fXWXlZPfSnU=%11L3J}1H zajDK`7)I#@^RJ=}rfmlS+saSY|4X zyvQdQ#QH<=G2E{ohR*2N)RMHWi{&wZaSSlzUkk2cneEGBb~l;d3`T`YJz9_~^>0;tLy?b$nm9H?eaFn`)|YU}l5be)vlDp5E|sJ~_D z1h^O#DWfuBQ7NqW3dd=&2nhnTZ_?gTs`36{MUcX^e0#H{wQpO_Fn!}6*F8-Jx`wX{ z;!5VVJ_zbvTu)q63c5tbL|iSW#Otmjs9tUdt{~P+IDP&-}b`rwZ<6@ zo^KH}M)#5$Dc7|&AgZCpQY^_q8`*C>RJ!g1HzzJt%WCxg5dQ<_t$mYkwLCpzPL_Vc zdSj#xJ^gPLl%XqBUK8{vy zYss9})AB4v@73Ly^!fhcT3{0yvWBiCMb@v5;*dO5{qlOq55z>rNN01VrBw_-{?6o~h)&4Y8uK2%SRhzCT zk5zB>;PJoDDV6WsboNuD9w~`+v)4yc5QyBK_|3MoS6HH+xASifFMxgN>A*C`hWJmxO1kv5PvDS?VEp$6H6uef~zy1<0%9lSk9)A55y!KhnSmmwU-hqd;QPinCVB~r50oMyPyF5~%LvF4B!i-^|l6D;i7wVZJ5!`9Cf`Ien0 zRk~??-MPb@Yk`AP%6@n7V^y)-Or7s1=D%^b$*=nGsD??qE z4Bgth=|&n}jn7|6Sk(!>RBy#M@fxp9XGv*|M(}O zK@JLT)@+!@gr{B~s_!&uH+9%dch9Cbx=AB#<@-;oQp|KFSd`U2%99%qu|V|`|M65! zUkHk}H}z1}Dr>L0k9rWdJK=cpI|JXDuq3)etkIX9jeGbsy~|A+K4J4L0!`zCR!;tM z#Kr(!*P;W3N8a?juYNs7|7=F#m*rRcdc~c}yKcVh#Q|tJo%iPbV%saMX`wCVFb8>a z_Q8j9%T@(@Z~5@{y0IZ{J(oV81vsfZMGKU2!=6{4`mY~9xVyx0^_QJ*DqLm^=rrT( zY^Q5^qyN;Og<$IDiZs_VYVBqJJ;;3jU{v4I@78smWH;Nn|jy z>!6bql2Wx|&8P_$oet^c`erLH<(U6+DGgtyoSJukerME#j!D~2;2R20tdS< zEes}hSH0et^UH?!wf@w$)Y3ovYM@2Kv3^|3Z)6{onEkf}@F;m?)32FeRMXPEgH_Ty zAMIFL^|{eU>Id{Re0nvOthkZZbXiPV=7*mNdu|ccN_KbtiL`uv-PucWS|M5>up}T5@{Q3St*UgW%_ULr*y)8?$1{8${_D-_*TlHC5{=c8V zZi;s{cd+*_y_O5sJnv>$NjWUzi;nJsr_s%%66#d*Q~1Z(UfDKn?0!bOWOa- zFSM_JUwKr8iNTh%Vc%7M_q)B(*xh|C`V6o((9W#u)%ep2gV8VVl~%)!9s~MX2YUDf zc}>FL|L4VX9BobH8BH`^PuYL@Et@hlRIlc-T{oMU;Ni`^GOf;Nw<~C+W2STcp#6xr ziKnY?uW0(Aptg21?v&{}CEr=B*fZr(lE(UpU#=KfHbp(Z$BX^)m#2UI(~{5+HS3Q| zFYmv*@3y7qG3V3z^0WbGmi0|*@uJd?Xyf;LO~Ip(IsbUSUp}#YcE^LRZ=KNe z@qP6E!MMYhy%%qEz0+xC(?%%?*B<_)YJGCm$lLaFvc5e%WBOQwrvG~R41fE9O{Xns zDZflKy4>;8T~p>vpPn_{uONBboFuzlQ=4L=eQ)nV-vPa>12>y&82YPz!zIff{`Q&v z^2M0!O~=aHu6SFswDs;bQwM&qYs#Y+^-Reb?F@t73Hu7eE3?iOHbf`hF10-OW#`Q7 zt7~4H5Bke9zW8+0mA585Em*f;V%CQP+N-|!!1^b9k6+gtQ;+vNXcD2fTHPsg{oEHn z@K66fm@$d18$QJ6k%QmS=_6K_+BSW6Nw{vt_}&TL*R*4UPLorEmz}p!#hW+?f-{t_3tOo>Dqa(X~$0c_uBPJ z*gm`K$(Pq}fKJAwZUf_%rMa8_FE?3v!Mgo!`&Q>p2L`+lh(56X^J?LV;LIfD!L0xO zrGNiXO!l|j&5j+8E$%vD_``#VuiVRBrkz}VTc4U3c>1-mguj0tIyfD+`R%;7H9gy& zY5JZRU-RJutfOw3>Atv9Z~9@?*KK;f+%lWGtr<)EC49*DFJ7n3 z*g*FeAOGWT^z5ryzrUl=|8lKgJkNt7*40Pe$!6}O{%?M4)0Gy=F!kbT{_DS+22Xyy zsrqj}@nE+q-2S)kd-?xYm;Ga4effPaKL}L&|8L>t#dyO9|Nkz$;ljN7<^M+(Qbc;M zgs^pQZz{NGKl5ST{}gbPS7B2DeNoWRjP;Mh1NBo56gX6_IuX>&Z^sxn0U}&?<-Ygo z#ro%u^@q}qStpz6*4}m2m{Q&)CRk@_O~O%SGxg6u`Qm>!ot0P9yVLHyCq9oVMuch3 zW9-p?DO{8#&dwOucRD3TTD_gKAvkk7AWd1Ky?*+-v2#1NII`%)bNu&zOOgOuLLMpK zaAEknTf|=*@RSDt5a>@-ampmqUHwzYh-(rO2V~SopKW;}%)Y00*(9~?@I_+30|SmS zYK6`}SMRUCmQAY&qd|x4du1tHfZJ6-yPQIsTWqPXo_+4JgZ`IK8@uh?(5qnFl__-w zH^S_F4=*>|-IuoYJo~P+YeNlQG_bG#uD|`PYG#YmrHiK@sTy=9 zG09AqJ5?PO1U8N;4D}@bfr8!OBgT2Sob=M}v#I+F*B%}m+WUkicoe_UXZnC1o(UV| zcW?Q`aZAaFk^wt43i2a|t9uGIjK_?Xo={Od8TL?+3LXi|xpA3R12Wb-_{&R*8N8;{ z=gxuusT^ola$-!RiA|_|zbOB_(LTv$dY}AJ8`XZ#*uDKSa9KPpC(cYeZS}30o|CTL zl?4gs_Y@wcg|F3a*JZode4?LF**Ol$RWR$)q;xeOA+8#T{4&;qpqQy-QR;>mOn6tc8b0Ddpd*- zDt+Q<_r5c(+n|xymdHUPsL59nqO-rW}%OS_#$*!Dld13jh&yC|>StU5&%cduf11O%z5PDf4=mCnZu$LPxZ+NjAV_wkZoH(?lMQ;PCY(Y$N8Rvni`h6Z{|TH6Uv*}Y&;}I2QHQ^yn5JwsV^426gRjE`AkiwSgUuj4F6iyv$Ey`*AK0#E)1L zBS?DTO2s)knBe9(6!aFKjGBr<5!U}vF}7G~?qJ{YYM|xvpDClX)x=wzkSs(oJ_ei! z$<2<>D_#6`)}8_wBgE~;jpVsR{K8S9K{KFec$ZE^UtHt>BNen}U-r*Eorzn1+4pT! zXtk%pH@7a|P%CF=aks`Lzbnb9-bW69^JDjz!-tCtZ?(H|LNg6Ai%2O;Q0xwoXGwtZ zOyKVgpN#UJ?q{x((ss)yeg!HLjv#;vElc}Ko5XLIa$p8(%v0L!4kbQjd__z=k-KrJ zhYlUe1aWfF`73jsn~g_n$ZBFT7v%!80h9sBW{5K{Bg9AWM5uZ?Gi|d_IvXc^f6`FY`I}Blllo*0^1?>S!19(6b zv=S4dl_`0X*Fb|DUAHCLJv`*sk|Twv=VWVK>>&7=I;C(RqVXOp$EL5)*;ibxxm7#!y~dKnAq3K}G+yIt(o=tLAJ!1dguSBSB|V##850ZU?QpXm&%ckW9>$c@XBL=F_wX=Oy#N@@V4;F^&wI~nW zU3`tpBwGVlC8-%Gs92py`wgmp@1#6HL#!(a`Nq$Di?cSyoTzHqlib_uJ?jYPu}8Dq z$D>$MSzngl6imq*(KU&#OT z*L7oA4{6L(qi-c1jyyV(fGI>NT;x|jtoTfEbH#oo6yB_^SyIS*Q(2!f<-l7K;T)-( z`-^6h2Bp?MrA#K7rVlvne$Tu64xgJzcWisrRv|1vYs%_$DY^cR7=NKr>)ok`m&dqV zv;6QS9b4$-SZ}$X-+<4~oIxv3rq%da?&KE1K9xpqZM`L?!RctV;*$hhjxu<5Z;<*w zf>0%^wf%#v9IdD_8y7KEi;pwUst@_zm8aWc0-D>XmmnRrD ze2JkbH7O+MOT!F4w!3(@c;QC7=mH1y;UcTy!NBRf^QtAUS4Sxhi|X-iMS{u=`@268er8R1=T>bpldKxu zY<^a_yJ=tAb+;e0 zb%UnTyO2yaSEske=FyW`IyP*A&-=?!fz%yZUe>?jEy@(sy$<23igmHs zbn^!L7~5WShNu8>bccw!k9 zoV1UW2x(5m@a*e(a&g|>cH=jVAss)vb|iDafP1~SKkS!bWSkK)+#<9Ox2B|KSEIVd zqohOaz3LbPvqQsnqfa(H3wgc zh)3A3Ja+Kog0rhp!&sd{+QUe^p_8{4YU^%A6edU zadD)=FUPIXMTB~y!;ryLexa6EQN<^r?%w2nO#kv+ z)H^&J{H|QRYBOHlc^)A4jzw zJaBW$_hr_r;)_+0W7PaQh5bt^;_ohJOrf<3p0~F+=lfurcJol>0g;w@X_Vf)?YpZh zb`9+G2-^h)ek!+~&g=TlUiaBh;hyi5{Q2{+bdVtW9n_wzEbb~F*Iq3M`$^X~nU#o8 z9#_0&hF<7-HXRYPyBL3w`e8A7~vdM+$7PH5litnWe>AD*uzo;8`eLarJBi? z0aiJ~=IF*8nYCox$J%JDS7N3djjS9+ETn#|d9bxZd7eh&*AjCpGFSOOwP~!hSx@jK zE3o=q%92Nku27Q7tXYJ1D2|!M+Yw0KG4CXOwHz@ zy>1E`i>Ttkt>5nHywNx#D%4@7bN9TU-nr`A3mlZdP|U6DZ~c;;(crj5gbj@{@!A#S z?wznQv3zvt$|x(R_yXI^yd+D5HM#mXb@T(`it3CLgRc&8&(?`58kW65-gL=`q|wU= z0D8V3xBHCyNyv~X77@GwC-k>KGb*}V@xh}GW_lS5MFvHvi^dr&huZd6wod3AcfBk|xXzMl|TMgau&nt_4AEoSa z&ka?ZYrH2o-oMi-*Qg;SojUyJQ$4I9qUuPMU0z~|i>F%;cl=1JO*iB|N(tJXm~L%b zueIoTT2$dC`Rq?vILx1sCN_|9W(k z>7%lli+|3~>#EVo{}Gk#(T&dCXH+G&@W^{q7HM_#QBdz_H(PJ@Ri(E11qlHuD?Jx2 zK2znK>}>Ko&MkksWc)cqEAf$ClEU57)9^icOMVBt&r)p_xu|#(A{=HkJKU~dFO>%x zcGo`-_&<@;l?|#MG?zvM?Xa<0Y+R5bFqh_Ttw^nv{SQoKnncE!1P2j&cJ_o!1Cs;9 zXV|o{X1<6rIeFKh_)=--zh26}{ain4cN_iFaUagokD;f%q3!