From 3dec80863e4916d47ae6c2a0870d9972d6b9ed09 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 25 Jan 2018 15:59:00 -0800 Subject: [PATCH 001/109] fixed link --- .../threat-protection/windows-defender-application-control.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/threat-protection/windows-defender-application-control.md b/windows/threat-protection/windows-defender-application-control.md index b1f131a960..74adeafb06 100644 --- a/windows/threat-protection/windows-defender-application-control.md +++ b/windows/threat-protection/windows-defender-application-control.md @@ -44,6 +44,6 @@ Group Policy can also be used to distribute Group Policy Objects that contain WD Prior to Windows 10, version 1709, Windows Defender Application Control was known as Windows Defender Device Guard configurable code integrity policies. Beginning with Windows 10, version 1703, you can use WDAC not only to control applications, but also to control whether specific plug-ins, add-ins, and modules can run from specific apps (such as a line-of-business application or a browser). -For more information, see [Steps to deploy Windows Defender Application Control](https://docs.microsoft.com/windows/device-security/device-guard/deploy-code-integrity-policies-steps). +For more information, see [Use a Windows Defender Application Control policy to control specific plug-ins, add-ins, and modules](https://docs.microsoft.com/windows/device-security/device-guard/steps-to-deploy-windows-defender-application-control#use-a-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules). From 63981c1473d57ccaecd38441d55eaf071d162b9e Mon Sep 17 00:00:00 2001 From: Nicholas Brower Date: Fri, 26 Jan 2018 15:03:10 +0000 Subject: [PATCH 002/109] Merged PR 5500: Merge nibr-SyntaxRemoval to master removing useless syntax to simplify automation --- .../mdm/policy-csp-abovelock.md | 10 +- .../mdm/policy-csp-accounts.md | 16 +- .../mdm/policy-csp-applicationdefaults.md | 12 +- .../mdm/policy-csp-applicationmanagement.md | 50 ++-- .../mdm/policy-csp-authentication.md | 18 +- .../mdm/policy-csp-bitlocker.md | 4 +- .../mdm/policy-csp-bluetooth.md | 24 +- .../mdm/policy-csp-browser.md | 174 ++++++------- .../mdm/policy-csp-camera.md | 4 +- .../mdm/policy-csp-connectivity.md | 36 +-- .../mdm/policy-csp-cryptography.md | 6 +- .../mdm/policy-csp-dataprotection.md | 6 +- .../mdm/policy-csp-defender.md | 170 ++++++------- .../mdm/policy-csp-deliveryoptimization.md | 56 ++--- .../mdm/policy-csp-deviceguard.md | 6 +- .../mdm/policy-csp-devicelock.md | 94 +++---- .../mdm/policy-csp-display.md | 24 +- .../mdm/policy-csp-enterprisecloudprint.md | 36 +-- .../mdm/policy-csp-experience.md | 74 +++--- .../mdm/policy-csp-exploitguard.md | 6 +- .../client-management/mdm/policy-csp-games.md | 2 +- .../mdm/policy-csp-handwriting.md | 8 +- .../mdm/policy-csp-licensing.md | 4 +- .../mdm/policy-csp-location.md | 6 +- .../mdm/policy-csp-lockdown.md | 4 +- .../client-management/mdm/policy-csp-maps.md | 8 +- .../mdm/policy-csp-messaging.md | 12 +- .../mdm/policy-csp-networkisolation.md | 18 +- .../mdm/policy-csp-notifications.md | 6 +- .../client-management/mdm/policy-csp-power.md | 48 ++-- .../mdm/policy-csp-privacy.md | 224 ++++++++--------- .../mdm/policy-csp-search.md | 62 ++--- .../mdm/policy-csp-security.md | 38 +-- .../mdm/policy-csp-settings.md | 48 ++-- .../mdm/policy-csp-smartscreen.md | 6 +- .../mdm/policy-csp-speech.md | 2 +- .../client-management/mdm/policy-csp-start.md | 102 ++++---- .../mdm/policy-csp-storage.md | 6 +- .../mdm/policy-csp-system.md | 70 +++--- .../mdm/policy-csp-textinput.md | 54 ++-- .../mdm/policy-csp-timelanguagesettings.md | 2 +- .../mdm/policy-csp-update.md | 232 +++++++++--------- .../client-management/mdm/policy-csp-wifi.md | 28 +-- ...olicy-csp-windowsdefendersecuritycenter.md | 56 ++--- .../mdm/policy-csp-windowsinkworkspace.md | 6 +- .../mdm/policy-csp-windowslogon.md | 4 +- .../mdm/policy-csp-wirelessdisplay.md | 24 +- 47 files changed, 954 insertions(+), 952 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-abovelock.md b/windows/client-management/mdm/policy-csp-abovelock.md index 6b710cf5c8..1c59efda74 100644 --- a/windows/client-management/mdm/policy-csp-abovelock.md +++ b/windows/client-management/mdm/policy-csp-abovelock.md @@ -70,9 +70,9 @@ ms.date: 12/14/2017 > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. -

Specifies whether to allow Action Center notifications above the device lock screen. +Specifies whether to allow Action Center notifications above the device lock screen. -

Most restricted value is 0. +Most restricted value is 0. @@ -120,7 +120,7 @@ The following list shows the supported values: -

Added in Windows 10, version 1607. Specifies whether or not the user can interact with Cortana using speech while the system is locked. If you enable or don’t configure this setting, the user can interact with Cortana using speech while the system is locked. If you disable this setting, the system will need to be unlocked for the user to interact with Cortana using speech. +Added in Windows 10, version 1607. Specifies whether or not the user can interact with Cortana using speech while the system is locked. If you enable or don’t configure this setting, the user can interact with Cortana using speech while the system is locked. If you disable this setting, the system will need to be unlocked for the user to interact with Cortana using speech. @@ -168,9 +168,9 @@ The following list shows the supported values: -

Specifies whether to allow toast notifications above the device lock screen. +Specifies whether to allow toast notifications above the device lock screen. -

Most restricted value is 0. +Most restricted value is 0. diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md index b64e96d236..9098a9f6be 100644 --- a/windows/client-management/mdm/policy-csp-accounts.md +++ b/windows/client-management/mdm/policy-csp-accounts.md @@ -70,9 +70,9 @@ ms.date: 12/14/2017 -

Specifies whether user is allowed to add non-MSA email accounts. +Specifies whether user is allowed to add non-MSA email accounts. -

Most restricted value is 0. +Most restricted value is 0. > [!NOTE] > This policy will only block UI/UX-based methods for adding non-Microsoft accounts. Even if this policy is enforced, you can still provision non-MSA accounts using the [EMAIL2 CSP](email2-csp.md). @@ -123,9 +123,9 @@ The following list shows the supported values: -

Specifies whether the user is allowed to use an MSA account for non-email related connection authentication and services. +Specifies whether the user is allowed to use an MSA account for non-email related connection authentication and services. -

Most restricted value is 0. +Most restricted value is 0. @@ -173,7 +173,7 @@ The following list shows the supported values: -

Added in Windows 10, version 1703. Allows IT Admins the ability to disable the "Microsoft Account Sign-In Assistant" (wlidsvc) NT service. +Added in Windows 10, version 1703. Allows IT Admins the ability to disable the "Microsoft Account Sign-In Assistant" (wlidsvc) NT service. @@ -221,11 +221,11 @@ The following list shows the supported values: -

Specifies a list of the domains that are allowed to sync email on the device. +Specifies a list of the domains that are allowed to sync email on the device. -

The data type is a string. +The data type is a string. -

The default value is an empty string, which allows all email accounts on the device to sync email. Otherwise, the string should contain a pipe-separated list of domains that are allowed to sync email on the device. For example, "contoso.com|fabrikam.net|woodgrove.gov". +The default value is an empty string, which allows all email accounts on the device to sync email. Otherwise, the string should contain a pipe-separated list of domains that are allowed to sync email on the device. For example, "contoso.com|fabrikam.net|woodgrove.gov". diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md index 05657e6bd9..440136eec9 100644 --- a/windows/client-management/mdm/policy-csp-applicationdefaults.md +++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md @@ -61,11 +61,11 @@ ms.date: 12/04/2017 -

Added in Windows 10, version 1703. This policy allows an administrator to set default file type and protocol associations. When set, default associations will be applied on sign-in to the PC. The association file can be created using the DISM tool (dism /online /export-defaultappassociations:appassoc.xml), and then needs to be base64 encoded before being added to SyncML. +Added in Windows 10, version 1703. This policy allows an administrator to set default file type and protocol associations. When set, default associations will be applied on sign-in to the PC. The association file can be created using the DISM tool (dism /online /export-defaultappassociations:appassoc.xml), and then needs to be base64 encoded before being added to SyncML. -

If policy is enabled and the client machine is Azure Active Directory joined, the associations assigned in SyncML will be processed and default associations will be applied. +If policy is enabled and the client machine is Azure Active Directory joined, the associations assigned in SyncML will be processed and default associations will be applied. -

To create create the SyncML, follow these steps: +To create create the SyncML, follow these steps:

  1. Install a few apps and change your defaults.
  2. From an elevated prompt, run "dism /online /export-defaultappassociations:appassoc.xml"
  3. @@ -73,7 +73,7 @@ ms.date: 12/04/2017
  4. Paste the base64 encoded XML into the SyncML
-

Here is an example output from the dism default association export command: +Here is an example output from the dism default association export command: ``` syntax @@ -86,13 +86,13 @@ ms.date: 12/04/2017 Here is the base64 encoded result: +Here is the base64 encoded result: ``` syntax PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjxEZWZhdWx0QXNzb2NpYXRpb25zPg0KICA8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0iLmh0bSIgUHJvZ0lkPSJBcHBYNGh4dGFkNzdmYmszamtrZWVya3JtMHplOTR3amYzczkiIEFwcGxpY2F0aW9uTmFtZT0iTWljcm9zb2Z0IEVkZ2UiIC8+DQogIDxBc3NvY2lhdGlvbiBJZGVudGlmaWVyPSIuaHRtbCIgUHJvZ0lkPSJBcHBYNGh4dGFkNzdmYmszamtrZWVya3JtMHplOTR3amYzczkiIEFwcGxpY2F0aW9uTmFtZT0iTWljcm9zb2Z0IEVkZ2UiIC8+DQogIDxBc3NvY2lhdGlvbiBJZGVudGlmaWVyPSIucGRmIiBQcm9nSWQ9IkFwcFhkNG5yejhmZjY4c3JuaGY5dDVhOHNianlhcjFjcjcyMyIgQXBwbGljYXRpb25OYW1lPSJNaWNyb3NvZnQgRWRnZSIgLz4NCiAgPEFzc29jaWF0aW9uIElkZW50aWZpZXI9Imh0dHAiIFByb2dJZD0iQXBwWHEwZmV2em1lMnB5czYybjNlMGZicWE3cGVhcHlrcjh2IiBBcHBsaWNhdGlvbk5hbWU9Ik1pY3Jvc29mdCBFZGdlIiAvPg0KICA8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0iaHR0cHMiIFByb2dJZD0iQXBwWDkwbnY2bmhheTVuNmE5OGZuZXR2N3RwazY0cHAzNWVzIiBBcHBsaWNhdGlvbk5hbWU9Ik1pY3Jvc29mdCBFZGdlIiAvPg0KPC9EZWZhdWx0QXNzb2NpYXRpb25zPg0KDQo= ``` -

Here is the SyncMl example: +Here is the SyncMl example: ``` syntax diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md index c495acc547..8d12310300 100644 --- a/windows/client-management/mdm/policy-csp-applicationmanagement.md +++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md @@ -91,9 +91,9 @@ ms.date: 12/14/2017 -

Specifies whether non Microsoft Store apps are allowed. +Specifies whether non Microsoft Store apps are allowed. -

Most restricted value is 0. +Most restricted value is 0. @@ -142,14 +142,14 @@ The following list shows the supported values: -

Specifies whether automatic update of apps from Microsoft Store are allowed. +Specifies whether automatic update of apps from Microsoft Store are allowed. -

The following list shows the supported values: +The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. -

Most restricted value is 0. +Most restricted value is 0. @@ -190,9 +190,9 @@ The following list shows the supported values: -

Specifies whether developer unlock is allowed. +Specifies whether developer unlock is allowed. -

Most restricted value is 0. +Most restricted value is 0. @@ -244,9 +244,9 @@ The following list shows the supported values: > [!NOTE] > The policy is only enforced in Windows 10 for desktop. -

Specifies whether DVR and broadcasting is allowed. +Specifies whether DVR and broadcasting is allowed. -

Most restricted value is 0. +Most restricted value is 0. @@ -294,9 +294,9 @@ The following list shows the supported values: -

Specifies whether multiple users of the same app can share data. +Specifies whether multiple users of the same app can share data. -

Most restricted value is 0. +Most restricted value is 0. @@ -344,9 +344,9 @@ The following list shows the supported values: -

Specifies whether app store is allowed at the device. +Specifies whether app store is allowed at the device. -

Most restricted value is 0. +Most restricted value is 0. @@ -398,7 +398,7 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. For desktop devices, use the [AppLocker CSP](applocker-csp.md) instead.   -

An XML blob that specifies the application restrictions company want to put to the device. It could be an app allow list, app disallow list, allowed publisher IDs, and so on. For a list of Windows apps and product IDs, see [inbox apps](applocker-csp.md#inboxappsandcomponents). For more information about the XML, see the [ApplicationRestrictions XSD](applicationrestrictions-xsd.md). +An XML blob that specifies the application restrictions company want to put to the device. It could be an app allow list, app disallow list, allowed publisher IDs, and so on. For a list of Windows apps and product IDs, see [inbox apps](applocker-csp.md#inboxappsandcomponents). For more information about the XML, see the [ApplicationRestrictions XSD](applicationrestrictions-xsd.md). > [!NOTE] > When you upgrade Windows Phone 8.1 devices to Windows 10 Mobile with a list of allowed apps, some Windows inbox apps get blocked causing unexpected behavior. To work around this issue, you must include the [inbox apps](applocker-csp.md#inboxappsandcomponents) that you need to your list of allowed apps. @@ -412,11 +412,11 @@ The following list shows the supported values: > - You cannot disable or enable **Contact Support** and **Windows Feedback** apps using ApplicationManagement/ApplicationRestrictions policy, although these are listed in the [inbox apps](applocker-csp.md#inboxappsandcomponents). -

An application that is running may not be immediately terminated. +An application that is running may not be immediately terminated. -

Value type is chr. +Value type is chr. -

Value evaluation rule - The information for PolicyManager is opaque. There is no most restricted value evaluation. Whenever there is a change to the value, the device parses the node value and enforces specified policies. +Value evaluation rule - The information for PolicyManager is opaque. There is no most restricted value evaluation. Whenever there is a change to the value, the device parses the node value and enforces specified policies. @@ -457,7 +457,7 @@ The following list shows the supported values: -

Added in Windows 10, version 1607. Boolean value that disables the launch of all apps from Microsoft Store that came pre-installed or were downloaded. +Added in Windows 10, version 1607. Boolean value that disables the launch of all apps from Microsoft Store that came pre-installed or were downloaded. @@ -505,14 +505,14 @@ The following list shows the supported values: -

Allows disabling of the retail catalog and only enables the Private store. +Allows disabling of the retail catalog and only enables the Private store. -

The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Allow both public and Private store. - 1 – Only Private store is enabled. -

Most restricted value is 1. +Most restricted value is 1. @@ -553,9 +553,9 @@ The following list shows the supported values: -

Specifies whether application data is restricted to the system drive. +Specifies whether application data is restricted to the system drive. -

Most restricted value is 1. +Most restricted value is 1. @@ -603,9 +603,9 @@ The following list shows the supported values: -

Specifies whether the installation of applications is restricted to the system drive. +Specifies whether the installation of applications is restricted to the system drive. -

Most restricted value is 1. +Most restricted value is 1. diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md index aefc04173f..5d6851b66b 100644 --- a/windows/client-management/mdm/policy-csp-authentication.md +++ b/windows/client-management/mdm/policy-csp-authentication.md @@ -73,7 +73,7 @@ ms.date: 12/14/2017 -

Added in Windows 10, version 1709. Specifies whether password reset is enabled for Azure Active Directory accounts. This policy allows the Azure AD tenant administrators to enable self service password reset feature on the windows logon screen.  +Added in Windows 10, version 1709. Specifies whether password reset is enabled for Azure Active Directory accounts. This policy allows the Azure AD tenant administrators to enable self service password reset feature on the windows logon screen.  @@ -121,7 +121,7 @@ The following list shows the supported values: -

Allows an EAP cert-based authentication for a single sign on (SSO) to access internal resources. +Allows an EAP cert-based authentication for a single sign on (SSO) to access internal resources. @@ -169,9 +169,9 @@ The following list shows the supported values: -

Allows EAP Fast Reconnect from being attempted for EAP Method TLS. +Allows EAP Fast Reconnect from being attempted for EAP Method TLS. -

Most restricted value is 0. +Most restricted value is 0. @@ -219,11 +219,11 @@ The following list shows the supported values: -

Preview release in Windows 10, version 1709. Supported in the next release. Specifies whether Fast Identity Online (FIDO) device can be used to sign on. This policy enables the Windows logon credential provider for FIDO 2.0 +Preview release in Windows 10, version 1709. Supported in the next release. Specifies whether Fast Identity Online (FIDO) device can be used to sign on. This policy enables the Windows logon credential provider for FIDO 2.0 -

Value type is integer. +Value type is integer. -

Here is an example scenario: At Contoso, there are a lot of shared devices and kiosks that employees throughout the day using as many as 20 different devices. To minimize the loss in productivity when employees have to login with username and password everytime they pick up a device, the IT admin deploys SharePC CSP and Authentication/AllowFidoDeviceSignon policy to shared devices. The IT admin provisions and distributes FIDO 2.0 devices to employees, which allows them to authenticate to various shared devices and PCs. +Here is an example scenario: At Contoso, there are a lot of shared devices and kiosks that employees throughout the day using as many as 20 different devices. To minimize the loss in productivity when employees have to login with username and password everytime they pick up a device, the IT admin deploys SharePC CSP and Authentication/AllowFidoDeviceSignon policy to shared devices. The IT admin provisions and distributes FIDO 2.0 devices to employees, which allows them to authenticate to various shared devices and PCs. @@ -271,9 +271,9 @@ The following list shows the supported values: -

Added in Windows 10, version 1607. Allows secondary authentication devices to work with Windows. +Added in Windows 10, version 1607. Allows secondary authentication devices to work with Windows. -

The default for this policy must be on for consumer devices (defined as local or Microsoft account connected device) and off for enterprise devices (such as cloud domain-joined, cloud domain-joined in an on-premise only environment, cloud domain-joined in a hybrid environment, and BYOD). +The default for this policy must be on for consumer devices (defined as local or Microsoft account connected device) and off for enterprise devices (such as cloud domain-joined, cloud domain-joined in an on-premise only environment, cloud domain-joined in a hybrid environment, and BYOD). diff --git a/windows/client-management/mdm/policy-csp-bitlocker.md b/windows/client-management/mdm/policy-csp-bitlocker.md index ede5f3ea04..e575654a6d 100644 --- a/windows/client-management/mdm/policy-csp-bitlocker.md +++ b/windows/client-management/mdm/policy-csp-bitlocker.md @@ -61,12 +61,12 @@ ms.date: 12/14/2017 -

Specifies the BitLocker Drive Encryption method and cipher strength. +Specifies the BitLocker Drive Encryption method and cipher strength. > [!NOTE] > XTS-AES 128-bit and XTS-AES 256-bit values are only supported on Windows 10 for desktop. -

You can find the following policies in BitLocker CSP: +You can find the following policies in BitLocker CSP:

BitLocker/EncryptionMethodByDriveType diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md index f9a9be2812..a292b521f3 100644 --- a/windows/client-management/mdm/policy-csp-bluetooth.md +++ b/windows/client-management/mdm/policy-csp-bluetooth.md @@ -73,11 +73,11 @@ ms.date: 12/14/2017 -

Specifies whether the device can send out Bluetooth advertisements. +Specifies whether the device can send out Bluetooth advertisements. -

If this is not set or it is deleted, the default value of 1 (Allow) is used. +If this is not set or it is deleted, the default value of 1 (Allow) is used. -

Most restricted value is 0. +Most restricted value is 0. @@ -125,11 +125,11 @@ The following list shows the supported values: -

Specifies whether other Bluetooth-enabled devices can discover the device. +Specifies whether other Bluetooth-enabled devices can discover the device. -

If this is not set or it is deleted, the default value of 1 (Allow) is used. +If this is not set or it is deleted, the default value of 1 (Allow) is used. -

Most restricted value is 0. +Most restricted value is 0. @@ -177,7 +177,7 @@ The following list shows the supported values: -

Specifies whether to allow specific bundled Bluetooth peripherals to automatically pair with the host device. +Specifies whether to allow specific bundled Bluetooth peripherals to automatically pair with the host device. @@ -225,11 +225,11 @@ The following list shows the supported values: -

Sets the local Bluetooth device name. +Sets the local Bluetooth device name. -

If this is set, the value that it is set to will be used as the Bluetooth device name. To verify the policy is set, open the Bluetooth control panel on the device. Then, go to another Bluetooth-enabled device, open the Bluetooth control panel, and verify that the value that was specified. +If this is set, the value that it is set to will be used as the Bluetooth device name. To verify the policy is set, open the Bluetooth control panel on the device. Then, go to another Bluetooth-enabled device, open the Bluetooth control panel, and verify that the value that was specified. -

If this policy is not set or it is deleted, the default local radio name is used. +If this policy is not set or it is deleted, the default local radio name is used. @@ -270,9 +270,9 @@ The following list shows the supported values: -

Set a list of allowable services and profiles. String hex formatted array of Bluetooth service UUIDs in canonical format, delimited by semicolons. For example, {782AFCFC-7CAA-436C-8BF0-78CD0FFBD4AF}. +Set a list of allowable services and profiles. String hex formatted array of Bluetooth service UUIDs in canonical format, delimited by semicolons. For example, {782AFCFC-7CAA-436C-8BF0-78CD0FFBD4AF}. -

The default value is an empty string. +The default value is an empty string. diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md index 990c0726eb..1a799e9db8 100644 --- a/windows/client-management/mdm/policy-csp-browser.md +++ b/windows/client-management/mdm/policy-csp-browser.md @@ -175,12 +175,12 @@ ms.date: 01/03/2018 -

Added in Windows 10, version 1703. Specifies whether to allow the address bar drop-down functionality in Microsoft Edge. If you want to minimize network connections from Microsoft Edge to Microsoft services, we recommend disabling this functionality.  +Added in Windows 10, version 1703. Specifies whether to allow the address bar drop-down functionality in Microsoft Edge. If you want to minimize network connections from Microsoft Edge to Microsoft services, we recommend disabling this functionality.  > [!NOTE] > Disabling this setting turns off the address bar drop-down functionality. Because search suggestions are shown in the drop-down list, this setting takes precedence over the Browser/AllowSearchSuggestionsinAddressBar setting. -

Most restricted value is 0. +Most restricted value is 0. @@ -229,11 +229,11 @@ The following list shows the supported values: -

Specifies whether autofill on websites is allowed. +Specifies whether autofill on websites is allowed. -

Most restricted value is 0. +Most restricted value is 0. -

To verify AllowAutofill is set to 0 (not allowed): +To verify AllowAutofill is set to 0 (not allowed): 1. Open Microsoft Edge. 2. In the upper-right corner of the browser, click **…**. @@ -291,11 +291,11 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. For desktop devices, use the [AppLocker CSP](applocker-csp.md) instead. -

Specifies whether the browser is allowed on the device. +Specifies whether the browser is allowed on the device. -

Most restricted value is 0. +Most restricted value is 0. -

When this policy is set to 0 (not allowed), the Microsoft Edge for Windows 10 Mobile tile will appear greyed out, and clicking on the tile will display a message indicating theat Internet browsing has been disabled by your administrator. +When this policy is set to 0 (not allowed), the Microsoft Edge for Windows 10 Mobile tile will appear greyed out, and clicking on the tile will display a message indicating theat Internet browsing has been disabled by your administrator. @@ -344,16 +344,16 @@ The following list shows the supported values: -

Specifies whether cookies are allowed. +Specifies whether cookies are allowed. -

The following list shows the supported values: +The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. -

Most restricted value is 0. +Most restricted value is 0. -

To verify AllowCookies is set to 0 (not allowed): +To verify AllowCookies is set to 0 (not allowed): 1. Open Microsoft Edge or Microsoft Edge for Windows 10 Mobile. 2. In the upper-right corner of the browser, click **…**. @@ -404,9 +404,9 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. -

Specifies whether employees can use F12 Developer Tools on Microsoft Edge. Turning this setting on, or not configuring it, lets employees use F12 Developer Tools. Turning this setting off stops employees from using F12 Developer Tools. +Specifies whether employees can use F12 Developer Tools on Microsoft Edge. Turning this setting on, or not configuring it, lets employees use F12 Developer Tools. Turning this setting off stops employees from using F12 Developer Tools. -

Most restricted value is 0. +Most restricted value is 0. @@ -455,11 +455,11 @@ The following list shows the supported values: -

Specifies whether Do Not Track headers are allowed. +Specifies whether Do Not Track headers are allowed. -

Most restricted value is 1. +Most restricted value is 1. -

To verify AllowDoNotTrack is set to 0 (not allowed): +To verify AllowDoNotTrack is set to 0 (not allowed): 1. Open Microsoft Edge or Microsoft Edge for Windows 10 Mobile. 2. In the upper-right corner of the browser, click **…**. @@ -513,7 +513,7 @@ The following list shows the supported values: -

Added in Windows 10, version 1607. Specifies whether Microsoft Edge extensions are allowed. +Added in Windows 10, version 1607. Specifies whether Microsoft Edge extensions are allowed. @@ -562,7 +562,7 @@ The following list shows the supported values: -

Added in Windows 10. Specifies whether Adobe Flash can run in Microsoft Edge. +Added in Windows 10. Specifies whether Adobe Flash can run in Microsoft Edge. @@ -611,7 +611,7 @@ The following list shows the supported values: -

Added in Windows 10, version 1703. Specifies whether users must take an action, such as clicking the content or a Click-to-Run button, before seeing content in Adobe Flash. +Added in Windows 10, version 1703. Specifies whether users must take an action, such as clicking the content or a Click-to-Run button, before seeing content in Adobe Flash. @@ -660,9 +660,9 @@ The following list shows the supported values: -

Specifies whether InPrivate browsing is allowed on corporate networks. +Specifies whether InPrivate browsing is allowed on corporate networks. -

Most restricted value is 0. +Most restricted value is 0. @@ -711,12 +711,12 @@ The following list shows the supported values: -

Added in Windows 10, version 1703. Specifies whether to use the Microsoft compatibility list in Microsoft Edge. The Microsoft compatibility list is a Microsoft-provided list that enables sites with known compatibility issues to display properly. +Added in Windows 10, version 1703. Specifies whether to use the Microsoft compatibility list in Microsoft Edge. The Microsoft compatibility list is a Microsoft-provided list that enables sites with known compatibility issues to display properly. By default, the Microsoft compatibility list is enabled and can be viewed by visiting "about:compat". -

If you enable or don’t configure this setting, Microsoft Edge periodically downloads the latest version of the compatibility list from Microsoft, applying the updates during browser navigation. Visiting any site on the compatibility list prompts the employee to use Internet Explorer 11 (or enables/disables certain browser features on mobile), where the site is automatically rendered as though it’s run in the version of Internet Explorer necessary for it to display properly. If you disable this setting, the compatibility list isn’t used during browser navigation. +If you enable or don’t configure this setting, Microsoft Edge periodically downloads the latest version of the compatibility list from Microsoft, applying the updates during browser navigation. Visiting any site on the compatibility list prompts the employee to use Internet Explorer 11 (or enables/disables certain browser features on mobile), where the site is automatically rendered as though it’s run in the version of Internet Explorer necessary for it to display properly. If you disable this setting, the compatibility list isn’t used during browser navigation. -

Most restricted value is 0. +Most restricted value is 0. @@ -765,11 +765,11 @@ The following list shows the supported values: -

Specifies whether saving and managing passwords locally on the device is allowed. +Specifies whether saving and managing passwords locally on the device is allowed. -

Most restricted value is 0. +Most restricted value is 0. -

To verify AllowPasswordManager is set to 0 (not allowed): +To verify AllowPasswordManager is set to 0 (not allowed): 1. Open Microsoft Edge or Microsoft Edge for Windows 10 Mobile. 2. In the upper-right corner of the browser, click **…**. @@ -823,11 +823,11 @@ The following list shows the supported values: -

Specifies whether pop-up blocker is allowed or enabled. +Specifies whether pop-up blocker is allowed or enabled. -

Most restricted value is 1. +Most restricted value is 1. -

To verify AllowPopups is set to 0 (not allowed): +To verify AllowPopups is set to 0 (not allowed): 1. Open Microsoft Edge. 2. In the upper-right corner of the browser, click **…**. @@ -881,11 +881,11 @@ The following list shows the supported values: -

Added in Windows 10, version 1703. Allows search engine customization for MDM-enrolled devices. Users can change their default search engine.  +Added in Windows 10, version 1703. Allows search engine customization for MDM-enrolled devices. Users can change their default search engine.     -

If this setting is turned on or not configured, users can add new search engines and change the default used in the address bar from within Microsoft Edge settings. If this setting is disabled, users will be unable to add search engines or change the default used in the address bar. This policy applies only on domain-joined machines or when the device is MDM-enrolled. For more information, see Microsoft browser extension policy (aka.ms/browserpolicy).  +If this setting is turned on or not configured, users can add new search engines and change the default used in the address bar from within Microsoft Edge settings. If this setting is disabled, users will be unable to add search engines or change the default used in the address bar. This policy applies only on domain-joined machines or when the device is MDM-enrolled. For more information, see Microsoft browser extension policy (aka.ms/browserpolicy).  -

Most restricted value is 0. +Most restricted value is 0. @@ -934,9 +934,9 @@ The following list shows the supported values: -

Specifies whether search suggestions are allowed in the address bar. +Specifies whether search suggestions are allowed in the address bar. -

Most restricted value is 0. +Most restricted value is 0. @@ -985,11 +985,11 @@ The following list shows the supported values: -

Specifies whether Windows Defender SmartScreen is allowed. +Specifies whether Windows Defender SmartScreen is allowed. -

Most restricted value is 1. +Most restricted value is 1. -

To verify AllowSmartScreen is set to 0 (not allowed): +To verify AllowSmartScreen is set to 0 (not allowed): 1. Open Microsoft Edge or Microsoft Edge for Windows 10 Mobile. 2. In the upper-right corner of the browser, click **…**. @@ -1044,9 +1044,9 @@ The following list shows the supported values: -

-

Added in Windows 10, next majot update. Always show the Books Library in Microsoft Edge + +Added in Windows 10, next majot update. Always show the Books Library in Microsoft Edge @@ -1095,11 +1095,11 @@ The following list shows the supported values: -

Added in Windows 10, version 1703. Specifies whether to clear browsing data on exiting Microsoft Edge. +Added in Windows 10, version 1703. Specifies whether to clear browsing data on exiting Microsoft Edge. -

Most restricted value is 1. +Most restricted value is 1. -

To verify that browsing data is cleared on exit (ClearBrowsingDataOnExit is set to 1): +To verify that browsing data is cleared on exit (ClearBrowsingDataOnExit is set to 1): 1. Open Microsoft Edge and browse to websites. 2. Close the Microsoft Edge window. @@ -1152,22 +1152,22 @@ The following list shows the supported values: -

Added in Windows 10, version 1703. Allows you to add up to 5 additional search engines for MDM-enrolled devices.  +Added in Windows 10, version 1703. Allows you to add up to 5 additional search engines for MDM-enrolled devices.    -

If this policy is enabled, you can add up to 5 additional search engines for your employees. For each additional search engine you want to add, specify a link to the OpenSearch XML file that contains, at a minimum, the short name and the URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/browser/search-provider-discovery/). +If this policy is enabled, you can add up to 5 additional search engines for your employees. For each additional search engine you want to add, specify a link to the OpenSearch XML file that contains, at a minimum, the short name and the URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/browser/search-provider-discovery/). Employees cannot remove these search engines, but they can set any one as the default. This setting does not affect the default search engine.  -

If this setting is not configured, the search engines used are the ones that are specified in the App settings. If this setting is disabled, the search engines you added will be deleted from your employee's machine. +If this setting is not configured, the search engines used are the ones that are specified in the App settings. If this setting is disabled, the search engines you added will be deleted from your employee's machine.   > [!IMPORTANT] > Due to Protected Settings (aka.ms/browserpolicy), this setting will apply only on domain-joined machines or when the device is MDM-enrolled.  -

The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Additional search engines are not allowed. - 1 – Additional search engines are allowed. -

Most restricted value is 0. +Most restricted value is 0. @@ -1209,7 +1209,7 @@ Employees cannot remove these search engines, but they can set any one as the de -

Added in Windows 10, version 1703. Boolean value that specifies whether the lockdown on the Start pages is disabled. This policy works with the Browser/HomePages policy, which locks down the Start pages that the users cannot modify. You can use the DisableLockdownOfStartPages policy to allow users to modify the Start pages when the Browser/HomePages policy is in effect.  +Added in Windows 10, version 1703. Boolean value that specifies whether the lockdown on the Start pages is disabled. This policy works with the Browser/HomePages policy, which locks down the Start pages that the users cannot modify. You can use the DisableLockdownOfStartPages policy to allow users to modify the Start pages when the Browser/HomePages policy is in effect.     > [!NOTE] > This policy has no effect when the Browser/HomePages policy is not configured.  @@ -1217,7 +1217,7 @@ Employees cannot remove these search engines, but they can set any one as the de > [!IMPORTANT] > This setting can be used only with domain-joined or MDM-enrolled devices. For more information, see the Microsoft browser extension policy (aka.ms/browserpolicy). -