(R$Li(79}V}5t8G_S z6Td8CU_)J1UXpd`)fo`5Xlk*@HE;6+zmTGbkCxiLt z<_rQWP3{`M(>=rQL~)qeM^j~lY~hTIAk&N;8m{MN8P?BXjqmR-&{JVhbUI!K_)45! z-uG`W;9tL}E#O#YY4^kC7M&-7cd=pHeU`k;_72K+BKe#_BfAZEHFoeDm|zRYC|cUH zhV@h3$N}p)h>+k*b1512icN01r)zmXaeimUbpNwZ2a^GP`4R9Jsu%tSST77G2Z-2- zlgE^Yk5z`5DM{~997y%Q)mQgto@_+StTgN+_BaUZ&Us7 z+EZOUyLTG%?v@ApR_>azq?=blnLhiN2YHGZAZ`Hvt;33paZ$KDDqJ<7lZ}pID0vg$ z+eLA;s6pp@!&?#0^Y$JsUg%%ts#~}sJ$3r5*l#Z;75c6mp7_&M>m)sw-!5LbSGh+c z1Hb_XzOhF^Q+pQSbs(pJG}L57%dmY^u~@Vdfk5G!f)EAAM>pf~oxaSFE>U^B7KNxv z$O^KB`c;O_hDB9<3N*N%VIT99Nix)1QJ67zNY|o>-U(ka|6Qh+trwM&hnN4-Yt?`jOs^t(W)ecYJ5WEXwaee4pZ{4{UgGQ^ zrF59_c9iPkYJ;P&-Gry~c;e;}-B1w}q^}uyb?Ee@4I_F$w50?riq6fz;^mw7OZ9$p zFOd^tw7i0AZ&}q^=~K6IYVgw{=_kCvAwT`~(XdOx+bz zYNdC;?R}qOPDBVy3VVu@@FcG1T$NP{x^)8k80 z+LE=TZ{=8CP%X~{&u86e|8A~$R%(6A?(y2pTLl)Lc6Kw<;+&kJHx-MpV@R;nuOd@C z8@?w{bVn;Q$F8NNcR+Z+Nx>S$D8LP8sx*zp zswv#2`aiv*e^oiYV);z|j#RHWm9ZsfVt$V%*?V#qjWSiM|LO*M^<$G+`F2P8HFYw1 zVohD`=|1XFZJeQ6=C>1*AN>6D;^bxn)cqWe(&FQXEN6aDyrTEkPw{n6!PtQ1?$GV6 zC*6jBW4G*h&WEkV#VaVfVWGH?fo8xONtruopT`#k;1AX|e)OTm)X5@fCj2HCMvAEI#!*py2n zo<_OF98iKyOrdmb?`Sw51CwJ6HoJ6Yo#Xwo!^U;jw}21gTY`VY%(Im}Qok83$MOZ5 zMvM0eaHd!N)S#A;yB=kH4g##U-E;A0>y0z;BwlnyD2kG??oF7?<>i`6qPC$pzpmk* z$gv2=q*dc~{2ij*;8#sP8A2UZh5@0Pekb{02PntSOpB_x`U@Nrs9XV|d?pl|TSTo!uI)#^(4 zp2`eLR3(U@L_}D+QZLcE)#cnPezpu5u`HN7DKGzZ^5z+JSMIOL{^@+1X0rx#>UnhJ zarLsSrD}{NOXEyTsB|EVk{p0JI7#N}pT{m&cPu5__wbO^gDn!pFjfV!hJOG3=QWm{ z{!k~>PFG^Qb0&1uZ2k6_y}I41@5WuUtgN5AQ^VKHp9Y0RMA1i`k^S}MHcNc-5-#kh zb_Fg6@`U#wDaa^O2fgDTm1UI%@#?=09I z(48cxJfX(=o2t6H-vZCJS)P#Vo`1trDGcFiZ1A1gvRcaTyfn-$~?G|T4F zQ8-vg&7@%M>OVpUIMv+s_kRqYXDY`zRJVJ4|2fG`bgHWa9R#q&pW=j)H^% z6A~Ec#_U}Z@1;+{@DyaAfc6yRC8=m| zS)Jx?NHTdt04yvV2fwq^2f(3IH1l3PN<)>?!AitY1UHF~trn+GT;`H{gy!g4di*s;Z07%E_bw+T)pu+kV_*xas5C+r6UqOEZb;f{?6AX+J7`;O-r>#eN4`*}(rw;Q`#} zQ0q*+^YqtN-z7JUto_ybcKDcioyQdb6y=Jw_IlDDoGT<=R^FNWYk0}LmXEjlKJw1Q61yDFB zZS4@R#PJ^-)az5|8f_Ds#5d5eabYMm`F>gxy*V~HiTj_G`tTd|^b*$S#}w5@-O#4c zJJkQ$_~hlooN^tzZPp4N&uBLrn}OCPC#}eOdi}>Aomo`MdE+oA&#FJ-y(;V4o_#c6 zzqkwZ0wiKe@%}f}i=p0R+1*{OT+7Y$-`CB#JITnAtco28r6Jud|G5w>pURAg%HaI7 zdo_dNdz!WT(fx5IXKqpuu}Y!$A^916QytVc;K0QUEtB#~5$`2MsiqJACsg^&_0N<_ z<*Sabwl;SCbm#P-y7q4c!=MP(o&ta zp9Z)6MW17Zk80u!^~cd3JCCR8pk<;jKMS-b_6?kDsBl40L+k0_+7g^9&AaV`qB57<{O(lJ^thQVjU{L2W;VDobbP9|hxd)yt$0MP~bLo1=n;x3)$7}ci&!$m)y4a?A5|^3B%XkgjNNvZ)zoO z9cwvpNGEU-`{1ksS=o>hwsrU0X$63O*l%z$((`0XLo_3rS3bEh97GtX3`nI?4U_BY z7{SXSmJVzcB5Yt`7~o*<<-r2!vEi#Pnwq|9R0ZRR+l74s(wvi*rT^30nv4~N4@_sh zYs?JRjA(rN7NG-DX#lDi0!UXV=!h>GPFjYNYKpt$BvcYR%mp23=9qA8OGu_TVKrQv}H1{pYZ7wiD`?;9k1 zeU1dTTt#p7v$rsrCudx%vVl>k?{Ky;3HI3kwC=N?Ip25G4=CX?9RPh3m=#PfiM5c% zY@U>VA@hga4GQbr7u9fi6qZ4Oil~3JdC>tS(mH_Y2+-_tJstPy`tz8=|BoBsx7p^; zHS{ltizN4>W^SXo;`p(589?TJvJ|qDi}h$+NLB&r9d`FYC7_89LLs?d^A3Z{p zUrQ)T`z=Y~%$i?~bAfS>FpyBmB5*pTmb9nE?NlkeIvuDEdjV79Q+NI7@~*vTJb+Px zRIBl6k?d%&Y}WJNscOKT7~og~<+#K9GaDx@DVQL2_LkT@HFsjrsj(M0*{~AQ>QFmq z99oGy+?el!-&(^MU;^tJpx`hma6g_R`S>EE+cuOx7O~dCsQFpn@Lx7t6#{uvF zmj{%#;jAlUt35m%3ZI)I$(bj=9$pZuAJ73ZqjAIF8GgOJ8A)Ht5tmN%3UduTSl^0l zGDueJ9E96QuzYjrCw}$wZ1{i{rE5PY8eD}I0`wK5D{t`#WfMyYUQH!Y(m0ou0uSTl zQkd4L@S#%n&Ar{Vme?7H@W2y*w= z!2o%Tt$Ac;YLi;16eI|Pv;sl(;7v-Kd0P;lVC(}rnE4;Ct5&dnRV>N7kR*Uxc{TsfH=!MD(`vSkjZaI7)(E!Nf za|2!Kgo)k})Y#(T!(~#-mF?bP<9wxZ#cF=;qQLV{udj_=sa%*46c23wB5no70UcYw z&EOaru$T~J2|jJoC}r|9P(Z+RINaJh!B6=~4Iqx8{6Ui{yJ=HBmzP;7@4)^LLo7H8 z8G~f@M3%4l)N3;mBfoVP#ii){aE+_s#!#6L|HgHAM)km(SXm;l7@t4PU&cJ2dcNkT0e2Lcdio} z--6$LaBRZxt&wGftX^96Sb*6;TZyit)2Jg6nPZR~+nR9Wrz)XvB>rx-r_`wu6w;qf zE^^y?1!+#a2=`ma8)je^e@-4NJZ&?t!SV|={lE@T9Br~&7e_zQrX{AyH@DM+C2xuW zT-}xt-dp3QgY?af)$)bO3z=hGVI9FBVY>o6W}O8{gA~p1benh1?JId7-`h!Rh=Sg_ z!VkXc0C0fp6Ja$b2=IndsIDSG?@^o`h>R-iN98Za#JGmNCo$tUxH=i_gXzGM z0L@_$pLfGU?1ulm2`c_|6MXOMm=((ifB|%-+W&-HpR6A+GlZRw<0LhM4|SXENU2JC z#i_J1|LTtHP^;t?@6noQQiR*6y!o(=1S|;Z0Oc?%WVey~B2C0p8|7P7$VYM7nS~_`2y`P zdFlp7**5HLgilj#FUl0iCR^=)0mBb-4nG1x6tEN4vwTWWpFsNtVyp=D(hc_RG8D(RQuE_x8)UE|{@txk00(;*rIN!@~OQ zS=o4)FPOsemEA0yb+Qyt2^lCrN|#W2D6}1yfvF)q;X~{hTyuS;`SdQSj_!50Aa&gL ztWI`>29lH;E_e3x4WkNgoGQBG?O?2`nuUl7ixIB{h()|NV3E_2rj%8Nc*C*f-SVk- zRumkNozSEFs)HfRmxXMFf)!8}d1X}cO}e{N?lW4NxU}c$9oSch!03zXHueAPzJ07DhPxJ#6So`@wLcMAlAc~u+S0(-CQOnp?rQ2snzi7j=A$E zh%&>(3fV6?1pHmQ<7F z6piAfxA(1XoZkZ85ND{Qj_5tK3?o7q)5s`k+lL&9cmrzjPDm>ioQXKD!s3U~gB1P} z+vV3E_J30Fn=opNKJ*&*?m=z-_ISd1;fsm|SvDxx3etYpl7%n}Y$xs@-G+hWZ(kfc zHRE?HWw)8Rdi>PJS+HgfYpbykR4zi#ah@g|63iZNYcM?n>OYXadXF z-GiZ6Vb77=0U3jGx{oRsp=uPLkq#$^q>lB7N~_#HZg5x^M4xKG5=Z3&QLqX28TJe_ zil5jT+rHoOK=;x4V?jq(3@*%SHWwiX?F}|l>^iU0;i8q`yZ60(wqyrn~Qi7{~@MY)ZzG&N2#TliOuo?#V$5~5y`F&ZxlmIv3i9XAmAnJqr1Y&U#NCh%#?a%d!aY$gIF0aR^9NZYa{0s?yp1pAM@!qSuDh$ggpSQ$3bHVT&sTYo2chVLPM-84OVR z(1)KY{Zj$5`uN=-HxK~Zq%)Cq6y`+Hg&LSaafI$_5bK7Va}o3@1vM-)!3cs~Mgvp0 zE$m=873}_Lxh@C1jF%@?Gt!pCD%HRO>c}%F71`&sLZifdDHYDyK>2;K{;jnJ79c#r z*;_{0F&DIg9tX@pR0!;Y@5UN@b;yx3kkh;O(YR^8@sS3?N1*#~4m9}roDHlTq;%4BXXv*}e) z9)|z`5f0uELA$e3>dOk^QVi!VwNa{<#xKFwGyNl5l1Pj5-(SC=AmQNtb+^+-bX||q z!P){sWQtH|+CsE9^Aapj&;v|EmLGdy-_02FH%}IMA(R9*-XZIES^muu>D@j$vNe{s zNx%U{CGUW}yd_FHDdj#WjCfL^I2!hXl(Jl&)x8S4X;8nC%fy8-6Eh7F<9PpbQTqi!c=Nk^!7fa@MO6hRsoT<*)1?Zc1<@6%3^W^h8v207={LU(4Y* zTAIcq3Sk;YL0~|2^$Zi;;*|t~KwBvoCwk+y~khFWt^9v29*{vOP4voZ`1Ui8uhW&-- zz`_RJwosf@s3zQ!yF%w_VZjAk><<((K~sTDD(bQU(vU_)ff|f^DW`jfQTl%62rr&7O(b+Wh6xC7xGYi~|_`LF4{XumWJdDQ`fy z3TZ0atp1HyK@awENRvtHC#%14DuxYFCuf%9;gdD84-da-ae21gJ9jH~8Jq;VSK^Ij zi^Ax(LC8}c6nOQv8d3jlio%gi!~zA4L3IXzUAVttPa+0qdfou=LIxczdwl~@^!4Bk zguyUBV0=9Uyo!OYFws2?e%;ss6bwXBp#f{909E1-UvY5mpwJh~4KC3<{8N3$TX~#> z?z?E7wAsm0aAlAjM7{Mx%fzKQ>+5CZg+^>@(}r(i@Ex>Ka5BI^Fg!S@tg-kjo&6n? zmOp7mnZRoI-N13yU-DU?