Most restricted value is 0. +Most restricted value is 0. @@ -1328,9 +1328,9 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.   -

Allows the user to specify an URL of an enterprise site list. +Allows the user to specify an URL of an enterprise site list. -

The following list shows the supported values: +The following list shows the supported values: - Not configured. The device checks for updates from Microsoft Update. - Set to a URL location of the enterprise site list. @@ -1422,11 +1422,11 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. -

Specifies the URL that Microsoft Edge for Windows 10 Mobile. will use when it is opened the first time. +Specifies the URL that Microsoft Edge for Windows 10 Mobile. will use when it is opened the first time. -

The data type is a string. +The data type is a string. -

The default value is an empty string. Otherwise, the string should contain the URL of the webpage users will see the first time Microsoft Edge is run. For example, “contoso.com”. +The default value is an empty string. Otherwise, the string should contain the URL of the webpage users will see the first time Microsoft Edge is run. For example, “contoso.com”. @@ -1471,11 +1471,11 @@ The following list shows the supported values: > [!NOTE] > This policy is only available for Windows 10 for desktop and not supported in Windows 10 Mobile. -

Specifies your Start pages for MDM-enrolled devices. Turning this setting on lets you configure one or more corporate Start pages. If this setting is turned on, you must also include URLs to the pages, separating multiple pages by using the XML-escaped characters **<** and **>**. For example, "<support.contoso.com><support.microsoft.com>" +Specifies your Start pages for MDM-enrolled devices. Turning this setting on lets you configure one or more corporate Start pages. If this setting is turned on, you must also include URLs to the pages, separating multiple pages by using the XML-escaped characters **<** and **>**. For example, "<support.contoso.com><support.microsoft.com>" -

Starting in Windows 10, version 1607, this policy will be enforced so that the Start pages specified by this policy cannot be changed by the users. +Starting in Windows 10, version 1607, this policy will be enforced so that the Start pages specified by this policy cannot be changed by the users. -

Starting in Windows 10, version 1703, if you don’t want to send traffic to Microsoft, you can use the "<about:blank>" value, which is honored for both domain- and non-domain-joined machines, when it’s the only configured URL.  +Starting in Windows 10, version 1703, if you don’t want to send traffic to Microsoft, you can use the "<about:blank>" value, which is honored for both domain- and non-domain-joined machines, when it’s the only configured URL.  > [!NOTE] > Turning this setting off, or not configuring it, sets your default Start pages to the webpages specified in App settings. @@ -1520,16 +1520,16 @@ The following list shows the supported values: -

Added in Windows 10, version 1709. This policy setting lets you decide whether employees can add, import, sort, or edit the Favorites list on Microsoft Edge. +Added in Windows 10, version 1709. This policy setting lets you decide whether employees can add, import, sort, or edit the Favorites list on Microsoft Edge. -

If you enable this setting, employees won't be able to add, import, or change anything in the Favorites list. Also as part of this, Save a Favorite, Import settings, and the context menu items (such as, Create a new folder) are all turned off. +If you enable this setting, employees won't be able to add, import, or change anything in the Favorites list. Also as part of this, Save a Favorite, Import settings, and the context menu items (such as, Create a new folder) are all turned off. > [!Important] > Don't enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge. -

If you disable or don't configure this setting (default), employees can add, import and make changes to the Favorites list. +If you disable or don't configure this setting (default), employees can add, import and make changes to the Favorites list. -

Data type is integer. +Data type is integer. @@ -1578,7 +1578,7 @@ The following list shows the supported values: -

Specifies whether users can access the about:flags page, which is used to change developer settings and to enable experimental features. +Specifies whether users can access the about:flags page, which is used to change developer settings and to enable experimental features. @@ -1627,9 +1627,9 @@ The following list shows the supported values: -

Added in Windows 10, version 1703. Specifies whether to enable or disable the First Run webpage. On the first explicit user-launch of Microsoft Edge, a First Run webpage hosted on Microsoft.com opens automatically via a FWLINK. This policy allows enterprises (such as those enrolled in a zero-emissions configuration) to prevent this page from opening. +Added in Windows 10, version 1703. Specifies whether to enable or disable the First Run webpage. On the first explicit user-launch of Microsoft Edge, a First Run webpage hosted on Microsoft.com opens automatically via a FWLINK. This policy allows enterprises (such as those enrolled in a zero-emissions configuration) to prevent this page from opening. -

Most restricted value is 1. +Most restricted value is 1. @@ -1678,9 +1678,9 @@ The following list shows the supported values: -

Added in Windows 10, version 1703. Specifies whether Microsoft can collect information to create a Live Tile when pinning a site to Start from Microsoft Edge. +Added in Windows 10, version 1703. Specifies whether Microsoft can collect information to create a Live Tile when pinning a site to Start from Microsoft Edge. -

Most restricted value is 1. +Most restricted value is 1. @@ -1729,9 +1729,9 @@ The following list shows the supported values: -

Specifies whether users can override the Windows Defender SmartScreen Filter warnings about potentially malicious websites. +Specifies whether users can override the Windows Defender SmartScreen Filter warnings about potentially malicious websites. -

Turning this setting on stops users from ignoring the Windows Defender SmartScreen Filter warnings and blocks them from going to the site. Turning this setting off, or not configuring it, lets users ignore the Windows Defender SmartScreen Filter warnings about potentially malicious websites and to continue to the site. +Turning this setting on stops users from ignoring the Windows Defender SmartScreen Filter warnings and blocks them from going to the site. Turning this setting off, or not configuring it, lets users ignore the Windows Defender SmartScreen Filter warnings about potentially malicious websites and to continue to the site. @@ -1780,7 +1780,7 @@ The following list shows the supported values: -

Specifies whether users can override the Windows Defender SmartScreen Filter warnings about downloading unverified files. Turning this setting on stops users from ignoring the Windows Defender SmartScreen Filter warnings and blocks them from downloading unverified files. Turning this setting off, or not configuring it, lets users ignore the Windows Defender SmartScreen Filter warnings about unverified files and lets them continue the download process. +Specifies whether users can override the Windows Defender SmartScreen Filter warnings about downloading unverified files. Turning this setting on stops users from ignoring the Windows Defender SmartScreen Filter warnings and blocks them from downloading unverified files. Turning this setting off, or not configuring it, lets users ignore the Windows Defender SmartScreen Filter warnings about unverified files and lets them continue the download process. @@ -1833,7 +1833,7 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. -

Specifies whether a user's localhost IP address is displayed while making phone calls using the WebRTC protocol. Turning this setting on hides an user’s localhost IP address while making phone calls using WebRTC. Turning this setting off, or not configuring it, shows an

user’s localhost IP address while making phone calls using WebRTC. +Specifies whether a user's localhost IP address is displayed while making phone calls using the WebRTC protocol. Turning this setting on hides an user’s localhost IP address while making phone calls using WebRTC. Turning this setting off, or not configuring it, shows an user’s localhost IP address while making phone calls using WebRTC. @@ -1882,9 +1882,9 @@ The following list shows the supported values: -

Added in Windows 10, version 1709. This policy setting allows you to configure a default set of favorites, which will appear for employees. Employees cannot modify, sort, move, export or delete these provisioned favorites. Specify the URL which points to the file that has all the data for provisioning favorites (in html format). You can export a set of favorites from Edge and use that html file for provisioning user machines. +Added in Windows 10, version 1709. This policy setting allows you to configure a default set of favorites, which will appear for employees. Employees cannot modify, sort, move, export or delete these provisioned favorites. Specify the URL which points to the file that has all the data for provisioning favorites (in html format). You can export a set of favorites from Edge and use that html file for provisioning user machines.   -

URL can be specified as: +URL can be specified as: - HTTP location: "SiteList"="http://localhost:8080/URLs.html" - Local network: "SiteList"="\\network\shares\URLs.html" @@ -1893,9 +1893,9 @@ The following list shows the supported values: > [!Important] > Don't enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge. -

If you disable or don't configure this setting, employees will see the favorites they set in the Hub and Favorites Bar. +If you disable or don't configure this setting, employees will see the favorites they set in the Hub and Favorites Bar. -

Data type is string. +Data type is string. @@ -1941,9 +1941,9 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. -

Specifies whether to send intranet traffic over to Internet Explorer. +Specifies whether to send intranet traffic over to Internet Explorer. -

Most restricted value is 0. +Most restricted value is 0. @@ -1992,21 +1992,21 @@ The following list shows the supported values: -

Added in Windows 10, version 1703. Allows you configure the default search engine for your employees. By default, your employees can change the default search engine at any time. If you want to prevent your employees from changing the default search engine that you set, you can do so by configuring the AllowSearchEngineCustomization policy. +Added in Windows 10, version 1703. Allows you configure the default search engine for your employees. By default, your employees can change the default search engine at any time. If you want to prevent your employees from changing the default search engine that you set, you can do so by configuring the AllowSearchEngineCustomization policy. -

You must specify a link to the OpenSearch XML file that contains, at a minimum, the short name and the URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/browser/search-provider-discovery/). If you want your employees to use the Microsoft Edge factory settings for the default search engine for their market, set the string EDGEDEFAULT; otherwise, if you want your employees to use Bing as the default search engine, set the string EDGEBING.  +You must specify a link to the OpenSearch XML file that contains, at a minimum, the short name and the URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/browser/search-provider-discovery/). If you want your employees to use the Microsoft Edge factory settings for the default search engine for their market, set the string EDGEDEFAULT; otherwise, if you want your employees to use Bing as the default search engine, set the string EDGEBING.    -

If this setting is not configured, the default search engine is set to the one specified in App settings and can be changed by your employees. If this setting is disabled, the policy-set search engine will be removed, and, if it is the current default, the default will be set back to the factory Microsoft Edge search engine for the market.    +If this setting is not configured, the default search engine is set to the one specified in App settings and can be changed by your employees. If this setting is disabled, the policy-set search engine will be removed, and, if it is the current default, the default will be set back to the factory Microsoft Edge search engine for the market.      > [!IMPORTANT] > This setting can be used only with domain-joined or MDM-enrolled devices. For more information, see the Microsoft browser extension policy (aka.ms/browserpolicy). -

The following list shows the supported values: +The following list shows the supported values: - 0 (default) - The default search engine is set to the one specified in App settings. - 1 - Allows you to configure the default search engine for your employees. -

Most restricted value is 0. +Most restricted value is 0. @@ -2052,9 +2052,9 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. -

Added in Windows 10, version 1607. Specifies whether users should see a full interstitial page in Microsoft Edge when opening sites that are configured to open in Internet Explorer using the Enterprise Site List. +Added in Windows 10, version 1607. Specifies whether users should see a full interstitial page in Microsoft Edge when opening sites that are configured to open in Internet Explorer using the Enterprise Site List. -

Most restricted value is 0. +Most restricted value is 0. @@ -2103,14 +2103,14 @@ The following list shows the supported values: -

Added in Windows 10, version 1703. Specifies whether favorites are kept in sync between Internet Explorer and Microsoft Edge. Changes to favorites in one browser are reflected in the other, including: additions, deletions, modifications, and ordering. +Added in Windows 10, version 1703. Specifies whether favorites are kept in sync between Internet Explorer and Microsoft Edge. Changes to favorites in one browser are reflected in the other, including: additions, deletions, modifications, and ordering. > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. > > Enabling this setting stops Microsoft Edge favorites from syncing between connected Windows 10 devices. -

To verify that favorites are in synchronized between Internet Explorer and Microsoft Edge: +To verify that favorites are in synchronized between Internet Explorer and Microsoft Edge:

  1. Open Internet Explorer and add some favorites. diff --git a/windows/client-management/mdm/policy-csp-camera.md b/windows/client-management/mdm/policy-csp-camera.md index a6d562399b..54098f70c4 100644 --- a/windows/client-management/mdm/policy-csp-camera.md +++ b/windows/client-management/mdm/policy-csp-camera.md @@ -61,9 +61,9 @@ ms.date: 12/14/2017 -

    Disables or enables the camera. +Disables or enables the camera. -

    Most restricted value is 0. +Most restricted value is 0. diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md index 45755803ec..50cf068b2e 100644 --- a/windows/client-management/mdm/policy-csp-connectivity.md +++ b/windows/client-management/mdm/policy-csp-connectivity.md @@ -100,14 +100,14 @@ ms.date: 12/14/2017 -

    Allows the user to enable Bluetooth or restrict access. +Allows the user to enable Bluetooth or restrict access. > [!NOTE] >  This value is not supported in Windows Phone 8.1 MDM and EAS, Windows 10 for desktop, or Windows 10 Mobile. -

    If this is not set or it is deleted, the default value of 2 (Allow) is used. +If this is not set or it is deleted, the default value of 2 (Allow) is used. -

    Most restricted value is 0. +Most restricted value is 0. @@ -156,7 +156,7 @@ The following list shows the supported values: -

    Allows the cellular data channel on the device. Device reboot is not required to enforce the policy. +Allows the cellular data channel on the device. Device reboot is not required to enforce the policy. @@ -205,9 +205,9 @@ The following list shows the supported values: -

    Allows or disallows cellular data roaming on the device. Device reboot is not required to enforce the policy. +Allows or disallows cellular data roaming on the device. Device reboot is not required to enforce the policy. -

    Most restricted value is 0. +Most restricted value is 0. @@ -219,9 +219,9 @@ The following list shows the supported values: -

    To validate, the enterprise can confirm by observing the roaming enable switch in the UX. It will be inactive if the roaming policy is being enforced by the enterprise policy. +To validate, the enterprise can confirm by observing the roaming enable switch in the UX. It will be inactive if the roaming policy is being enforced by the enterprise policy. -

    To validate on mobile devices, do the following: +To validate on mobile devices, do the following: 1. Go to Cellular & SIM. 2. Click on the SIM (next to the signal strength icon) and select **Properties**. @@ -269,7 +269,7 @@ The following list shows the supported values: > [!NOTE] > This policy requires reboot to take effect. -

    Added in Windows 10, version 1703. Allows IT Admins the ability to disable the Connected Devices Platform (CDP) component. CDP enables discovery and connection to other devices (either proximally with BT/LAN or through the cloud) to support remote app launching, remote messaging, remote app sessions, and other cross-device experiences. +Added in Windows 10, version 1703. Allows IT Admins the ability to disable the Connected Devices Platform (CDP) component. CDP enables discovery and connection to other devices (either proximally with BT/LAN or through the cloud) to support remote app launching, remote messaging, remote app sessions, and other cross-device experiences. @@ -321,9 +321,9 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. -

    Allows or disallows near field communication (NFC) on the device. +Allows or disallows near field communication (NFC) on the device. -

    Most restricted value is 0. +Most restricted value is 0. @@ -375,11 +375,11 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. -

    Enables USB connection between the device and a computer to sync files with the device or to use developer tools to deploy or debug applications. Changing this policy does not affect USB charging. +Enables USB connection between the device and a computer to sync files with the device or to use developer tools to deploy or debug applications. Changing this policy does not affect USB charging. -

    Both Media Transfer Protocol (MTP) and IP over USB are disabled when this policy is enforced. +Both Media Transfer Protocol (MTP) and IP over USB are disabled when this policy is enforced. -

    Most restricted value is 0. +Most restricted value is 0. @@ -427,9 +427,9 @@ The following list shows the supported values: -

    Specifies what type of underlying connections VPN is allowed to use. +Specifies what type of underlying connections VPN is allowed to use. -

    Most restricted value is 0. +Most restricted value is 0. @@ -477,9 +477,9 @@ The following list shows the supported values: -

    Prevents the device from connecting to VPN when the device roams over cellular networks. +Prevents the device from connecting to VPN when the device roams over cellular networks. -

    Most restricted value is 0. +Most restricted value is 0. diff --git a/windows/client-management/mdm/policy-csp-cryptography.md b/windows/client-management/mdm/policy-csp-cryptography.md index e65cf59e9f..b8a7181d8e 100644 --- a/windows/client-management/mdm/policy-csp-cryptography.md +++ b/windows/client-management/mdm/policy-csp-cryptography.md @@ -64,9 +64,9 @@ ms.date: 11/01/2017 -

    Allows or disallows the Federal Information Processing Standard (FIPS) policy. +Allows or disallows the Federal Information Processing Standard (FIPS) policy. -

    The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Not allowed. - 1– Allowed. @@ -110,7 +110,7 @@ ms.date: 11/01/2017 -

    Lists the Cryptographic Cipher Algorithms allowed for SSL connections. Format is a semicolon delimited list. Last write win. +Lists the Cryptographic Cipher Algorithms allowed for SSL connections. Format is a semicolon delimited list. Last write win. diff --git a/windows/client-management/mdm/policy-csp-dataprotection.md b/windows/client-management/mdm/policy-csp-dataprotection.md index 5a2461e9cb..b0e270bdff 100644 --- a/windows/client-management/mdm/policy-csp-dataprotection.md +++ b/windows/client-management/mdm/policy-csp-dataprotection.md @@ -64,9 +64,9 @@ ms.date: 12/14/2017 -

    This policy setting allows you to block direct memory access (DMA) for all hot pluggable PCI downstream ports until a user logs into Windows. Once a user logs in, Windows will enumerate the PCI devices connected to the host plug PCI ports. Every time the user locks the machine, DMA will be blocked on hot plug PCI ports with no children devices until the user logs in again. Devices which were already enumerated when the machine was unlocked will continue to function until unplugged. This policy setting is only enforced when BitLocker or device encryption is enabled. +This policy setting allows you to block direct memory access (DMA) for all hot pluggable PCI downstream ports until a user logs into Windows. Once a user logs in, Windows will enumerate the PCI devices connected to the host plug PCI ports. Every time the user locks the machine, DMA will be blocked on hot plug PCI ports with no children devices until the user logs in again. Devices which were already enumerated when the machine was unlocked will continue to function until unplugged. This policy setting is only enforced when BitLocker or device encryption is enabled. -

    Most restricted value is 0. +Most restricted value is 0. @@ -118,7 +118,7 @@ The following list shows the supported values: > This policy may change in a future release. It may be used for testing purposes, but should not be used in a production environment at this time.   -

    Setting used by Windows 8.1 Selective Wipe. +Setting used by Windows 8.1 Selective Wipe. > [!NOTE] > This policy is not recommended for use in Windows 10. diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index c261f2807f..bb91bd44bd 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -167,9 +167,9 @@ ms.date: 11/01/2017 > This policy is only enforced in Windows 10 for desktop. -

    Allows or disallows scanning of archives. +Allows or disallows scanning of archives. -

    The following list shows the supported values: +The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. @@ -217,9 +217,9 @@ ms.date: 11/01/2017 > This policy is only enforced in Windows 10 for desktop.   -

    Allows or disallows Windows Defender Behavior Monitoring functionality. +Allows or disallows Windows Defender Behavior Monitoring functionality. -

    The following list shows the supported values: +The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. @@ -267,9 +267,9 @@ ms.date: 11/01/2017 > This policy is only enforced in Windows 10 for desktop. -

    To best protect your PC, Windows Defender will send information to Microsoft about any problems it finds. Microsoft will analyze that information, learn more about problems affecting you and other customers, and offer improved solutions. +To best protect your PC, Windows Defender will send information to Microsoft about any problems it finds. Microsoft will analyze that information, learn more about problems affecting you and other customers, and offer improved solutions. -

    The following list shows the supported values: +The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. @@ -317,9 +317,9 @@ ms.date: 11/01/2017 > This policy is only enforced in Windows 10 for desktop. -

    Allows or disallows scanning of email. +Allows or disallows scanning of email. -

    The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Not allowed. - 1 – Allowed. @@ -367,9 +367,9 @@ ms.date: 11/01/2017 > This policy is only enforced in Windows 10 for desktop. -

    Allows or disallows a full scan of mapped network drives. +Allows or disallows a full scan of mapped network drives. -

    The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Not allowed. - 1 – Allowed. @@ -417,9 +417,9 @@ ms.date: 11/01/2017 > This policy is only enforced in Windows 10 for desktop. -

    Allows or disallows a full scan of removable drives. +Allows or disallows a full scan of removable drives. -

    The following list shows the supported values: +The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. @@ -467,9 +467,9 @@ ms.date: 11/01/2017 > This policy is only enforced in Windows 10 for desktop.   -

    Allows or disallows Windows Defender IOAVP Protection functionality. +Allows or disallows Windows Defender IOAVP Protection functionality. -

    The following list shows the supported values: +The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. @@ -517,9 +517,9 @@ ms.date: 11/01/2017 > This policy is only enforced in Windows 10 for desktop. -

    Allows or disallows Windows Defender Intrusion Prevention functionality. +Allows or disallows Windows Defender Intrusion Prevention functionality. -

    The following list shows the supported values: +The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. @@ -567,9 +567,9 @@ ms.date: 11/01/2017 > This policy is only enforced in Windows 10 for desktop. -

    Allows or disallows Windows Defender On Access Protection functionality. +Allows or disallows Windows Defender On Access Protection functionality. -

    The following list shows the supported values: +The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. @@ -617,9 +617,9 @@ ms.date: 11/01/2017 > This policy is only enforced in Windows 10 for desktop. -

    Allows or disallows Windows Defender Realtime Monitoring functionality. +Allows or disallows Windows Defender Realtime Monitoring functionality. -

    The following list shows the supported values: +The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. @@ -667,9 +667,9 @@ ms.date: 11/01/2017 > This policy is only enforced in Windows 10 for desktop.   -

    Allows or disallows a scanning of network files. +Allows or disallows a scanning of network files. -

    The following list shows the supported values: +The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. @@ -717,9 +717,9 @@ ms.date: 11/01/2017 > This policy is only enforced in Windows 10 for desktop. -

    Allows or disallows Windows Defender Script Scanning functionality. +Allows or disallows Windows Defender Script Scanning functionality. -

    The following list shows the supported values: +The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. @@ -767,9 +767,9 @@ ms.date: 11/01/2017 > This policy is only enforced in Windows 10 for desktop. -

    Allows or disallows user access to the Windows Defender UI. If disallowed, all Windows Defender notifications will also be suppressed. +Allows or disallows user access to the Windows Defender UI. If disallowed, all Windows Defender notifications will also be suppressed. -

    The following list shows the supported values: +The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. @@ -817,9 +817,9 @@ ms.date: 11/01/2017 > This policy is only enforced in Windows 10 for desktop. -

    Added in Windows 10, version 1709. This policy setting allows you to prevent Attack Surface reduction rules from matching on files under the paths specified or for the fully qualified resources specified. Paths should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of a path or a fully qualified resource name. As an example, a path might be defined as: "c:\Windows" to exclude all files in this directory. A fully qualified resource name might be defined as: "C:\Windows\App.exe".. +Added in Windows 10, version 1709. This policy setting allows you to prevent Attack Surface reduction rules from matching on files under the paths specified or for the fully qualified resources specified. Paths should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of a path or a fully qualified resource name. As an example, a path might be defined as: "c:\Windows" to exclude all files in this directory. A fully qualified resource name might be defined as: "C:\Windows\App.exe".. -

    Value type is string. +Value type is string. @@ -864,11 +864,11 @@ ms.date: 11/01/2017 > This policy is only enforced in Windows 10 for desktop. -

    Added in Windows 10, version 1709. This policy setting enables setting the state (Block/Audit/Off) for each Attack surface reduction (ASR) rule. Each ASR rule listed can be set to one of the following states (Block/Audit/Off). The ASR rule ID and state should be added under the Options for this setting. Each entry must be listed as a name value pair. The name defines a valid ASR rule ID, while the value contains the status ID indicating the status of the rule. +Added in Windows 10, version 1709. This policy setting enables setting the state (Block/Audit/Off) for each Attack surface reduction (ASR) rule. Each ASR rule listed can be set to one of the following states (Block/Audit/Off). The ASR rule ID and state should be added under the Options for this setting. Each entry must be listed as a name value pair. The name defines a valid ASR rule ID, while the value contains the status ID indicating the status of the rule. -

    For more information about ASR rule ID and status ID, see [Enable Attack Surface Reduction](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction). +For more information about ASR rule ID and status ID, see [Enable Attack Surface Reduction](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction). -

    Value type is string. +Value type is string. @@ -913,11 +913,11 @@ ms.date: 11/01/2017 > This policy is only enforced in Windows 10 for desktop.   -

    Represents the average CPU load factor for the Windows Defender scan (in percent). +Represents the average CPU load factor for the Windows Defender scan (in percent). -

    Valid values: 0–100 +Valid values: 0–100 -

    The default value is 50. +The default value is 50. @@ -962,11 +962,11 @@ ms.date: 11/01/2017 > This policy is only enforced in Windows 10 for desktop. -

    Added in Windows 10, version 1709. This policy setting determines how aggressive Windows Defender Antivirus will be in blocking and scanning suspicious files. Value type is integer. +Added in Windows 10, version 1709. This policy setting determines how aggressive Windows Defender Antivirus will be in blocking and scanning suspicious files. Value type is integer. -

    If this setting is on, Windows Defender Antivirus will be more aggressive when identifying suspicious files to block and scan; otherwise, it will be less aggressive and therefore block and scan with less frequency. +If this setting is on, Windows Defender Antivirus will be more aggressive when identifying suspicious files to block and scan; otherwise, it will be less aggressive and therefore block and scan with less frequency. -

    For more information about specific values that are supported, see the Windows Defender Antivirus documentation site. +For more information about specific values that are supported, see the Windows Defender Antivirus documentation site.       > [!Note] > This feature requires the "Join Microsoft MAPS" setting enabled in order to function. @@ -1022,11 +1022,11 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. -

    Added in Windows 10, version 1709. This feature allows Windows Defender Antivirus to block a suspicious file for up to 60 seconds, and scan it in the cloud to make sure it's safe. Value type is integer, range is 0 - 50. +Added in Windows 10, version 1709. This feature allows Windows Defender Antivirus to block a suspicious file for up to 60 seconds, and scan it in the cloud to make sure it's safe. Value type is integer, range is 0 - 50. -

    The typical cloud check timeout is 10 seconds. To enable the extended cloud check feature, specify the extended time in seconds, up to an additional 50 seconds. +The typical cloud check timeout is 10 seconds. To enable the extended cloud check feature, specify the extended time in seconds, up to an additional 50 seconds. -

    For example, if the desired timeout is 60 seconds, specify 50 seconds in this setting, which will enable the extended cloud check feature, and will raise the total time to 60 seconds. +For example, if the desired timeout is 60 seconds, specify 50 seconds in this setting, which will enable the extended cloud check feature, and will raise the total time to 60 seconds. > [!Note] > This feature depends on three other MAPS settings the must all be enabled- "Configure the 'Block at First Sight' feature; "Join Microsoft MAPS"; "Send file samples when further analysis is required". @@ -1073,7 +1073,7 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. The previous name was GuardedFoldersAllowedApplications and changed to ControlledFolderAccessAllowedApplications. -

    Added in Windows 10, version 1709. This policy setting allows user-specified applications to the guard my folders feature. Adding an allowed application means the guard my folders feature will allow the application to modify or delete content in certain folders such as My Documents. In most cases it will not be necessary to add entries. Windows Defender Antivirus will automatically detect and dynamically add applications that are friendly. Value type is string. Use the | as the substring separator. +Added in Windows 10, version 1709. This policy setting allows user-specified applications to the guard my folders feature. Adding an allowed application means the guard my folders feature will allow the application to modify or delete content in certain folders such as My Documents. In most cases it will not be necessary to add entries. Windows Defender Antivirus will automatically detect and dynamically add applications that are friendly. Value type is string. Use the | as the substring separator. @@ -1117,7 +1117,7 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. The previous name was GuardedFoldersList and changed to ControlledFolderAccessProtectedFolders. -

    Added in Windows 10, version 1709. This policy settings allows adding user-specified folder locations to the guard my folders feature. These folders will complement the system defined folders such as My Documents and My Pictures. The list of system folders will be displayed in the user interface and can not be changed. Value type is string. Use the | as the substring separator. +Added in Windows 10, version 1709. This policy settings allows adding user-specified folder locations to the guard my folders feature. These folders will complement the system defined folders such as My Documents and My Pictures. The list of system folders will be displayed in the user interface and can not be changed. Value type is string. Use the | as the substring separator. @@ -1162,11 +1162,11 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop.   -

    Time period (in days) that quarantine items will be stored on the system. +Time period (in days) that quarantine items will be stored on the system. -

    Valid values: 0–90 +Valid values: 0–90 -

    The default value is 0, which keeps items in quarantine, and does not automatically remove them. +The default value is 0, which keeps items in quarantine, and does not automatically remove them. @@ -1210,7 +1210,7 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. The previous name was EnableGuardMyFolders and changed to EnableControlledFolderAccess. -

    Added in Windows 10, version 1709. This policy enables setting the state (On/Off/Audit) for the guard my folders feature. The guard my folders feature removes modify and delete permissions from untrusted applications to certain folders such as My Documents. Value type is integer and the range is 0 - 2. +Added in Windows 10, version 1709. This policy enables setting the state (On/Off/Audit) for the guard my folders feature. The guard my folders feature removes modify and delete permissions from untrusted applications to certain folders such as My Documents. Value type is integer and the range is 0 - 2. @@ -1262,21 +1262,23 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. -

    Added in Windows 10, version 1709. This policy allows you to turn network protection on (block/audit) or off in Windows Defender Exploit Guard. Network protection is a feature of Windows Defender Exploit Guard that protects employees using any app from accessing phishing scams, exploit-hosting sites, and malicious content on the Internet. This includes preventing third-party browsers from connecting to dangerous sites. Value type is integer. +Added in Windows 10, version 1709. This policy allows you to turn network protection on (block/audit) or off in Windows Defender Exploit Guard. Network protection is a feature of Windows Defender Exploit Guard that protects employees using any app from accessing phishing scams, exploit-hosting sites, and malicious content on the Internet. This includes preventing third-party browsers from connecting to dangerous sites. Value type is integer. -

    If you enable this setting, network protection is turned on and employees can't turn it off. Its behavior can be controlled by the following options: Block and Audit. -

    If you enable this policy with the ""Block"" option, users/apps will be blocked from connecting to dangerous domains. You will be able to see this activity in Windows Defender Security Center. -

    If you enable this policy with the ""Audit"" option, users/apps will not be blocked from connecting to dangerous domains. However, you will still see this activity in Windows Defender Security Center. -

    If you disable this policy, users/apps will not be blocked from connecting to dangerous domains. You will not see any network activity in Windows Defender Security Center. -

    If you do not configure this policy, network blocking will be disabled by default. +If you enable this setting, network protection is turned on and employees can't turn it off. Its behavior can be controlled by the following options: Block and Audit. +If you enable this policy with the ""Block"" option, users/apps will be blocked from connecting to dangerous domains. You will be able to see this activity in Windows Defender Security Center. +If you enable this policy with the ""Audit"" option, users/apps will not be blocked from connecting to dangerous domains. However, you will still see this activity in Windows Defender Security Center. +If you disable this policy, users/apps will not be blocked from connecting to dangerous domains. You will not see any network activity in Windows Defender Security Center. +If you do not configure this policy, network blocking will be disabled by default. -

    Valid values: + + +The following list shows the supported values: - 0 (default) - Disabled - 1 - Enabled (block mode) - 2 - Enabled (audit mode) - +


    @@ -1319,7 +1321,7 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop.   -

    Allows an administrator to specify a list of file type extensions to ignore during a scan. Each file type in the list must be separated by a **|**. For example, "lib|obj". +Allows an administrator to specify a list of file type extensions to ignore during a scan. Each file type in the list must be separated by a **|**. For example, "lib|obj". @@ -1364,7 +1366,7 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop. -

    Allows an administrator to specify a list of directory paths to ignore during a scan. Each path in the list must be separated by a **|**. For example, "C:\\Example|C:\\Example1". +Allows an administrator to specify a list of directory paths to ignore during a scan. Each path in the list must be separated by a **|**. For example, "C:\\Example|C:\\Example1". @@ -1409,13 +1411,13 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop. -

    Allows an administrator to specify a list of files opened by processes to ignore during a scan. +Allows an administrator to specify a list of files opened by processes to ignore during a scan. > [!IMPORTANT] > The process itself is not excluded from the scan, but can be by using the **Defender/ExcludedPaths** policy to exclude its path.   -

    Each file type must be separated by a **|**. For example, "C:\\Example.exe|C:\\Example1.exe". +Each file type must be separated by a **|**. For example, "C:\\Example.exe|C:\\Example1.exe". @@ -1460,9 +1462,9 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop. -

    Added in Windows 10, version 1607. Specifies the level of detection for potentially unwanted applications (PUAs). Windows Defender alerts you when potentially unwanted software is being downloaded or attempts to install itself on your computer. +Added in Windows 10, version 1607. Specifies the level of detection for potentially unwanted applications (PUAs). Windows Defender alerts you when potentially unwanted software is being downloaded or attempts to install itself on your computer. -

    The following list shows the supported values: +The following list shows the supported values: - 0 (default) – PUA Protection off. Windows Defender will not protect against potentially unwanted applications. - 1 – PUA Protection on. Detected items are blocked. They will show in history along with other threats. @@ -1511,13 +1513,13 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop. -

    Controls which sets of files should be monitored. +Controls which sets of files should be monitored. > [!NOTE] > If **AllowOnAccessProtection** is not allowed, then this configuration can be used to monitor specific files. -

    The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Monitor all files (bi-directional). - 1 – Monitor incoming files. @@ -1566,9 +1568,9 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop. -

    Selects whether to perform a quick scan or full scan. +Selects whether to perform a quick scan or full scan. -

    The following list shows the supported values: +The following list shows the supported values: - 1 (default) – Quick scan - 2 – Full scan @@ -1616,17 +1618,17 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop.   -

    Selects the time of day that the Windows Defender quick scan should run. +Selects the time of day that the Windows Defender quick scan should run. > [!NOTE] > The scan type will depends on what scan type is selected in the **Defender/ScanParameter** setting.   -

    Valid values: 0–1380 +Valid values: 0–1380 -

    For example, a value of 0=12:00AM, a value of 60=1:00AM, a value of 120=2:00, and so on, up to a value of 1380=11:00PM. +For example, a value of 0=12:00AM, a value of 60=1:00AM, a value of 120=2:00, and so on, up to a value of 1380=11:00PM. -

    The default value is 120 +The default value is 120 @@ -1671,13 +1673,13 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop. -

    Selects the day that the Windows Defender scan should run. +Selects the day that the Windows Defender scan should run. > [!NOTE] > The scan type will depends on what scan type is selected in the **Defender/ScanParameter** setting. -

    The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Every day - 1 – Monday @@ -1732,17 +1734,17 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop. -

    Selects the time of day that the Windows Defender scan should run. +Selects the time of day that the Windows Defender scan should run. > [!NOTE] > The scan type will depends on what scan type is selected in the **Defender/ScanParameter** setting. -

    Valid values: 0–1380. +Valid values: 0–1380. -

    For example, a value of 0=12:00AM, a value of 60=1:00AM, a value of 120=2:00, and so on, up to a value of 1380=11:00PM. +For example, a value of 0=12:00AM, a value of 60=1:00AM, a value of 120=2:00, and so on, up to a value of 1380=11:00PM. -

    The default value is 120. +The default value is 120. @@ -1787,13 +1789,13 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop.   -

    Specifies the interval (in hours) that will be used to check for signatures, so instead of using the ScheduleDay and ScheduleTime the check for new signatures will be set according to the interval. +Specifies the interval (in hours) that will be used to check for signatures, so instead of using the ScheduleDay and ScheduleTime the check for new signatures will be set according to the interval. -

    Valid values: 0–24. +Valid values: 0–24. -

    A value of 0 means no check for new signatures, a value of 1 means to check every hour, a value of 2 means to check every two hours, and so on, up to a value of 24, which means to check every day. +A value of 0 means no check for new signatures, a value of 1 means to check every hour, a value of 2 means to check every two hours, and so on, up to a value of 24, which means to check every day. -

    The default value is 8. +The default value is 8. @@ -1838,9 +1840,9 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop.   -

    Checks for the user consent level in Windows Defender to send data. If the required consent has already been granted, Windows Defender submits them. If not, (and if the user has specified never to ask), the UI is launched to ask for user consent (when **Defender/AllowCloudProtection** is allowed) before sending data. +Checks for the user consent level in Windows Defender to send data. If the required consent has already been granted, Windows Defender submits them. If not, (and if the user has specified never to ask), the UI is launched to ask for user consent (when **Defender/AllowCloudProtection** is allowed) before sending data. -

    The following list shows the supported values: +The following list shows the supported values: - 0 – Always prompt. - 1 (default) – Send safe samples automatically. @@ -1890,18 +1892,18 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop.   -

    Allows an administrator to specify any valid threat severity levels and the corresponding default action ID to take. +Allows an administrator to specify any valid threat severity levels and the corresponding default action ID to take. -

    This value is a list of threat severity level IDs and corresponding actions, separated by a**|** using the format "*threat level*=*action*|*threat level*=*action*". For example "1=6|2=2|4=10|5=3 +This value is a list of threat severity level IDs and corresponding actions, separated by a**|** using the format "*threat level*=*action*|*threat level*=*action*". For example "1=6|2=2|4=10|5=3 -

    The following list shows the supported values for threat severity levels: +The following list shows the supported values for threat severity levels: - 1 – Low severity threats - 2 – Moderate severity threats - 4 – High severity threats - 5 – Severe threats -

    The following list shows the supported values for possible actions: +The following list shows the supported values for possible actions: - 1 – Clean - 2 – Quarantine diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md index c369584fc8..812d07ecac 100644 --- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md +++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md @@ -136,9 +136,9 @@ ms.date: 01/03/2018 > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. -

    Added in Windows 10, version 1607. Specifies the maximum size in GB of Delivery Optimization cache. This policy overrides the DOMaxCacheSize policy. The value 0 (zero) means "unlimited" cache. Delivery Optimization will clear the cache when the device is running low on disk space. +Added in Windows 10, version 1607. Specifies the maximum size in GB of Delivery Optimization cache. This policy overrides the DOMaxCacheSize policy. The value 0 (zero) means "unlimited" cache. Delivery Optimization will clear the cache when the device is running low on disk space. -

    The default value is 10. +The default value is 10. @@ -183,7 +183,7 @@ ms.date: 01/03/2018 > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. -

    Added in Windows 10, version 1703. Specifies whether the device is allowed to participate in Peer Caching while connected via VPN to the domain network. This means the device can download from or upload to other domain network devices, either on VPN or on the corporate domain network. +Added in Windows 10, version 1703. Specifies whether the device is allowed to participate in Peer Caching while connected via VPN to the domain network. This means the device can download from or upload to other domain network devices, either on VPN or on the corporate domain network. @@ -347,7 +347,7 @@ The following list shows the supported values as number of seconds: > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. -

    Specifies the download method that Delivery Optimization can use in downloads of Windows Updates, Apps and App updates. +Specifies the download method that Delivery Optimization can use in downloads of Windows Updates, Apps and App updates. @@ -403,7 +403,7 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. -

    This Policy specifies an arbitrary group ID that the device belongs to. Use this if you need to create a single group for Local Network Peering for branches that are on different domains or are not on the same LAN. Note that this is a best effort optimization and should not be relied on for an authentication of identity. +This Policy specifies an arbitrary group ID that the device belongs to. Use this if you need to create a single group for Local Network Peering for branches that are on different domains or are not on the same LAN. Note that this is a best effort optimization and should not be relied on for an authentication of identity. > [!NOTE] > You must use a GUID as the group ID. @@ -514,9 +514,9 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. -

    Specifies the maximum time in seconds that each file is held in the Delivery Optimization cache after downloading successfully. The value 0 (zero) means "unlimited"; Delivery Optimization will hold the files in the cache longer and make the files available for uploads to other devices, as long as the cache size has not exceeded. The value 0 is new in Windows 10, version 1607. +Specifies the maximum time in seconds that each file is held in the Delivery Optimization cache after downloading successfully. The value 0 (zero) means "unlimited"; Delivery Optimization will hold the files in the cache longer and make the files available for uploads to other devices, as long as the cache size has not exceeded. The value 0 is new in Windows 10, version 1607. -

    The default value is 259200 seconds (3 days). +The default value is 259200 seconds (3 days). @@ -561,9 +561,9 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.   -

    Specifies the maximum cache size that Delivery Optimization can utilize, as a percentage of disk size (1-100). +Specifies the maximum cache size that Delivery Optimization can utilize, as a percentage of disk size (1-100). -

    The default value is 20. +The default value is 20. @@ -608,9 +608,9 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.   -

    Added in Windows 10, version 1607. Specifies the maximum download bandwidth in KiloBytes/second that the device can use across all concurrent download activities using Delivery Optimization. +Added in Windows 10, version 1607. Specifies the maximum download bandwidth in KiloBytes/second that the device can use across all concurrent download activities using Delivery Optimization. -

    The default value 0 (zero) means that Delivery Optimization dynamically adjusts to use the available bandwidth for downloads. +The default value 0 (zero) means that Delivery Optimization dynamically adjusts to use the available bandwidth for downloads. @@ -655,9 +655,9 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.   -

    Specifies the maximum upload bandwidth in KiloBytes/second that a device will use across all concurrent upload activity using Delivery Optimization. +Specifies the maximum upload bandwidth in KiloBytes/second that a device will use across all concurrent upload activity using Delivery Optimization. -

    The default value is 0, which permits unlimited possible bandwidth (optimized for minimal usage of upload bandwidth). +The default value is 0, which permits unlimited possible bandwidth (optimized for minimal usage of upload bandwidth). @@ -702,9 +702,9 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. -

    Added in Windows 10, version 1607. Specifies the minimum download QoS (Quality of Service or speed) in KiloBytes/sec for background downloads. This policy affects the blending of peer and HTTP sources. Delivery Optimization complements the download from the HTTP source to achieve the minimum QoS value set. +Added in Windows 10, version 1607. Specifies the minimum download QoS (Quality of Service or speed) in KiloBytes/sec for background downloads. This policy affects the blending of peer and HTTP sources. Delivery Optimization complements the download from the HTTP source to achieve the minimum QoS value set. -

    The default value is 500. +The default value is 500. @@ -748,9 +748,9 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile. -

    Added in Windows 10, version 1703. Specifies any value between 1 and 100 (in percentage) to allow the device to upload data to LAN and Group peers while on battery power. Uploads will automatically pause when the battery level drops below the set minimum battery level. The recommended value to set is 40 (for 40%) if you allow uploads on battery. +Added in Windows 10, version 1703. Specifies any value between 1 and 100 (in percentage) to allow the device to upload data to LAN and Group peers while on battery power. Uploads will automatically pause when the battery level drops below the set minimum battery level. The recommended value to set is 40 (for 40%) if you allow uploads on battery. -

    The default value is 0. The value 0 (zero) means "not limited" and the cloud service default value will be used. +The default value is 0. The value 0 (zero) means "not limited" and the cloud service default value will be used. @@ -795,12 +795,12 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile. -

    Added in Windows 10, version 1703. Specifies the required minimum disk size (capacity in GB) for the device to use Peer Caching. The value 0 means "not-limited" which means the cloud service set default value will be used. Recommended values: 64 GB to 256 GB. +Added in Windows 10, version 1703. Specifies the required minimum disk size (capacity in GB) for the device to use Peer Caching. The value 0 means "not-limited" which means the cloud service set default value will be used. Recommended values: 64 GB to 256 GB. > [!NOTE] > If the DOMofidyCacheDrive policy is set, the disk size check will apply to the new working directory specified by this policy. -

    The default value is 32 GB. +The default value is 32 GB. @@ -845,9 +845,9 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile. -

    Added in Windows 10, version 1703. Specifies the minimum content file size in MB enabled to use Peer Caching. The value 0 means "unlimited" which means the cloud service set default value will be used. Recommended values: 1 MB to 100,000 MB. +Added in Windows 10, version 1703. Specifies the minimum content file size in MB enabled to use Peer Caching. The value 0 means "unlimited" which means the cloud service set default value will be used. Recommended values: 1 MB to 100,000 MB. -

    The default value is 100 MB. +The default value is 100 MB. @@ -892,9 +892,9 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile. -

    Added in Windows 10, version 1703. Specifies the minimum RAM size in GB required to use Peer Caching. The value 0 means "not-limited" which means the cloud service set default value will be used. For example if the minimum set is 1 GB, then devices with 1 GB or higher available RAM will be allowed to use Peer caching. Recommended values: 1 GB to 4 GB. +Added in Windows 10, version 1703. Specifies the minimum RAM size in GB required to use Peer Caching. The value 0 means "not-limited" which means the cloud service set default value will be used. For example if the minimum set is 1 GB, then devices with 1 GB or higher available RAM will be allowed to use Peer caching. Recommended values: 1 GB to 4 GB. -

    The default value is 4 GB. +The default value is 4 GB. @@ -939,9 +939,9 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. -

    Added in Windows 10, version 1607. Specifies the drive that Delivery Optimization should use for its cache. The drive location can be specified using environment variables, drive letter or using a full path. +Added in Windows 10, version 1607. Specifies the drive that Delivery Optimization should use for its cache. The drive location can be specified using environment variables, drive letter or using a full path. -

    By default, %SystemDrive% is used to store the cache. +By default, %SystemDrive% is used to store the cache. @@ -986,11 +986,11 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. -

    Added in Windows 10, version 1607. Specifies the maximum total bytes in GB that Delivery Optimization is allowed to upload to Internet peers in each calendar month. +Added in Windows 10, version 1607. Specifies the maximum total bytes in GB that Delivery Optimization is allowed to upload to Internet peers in each calendar month. -

    The value 0 (zero) means "unlimited"; No monthly upload limit is applied if 0 is set. +The value 0 (zero) means "unlimited"; No monthly upload limit is applied if 0 is set. -

    The default value is 20. +The default value is 20. diff --git a/windows/client-management/mdm/policy-csp-deviceguard.md b/windows/client-management/mdm/policy-csp-deviceguard.md index 4023eee26c..4b9ab87704 100644 --- a/windows/client-management/mdm/policy-csp-deviceguard.md +++ b/windows/client-management/mdm/policy-csp-deviceguard.md @@ -68,7 +68,7 @@ ms.date: 12/14/2017   -

    Added in Windows 10, version 1709. Turns on virtualization based security(VBS) at the next reboot. virtualization based security uses the Windows Hypervisor to provide support for security services. Value type is integer. +Added in Windows 10, version 1709. Turns on virtualization based security(VBS) at the next reboot. virtualization based security uses the Windows Hypervisor to provide support for security services. Value type is integer. @@ -117,7 +117,7 @@ The following list shows the supported values:   -

    Added in Windows 10, version 1709. This setting lets users turn on Credential Guard with virtualization-based security to help protect credentials at next reboot. Value type is integer. +Added in Windows 10, version 1709. This setting lets users turn on Credential Guard with virtualization-based security to help protect credentials at next reboot. Value type is integer. @@ -168,7 +168,7 @@ The following list shows the supported values: Added in Windows 10, version 1709. Specifies the platform security level at the next reboot. Value type is integer.   -

    + diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md index b056313e5a..9d4a67b93c 100644 --- a/windows/client-management/mdm/policy-csp-devicelock.md +++ b/windows/client-management/mdm/policy-csp-devicelock.md @@ -115,7 +115,7 @@ ms.date: 01/12/2018 > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.   -

    Specifies whether the user must input a PIN or password when the device resumes from an idle state. +Specifies whether the user must input a PIN or password when the device resumes from an idle state. > [!NOTE] > This policy must be wrapped in an Atomic command. @@ -170,13 +170,13 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.   -

    Specifies whether to show a user-configurable setting to control the screen timeout while on the lock screen of Windows 10 Mobile devices. +Specifies whether to show a user-configurable setting to control the screen timeout while on the lock screen of Windows 10 Mobile devices. > [!NOTE] > This policy must be wrapped in an Atomic command. -

    The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Not allowed. - 1 – Allowed. @@ -223,18 +223,18 @@ The following list shows the supported values: -

    Specifies whether PINs or passwords such as "1111" or "1234" are allowed. For the desktop, it also controls the use of picture passwords. +Specifies whether PINs or passwords such as "1111" or "1234" are allowed. For the desktop, it also controls the use of picture passwords. > [!NOTE] > This policy must be wrapped in an Atomic command. -

    The following list shows the supported values: +The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. -

    For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx). +For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx). @@ -275,7 +275,7 @@ The following list shows the supported values: -

    Determines the type of PIN or password required. This policy only applies if the **DeviceLock/DevicePasswordEnabled** policy is set to 0 (required). +Determines the type of PIN or password required. This policy only applies if the **DeviceLock/DevicePasswordEnabled** policy is set to 0 (required). > [!NOTE] > This policy must be wrapped in an Atomic command. @@ -283,7 +283,7 @@ The following list shows the supported values: > Always use the Replace command instead of Add for this policy in Windows 10 for desktop editions (Home, Pro, Enterprise, and Education). -

    The following list shows the supported values: +The following list shows the supported values: - 0 – Alphanumeric PIN or password required. - 1 – Numeric PIN or password required. @@ -335,7 +335,7 @@ The following list shows the supported values: -

    Specifies whether device lock is enabled. +Specifies whether device lock is enabled. > [!NOTE] > This policy must be wrapped in an Atomic command. @@ -343,7 +343,7 @@ The following list shows the supported values: > Always use the Replace command instead of Add for this policy in Windows 10 for desktop editions.   -

    The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Enabled - 1 – Disabled @@ -421,20 +421,20 @@ The following list shows the supported values: -

    Specifies when the password expires (in days). +Specifies when the password expires (in days). > [!NOTE] > This policy must be wrapped in an Atomic command. -

    The following list shows the supported values: +The following list shows the supported values: - An integer X where 0 <= X <= 730. - 0 (default) - Passwords do not expire. -

    If all policy values = 0 then 0; otherwise, Min policy value is the most secure value. +If all policy values = 0 then 0; otherwise, Min policy value is the most secure value. -

    For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx). +For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx). @@ -475,22 +475,22 @@ The following list shows the supported values: -

    Specifies how many passwords can be stored in the history that can’t be used. +Specifies how many passwords can be stored in the history that can’t be used. > [!NOTE] > This policy must be wrapped in an Atomic command. -

    The following list shows the supported values: +The following list shows the supported values: - An integer X where 0 <= X <= 50. - 0 (default) -

    The value includes the user's current password. This means that with a setting of 1 the user cannot reuse their current password when choosing a new password, while a setting of 5 means that a user cannot set their new password to their current password or any of their previous four passwords. +The value includes the user's current password. This means that with a setting of 1 the user cannot reuse their current password when choosing a new password, while a setting of 5 means that a user cannot set their new password to their current password or any of their previous four passwords. -

    Max policy value is the most restricted. +Max policy value is the most restricted. -

    For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx). +For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx). @@ -531,13 +531,13 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. Specifies the default lock screen and logon image shown when no user is signed in. It also sets the specified image for all users, which replaces the default image. The same image is used for both the lock and logon screens. Users will not be able to change this image. +Added in Windows 10, version 1607. Specifies the default lock screen and logon image shown when no user is signed in. It also sets the specified image for all users, which replaces the default image. The same image is used for both the lock and logon screens. Users will not be able to change this image. > [!NOTE] > This policy is only enforced in Windows 10 Enterprise and Education editions and not supported in Windows 10 Home and Pro. -

    Value type is a string, which is the full image filepath and filename. +Value type is a string, which is the full image filepath and filename. @@ -578,13 +578,13 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. Restricts lock screen image to a specific lock screen provider. Users will not be able change this provider. +Added in Windows 10, version 1607. Restricts lock screen image to a specific lock screen provider. Users will not be able change this provider. > [!NOTE] > This policy is only enforced in Windows 10 for mobile devices. -

    Value type is a string, which is the AppID. +Value type is a string, which is the AppID. @@ -631,21 +631,21 @@ The number of authentication failures allowed before the device will be wiped. A > This policy must be wrapped in an Atomic command. -

    This policy has different behaviors on the mobile device and desktop. +This policy has different behaviors on the mobile device and desktop. - On a mobile device, when the user reaches the value set by this policy, then the device is wiped. - On a desktop, when the user reaches the value set by this policy, it is not wiped. Instead, the desktop is put on BitLocker recovery mode, which makes the data inaccessible but recoverable. If BitLocker is not enabled, then the policy cannot be enforced. Prior to reaching the failed attempts limit, the user is sent to the lock screen and warned that more failed attempts will lock their computer. When the user reaches the limit, the device automatically reboots and shows the BitLocker recovery page. This page prompts the user for the BitLocker recovery key. -

    The following list shows the supported values: +The following list shows the supported values: - An integer X where 4 <= X <= 16 for desktop and 0 <= X <= 999 for mobile devices. - 0 (default) - The device is never wiped after an incorrect PIN or password is entered. -

    Most secure value is 0 if all policy values = 0; otherwise, Min policy value is the most secure value. +Most secure value is 0 if all policy values = 0; otherwise, Min policy value is the most secure value. -

    For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx). +For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx). @@ -686,18 +686,18 @@ The number of authentication failures allowed before the device will be wiped. A -

    Specifies the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked. Users can select any existing timeout value less than the specified maximum time in the Settings app. Note the Lumia 950 and 950XL have a maximum timeout value of 5 minutes, regardless of the value set by this policy. +Specifies the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked. Users can select any existing timeout value less than the specified maximum time in the Settings app. Note the Lumia 950 and 950XL have a maximum timeout value of 5 minutes, regardless of the value set by this policy. > [!NOTE] > This policy must be wrapped in an Atomic command. -

    The following list shows the supported values: +The following list shows the supported values: - An integer X where 0 <= X <= 999. - 0 (default) - No timeout is defined. The default of "0" is Windows Phone 7.5 parity and is interpreted by as "No timeout is defined." -

    For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx). +For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx). @@ -738,13 +738,13 @@ The number of authentication failures allowed before the device will be wiped. A -

    Specifies the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked while connected to an external display. +Specifies the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked while connected to an external display. > [!NOTE] > This policy must be wrapped in an Atomic command. -

    The following list shows the supported values: +The following list shows the supported values: - An integer X where 0 <= X <= 999. - 0 (default) - No timeout is defined. The default of "0" is Windows Phone 7.5 parity and is interpreted by as "No timeout is defined." @@ -788,21 +788,21 @@ The number of authentication failures allowed before the device will be wiped. A -

    The number of complex element types (uppercase and lowercase letters, numbers, and punctuation) required for a strong PIN or password. +The number of complex element types (uppercase and lowercase letters, numbers, and punctuation) required for a strong PIN or password. > [!NOTE] > This policy must be wrapped in an Atomic command. > > Always use the Replace command instead of Add for this policy in Windows 10 for desktop editions. -

    PIN enforces the following behavior for desktop and mobile devices: +PIN enforces the following behavior for desktop and mobile devices: - 1 - Digits only - 2 - Digits and lowercase letters are required - 3 - Digits, lowercase letters, and uppercase letters are required. Not supported in desktop Microsoft accounts and domain accounts. - 4 - Digits, lowercase letters, uppercase letters, and special characters are required. Not supported in desktop. -

    The default value is 1. The following list shows the supported values and actual enforced values: +The default value is 1. The following list shows the supported values and actual enforced values: @@ -843,7 +843,7 @@ The number of authentication failures allowed before the device will be wiped. A
    -

    Enforced values for Local and Microsoft Accounts: +Enforced values for Local and Microsoft Accounts: - Local accounts support values of 1, 2, and 3, however they always enforce a value of 3. - Passwords for local accounts must meet the following minimum requirements: @@ -857,9 +857,9 @@ The number of authentication failures allowed before the device will be wiped. A - Base 10 digits (0 through 9) - Special characters (!, $, \#, %, etc.) -

    The enforcement of policies for Microsoft accounts happen on the server, and the server requires a password length of 8 and a complexity of 2. A complexity value of 3 or 4 is unsupported and setting this value on the server makes Microsoft accounts non-compliant. +The enforcement of policies for Microsoft accounts happen on the server, and the server requires a password length of 8 and a complexity of 2. A complexity value of 3 or 4 is unsupported and setting this value on the server makes Microsoft accounts non-compliant. -

    For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx) and [KB article](https://support.office.com/article/This-device-doesn-t-meet-the-security-requirements-set-by-your-email-administrator-87132fc7-2c7f-4a71-9de0-779ff81c86ca). +For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx) and [KB article](https://support.office.com/article/This-device-doesn-t-meet-the-security-requirements-set-by-your-email-administrator-87132fc7-2c7f-4a71-9de0-779ff81c86ca). @@ -900,7 +900,7 @@ The number of authentication failures allowed before the device will be wiped. A -

    Specifies the minimum number or characters required in the PIN or password. +Specifies the minimum number or characters required in the PIN or password. > [!NOTE] > This policy must be wrapped in an Atomic command. @@ -908,15 +908,15 @@ The number of authentication failures allowed before the device will be wiped. A > Always use the Replace command instead of Add for this policy in Windows 10 for desktop editions. -

    The following list shows the supported values: +The following list shows the supported values: - An integer X where 4 <= X <= 16 for mobile devices and desktop. However, local accounts will always enforce a minimum password length of 6. - Not enforced. - The default value is 4 for mobile devices and desktop devices. -

    Max policy value is the most restricted. +Max policy value is the most restricted. -

    For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx) and [KB article](https://support.office.com/article/This-device-doesn-t-meet-the-security-requirements-set-by-your-email-administrator-87132fc7-2c7f-4a71-9de0-779ff81c86ca). +For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx) and [KB article](https://support.office.com/article/This-device-doesn-t-meet-the-security-requirements-set-by-your-email-administrator-87132fc7-2c7f-4a71-9de0-779ff81c86ca). @@ -1074,15 +1074,15 @@ ADMX Info: > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.   -

    Allows an enterprise to set the duration in seconds for the screen timeout while on the lock screen of Windows 10 Mobile devices. +Allows an enterprise to set the duration in seconds for the screen timeout while on the lock screen of Windows 10 Mobile devices. -

    Minimum supported value is 10. +Minimum supported value is 10. -

    Maximum supported value is 1800. +Maximum supported value is 1800. -

    The default value is 10. +The default value is 10. -

    Most restricted value is 0. +Most restricted value is 0. diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md index b23977c0bc..2f510c687c 100644 --- a/windows/client-management/mdm/policy-csp-display.md +++ b/windows/client-management/mdm/policy-csp-display.md @@ -64,17 +64,17 @@ ms.date: 11/01/2017 -

    GDI DPI Scaling enables applications that are not DPI aware to become per monitor DPI aware. +GDI DPI Scaling enables applications that are not DPI aware to become per monitor DPI aware. -

    This policy setting lets you specify legacy applications that have GDI DPI Scaling turned off. +This policy setting lets you specify legacy applications that have GDI DPI Scaling turned off. -

    If you enable this policy setting, GDI DPI Scaling is turned off for all applications in the list, even if they are enabled by using ApplicationCompatibility database, ApplicationCompatibility UI System (Enhanced) setting, or an application manifest. +If you enable this policy setting, GDI DPI Scaling is turned off for all applications in the list, even if they are enabled by using ApplicationCompatibility database, ApplicationCompatibility UI System (Enhanced) setting, or an application manifest. -

    If you disable or do not configure this policy setting, GDI DPI Scaling might still be turned on for legacy applications. +If you disable or do not configure this policy setting, GDI DPI Scaling might still be turned on for legacy applications. -

    If GDI DPI Scaling is configured to both turn off and turn on an application, the application will be turned off. +If GDI DPI Scaling is configured to both turn off and turn on an application, the application will be turned off. -

    To validate on Desktop, do the following: +To validate on Desktop, do the following: 1. Configure the setting for an app which has GDI DPI scaling enabled via MDM or any other supported mechanisms. 2. Run the app and observe blurry text. @@ -118,17 +118,17 @@ ms.date: 11/01/2017 -

    GDI DPI Scaling enables applications that are not DPI aware to become per monitor DPI aware. +GDI DPI Scaling enables applications that are not DPI aware to become per monitor DPI aware. -

    This policy setting lets you specify legacy applications that have GDI DPI Scaling turned on. +This policy setting lets you specify legacy applications that have GDI DPI Scaling turned on. -

    If you enable this policy setting, GDI DPI Scaling is turned on for all legacy applications in the list. +If you enable this policy setting, GDI DPI Scaling is turned on for all legacy applications in the list. -

    If you disable or do not configure this policy setting, GDI DPI Scaling will not be enabled for an application except when an application is enabled by using ApplicationCompatibility database, ApplicationCompatibility UI System (Enhanced) setting, or an application manifest. +If you disable or do not configure this policy setting, GDI DPI Scaling will not be enabled for an application except when an application is enabled by using ApplicationCompatibility database, ApplicationCompatibility UI System (Enhanced) setting, or an application manifest. -

    If GDI DPI Scaling is configured to both turn off and turn on an application, the application will be turned off. +If GDI DPI Scaling is configured to both turn off and turn on an application, the application will be turned off. -

    To validate on Desktop, do the following: +To validate on Desktop, do the following: 1. Configure the setting for an app which uses GDI. 2. Run the app and observe crisp text. diff --git a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md index 3506a2c3f1..a53e00425b 100644 --- a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md +++ b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md @@ -76,11 +76,11 @@ ms.date: 11/01/2017 -

    Added in Windows 10, version 1703. Specifies the authentication endpoint for acquiring OAuth tokens. This policy must target ./User, otherwise it fails. +Added in Windows 10, version 1703. Specifies the authentication endpoint for acquiring OAuth tokens. This policy must target ./User, otherwise it fails. -

    The datatype is a string. +The datatype is a string. -

    The default value is an empty string. Otherwise, the value should contain the URL of an endpoint. For example, "https://azuretenant.contoso.com/adfs". +The default value is an empty string. Otherwise, the value should contain the URL of an endpoint. For example, "https://azuretenant.contoso.com/adfs". @@ -121,11 +121,11 @@ ms.date: 11/01/2017 -

    Added in Windows 10, version 1703. Specifies the GUID of a client application authorized to retrieve OAuth tokens from the OAuthAuthority. This policy must target ./User, otherwise it fails. +Added in Windows 10, version 1703. Specifies the GUID of a client application authorized to retrieve OAuth tokens from the OAuthAuthority. This policy must target ./User, otherwise it fails. -

    The datatype is a string. +The datatype is a string. -

    The default value is an empty string. Otherwise, the value should contain a GUID. For example, "E1CF1107-FF90-4228-93BF-26052DD2C714". +The default value is an empty string. Otherwise, the value should contain a GUID. For example, "E1CF1107-FF90-4228-93BF-26052DD2C714". @@ -166,11 +166,11 @@ ms.date: 11/01/2017 -

    Added in Windows 10, version 1703. Specifies the per-user resource URL for which access is requested by the enterprise cloud print client during OAuth authentication. This policy must target ./User, otherwise it fails. +Added in Windows 10, version 1703. Specifies the per-user resource URL for which access is requested by the enterprise cloud print client during OAuth authentication. This policy must target ./User, otherwise it fails. -

    The datatype is a string. +The datatype is a string. -

    The default value is an empty string. Otherwise, the value should contain a URL. For example, "http://MicrosoftEnterpriseCloudPrint/CloudPrint". +The default value is an empty string. Otherwise, the value should contain a URL. For example, "http://MicrosoftEnterpriseCloudPrint/CloudPrint". @@ -211,11 +211,11 @@ ms.date: 11/01/2017 -

    Added in Windows 10, version 1703. Specifies the per-user end point for discovering cloud printers. This policy must target ./User, otherwise it fails. +Added in Windows 10, version 1703. Specifies the per-user end point for discovering cloud printers. This policy must target ./User, otherwise it fails. -

    The datatype is a string. +The datatype is a string. -

    The default value is an empty string. Otherwise, the value should contain the URL of an endpoint. For example, "https://cloudprinterdiscovery.contoso.com". +The default value is an empty string. Otherwise, the value should contain the URL of an endpoint. For example, "https://cloudprinterdiscovery.contoso.com". @@ -256,11 +256,11 @@ ms.date: 11/01/2017 -

    Added in Windows 10, version 1703. Defines the maximum number of printers that should be queried from a discovery end point. This policy must target ./User, otherwise it fails. +Added in Windows 10, version 1703. Defines the maximum number of printers that should be queried from a discovery end point. This policy must target ./User, otherwise it fails. -

    The datatype is an integer. +The datatype is an integer. -

    For Windows Mobile, the default value is 20. +For Windows Mobile, the default value is 20. @@ -301,11 +301,11 @@ ms.date: 11/01/2017 -

    Added in Windows 10, version 1703. Specifies the per-user resource URL for which access is requested by the Mopria discovery client during OAuth authentication. This policy must target ./User, otherwise it fails. +Added in Windows 10, version 1703. Specifies the per-user resource URL for which access is requested by the Mopria discovery client during OAuth authentication. This policy must target ./User, otherwise it fails. -

    The datatype is a string. +The datatype is a string. -

    The default value is an empty string. Otherwise, the value should contain a URL. For example, "http://MopriaDiscoveryService/CloudPrint". +The default value is an empty string. Otherwise, the value should contain a URL. For example, "http://MopriaDiscoveryService/CloudPrint". diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md index 8d3786e647..cb04d76f6a 100644 --- a/windows/client-management/mdm/policy-csp-experience.md +++ b/windows/client-management/mdm/policy-csp-experience.md @@ -126,9 +126,9 @@ ms.date: 12/19/2017 > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. -

    Specifies whether copy and paste is allowed. +Specifies whether copy and paste is allowed. -

    Most restricted value is 0. +Most restricted value is 0. @@ -176,9 +176,9 @@ The following list shows the supported values: -

    Specifies whether Cortana is allowed on the device. If you enable or don’t configure this setting, Cortana is allowed on the device. If you disable this setting, Cortana is turned off. When Cortana is off, users will still be able to use search to find items on the device. +Specifies whether Cortana is allowed on the device. If you enable or don’t configure this setting, Cortana is allowed on the device. If you disable this setting, Cortana is turned off. When Cortana is off, users will still be able to use search to find items on the device. -

    Most restricted value is 0. +Most restricted value is 0. @@ -226,11 +226,11 @@ The following list shows the supported values: -

    Allows users to turn on/off device discovery UX. +Allows users to turn on/off device discovery UX. -

    When set to 0 , the projection pane is disabled. The Win+P and Win+K shortcut keys will not work on. +When set to 0 , the projection pane is disabled. The Win+P and Win+K shortcut keys will not work on. -

    Most restricted value is 0. +Most restricted value is 0. @@ -278,11 +278,11 @@ The following list shows the supported values: -

    Added in Windows 10, version 1703. This policy turns on Find My Device. +Added in Windows 10, version 1703. This policy turns on Find My Device. -

    When Find My Device is on, the device and its location are registered in the cloud so that the device can be located when the user initiates a Find command from account.microsoft.com. In Windows 10, version 1709 devices that are compatible with active digitizers, enabling Find My Device will also allow the user to view the last location of use of their active digitizer on their device; this location is stored locally on the user's device after each use of their active digitizer. +When Find My Device is on, the device and its location are registered in the cloud so that the device can be located when the user initiates a Find command from account.microsoft.com. In Windows 10, version 1709 devices that are compatible with active digitizers, enabling Find My Device will also allow the user to view the last location of use of their active digitizer on their device; this location is stored locally on the user's device after each use of their active digitizer. -

    When Find My Device is off, the device and its location are not registered and the Find My Device feature will not work. In Windows 10, version 1709 the user will not be able to view the location of the last use of their active digitizer on their device. +When Find My Device is off, the device and its location are not registered and the Find My Device feature will not work. In Windows 10, version 1709 the user will not be able to view the location of the last use of their active digitizer on their device. @@ -330,13 +330,13 @@ The following list shows the supported values: -