@}&U)*(-6~XhX_$T}rHb^SNGyWM z#!`8|e8_*S!UGO)c-N&|ulL?NBLBi;dEfv6QbVgFUr z;RraO-@)~e3Xl=U0LVI2y|o&g|EqL*OPC&C?WVUbsF?}?BD7Z}a%<5K0MXDu!`DGp zN)#W_E+~|RufbOlkO${Y>tgFx6tyd-sLRS)uX_rzQ;f=1g%qDT{nO8Hheg7qiybBm zUG-VtVB*7YZ)nN@9allG$JC-?6uyA;lJ#@Q{WdGO(yNib|6)+v1TUQzVKQSi0lnNj zmz-$J=}lOftt~qN>-g)nGZ-Bs!4Pd(c4Pm&4^OOUZk#V;-{8PU(C>H-SY6N>xJT5E z;x@6j8ea&_7xk!qsBl3mOW0og&S&?gZFE#RJRqPY-uMIJjul}!cFeKf|D5tK{|T*Q z=jvuC$~tjfYG&W6barQN`Hk%(P>qrLZp!vWidN5`z4je7B51x9l;I~IpWRoal=-q{ zf8%5mR_@{oJw>h(s(64+#LXvAl+Oq!agKF2IxKv`!P2y~VVnUw+*uUYSs5a$CO)Y4 z&@xKbBWwYpP`P+}{y?#{@b>d(rQn+XM0=v7lMWKY$~$T#rZiy;J_|Rfq@lvZE0%FJ z5HuRKA;AHS$=7Rt_C2v7(fj9A1N|+^lWg`=brupHK~!B&3@;OK)8@h#0U<&s0sUQ| zyp%L=R*6DKzbdE08oe#~w{vfd3VmZ%GB~q%Aq`)RY6o`#b~v)Bgy_I+fcFHhfzgI% zgEYHYW!32QE2%}qN0*wVK6{H)-WxtUVx$jUI<&K}Z&WM??1T&w#db!>bs*Uahyuvh z`fj-C>@QE!U;g$*S;fxdTGyhiC!K{_AJqfD-rgkL^{}k#$E{&GdK)}L=e)Btc3X1N zDofs`1O+{Z)ofDZer5V!Aclt)7CH9{nj>^wly&8!&`bif%OqByPiN0ye=(?!RZ(pA&5)M+Q04!mIv2&oq zMxG-I+Z-uV`sP3r&%0iN3a@ff-jik!5*)}vsO}kxLbuGmfoqQf48CPblBvuyb{7>) zWSM!KYi4?Jll$DLkckE1B0vL^gDzuJD&Uc zu^*`TMy|{{C{^d`kah9g%dn%VA4>KbQukH~XX(VZZ)+Hvi+ucHEDOxYzDabrp;%4| zvvk8-bE4ZiS$3pM&8K}|SL2w+TZ7#pRNacTu9@b1lyJTJ2?g_)5 z7)n&0{w>VW^>W9@dAy8m<&O@AoI5{SOXy+87&bv<%X_ibCXkswg5#kD2gxO`+8u1(SoakV&3emuE`4%`NGgfa})60Iyi zQcf44Pj^XIGw*y`Frwn=T z-JOv2+ynDzlaXE6;r_OODMflBl&#hQ zQW~Ct6v1SQs7(r)bMaZ-awCR9Ame5<3+e43ZTUE+AoRaZ%5IvIU(V0TIaT_iYokfh zIJcul$6DDr6>hHz52HCJz8{zZN~m`~cfx}rR0EMh(&I1@pUoVDniwX~))031@~G6d z`WP!@lvX_a1x{**Pzv{gB8khJUmg{)?zUh$l^U1VUyh;4K#!GDs;lwnsXRE4qu_Zf zTTqo)OX8cdHa>J9)`(Siw`y`TpJFok}e&TEGVe~OQl?kedPpW!D#?}%vx zupro`;jixRJG2zPj||nmwo2OH$*A}8xK+kKc@G|3A|c2qbYWPpxb3S#-T8 zPSSwBn2bG?Lc~NfgdcJlV4_jjg!3*qkxVxxU-f~_ZP}tM%D5nF10M7rsxa{Em50h= z#w9MVQu%cj>X!g|;Mr*nQ}%+U^N+K3smX^&U)?#%fLFr<5A^^cp zr`16&ZlT94#=V`UB~Ex_2ZFax+Ee5i3xVODJ+4i8R)a*TqL{VJVx`pDPPUr5U6TCj z>}#exmmVX2>b^Ls08fgvkWyv{#W(1FoeK6QCnHCy9!hkq-fz z0NV}?-i#4wmW5J-_e{?$=vPSfF4q53>I4pxIfEOFGx0aC4jstd;oUXr@dePX!1{j9fg({wj_b1$}FC%(+zQp zOm5nR%m3BP(FZn@sXHfjx2TaopCHI{=0jVHYI@K*faO+m-fHV$d7}=FKtotqRX^;a z&gznb`-WD6{{nR~j*fu9n-Rvk-fmFjBFSexZG|-I8eB3C=_E{tJwhmtkHAmj3~=hO z#TE3jDlkHDHV9I%&M^_-77?vrtbKU0<0X+f!y5@c*n*T6kSi26AzYsQ+FL%o#p2o} zDPxaD{uKm3Mdo;HcNUJ4yS6$~^=@B>b_rX+`;cTJCqk8f%VRz&J zFWxJbtSgb=*co)r3Pb8pJ>*X!j)q{KAW+n4(yb%v))_DnalJSuV1&A>Si+vm9524F z=$1&x5~T|f$CnJmi+I^hC0@crgn4kCv;=)Mgu6BR^K=}M`Ugpneypu&tXJPDrpgpx zl>iSEEgr0k=M4k3?*C7dB~-AKeZ27L^ApIeL12nuLtm`#H=wWqrjWXQf`fvBVq0C? zuSqZ3mcFV0Qt`|dZPp#wGV7(nQ>aAH$wy-PS)zt;m*@xSvnBX#DgJ)aSqEIGN1fGc zeFPyjvJk|T&64M>SG?6gov~icF0jdRCE0yA_8ffuA6N|MkWkCEB6D<;%t2*Nb#L14 zY-m?tqVSX1K3EL23DJ3z<7o9#F3a7!s(Z_C1#iyW?B+fhR#?QSw;8Por9pd({FK<< zDE_)5Y;Lw{b#^f7%`aI%<5MGTe$V#pLv1V{2Wi2Fgjk9gUJ)!CC5d*Hoo6LSeNjJp!uLi z8C{j!E_f`27UbEw8v;$30%a(M;d!uDpDG#}{`nZHzn@3jRGHtBNB(@VUPW2{1|kyF zjZlxOIG-dZ@DmVYAyR<6d?KJjdwmhaF_+vc!( zfloa=5(`mYcJ^}phk`?`OYNGFfr0Oxnz(%5`y3a;q&{xYwTA{ai6$R3+(L0q44G^E z6qiUMKEr&%9Bxs5j4dx?kb*&a-xAk?^Z|lf$(P%lGQH)M~VsZ`po&tsa4ak5Zc*Nmh zXKzAsful9pmvXFs$X*QDAwz{D4M6$_^tKHVv!8M*#iEj$Fy+*v)h;JRQd&b_dd&2@ zGk;s~VuR#n`Sj?8(c!Kx%1f3mnb37|;FTx|ryCb`?@TgsO10i{)lBpIz&Q>k4@5GG zC9%Qd7FMgP_}n;-03s3xwUnd>0GRam8(|e=jClFUjZCuU~F6*uu$K={)JD5 zpr^_O;bkXKNCOJe@_@|~9zOJ+Q(0A20K?bSkt@S4)6pn`=XE%8EmKa&_5r?>ss^H*nlL*O%>9$6K09 zUew#cyV#?J;`>yGc_=pI^bSf%4`u|g7ig)erb_4U^$L-e`t%+NG~~|00_t~Ob-n4} z(z-R$4>xo#KK`JGhnlyyHzM_wt5+91d9rrm6}^-9^6Sl0?q>OiEid^hD7W5jqJ*&* zzqv87LGeK*rqO-QB&;qc2K%yH}>H-xj)gc5%r2w4)0_*uLa&I6G1hfgO+B z)@F+2LSa#nnT5py{dnUd9rVE93s@o##&q{9h#Im#%7{8-y4pm7>=NLXQ+fQvRgz)L8YGzFz!#W(5qk zq;!SL2hJ+f-jBz83#!iYeQ4rxk zt~?wf=)ipw`##fc1*nLit&ueBCoh=G3}*O`i-70lI9`A9^QFYZL=?lBDNZsRF+5an zXt=$!J@gY-Gcz;aryo-QO;*&}YV*yhwf54t2aV1wEBCECqN1J6(#d9(98uxt3;jK! z+O(D+${Mz*!nZuUC(=%Oer86-4IGqhnCZG4n26)JYO>G9mFnunSgdr%5J0eNYiESN z`t)>FmW3NG4vrG_23K&L@fl6F8G=s`EUsZ2>634jNKL^ zrCu`CHsdma)1|hVyj`B%;W7AXpqH*W-ZlA?qCk`d;p*^!_Pkw&BCOGWG`}Z%Urlwxl7*6}&&22T1W(hV=LSmxd zsZ*z>$;hy~yC04`fLa|Xc}UDUYoDC5vbJtOA#f#&=2bhU96FAo_wNm_7qzv9BQJla z+9tA$bEkqEQEfAC%fvnIsJWi0=%y-taM=_y{8W|J-&X`Cg)ANx4EAO8{rXpjc7DCZ zLw{}Z+~-i>=;iVex6qSfX(pzm1crx)-?(vOXS|-|4f%>q;oAlTo``B4oSm;>QR3$1 z6kR<%)vIk*v^Whe97L#__~_9!tw8yP{D6gIr1^aJ-^wf|_PBjEU)Tke)zw8E9d_mB z<|%l@Wr)&f-N7CvDKtC)_?kTW8@+a3#ex%Wu?T{KgSBGH^Sf0Y(^V^A*3UlMht8vC zOt;$%rm>^q(~+lC3NqZ?%i&mT4By6k_uBWEWQ*rc-Od7}Fn_DynqfyG`Y|Y>VhD&3qj~dpA|JP0dQB z*~@qyFb<74mwp2p{G6h{Oto*&MEr=Apv!y0a^=RlLwZXWacFs$V|#+?1yH$Xmq=$N!yY%5dES*ek3Mv6_9{6UX;$KY2h)(W2i#^1*^3 z(F*I=Xd@GX0uaYlMHqJ4gcZKT@>W$11%Zhf8SZsUR*wC~X4w?6 zZHjw(7Vc!?J;P*Em1(<%UU3##MA$J{ETtgrQaDA48W__4 z{(i$$`?;WMUgAq8wDkH#%Ytp6I%2WcUS4hFcv%lu*XuBG%#*lunSVBI*xMi5 z+wYIGi#yjHdgBKEtVp&GMgt^a0I@cy9)nKEVU@KwB_=0dU8o=Tv8g zyIwsXGpxxT;N()vrDlWq4-_=Q#`wusC1z%Zz)2A*V8$9(1oe4`)i#ekE*C1?I zg1rZOh3$tk65`$%J&h?4G;xEiP3MktSDbWU-@ci&tBj0d-<4utP5ebY_ROz=^(N9@ z?(R3RE^t;c0S|0G(A4A(Bg?kbXDlvG&K*b&C^_z#9R|Z9_i?bfc~Pcu+tcKL`=4M8 zEsc1`*&LVOoh8E++7j!I>|PxHDr%&QLYP9s62K$)rT!1z3IrzTiC`WFZphs#o%_fW zw*ykM^8Ne57cVxtW*RF^5Tf%(d&PW@s8Wr^73{`Ftb#JjBn&9t2{64_+?ISaK~ckF zz)nTQ1$LY+?TzVuHHBU8Y1SN%>JN{*_JcnwzQh6mdb=_QHZElAJWM||?%NeJWuc3~ z;0B($HOH;^;;lEn8&Wm!jUS>aIvUyxc-f-YTw!M~$5r%&)1vz7=1*3g`&D#Q$--SF zi$Q#5shucgZRcF@|F+O-lBVR<@8%2K*PYK*Fu3VhnOs`8_*SyOQ?%}q75q7F2&Qi0 zcEhm&XfBcW>eV(f$G{No;3fN^9AQSMwY3o=TgE|rH!ssz0SADOJdPhUK=70OhC?F? zwui<$4rr}ug(aS-tO^<5jNdpe?Y4p}!f1qt*;t)Vm$br*!y(&o;k%5CGRF<&-}@>e zl0Eaez%zT~Okr7=(4VsCz*#~9OwDa=2W@Q?V8!*0I7l9qugd^qSBy+hC=n(7{H~J3 zq@(~q8VEWG$Gg<~tgz=b(PA+fktnx^{UkGX*TV2u^KpgpF5aL3Ht-{G2=e3Qg!8}t zItS^%g^|)ezGSfk$19rh28wO4i zW+Nzc_^z?%o-Hd`|3T|fIvo>So4#vcdW1qcA`vV}!!*YQfeI$Y5n6%voYIIh`Y7#vHOH1TtmYY>$N5LMZy7k&*^?mThh)2Q++Sxsr;=Q2$4DV>>g(iZh;qhiPb;g(^R zd;dD!)rWQwmn3CE#E7jCu*F7vLUSD32R@LIfn`~5rE?x&$s;D@}ouG*>KWq@{maO*1 z*VIL$@Egsr(9m5i?$*{Vmrs;72zIS2z0vbItSv7&P0rZ!Ib8+e79HE(~nns`Lq4IxMWDw3J*-LPmz6&)19P z<;^`kvzl}QJU=z3JdiO@iQUc#t0DZwz+;p?u`aaH|A?{#>_MF?g(W2iU0hZIahIs+ zx-Og2fE;!zTq=djcsy~WWjMm$c+Z}+_B{c)P;L>BgApM6LeLa})0s187U7|=eAeA` ztXEa(vlD|2z))I2)*}_~C~iXlpjPU>=d9<-y}A zJPdfz&;H3m$81dmfX<1+hODwZYx={JvFzsIB80@@-ms{y>^$)j`N0B^BGJA2DOH*6 z?>Bht&36b`8`|M~gFq4@jzY1wi8=o1#_;d3lMuPN`d!iEw?zuD1MqJ>94M;dT(7dA{_#3 zCAkR~Bggnl`)n-d>YdC(A_+9>_=;$vH z2jZMl@4Gohs#c!(09AzK( z0iQxYMFApii~@~m--1*kZVQ=PHAq0V5(9Vd-aSY;cFueXw+s`PhxH4y-}Pp%tyRTKn)sRlT+hZQHz1*_i1 zMjoUD07nt{KeAGf9`$Jtjo{|H<{y0WQFU56Ruv*$7wIbmyPrLKCN~YYjTODR{IH@l ztrZ9CQPdi%5d~0#(8@5~X)#^W(D2^S$fhcjch0Fu`$fP!y14YO`{W>bNN(*`GdJ2{ zK-GZJ2e3uRf@6DvmA%+?I6m_#!zpA7oXD3n3G|*`MV`IX^Tam_6io zvud-j{50Q-7b#e9GF}%UGjYC=vEPkzTEO@Sy7Y1%d0G`5EWpaAfdA3}jn?M`e@fuI5)p`YiT&AHpd?rbPXwX5G)<2l$uAQo{F zZW@04bF82w?Mo~OicA|~Q)&?IHabZ9%jdg=50ecjNU#-nYJl_5yV(NMi!EmF>bmEQ zye&utlmpUk;O$uvTtub}R1dfiL{Bd%9L~xL#dBcm?OdDAM4i2kE+v6g`G@tM{#xJ= zaQ_3vu$V*u|5Hz9_~p$3kVeb`H|o-oRMGijsx8Ay5bgco!DTSRayJI-s*G&fK$Bxv zJUv-(*g!^iLDi0nM-4EqNorWWv;)Z{w75Vro0ys!ggXG#+hn67c&lCV6)d|`xo5#m z9gA#YaaOO^LWJ^B^@1A~Kfad;Vm_aLrk0%`FstS%c6QcG^3BB~m3tzc1X}sw;U`_h z6k`0G(#z|$4s~IbPP~t73W9%PC-23^>RI2#`t5?+6N69BM+8_+O>t$V0j7x_1#FYv zAaBlz(hZfUZ!w7-q;dQ996gk}gI1KI1>1M8E$G;%PuES1HtGqt(pu@+;1J=S3`S#F z$+OamiV7lJ-${VHm$LPm55?KHO9OgF>A;hj2 z-t(ENtUHb){SK%~vtiAVeBQGCOr|kVFc|jOr+Ua&DP-(w=)eLY@TsZ_qPPTpg)jtG ztR8p4%p9GBu{`Twkhe&sh*1v|jkFi1hhb8{e-Uo>n-k1oeTDCZslA4pq8Zw-!KECiG|qH^!#zQDjh2mIpwBfHte%Di~-!eNY( zob}yiFPH4ss|5&Nv49c3jv6(pTnN|DP#U47cdZ-z6z-?A#i{JjGNnnQ;iKTg=+5XH zq)r~!T5~M)Nmez0;8l1ITp!*z=lIg~!kv*SW%4$6S4E0e7$QpiPQf-E#T(Hr!1d zYz&y219)1B*Lbc{J@b-!9o3wpGY(?+<4zT(aR&x(KRiD^$}l-*^u_?i1}rTYE~4M# zGkf;%u4A-JM(mf*9+ht<`CF*AEOrEi>)3r1AIsHdJj?+DnKyeVx8Olcyca|2!ij>^ zJ&5I}A7_|{x^8SygReC;OA zcVKgbj2t!1GB)O|GX5e2dfPO4CF2$PE#cg=R2R%;-5TExYA*UnjnYbcP6om>fPQe- zJ3|7cR(}7Rb}I;pMC>EXIR$kH)6kEe3?UXO!2#Gp%pxLzCKa_&b7veykN|#*5G8c` z2#u6htO!H|AU7^$ScfuNsNDOl`I*=~P!IvJM+2-R>?0Nyt{U}JM@mX6%vmNs8Rb4i zErDrrX|G+2t%eNa#9s}Eh6Q55St-k;w!UzY*j8Ls2&Mp_)B!Oo%r230djW zrB`Q-Gc+7}1S<~6nh*sjeR$m)p`qp~(|}tJfG(v;#~yav=M|ddy7_nP2pF^^-?3Eqsgwku8Ufl5e@& zlz$asFMQ|UvLI~V-1n9sEx?D4%yGTal2`bEg4z3OX2F2M_Ch{3Cro!ad$VMHXmD_P zd)9pJVy=7(x~tB|bVDC}dLcf+0tUAOA37pg!LTM%YrL zpk8b5q9Gp|k|1Icy-41Du>;gJ9Q4nMQE!mt3c-VIjqD1rUf3eb_UkQ)>)K|0XA#U- zIlI7WuXWhDcfdMLsmMeUhYH|?(dPGxge)jP!bAs!e6|Kckw)^bo&s0MD=(voZ!U39 z2?+_?t*e@Qki5zGrAg3(U>8ma9NDo2hjj>L z2@eA<*sFir6(y|mj=JC$kmbY?Rpidl>~rF(?p&qN*9Uz>hGjm>o$FN)9mY2j4Q@wt zHBRmewW)l?*NMmBc?0Zr+StBUx=K{S0aAUjF0SF&-j%*H5IsyYQh8=KINXyCS|hY2 zJr|sK!FybJFhW%Xj4FEv;gZxvH%V5k&PF5F*~%jz>H9!-RGEzZYCzWa`XY3xG=7^r z@WADDa(Q`${z*%%K1+`Uz6yapT{qvNY2{)wlk4odcS!oJyL6=T#rO|PSFGrLUu9L< zo8V;@R9#Y85!bw9~R)GHErQDTmmYf9%)>R&j(bwT2nygU#wLg9>^)Q8}4Ol(c|!iwRi z)Irwd*ED{%aQ+}Z>)lhBlb9@UnvfaG0qf%V<-Yi`@ zsWl-h(wc3OlC5*QnE)FyeO)+jPgc~DEl8pK1+hbWZ8HN%bn!dbkWkO`g;_f- zy}rm1?Uzf{WBf$=Owf`D4fL1m4seJ1?clywJKWG0@a>0s+3WK0Md25F{aT-;NVeZS zW}IzPmEWUwH(R-VdD5lIgwWhr93NnOsGwx8hg()rS3tdiYU^@=a<0H404JQZTlYlH zuUeh%r4v4_EO)wJWDA! z@Eb^eBN9CX!3UoJ(4GK>kcE=Neo`i|;Vvk#OCkd~-GQVE;{v21D2NzGfHC7vQ~f#^ zaF|76Z9qPwp&Qv4lJMEsG~xuq;_?`M+G|OIBB{$_m>7_yb5|fEHNTqUC_Q<;z*?k^ zCHL2t>Qvse5Xe+uvtT0YjyTWk(j*tGx_4+qc0}o9m-3+z-tob;sm=9WH5D%=oR0SN z%l*1Vol`Hv4!&5DV$fR=+r?FF;yM42+iDPFTT-7K8<*wNFi_va-IiPH;`+`bh!^EC zc$j}FnQif|qb$p&#J<|gdavvIWK|Bwyzuhwr}E$vI{B*=t6 z!pM<`f|39f(_)3uW@YhI=aWc6|Xde`)S8Bv;NwS$(XhUV^K%-cb&o82ip zSIx$)JAdadIatsZ-#Pe+d$K4i51H^E+}=LAk=tCNSYqKuV44LO5vAAmzL% z-RYWHbLOT*_5^~TMjYD!;qFvpjg=qFTBb^p6%AzhAwYMS-{kRyBC6VR;e}&RQBROk z6sW~ay_KZD@T%rPBIOi*CFFeI3TR3}joc7pJRlNyX>HAIF-lLoCO@2tOs`ms!-&Ah z;S)>*h(L}MRq_pZ`8mkG-J`!d{fYUYv^$@P9A& z>h&M@2^=t?pMQc?gez{H(NG^qKiM$_%#_pPz24}@)>-C20)gqWx8oM+Kqnr%WdI*YtP*(l%!;@Sx=96_in}RoufPDxJ=sk7kaYoBuYchR9(dH zdY|F4l!O$Z9G2hps%}0YY&d2ta1~o+Bpnb;((Dom0bot6^V6qK^-n&L<{9FfGTg<+ zx{W(DBC^baN(+k2A-_o~6pr~)N?hnaj+1wwGay3UudH<7!71$;jg5AV5XV> zk7?HT?Db!p0(}g&h1{9}BqWGZXR(OuCoLpmMtB}9!co~}O%sF_&+eePI|cbf1|S|`;+<}WH@l(3@HB1`+NA6a;Tw5nsQ>$oNx1i#v&RP;X-eRa+X}Fv6iFf2Ar%M6X7CG0 z2dCNgt8tFW5NzH=J28WAt}|4WwuXav%PCzDu!hs={O`9^o4&1ah&Rn>U(FvQG;6_E zR!9nuyoO34lgYmIc45-m3fi-%Fx1}d9k+%ppXg8}SeG&{2yhQU*3!u)EG zDZ?}?bY?NN^#A&WSu$mu?uC<;8SB?S0lpu;qjtj%&to3d!vs15ZcTPv=Thnw({4Y3 zhDRaW7FRs9OnUH`?7v=${*Uf`7$x6sI;!nX`}klYbKOeUYo$XZGG6D;pz}>3q>3qb z{fL}Z*r6Z~!^u(1;o11dj~C5z!x#PK^?0oJ%BQ&UAU%-r5Z;hS@Jo1e90#7{y*9_K&3LYLCY{!g!xAe!0# z@H)=crnT}PUXLAQbq7|XLx#ESe=Y$u{%&YQSR%*KwQf9JuGXygX#FjpjixxKcqgg;I)k~BTD_%H=NP$H@0Jta z_P_tkC>*A#@fB|k$90^hq&8HwkmUG|)?sGPIp{UMQB=~u+j7b3&@Y%)@#Pd&pC~PP zX@!-%dCxUwM%v~2(;jSF`?oWk0k%P7I8V`^NdVJNR9grPe`da-UFoi`3v7#${GN3Y z1s>ANH?EqhiVgMUm%`K&rCt%P?Ri!sP{(w4-3}BKt@)llTN|-cW;TpV`L#nBme(GC zw;*fvW>dHDF@D7^WC)8vfeei}BVOSOSQLAFe2Oo6U$uKZ@VAR7ek4f`)F!1tC|hY| z{OBGlUiu~wqx|X5Q@2RgFYipm1)tx3kgc{-R=5zZJjG{Jee9PXiNG|13;pPGHxchP ziOjYv-kByXk6I0o(r_R0!=gq6F&oq~s>w9WO#5NE49IGXk+G?VUZ=9FWk^FEQX5aLw zzkYV7fHz*&=;R$Pa&+1lzn!MHfT5uflzQ=_%*5@OcYb^M;Q^%gpZu&FvT&Ox(#kkN zTx`YzH-^_4LPY!5S6?U;5|UE_5Qj&2ocI zXx=d2>vjMhQ@X*Z&r9v+w0lx?!P;{-FPwOz(;lT@X83RsZcbWS|HZnmN!#SD^CioZ zan0PJf`KN-xclsvlATC>})#b<$U7vH1cA|s>IdN4bm10Tw$S=P#G^gMz#;+D?