    Specifies whether to allow the user to delete the workplace account using the workplace control panel. If the device is Azure Active Directory joined and MDM enrolled (e.g. auto-enrolled), which is majority of the case for Intune, then disabling the MDM unenrollment has no effect. +Specifies whether to allow the user to delete the workplace account using the workplace control panel. If the device is Azure Active Directory joined and MDM enrolled (e.g. auto-enrolled), which is majority of the case for Intune, then disabling the MDM unenrollment has no effect. > [!NOTE] > The MDM server can always remotely delete the account. -

    Most restricted value is 0. +Most restricted value is 0. @@ -388,7 +388,7 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. -

    Specifies whether to display dialog prompt when no SIM card is detected. +Specifies whether to display dialog prompt when no SIM card is detected. @@ -448,9 +448,9 @@ This policy is deprecated. > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. -

    Specifies whether screen capture is allowed. +Specifies whether screen capture is allowed. -

    Most restricted value is 0. +Most restricted value is 0. @@ -506,7 +506,7 @@ This policy is deprecated. -

    Allows or disallows all Windows sync settings on the device. For information about what settings are sync'ed, see [About sync setting on Windows 10 devices](http://windows.microsoft.com/windows-10/about-sync-settings-on-windows-10-devices). +Allows or disallows all Windows sync settings on the device. For information about what settings are sync'ed, see [About sync setting on Windows 10 devices](http://windows.microsoft.com/windows-10/about-sync-settings-on-windows-10-devices). @@ -557,13 +557,13 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. -

    Added in Windows 10, version 1703. This policy allows you to prevent Windows from using diagnostic data to provide customized experiences to the user. If you enable this policy setting, Windows will not use diagnostic data from this device to customize content shown on the lock screen, Windows tips, Microsoft consumer features, or other related features. If these features are enabled, users will still see recommendations, tips and offers, but they may be less relevant. If you disable or do not configure this policy setting, Microsoft will use diagnostic data to provide personalized recommendations, tips, and offers to tailor Windows for the user's needs and make it work better for them. +Added in Windows 10, version 1703. This policy allows you to prevent Windows from using diagnostic data to provide customized experiences to the user. If you enable this policy setting, Windows will not use diagnostic data from this device to customize content shown on the lock screen, Windows tips, Microsoft consumer features, or other related features. If these features are enabled, users will still see recommendations, tips and offers, but they may be less relevant. If you disable or do not configure this policy setting, Microsoft will use diagnostic data to provide personalized recommendations, tips, and offers to tailor Windows for the user's needs and make it work better for them. -

    Diagnostic data can include browser, app and feature usage, depending on the "Diagnostic and usage data" setting value. +Diagnostic data can include browser, app and feature usage, depending on the "Diagnostic and usage data" setting value. > **Note** This setting does not control Cortana cutomized experiences because there are separate policies to configure it. -

    Most restricted value is 0. +Most restricted value is 0. @@ -615,7 +615,7 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. -

    Allows or disallows task switching on the device. +Allows or disallows task switching on the device. @@ -667,7 +667,7 @@ The following list shows the supported values: > This policy is only available for Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education. -

    Specifies whether to allow app and content suggestions from third-party software publishers in Windows spotlight features like lock screen spotlight, suggested apps in the Start menu, and Windows tips. Users may still see suggestions for Microsoft features, apps, and services. +Specifies whether to allow app and content suggestions from third-party software publishers in Windows spotlight features like lock screen spotlight, suggested apps in the Start menu, and Windows tips. Users may still see suggestions for Microsoft features, apps, and services. @@ -719,9 +719,9 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. -

    Specifies whether voice recording is allowed for apps. +Specifies whether voice recording is allowed for apps. -

    Most restricted value is 0. +Most restricted value is 0. @@ -773,9 +773,9 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. -

    This policy allows IT admins to turn on experiences that are typically for consumers only, such as Start suggestions, Membership notifications, Post-OOBE app install and redirect tiles. +This policy allows IT admins to turn on experiences that are typically for consumers only, such as Start suggestions, Membership notifications, Post-OOBE app install and redirect tiles. -

    Most restricted value is 0. +Most restricted value is 0. @@ -827,9 +827,9 @@ The following list shows the supported values: > This policy is only available for Windows 10 Enterprise and Windows 10 Education. -

    Specifies whether to turn off all Windows spotlight features at once. If you enable this policy setting, Windows spotlight on lock screen, Windows Tips, Microsoft consumer features and other related features will be turned off. You should enable this policy setting if your goal is to minimize network traffic from target devices. If you disable or do not configure this policy setting, Windows spotlight features are allowed and may be controlled individually using their corresponding policy settings. +Specifies whether to turn off all Windows spotlight features at once. If you enable this policy setting, Windows spotlight on lock screen, Windows Tips, Microsoft consumer features and other related features will be turned off. You should enable this policy setting if your goal is to minimize network traffic from target devices. If you disable or do not configure this policy setting, Windows spotlight features are allowed and may be controlled individually using their corresponding policy settings. -

    Most restricted value is 0. +Most restricted value is 0. @@ -880,9 +880,9 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. -

    Added in Windows 10, version 1703. This policy allows administrators to prevent Windows spotlight notifications from being displayed in the Action Center. If you enable this policy, Windows spotlight notifications will no longer be displayed in the Action Center. If you disable or do not configure this policy, Microsoft may display notifications in the Action Center that will suggest apps or features to help users be more productive on Windows. +Added in Windows 10, version 1703. This policy allows administrators to prevent Windows spotlight notifications from being displayed in the Action Center. If you enable this policy, Windows spotlight notifications will no longer be displayed in the Action Center. If you disable or do not configure this policy, Microsoft may display notifications in the Action Center that will suggest apps or features to help users be more productive on Windows. -

    Most restricted value is 0. +Most restricted value is 0. @@ -933,10 +933,10 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. -

    Added in Windows 10, version 1703. This policy setting lets you turn off the Windows spotlight Windows welcome experience feature. +Added in Windows 10, version 1703. This policy setting lets you turn off the Windows spotlight Windows welcome experience feature. The Windows welcome experience feature introduces onboard users to Windows; for example, launching Microsoft Edge with a webpage that highlights new features. If you enable this policy, the Windows welcome experience will no longer be displayed when there are updates and changes to Windows and its apps. If you disable or do not configure this policy, the Windows welcome experience will be launched to inform onboard users about what's new, changed, and suggested. -

    Most restricted value is 0. +Most restricted value is 0. @@ -1036,9 +1036,9 @@ The following list shows the supported values: > This policy is only available for Windows 10 Enterprise and Windows 10 Education. -

    Allows IT admins to specify whether spotlight should be used on the user's lock screen. If your organization does not have an Enterprise spotlight content service, then this policy will behave the same as a setting of 1. +Allows IT admins to specify whether spotlight should be used on the user's lock screen. If your organization does not have an Enterprise spotlight content service, then this policy will behave the same as a setting of 1. -

    The following list shows the supported values: +The following list shows the supported values: - 0 – None. - 1 (default) – Windows spotlight enabled. @@ -1083,13 +1083,13 @@ The following list shows the supported values: -

    Prevents devices from showing feedback questions from Microsoft. +Prevents devices from showing feedback questions from Microsoft. -

    If you enable this policy setting, users will no longer see feedback notifications through the Feedback hub app. If you disable or do not configure this policy setting, users may see notifications through the Feedback hub app asking users for feedback. +If you enable this policy setting, users will no longer see feedback notifications through the Feedback hub app. If you disable or do not configure this policy setting, users may see notifications through the Feedback hub app asking users for feedback. -

    If you disable or do not configure this policy setting, users can control how often they receive feedback questions. +If you disable or do not configure this policy setting, users can control how often they receive feedback questions. -

    The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Feedback notifications are not disabled. The actual state of feedback notifications on the device will then depend on what GP has configured or what the user has configured locally. - 1 – Feedback notifications are disabled. diff --git a/windows/client-management/mdm/policy-csp-exploitguard.md b/windows/client-management/mdm/policy-csp-exploitguard.md index e165e843f7..7c42eba692 100644 --- a/windows/client-management/mdm/policy-csp-exploitguard.md +++ b/windows/client-management/mdm/policy-csp-exploitguard.md @@ -61,11 +61,11 @@ ms.date: 11/01/2017 -

    Enables the IT admin to push out a configuration representing the desired system and application mitigation options to all the devices in the organization. The configuration is represented by an XML. For more information Exploit Protection, see [Protect devices from exploits with Windows Defender Exploit Guard](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard) and [Import, export, and deploy Exploit Protection configurations](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml). +Enables the IT admin to push out a configuration representing the desired system and application mitigation options to all the devices in the organization. The configuration is represented by an XML. For more information Exploit Protection, see [Protect devices from exploits with Windows Defender Exploit Guard](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard) and [Import, export, and deploy Exploit Protection configurations](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml). -

    The system settings require a reboot; the application settings do not require a reboot. +The system settings require a reboot; the application settings do not require a reboot. -

    Here is an example: +Here is an example: ``` syntax diff --git a/windows/client-management/mdm/policy-csp-games.md b/windows/client-management/mdm/policy-csp-games.md index 17be10dc9d..86a2dccbac 100644 --- a/windows/client-management/mdm/policy-csp-games.md +++ b/windows/client-management/mdm/policy-csp-games.md @@ -61,7 +61,7 @@ ms.date: 12/14/2017 -

    Added in Windows 10, version 1709. Specifies whether advanced gaming services can be used. These services may send data to Microsoft or publishers of games that use these services. Value type is integer. +Added in Windows 10, version 1709. Specifies whether advanced gaming services can be used. These services may send data to Microsoft or publishers of games that use these services. Value type is integer. diff --git a/windows/client-management/mdm/policy-csp-handwriting.md b/windows/client-management/mdm/policy-csp-handwriting.md index 3ca3c0d2bd..6806de6ebf 100644 --- a/windows/client-management/mdm/policy-csp-handwriting.md +++ b/windows/client-management/mdm/policy-csp-handwriting.md @@ -61,13 +61,13 @@ ms.date: 12/14/2017 -

    Added in Windows 10. version 1709. This policy allows an enterprise to configure the default mode for the handwriting panel. +Added in Windows 10. version 1709. This policy allows an enterprise to configure the default mode for the handwriting panel. -

    The handwriting panel has 2 modes - floats near the text box, or docked to the bottom of the screen. The default configuration to is floating near text box. If you want the panel to be fixed or docked, use this policy to fix it to the bottom of the screen. +The handwriting panel has 2 modes - floats near the text box, or docked to the bottom of the screen. The default configuration to is floating near text box. If you want the panel to be fixed or docked, use this policy to fix it to the bottom of the screen. -

    In floating mode, the content is hidden behind a flying-in panel and results in end-user dissatisfaction. The end-user will need to drag the flying-in panel to see the rest of the content. In the fixed mode, the flying-in panel is fixed to the bottom of the screen and does not require any user interaction. +In floating mode, the content is hidden behind a flying-in panel and results in end-user dissatisfaction. The end-user will need to drag the flying-in panel to see the rest of the content. In the fixed mode, the flying-in panel is fixed to the bottom of the screen and does not require any user interaction. -

    The docked mode is especially useful in Kiosk mode where you do not expect the end-user to drag the flying-in panel out of the way. +The docked mode is especially useful in Kiosk mode where you do not expect the end-user to drag the flying-in panel out of the way. diff --git a/windows/client-management/mdm/policy-csp-licensing.md b/windows/client-management/mdm/policy-csp-licensing.md index 64f7550a15..58a2418bf7 100644 --- a/windows/client-management/mdm/policy-csp-licensing.md +++ b/windows/client-management/mdm/policy-csp-licensing.md @@ -64,7 +64,7 @@ ms.date: 12/14/2017 -

    Added in Windows 10, version 1607. Enables or Disable Windows license reactivation on managed devices. +Added in Windows 10, version 1607. Enables or Disable Windows license reactivation on managed devices. @@ -112,7 +112,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. Enabling this setting prevents this computer from sending data to Microsoft regarding its activation state. +Added in Windows 10, version 1607. Enabling this setting prevents this computer from sending data to Microsoft regarding its activation state. diff --git a/windows/client-management/mdm/policy-csp-location.md b/windows/client-management/mdm/policy-csp-location.md index 9c979b9d53..bc22abef7f 100644 --- a/windows/client-management/mdm/policy-csp-location.md +++ b/windows/client-management/mdm/policy-csp-location.md @@ -61,17 +61,17 @@ ms.date: 11/01/2017 -

    Added in Windows 10, version 1703. Optional policy that allows for IT admin to preconfigure whether or not Location Service's Device Switch is enabled or disabled for the device. Setting this policy is not required for Location Services to function. This policy controls a device wide state that affects all users, apps, and services ability to find the device's latitude and longitude on a map. There is a separate user switch that defines whether the location service is allowed to retrieve a position for the current user. In order to retrieve a position for a specific user, both the Device Switch and the User Switch must be enabled. If either is disabled, positions cannot be retrieved for the user. The user can later change both the User Switch and the Device Switch through the user interface on the Settings -> Privacy -> Location page. +Added in Windows 10, version 1703. Optional policy that allows for IT admin to preconfigure whether or not Location Service's Device Switch is enabled or disabled for the device. Setting this policy is not required for Location Services to function. This policy controls a device wide state that affects all users, apps, and services ability to find the device's latitude and longitude on a map. There is a separate user switch that defines whether the location service is allowed to retrieve a position for the current user. In order to retrieve a position for a specific user, both the Device Switch and the User Switch must be enabled. If either is disabled, positions cannot be retrieved for the user. The user can later change both the User Switch and the Device Switch through the user interface on the Settings -> Privacy -> Location page. > [!IMPORTANT] > This policy is not intended to ever be set, pushed, or refreshed more than one time after the first boot of the device because it is meant as initial configuration. Refreshing this policy might result in the Location Service's Device Switch changing state to something the user did not select, which is not an intended use for this policy. -

    The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Disabled. - 1 – Enabled. -

    To validate on Desktop, do the following: +To validate on Desktop, do the following: 1. Verify that Settings -> Privacy -> Location -> Location for this device is On/Off as expected. 2. Use Windows Maps Application (or similar) to see if a location can or cannot be obtained. diff --git a/windows/client-management/mdm/policy-csp-lockdown.md b/windows/client-management/mdm/policy-csp-lockdown.md index 8db727d554..af9df333ee 100644 --- a/windows/client-management/mdm/policy-csp-lockdown.md +++ b/windows/client-management/mdm/policy-csp-lockdown.md @@ -61,9 +61,9 @@ ms.date: 12/14/2017 -

    Added in Windows 10, version 1607. Allows the user to invoke any system user interface by swiping in from any screen edge using touch. +Added in Windows 10, version 1607. Allows the user to invoke any system user interface by swiping in from any screen edge using touch. -

    The easiest way to verify the policy is to restart the explorer process or to reboot after the policy is applied. And then try to swipe from the right edge of the screen. The desired result is for Action Center to not be invoked by the swipe. You can also enter tablet mode and attempt to swipe from the top of the screen to rearrange. That will also be disabled. +The easiest way to verify the policy is to restart the explorer process or to reboot after the policy is applied. And then try to swipe from the right edge of the screen. The desired result is for Action Center to not be invoked by the swipe. You can also enter tablet mode and attempt to swipe from the top of the screen to rearrange. That will also be disabled. diff --git a/windows/client-management/mdm/policy-csp-maps.md b/windows/client-management/mdm/policy-csp-maps.md index aca34d8a1b..06b6844b22 100644 --- a/windows/client-management/mdm/policy-csp-maps.md +++ b/windows/client-management/mdm/policy-csp-maps.md @@ -64,9 +64,9 @@ ms.date: 12/14/2017 -

    Added in Windows 10, version 1607. Allows the download and update of map data over metered connections. +Added in Windows 10, version 1607. Allows the download and update of map data over metered connections. -

    After the policy is applied, you can verify the settings in the user interface in **System** > **Offline Maps**. +After the policy is applied, you can verify the settings in the user interface in **System** > **Offline Maps**. @@ -115,9 +115,9 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. Disables the automatic download and update of map data. +Added in Windows 10, version 1607. Disables the automatic download and update of map data. -

    After the policy is applied, you can verify the settings in the user interface in **System** > **Offline Maps**. +After the policy is applied, you can verify the settings in the user interface in **System** > **Offline Maps**. diff --git a/windows/client-management/mdm/policy-csp-messaging.md b/windows/client-management/mdm/policy-csp-messaging.md index 4d41080dfa..aa1c3698b6 100644 --- a/windows/client-management/mdm/policy-csp-messaging.md +++ b/windows/client-management/mdm/policy-csp-messaging.md @@ -70,9 +70,9 @@ ms.date: 11/01/2017 > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. -

    Added in Windows 10, version 1703. Enables or disables the MMS send/receive functionality on the device. For enterprises, this policy can be used to disable MMS on devices as part of the auditing or management requirement. +Added in Windows 10, version 1703. Enables or disables the MMS send/receive functionality on the device. For enterprises, this policy can be used to disable MMS on devices as part of the auditing or management requirement. -

    The following list shows the supported values: +The following list shows the supported values: - 0 - Disabled. - 1 (default) - Enabled. @@ -116,9 +116,9 @@ ms.date: 11/01/2017 -

    Added in Windows 10, version 1607. Enables text message back up and restore and Messaging Everywhere. This policy allows an organization to disable these features to avoid information being stored on servers outside of their control. +Added in Windows 10, version 1607. Enables text message back up and restore and Messaging Everywhere. This policy allows an organization to disable these features to avoid information being stored on servers outside of their control. -

    The following list shows the supported values: +The following list shows the supported values: - 0 - message sync is not allowed and cannot be changed by the user. - 1 - message sync is allowed. The user can change this setting. @@ -165,9 +165,9 @@ ms.date: 11/01/2017 > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. -

    Added in Windows 10, version 1703. Enables or disables the RCS send/receive functionality on the device. For enterprises, this policy can be used to disable RCS on devices as part of the auditing or management requirement. +Added in Windows 10, version 1703. Enables or disables the RCS send/receive functionality on the device. For enterprises, this policy can be used to disable RCS on devices as part of the auditing or management requirement. -

    The following list shows the supported values: +The following list shows the supported values: - 0 - Disabled. - 1 (default) - Enabled. diff --git a/windows/client-management/mdm/policy-csp-networkisolation.md b/windows/client-management/mdm/policy-csp-networkisolation.md index c15086a614..341511e93c 100644 --- a/windows/client-management/mdm/policy-csp-networkisolation.md +++ b/windows/client-management/mdm/policy-csp-networkisolation.md @@ -82,7 +82,7 @@ ms.date: 11/01/2017 -

    Contains a list of Enterprise resource domains hosted in the cloud that need to be protected. Connections to these resources are considered enterprise data. If a proxy is paired with a cloud resource, traffic to the cloud resource will be routed through the enterprise network via the denoted proxy server (on Port 80). A proxy server used for this purpose must also be configured using the **EnterpriseInternalProxyServers** policy. This domain list is a pipe-separated list of cloud resources. Each cloud resource can also be paired optionally with an internal proxy server by using a trailing comma followed by the proxy address. For example, **<*cloudresource*>|<*cloudresource*>|<*cloudresource*>,<*proxy*>|<*cloudresource*>|<*cloudresource*>,<*proxy*>|**. +Contains a list of Enterprise resource domains hosted in the cloud that need to be protected. Connections to these resources are considered enterprise data. If a proxy is paired with a cloud resource, traffic to the cloud resource will be routed through the enterprise network via the denoted proxy server (on Port 80). A proxy server used for this purpose must also be configured using the **EnterpriseInternalProxyServers** policy. This domain list is a pipe-separated list of cloud resources. Each cloud resource can also be paired optionally with an internal proxy server by using a trailing comma followed by the proxy address. For example, **<*cloudresource*>|<*cloudresource*>|<*cloudresource*>,<*proxy*>|<*cloudresource*>|<*cloudresource*>,<*proxy*>|**. @@ -123,7 +123,7 @@ ms.date: 11/01/2017 -

    Sets the enterprise IP ranges that define the computers in the enterprise network. Data that comes from those computers will be considered part of the enterprise and protected. These locations will be considered a safe destination for enterprise data to be shared to. This is a comma-separated list of IPv4 and IPv6 ranges. +Sets the enterprise IP ranges that define the computers in the enterprise network. Data that comes from those computers will be considered part of the enterprise and protected. These locations will be considered a safe destination for enterprise data to be shared to. This is a comma-separated list of IPv4 and IPv6 ranges. @@ -177,7 +177,7 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff -

    Boolean value that tells the client to accept the configured list and not to use heuristics to attempt to find other subnets. +Boolean value that tells the client to accept the configured list and not to use heuristics to attempt to find other subnets. @@ -218,7 +218,7 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff -

    This is the comma-separated list of internal proxy servers. For example "157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59". These proxies have been configured by the admin to connect to specific resources on the Internet. They are considered to be enterprise network locations. The proxies are only leveraged in configuring the **EnterpriseCloudResources** policy to force traffic to the matched cloud resources through these proxies. +This is the comma-separated list of internal proxy servers. For example "157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59". These proxies have been configured by the admin to connect to specific resources on the Internet. They are considered to be enterprise network locations. The proxies are only leveraged in configuring the **EnterpriseCloudResources** policy to force traffic to the matched cloud resources through these proxies. @@ -259,13 +259,13 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff -

    This is the list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device will be considered enterprise data and protected These locations will be considered a safe destination for enterprise data to be shared to. This is a comma-separated list of domains, for example "contoso.sharepoint.com, Fabrikam.com". +This is the list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device will be considered enterprise data and protected These locations will be considered a safe destination for enterprise data to be shared to. This is a comma-separated list of domains, for example "contoso.sharepoint.com, Fabrikam.com". > [!NOTE] > The client requires domain name to be canonical, otherwise the setting will be rejected by the client.   -

    Here are the steps to create canonical domain names: +Here are the steps to create canonical domain names: 1. Transform the ASCII characters (A-Z only) to lower case. For example, Microsoft.COM -> microsoft.com. 2. Call [IdnToAscii](https://msdn.microsoft.com/library/windows/desktop/dd318149.aspx) with IDN\_USE\_STD3\_ASCII\_RULES as the flags. @@ -310,7 +310,7 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff -

    This is a comma-separated list of proxy servers. Any server on this list is considered non-enterprise. For example "157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59". +This is a comma-separated list of proxy servers. Any server on this list is considered non-enterprise. For example "157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59". @@ -351,7 +351,7 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff -

    Boolean value that tells the client to accept the configured list of proxies and not try to detect other work proxies. +Boolean value that tells the client to accept the configured list of proxies and not try to detect other work proxies. @@ -392,7 +392,7 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff -

    List of domain names that can used for work or personal resource. +List of domain names that can used for work or personal resource. diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md index 1aaec21713..f5d74704a5 100644 --- a/windows/client-management/mdm/policy-csp-notifications.md +++ b/windows/client-management/mdm/policy-csp-notifications.md @@ -61,11 +61,11 @@ ms.date: 12/14/2017 -

    Added in Windows 10, version 1607. Boolean value that turns off notification mirroring. +Added in Windows 10, version 1607. Boolean value that turns off notification mirroring. -

    For each user logged into the device, if you enable this policy (set value to 1) the app and system notifications received by this user on this device will not get mirrored to other devices of the same logged in user. If you disable or do not configure this policy (set value to 0) the notifications received by this user on this device will be mirrored to other devices of the same logged in user. This feature can be turned off by apps that do not want to participate in Notification Mirroring. This feature can also be turned off by the user in the Cortana setting page. +For each user logged into the device, if you enable this policy (set value to 1) the app and system notifications received by this user on this device will not get mirrored to other devices of the same logged in user. If you disable or do not configure this policy (set value to 0) the notifications received by this user on this device will be mirrored to other devices of the same logged in user. This feature can be turned off by apps that do not want to participate in Notification Mirroring. This feature can also be turned off by the user in the Cortana setting page. -

    No reboot or service restart is required for this policy to take effect. +No reboot or service restart is required for this policy to take effect. diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md index 533e43da2d..e4ff5000c9 100644 --- a/windows/client-management/mdm/policy-csp-power.md +++ b/windows/client-management/mdm/policy-csp-power.md @@ -145,13 +145,13 @@ ADMX Info: -

    Added in Windows 10, version 1709. Turn off the display (on battery). This policy setting allows you to specify the period of inactivity before Windows turns off the display. +Added in Windows 10, version 1709. Turn off the display (on battery). This policy setting allows you to specify the period of inactivity before Windows turns off the display. -

    If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the display. +If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the display. -

    If you disable or do not configure this policy setting, users control this setting. +If you disable or do not configure this policy setting, users control this setting. -

    If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the display from turning off. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature. +If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the display from turning off. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature. > [!TIP] @@ -207,13 +207,13 @@ ADMX Info: -

    Added in Windows 10, version 1709. Turn off the display (plugged in). This policy setting allows you to specify the period of inactivity before Windows turns off the display. +Added in Windows 10, version 1709. Turn off the display (plugged in). This policy setting allows you to specify the period of inactivity before Windows turns off the display. -

    If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the display. +If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the display. -

    If you disable or do not configure this policy setting, users control this setting. +If you disable or do not configure this policy setting, users control this setting. -

    If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the display from turning off. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature. +If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the display from turning off. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature. > [!TIP] @@ -269,14 +269,14 @@ ADMX Info: -

    Added in Windows 10, version 1709. Specify the system hibernate timeout (on battery). This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate. +Added in Windows 10, version 1709. Specify the system hibernate timeout (on battery). This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate. -

    If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to hibernate. +If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to hibernate. -

    If you disable or do not configure this policy setting, users control this setting. +If you disable or do not configure this policy setting, users control this setting. -

    If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature. +If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature. > [!TIP] @@ -332,13 +332,13 @@ ADMX Info: -

    Added in Windows 10, version 1709. Specify the system hibernate timeout (plugged in). This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate. +Added in Windows 10, version 1709. Specify the system hibernate timeout (plugged in). This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate. -

    If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to hibernate. +If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to hibernate. -

    If you disable or do not configure this policy setting, users control this setting. +If you disable or do not configure this policy setting, users control this setting. -

    If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature. +If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature. > [!TIP] @@ -514,13 +514,13 @@ ADMX Info: -

    Added in Windows 10, version 1709. Specify the system sleep timeout (on battery). This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep. +Added in Windows 10, version 1709. Specify the system sleep timeout (on battery). This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep. -

    If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to sleep. +If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to sleep. -

    If you disable or do not configure this policy setting, users control this setting. +If you disable or do not configure this policy setting, users control this setting. -

    If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature. +If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature. > [!TIP] @@ -576,13 +576,13 @@ ADMX Info: -

    Added in Windows 10, version 1709. Specify the system sleep timeout (plugged in). This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep. +Added in Windows 10, version 1709. Specify the system sleep timeout (plugged in). This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep. -

    If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to sleep. +If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to sleep. -

    If you disable or do not configure this policy setting, users control this setting. +If you disable or do not configure this policy setting, users control this setting. -

    If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature. +If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature. > [!TIP] diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md index 9c4392ca1c..804f7611af 100644 --- a/windows/client-management/mdm/policy-csp-privacy.md +++ b/windows/client-management/mdm/policy-csp-privacy.md @@ -289,13 +289,13 @@ ms.date: 12/14/2017 -

    Allows or disallows the automatic acceptance of the pairing and privacy user consent dialog when launching apps. +Allows or disallows the automatic acceptance of the pairing and privacy user consent dialog when launching apps. > [!Note] > There were issues reported with the previous release of this policy and a fix was added in Windows 10, version 1709. -

    Most restricted value is 0. +Most restricted value is 0. @@ -343,9 +343,9 @@ The following list shows the supported values: -

    Updated in Windows 10, version 1709. Allows the usage of cloud based speech services for Cortana, dictation, or Store applications. Setting this policy to 1, lets Microsoft use the user's voice data to improve cloud speech services for all users. +Updated in Windows 10, version 1709. Allows the usage of cloud based speech services for Cortana, dictation, or Store applications. Setting this policy to 1, lets Microsoft use the user's voice data to improve cloud speech services for all users. -

    Most restricted value is 0. +Most restricted value is 0.   @@ -395,9 +395,9 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. Enables or disables the Advertising ID. +Added in Windows 10, version 1607. Enables or disables the Advertising ID. -

    Most restricted value is 0. +Most restricted value is 0. @@ -494,15 +494,15 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. Specifies whether Windows apps can access account information. +Added in Windows 10, version 1607. Specifies whether Windows apps can access account information. -

    The following list shows the supported values: +The following list shows the supported values: - 0 – User in control. - 1 – Force allow. - 2 - Force deny. -

    Most restricted value is 2. +Most restricted value is 2. @@ -543,7 +543,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps. @@ -584,7 +584,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps. @@ -625,7 +625,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the account information privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the account information privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps. @@ -666,15 +666,15 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. Specifies whether Windows apps can access the calendar. +Added in Windows 10, version 1607. Specifies whether Windows apps can access the calendar. -

    The following list shows the supported values: +The following list shows the supported values: - 0 – User in control. - 1 – Force allow. - 2 - Force deny. -

    Most restricted value is 2. +Most restricted value is 2. @@ -715,7 +715,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps. @@ -756,7 +756,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps. @@ -797,7 +797,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the calendar privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the calendar privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps. @@ -838,15 +838,15 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. Specifies whether Windows apps can access call history. +Added in Windows 10, version 1607. Specifies whether Windows apps can access call history. -

    The following list shows the supported values: +The following list shows the supported values: - 0 – User in control. - 1 – Force allow. - 2 - Force deny. -

    Most restricted value is 2. +Most restricted value is 2. @@ -887,7 +887,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps. @@ -928,7 +928,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps. @@ -969,7 +969,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the call history privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the call history privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps. @@ -1010,15 +1010,15 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. Specifies whether Windows apps can access the camera. +Added in Windows 10, version 1607. Specifies whether Windows apps can access the camera. -

    The following list shows the supported values: +The following list shows the supported values: - 0 – User in control. - 1 – Force allow. - 2 - Force deny. -

    Most restricted value is 2. +Most restricted value is 2. @@ -1059,7 +1059,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps. @@ -1100,7 +1100,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps. @@ -1141,7 +1141,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the camera privacy setting for the listed apps. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the camera privacy setting for the listed apps. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps. @@ -1182,15 +1182,15 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. Specifies whether Windows apps can access contacts. +Added in Windows 10, version 1607. Specifies whether Windows apps can access contacts. -

    The following list shows the supported values: +The following list shows the supported values: - 0 – User in control. - 1 – Force allow. - 2 - Force deny. -

    Most restricted value is 2. +Most restricted value is 2. @@ -1231,7 +1231,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps. @@ -1272,7 +1272,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps. @@ -1313,7 +1313,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the contacts privacy setting for the listed apps. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the contacts privacy setting for the listed apps. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps. @@ -1354,15 +1354,15 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. Specifies whether Windows apps can access email. +Added in Windows 10, version 1607. Specifies whether Windows apps can access email. -

    The following list shows the supported values: +The following list shows the supported values: - 0 – User in control. - 1 – Force allow. - 2 - Force deny. -

    Most restricted value is 2. +Most restricted value is 2. @@ -1403,7 +1403,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps. @@ -1444,7 +1444,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps. @@ -1485,7 +1485,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the email privacy setting for the listed apps. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the email privacy setting for the listed apps. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps. @@ -1526,15 +1526,15 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. Specifies whether Windows apps can access location. +Added in Windows 10, version 1607. Specifies whether Windows apps can access location. -

    The following list shows the supported values: +The following list shows the supported values: - 0 – User in control. - 1 – Force allow. - 2 - Force deny. -

    Most restricted value is 2. +Most restricted value is 2. @@ -1575,7 +1575,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps. @@ -1616,7 +1616,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps. @@ -1657,7 +1657,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the location privacy setting for the listed apps. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the location privacy setting for the listed apps. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps. @@ -1698,15 +1698,15 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. Specifies whether Windows apps can read or send messages (text or MMS). +Added in Windows 10, version 1607. Specifies whether Windows apps can read or send messages (text or MMS). -

    The following list shows the supported values: +The following list shows the supported values: - 0 – User in control. - 1 – Force allow. - 2 - Force deny. -

    Most restricted value is 2. +Most restricted value is 2. @@ -1747,7 +1747,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps. @@ -1788,7 +1788,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are not allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are not allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps. @@ -1829,7 +1829,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the messaging privacy setting for the listed apps. This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the messaging privacy setting for the listed apps. This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps. @@ -1870,15 +1870,15 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. Specifies whether Windows apps can access the microphone. +Added in Windows 10, version 1607. Specifies whether Windows apps can access the microphone. -

    The following list shows the supported values: +The following list shows the supported values: - 0 – User in control. - 1 – Force allow. - 2 - Force deny. -

    Most restricted value is 2. +Most restricted value is 2. @@ -1919,7 +1919,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps. @@ -1960,7 +1960,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps. @@ -2001,7 +2001,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the microphone privacy setting for the listed apps. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the microphone privacy setting for the listed apps. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps. @@ -2042,15 +2042,15 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. Specifies whether Windows apps can access motion data. +Added in Windows 10, version 1607. Specifies whether Windows apps can access motion data. -

    The following list shows the supported values: +The following list shows the supported values: - 0 – User in control. - 1 – Force allow. - 2 - Force deny. -

    Most restricted value is 2. +Most restricted value is 2. @@ -2091,7 +2091,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps. @@ -2132,7 +2132,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps. @@ -2173,7 +2173,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the motion privacy setting for the listed apps. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the motion privacy setting for the listed apps. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps. @@ -2214,15 +2214,15 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. Specifies whether Windows apps can access notifications. +Added in Windows 10, version 1607. Specifies whether Windows apps can access notifications. -