&RydQkP4kFGqt<+ z$>ECtC-ih38HbXOj5>%#1ipA9FrXv?APFiwz(G$=U=~2T(SrI=%$#@%0Us%ygA@@) z3xOBNQ{aVlw~^4qzbE1s7#IpzfJLlV%lA7N7yc+ebu?6h(Az=%)U?z;41_<(c;e%W zidGK)!d~)}Xi6n*(RCB&Wm7!N;_Bw;HKIVvFd)|4b03_14`Zn=Zjsa@&8}FXh>>yt zI}M`Ta%h8+9gcW`aQ!E|K@6e)%F{bEUwE+sl^PAUHbtG&gho!BaJ4LSPzs_dSfrN3 zi6DxWKxI?a36KC|+!d6+W;wCh<=Rt;b9N zfpI+W)R$bL^AaX{Z9^97;5}`3icz6i(?yry5Q^Es=~Ipk$*@)H8|--Pp9Wg!izQf* z00aROmTA6p`~zcX##a;|nxSGSN{m8*!N9V4vAekIYNx>*?Pm}T^UweELqV3trdn7mve)=euq%7XA-iYMj4YcXaVa#SH87eMAy?F&LK=s7455OX%XYbb665c2-%%Nvo|g}tB;mhK8u zOx3=wI_+BrRJA~D20aVr>QS01vz()zMidMyh}f}n?6pu2<}BUg2V-xX-nQ-z_sJ`> z1@mmMT;(>q0_RhD3OpQw6C&SWfS@FrpxQ)jmyE5xgm!9k5c@!XYl5KiE9@mgrGe`B z*3VEKiqkWiy@LWI!A1=!GfQZ2&CUIoPh;`8OL6tLl~&5x<7WYplCdKl69-u-P+cVc zz-k4_Ffv>@R1!FI-hW%6+k%Frdai^T{__YR{SSkLxzW4in9agM(~3NlY^8@KE|Ft~7$+`po9Q8Jtqd z=yRKWbL+u=&^vO6pPYDqo>!8tgm;4(LL?h8Ogr!rXS}=`a<3qnaEUqPkACx8g?-b& zj4BP&pI^pM@W8eY&IR66Ts_&IBT@9tMrhqeRh$tUS5~A_vcbs+t-if#R^+8op8urm z=!+GkCz(t0^w-y)uIQ#ac3)6tZ0oiZ212;YNFTM|m}=bvtmxcNd+@KX<5GUKVf#G6 z6G{6^Ug2s94)V0p9TY4_5W7KpU30>hU3qp@qer1Uq%DNaTw9l)`Pa7 zq?p%nqVKnWyt&SVK9>+9cQ_jgGMGvfWPk{@`fLn$1w8xwdfa>WMwyD6q{QR(Wt?Ys zH4iF?BVOl~0HJ`Qc!QuuMADRC7%%ccTQw3@A<}~WrMw=w5nG0P6JJed!_8%n3!bo* zaJ8(cLhp5B#!9qbni48?ewDPunlU9~cdU$jmFfdHdGGXy5m&`N&^c9{l}1tOA2${H z>p%Z2QM-W`rD(xc87g78GmP)0yi;sXk4uI9;V%F1rL}i)C1*Reyuc%&AHhZ{T%X7B zQ_u6L9c-Voe8BJha9pc%4zC}7%2LqT9Rkxcd=OaGtP z&RNc^Gwkjfi{mo)1`ZzG7FRLPCRnh&xVa@!W4MI#tHN)F754nZ6_jt{8F^d|YAdyx zE{ZCs?CFad1f%&W>+Z&|O!wCwuQ#|$N$WogrSJvurO3t{FGS9&mX{$9G%Wg&~d3vD~}y!Bvx5ce|}Kj`Bw;>`0cMXYzqQy znkFO#oUh8~RVp;9wmRX4^*DaTJz53U4WkNpqKdW&6KXoAUyH2|I}nuVmHMqj`|X&D zHr}ec#wi-nSHm*1-~Gb2NRBP%c2+LwtDGX-<~sz#r4}b27F)$l;x~JgZ&W?ZQ(l48 z5Go=RA^av0W+uvZL_z`dxD-W@8hrKY7};DkAZW3;m6DrkWBub&_5oI_LcG^tE5-BR9W>cL*#K!T6am6!r~!Ad5R|nMBLs}ZJKwV$s`q?EiISX z;k5{#Xx+BlJym`0GmYp*{byZ9(G_)xN8M6GIm`UwU$~hu&>WwQ z(pT%*NiJ7j%(m>SeBiuXwPa7Y^0pSMB6Z|t0p08C>yc8{+gD0OO`p~7sMI|;ORw=x0Ppnv4HNri{(~ zpm0{l>uBEW7aDb2K>9F*88*Xb&H@22h64f~)SK&5Z3|Xb+*L%#l-@!11WT)YSZagn z76jQp_1A0yLlRk*hagW`S(!?4C_{%T&hi9kzfeIz84J`nkp5U44pFn$G^$Bf3My0= z?_u9M zl^OR7YxEcAlwG%8O}W+T0x2%{sB5O$o4|oI^D23)sW{^a<%e4Az+}Jtldp)D7;!>fzGR(b$ilUbz9YlS z-XPF6&a`ng9HTLH<8aol$+oDb`G17H2|Uzm`#-K!TIrM`Svng>rO3{ZJ=q!x zWhr|SPO@arzHehIYs9FWl3m6UvL)L{WM?q{>z+E#(>dq){{HjwDw#3O=lCKgq^>24; z8p$hczg_P|AuAvf( z76&8Dw`JHmN<2sxnc@Tqu@FF;+2l9HTa}zGNBp&M|gub44>_?dv&g;)sfEz-Uvnv2PB9;^Cgg`f7 zdC*G+?Ks4l2If9AcuGNe9kwU5i034#z4%crdPS!uMw98@ib2qkd-;FU&spt;Z3&1X zKUlG5HS7B-V19q)9lZjEViP>~)c2mfR8>T!1nt6TqOhh^UMj1x#)GZIEl$N#-c22| zqk9$?UGblcYrJ;hVcasR8H1NXC0T$1f5J|P#v20-oj+BC04W2_v*(Q90l-Lu{sR;{ z5w#sygh0;qx(mW?sLKIKdH}=X>v+ExX<_Njyqa>dOwPZVj$e z%L-TKr1MD^^k57SRS`(!s1*{te4B(#uSXtx z%!!eX_K>EgD#U5(O69bd=li!om7nPP@apW&#oH0C`%F$>iHpf^1&kA+o6rG_P}UkR z89-UlwF2?(2g?ItY{*gn=v4>53`U5d_axOTx_)SQh9&?Q)QxBZs9y{&0}wTU&<_bz z1LdYMnjh4Zsw)kRjSDzV@GN4gTcF9B5}yJL`&2wpFXL9n)Uv>DIv(fqdOj>Fvid15 zX9dM)gcb`C)Of9eEDy0tC1&mp|CVGDby)PJG=xP(ldJ8Q+m+gHDHHO~XIy!+r)JX@ms*~*N``6D8x<5H>eLD6b#=3^#-mo z*TF{VC`bbWTfYeiOLM(8g`D8>9xNI|L`aJPVtM?k<;)iq-25`e+L z1VK_C(EW}&3VR zK0zEHI7RUx-OtiYdI|-KS9c5DcV&TZ;mFQE&xaotEMH%b z`v%s%D7RZZM2qYq_2=i?rjBQ9Tv?xpLJ2i$j{N{i>Vx{k3LtcaV?pU9L=s&|pro}LSF;*d1=AX# zNTOEQo%?RgVH03n$^-B9KTbP$`0rhuX7mu9u6N2$upUy-{ifC7qe)D99a2dLjFX#7 zj~j}~g@Zc8tRD4AAc`2_o^v%sPgqSYcWm8J z>=UFufC6ynJ!6<_Om9Ko(;~sG-s4oWZ@5dfAgF|7430WF1C+`E5>xAgzL1|SLnt(d zoq~vL1NTOP5Q!Dm7Ip<@!Z4@4Va>{BRWtg#wN1R5Ii^>s+7HDxsvPx>u?m?ns^Rr6 ze=Hnpju(j)Q{~NaVPuzzm);xAni=|GRY3JbxR8Jfj*9qU)d|uzqZ5h}iV}p97V1p4 z({$8nedCRW9CXx~f{KM_>#wt(?pJPa5o(@XFimzm5hKE?D$={6v~N(k7`r}?(Oq+Z zuo|6EXqQJ_598r#()BPqCIaSu2*IGnCP>)YXO?s8z-vRCJO&MKE}*hL_wD7(*kZRy zEA%o!LnLCE{jmF1AS*#MXlZUncEZ!sxR093m}k`82b>FR6reaE5)msaqSB#^5DII^ zWPoWvEz3wu4^hH_s6~`u7c2aLTFg)jEoz&fXduA`LA-p5W)fH@2rBAbl1tQo02B9T zOvGrc{zu+xasE$~;Lj+p&Owg|?mQpy_2CdLX|JiIeqdYnj#y{Z^&8_S3{PLVY8116 z*wSW2;P*QtlJ^0Yu>#u;`vkVc?&=l9yaN?tu5#P{28aW|FoRBmQwOK+=_&q=hm$T4 zdc1m^*>N_b;Pe*L(K6RRKK-c5qBb&cm!Qghj>5i#s0QtZAB~KdW(=|DQhu%^9ea-T z)E?7z0+wmqv^_|2Z#b(;+>!K9f>3di^AgiEb7o|*kU(tI(1d?9U9^{t8QHn7b~|KQ zZTJ4v#3lPT*4j_%gjFaPJyGmp8p*SYe;Y_XrMKB)6h^&U z-Byypc8)bD09nElO{!w{JzwD%oiE=!^7Sz=LqnEd=uh4*kJit9cr`*DD|c8D=f_{_ z;Q{9wStPXiz+bgWllUk;u})_5EDCy1s@>}aikBwO3cFWEE1#omR+E^~)7S9vM$Su6 zErE|cj}8Hd-ndXS=g?_D4al%!5Wp5b^o(@HZTkT6Mq$U*Dp%rk?zSgt??(LP{KjuR z-zFQ<{@%X#y`H|9G+o3%{&pp`EC!!cw$36}r=t{%;lyOIlg0@`NjRT*d}(0u2Sy9A z@C5EcPx0T_gu-%nyA(!N9V_0^X(q?hZ{gPXUIpM~2QV?|AsY%9t<2HkNKb}U8Qux7on zhT<*|P516yB%T1L8Bk2HEsIA-|5XUp|Zh0jt;`mR}7O1=8r=ckDF znS1ft!_q}2q9QS;ha_n&RaMnsWAyH_QonH&(0Y6i!N6hE^^4m3P=*4bEQL0^G7>Uh z&zVFa!Gm}D5r3Rs*uuK_c5UtHUT7#t?$9p2Qe76CUk+Fr;%fj*2XX#?8}WXy3IJ;X z8mMcqxLHnNqN`W_KmqRd%6HLvu(7pmwYQnz$cC5P5xQj|GtK;Ec+^y1Op$j(NYGXJ z$@RI;{gXXpKu+Ehh1j)J5me<*D9Qehw%Ha(+Yz(Y9Vv2d5?xVt%GH6 z1+noYXhs7XtLIV<71dLX2U~z%i&~<8WcEmY3(C*{9fP9-4h#6Y&c(G=S_;?W7=Qwh z`2yo7m$=e%*6pWfKDszx&>*&0JUE!0+sZpubqeaEQ@>(u9crIXhvT9jtv9x!Y}l>X zq>Ov`(CD3|Mv;)u4sfb^vb(j_v`ivh^FTn0JU*(E^yNjzOtCQRZdGXf1y%~67%Mz`6$Xbw^3p9R0{)JP>4JqyNnP?DqspvEr>0v?$P;B~H z55{Xx+0%p^ByZ{b-tLCAl9~RR6&Wrhs4Pflrop=7qKtLS#u3;)=4CB0`M#FXlP*D> zYJwXj0-|&giSdOgotMW1RC1S?3HoiHZthEBeC*W|+3g~pForsy>^$e=*2~FDgK#tF z_$g^LL?IA7W4wLgPN42XMi=ri9~~ zA(2E{gNR)Xoxl*53NJ|mM*@y3cwTm(9)r<^FG#i<0sR492jrj#8w5Utb-zWEu?nml zJZAfGWRFaDnKDCZ>)^OK4_b$SEmW_He>J*u+4Y@M;oqVa#nEj=`Q4hKhxXHjuhF+G zSDUs|-76!OcAo3hTh!0*uozrmG^Wi6PTH5sE4&VJ#T<$Q;P@F#+(S{6;k8CcnnTG5 zibsF8(f^>??D2lIm@!aRA_&G;*kCHcqD+M6wF!{Ap~(T!qhZrSx(%^i*iRwLep{2L zL)lMTwtd)j&`mgksWR}bu4y|+)oMfLtat)$Vwh!cdxNLG*kxXS>?l`$e0roQ(;y=U zP~Y$CzP`Cn=w&*tnCVDnsA=qxjL^wdwWH(S?fL95o3+cTw5}yFONY2>C!X|x!N4U5 zNo*p6lC(LQG}lUAZ(RiwgQTwD?tyqFlCmL8B5gj3$|J?CeH+|(=?=pOKuX**3^mIk zAyuH1dr?uTr2u~c3P5lIe`b-8RfBs3-Y48Autt!f=HB5yW-hy8~%l01OEq7%l;94I~e!MKv#1x`n6e^XNGVS{VHxcqAlzQYc7S zP>SxHq!`_kfuypcBxhPe%WZwJD}p{kf~xof9Q&wVor_EC)(D@U8ZE;z#iWOVofT#^ zwu~)-vlS4pD&Ua#XKkFe8GkrzhXgNC;KhKhARHx%tQyLDDDlTcS_qQ6Ls$eHZpb^4 zh%m}QVEkV+MZlF#X8jC^J{u!{2(&3^3Fyh%N;Sj{@h^N2W&(I_faD;G`%j@luu^b^ z!nT7DCVyXr6p<)xf$U^U_|ttSf7r>P)tn>;O1g@7L-*y!;~vjq_>0CbMEJ?3_^99= zkw3oOHhIR)y0|J%f*p|i2+4z}0r-WAVLw<%D7^=+ zrq@(#esyBW=J;C;uTxX6M;2@Dii8QZ`s`IBG!2v_(8M&V_KGR$LH+#$6L&jaOu2u8XX|`Aw&~U+Y0Mtm;{DpY;$HA zeENq><6dz*i`pZS>>%>P2mPMNtO4u<@h8y3P|^U1Cjt&fo@XrKOmM>{(jmFSQ{hI! z0?k78T+NUZOgD|n^@?4V$iiAYQGnYK+e3B16c~JJX&q|K`Ygg=_U1?Vn)kMP2}EPZ z1nUi16D7{791vc=Qn;`fhQwbWKrop@pA<>!&!Z3+3CN;$ET*6^c5wU%i`(1;O=I$^ z%wGb?Ad+kWiw!x!m0Du`(zB|PZK@fr9 zh4%J#-|q%L&H)~x2yBDP(&(JV{Qu)N16znpYy9O#JBFN41ZHgp)|6 z4aGrld?{?#Qiw)E@(XhxMt{G<9d3XbnGIKDB49IPEG2K5x7`>MYGzJP=${8wLLot= z6LcrCTIKhixWEL0)ZD^dUnH-(x*NL*heMT%Gh8ySrL}Ir%KGd`E`P|{)W@45g3#s$ z8j;AN)~q($%@vZ@3Xu{g>Jf%S8G>p6jgc4-5+WbmoE{vrBQM!eRLB8W0y(iYXK2*X z0HP-ZNk1yW;0^%9L%r1?1q~Mj-FOJ}0}}X;&O8WR0gFJ5bbvgATbcV~{-+(f=SlR6 zrf|vzrK~C`v^{iNUeU>J>=6!GyWX6Jzc8QOhlp<-H7ka6&vI#Y%+JMa+;I;>)Zo5p zIAsXq@!FhEq6FBGKtfa6343O$p$h1Em5Zh3pgxkf1E!+2nG#>K@T-6iOjbF+>Dj0CNH9nn$h+HNk=sCPkqY zipfan@jtOLGA#gVgNbj>W1+e~4ho@Uau2DHL##-$hP2MYF#KESBjrCH!gQefq+$8u>Z=7uZdELQ*%OmHUcJ{v?gUn0&hL%0cB^u6R@Tcaj)&k^ZiMRl z-EnC#evx$F>X=6Am1A$0&7Ajps~`ETVAJ!{$a=|(7ujINrl9oE4g*Hyt6@+@Y*JG6 zS%r%lXdoxlh`Z1vi%TJ_SR0!w;q_l)ToWCB*1CTjCMxE;e+EXRzZKaDD*SDlPJLC)-_ss#o#yUHJg-8ZEi^W1=AP|{nVu?t`(ac* zBNvCJL&G!~XdPYnQh!j&W$pq1XASf2Yae}mw;REXM0B_pK{tB>qAOURtU)N!4sBNq zyTEYTunn}_Q=rlH63EtOo;I$^<_cg}w9vDLOd{L%`gjQR+bIG#w093hob zn3V-n+xly~Odtw`$!W3BwUSp#kli~7Z!_B*n_n95K#-lR3t^iARHV|2j0e~lhI(V@ z-+FHpPy3}!CwmBv$A5{>3&(Nfor(OQ?!9BTux7HMLe$C)xCt}b66%#eOZML_te*Y+ z{Gr|E7GKyqPa0{Jx5m49r`65W!DKBQ4o!uEyng~D*UNKsMn9q2oQdF!m2HFV)xsN)(`GPhiR)oKa&Ni6_7aJysddJRpA0 zJ{_+Su*An)3>i^L88#FO5IPSI3=rNm%Q2Bb>!Ob_W>QNu^u`YGK z)^jskNVxyQTon_ZMfrMuf}f(Dt*y0%#l;X-sdm_ZB`_S0uaR9*ZvUALv};bt?dRGn zuV*97xEIZ*L&KMbYyI_2OkhlqdXxnYM~vwWX4;&v>HhBN+C}J9YN=N&3fsNCf&NCS z`iYB7+^`8VwpMU-w4H;G?M`y<$JBG(qO7D2EN@2O&6ncyi^doglI`tbVA9eSLk+F!p@i?O-$S!u(@UMkPW5 z<~rYeZgFj@a0*^7?y*+#=1jcw=|%w<=?Buw25XQiIFUC!ATRY8A86zJk$3%E(IHVv z^Wrb-dw=HRS1K!#JRi}%a(w#%0a*y@UkwWwB(Z4MmQG2rU6)h2Te5ma+@zMYn#^|v z2C%>=YqaAbf4u_+vlKea{h2=ss~;q9DlWn>F?bH$Uf7gq&?TVZ1a+*< zbcw1>_v~~smiQvgM!(j8*D4Nc9jK(`e?XP~MxJbV=ICy1;Z|WvGljdA`?LkSo}zEy zyWPUp`Z)EN2jbe5{R}hlxJ;SNWCwoxmC`Is;yCPl=U2(>Fwv~os+EXV(RC3Ax2-+8Pl2Ai*giG(AA=0|RfovZl( z5e5vXJ4d?n%UV%U+28ypMf%m?Fo3Xl^_W6zO zhoY{?AfCM4!mXkOt4DE3_>-TkvBLR(IU=8NGKUY*%+T0b7+wUM zHn!^)APYQ=cTDoT3Px_1G=Gb$udv#>+n;d%jkt2<&2LsjaINmk?lU>z+DZ*4GjZ(j0aG4E}$q&c%Bclg%y83eC08{xZ7RDHfNPbiQ&T>%(>@y+m)V8>+B7vi|Fy&`f`{(r@P$uX1Ar^83&4JCtqT>~g3@ zQ6(wgPLwI|EMfloy0mU=Cd_|EV?IHP73g4D9@BFBC%*O+yMp-OBA~NG7~As!_)jos z&C2))T*Y8%kMzQsy-wdgiB&^knKD<94Z?NT$&Ba-_DAs!&_a*qR?f{8LAN?sn+S^@ ze78;a;~#7C^H2Nuf0FfI?U}oI|822P&Z>7C<6h(?CPcHHZMr?A-(N3VsvYhw=<9Q; zV#i=IVBjX$=C6BB@-=G0y!7A^>@3PS@NVxIVX~NNR@#}p!mJ^S$icq2Ef19jWDX-T za{|wjh$3t}8&%SV%(lfFvn>_ke3h$pN-D{YLi-|4$0ZHXtTTeA9`Y5;uWYL4iu_Qp zr*!oEKErHfg%+_Rob_UgtzF+bX8n_73N$g1?LwUc1Bsx0RtnCdx>^bVoJq&Pk*nY# zpy*z{0HuzrXnyYx2Wn}2h_ZM-Ezx35#0a##Hip?YQ#{GbUM7WAa{-n81sxqk2uPuy z2i=cv-%ydSp(s802P*N`!hQXIROjdSKmRhmZ?%=r^36n*&kkKUA+J8P)8@~1dt?g* z2ak77cj^D|tT11eQ!Q}<#6Ho$WQahtF_AE;lm24IGQ1D})51m=ZyIHR90J$`N0|1G z<_L;1*(vAu(OVx+!yPibyd4bi?DZHO zhp;=_3B9+n)ho6}3KTg-IBI?K*mPkOH4Hope(xRQp^GVS17RL%eqo^vOxuMaSQv~7 zn~aQ1;U0$56EL*26LgR=Aa=)sh_)%?H#Z~re9W{kupMIW4|JZh)E;EgU^hU2d5~&& zjH~V4L5;@d!g~Ra4QBQ>6e+{)GRyp1R6-Se@Sn$XCAgW^*u9PF-ClQy>+BbpwQHNZ zT&J0ys86PuIajVu663WJ$KeeLuY=0rHottC3jmX3t3|%WeKWAJ@~KAAu(sdtx;ki@%`%07cA!4vIQ(XN zf{d53RZF}^82dss+;isZ;N2AuB#1dE!1fdO+N=V2DGQ1blV)?0;NaU}oFbe?v{Qvt zmJ?7U@ynx*QXKx}2UPCt8E!I9X({r2`JSA-rhTi#~2fkLWP zYhovqm(cQ^R6H*1Q2~?W;M42FL}l>c5NO6b{3GrcEklsTua6;#cGk8$7LI;AIoZ3F z@gpOciAUU8|6^>33UxrRT@Pf-{YKMiUz3!^EC@QFC?qcIJkAUuJU%{e3 zFQdJFqyU={IG0(_cqlu*%MrgL-A_g-@GMWjc_@h@^97y^1R!DWJvi33zFq|Yz2jv2 zNpSX9TU%9A#uhw$PAb~x?23+S3s|EU_HroYnIvQ#s)HQ>f_P{23kxEO8G=fOc$^e`18+L8 zX@UC~nw=Mpi;Un^$H~S7;xfC!wP}>jnYJ&~v9UmQCd&M+?_A@&;X6jiy;Z0)TEPN% z)~K;bf=l=f=oKh4e$2p6{QUMYil)QZLra}|FV*1j_?b^|Xn%Q#7KomJ;Nh3YeTHPI zYiFqw!EP|yNw?)0k@coV8tfxVZ0@r0J++8|^)7)U4)-|&%QGGier5l*)@{A;@}b#T zVFQW0>i{V-arGCBP7tIjGYJJTH+3L`Z8~DHTl>AT4^7Shyp;AFL5MRaOyhJ~Nkv|) zb-`q4QkQqf%%w{b>aMVLV7O|RK4fPV6=DezcU2kqjXQdZtzeXku~Dx6ZR~b@#|YtwkP14};2gja6!B$+XywX8i*HWcP%GRZ zcbWQB2<>Baq(u45uF}fAWH`mT}FVg#+wX>D$8C|DwJa;ms#HJUHTbVT)nx# zbXr#8-@~5xe>b=tZ@9#6s-mvypB25}ZWwZ+=?4Ub*@pqe32*stk zBnvq|*KW|KgW<~-dK@;>3uil=E_IjqE$3^{(5=nN5q7h(qn?|gXY-4(;o6ESMpj?U zW8LD2!L}>%cFrb^GjZ^_gjBLf7GXf#L>B=@bf;wAKQrrDnkSVKRv0KdMw-j zLTMLItAmAJW-8Y|ZiD^Te_zRvJfF1PGr=8r$bdyF6B&5=3&{9vum*S9O767e;CSGT z>djLrp~cr)xFq|Xr8bK_ZAGbEOWUJ|Cv2kURl{zb&&VBHEAB+(aoU&S>Xo$NWde8L zLK7WqEA65zdKR3`0zZrDz>jD|#Q5SmqLwAbt1^tG3-#%YK3F?--l?6DDS_F7K{1qw)*HjbL-pNlKE565m8bWo?gTkX%Q2Us*b^s68~;>|3?&7x1L;H?889v zwx#r}*}JctDelqVf9aB2uh_VGK1PF{V3{AOpYoaV`Q59>&~a{+ zs?jIA^zf{LDI<^K0jHNn5I^v%_llJlh9v6$ZINHy{+B=W-%Fhg>m9#$n;tWrv^GF{ z7|f#b>@l=(GB(qA*~ub4y1Y)h%6*r*h3>a?MxzhUSgXH?U{roEqbD&RP*&fDAT72fSMohYpT@5A2kU&m$7n`7nh0#3sGoBj4e z%-VG%b!_G-^r61QYhf@D!dU3xa5!wTQ1IFD#CEnyV zN6ivZHfQfB$#*E?BDN@3|x8*_9|s{spSKOA;4cQKLT9 zC4UFiu3it*_F}oiqQ=?CX9tV09h17%$~`+#D5alxt~&7S*EDp35QMn%0kw^!