    The following list shows the supported values: +The following list shows the supported values: - 0 – User in control. - 1 – Force allow. - 2 - Force deny. -

    Most restricted value is 2. +Most restricted value is 2. @@ -2263,7 +2263,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps. @@ -2304,7 +2304,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps. @@ -2345,7 +2345,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the notifications privacy setting for the listed apps. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the notifications privacy setting for the listed apps. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps. @@ -2386,15 +2386,15 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. Specifies whether Windows apps can make phone calls. +Added in Windows 10, version 1607. Specifies whether Windows apps can make phone calls. -

    The following list shows the supported values: +The following list shows the supported values: - 0 – User in control. - 1 – Force allow. - 2 - Force deny. -

    Most restricted value is 2. +Most restricted value is 2. @@ -2435,7 +2435,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps. @@ -2476,7 +2476,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are not allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are not allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps. @@ -2517,7 +2517,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the phone call privacy setting for the listed apps. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the phone call privacy setting for the listed apps. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps. @@ -2558,15 +2558,15 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. Specifies whether Windows apps have access to control radios. +Added in Windows 10, version 1607. Specifies whether Windows apps have access to control radios. -

    The following list shows the supported values: +The following list shows the supported values: - 0 – User in control. - 1 – Force allow. - 2 - Force deny. -

    Most restricted value is 2. +Most restricted value is 2. @@ -2607,7 +2607,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps. @@ -2648,7 +2648,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps. @@ -2689,7 +2689,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the radios privacy setting for the listed apps. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the radios privacy setting for the listed apps. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps. @@ -2730,7 +2730,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1703. Specifies whether Windows apps can access tasks. +Added in Windows 10, version 1703. Specifies whether Windows apps can access tasks. @@ -2771,7 +2771,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps. +Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps. @@ -2812,7 +2812,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps. +Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps. @@ -2853,7 +2853,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the tasks privacy setting for the listed apps. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps. +Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the tasks privacy setting for the listed apps. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps. @@ -2894,15 +2894,15 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. Specifies whether Windows apps can access trusted devices. +Added in Windows 10, version 1607. Specifies whether Windows apps can access trusted devices. -

    The following list shows the supported values: +The following list shows the supported values: - 0 – User in control. - 1 – Force allow. - 2 - Force deny. -

    Most restricted value is 2. +Most restricted value is 2. @@ -2943,7 +2943,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps. @@ -2984,7 +2984,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps. @@ -3025,7 +3025,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'trusted devices' privacy setting for the listed apps. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'trusted devices' privacy setting for the listed apps. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps. @@ -3066,15 +3066,15 @@ The following list shows the supported values: -

    Added in Windows 10, version 1703. Force allow, force deny or give user control of apps that can get diagnostic information about other running apps. +Added in Windows 10, version 1703. Force allow, force deny or give user control of apps that can get diagnostic information about other running apps. -

    The following list shows the supported values: +The following list shows the supported values: - 0 – User in control. - 1 – Force allow. - 2 - Force deny. -

    Most restricted value is 2. +Most restricted value is 2. @@ -3115,7 +3115,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to diagnostic information about other running apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps. +Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to diagnostic information about other running apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps. @@ -3156,7 +3156,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to diagnostic information about other running apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps. +Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to diagnostic information about other running apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps. @@ -3197,7 +3197,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'get diagnostic info' privacy setting for the listed apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps. +Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'get diagnostic info' privacy setting for the listed apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps. @@ -3238,15 +3238,15 @@ The following list shows the supported values: -

    Added in Windows 10, version 1703. Specifies whether Windows apps can run in the background. +Added in Windows 10, version 1703. Specifies whether Windows apps can run in the background. -

    The following list shows the supported values: +The following list shows the supported values: - 0 – User in control (default). - 1 – Force allow. - 2 - Force deny. -

    Most restricted value is 2. +Most restricted value is 2. > [!WARNING] > Be careful when determining which apps should have their background activity disabled. Communication apps normally update tiles and notifications through background processes. Turning off background activity for these types of apps could cause text message, email, and voicemail notifications to not function. This could also cause background email syncing to not function properly. @@ -3289,7 +3289,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are able to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps. +Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are able to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps. @@ -3330,7 +3330,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied the ability to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps. +Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied the ability to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps. @@ -3371,7 +3371,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the background apps privacy setting for the listed apps. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps. +Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the background apps privacy setting for the listed apps. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps. @@ -3412,15 +3412,15 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. Specifies whether Windows apps can sync with devices. +Added in Windows 10, version 1607. Specifies whether Windows apps can sync with devices. -

    The following list shows the supported values: +The following list shows the supported values: - 0 – User in control. - 1 – Force allow. - 2 - Force deny. -

    Most restricted value is 2. +Most restricted value is 2. @@ -3461,7 +3461,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to sync with devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to sync with devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps. @@ -3502,7 +3502,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to sync with devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to sync with devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps. @@ -3543,7 +3543,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'sync with devices' privacy setting for the listed apps. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps. +Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'sync with devices' privacy setting for the listed apps. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps. diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md index 204a76ade1..e5fca3da40 100644 --- a/windows/client-management/mdm/policy-csp-search.md +++ b/windows/client-management/mdm/policy-csp-search.md @@ -102,9 +102,9 @@ ms.date: 01/08/2018 -

    Added in Windows 10, version 1709. Allow search and Cortana to search cloud sources like OneDrive and SharePoint. This policy allows corporate administrators to control whether employees can turn off/on the search of these cloud sources. The default policy value is to allow employees access to the setting that controls search of cloud sources. +Added in Windows 10, version 1709. Allow search and Cortana to search cloud sources like OneDrive and SharePoint. This policy allows corporate administrators to control whether employees can turn off/on the search of these cloud sources. The default policy value is to allow employees access to the setting that controls search of cloud sources. -

    The following list shows the supported values: +The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. @@ -203,13 +203,13 @@ The following list shows the supported values: -

    Allows or disallows the indexing of items. This switch is for the Windows Search Indexer, which controls whether it will index items that are encrypted, such as the Windows Information Protection (WIP) protected files. +Allows or disallows the indexing of items. This switch is for the Windows Search Indexer, which controls whether it will index items that are encrypted, such as the Windows Information Protection (WIP) protected files. -

    When the policy is enabled, WIP protected items are indexed and the metadata about them are stored in an unencrypted location. The metadata includes things like file path and date modified. +When the policy is enabled, WIP protected items are indexed and the metadata about them are stored in an unencrypted location. The metadata includes things like file path and date modified. -

    When the policy is disabled, the WIP protected items are not indexed and do not show up in the results in Cortana or file explorer. There may also be a performance impact on photos and Groove apps if there are a lot of WIP protected media files on the device. +When the policy is disabled, the WIP protected items are not indexed and do not show up in the results in Cortana or file explorer. There may also be a performance impact on photos and Groove apps if there are a lot of WIP protected media files on the device. -

    Most restricted value is 0. +Most restricted value is 0. @@ -257,9 +257,9 @@ The following list shows the supported values: -

    Specifies whether search can leverage location information. +Specifies whether search can leverage location information. -

    Most restricted value is 0. +Most restricted value is 0. @@ -284,7 +284,7 @@ The following list shows the supported values: -

    This policy has been deprecated. +This policy has been deprecated. @@ -325,14 +325,14 @@ The following list shows the supported values: -

    Allows the use of diacritics. +Allows the use of diacritics. -

    The following list shows the supported values: +The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. -

    Most restricted value is 0. +Most restricted value is 0. @@ -373,7 +373,7 @@ The following list shows the supported values: -

    Allow Windows indexer. Value type is integer. +Allow Windows indexer. Value type is integer. @@ -414,14 +414,14 @@ The following list shows the supported values: -

    Specifies whether to always use automatic language detection when indexing content and properties. +Specifies whether to always use automatic language detection when indexing content and properties. -

    The following list shows the supported values: +The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. -

    Most restricted value is 0. +Most restricted value is 0. @@ -462,9 +462,9 @@ The following list shows the supported values: -

    If enabled, the search indexer backoff feature will be disabled. Indexing will continue at full speed even when system activity is high. If disabled, backoff logic will be used to throttle back indexing activity when system activity is high. Default is disabled. +If enabled, the search indexer backoff feature will be disabled. Indexing will continue at full speed even when system activity is high. If disabled, backoff logic will be used to throttle back indexing activity when system activity is high. Default is disabled. -

    The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Disable. - 1 – Enable. @@ -508,13 +508,13 @@ The following list shows the supported values: -

    This policy setting configures whether or not locations on removable drives can be added to libraries. +This policy setting configures whether or not locations on removable drives can be added to libraries. -

    If you enable this policy setting, locations on removable drives cannot be added to libraries. In addition, locations on removable drives cannot be indexed. +If you enable this policy setting, locations on removable drives cannot be added to libraries. In addition, locations on removable drives cannot be indexed. -

    If you disable or do not configure this policy setting, locations on removable drives can be added to libraries. In addition, locations on removable drives can be indexed. +If you disable or do not configure this policy setting, locations on removable drives can be added to libraries. In addition, locations on removable drives can be indexed. -

    The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Disable. - 1 – Enable. @@ -617,13 +617,13 @@ The following list shows the supported values: -

    Enabling this policy prevents indexing from continuing after less than the specified amount of hard drive space is left on the same drive as the index location. Select between 0 and 1. +Enabling this policy prevents indexing from continuing after less than the specified amount of hard drive space is left on the same drive as the index location. Select between 0 and 1. -

    Enable this policy if computers in your environment have extremely limited hard drive space. +Enable this policy if computers in your environment have extremely limited hard drive space. -

    When this policy is disabled or not configured, Windows Desktop Search automatically manages your index size. +When this policy is disabled or not configured, Windows Desktop Search automatically manages your index size. -

    The following list shows the supported values: +The following list shows the supported values: - 0 – Disable. - 1 (default) – Enable. @@ -667,9 +667,9 @@ The following list shows the supported values: -

    If enabled, clients will be unable to query this computer's index remotely. Thus, when they are browsing network shares that are stored on this computer, they will not search them using the index. If disabled, client search requests will use this computer's index.. +If enabled, clients will be unable to query this computer's index remotely. Thus, when they are browsing network shares that are stored on this computer, they will not search them using the index. If disabled, client search requests will use this computer's index.. -

    The following list shows the supported values: +The following list shows the supported values: - 0 – Disable. - 1 (default) – Enable. @@ -717,14 +717,14 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. -

    Specifies what level of safe search (filtering adult content) is required. +Specifies what level of safe search (filtering adult content) is required. -

    The following list shows the supported values: +The following list shows the supported values: - 0 – Strict, highest filtering against adult content. - 1 (default) – Moderate filtering against adult content (valid search results will not be filtered). -

    Most restricted value is 0. +Most restricted value is 0. diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md index 41b61f3d9e..049d83e896 100644 --- a/windows/client-management/mdm/policy-csp-security.md +++ b/windows/client-management/mdm/policy-csp-security.md @@ -93,7 +93,7 @@ ms.date: 01/16/2018 -

    Specifies whether to allow the runtime configuration agent to install provisioning packages. +Specifies whether to allow the runtime configuration agent to install provisioning packages. @@ -141,9 +141,9 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. -

    Specifies whether to allow automatic device encryption during OOBE when the device is Azure AD joined. +Specifies whether to allow automatic device encryption during OOBE when the device is Azure AD joined. -

    The following list shows the supported values: +The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. @@ -191,9 +191,9 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. -

    Specifies whether the user is allowed to manually install root and intermediate CA certificates. +Specifies whether the user is allowed to manually install root and intermediate CA certificates. -

    Most restricted value is 0. +Most restricted value is 0. @@ -241,7 +241,7 @@ The following list shows the supported values: -

    Specifies whether to allow the runtime configuration agent to remove provisioning packages. +Specifies whether to allow the runtime configuration agent to remove provisioning packages. @@ -293,7 +293,7 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.   -

    Allows or disallow Anti Theft Mode on the device. +Allows or disallow Anti Theft Mode on the device. @@ -453,11 +453,11 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. -

    Added in Windows 10, version 1607 to replace the deprecated policy **Security/AllowAutomaticDeviceEncryptionForAzureADJoinedDevices**. +Added in Windows 10, version 1607 to replace the deprecated policy **Security/AllowAutomaticDeviceEncryptionForAzureADJoinedDevices**. -

    Specifies whether to allow automatic device encryption during OOBE when the device is Azure AD joined. +Specifies whether to allow automatic device encryption during OOBE when the device is Azure AD joined. -

    The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Encryption enabled. - 1 – Encryption disabled. @@ -504,14 +504,14 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 Mobile. In Windows 10 for desktop, you can query encryption status by using the [DeviceStatus CSP](devicestatus-csp.md) node **DeviceStatus/Compliance/EncryptionCompliance**. -

    Allows enterprise to turn on internal storage encryption. +Allows enterprise to turn on internal storage encryption. -

    The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Encryption is not required. - 1 – Encryption is required. -

    Most restricted value is 1. +Most restricted value is 1. > [!IMPORTANT] > If encryption has been enabled, it cannot be turned off by using this policy. @@ -555,9 +555,9 @@ The following list shows the supported values: -

    Specifies whether provisioning packages must have a certificate signed by a device trusted authority. +Specifies whether provisioning packages must have a certificate signed by a device trusted authority. -

    The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Not required. - 1 – Required. @@ -601,14 +601,14 @@ The following list shows the supported values: -

    Specifies whether to retrieve and post TCG Boot logs, and get or cache an encrypted or signed Health Attestation Report from the Microsoft Health Attestation Service (HAS) when a device boots or reboots. +Specifies whether to retrieve and post TCG Boot logs, and get or cache an encrypted or signed Health Attestation Report from the Microsoft Health Attestation Service (HAS) when a device boots or reboots. -

    The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Not required. - 1 – Required. -

    Setting this policy to 1 (Required): +Setting this policy to 1 (Required): - Determines whether a device is capable of Remote Device Health Attestation, by verifying if the device has TPM 2.0. - Improves the performance of the device by enabling the device to fetch and cache data to reduce the latency during Device Health Verification. @@ -617,7 +617,7 @@ The following list shows the supported values: > We recommend that this policy is set to Required after MDM enrollment.   -

    Most restricted value is 1. +Most restricted value is 1. diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md index eae7e34484..614331c610 100644 --- a/windows/client-management/mdm/policy-csp-settings.md +++ b/windows/client-management/mdm/policy-csp-settings.md @@ -106,7 +106,7 @@ ms.date: 12/19/2017 > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. -

    Allows the user to change Auto Play settings. +Allows the user to change Auto Play settings. > [!NOTE] > Setting this policy to 0 (Not allowed) does not affect the autoplay dialog box that appears when a device is connected. @@ -157,7 +157,7 @@ The following list shows the supported values: -

    Allows the user to change Data Sense settings. +Allows the user to change Data Sense settings. @@ -205,7 +205,7 @@ The following list shows the supported values: -

    Allows the user to change date and time settings. +Allows the user to change date and time settings. @@ -253,7 +253,7 @@ The following list shows the supported values: -

    Allows editing of the device name. +Allows editing of the device name. @@ -305,7 +305,7 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. -

    Allows the user to change the language settings. +Allows the user to change the language settings. @@ -408,7 +408,7 @@ If disabled, Settings will not contact Microsoft content services to retrieve ti > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. -

    Allows the user to change power and sleep settings. +Allows the user to change power and sleep settings. @@ -460,7 +460,7 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. -

    Allows the user to change the region settings. +Allows the user to change the region settings. @@ -512,7 +512,7 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. -

    Allows the user to change sign-in options. +Allows the user to change sign-in options. @@ -560,7 +560,7 @@ The following list shows the supported values: -

    Allows the user to change VPN settings. +Allows the user to change VPN settings. @@ -612,7 +612,7 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. -

    Allows user to change workplace settings. +Allows user to change workplace settings. @@ -660,7 +660,7 @@ The following list shows the supported values: -

    Allows user to change account settings. +Allows user to change account settings. @@ -708,9 +708,9 @@ The following list shows the supported values: -

    Added in Windows 10, version 1703. Allows IT Admins to configure the default setting for showing additional calendars (besides the default calendar for the locale) in the taskbar clock and calendar flyout. In this version of Windows 10, supported additional calendars are: Simplified or Traditional Chinese lunar calendar. Turning on one of these calendars will display Chinese lunar dates below the default calendar for the locale. Select "Don't show additional calendars" to prevent showing other calendars besides the default calendar for the locale. +Added in Windows 10, version 1703. Allows IT Admins to configure the default setting for showing additional calendars (besides the default calendar for the locale) in the taskbar clock and calendar flyout. In this version of Windows 10, supported additional calendars are: Simplified or Traditional Chinese lunar calendar. Turning on one of these calendars will display Chinese lunar dates below the default calendar for the locale. Select "Don't show additional calendars" to prevent showing other calendars besides the default calendar for the locale. -

    The following list shows the supported values: +The following list shows the supported values: - 0 (default) – User will be allowed to configure the setting. - 1 – Don't show additional calendars. @@ -756,15 +756,15 @@ The following list shows the supported values: -

    Added in Windows 10, version 1703. Allows IT Admins to either prevent specific pages in the System Settings app from being visible or accessible, or to do so for all pages except those specified. The mode will be specified by the policy string beginning with either the string "showonly:" or "hide:".  Pages are identified by a shortened version of their already published URIs, which is the URI minus the "ms-settings:" prefix. For example, if the URI for a settings page is "ms-settings:foo", the page identifier used in the policy will be just "foo". Multiple page identifiers are separated by semicolons. +Added in Windows 10, version 1703. Allows IT Admins to either prevent specific pages in the System Settings app from being visible or accessible, or to do so for all pages except those specified. The mode will be specified by the policy string beginning with either the string "showonly:" or "hide:".  Pages are identified by a shortened version of their already published URIs, which is the URI minus the "ms-settings:" prefix. For example, if the URI for a settings page is "ms-settings:foo", the page identifier used in the policy will be just "foo". Multiple page identifiers are separated by semicolons. -

    The following example illustrates a policy that would allow access only to the about and bluetooth pages, which have URI "ms-settings:about" and "ms-settings:bluetooth" respectively: +The following example illustrates a policy that would allow access only to the about and bluetooth pages, which have URI "ms-settings:about" and "ms-settings:bluetooth" respectively: -

    showonly:about;bluetooth +showonly:about;bluetooth -

    If the policy is not specified, the behavior will be that no pages are affected. If the policy string is formatted incorrectly, it will be ignored entirely (i.e. treated as not set) to prevent the machine from becoming unserviceable if data corruption occurs. Note that if a page is already hidden for another reason, then it will remain hidden even if it is in a "showonly:" list. +If the policy is not specified, the behavior will be that no pages are affected. If the policy string is formatted incorrectly, it will be ignored entirely (i.e. treated as not set) to prevent the machine from becoming unserviceable if data corruption occurs. Note that if a page is already hidden for another reason, then it will remain hidden even if it is in a "showonly:" list. -

    The format of the PageVisibilityList value is as follows: +The format of the PageVisibilityList value is as follows: - The value is a unicode string up to 10,000 characters long, which will be used without case sensitivity. - There are two variants: one that shows only the given pages and one which hides the given pages. @@ -772,17 +772,17 @@ The following list shows the supported values: - Following the variant identifier is a semicolon-delimited list of page identifiers, which must not have any extra whitespace. - Each page identifier is the ms-settings:xyz URI for the page, minus the ms-settings: prefix, so the identifier for the page with URI "ms-settings:wi-fi" would be just "wi-fi". -

    The default value for this setting is an empty string, which is interpreted as show everything. +The default value for this setting is an empty string, which is interpreted as show everything. -

    Example 1, specifies that only the wifi and bluetooth pages should be shown (they have URIs ms-settings:wi-fi and ms-settings:bluetooth). All other pages (and the categories they're in) will be hidden: +Example 1, specifies that only the wifi and bluetooth pages should be shown (they have URIs ms-settings:wi-fi and ms-settings:bluetooth). All other pages (and the categories they're in) will be hidden: -

    showonly:wi-fi;bluetooth +showonly:wi-fi;bluetooth -

    Example 2, specifies that the wifi page should not be shown: +Example 2, specifies that the wifi page should not be shown: -

    hide:wifi +hide:wifi -

    To validate on Desktop, do the following: +To validate on Desktop, do the following: 1. Open System Settings and verfiy that the About page is visible and accessible. 2. Configure the policy with the following string: "hide:about". diff --git a/windows/client-management/mdm/policy-csp-smartscreen.md b/windows/client-management/mdm/policy-csp-smartscreen.md index 8dbd4fe36b..f842311ff1 100644 --- a/windows/client-management/mdm/policy-csp-smartscreen.md +++ b/windows/client-management/mdm/policy-csp-smartscreen.md @@ -67,7 +67,7 @@ ms.date: 12/14/2017 -

    Added in Windows 10, version 1703. Allows IT Admins to control whether users are allowed to install apps from places other than the Store. +Added in Windows 10, version 1703. Allows IT Admins to control whether users are allowed to install apps from places other than the Store. @@ -115,7 +115,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1703. Allows IT Admins to configure SmartScreen for Windows. +Added in Windows 10, version 1703. Allows IT Admins to configure SmartScreen for Windows. @@ -163,7 +163,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1703. Allows IT Admins to control whether users can can ignore SmartScreen warnings and run malicious files. +Added in Windows 10, version 1703. Allows IT Admins to control whether users can can ignore SmartScreen warnings and run malicious files. diff --git a/windows/client-management/mdm/policy-csp-speech.md b/windows/client-management/mdm/policy-csp-speech.md index 0f87f58919..ff34e8ec3b 100644 --- a/windows/client-management/mdm/policy-csp-speech.md +++ b/windows/client-management/mdm/policy-csp-speech.md @@ -61,7 +61,7 @@ ms.date: 12/14/2017 -

    Added in Windows 10, version 1607. Specifies whether the device will receive updates to the speech recognition and speech synthesis models. A speech model contains data used by the speech engine to convert audio to text (or vice-versa). The models are periodically updated to improve accuracy and performance. Models are non-executable data files. If enabled, the device will periodically check for updated speech models and then download them from a Microsoft service using the Background Internet Transfer Service (BITS). +Added in Windows 10, version 1607. Specifies whether the device will receive updates to the speech recognition and speech synthesis models. A speech model contains data used by the speech engine to convert audio to text (or vice-versa). The models are periodically updated to improve accuracy and performance. Models are non-executable data files. If enabled, the device will periodically check for updated speech models and then download them from a Microsoft service using the Background Internet Transfer Service (BITS). diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md index 02f3b03e71..4e4567d276 100644 --- a/windows/client-management/mdm/policy-csp-start.md +++ b/windows/client-management/mdm/policy-csp-start.md @@ -145,7 +145,7 @@ ms.date: 12/14/2017 -

    Added in Windows 10, version 1703. This policy controls the visibility of the Documents shortcut on the Start menu. +Added in Windows 10, version 1703. This policy controls the visibility of the Documents shortcut on the Start menu. @@ -194,7 +194,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1703. This policy controls the visibility of the Downloads shortcut on the Start menu. +Added in Windows 10, version 1703. This policy controls the visibility of the Downloads shortcut on the Start menu. @@ -243,7 +243,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1703. This policy controls the visibility of the File Explorer shortcut on the Start menu. +Added in Windows 10, version 1703. This policy controls the visibility of the File Explorer shortcut on the Start menu. @@ -292,7 +292,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1703. This policy controls the visibility of the HomeGroup shortcut on the Start menu. +Added in Windows 10, version 1703. This policy controls the visibility of the HomeGroup shortcut on the Start menu. @@ -341,7 +341,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1703. This policy controls the visibility of the Music shortcut on the Start menu. +Added in Windows 10, version 1703. This policy controls the visibility of the Music shortcut on the Start menu. @@ -390,7 +390,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1703. This policy controls the visibility of the Network shortcut on the Start menu. +Added in Windows 10, version 1703. This policy controls the visibility of the Network shortcut on the Start menu. @@ -439,7 +439,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1703. This policy controls the visibility of the PersonalFolder shortcut on the Start menu. +Added in Windows 10, version 1703. This policy controls the visibility of the PersonalFolder shortcut on the Start menu. @@ -488,7 +488,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1703. This policy controls the visibility of the Pictures shortcut on the Start menu. +Added in Windows 10, version 1703. This policy controls the visibility of the Pictures shortcut on the Start menu. @@ -537,7 +537,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1703. This policy controls the visibility of the Settings shortcut on the Start menu. +Added in Windows 10, version 1703. This policy controls the visibility of the Settings shortcut on the Start menu. @@ -586,7 +586,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1703. This policy controls the visibility of the Videos shortcut on the Start menu. +Added in Windows 10, version 1703. This policy controls the visibility of the Videos shortcut on the Start menu. @@ -639,15 +639,15 @@ The following list shows the supported values: > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. -

    Forces the start screen size. +Forces the start screen size. -

    The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Do not force size of Start. - 1 – Force non-fullscreen size of Start. - 2 - Force a fullscreen size of Start. -

    If there is policy configuration conflict, the latest configuration request is applied to the device. +If there is policy configuration conflict, the latest configuration request is applied to the device. @@ -691,19 +691,19 @@ The following list shows the supported values: > [!NOTE] > This policy requires reboot to take effect. -

    Allows IT Admins to configure Start by collapsing or removing the all apps list. +Allows IT Admins to configure Start by collapsing or removing the all apps list. > [!Note] > There were issues reported with the previous release of this policy and a fix was added in Windows 10, version 1709. -

    The following list shows the supported values: +The following list shows the supported values: - 0 (default) – None. - 1 – Hide all apps list. - 2 - Hide all apps list, and Disable "Show app list in Start menu" in Settings app. - 3 - Hide all apps list, remove all apps button, and Disable "Show app list in Start menu" in Settings app. -

    To validate on Desktop, do the following: +To validate on Desktop, do the following: - 1 - Enable policy and restart explorer.exe - 2a - If set to '1': Verify that the all apps list is collapsed, and that the Settings toggle is not grayed out. @@ -749,9 +749,9 @@ The following list shows the supported values: -

    Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Change account settings" from appearing in the user tile. +Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Change account settings" from appearing in the user tile. -

    To validate on Desktop, do the following: +To validate on Desktop, do the following: 1. Enable policy. 2. Open Start, click on the user tile, and verify that "Change account settings" is not available. @@ -805,9 +805,9 @@ The following list shows the supported values: > [!NOTE] > This policy requires reboot to take effect. -

    Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding most used apps. +Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding most used apps. -

    To validate on Desktop, do the following: +To validate on Desktop, do the following: 1. Enable "Show most used apps" in the Settings app. 2. Use some apps to get them into the most used group in Start. @@ -862,9 +862,9 @@ The following list shows the supported values: -

    Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Hibernate" from appearing in the Power button. +Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Hibernate" from appearing in the Power button. -

    To validate on Laptop, do the following: +To validate on Laptop, do the following: 1. Enable policy. 2. Open Start, click on the Power button, and verify "Hibernate" is not available. @@ -918,9 +918,9 @@ The following list shows the supported values: -

    Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Lock" from appearing in the user tile. +Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Lock" from appearing in the user tile. -

    To validate on Desktop, do the following: +To validate on Desktop, do the following: 1. Enable policy. 2. Open Start, click on the user tile, and verify "Lock" is not available. @@ -971,9 +971,9 @@ The following list shows the supported values: -

    Added in Windows 10, version 1709. Enabling this policy removes the people icon from the taskbar as well as the corresponding settings toggle. It also prevents users from pinning people to the taskbar. +Added in Windows 10, version 1709. Enabling this policy removes the people icon from the taskbar as well as the corresponding settings toggle. It also prevents users from pinning people to the taskbar. -

    Value type is integer. +Value type is integer. @@ -1017,9 +1017,9 @@ The following list shows the supported values: > [!NOTE] > This policy requires reboot to take effect. -

    Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding the Power button from appearing. +Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding the Power button from appearing. -

    To validate on Desktop, do the following: +To validate on Desktop, do the following: 1. Enable policy. 2. Open Start, and verify the power button is not available. @@ -1073,9 +1073,9 @@ The following list shows the supported values: > [!NOTE] > This policy requires reboot to take effect. -

    Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding recently opened items in the jumplists from appearing. +Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding recently opened items in the jumplists from appearing. -

    To validate on Desktop, do the following: +To validate on Desktop, do the following: 1. Enable "Show recently opened items in Jump Lists on Start of the taskbar" in Settings. 2. Pin Photos to the taskbar, and open some images in the photos app. @@ -1136,9 +1136,9 @@ The following list shows the supported values: > [!NOTE] > This policy requires reboot to take effect. -

    Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding recently added apps. +Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding recently added apps. -

    To validate on Desktop, do the following: +To validate on Desktop, do the following: 1. Enable "Show recently added apps" in the Settings app. 2. Check if there are recently added apps in Start (if not, install some). @@ -1193,9 +1193,9 @@ The following list shows the supported values: -

    Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Restart" and "Update and restart" from appearing in the Power button. +Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Restart" and "Update and restart" from appearing in the Power button. -

    To validate on Desktop, do the following: +To validate on Desktop, do the following: 1. Enable policy. 2. Open Start, click on the Power button, and verify "Restart" and "Update and restart" are not available. @@ -1246,9 +1246,9 @@ The following list shows the supported values: -

    Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Shut down" and "Update and shut down" from appearing in the Power button. +Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Shut down" and "Update and shut down" from appearing in the Power button. -

    To validate on Desktop, do the following: +To validate on Desktop, do the following: 1. Enable policy. 2. Open Start, click on the Power button, and verify "Shut down" and "Update and shut down" are not available. @@ -1299,9 +1299,9 @@ The following list shows the supported values: -

    Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Sign out" from appearing in the user tile. +Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Sign out" from appearing in the user tile. -

    To validate on Desktop, do the following: +To validate on Desktop, do the following: 1. Enable policy. 2. Open Start, click on the user tile, and verify "Sign out" is not available. @@ -1352,9 +1352,9 @@ The following list shows the supported values: -

    Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Sleep" from appearing in the Power button. +Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Sleep" from appearing in the Power button. -

    To validate on Desktop, do the following: +To validate on Desktop, do the following: 1. Enable policy. 2. Open Start, click on the Power button, and verify that "Sleep" is not available. @@ -1405,9 +1405,9 @@ The following list shows the supported values: -

    Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Switch account" from appearing in the user tile. +Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Switch account" from appearing in the user tile. -

    To validate on Desktop, do the following: +To validate on Desktop, do the following: 1. Enable policy. 2. Open Start, click on the user tile, and verify that "Switch account" is not available. @@ -1461,9 +1461,9 @@ The following list shows the supported values: > [!NOTE] > This policy requires reboot to take effect. -

    Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding the user tile. +Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding the user tile. -

    To validate on Desktop, do the following: +To validate on Desktop, do the following: 1. Enable policy. 2. Log off. @@ -1518,14 +1518,14 @@ The following list shows the supported values: > [!NOTE] > This policy requires reboot to take effect. -

    Added in Windows 10, version 1703. This policy imports Edge assets (e.g. .png/.jpg files) for secondary tiles into its local app data path which allows the StartLayout policy to pin Edge secondary tiles as weblink that tie to the image asset files. +Added in Windows 10, version 1703. This policy imports Edge assets (e.g. .png/.jpg files) for secondary tiles into its local app data path which allows the StartLayout policy to pin Edge secondary tiles as weblink that tie to the image asset files. > [!IMPORTANT] > Please note that the import happens only when StartLayout policy is changed. So it is better to always change ImportEdgeAssets policy at the same time as StartLayout policy whenever there are Edge secondary tiles to be pinned from StartLayout policy. -

    The value set for this policy is an XML string containing Edge assets. For an example XML string, see [Add image for secondary Microsoft Edge tiles](https://docs.microsoft.com/en-us/windows/configuration/start-secondary-tiles). +The value set for this policy is an XML string containing Edge assets. For an example XML string, see [Add image for secondary Microsoft Edge tiles](https://docs.microsoft.com/en-us/windows/configuration/start-secondary-tiles). -

    To validate on Desktop, do the following: +To validate on Desktop, do the following: 1. Set policy with an XML for Edge assets. 2. Set StartLayout policy to anything so that it would trigger the Edge assets import. @@ -1571,9 +1571,9 @@ The following list shows the supported values: -

    Added in Windows 10, version 1703. Allows IT Admins to configure the taskbar by disabling pinning and unpinning apps on the taskbar. +Added in Windows 10, version 1703. Allows IT Admins to configure the taskbar by disabling pinning and unpinning apps on the taskbar. -

    To validate on Desktop, do the following: +To validate on Desktop, do the following: 1. Enable policy. 2. Right click on a program pinned to taskbar. @@ -1631,9 +1631,9 @@ The following list shows the supported values: > [!IMPORTANT] > Added in Windows 10 version 1703: In addition to being able to set this node on a per user-basis, it can now also be set on a per-device basis. For more information, see [Policy scope](./policy-configuration-service-provider.md#policy-scope) -

    Allows you to override the default Start layout and prevents the user from changing it. If both user and device policies are set, the user policy will be used. Apps pinned to the taskbar can also be changed with this policy +Allows you to override the default Start layout and prevents the user from changing it. If both user and device policies are set, the user policy will be used. Apps pinned to the taskbar can also be changed with this policy -

    For further details on how to customize the Start layout, please see [Customize and export Start layout](https://docs.microsoft.com/en-us/windows/configuration/customize-and-export-start-layout) and [Configure Windows 10 taskbar](https://docs.microsoft.com/en-us/windows/configuration/configure-windows-10-taskbar). +For further details on how to customize the Start layout, please see [Customize and export Start layout](https://docs.microsoft.com/en-us/windows/configuration/customize-and-export-start-layout) and [Configure Windows 10 taskbar](https://docs.microsoft.com/en-us/windows/configuration/configure-windows-10-taskbar). diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md index 57e64d4e9f..189436f4eb 100644 --- a/windows/client-management/mdm/policy-csp-storage.md +++ b/windows/client-management/mdm/policy-csp-storage.md @@ -64,15 +64,15 @@ ms.date: 12/13/2017 -