&9uYR z`M>>NqNo31=6*bj_w(5yihRlkd07M=P#%LpV%e@)Yg#OMTJ#e)a4 z_Cv}){P$1{ z*_Nu_h`8`N+BPBEQ=CjFTYax2Rr0j zp0pZ`k1W<{(NQxPHRvfhUyv7f>Q2vbQrM{^=~m3esl|pYue6Q3w>A=&YScI%jqak7 z4l&UZS8Q>Y+mk3#s!wuen$9jCZ|N&;ti72=eD%9fA45%{n)JOgU%ao=WB14DD_2Um zT-TV%Or|RfPFCarL62FLzxkCPSFcJT%>TL)uTlh$21*=_?V}A#tWHpnD43ofTOL0p z@yhgCte3Kb)a-o8S*PTOq32Ir^rokAW#V8d@ktK~6TNXds8VIBS;))n!0IeEO|@g2 z(z(KM6Nx#wBbmF(ZdCJ=jWw7Fg_h)ajn-<@@~aeyqV>in&8W_ zH|Z*EhIam!%O9j?nYOE3UJw!z-;D2aZNguhl->QNa(Yix;=VB3nq}%JFk=6F42cT* zyuLq}1(xGKkD)8`zx%d`LH;AziorzUaIphy7em3O!`Ej~PmYQGRI0~oSWCKad{+P{ zD&n)q@4qWE)s(fudVg@=?~bB3Gi~N$I$euL`xx##C*wITyy-kw!nW*U@WW#7BF)4HZw%cN6fDJvk6Q~@3+aHlhoCq4@-w^ z_{`o?09t^?Swrw5*^yObNIk76o#6`Tm|9d-mLg%s`U>Z+4vDVvO!=U1`kd^~%$Hc( z780^_Hx6~v4?ERFlV^%U2!!i{GL|ME28~%Q4~)l>yU$I#c~d9uaeofp1p$z*qmjA` zt-t~3u36J1D|yY*c%gg-!aK>LbhQiLY+@&KSX8lh zYPXk|TXjFJzAe;dV>ai7{%mfttP-YPli<`FCpJ#H8sXx@OEoQw97u#Z9o3>Td|sZ7 zzDLrnH=Mo2W#qnhm%Y#K4x-bZ!4IYzH(n{4cCslRh&T4CY`(@?rzn*Fx-S~9sAhB2ELQrBj^1eW z*`cFC24!oD731U8OV<5`HTe#A@OJ%OQoT+apBB3NDw75(D%l2lGx@zLYkJq@_n8rK z;yYtEmooVWo+j%F#p0c`X0|*{{$@v~?9ngdH8`^VxpPgzv&TAaLq_%VrR0U@*Fd&Z zsi8N?c2<`Ks+T(DtCkF6>!UY zuP-4bGf3C=%`U0B)sAM}V|qlzcz=hK3BbZgpX;~Vf#30q_coUF zl8%%)OcC@20w+bB_CK4C%H$CnRReOYCXY<$K-nvAN!DlclES8&HQj@ctbETscE!_s zZVW{q8SEu5`wXv>%5g*Oa z($~-M)iUlhJ(S_Z!^6#=-`>uBDzClWI$p-ZP(v(I<&|&JOX?H8@3?jciKl3s6Cu9! zc73jKjyB?gg5nK&e+3OjE+I`$0i{&g{;?vwTENyct{bdJ8GQ+k!5lYhMNB_RlUiy* zbZ+b&T6LQJY9X7vkkb8)`uR4cE6tmM`c97uWqN()NL$|al`6e-sryda(%U=b=;h%& z*d;=}N!lXP>$5=`U$O9o9r*`V>NE9)xMa(|ZD$)hO&j0&D_j!LU_W?4z?6`BRWAPh z%3*~?vs!hzj?hWRLylosa<}wpm;26%#Y4*NHULdw(d#FtK6mU=Ls9 zsiL(qf#}=@aq~)^(FVh^_vZ5@p2m9bdo&C9l8h^Ht5vFMwa@(wjUzI&j?pMm>OUH#7VrZ26l$`u8o$S8J7H{LLOwH*%=q0R> zxhq&i?%*+&hl>`BjTb`=8S9Va+;MVHAt%Qy1#dMOEODzmR3$m>zntNu_07Pbuq!vS zre8k`cZY{JH}x5hQf?8>uDk$W$i;ieS4%^G^kPQUGoA(|45<0{;bh-JPNQZfJ1;zgHooTDWOGd?eOiJtE+u%4vQ%t z04{>B4NnswIs=QN`}5~ifICY{O48XCp+0$U*xe*brd$Xi5h6zAtpm}SIq+tHkJwUE zQXQUv>#kLb%}ZU&R?gxHlXsv`sdHvIlD)p9RQ{txLNH|7LV^AKR-5j0ir1XJtp@XMy_FND`v6oFgCt#*Dh3b-pTbs+ct5MJ=QGIPcov6*1JV1H!n{< zea}?HVb$<<>!&(QV>(#dsb>>o_}iw!O+5PqbLI50=kkS`cvS9Wl`L%OP@|5QKk-)O zsUyEgtlIfg3+GQcQ#W&ZkBO(Osl0IHoJ%3V_ugaS>JACA{U5Ur?jSx?NO+%pv@;~g zC#JP?n+1t#4+y_V`=Oq$ zcc)(EP%=+dWjWlRp!G3M_sPOk-31L6#)Jj>r7?Qv@k5T|hZY#%dy6pqoAj(>#LF7m zG=i~f8!w6?PC4{QhO5-!IH-HRC*r=#im=pMnqgKi6ui&C-D6@;2-a5dE9y!2^bA#z z&$$(I#p1M;(LsJ4uL5zdm%G9}E9JEq)Em+~U#huiTZK8qZ|X_2+hI15PQ2Ys!8CSHyEAtEi+Q zKnbhE-FRixH+QC3)xtD#Ol>AE-Ra7_l8Y@SLgkFpV#z>`PjUv=-blx-Cl#|j&uP{i z<(cfrC+zBcwAD9MgMLRqnz|x$cHBcHaSax}{%vZPOdX{1OeAi2o$h?eTedon|C+k~ zAeIS~_S0JTb8Te2uzWR8S}NRM?WPM1-)_M9QT+kxV*UL_)8D=U8vk`q)af``?1!2^ z%x)|_1!?Sr9hZ{;SO(f9!p&8ar1Mev1O!tM5$Gq6;5Wa=4Ax64p)xvONXI;$EL=PD zw4iUp0}55ZMgZ(slv%ZW3)Ck7u?4u5V5YkHvA{&tU3LNb+Z>Mo+cSPgA<2GHG&qv| z(b@(c0MVuXX!d%ch~91;=EgTOzo-S>XJ}1Q8x48;16^=0|9f`$O7}C3+Z^>(il=J1 z`NvyDV4ZorTMF?(G^$Ae41I5w%9p$EjHde->!C6vdV~LH=Al17(uOX{1>sAl&dAIz z@p(S+=TECv5>{DwR5OjeCeM;>D3;Zrh#4hP?dCm%VG+>K*0fESYv`On=71!zMi~)L`JRVVpV&hn=m zsS}j8HlIuZXU0$4@o1~l0}gfZ@7{#hLbBpm82IzPBV-@EJ(tjK>NL?O$H`tNd{u@V z&-5p@y6a9q#h%Yni(k6dHVu09bT!UwJH6Y5$uaKJ!{eqVUL`(ysa&yLe8t}Fb>ClZ zp=~!_COOrA-Mj_hjy;uEKi!LA(%z5KLsw#A)G||&2$yRuH*AzyvY8(Wm~tId(A?kf z@VPQ$r(C;f-m!p;?6hO5=BY1e!-FLR5^Pzx`V(~97QNeVgNixkV}kC-T!S_P^|ozl zG>U3+%#9ZoMdUnR#k6;&w7cMVSQ>+AaPQm}Ee>+sntyH>+8F73Gp5nvpdK4nf*SG3 z$05DuC?hgDaZXUXI*_VM6TV%4r7)p@0h8lB4+r&-5XOhYV*1FJ!!WEDA=N*m!E8Ck5-Y!;}j zzI;nTBUzO>JNhAU@%&;~_O8GJ1Lo}k$AOjsPBBb%<7xUqo&aKB;(!T_n!joCvq^tC zc`bik8a4hP7bemE(}X1Mx(R=o-vFbodmyuU3jD`#Yf^oYGSq8W?rFmjJ6VygB|E3kST##<(VF6Fw|sk=zbEhIKX z@}jd0b5u)`{LOS%L`qscZYBv5TZ0zrk_bZm42%hxlYlYP?VyI5HB@S$(mfs{JJ~bO zv+=zT`nCb+M=Z64NrL{>tM_1z24Rv*F$^n9%F)V#q%pHGkS=N|WU(%Aqk?X;eL3a8 zQ1JMF8%cndGe54iYIgPq6f_8z_-mFt8@VD!KnVS8WRu_3_zu}gA89L6-38BQfA+93 zu+Sf$=3l-2o9fn@rj;=o2^p@dYsp*0`=}j?J`K%3)wz06sz%ZDUJ4sjR0pl8G+HU!1!x1s0=Nnmnc0J zzv&v^9qpn=WAtA7=u&DjZSfzq;-ZynrE;eQr7 zSnUH;OqD^Z!)Cd!;He^SNJ!CwedB||RU}KCwgS|#xtErahqm8ni*+V*WzsF;w zXOsFG+c>*0$yLRnV3&%sYNo0}#2Z<;2(Afsr}qvs5viLG-c(%NzOmi6x?*ifwVXD< z_Q63F#)fSwA4}+BzBx`co(X%y@kBh}kaOjtM?%2^RTGX$o<9!6h(_%SQvTTSZ8Kk2 zh4)I&@!ZH zkH^tsRQzy$5;z43Cv_)rYhxL^2N_cqc`PrCOwNVHPCxyyc`n2(17z$!&h|ANWZ{}7 zImforD+U;5B=cAV7-qgF?nh=}PYz$ET)VaJ<;Kov!sdlBr}%9u$p9%)VT~BJY3{!) zcePtej{PloUGvYuh8>|(>~}Qyj=sYwCl~D!b;6NT9=yuK%2d@1L?n9i%N_0N${jDd z)3Aqa%@8ZeEtD7$YaUrtMeB9?N-nO*X~^*;rUi#f2fxgld))3pCU0(oaLDtrUBP8M zyK}3uBgQcsFWMXQyPKNwZ^;sN*~V@zh!)hQO5BE%&J&=_a+qZY;n>6(p@1}TbMfG~ zwh0bV*R`jwxB{lSCq+^^HjL9NJkyO2@J@CVvehY=s@DWLCp-4Dkr(nsUMeoUWix|u zduFfMNHBV%^)jVyj!2g`LKWUQFvb|^r z)Hv@+CN3G3#>uE6j<0F^^gM4dU!0#Ri1A{t5VS4yr0*JBi*;BB)ok$0K=y@FB~+cW zOg~IJv_LJQuv-hh!q`bI7w5Yr5?X}PducF9Qf|&BSDheu@Zi1w3o!92WvDf4uI~D} zU5{m*`}ZHd8?X0wNO*`B>(9L^mkZC{=NCD8{q_Os3@e#5vZ*@wuPwA2L;ll4H_jbo zo%T}h*whGh`1aA$PPB(Mw!E*g?WPUQmAm3BP?do4ByeJmm@Vx))=W2Vzn{(6H1PXs zlhafAgFN{h4^v81^{~S4d8U=~MCvkhmUc_^axdH~Z|hBN>&kAo)xm}tM5>6y*^EhX z*6U|AC`IP-=Q|Ky(M-kXMJnm~t3`LI@NbxzZ}650{ch)-L!DB~K`*{nn?~~~2gzb> zl}K7QQ$84PRHMA%LVdz%L^dl-)@uBGLegVLY)YDL%b%51`)#nN+j~5-wfbeNxwPra z@VvrFA8Ka0#yQ`A{_@mlW(~P^nVNk|i`i^13^;|cuw1tCm?zcXLpo`;tVEsLLYRJi?rP$*B)TU{-TCGT@wr5Mi*e%Cb35rTux#(g zzZrOtx=IL8P0}6zbS0p*I=!XmN`PvD)|v9;XA=Aeoru>zu8O}juH((FjhfQ&=ab%N zTHtedV`F#Pnn3o9pvvs0CWB?)J1mU18pVeyc&5&18FUVRY*F$|D%&NI;FnlA<{;kp zwNtbL7Xbmfp9Bw09M9dZ$Xk*+_|>bU-~4c|GjSghagKbt=8J>bGG7VHk{dTO@daZq zUp?1`MC0blG|aYI9Dj83WKlrwd5%_d!t<}@>~U6iFnWbAZgHk48#=wX(s>m@;R9>3t4C9KIabjH>J}dEvQNuA5k%%e|Y` zps#08NQlFD6r1QT*BOj!V|2PYHGKW-gjVC3(@)2q ztB|X(wsx_G8&5@PJFXmWZhb2*%rMn-J=Ni{(W%ppj@AWf6~=kC2eJ>I^U7Tv$YYNK$+Kt4h-;3F0q9*&xU4YsuM5V^L5dr)SP90U`=R0t_;wh(4oz6- zKL90zLSRYWfS*95fw+Y8?t|Y?c-cnF*b2Fwwt%W_Fz>3|rw!R}CM7C6AIL(*Tt3A^ z#)@>WP-cwevYZ1lWw-ORvQ#I5Lkqn2cA(BW!Z17RH4=0NfECIdFW7SHm*ZY_Z_}N} zi;qGo2V(TU6X~bneWIP7f3N?pS5Jt z?44N_27&^+VkY(N@@71(YGMzDNVvb9vv0kIWzMh%xYXJ49KHlweQP&EtjAU22h{>M zg9_H04Eh7SC1?4BMdR(w$G|SjIga2J6M}&-EZ|pM&0J9 zKy{`^q4YjSY&B=;R?gJ-+1>j}h1e$FgA;2WqSRNIv2d1+fa#Oly=^WWAa_X1<*rA{x$8v9?mUiTV zoSpH9PuPoltPUkrq_?c*DxI!MZD~Jr@$r@2AtfiFH(8ZShQ6E$B zvcUSq35g>OV^|g(v3EkeN#7TkQ)59S%;#x3;Jr>t3^}RDQv6v)Uza<}sc4qtt=; zH=FSt)46|$H$1ppvCG_osE!pm#5wSFtt2Lao$cGF4tgh>tqHl6GSaQQK?Kb-#guBf zg8Y8%DT5r5GOg)vqfEhjGO*kR9d%b#+Sbg}bcvd|ZX0@w4n&gChMz&J+q(t4<>Tjt z;pE4gN@FbPnTX0y-NoX*nbIMQYGq@wkec7~$ zOQtb8Pf8Q#`$z8CZ&PC1<0m`mLE(V|^QsHD*N)H@RZZR`t-*ZX0%#_*zI*qs$+H_0 zJ3E#Mq)g`oI%bFIk!SeAeqm}OhKngU9Q`%`&or6qD(#0K47iN5Y<%IA`M|dRnvFsa zUY#FD>@If2tIo3(z4KQkK31?Sz?26epkYBG-`R;l0R!UyPxqCh_yKyD5mOZ#s~WPg zP0s#W(4Dqh#w2{J+b6l+`PKQcRUccs$RO7vD*|OiLa~N#)8MzAAmJ zQH+zYm+33b{KD^#0pd1E+ep|_mq7k4fqXX6&hwaNjq+;WN$!B-z%YWd!LGQpU3!Py z8J17}t{^;%vO$)nww6Z_;zPl$I~VKuFt$qv{uu27M4d$Tp8ZypOp z9eg5OpJ$ECzHr-a;`G{|-AATHNWHHV1zwVgG>x;=Ur40&IW2l$sNg~SLP#ADE%l;Q zNWb+qc4`=R59L~K-J2h7c+i#agxLdezFr!IyOq1c5+4k3`&Mi1c5@I&C{XUu*w4AU z(qntS%SA{Lkcq%2x5VrTINYjMo9+{A{$@#p;Uf*1W);UH zPd#1}V9AZ$OC%MA8b&o7jsXa~N3&&lwEnUj*THT1=YrE0@plEq|??j+;LUWx6+q#gNvnU*ACO*X%@ zW;p}4fB}0uC5@1E;8fFHq3*{WQwmDrDdM-2xpo6K0Ds#a$m!eHIemfXxYa2Yyerq< z3~YTt)*$Jt0gz-+NZ`&Evoj)!!m0EhpYEEJ_en+d-IHYdg^|K!RUd6|%Pxeq< zu8~~repNr>aQwU({SHk-&ZCVwsxF-mFONr-aYmLYM0WXQuujvvR>j#kXj@0 z>sw?%ZL6pq8*dO4E5e-@&|bfKX41o}YT98dx1}AaYBr$ELylgs&(}xfAfb=;1!2&f zcVX`Dottka6HT0V733U>NNKihQ9inyrlc{|0C=zz@l8Y_Hi3U0o{P2 zA{a<2Al--((%k|gB`qzz0TD$3=`QI;QgRR!5CnuFB!`9>x|{j0mwmqf+50=^yMFJ* z-WM?r!#mHjp0)0E-}mY(q`Rds(09Yk?3`W@kO;94M*gY-U(OP`PWDYF zn&;!W7*QouWy1ZO#PVy_n8mq)=t1Ic=8c05_q`K&bL1^H+j2tkeAs4NV#iGIIP+Qa_ei4Jd3nvJo(=~sW-A#beV{?Skh>PLagk`CuIH|bu+0H^ z0AK*H#M%QjRM0oKpow%r>%9X{>Pdb`N+^kuN(FqQ5iv0WYP{r$OPGtJdDosGm;-}c zaY&RooDDjB;<+y2nTqJ1z+MWodh%7T7F0Hf_6Kz8An!nATU0`BnV^qGA`V+LeQS}a z=W~c)K~2zBKy*q5LQM;Cd8`+pi2xCg12k1c@8m)ZU5Hm=6W1iVh82NJ|IysGLeU)Y09C|R~4!>mm-zp^C-xX(7h}e+isj+Dw14NqNK>9 zITzzbNJpnkGPHzyXy{sp;Uks_HPNRzEl!xOC?zK@uK$eeyEwG?W~OiJ2={fGOTWvH z$Ih-k&t0<%Zs$nus`)~k9OylL+JudJzjuMhBZw|Q&+q?l_#uDZ1Mzq{i5gvNy|q&3 zy}cDou;q!ggJ;JNx$sf_Q^$A~jkh-3&o@9aEE|iVwi0ga+Y{QaF9)(VnJ@HQn#Ot7 z=2|!Htq7ZFfBpWZ1A9duANFad*#Al-St5WBY3kum4-@#L)ydit6+y?eZF8}i;s-A^ z@xbd_*C&`pGCWu5^Ycw=vv-U7AKS>~_iJYf>)xoI@t5N2Pzl%yvldb;vz6b$=}g7S zt1RZ`P+DYNTWB#h=)WDx)H=->d*ikH(9hU9MG>TdP##dra+rEbYOjJdOu0`Lrf4iGO0~ZoR&RiMd3u&`1w<6&X+;uZb_WN5Nq}vDdq}wp;d$A*ko=D zt0|ocQ-5~IeQ9#d^xHQeB&a&)XERRi-*oPk5+@uF{B&47zH>VIu-czT(d-e3JUBT| zNTVeuao3)P6w8TWRmdEo)?X-@u`-tMHb~ z)v(n;-Bxt)K5Cl!4*T$_tFqh%geRbp5Jr=Hd758~ZxH?6PB5N-5RLT>lmmv_FpUc3 zRk2{jXFt*IwOlKoLl0jHHNUVR^H|VM zBB)BhM7Oupyl>rydjBE#@kM}rW-fI57SAuOgMNh0OPC9IT+ob%50JI}kH(bSYUmfD zHLk4WBii4XXu9bCLOzfNQv`(bEe_%R`tEI!p&sf7+gQhKl#Mt!KeFG4YKQ%l-RUXh@*#20vwD6U}P40{=F;;@JO_-SXkb|FB!i2q*;3d37DG zZF^nJ$p(!rG*}?pLF%%v_7@*g(+pc35{P;HIWw_-<2dTP@bU{)RbZV%edQBSbWa%` zzwtq@5waa{?F6i4%Qv#jGqovbBQT?G)>Oe8cWIMpCM;YoCAUk?j8i60+&N8O*Yu;- zLRxrPQ#e;sIDnDEnD&hq8GuBpB=qxn4Fp-6#|S^~KGn%tzBAY4t0!PVIyw_0jrZhC zI+6n|gy1X2W-DH#ct```G4_537R93RKy-oz|Xv^hLN%8(xSYixo5XhW#ip2h6U#6guk@QgEr~lL zi9e$dKAfb+hD?1k+Ua$9GTOUZaZkTwZ~qkYJ*f5m-EEpRZHkMq+i)<6#phHkeaTIa z{oZiOgF3C&N+$lAxr}nJdI(cowq!P(`rjMxOkEFBna|C-W|4DkA^X}wmXx1E=DJ~~ z8Jh|xRi>1Ltx>JD)(?tkEOq@q_xyF`@?TnajgsYp8Cx2QLO=VjJQRy*Q45#3NdMvX zX`5X7MS2_!VQAnd9>pjchdO%-hO>{N>$)um`q=l>y$qTopUEc1l{$dWh-&t#j8Q^X z3uFT6Mf57<6&9K;mwn@k*+eqG^r;JQ7bI~PuwfbA|6!z`%6K-tAYh^?(!;|&H~oCS zRu+9;S8g{=UYJpMSG7`1I8+!Dl3AUp-7lZMFkwMAI%Y2n%cR&OGZt)aeJ98heiq}g zgQd2lvZMSm-5RS~mOnUsT;%3yaS^(1H{sss@1is9_6{x&OzTtcY*Yoi3_p>iWR!g5 z5UNl^qf~yKG4RCcyb$+Y6AhuDFylU$o_nYLuYjO!j+hc4s(!Gu*&X#ES>N)+Z@J(P zwm{BBBWXi92M8Y0Isgw&E=$bb$QIyuoQT8}1X@R#x?G(kP|^}2xd3)*WfQf+UIst}6)ZnYDMF=(t4kG5x&YBY|QG65UDGcC*FF?$05VH(mmfG*E8X?j+ z5C(Sw69{%6qDcZU5>Zmas|F2OZ0`jgp}#Q(Uajo!s2pkl&WcbdotO|4TQuJF-!f@#&N3nSGbyO0 zjtIU-iWtd|%)YrS%#tvvmP8asVWM8X+rpHm{fy_UzFysq63-8P`TfRA4J(&m!QnoR zBMtvMcT&3e7L3$LoCt?Cje~)Z3j~sB@&WZr6l1zv``iDO}I8Um=f+jKp8Vd4E z=HP&%yyPmo74UL)C#I1i<@BqUMHiG&6<)sW-zuebLP~K0Fafg0{cpr(YvS9P>wYb{wr{TEK!zkeYs^*r5L%K=PVo9O@re1Z|~ zHDG1(2?Cu6W&%#&@=GXu?T9Dd9eJr>92jIj*L#1s!cGG5d4iY&c?g&*ZQWS$w?hb5yTT|ai}5%h7sVvhRJ1pHW<{>;WHIrfCL#1aBtihC~bi5gqZYfz#IZI z2L}fi*Ndl)tdrmlAl6ApG#cS{UHmump*CUDW~CofRoe7z#keVR^a~#ZpXH5z%BcP< zNOk{%8!11gb~c{v`LWY6fHIAnC^SKa78)a}s*EIyB zeIaDN=emp$BYhsMD(BN}1`vsJ`L7h(C%a>E$#hk|z2a%K6{^oZ>>|`d`WNZp=8q0? z?V8y7NcIRg=)R4=G?OQF`gt;q1lPB6a$(Cw5SqDnCD|5cOg*U=Sb@crUQVr|zRl+= z&TnejyS95~V1Lc+S(YbwGN5O+XLx6b_xX7$-MW(=c*#&O&C?K8+Chg?)pn(Fx8U%J zT>)OBW)77xQd-{Qz9V}#5|uGo-|F9?t5otzPSH~&9i8Jt93Na9lB3mD=A8z?eJX(q zUtxkekKd6cW18P2Z;w}VoA&0DW?|sP7xB&LWi_OAJXPXB(VtF!8Vp24UTwb%ppO<| zC5jU8;1_R-)N29(O^^Uec73pYf|7pWbaoZZb4f+j7DLjC9}12FN~(rMs%d;Od{*_T zuDEpB9m5!RBLgzgtE{)`9V#I@ll7G*YIA5es;UCAkC+i4o@-zaZ&|aqShbrX zynE*WY$IzC>mul8z5oYUhZwTTF;lThvBy&rZ`6+2iRNxD)2loKidD3q4MisXO9KnZ^RVi zFCPW4?^)+ztA&7sKpBuSL0}VfS$~4`SCBts6y{EWQ49nIRaH3TAA2+>Px3&>)w$l70NXX9d$mDJ=xu`@Ti>I&b=rE*C>@ecs(m& zK74>G>{<|$5wyU8_YEx7qTY@>d4;n+1Cs1}JMMOETqs+{^EtQ6TiA01^1_V6q05p~ zC}o$?(u0;|V`R)wT;ym00)JL+Ty9Q=Da8vuos&Hs`dNYl7j9kl({+v6j_D;i