    Added in Windows 10, version 1709. Allows disk health model updates. +Added in Windows 10, version 1709. Allows disk health model updates. -

    The following list shows the supported values: +The following list shows the supported values: - 0 - Do not allow - 1 (default) - Allow -

    Value type is integer. +Value type is integer. diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index 5a62fcc89e..2435e96fe0 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -109,11 +109,11 @@ ms.date: 12/19/2017 > This policy setting applies only to devices running Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education, Windows 10 Mobile, and Windows 10 Mobile Enterprise. -

    This policy setting determines whether users can access the Insider build controls in the Advanced Options for Windows Update. These controls are located under "Get Insider builds," and enable users to make their devices available for downloading and installing Windows preview software. +This policy setting determines whether users can access the Insider build controls in the Advanced Options for Windows Update. These controls are located under "Get Insider builds," and enable users to make their devices available for downloading and installing Windows preview software. -

    If you enable or do not configure this policy setting, users can download and install Windows preview software on their devices. If you disable this policy setting, the item "Get Insider builds" will be unavailable. +If you enable or do not configure this policy setting, users can download and install Windows preview software on their devices. If you disable this policy setting, the item "Get Insider builds" will be unavailable. -

    The following list shows the supported values: +The following list shows the supported values: - 0 – Not allowed. The item "Get Insider builds" is unavailable, users are unable to make their devices available for preview software. - 1 – Allowed. Users can make their devices available for downloading and installing preview software. @@ -158,9 +158,9 @@ ms.date: 12/19/2017 -

    Specifies whether set general purpose device to be in embedded mode. +Specifies whether set general purpose device to be in embedded mode. -

    Most restricted value is 0. +Most restricted value is 0. @@ -211,15 +211,15 @@ The following list shows the supported values: > [!NOTE] > This policy is not supported in Windows 10, version 1607. -

    This policy setting determines the level that Microsoft can experiment with the product to study user preferences or device behavior. +This policy setting determines the level that Microsoft can experiment with the product to study user preferences or device behavior. -

    The following list shows the supported values: +The following list shows the supported values: - 0 – Disabled. - 1 (default) – Permits Microsoft to configure device settings only. - 2 – Allows Microsoft to conduct full experimentations. -

    Most restricted value is 0. +Most restricted value is 0. @@ -260,11 +260,11 @@ The following list shows the supported values: -

    Added in Windows 10, version 1703. Boolean policy setting that determines whether Windows is allowed to download fonts and font catalog data from an online font provider. If you enable this setting, Windows periodically queries an online font provider to determine whether a new font catalog is available. Windows may also download font data if needed to format or render text. If you disable this policy setting, Windows does not connect to an online font provider and only enumerates locally-installed fonts. +Added in Windows 10, version 1703. Boolean policy setting that determines whether Windows is allowed to download fonts and font catalog data from an online font provider. If you enable this setting, Windows periodically queries an online font provider to determine whether a new font catalog is available. Windows may also download font data if needed to format or render text. If you disable this policy setting, Windows does not connect to an online font provider and only enumerates locally-installed fonts. -

    This MDM setting corresponds to the EnableFontProviders Group Policy setting. If both the Group Policy and the MDM settings are configured, the group policy setting takes precedence. If neither is configured, the behavior depends on a DisableFontProviders registry value. In server editions, this registry value is set to 1 by default, so the default behavior is false (disabled). In all other editions, the registry value is not set by default, so the default behavior is true (enabled). +This MDM setting corresponds to the EnableFontProviders Group Policy setting. If both the Group Policy and the MDM settings are configured, the group policy setting takes precedence. If neither is configured, the behavior depends on a DisableFontProviders registry value. In server editions, this registry value is set to 1 by default, so the default behavior is false (disabled). In all other editions, the registry value is not set by default, so the default behavior is true (enabled). -

    This setting is used by lower-level components for text display and fond handling and has not direct effect on web browsers, which may download web fonts used in web content. +This setting is used by lower-level components for text display and fond handling and has not direct effect on web browsers, which may download web fonts used in web content. > [!Note] > Reboot is required after setting the policy; alternatively you can stop and restart the FontCache service. @@ -278,7 +278,7 @@ The following list shows the supported values: -

    To verify if System/AllowFontProviders is set to true: +To verify if System/AllowFontProviders is set to true: - After a client machine is rebooted, check whether there is any network traffic from client machine to fs.microsoft.com. @@ -321,21 +321,21 @@ The following list shows the supported values: -

    Specifies whether to allow app access to the Location service. +Specifies whether to allow app access to the Location service. -

    The following list shows the supported values: +The following list shows the supported values: - 0 – Force Location Off. All Location Privacy settings are toggled off and greyed out. Users cannot change the settings, and no apps are allowed access to the Location service, including Cortana and Search. - 1 (default) – Location service is allowed. The user has control and can change Location Privacy settings on or off. - 2 – Force Location On. All Location Privacy settings are toggled on and greyed out. Users cannot change the settings and all consent permissions will be automatically suppressed. -

    Most restricted value is 0. +Most restricted value is 0. -

    While the policy is set to 0 (Force Location Off) or 2 (Force Location On), any Location service call from an app would trigger the value set by this policy. +While the policy is set to 0 (Force Location Off) or 2 (Force Location On), any Location service call from an app would trigger the value set by this policy. -

    When switching the policy back from 0 (Force Location Off) or 2 (Force Location On) to 1 (User Control), the app reverts to its original Location service setting. +When switching the policy back from 0 (Force Location Off) or 2 (Force Location On) to 1 (User Control), the app reverts to its original Location service setting. -

    For example, an app's original Location setting is Off. The administrator then sets the **AllowLocation** policy to 2 (Force Location On.) The Location service starts working for that app, overriding the original setting. Later, if the administrator switches the **AllowLocation** policy back to 1 (User Control), the app will revert to using its original setting of Off. +For example, an app's original Location setting is Off. The administrator then sets the **AllowLocation** policy to 2 (Force Location On.) The Location service starts working for that app, overriding the original setting. Later, if the administrator switches the **AllowLocation** policy back to 1 (User Control), the app will revert to using its original setting of Off. @@ -376,9 +376,9 @@ The following list shows the supported values: -

    Controls whether the user is allowed to use the storage card for device storage. This setting prevents programmatic access to the storage card. +Controls whether the user is allowed to use the storage card for device storage. This setting prevents programmatic access to the storage card. -

    Most restricted value is 0. +Most restricted value is 0. @@ -427,9 +427,9 @@ The following list shows the supported values: -

    Allow the device to send diagnostic and usage telemetry data, such as Watson. +Allow the device to send diagnostic and usage telemetry data, such as Watson. -

    The following tables describe the supported values: +The following tables describe the supported values: Windows 8.1 Values: @@ -502,7 +502,7 @@ Windows 10 Values: > If you are using Windows 8.1 MDM server and set a value of 0 using the legacy AllowTelemetry policy on a Windows 10 Mobile device, then the value is not respected and the telemetry level is silently set to level 1. -

    Most restricted value is 0. +Most restricted value is 0. @@ -543,9 +543,9 @@ Windows 10 Values: -

    Specifies whether to allow the user to factory reset the phone by using control panel and hardware key combination. +Specifies whether to allow the user to factory reset the phone by using control panel and hardware key combination. -

    Most restricted value is 0. +Most restricted value is 0. @@ -692,7 +692,7 @@ This policy setting blocks the Connected User Experience and Telemetry service f -

    Added in Windows 10, version 1703. Allows IT Admins to prevent apps and features from working with files on OneDrive. If you enable this policy setting: +Added in Windows 10, version 1703. Allows IT Admins to prevent apps and features from working with files on OneDrive. If you enable this policy setting: * Users cannot access OneDrive from the OneDrive app or file picker. * Microsoft Store apps cannot access OneDrive using the WinRT API. @@ -700,9 +700,9 @@ This policy setting blocks the Connected User Experience and Telemetry service f * OneDrive files are not kept in sync with the cloud. * Users cannot automatically upload photos and videos from the camera roll folder. -

    If you disable or do not configure this policy setting, apps and features can work with OneDrive file storage. +If you disable or do not configure this policy setting, apps and features can work with OneDrive file storage. -

    To validate on Desktop, do the following: +To validate on Desktop, do the following: 1. Enable policy. 2. Restart machine. @@ -870,20 +870,20 @@ The following list shows the supported values: -

    This policy setting, in combination with the System/AllowTelemetry +This policy setting, in combination with the System/AllowTelemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. -

    To enable this behavior you must complete two steps: +To enable this behavior you must complete two steps:

    • Enable this policy setting
    • Set Allow Telemetry to level 2 (Enhanced)
    -

    When you configure these policy settings, a basic level of diagnostic data plus additional events that are required for Windows Analytics are sent to Microsoft. These events are documented here: [Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics](https://go.microsoft.com/fwlink/?linkid=847594). +When you configure these policy settings, a basic level of diagnostic data plus additional events that are required for Windows Analytics are sent to Microsoft. These events are documented here: [Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics](https://go.microsoft.com/fwlink/?linkid=847594). -

    Enabling enhanced diagnostic data in the System/AllowTelemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus additional enhanced level telemetry data. This setting has no effect on computers configured to send full, basic or security level diagnostic data to Microsoft. +Enabling enhanced diagnostic data in the System/AllowTelemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus additional enhanced level telemetry data. This setting has no effect on computers configured to send full, basic or security level diagnostic data to Microsoft. -

    If you disable or do not configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy. +If you disable or do not configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy. @@ -924,9 +924,9 @@ The following list shows the supported values: -

    Allows you to specify the fully qualified domain name (FQDN) or IP address of a proxy server to forward Connected User Experiences and Telemetry requests. The format for this setting is *<server>:<port>*. The connection is made over a Secure Sockets Layer (SSL) connection. If the named proxy fails, or if there is no proxy specified when this policy is enabled, the Connected User Experiences and Telemetry data will not be transmitted and will remain on the local device. +Allows you to specify the fully qualified domain name (FQDN) or IP address of a proxy server to forward Connected User Experiences and Telemetry requests. The format for this setting is *<server>:<port>*. The connection is made over a Secure Sockets Layer (SSL) connection. If the named proxy fails, or if there is no proxy specified when this policy is enabled, the Connected User Experiences and Telemetry data will not be transmitted and will remain on the local device. -

    If you disable or do not configure this policy setting, Connected User Experiences and Telemetry will go to Microsoft using the default proxy configuration. +If you disable or do not configure this policy setting, Connected User Experiences and Telemetry will go to Microsoft using the default proxy configuration. diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md index d6e2d91c96..fbb6857b81 100644 --- a/windows/client-management/mdm/policy-csp-textinput.md +++ b/windows/client-management/mdm/policy-csp-textinput.md @@ -106,9 +106,9 @@ ms.date: 12/19/2017 > The policy is only enforced in Windows 10 for desktop. -

    Allows the user to turn on and off the logging for incorrect conversion and saving auto-tuning result to a file and history-based predictive input. +Allows the user to turn on and off the logging for incorrect conversion and saving auto-tuning result to a file and history-based predictive input. -

    Most restricted value is 0. +Most restricted value is 0. @@ -160,9 +160,9 @@ The following list shows the supported values: > The policy is only enforced in Windows 10 for desktop. -

    Allows the user to turn on Open Extended Dictionary, Internet search integration, or cloud candidate features to provide input suggestions that do not exist in the device's local dictionary. +Allows the user to turn on Open Extended Dictionary, Internet search integration, or cloud candidate features to provide input suggestions that do not exist in the device's local dictionary. -

    Most restricted value is 0. +Most restricted value is 0. @@ -214,9 +214,9 @@ The following list shows the supported values: > The policy is only enforced in Windows 10 for desktop. -

    Allows the IT admin to disable the touch/handwriting keyboard on Windows. +Allows the IT admin to disable the touch/handwriting keyboard on Windows. -

    Most restricted value is 0. +Most restricted value is 0. @@ -268,14 +268,14 @@ The following list shows the supported values: > The policy is only enforced in Windows 10 for desktop. -

    Allows the Japanese IME surrogate pair characters. +Allows the Japanese IME surrogate pair characters. -

    The following list shows the supported values: +The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. -

    Most restricted value is 0. +Most restricted value is 0. @@ -320,9 +320,9 @@ The following list shows the supported values: > The policy is only enforced in Windows 10 for desktop. -

    Allows Japanese Ideographic Variation Sequence (IVS) characters. +Allows Japanese Ideographic Variation Sequence (IVS) characters. -

    Most restricted value is 0. +Most restricted value is 0. @@ -374,9 +374,9 @@ The following list shows the supported values: > The policy is only enforced in Windows 10 for desktop. -

    Allows the Japanese non-publishing standard glyph. +Allows the Japanese non-publishing standard glyph. -

    Most restricted value is 0. +Most restricted value is 0. @@ -428,9 +428,9 @@ The following list shows the supported values: > The policy is only enforced in Windows 10 for desktop. -

    Allows the Japanese user dictionary. +Allows the Japanese user dictionary. -

    Most restricted value is 0. +Most restricted value is 0. @@ -481,11 +481,11 @@ The following list shows the supported values: > [!NOTE] > The policy is only enforced in Windows 10 for desktop. -

    Added in Windows 10, version 1703. Specifies whether text prediction is enabled or disabled for the on-screen keyboard, touch keyboard, and handwriting recognition tool. When this policy is set to disabled, text prediction is disabled. +Added in Windows 10, version 1703. Specifies whether text prediction is enabled or disabled for the on-screen keyboard, touch keyboard, and handwriting recognition tool. When this policy is set to disabled, text prediction is disabled. -

    Most restricted value is 0. +Most restricted value is 0. -

    To validate that text prediction is disabled on Windows 10 for desktop, do the following: +To validate that text prediction is disabled on Windows 10 for desktop, do the following: 1. Search for and launch the on-screen keyboard. Verify that text prediction is disabled by typing some text. Text prediction on the keyboard will be disabled even if the “Use Text Prediction” setting is enabled from the options button. 2. Launch the input panel/touch keyboard by touching a text input field or launching it from the taskbar. Verify that text prediction is disabled by typing some text. Text prediction on the keyboard will be disabled even if the “Show text suggestions as I type” setting is enabled in the Settings app. @@ -505,7 +505,7 @@ The following list shows the supported values: **TextInput/AllowKoreanExtendedHanja** -

    This policy has been deprecated. +This policy has been deprecated. @@ -550,9 +550,9 @@ The following list shows the supported values: > The policy is only enforced in Windows 10 for desktop. -

    Allows the uninstall of language features, such as spell checkers, on a device. +Allows the uninstall of language features, such as spell checkers, on a device. -

    Most restricted value is 0. +Most restricted value is 0. @@ -665,9 +665,9 @@ The following list shows the supported values: > The policy is only enforced in Windows 10 for desktop. -

    Allows the users to restrict character code range of conversion by setting the character filter. +Allows the users to restrict character code range of conversion by setting the character filter. -

    The following list shows the supported values: +The following list shows the supported values: - 0 (default) – No characters are filtered. - 1 – All characters except JIS0208 are filtered. @@ -715,9 +715,9 @@ The following list shows the supported values: > The policy is only enforced in Windows 10 for desktop. -

    Allows the users to restrict character code range of conversion by setting the character filter. +Allows the users to restrict character code range of conversion by setting the character filter. -

    The following list shows the supported values: +The following list shows the supported values: - 0 (default) – No characters are filtered. - 1 – All characters except JIS0208 and EUDC are filtered. @@ -765,9 +765,9 @@ The following list shows the supported values: > The policy is only enforced in Windows 10 for desktop. -

    Allows the users to restrict character code range of conversion by setting the character filter. +Allows the users to restrict character code range of conversion by setting the character filter. -

    The following list shows the supported values: +The following list shows the supported values: - 0 (default) – No characters are filtered. - 1 – All characters except ShiftJIS are filtered. diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md index 42221e6fde..f97d7275a3 100644 --- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md +++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md @@ -61,7 +61,7 @@ ms.date: 12/14/2017 -

    Allows for the configuration of the default clock setting to be the 24 hour format. Selecting 'Set 24 hour Clock' enables this setting. Selecting 'Locale default setting' uses the default clock as prescribed by the current locale setting. +Allows for the configuration of the default clock setting to be the 24 hour format. Selecting 'Set 24 hour Clock' enables this setting. Selecting 'Locale default setting' uses the default clock as prescribed by the current locale setting. diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index f0cc05b9e9..771fc0cab4 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -204,14 +204,14 @@ ms.date: 12/19/2017 -

    Added in Windows 10, version 1607. Allows the IT admin (when used with **Update/ActiveHoursStart**) to manage a range of active hours where update reboots are not scheduled. This value sets the end time. There is a 12 hour maximum from start time. +Added in Windows 10, version 1607. Allows the IT admin (when used with **Update/ActiveHoursStart**) to manage a range of active hours where update reboots are not scheduled. This value sets the end time. There is a 12 hour maximum from start time. > [!NOTE] > The default maximum difference from start time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured. See **Update/ActiveHoursMaxRange** below for more information. -

    Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, etc. +Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, etc. -

    The default is 17 (5 PM). +The default is 17 (5 PM). @@ -252,11 +252,11 @@ ms.date: 12/19/2017 -

    Added in Windows 10, version 1703. Allows the IT admin to specify the max active hours range. This value sets max number of active hours from start time. +Added in Windows 10, version 1703. Allows the IT admin to specify the max active hours range. This value sets max number of active hours from start time. -

    Supported values are 8-18. +Supported values are 8-18. -

    The default value is 18 (hours). +The default value is 18 (hours). @@ -297,14 +297,14 @@ ms.date: 12/19/2017 -

    Added in Windows 10, version 1607. Allows the IT admin (when used with **Update/ActiveHoursEnd**) to manage a range of hours where update reboots are not scheduled. This value sets the start time. There is a 12 hour maximum from end time. +Added in Windows 10, version 1607. Allows the IT admin (when used with **Update/ActiveHoursEnd**) to manage a range of hours where update reboots are not scheduled. This value sets the start time. There is a 12 hour maximum from end time. > [!NOTE] > The default maximum difference from end time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured. See **Update/ActiveHoursMaxRange** above for more information. -

    Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, etc. +Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, etc. -

    The default value is 8 (8 AM). +The default value is 8 (8 AM). @@ -345,11 +345,11 @@ ms.date: 12/19/2017 -

    Enables the IT admin to manage automatic update behavior to scan, download, and install updates. +Enables the IT admin to manage automatic update behavior to scan, download, and install updates. -

    Supported operations are Get and Replace. +Supported operations are Get and Replace. -

    The following list shows the supported values: +The following list shows the supported values: - 0 – Notify the user before downloading the update. This policy is used by the enterprise who wants to enable the end-users to manage data usage. With this option users are notified when there are updates that apply to the device and are ready for download. Users can download and install the updates from the Windows Update control panel. - 1 – Auto install the update and then notify the user to schedule a device restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates immediately. If the installation requires a restart, the end-user is prompted to schedule the restart time. The end-user has up to seven days to schedule the restart and after that, a restart of the device is forced. Enabling the end-user to control the start time reduces the risk of accidental data loss caused by applications that do not shutdown properly on restart. @@ -362,7 +362,7 @@ ms.date: 12/19/2017 > This option should be used only for systems under regulatory compliance, as you will not get security updates as well.   -

    If the policy is not configured, end-users get the default behavior (Auto install and restart). +If the policy is not configured, end-users get the default behavior (Auto install and restart). @@ -403,7 +403,7 @@ ms.date: 12/19/2017 -

    Added in Windows 10, version 1709. Option to download updates automatically over metered connections (off by default). Value type is integer. +Added in Windows 10, version 1709. Option to download updates automatically over metered connections (off by default). Value type is integer. A significant number of devices primarily use cellular data and do not have Wi-Fi access, which leads to a lower number of devices getting updates. Since a large number of devices have large data plans or unlimited data, this policy can unblock devices from getting updates. @@ -455,9 +455,9 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. Allows the IT admin to manage whether to scan for app updates from Microsoft Update. +Added in Windows 10, version 1607. Allows the IT admin to manage whether to scan for app updates from Microsoft Update. -

    The following list shows the supported values: +The following list shows the supported values: - 0 – Not allowed or not configured. - 1 – Allowed. Accepts updates received through Microsoft Update. @@ -501,11 +501,11 @@ The following list shows the supported values: -

    Allows the IT admin to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. This policy supports using WSUS for 3rd party software and patch distribution. +Allows the IT admin to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. This policy supports using WSUS for 3rd party software and patch distribution. -

    Supported operations are Get and Replace. +Supported operations are Get and Replace. -

    This policy is specific to desktop and local publishing via WSUS for 3rd party updates (binaries and updates not hosted on Microsoft Update) and allows IT to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found on an intranet Microsoft update service location. +This policy is specific to desktop and local publishing via WSUS for 3rd party updates (binaries and updates not hosted on Microsoft Update) and allows IT to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found on an intranet Microsoft update service location. @@ -553,11 +553,11 @@ The following list shows the supported values: -

    Specifies whether the device could use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store. +Specifies whether the device could use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store. -

    Even when Windows Update is configured to receive updates from an intranet update service, it will periodically retrieve information from the public Windows Update service to enable future connections to Windows Update, and other services like Microsoft Update or the Microsoft Store +Even when Windows Update is configured to receive updates from an intranet update service, it will periodically retrieve information from the public Windows Update service to enable future connections to Windows Update, and other services like Microsoft Update or the Microsoft Store -

    Enabling this policy will disable that functionality, and may cause connection to public services such as the Microsoft Store to stop working. +Enabling this policy will disable that functionality, and may cause connection to public services such as the Microsoft Store to stop working. > [!NOTE] > This policy applies only when the desktop or device is configured to connect to an intranet update service using the "Specify intranet Microsoft update service location" policy. @@ -608,11 +608,11 @@ The following list shows the supported values: -

    Added in Windows 10, version 1703. This policy defines the deadline in days after which a reboot for updates will become mandatory. +Added in Windows 10, version 1703. This policy defines the deadline in days after which a reboot for updates will become mandatory. -

    Supported values are 2-30 days. +Supported values are 2-30 days. -

    The default value is 7 days. +The default value is 7 days. @@ -653,9 +653,9 @@ The following list shows the supported values: -

    Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart reminder notifications. +Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart reminder notifications. -

    The default value is 15 (minutes). +The default value is 15 (minutes). @@ -700,9 +700,9 @@ Supported values are 15, 30, 60, 120, and 240 (minutes). -

    Added in Windows 10, version 1703. Allows the IT Admin to specify the method by which the auto-restart required notification is dismissed. +Added in Windows 10, version 1703. Allows the IT Admin to specify the method by which the auto-restart required notification is dismissed. -

    The following list shows the supported values: +The following list shows the supported values: - 1 (default) – Auto Dismissal. - 2 – User Dismissal. @@ -746,7 +746,7 @@ Supported values are 15, 30, 60, 120, and 240 (minutes). -

    Added in Windows 10, version 1607. Allows the IT admin to set which branch a device receives their updates from. +Added in Windows 10, version 1607. Allows the IT admin to set which branch a device receives their updates from. @@ -789,7 +789,7 @@ The following list shows the supported values: -

    Added in Windows 10, next major update. Enable IT admin to configure feature update uninstall period. Values range 2 - 60 days. Default is 10 days. +Added in Windows 10, next major update. Enable IT admin to configure feature update uninstall period. Values range 2 - 60 days. Default is 10 days. @@ -833,11 +833,11 @@ The following list shows the supported values: -

    Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect. +Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect. -

    Added in Windows 10, version 1607. Defers Feature Updates for the specified number of days. +Added in Windows 10, version 1607. Defers Feature Updates for the specified number of days. -

    Supported values are 0-365 days. +Supported values are 0-365 days. > [!IMPORTANT] > The default maximum number of days to defer an update has been increased from 180 (Windows 10, version 1607) to 365 in Windows 10, version 1703. @@ -881,9 +881,9 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. Defers Quality Updates for the specified number of days. +Added in Windows 10, version 1607. Defers Quality Updates for the specified number of days. -

    Supported values are 0-30. +Supported values are 0-30. @@ -928,18 +928,18 @@ The following list shows the supported values: > Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use DeferUpdatePeriod for Windows 10, version 1511 devices. -

    Allows IT Admins to specify update delays for up to 4 weeks. +Allows IT Admins to specify update delays for up to 4 weeks. -

    Supported values are 0-4, which refers to the number of weeks to defer updates. +Supported values are 0-4, which refers to the number of weeks to defer updates. -

    In Windows 10 Mobile Enterprise version 1511 devices set to automatic updates, for DeferUpdatePeriod to work, you must set the following: +In Windows 10 Mobile Enterprise version 1511 devices set to automatic updates, for DeferUpdatePeriod to work, you must set the following: - Update/RequireDeferUpgrade must be set to 1 - System/AllowTelemetry must be set to 1 or higher -

    If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. +If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. -

    If the Allow Telemetry policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. +If the Allow Telemetry policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. OS upgrade: - Maximum deferral: 8 months @@ -1064,13 +1064,13 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego > Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use DeferUpgradePeriod for Windows 10, version 1511 devices. -

    Allows IT Admins to specify additional upgrade delays for up to 8 months. +Allows IT Admins to specify additional upgrade delays for up to 8 months. -

    Supported values are 0-8, which refers to the number of months to defer upgrades. +Supported values are 0-8, which refers to the number of months to defer upgrades. -

    If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. +If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. -

    If the "Allow Telemetry" policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. +If the "Allow Telemetry" policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. @@ -1111,7 +1111,7 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego -

    Added in Windows 10, version 1703. Specifies the scan frequency from every 1 - 22 hours. Default is 22 hours. +Added in Windows 10, version 1703. Specifies the scan frequency from every 1 - 22 hours. Default is 22 hours. @@ -1152,13 +1152,13 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego -

    Added in Windows 10, version 1709, but was added to 1607 and 1703 service releases. Do not allow update deferral policies to cause scans against Windows Update. If this policy is not enabled, then configuring deferral policies will result in the client unexpectedly scanning Windows update. With the policy enabled, those scans are prevented, and users can configure deferral policies as much as they like. +Added in Windows 10, version 1709, but was added to 1607 and 1703 service releases. Do not allow update deferral policies to cause scans against Windows Update. If this policy is not enabled, then configuring deferral policies will result in the client unexpectedly scanning Windows update. With the policy enabled, those scans are prevented, and users can configure deferral policies as much as they like. -

    For more information about dual scan, see [Demystifying "Dual Scan"](https://blogs.technet.microsoft.com/wsus/2017/05/05/demystifying-dual-scan/) and [Improving Dual Scan on 1607](https://blogs.technet.microsoft.com/wsus/2017/08/04/improving-dual-scan-on-1607/). +For more information about dual scan, see [Demystifying "Dual Scan"](https://blogs.technet.microsoft.com/wsus/2017/05/05/demystifying-dual-scan/) and [Improving Dual Scan on 1607](https://blogs.technet.microsoft.com/wsus/2017/08/04/improving-dual-scan-on-1607/). -

    This is the same as the Group Policy in Windows Components > Window Update "Do not allow update deferral policies to cause scans against Windows Update." +This is the same as the Group Policy in Windows Components > Window Update "Do not allow update deferral policies to cause scans against Windows Update." -

    Value type is integer. Supported operations are Add, Get, Replace, and Delete. +Value type is integer. Supported operations are Add, Get, Replace, and Delete. @@ -1206,11 +1206,11 @@ The following list shows the supported values: -

    Added in Windows 10, version 1703. Allows the IT Admin to specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to be automatically executed within the specified period. If no deadline is specified or deadline is set to 0, the restart will not be automatically executed and will remain Engaged restart (pending user scheduling). +Added in Windows 10, version 1703. Allows the IT Admin to specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to be automatically executed within the specified period. If no deadline is specified or deadline is set to 0, the restart will not be automatically executed and will remain Engaged restart (pending user scheduling). -

    Supported values are 2-30 days. +Supported values are 2-30 days. -

    The default value is 0 days (not specified). +The default value is 0 days (not specified). @@ -1251,11 +1251,11 @@ The following list shows the supported values: -

    Added in Windows 10, version 1703. Allows the IT Admin to control the number of days a user can snooze Engaged restart reminder notifications. +Added in Windows 10, version 1703. Allows the IT Admin to control the number of days a user can snooze Engaged restart reminder notifications. -

    Supported values are 1-3 days. +Supported values are 1-3 days. -

    The default value is 3 days. +The default value is 3 days. @@ -1296,11 +1296,11 @@ The following list shows the supported values: -

    Added in Windows 10, version 1703. Allows the IT Admin to control the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. The period can be set between 2 and 30 days from the time the restart becomes pending. +Added in Windows 10, version 1703. Allows the IT Admin to control the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. The period can be set between 2 and 30 days from the time the restart becomes pending. -

    Supported values are 2-30 days. +Supported values are 2-30 days. -

    The default value is 7 days. +The default value is 7 days. @@ -1344,9 +1344,9 @@ The following list shows the supported values: > [!NOTE] > Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect. -

    Added in Windows 10, version 1607. Allows IT Admins to exclude Windows Update (WU) drivers during updates. +Added in Windows 10, version 1607. Allows IT Admins to exclude Windows Update (WU) drivers during updates. -

    The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Allow Windows Update drivers. - 1 – Exclude Windows Update drivers. @@ -1390,12 +1390,12 @@ The following list shows the supported values: -

    Added in the April service release of Windows 10, version 1607. Allows Windows Update Agent to determine the download URL when it is missing from the metadata. This scenario will occur when intranet update service stores the metadata files but the download contents are stored in the ISV file cache (specified as the alternate download URL). +Added in the April service release of Windows 10, version 1607. Allows Windows Update Agent to determine the download URL when it is missing from the metadata. This scenario will occur when intranet update service stores the metadata files but the download contents are stored in the ISV file cache (specified as the alternate download URL). > [!NOTE] > This setting should only be used in combination with an alternate download URL and configured to use ISV file cache. This setting is used when the intranet update service does not provide download URLs in the update metadata for files which are available on the alternate download server. -

    The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Disabled. - 1 – Enabled. @@ -1439,7 +1439,7 @@ The following list shows the supported values: -

    Added in Windows 10, version 1703. Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for apps and their updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies. +Added in Windows 10, version 1703. Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for apps and their updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies. > [!WARNING] > Setting this policy might cause devices to incur costs from MO operators. @@ -1502,13 +1502,13 @@ To validate this policy: -

    Added in Windows 10, version 1703. Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for OS updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies. +Added in Windows 10, version 1703. Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for OS updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies. > [!WARNING] > Setting this policy might cause devices to incur costs from MO operators. -

    To validate this policy: +To validate this policy: 1. Enable the policy and ensure the device is on a cellular network. 2. Run the scheduled task on phone to check for OS updates in the background. For example, on a mobile device, run the following commands in TShell: @@ -1562,9 +1562,9 @@ The following list shows the supported values: -

    Added in Windows 10, version 1709. Used to manage Windows 10 Insider Preview builds. Value type is integer. +Added in Windows 10, version 1709. Used to manage Windows 10 Insider Preview builds. Value type is integer. -

    The following list shows the supported values: +The following list shows the supported values: - 0 - Disable Preview builds - 1 - Disable Preview builds once the next release is public @@ -1613,16 +1613,16 @@ The following list shows the supported values: > Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use PauseDeferrals for Windows 10, version 1511 devices. -

    Allows IT Admins to pause updates and upgrades for up to 5 weeks. Paused deferrals will be reset after 5 weeks. +Allows IT Admins to pause updates and upgrades for up to 5 weeks. Paused deferrals will be reset after 5 weeks. -

    The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Deferrals are not paused. - 1 – Deferrals are paused. -

    If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. +If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. -

    If the "Allow Telemetry" policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. +If the "Allow Telemetry" policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. @@ -1663,12 +1663,12 @@ The following list shows the supported values: -

    Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect. +Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect. -

    Added in Windows 10, version 1607. Allows IT Admins to pause Feature Updates for up to 60 days. +Added in Windows 10, version 1607. Allows IT Admins to pause Feature Updates for up to 60 days. -

    The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Feature Updates are not paused. - 1 – Feature Updates are paused for 60 days or until value set to back to 0, whichever is sooner. @@ -1712,9 +1712,9 @@ The following list shows the supported values: -

    Added in Windows 10, version 1703. Specifies the date and time when the IT admin wants to start pausing the Feature Updates. +Added in Windows 10, version 1703. Specifies the date and time when the IT admin wants to start pausing the Feature Updates. -

    Value type is string. Supported operations are Add, Get, Delete, and Replace. +Value type is string. Supported operations are Add, Get, Delete, and Replace. @@ -1755,9 +1755,9 @@ The following list shows the supported values: -

    Added in Windows 10, version 1607. Allows IT Admins to pause Quality Updates. +Added in Windows 10, version 1607. Allows IT Admins to pause Quality Updates. -

    The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Quality Updates are not paused. - 1 – Quality Updates are paused for 35 days or until value set back to 0, whichever is sooner. @@ -1801,9 +1801,9 @@ The following list shows the supported values: -

    Added in Windows 10, version 1703. Specifies the date and time when the IT admin wants to start pausing the Quality Updates. +Added in Windows 10, version 1703. Specifies the date and time when the IT admin wants to start pausing the Quality Updates. -

    Value type is string. Supported operations are Add, Get, Delete, and Replace. +Value type is string. Supported operations are Add, Get, Delete, and Replace. @@ -1812,7 +1812,7 @@ The following list shows the supported values: **Update/PhoneUpdateRestrictions** -

    This policy is deprecated. Use [Update/RequireUpdateApproval](#update-requireupdateapproval) instead. +This policy is deprecated. Use [Update/RequireUpdateApproval](#update-requireupdateapproval) instead. @@ -1865,9 +1865,9 @@ The following list shows the supported values: > Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use RequireDeferUpgrade for Windows 10, version 1511 devices. -

    Allows the IT admin to set a device to Semi-Annual Channel train. +Allows the IT admin to set a device to Semi-Annual Channel train. -

    The following list shows the supported values: +The following list shows the supported values: - 0 (default) – User gets upgrades from Semi-Annual Channel (Targeted). - 1 – User gets upgrades from Semi-Annual Channel. @@ -1915,11 +1915,11 @@ The following list shows the supported values: > If you previously used the **Update/PhoneUpdateRestrictions** policy in previous versions of Windows, it has been deprecated. Please use this policy instead. -

    Allows the IT admin to restrict the updates that are installed on a device to only those on an update approval list. It enables IT to accept the End User License Agreement (EULA) associated with the approved update on behalf of the end-user. EULAs are approved once an update is approved. +Allows the IT admin to restrict the updates that are installed on a device to only those on an update approval list. It enables IT to accept the End User License Agreement (EULA) associated with the approved update on behalf of the end-user. EULAs are approved once an update is approved. -

    Supported operations are Get and Replace. +Supported operations are Get and Replace. -

    The following list shows the supported values: +The following list shows the supported values: - 0 – Not configured. The device installs all applicable updates. - 1 – The device only installs updates that are both applicable and on the Approved Updates list. Set this policy to 1 if IT wants to control the deployment of updates on devices, such as when testing is required prior to deployment. @@ -1963,9 +1963,9 @@ The following list shows the supported values: -

    Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart imminent warning notifications. +Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart imminent warning notifications. -

    The default value is 15 (minutes). +The default value is 15 (minutes). @@ -2014,9 +2014,9 @@ Supported values are 15, 30, or 60 (minutes). > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise -

    Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart warning reminder notifications. +Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart warning reminder notifications. -

    The default value is 4 (hours). +The default value is 4 (hours). @@ -2061,13 +2061,13 @@ Supported values are 2, 4, 8, 12, or 24 (hours). -

    Enables the IT admin to schedule the day of the update installation. +Enables the IT admin to schedule the day of the update installation. -

    The data type is a integer. +The data type is a integer. -

    Supported operations are Add, Delete, Get, and Replace. +Supported operations are Add, Delete, Get, and Replace. -

    The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Every day - 1 – Sunday @@ -2117,7 +2117,7 @@ Supported values are 2, 4, 8, 12, or 24 (hours). -

    Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the every week. Value type is integer. Supported values: +Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the every week. Value type is integer. Supported values:

+
+ **Camera/AllowCamera** diff --git a/windows/client-management/mdm/policy-csp-cellular.md b/windows/client-management/mdm/policy-csp-cellular.md index 6c2905b717..c1be290991 100644 --- a/windows/client-management/mdm/policy-csp-cellular.md +++ b/windows/client-management/mdm/policy-csp-cellular.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/13/2017 +ms.date: 01/29/2018 --- # Policy CSP - Cellular @@ -36,7 +36,9 @@ ms.date: 12/13/2017 +
+ **Cellular/LetAppsAccessCellularData** @@ -97,7 +99,9 @@ The following list shows the supported values: +
+ **Cellular/LetAppsAccessCellularData_ForceAllowTheseApps** @@ -138,7 +142,9 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N +
+ **Cellular/LetAppsAccessCellularData_ForceDenyTheseApps** @@ -179,7 +185,9 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N +
+ **Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps** @@ -220,7 +228,9 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N +
+ **Cellular/ShowAppCellularAccessUI** diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md index 50cf068b2e..e121d2f02c 100644 --- a/windows/client-management/mdm/policy-csp-connectivity.md +++ b/windows/client-management/mdm/policy-csp-connectivity.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/14/2017 +ms.date: 01/29/2018 --- # Policy CSP - Connectivity @@ -63,7 +63,9 @@ ms.date: 12/14/2017 +
+ **Connectivity/AllowBluetooth** @@ -119,7 +121,9 @@ The following list shows the supported values: +
+ **Connectivity/AllowCellularData** @@ -168,7 +172,9 @@ The following list shows the supported values: +
+ **Connectivity/AllowCellularDataRoaming** @@ -229,7 +235,9 @@ To validate on mobile devices, do the following: +
+ **Connectivity/AllowConnectedDevices** @@ -280,7 +288,9 @@ The following list shows the supported values: +
+ **Connectivity/AllowNFC** @@ -334,7 +344,9 @@ The following list shows the supported values: +
+ **Connectivity/AllowUSBConnection** @@ -390,7 +402,9 @@ The following list shows the supported values: +
+ **Connectivity/AllowVPNOverCellular** @@ -440,7 +454,9 @@ The following list shows the supported values: +
+ **Connectivity/AllowVPNRoamingOverCellular** @@ -490,7 +506,9 @@ The following list shows the supported values: +
+ **Connectivity/DiablePrintingOverHTTP** @@ -545,7 +563,9 @@ ADMX Info: +
+ **Connectivity/DisableDownloadingOfPrintDriversOverHTTP** @@ -600,7 +620,9 @@ ADMX Info: +
+ **Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards** @@ -655,7 +677,9 @@ ADMX Info: +
+ **Connectivity/DisallowNetworkConnectivityActiveTests** @@ -698,7 +722,9 @@ Value type is integer. +
+ **Connectivity/HardenedUNCPaths** @@ -756,7 +782,9 @@ ADMX Info: +
+ **Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge** diff --git a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md index c628f5e912..50f47bd8ee 100644 --- a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md +++ b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/11/2018 +ms.date: 01/29/2018 --- # Policy CSP - ControlPolicyConflict @@ -26,7 +26,9 @@ ms.date: 01/11/2018 +
+ **ControlPolicyConflict/MDMWinsOverGP** @@ -80,14 +82,7 @@ The following list shows the supported values: - 0 (default) - 1 - The MDM policy is used and the GP policy is blocked. - - - - - - -
diff --git a/windows/client-management/mdm/policy-csp-credentialproviders.md b/windows/client-management/mdm/policy-csp-credentialproviders.md index 8db7adb8b4..f7c8f906c5 100644 --- a/windows/client-management/mdm/policy-csp-credentialproviders.md +++ b/windows/client-management/mdm/policy-csp-credentialproviders.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/14/2017 +ms.date: 01/29/2018 --- # Policy CSP - CredentialProviders @@ -30,7 +30,9 @@ ms.date: 12/14/2017 +
+ **CredentialProviders/AllowPINLogon** @@ -94,7 +96,9 @@ ADMX Info: +
+ **CredentialProviders/BlockPicturePassword** @@ -156,7 +160,9 @@ ADMX Info: +
+ **CredentialProviders/DisableAutomaticReDeploymentCredentials** diff --git a/windows/client-management/mdm/policy-csp-credentialsui.md b/windows/client-management/mdm/policy-csp-credentialsui.md index 6a2a7950a3..f3cedd07cc 100644 --- a/windows/client-management/mdm/policy-csp-credentialsui.md +++ b/windows/client-management/mdm/policy-csp-credentialsui.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - CredentialsUI @@ -27,7 +27,9 @@ ms.date: 11/01/2017 +
+ **CredentialsUI/DisablePasswordReveal** @@ -92,7 +94,9 @@ ADMX Info: +
+ **CredentialsUI/EnumerateAdministrators** diff --git a/windows/client-management/mdm/policy-csp-cryptography.md b/windows/client-management/mdm/policy-csp-cryptography.md index b8a7181d8e..921ef9f0a0 100644 --- a/windows/client-management/mdm/policy-csp-cryptography.md +++ b/windows/client-management/mdm/policy-csp-cryptography.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - Cryptography @@ -27,7 +27,9 @@ ms.date: 11/01/2017 +
+ **Cryptography/AllowFipsAlgorithmPolicy** @@ -73,7 +75,9 @@ The following list shows the supported values: +
+ **Cryptography/TLSCipherSuites** diff --git a/windows/client-management/mdm/policy-csp-dataprotection.md b/windows/client-management/mdm/policy-csp-dataprotection.md index b0e270bdff..9fc7abd61d 100644 --- a/windows/client-management/mdm/policy-csp-dataprotection.md +++ b/windows/client-management/mdm/policy-csp-dataprotection.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/14/2017 +ms.date: 01/29/2018 --- # Policy CSP - DataProtection @@ -27,7 +27,9 @@ ms.date: 12/14/2017 +
+ **DataProtection/AllowDirectMemoryAccess** @@ -77,7 +79,9 @@ The following list shows the supported values: +
+ **DataProtection/LegacySelectiveWipeID** diff --git a/windows/client-management/mdm/policy-csp-datausage.md b/windows/client-management/mdm/policy-csp-datausage.md index b9d3a22ccc..ca2c55abb5 100644 --- a/windows/client-management/mdm/policy-csp-datausage.md +++ b/windows/client-management/mdm/policy-csp-datausage.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - DataUsage @@ -27,7 +27,9 @@ ms.date: 11/01/2017 +
+ **DataUsage/SetCost3G** @@ -93,7 +95,9 @@ ADMX Info: +
+ **DataUsage/SetCost4G** diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index bb91bd44bd..fc2c7798e6 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - Defender @@ -126,7 +126,9 @@ ms.date: 11/01/2017 +
+ **Defender/AllowArchiveScanning** @@ -176,7 +178,9 @@ The following list shows the supported values: +
+ **Defender/AllowBehaviorMonitoring** @@ -226,7 +230,9 @@ The following list shows the supported values: +
+ **Defender/AllowCloudProtection** @@ -276,7 +282,9 @@ The following list shows the supported values: +
+ **Defender/AllowEmailScanning** @@ -326,7 +334,9 @@ The following list shows the supported values: +
+ **Defender/AllowFullScanOnMappedNetworkDrives** @@ -376,7 +386,9 @@ The following list shows the supported values: +
+ **Defender/AllowFullScanRemovableDriveScanning** @@ -426,7 +438,9 @@ The following list shows the supported values: +
+ **Defender/AllowIOAVProtection** @@ -476,7 +490,9 @@ The following list shows the supported values: +
+ **Defender/AllowIntrusionPreventionSystem** @@ -526,7 +542,9 @@ The following list shows the supported values: +
+ **Defender/AllowOnAccessProtection** @@ -576,7 +594,9 @@ The following list shows the supported values: +
+ **Defender/AllowRealtimeMonitoring** @@ -626,7 +646,9 @@ The following list shows the supported values: +
+ **Defender/AllowScanningNetworkFiles** @@ -676,7 +698,9 @@ The following list shows the supported values: +
+ **Defender/AllowScriptScanning** @@ -726,7 +750,9 @@ The following list shows the supported values: +
+ **Defender/AllowUserUIAccess** @@ -776,7 +802,9 @@ The following list shows the supported values: +
+ **Defender/AttackSurfaceReductionOnlyExclusions** @@ -823,7 +851,9 @@ Value type is string. +
+ **Defender/AttackSurfaceReductionRules** @@ -872,7 +902,9 @@ Value type is string. +
+ **Defender/AvgCPULoadFactor** @@ -921,7 +953,9 @@ The default value is 50. +
+ **Defender/CloudBlockLevel** @@ -982,7 +1016,9 @@ The following list shows the supported values: +
+ **Defender/CloudExtendedTimeout** @@ -1033,7 +1069,9 @@ For example, if the desired timeout is 60 seconds, specify 50 seconds in this se +
+ **Defender/ControlledFolderAccessAllowedApplications** @@ -1077,7 +1115,9 @@ Added in Windows 10, version 1709. This policy setting allows user-specified app +
+ **Defender/ControlledFolderAccessProtectedFolders** @@ -1121,7 +1161,9 @@ Added in Windows 10, version 1709. This policy settings allows adding user-speci +
+ **Defender/DaysToRetainCleanedMalware** @@ -1170,7 +1212,9 @@ The default value is 0, which keeps items in quarantine, and does not automatica +
+ **Defender/EnableControlledFolderAccess** @@ -1210,7 +1254,7 @@ The default value is 0, which keeps items in quarantine, and does not automatica > [!NOTE] > This policy is only enforced in Windows 10 for desktop. The previous name was EnableGuardMyFolders and changed to EnableControlledFolderAccess. -Added in Windows 10, version 1709. This policy enables setting the state (On/Off/Audit) for the guard my folders feature. The guard my folders feature removes modify and delete permissions from untrusted applications to certain folders such as My Documents. Value type is integer and the range is 0 - 2. +Added in Windows 10, version 1709. This policy enables setting the state (On/Off/Audit) for the guard my folders feature. The guard my folders feature removes modify and delete permissions from untrusted applications to certain folders such as My Documents. Value type is integer and the range is 0 - 2. @@ -1222,7 +1266,9 @@ The following list shows the supported values: +
+ **Defender/EnableNetworkProtection** @@ -1280,7 +1326,9 @@ The following list shows the supported values: +
+ **Defender/ExcludedExtensions** @@ -1325,7 +1373,9 @@ Allows an administrator to specify a list of file type extensions to ignore duri +
+ **Defender/ExcludedPaths** @@ -1370,7 +1420,9 @@ Allows an administrator to specify a list of directory paths to ignore during a +
+ **Defender/ExcludedProcesses** @@ -1421,7 +1473,9 @@ Each file type must be separated by a **|**. For example, "C:\\Example.exe|C:\\E +
+ **Defender/PUAProtection** @@ -1472,7 +1526,9 @@ The following list shows the supported values: +
+ **Defender/RealTimeScanDirection** @@ -1527,7 +1583,9 @@ The following list shows the supported values: +
+ **Defender/ScanParameter** @@ -1577,7 +1635,9 @@ The following list shows the supported values: +
+ **Defender/ScheduleQuickScanTime** @@ -1632,7 +1692,9 @@ The default value is 120 +
+ **Defender/ScheduleScanDay** @@ -1693,7 +1755,9 @@ The following list shows the supported values: +
+ **Defender/ScheduleScanTime** @@ -1748,7 +1812,9 @@ The default value is 120. +
+ **Defender/SignatureUpdateInterval** @@ -1799,7 +1865,9 @@ The default value is 8. +
+ **Defender/SubmitSamplesConsent** @@ -1851,7 +1919,9 @@ The following list shows the supported values: +
+ **Defender/ThreatSeverityDefaultAction** diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md index 812d07ecac..2489a17f31 100644 --- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md +++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/03/2018 +ms.date: 01/29/2018 --- # Policy CSP - DeliveryOptimization @@ -95,7 +95,9 @@ ms.date: 01/03/2018 +
+ **DeliveryOptimization/DOAbsoluteMaxCacheSize** @@ -142,7 +144,9 @@ The default value is 10. +
+ **DeliveryOptimization/DOAllowVPNPeerCaching** @@ -194,7 +198,9 @@ The following list shows the supported values: +
+ **DeliveryOptimization/DODelayBackgroundDownloadFromHttp** @@ -236,17 +242,10 @@ Added in Windows 10, next major update. This policy allows you to delay the use After the max delay is reached, the download will resume using HTTP, either downloading the entire payload or complementing the bytes that could not be downloaded from peers. Note that a download that is waiting for peer sources, will appear to be stuck for the end user. The recommended value is 1 hour (3600). - - - - - - - - - +
+ **DeliveryOptimization/DODelayForegroundDownloadFromHttp** @@ -298,15 +297,12 @@ The following list shows the supported values as number of seconds: - 0 to 86400 (1 day) - 0 - managed by the cloud service - Default is not configured. + - - - - - - +
+ **DeliveryOptimization/DODownloadMode** @@ -362,7 +358,9 @@ The following list shows the supported values: +
+ **DeliveryOptimization/DOGroupId** @@ -410,7 +408,9 @@ This Policy specifies an arbitrary group ID that the device belongs to. Use this +
+ **DeliveryOptimization/DOGroupIdSource** @@ -465,15 +465,12 @@ The following list shows the supported values: - 2 - Authenticated domain SID - 3 - DHCP user option - 4 - DNS suffix + - - - - - - +
+ **DeliveryOptimization/DOMaxCacheAge** @@ -520,7 +517,9 @@ The default value is 259200 seconds (3 days). +
+ **DeliveryOptimization/DOMaxCacheSize** @@ -567,7 +566,9 @@ The default value is 20. +
+ **DeliveryOptimization/DOMaxDownloadBandwidth** @@ -614,7 +615,9 @@ The default value 0 (zero) means that Delivery Optimization dynamically adjusts +
+ **DeliveryOptimization/DOMaxUploadBandwidth** @@ -661,7 +664,9 @@ The default value is 0, which permits unlimited possible bandwidth (optimized fo +
+ **DeliveryOptimization/DOMinBackgroundQos** @@ -708,7 +713,9 @@ The default value is 500. +
+ **DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload** @@ -754,7 +761,9 @@ The default value is 0. The value 0 (zero) means "not limited" and the cloud ser +
+ **DeliveryOptimization/DOMinDiskSizeAllowedToPeer** @@ -804,7 +813,9 @@ The default value is 32 GB. +
+ **DeliveryOptimization/DOMinFileSizeToCache** @@ -851,7 +862,9 @@ The default value is 100 MB. +
+ **DeliveryOptimization/DOMinRAMAllowedToPeer** @@ -898,7 +911,9 @@ The default value is 4 GB. +
+ **DeliveryOptimization/DOModifyCacheDrive** @@ -945,7 +960,9 @@ By default, %SystemDrive% is used to store the cache. +
+ **DeliveryOptimization/DOMonthlyUploadDataCap** @@ -994,7 +1011,9 @@ The default value is 20. +
+ **DeliveryOptimization/DOPercentageMaxBackDownloadBandwidth** @@ -1034,18 +1053,12 @@ The default value is 20. Added in Windows 10, next major update. Specifies the maximum background download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. The default value 0 (zero) means that Delivery Optimization dynamically adjusts to use the available bandwidth for background downloads. Note that downloads from LAN peers will not be throttled even when this policy is set. + - - - - - - - - - +
+ **DeliveryOptimization/DOPercentageMaxDownloadBandwidth** @@ -1054,7 +1067,9 @@ This policy is deprecated. Use [DOPercentageMaxForeDownloadBandwidth](#deliveryo +
+ **DeliveryOptimization/DOPercentageMaxForeDownloadBandwidth** @@ -1094,18 +1109,12 @@ This policy is deprecated. Use [DOPercentageMaxForeDownloadBandwidth](#deliveryo Added in Windows 10, next major update. Specifies the maximum foreground download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. The default value 0 (zero) means that Delivery Optimization dynamically adjusts to use the available bandwidth for foreground downloads. Note that downloads from LAN peers will not be throttled even when this policy is set. + - - - - - - - - - +
+ **DeliveryOptimization/DORestrictPeerSelectionBy** @@ -1154,14 +1163,10 @@ The following list shows the supported values: - 1 - Subnet mask. - - - - - - +
+ **DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth** @@ -1201,6 +1206,7 @@ The following list shows the supported values: Added in Windows 10, next major update. Specifies the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. Note that downloads from LAN peers will not be throttled even when this policy is set. + This policy allows an IT Admin to define the following: @@ -1208,15 +1214,12 @@ This policy allows an IT Admin to define the following: - Business hours range (for example 06:00 to 18:00) - % of throttle for foreground traffic during business hours - % of throttle for foreground traffic outside of business hours + - - - - - - +
+ **DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth** @@ -1256,6 +1259,7 @@ This policy allows an IT Admin to define the following: Added in Windows 10, next major update. Specifies the maximum foreground download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. Note that downloads from LAN peers will not be throttled even when this policy is set. + This policy allows an IT Admin to define the following: @@ -1263,13 +1267,8 @@ This policy allows an IT Admin to define the following: - Business hours range (for example 06:00 to 18:00) - % of throttle for foreground traffic during business hours - % of throttle for foreground traffic outside of business hours + - - - - - -
diff --git a/windows/client-management/mdm/policy-csp-desktop.md b/windows/client-management/mdm/policy-csp-desktop.md index 048304c12e..bf93aa8e5e 100644 --- a/windows/client-management/mdm/policy-csp-desktop.md +++ b/windows/client-management/mdm/policy-csp-desktop.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - Desktop @@ -24,7 +24,9 @@ ms.date: 11/01/2017 +
+ **Desktop/PreventUserRedirectionOfProfileFolders** diff --git a/windows/client-management/mdm/policy-csp-deviceguard.md b/windows/client-management/mdm/policy-csp-deviceguard.md index 4b9ab87704..7a77348d53 100644 --- a/windows/client-management/mdm/policy-csp-deviceguard.md +++ b/windows/client-management/mdm/policy-csp-deviceguard.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/14/2017 +ms.date: 01/29/2018 --- # Policy CSP - DeviceGuard @@ -30,7 +30,9 @@ ms.date: 12/14/2017 +
+ **DeviceGuard/EnableVirtualizationBasedSecurity** @@ -67,7 +69,6 @@ ms.date: 12/14/2017 -  Added in Windows 10, version 1709. Turns on virtualization based security(VBS) at the next reboot. virtualization based security uses the Windows Hypervisor to provide support for security services. Value type is integer. @@ -79,7 +80,9 @@ The following list shows the supported values: +
+ **DeviceGuard/LsaCfgFlags** @@ -116,7 +119,6 @@ The following list shows the supported values: -  Added in Windows 10, version 1709. This setting lets users turn on Credential Guard with virtualization-based security to help protect credentials at next reboot. Value type is integer. @@ -129,7 +131,9 @@ The following list shows the supported values: +
+ **DeviceGuard/RequirePlatformSecurityFeatures** @@ -167,8 +171,6 @@ The following list shows the supported values: Added in Windows 10, version 1709. Specifies the platform security level at the next reboot. Value type is integer. -  - diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md index 7e7740810a..efc8a18433 100644 --- a/windows/client-management/mdm/policy-csp-deviceinstallation.md +++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - DeviceInstallation @@ -27,7 +27,9 @@ ms.date: 11/01/2017 +
+ **DeviceInstallation/PreventInstallationOfMatchingDeviceIDs** @@ -87,7 +89,9 @@ ADMX Info: +
+ **DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses** diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md index 9d4a67b93c..963e8714e8 100644 --- a/windows/client-management/mdm/policy-csp-devicelock.md +++ b/windows/client-management/mdm/policy-csp-devicelock.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/12/2018 +ms.date: 01/29/2018 --- # Policy CSP - DeviceLock @@ -74,7 +74,9 @@ ms.date: 01/12/2018 +
+ **DeviceLock/AllowIdleReturnWithoutPassword** @@ -129,7 +131,9 @@ The following list shows the supported values: +
+ **DeviceLock/AllowScreenTimeoutWhileLockedUserConfig** @@ -186,7 +190,9 @@ The following list shows the supported values: +
+ **DeviceLock/AllowSimpleDevicePassword** @@ -238,7 +244,9 @@ For additional information about this policy, see [Exchange ActiveSync Policy En +
+ **DeviceLock/AlphanumericDevicePasswordRequired** @@ -294,11 +302,11 @@ The following list shows the supported values: > > If **AlphanumericDevicePasswordRequired** is set to 0, then MinDevicePasswordLength = 4 and MinDevicePasswordComplexCharacters = 2. -  - +
+ **DeviceLock/DevicePasswordEnabled** @@ -384,7 +392,9 @@ The following list shows the supported values: +
+ **DeviceLock/DevicePasswordExpiration** @@ -438,7 +448,9 @@ For additional information about this policy, see [Exchange ActiveSync Policy En +
+ **DeviceLock/DevicePasswordHistory** @@ -494,7 +506,9 @@ For additional information about this policy, see [Exchange ActiveSync Policy En +
+ **DeviceLock/EnforceLockScreenAndLogonImage** @@ -541,7 +555,9 @@ Value type is a string, which is the full image filepath and filename. +
+ **DeviceLock/EnforceLockScreenProvider** @@ -588,7 +604,9 @@ Value type is a string, which is the AppID. +
+ **DeviceLock/MaxDevicePasswordFailedAttempts** @@ -649,7 +667,9 @@ For additional information about this policy, see [Exchange ActiveSync Policy En +
+ **DeviceLock/MaxInactivityTimeDeviceLock** @@ -701,7 +721,9 @@ For additional information about this policy, see [Exchange ActiveSync Policy En +
+ **DeviceLock/MaxInactivityTimeDeviceLockWithExternalDisplay** @@ -751,7 +773,9 @@ The following list shows the supported values: +
+ **DeviceLock/MinDevicePasswordComplexCharacters** @@ -863,7 +887,9 @@ For additional information about this policy, see [Exchange ActiveSync Policy En +
+ **DeviceLock/MinDevicePasswordLength** @@ -920,7 +946,9 @@ For additional information about this policy, see [Exchange ActiveSync Policy En +
+ **DeviceLock/MinimumPasswordAge** @@ -964,17 +992,10 @@ The minimum password age must be less than the Maximum password age, unless the Configure the minimum password age to be more than 0 if you want Enforce password history to be effective. Without a minimum password age, users can cycle through passwords repeatedly until they get to an old favorite. The default setting does not follow this recommendation, so that an administrator can specify a password for a user and then require the user to change the administrator-defined password when the user logs on. If the password history is set to 0, the user does not have to choose a new password. For this reason, Enforce password history is set to 1 by default. - - - - - - - - - +
+ **DeviceLock/PreventLockScreenSlideShow** @@ -1034,7 +1055,9 @@ ADMX Info: +
+ **DeviceLock/ScreenTimeoutWhileLocked** diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md index 2f510c687c..278ae2808f 100644 --- a/windows/client-management/mdm/policy-csp-display.md +++ b/windows/client-management/mdm/policy-csp-display.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - Display @@ -27,7 +27,9 @@ ms.date: 11/01/2017 +
+ **Display/TurnOffGdiDPIScalingForApps** @@ -81,7 +83,9 @@ To validate on Desktop, do the following: +
+ **Display/TurnOnGdiDPIScalingForApps** diff --git a/windows/client-management/mdm/policy-csp-education.md b/windows/client-management/mdm/policy-csp-education.md index 0b37a6b5c5..ed70c0cb02 100644 --- a/windows/client-management/mdm/policy-csp-education.md +++ b/windows/client-management/mdm/policy-csp-education.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/14/2017 +ms.date: 01/29/2018 --- # Policy CSP - Education @@ -30,7 +30,9 @@ ms.date: 12/14/2017 +
+ **Education/DefaultPrinterName** @@ -73,7 +75,9 @@ The policy value is expected to be the name (network host name) of an installed +
+ **Education/PreventAddingNewPrinters** @@ -121,7 +125,9 @@ The following list shows the supported values: +
+ **Education/PrinterNames** diff --git a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md index a53e00425b..1a432f3397 100644 --- a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md +++ b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - EnterpriseCloudPrint @@ -39,7 +39,9 @@ ms.date: 11/01/2017 +
+ **EnterpriseCloudPrint/CloudPrintOAuthAuthority** @@ -84,7 +86,9 @@ The default value is an empty string. Otherwise, the value should contain the UR +
+ **EnterpriseCloudPrint/CloudPrintOAuthClientId** @@ -129,7 +133,9 @@ The default value is an empty string. Otherwise, the value should contain a GUID +
+ **EnterpriseCloudPrint/CloudPrintResourceId** @@ -174,7 +180,9 @@ The default value is an empty string. Otherwise, the value should contain a URL. +
+ **EnterpriseCloudPrint/CloudPrinterDiscoveryEndPoint** @@ -219,7 +227,9 @@ The default value is an empty string. Otherwise, the value should contain the UR +
+ **EnterpriseCloudPrint/DiscoveryMaxPrinterLimit** @@ -264,7 +274,9 @@ For Windows Mobile, the default value is 20. +
+ **EnterpriseCloudPrint/MopriaDiscoveryResourceId** diff --git a/windows/client-management/mdm/policy-csp-errorreporting.md b/windows/client-management/mdm/policy-csp-errorreporting.md index 67f7bd2d6a..71b4c992f1 100644 --- a/windows/client-management/mdm/policy-csp-errorreporting.md +++ b/windows/client-management/mdm/policy-csp-errorreporting.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - ErrorReporting @@ -36,7 +36,9 @@ ms.date: 11/01/2017 +
+ **ErrorReporting/CustomizeConsentSettings** @@ -106,7 +108,9 @@ ADMX Info: +
+ **ErrorReporting/DisableWindowsErrorReporting** @@ -166,7 +170,9 @@ ADMX Info: +
+ **ErrorReporting/DisplayErrorNotification** @@ -230,7 +236,9 @@ ADMX Info: +
+ **ErrorReporting/DoNotSendAdditionalData** @@ -290,7 +298,9 @@ ADMX Info: +
+ **ErrorReporting/PreventCriticalErrorDisplay** diff --git a/windows/client-management/mdm/policy-csp-eventlogservice.md b/windows/client-management/mdm/policy-csp-eventlogservice.md index ea5746021f..c98738d293 100644 --- a/windows/client-management/mdm/policy-csp-eventlogservice.md +++ b/windows/client-management/mdm/policy-csp-eventlogservice.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - EventLogService @@ -33,7 +33,9 @@ ms.date: 11/01/2017 +
+ **EventLogService/ControlEventLogBehavior** @@ -95,7 +97,9 @@ ADMX Info: +
+ **EventLogService/SpecifyMaximumFileSizeApplicationLog** @@ -155,7 +159,9 @@ ADMX Info: +
+ **EventLogService/SpecifyMaximumFileSizeSecurityLog** @@ -215,7 +221,9 @@ ADMX Info: +
+ **EventLogService/SpecifyMaximumFileSizeSystemLog** diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md index cb04d76f6a..c8aaf83293 100644 --- a/windows/client-management/mdm/policy-csp-experience.md +++ b/windows/client-management/mdm/policy-csp-experience.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/19/2017 +ms.date: 01/29/2018 --- # Policy CSP - Experience @@ -86,7 +86,9 @@ ms.date: 12/19/2017 +
+ **Experience/AllowCopyPaste** @@ -139,7 +141,9 @@ The following list shows the supported values: +
+ **Experience/AllowCortana** @@ -189,7 +193,9 @@ The following list shows the supported values: +
+ **Experience/AllowDeviceDiscovery** @@ -241,7 +247,9 @@ The following list shows the supported values: +
+ **Experience/AllowFindMyDevice** @@ -293,7 +301,9 @@ The following list shows the supported values: +
+ **Experience/AllowManualMDMUnenrollment** @@ -347,7 +357,9 @@ The following list shows the supported values: +
+ **Experience/AllowSIMErrorDialogPromptWhenNoSIM** @@ -399,15 +411,20 @@ The following list shows the supported values: +
+ **Experience/AllowSaveAsOfOfficeFiles** This policy is deprecated. + +
+ **Experience/AllowScreenCapture** @@ -461,15 +478,20 @@ The following list shows the supported values: +
+ **Experience/AllowSharingOfOfficeFiles** This policy is deprecated. + +
+ **Experience/AllowSyncMySettings** @@ -517,7 +539,9 @@ The following list shows the supported values: +
+ **Experience/AllowTailoredExperiencesWithDiagnosticData** @@ -574,7 +598,9 @@ The following list shows the supported values: +
+ **Experience/AllowTaskSwitcher** @@ -626,7 +652,9 @@ The following list shows the supported values: +
+ **Experience/AllowThirdPartySuggestionsInWindowsSpotlight** @@ -678,7 +706,9 @@ The following list shows the supported values: +
+ **Experience/AllowVoiceRecording** @@ -732,7 +762,9 @@ The following list shows the supported values: +
+ **Experience/AllowWindowsConsumerFeatures** @@ -786,7 +818,9 @@ The following list shows the supported values: +
+ **Experience/AllowWindowsSpotlight** @@ -840,7 +874,9 @@ The following list shows the supported values: +
+ **Experience/AllowWindowsSpotlightOnActionCenter** @@ -893,7 +929,9 @@ The following list shows the supported values: +
+ **Experience/AllowWindowsSpotlightWindowsWelcomeExperience** @@ -947,7 +985,9 @@ The following list shows the supported values: +
+ **Experience/AllowWindowsTips** @@ -995,7 +1035,9 @@ The following list shows the supported values: +
+ **Experience/ConfigureWindowsSpotlightOnLockScreen** @@ -1046,7 +1088,9 @@ The following list shows the supported values: +
+ **Experience/DoNotShowFeedbackNotifications** diff --git a/windows/client-management/mdm/policy-csp-exploitguard.md b/windows/client-management/mdm/policy-csp-exploitguard.md index 7c42eba692..c5da5ddb2d 100644 --- a/windows/client-management/mdm/policy-csp-exploitguard.md +++ b/windows/client-management/mdm/policy-csp-exploitguard.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - ExploitGuard @@ -24,7 +24,9 @@ ms.date: 11/01/2017 +
+ **ExploitGuard/ExploitProtectionSettings** diff --git a/windows/client-management/mdm/policy-csp-games.md b/windows/client-management/mdm/policy-csp-games.md index 86a2dccbac..d0db2bf70f 100644 --- a/windows/client-management/mdm/policy-csp-games.md +++ b/windows/client-management/mdm/policy-csp-games.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/14/2017 +ms.date: 01/29/2018 --- # Policy CSP - Games @@ -24,7 +24,9 @@ ms.date: 12/14/2017 +
+ **Games/AllowAdvancedGamingServices** diff --git a/windows/client-management/mdm/policy-csp-handwriting.md b/windows/client-management/mdm/policy-csp-handwriting.md index 6806de6ebf..98cb777d45 100644 --- a/windows/client-management/mdm/policy-csp-handwriting.md +++ b/windows/client-management/mdm/policy-csp-handwriting.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/14/2017 +ms.date: 01/29/2018 --- # Policy CSP - Handwriting @@ -24,7 +24,9 @@ ms.date: 12/14/2017 +
+ **Handwriting/PanelDefaultModeDocked** @@ -67,7 +69,7 @@ The handwriting panel has 2 modes - floats near the text box, or docked to the b In floating mode, the content is hidden behind a flying-in panel and results in end-user dissatisfaction. The end-user will need to drag the flying-in panel to see the rest of the content. In the fixed mode, the flying-in panel is fixed to the bottom of the screen and does not require any user interaction. -The docked mode is especially useful in Kiosk mode where you do not expect the end-user to drag the flying-in panel out of the way. +The docked mode is especially useful in Kiosk mode where you do not expect the end-user to drag the flying-in panel out of the way. diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md index 88e6a352f7..8eb6808dbe 100644 --- a/windows/client-management/mdm/policy-csp-internetexplorer.md +++ b/windows/client-management/mdm/policy-csp-internetexplorer.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - InternetExplorer @@ -750,7 +750,9 @@ ms.date: 11/01/2017 +
+ **InternetExplorer/AddSearchProvider** @@ -811,7 +813,9 @@ ADMX Info: +
+ **InternetExplorer/AllowActiveXFiltering** @@ -872,7 +876,9 @@ ADMX Info: +
+ **InternetExplorer/AllowAddOnList** @@ -939,7 +945,9 @@ ADMX Info: +
+ **InternetExplorer/AllowAutoComplete** @@ -976,6 +984,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -993,7 +1002,9 @@ ADMX Info: +
+ **InternetExplorer/AllowCertificateAddressMismatchWarning** @@ -1031,6 +1042,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1048,7 +1060,9 @@ ADMX Info: +
+ **InternetExplorer/AllowDeletingBrowsingHistoryOnExit** @@ -1086,6 +1100,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1103,7 +1118,9 @@ ADMX Info: +
+ **InternetExplorer/AllowEnhancedProtectedMode** @@ -1166,7 +1183,9 @@ ADMX Info: +
+ **InternetExplorer/AllowEnterpriseModeFromToolsMenu** @@ -1227,7 +1246,9 @@ ADMX Info: +
+ **InternetExplorer/AllowEnterpriseModeSiteList** @@ -1288,7 +1309,9 @@ ADMX Info: +
+ **InternetExplorer/AllowFallbackToSSL3** @@ -1325,6 +1348,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1342,7 +1366,9 @@ ADMX Info: +
+ **InternetExplorer/AllowInternetExplorer7PolicyList** @@ -1403,7 +1429,9 @@ ADMX Info: +
+ **InternetExplorer/AllowInternetExplorerStandardsMode** @@ -1466,7 +1494,9 @@ ADMX Info: +
+ **InternetExplorer/AllowInternetZoneTemplate** @@ -1533,7 +1563,9 @@ ADMX Info: +
+ **InternetExplorer/AllowIntranetZoneTemplate** @@ -1600,7 +1632,9 @@ ADMX Info: +
+ **InternetExplorer/AllowLocalMachineZoneTemplate** @@ -1667,7 +1701,9 @@ ADMX Info: +
+ **InternetExplorer/AllowLockedDownInternetZoneTemplate** @@ -1734,7 +1770,9 @@ ADMX Info: +
+ **InternetExplorer/AllowLockedDownIntranetZoneTemplate** @@ -1801,7 +1839,9 @@ ADMX Info: +
+ **InternetExplorer/AllowLockedDownLocalMachineZoneTemplate** @@ -1868,7 +1908,9 @@ ADMX Info: +
+ **InternetExplorer/AllowLockedDownRestrictedSitesZoneTemplate** @@ -1935,7 +1977,9 @@ ADMX Info: +
+ **InternetExplorer/AllowOneWordEntry** @@ -1996,7 +2040,9 @@ ADMX Info: +
+ **InternetExplorer/AllowSiteToZoneAssignmentList** @@ -2063,7 +2109,9 @@ ADMX Info: +
+ **InternetExplorer/AllowSoftwareWhenSignatureIsInvalid** @@ -2101,6 +2149,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -2118,7 +2167,9 @@ ADMX Info: +
+ **InternetExplorer/AllowSuggestedSites** @@ -2181,7 +2232,9 @@ ADMX Info: +
+ **InternetExplorer/AllowTrustedSitesZoneTemplate** @@ -2248,7 +2301,9 @@ ADMX Info: +
+ **InternetExplorer/AllowsLockedDownTrustedSitesZoneTemplate** @@ -2315,7 +2370,9 @@ ADMX Info: +
+ **InternetExplorer/AllowsRestrictedSitesZoneTemplate** @@ -2382,7 +2439,9 @@ ADMX Info: +
+ **InternetExplorer/CheckServerCertificateRevocation** @@ -2420,6 +2479,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -2437,7 +2497,9 @@ ADMX Info: +
+ **InternetExplorer/CheckSignaturesOnDownloadedPrograms** @@ -2475,6 +2537,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -2492,7 +2555,9 @@ ADMX Info: +
+ **InternetExplorer/ConsistentMimeHandlingInternetExplorerProcesses** @@ -2530,6 +2595,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -2547,7 +2613,9 @@ ADMX Info: +
+ **InternetExplorer/DisableAdobeFlash** @@ -2610,7 +2678,9 @@ ADMX Info: +
+ **InternetExplorer/DisableBypassOfSmartScreenWarnings** @@ -2671,7 +2741,9 @@ ADMX Info: +
+ **InternetExplorer/DisableBypassOfSmartScreenWarningsAboutUncommonFiles** @@ -2732,7 +2804,9 @@ ADMX Info: +
+ **InternetExplorer/DisableConfiguringHistory** @@ -2770,6 +2844,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -2787,7 +2862,9 @@ ADMX Info: +
+ **InternetExplorer/DisableCrashDetection** @@ -2825,6 +2902,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -2842,7 +2920,9 @@ ADMX Info: +
+ **InternetExplorer/DisableCustomerExperienceImprovementProgramParticipation** @@ -2905,7 +2985,9 @@ ADMX Info: +
+ **InternetExplorer/DisableDeletingUserVisitedWebsites** @@ -2943,6 +3025,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -2960,7 +3043,9 @@ ADMX Info: +
+ **InternetExplorer/DisableEnclosureDownloading** @@ -3021,7 +3106,9 @@ ADMX Info: +
+ **InternetExplorer/DisableEncryptionSupport** @@ -3084,7 +3171,9 @@ ADMX Info: +
+ **InternetExplorer/DisableFirstRunWizard** @@ -3149,7 +3238,9 @@ ADMX Info: +
+ **InternetExplorer/DisableFlipAheadFeature** @@ -3214,7 +3305,9 @@ ADMX Info: +
+ **InternetExplorer/DisableHomePageChange** @@ -3274,7 +3367,9 @@ ADMX Info: +
+ **InternetExplorer/DisableIgnoringCertificateErrors** @@ -3312,6 +3407,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -3329,7 +3425,9 @@ ADMX Info: +
+ **InternetExplorer/DisableInPrivateBrowsing** @@ -3367,6 +3465,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -3384,7 +3483,9 @@ ADMX Info: +
+ **InternetExplorer/DisableProcessesInEnhancedProtectedMode** @@ -3422,6 +3523,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -3439,7 +3541,9 @@ ADMX Info: +
+ **InternetExplorer/DisableProxyChange** @@ -3500,7 +3604,9 @@ ADMX Info: +
+ **InternetExplorer/DisableSearchProviderChange** @@ -3561,7 +3667,9 @@ ADMX Info: +
+ **InternetExplorer/DisableSecondaryHomePageChange** @@ -3624,7 +3732,9 @@ ADMX Info: +
+ **InternetExplorer/DisableSecuritySettingsCheck** @@ -3662,6 +3772,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -3679,7 +3790,9 @@ ADMX Info: +
+ **InternetExplorer/DisableUpdateCheck** @@ -3741,7 +3854,9 @@ ADMX Info: +
+ **InternetExplorer/DoNotAllowActiveXControlsInProtectedMode** @@ -3779,6 +3894,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -3796,7 +3912,9 @@ ADMX Info: +
+ **InternetExplorer/DoNotAllowUsersToAddSites** @@ -3862,7 +3980,9 @@ ADMX Info: +
+ **InternetExplorer/DoNotAllowUsersToChangePolicies** @@ -3928,7 +4048,9 @@ ADMX Info: +
+ **InternetExplorer/DoNotBlockOutdatedActiveXControls** @@ -3991,7 +4113,9 @@ ADMX Info: +
+ **InternetExplorer/DoNotBlockOutdatedActiveXControlsOnSpecificDomains** @@ -4058,7 +4182,9 @@ ADMX Info: +
+ **InternetExplorer/IncludeAllLocalSites** @@ -4121,7 +4247,9 @@ ADMX Info: +
+ **InternetExplorer/IncludeAllNetworkPaths** @@ -4184,7 +4312,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneAllowAccessToDataSources** @@ -4247,7 +4377,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneAllowAutomaticPromptingForActiveXControls** @@ -4310,7 +4442,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneAllowAutomaticPromptingForFileDownloads** @@ -4371,7 +4505,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneAllowCopyPasteViaScript** @@ -4409,6 +4545,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -4426,7 +4563,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneAllowDragAndDropCopyAndPasteFiles** @@ -4464,6 +4603,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -4481,7 +4621,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneAllowFontDownloads** @@ -4544,7 +4686,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneAllowLessPrivilegedSites** @@ -4607,7 +4751,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneAllowLoadingOfXAMLFiles** @@ -4645,6 +4791,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -4662,7 +4809,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneAllowNETFrameworkReliantComponents** @@ -4725,7 +4874,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls** @@ -4763,6 +4914,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -4780,7 +4932,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl** @@ -4818,6 +4972,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -4835,7 +4990,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneAllowScriptInitiatedWindows** @@ -4873,6 +5030,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -4890,7 +5048,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls** @@ -4928,6 +5088,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -4945,7 +5106,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneAllowScriptlets** @@ -5008,7 +5171,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneAllowSmartScreenIE** @@ -5073,7 +5238,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneAllowUpdatesToStatusBarViaScript** @@ -5111,6 +5278,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5128,7 +5296,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneAllowUserDataPersistence** @@ -5191,7 +5361,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControls** @@ -5229,6 +5401,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5246,7 +5419,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneDownloadSignedActiveXControls** @@ -5284,6 +5459,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5301,7 +5477,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneDownloadUnsignedActiveXControls** @@ -5339,6 +5517,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5356,7 +5535,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneEnableCrossSiteScriptingFilter** @@ -5394,6 +5575,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5411,7 +5593,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows** @@ -5449,6 +5633,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5466,7 +5651,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows** @@ -5504,6 +5691,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5521,7 +5709,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneEnableMIMESniffing** @@ -5559,6 +5749,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5576,7 +5767,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneEnableProtectedMode** @@ -5614,6 +5807,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5631,7 +5825,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneIncludeLocalPathWhenUploadingFilesToServer** @@ -5669,6 +5865,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5686,7 +5883,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneInitializeAndScriptActiveXControls** @@ -5751,7 +5950,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneInitializeAndScriptActiveXControlsNotMarkedSafe** @@ -5779,9 +5980,12 @@ ADMX Info: + +
+ **InternetExplorer/InternetZoneJavaPermissions** @@ -5819,6 +6023,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5836,7 +6041,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneLaunchingApplicationsAndFilesInIFRAME** @@ -5874,6 +6081,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5891,7 +6099,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneLogonOptions** @@ -5929,6 +6139,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5946,7 +6157,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneNavigateWindowsAndFrames** @@ -6009,7 +6222,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode** @@ -6047,6 +6262,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -6064,7 +6280,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles** @@ -6102,6 +6320,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -6119,7 +6338,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneUsePopupBlocker** @@ -6157,6 +6378,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -6174,7 +6396,9 @@ ADMX Info: +
+ **InternetExplorer/IntranetZoneAllowAccessToDataSources** @@ -6237,7 +6461,9 @@ ADMX Info: +
+ **InternetExplorer/IntranetZoneAllowAutomaticPromptingForActiveXControls** @@ -6300,7 +6526,9 @@ ADMX Info: +
+ **InternetExplorer/IntranetZoneAllowAutomaticPromptingForFileDownloads** @@ -6361,7 +6589,9 @@ ADMX Info: +
+ **InternetExplorer/IntranetZoneAllowFontDownloads** @@ -6424,7 +6654,9 @@ ADMX Info: +
+ **InternetExplorer/IntranetZoneAllowLessPrivilegedSites** @@ -6487,7 +6719,9 @@ ADMX Info: +
+ **InternetExplorer/IntranetZoneAllowNETFrameworkReliantComponents** @@ -6550,7 +6784,9 @@ ADMX Info: +
+ **InternetExplorer/IntranetZoneAllowScriptlets** @@ -6613,7 +6849,9 @@ ADMX Info: +
+ **InternetExplorer/IntranetZoneAllowSmartScreenIE** @@ -6678,7 +6916,9 @@ ADMX Info: +
+ **InternetExplorer/IntranetZoneAllowUserDataPersistence** @@ -6741,7 +6981,9 @@ ADMX Info: +
+ **InternetExplorer/IntranetZoneDoNotRunAntimalwareAgainstActiveXControls** @@ -6779,6 +7021,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -6796,7 +7039,9 @@ ADMX Info: +
+ **InternetExplorer/IntranetZoneInitializeAndScriptActiveXControls** @@ -6861,7 +7106,9 @@ ADMX Info: +
+ **InternetExplorer/IntranetZoneJavaPermissions** @@ -6899,6 +7146,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -6916,7 +7164,9 @@ ADMX Info: +
+ **InternetExplorer/IntranetZoneNavigateWindowsAndFrames** @@ -6979,7 +7229,9 @@ ADMX Info: +
+ **InternetExplorer/LocalMachineZoneAllowAccessToDataSources** @@ -7042,7 +7294,9 @@ ADMX Info: +
+ **InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForActiveXControls** @@ -7105,7 +7359,9 @@ ADMX Info: +
+ **InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForFileDownloads** @@ -7166,7 +7422,9 @@ ADMX Info: +
+ **InternetExplorer/LocalMachineZoneAllowFontDownloads** @@ -7229,7 +7487,9 @@ ADMX Info: +
+ **InternetExplorer/LocalMachineZoneAllowLessPrivilegedSites** @@ -7292,7 +7552,9 @@ ADMX Info: +
+ **InternetExplorer/LocalMachineZoneAllowNETFrameworkReliantComponents** @@ -7355,7 +7617,9 @@ ADMX Info: +
+ **InternetExplorer/LocalMachineZoneAllowScriptlets** @@ -7418,7 +7682,9 @@ ADMX Info: +
+ **InternetExplorer/LocalMachineZoneAllowSmartScreenIE** @@ -7483,7 +7749,9 @@ ADMX Info: +
+ **InternetExplorer/LocalMachineZoneAllowUserDataPersistence** @@ -7546,7 +7814,9 @@ ADMX Info: +
+ **InternetExplorer/LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls** @@ -7584,6 +7854,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -7601,7 +7872,9 @@ ADMX Info: +
+ **InternetExplorer/LocalMachineZoneInitializeAndScriptActiveXControls** @@ -7666,7 +7939,9 @@ ADMX Info: +
+ **InternetExplorer/LocalMachineZoneJavaPermissions** @@ -7704,6 +7979,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -7721,7 +7997,9 @@ ADMX Info: +
+ **InternetExplorer/LocalMachineZoneNavigateWindowsAndFrames** @@ -7784,7 +8062,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownInternetZoneAllowAccessToDataSources** @@ -7847,7 +8127,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls** @@ -7910,7 +8192,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForFileDownloads** @@ -7971,7 +8255,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownInternetZoneAllowFontDownloads** @@ -8034,7 +8320,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownInternetZoneAllowLessPrivilegedSites** @@ -8097,7 +8385,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownInternetZoneAllowNETFrameworkReliantComponents** @@ -8160,7 +8450,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownInternetZoneAllowScriptlets** @@ -8223,7 +8515,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownInternetZoneAllowSmartScreenIE** @@ -8288,7 +8582,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownInternetZoneAllowUserDataPersistence** @@ -8351,7 +8647,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownInternetZoneInitializeAndScriptActiveXControls** @@ -8416,7 +8714,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownInternetZoneJavaPermissions** @@ -8454,6 +8754,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -8471,7 +8772,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownInternetZoneNavigateWindowsAndFrames** @@ -8534,7 +8837,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownIntranetZoneAllowAccessToDataSources** @@ -8597,7 +8902,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls** @@ -8660,7 +8967,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads** @@ -8721,7 +9030,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownIntranetZoneAllowFontDownloads** @@ -8784,7 +9095,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownIntranetZoneAllowLessPrivilegedSites** @@ -8847,7 +9160,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownIntranetZoneAllowNETFrameworkReliantComponents** @@ -8910,7 +9225,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownIntranetZoneAllowScriptlets** @@ -8973,7 +9290,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownIntranetZoneAllowSmartScreenIE** @@ -9038,7 +9357,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownIntranetZoneAllowUserDataPersistence** @@ -9101,7 +9422,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownIntranetZoneInitializeAndScriptActiveXControls** @@ -9166,7 +9489,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownIntranetZoneNavigateWindowsAndFrames** @@ -9229,7 +9554,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownLocalMachineZoneAllowAccessToDataSources** @@ -9292,7 +9619,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForActiveXControls** @@ -9355,7 +9684,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForFileDownloads** @@ -9416,7 +9747,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownLocalMachineZoneAllowFontDownloads** @@ -9479,7 +9812,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownLocalMachineZoneAllowLessPrivilegedSites** @@ -9542,7 +9877,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownLocalMachineZoneAllowNETFrameworkReliantComponents** @@ -9605,7 +9942,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownLocalMachineZoneAllowScriptlets** @@ -9668,7 +10007,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownLocalMachineZoneAllowSmartScreenIE** @@ -9733,7 +10074,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownLocalMachineZoneAllowUserDataPersistence** @@ -9796,7 +10139,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownLocalMachineZoneInitializeAndScriptActiveXControls** @@ -9861,7 +10206,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownLocalMachineZoneJavaPermissions** @@ -9899,6 +10246,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -9916,7 +10264,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownLocalMachineZoneNavigateWindowsAndFrames** @@ -9979,7 +10329,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownRestrictedSitesZoneAllowAccessToDataSources** @@ -10042,7 +10394,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls** @@ -10105,7 +10459,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForFileDownloads** @@ -10166,7 +10522,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownRestrictedSitesZoneAllowFontDownloads** @@ -10229,7 +10587,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownRestrictedSitesZoneAllowLessPrivilegedSites** @@ -10292,7 +10652,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownRestrictedSitesZoneAllowNETFrameworkReliantComponents** @@ -10355,7 +10717,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownRestrictedSitesZoneAllowScriptlets** @@ -10418,7 +10782,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownRestrictedSitesZoneAllowSmartScreenIE** @@ -10483,7 +10849,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownRestrictedSitesZoneAllowUserDataPersistence** @@ -10546,7 +10914,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls** @@ -10611,7 +10981,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownRestrictedSitesZoneJavaPermissions** @@ -10649,6 +11021,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -10666,7 +11039,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownRestrictedSitesZoneNavigateWindowsAndFrames** @@ -10729,7 +11104,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownTrustedSitesZoneAllowAccessToDataSources** @@ -10792,7 +11169,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls** @@ -10855,7 +11234,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForFileDownloads** @@ -10916,7 +11297,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownTrustedSitesZoneAllowFontDownloads** @@ -10979,7 +11362,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownTrustedSitesZoneAllowLessPrivilegedSites** @@ -11042,7 +11427,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownTrustedSitesZoneAllowNETFrameworkReliantComponents** @@ -11105,7 +11492,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownTrustedSitesZoneAllowScriptlets** @@ -11168,7 +11557,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownTrustedSitesZoneAllowSmartScreenIE** @@ -11233,7 +11624,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownTrustedSitesZoneAllowUserDataPersistence** @@ -11296,7 +11689,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls** @@ -11361,7 +11756,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownTrustedSitesZoneJavaPermissions** @@ -11399,6 +11796,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11416,7 +11814,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownTrustedSitesZoneNavigateWindowsAndFrames** @@ -11479,7 +11879,9 @@ ADMX Info: +
+ **InternetExplorer/MKProtocolSecurityRestrictionInternetExplorerProcesses** @@ -11517,6 +11919,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11534,7 +11937,9 @@ ADMX Info: +
+ **InternetExplorer/MimeSniffingSafetyFeatureInternetExplorerProcesses** @@ -11572,6 +11977,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11589,7 +11995,9 @@ ADMX Info: +
+ **InternetExplorer/NotificationBarInternetExplorerProcesses** @@ -11627,6 +12035,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11644,7 +12053,9 @@ ADMX Info: +
+ **InternetExplorer/PreventManagingSmartScreenFilter** @@ -11682,6 +12093,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11699,7 +12111,9 @@ ADMX Info: +
+ **InternetExplorer/PreventPerUserInstallationOfActiveXControls** @@ -11737,6 +12151,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11754,7 +12169,9 @@ ADMX Info: +
+ **InternetExplorer/ProtectionFromZoneElevationInternetExplorerProcesses** @@ -11792,6 +12209,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11809,7 +12227,9 @@ ADMX Info: +
+ **InternetExplorer/RemoveRunThisTimeButtonForOutdatedActiveXControls** @@ -11847,6 +12267,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11864,7 +12285,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictActiveXInstallInternetExplorerProcesses** @@ -11902,6 +12325,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11919,7 +12343,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictFileDownloadInternetExplorerProcesses** @@ -11957,6 +12383,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11974,7 +12401,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneAllowAccessToDataSources** @@ -12037,7 +12466,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneAllowActiveScripting** @@ -12075,6 +12506,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12092,7 +12524,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls** @@ -12155,7 +12589,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads** @@ -12216,7 +12652,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneAllowBinaryAndScriptBehaviors** @@ -12254,6 +12692,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12271,7 +12710,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneAllowCopyPasteViaScript** @@ -12309,6 +12750,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12326,7 +12768,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles** @@ -12364,6 +12808,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12381,7 +12826,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneAllowFileDownloads** @@ -12419,6 +12866,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12436,7 +12884,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneAllowFontDownloads** @@ -12499,7 +12949,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneAllowLessPrivilegedSites** @@ -12562,7 +13014,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneAllowLoadingOfXAMLFiles** @@ -12600,6 +13054,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12617,7 +13072,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneAllowMETAREFRESH** @@ -12655,6 +13112,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12672,7 +13130,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneAllowNETFrameworkReliantComponents** @@ -12735,7 +13195,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls** @@ -12773,6 +13235,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12790,7 +13253,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl** @@ -12828,6 +13293,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12845,7 +13311,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneAllowScriptInitiatedWindows** @@ -12883,6 +13351,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12900,7 +13369,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls** @@ -12938,6 +13409,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12955,7 +13427,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneAllowScriptlets** @@ -13018,7 +13492,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneAllowSmartScreenIE** @@ -13083,7 +13559,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneAllowUpdatesToStatusBarViaScript** @@ -13121,6 +13599,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13138,7 +13617,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneAllowUserDataPersistence** @@ -13201,7 +13682,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls** @@ -13239,6 +13722,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13256,7 +13740,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneDownloadSignedActiveXControls** @@ -13294,6 +13780,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13311,7 +13798,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneDownloadUnsignedActiveXControls** @@ -13349,6 +13838,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13366,7 +13856,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneEnableCrossSiteScriptingFilter** @@ -13404,6 +13896,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13421,7 +13914,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows** @@ -13459,6 +13954,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13476,7 +13972,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows** @@ -13514,6 +14012,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13531,7 +14030,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneEnableMIMESniffing** @@ -13569,6 +14070,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13586,7 +14088,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer** @@ -13624,6 +14128,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13641,7 +14146,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneInitializeAndScriptActiveXControls** @@ -13706,7 +14213,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneJavaPermissions** @@ -13744,6 +14253,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13761,7 +14271,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME** @@ -13799,6 +14311,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13816,7 +14329,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneLogonOptions** @@ -13854,6 +14369,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13871,7 +14387,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFrames** @@ -13934,7 +14452,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneRunActiveXControlsAndPlugins** @@ -13972,6 +14492,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13989,7 +14510,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode** @@ -14027,6 +14550,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14044,7 +14568,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting** @@ -14082,6 +14608,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14099,7 +14626,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneScriptingOfJavaApplets** @@ -14137,6 +14666,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14154,7 +14684,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles** @@ -14192,6 +14724,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14209,7 +14742,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneTurnOnProtectedMode** @@ -14247,6 +14782,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14264,7 +14800,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneUsePopupBlocker** @@ -14302,6 +14840,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14319,7 +14858,9 @@ ADMX Info: +
+ **InternetExplorer/ScriptedWindowSecurityRestrictionsInternetExplorerProcesses** @@ -14357,6 +14898,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14374,7 +14916,9 @@ ADMX Info: +
+ **InternetExplorer/SearchProviderList** @@ -14435,7 +14979,9 @@ ADMX Info: +
+ **InternetExplorer/SecurityZonesUseOnlyMachineSettings** @@ -14472,6 +15018,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14489,7 +15036,9 @@ ADMX Info: +
+ **InternetExplorer/SpecifyUseOfActiveXInstallerService** @@ -14527,6 +15076,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14544,7 +15094,9 @@ ADMX Info: +
+ **InternetExplorer/TrustedSitesZoneAllowAccessToDataSources** @@ -14607,7 +15159,9 @@ ADMX Info: +
+ **InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForActiveXControls** @@ -14670,7 +15224,9 @@ ADMX Info: +
+ **InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForFileDownloads** @@ -14731,7 +15287,9 @@ ADMX Info: +
+ **InternetExplorer/TrustedSitesZoneAllowFontDownloads** @@ -14794,7 +15352,9 @@ ADMX Info: +
+ **InternetExplorer/TrustedSitesZoneAllowLessPrivilegedSites** @@ -14857,7 +15417,9 @@ ADMX Info: +
+ **InternetExplorer/TrustedSitesZoneAllowNETFrameworkReliantComponents** @@ -14920,7 +15482,9 @@ ADMX Info: +
+ **InternetExplorer/TrustedSitesZoneAllowScriptlets** @@ -14983,7 +15547,9 @@ ADMX Info: +
+ **InternetExplorer/TrustedSitesZoneAllowSmartScreenIE** @@ -15048,7 +15614,9 @@ ADMX Info: +
+ **InternetExplorer/TrustedSitesZoneAllowUserDataPersistence** @@ -15111,7 +15679,9 @@ ADMX Info: +
+ **InternetExplorer/TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls** @@ -15149,6 +15719,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -15166,7 +15737,9 @@ ADMX Info: +
+ **InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControls** @@ -15231,7 +15804,9 @@ ADMX Info: +
+ **InternetExplorer/TrustedSitesZoneJavaPermissions** @@ -15269,6 +15844,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -15286,7 +15862,9 @@ ADMX Info: +
+ **InternetExplorer/TrustedSitesZoneNavigateWindowsAndFrames** diff --git a/windows/client-management/mdm/policy-csp-kerberos.md b/windows/client-management/mdm/policy-csp-kerberos.md index 43b40603af..322d3801c4 100644 --- a/windows/client-management/mdm/policy-csp-kerberos.md +++ b/windows/client-management/mdm/policy-csp-kerberos.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - Kerberos @@ -36,7 +36,9 @@ ms.date: 11/01/2017 +
+ **Kerberos/AllowForestSearchOrder** @@ -96,7 +98,9 @@ ADMX Info: +
+ **Kerberos/KerberosClientSupportsClaimsCompoundArmor** @@ -155,7 +159,9 @@ ADMX Info: +
+ **Kerberos/RequireKerberosArmoring** @@ -219,7 +225,9 @@ ADMX Info: +
+ **Kerberos/RequireStrictKDCValidation** @@ -279,7 +287,9 @@ ADMX Info: +
+ **Kerberos/SetMaximumContextTokenSize** diff --git a/windows/client-management/mdm/policy-csp-kioskbrowser.md b/windows/client-management/mdm/policy-csp-kioskbrowser.md index ab4e33bba0..3384e28b77 100644 --- a/windows/client-management/mdm/policy-csp-kioskbrowser.md +++ b/windows/client-management/mdm/policy-csp-kioskbrowser.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/03/2018 +ms.date: 01/29/2018 --- # Policy CSP - KioskBrowser @@ -41,7 +41,9 @@ ms.date: 01/03/2018 +
+ **KioskBrowser/BlockedUrlExceptions** @@ -82,17 +84,10 @@ ms.date: 01/03/2018 Added in Windows 10, next major update. List of exceptions to the blocked website URLs (with wildcard support). This is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs. - - - - - - - - - +
+ **KioskBrowser/BlockedUrls** @@ -133,17 +128,10 @@ Added in Windows 10, next major update. List of exceptions to the blocked websit Added in Windows 10, next major update. List of blocked website URLs (with wildcard support). This is used to configure blocked URLs kiosk browsers cannot navigate to. - - - - - - - - - +
+ **KioskBrowser/DefaultURL** @@ -184,17 +172,10 @@ Added in Windows 10, next major update. List of blocked website URLs (with wildc Added in Windows 10, next major update. Configures the default URL kiosk browsers to navigate on launch and restart. - - - - - - - - - +
+ **KioskBrowser/EnableHomeButton** @@ -235,17 +216,10 @@ Added in Windows 10, next major update. Configures the default URL kiosk browser Added in Windows 10, next major update. Enable/disable kiosk browser's home button. - - - - - - - - - +
+ **KioskBrowser/EnableNavigationButtons** @@ -286,17 +260,10 @@ Added in Windows 10, next major update. Enable/disable kiosk browser's home butt Added in Windows 10, next major update. Enable/disable kiosk browser's navigation buttons (forward/back). - - - - - - - - - +
+ **KioskBrowser/RestartOnIdleTime** @@ -339,15 +306,6 @@ Added in Windows 10, next major update. Amount of time in minutes the session is The value is an int 1-1440 that specifies the amount of minutes the session is idle until the kiosk browser restarts in a fresh state. The default value is empty which means there is no idle timeout within the kiosk browser. - - - - - - - - -
diff --git a/windows/client-management/mdm/policy-csp-licensing.md b/windows/client-management/mdm/policy-csp-licensing.md index 58a2418bf7..6d5197aac8 100644 --- a/windows/client-management/mdm/policy-csp-licensing.md +++ b/windows/client-management/mdm/policy-csp-licensing.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/14/2017 +ms.date: 01/29/2018 --- # Policy CSP - Licensing @@ -27,7 +27,9 @@ ms.date: 12/14/2017 +
+ **Licensing/AllowWindowsEntitlementReactivation** @@ -75,7 +77,9 @@ The following list shows the supported values: +
+ **Licensing/DisallowKMSClientOnlineAVSValidation** diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md index 5ef2395ae6..5bd76c04ea 100644 --- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md +++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/29/2017 +ms.date: 01/29/2018 --- # Policy CSP - LocalPoliciesSecurityOptions @@ -188,7 +188,9 @@ ms.date: 12/29/2017 +
+ **LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts** @@ -244,7 +246,9 @@ The following list shows the supported values: +
+ **LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus** @@ -297,7 +301,9 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. +
+ **LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus** @@ -347,7 +353,9 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. +
+ **LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly** @@ -405,7 +413,9 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. +
+ **LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount** @@ -452,7 +462,9 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete. +
+ **LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount** @@ -499,7 +511,9 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete. +
+ **LocalPoliciesSecurityOptions/Devices_AllowUndockWithoutHavingToLogon** @@ -546,17 +560,10 @@ Caution: Disabling this policy may tempt users to try and physically remove the laptop from its docking station using methods other than the external hardware eject button. Since this may cause damage to the hardware, this setting, in general, should only be disabled on laptop configurations that are physically securable. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia** @@ -603,17 +610,10 @@ This security setting determines who is allowed to format and eject removable NT Default: This policy is not defined and only Administrators have this ability. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters** @@ -662,17 +662,10 @@ Note This setting does not affect the ability to add a local printer. This setting does not affect Administrators. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly** @@ -718,17 +711,10 @@ If this policy is enabled, it allows only the interactively logged-on user to ac Default: This policy is not defined and CD-ROM access is not restricted to the locally logged-on user. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways** @@ -785,17 +771,10 @@ If this policy is enabled, the policy Domain member: Digitally sign secure chann Logon information transmitted over the secure channel is always encrypted regardless of whether encryption of ALL other secure channel traffic is negotiated or not. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptSecureChannelDataWhenPossible** @@ -849,17 +828,10 @@ There is no known reason for disabling this setting. Besides unnecessarily reduc Note: Domain controllers are also domain members and establish secure channels with other domain controllers in the same domain as well as domain controllers in trusted domains. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/DomainMember_DigitallySignSecureChannelDataWhenPossible** @@ -907,17 +879,10 @@ This setting determines whether or not the domain member attempts to negotiate s Default: Enabled. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/DomainMember_DisableMachineAccountPasswordChanges** @@ -966,17 +931,10 @@ This security setting should not be enabled. Computer account passwords are used This setting should not be used in an attempt to support dual-boot scenarios that use the same computer account. If you want to dual-boot two installations that are joined to the same domain, give the two installations different computer names. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/DomainMember_MaximumMachineAccountPasswordAge** @@ -1024,17 +982,10 @@ Important This setting applies to Windows 2000 computers, but it is not available through the Security Configuration Manager tools on these computers. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/DomainMember_RequireStrongSessionKey** @@ -1093,17 +1044,10 @@ In order to take advantage of this policy on member workstations and servers, al In order to take advantage of this policy on domain controllers, all domain controllers in the same domain as well as all trusted domains must run Windows 2000 or later. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked** @@ -1151,7 +1095,9 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. +
+ **LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayLastSignedIn** @@ -1204,7 +1150,9 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. +
+ **LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayUsernameAtSignIn** @@ -1258,7 +1206,9 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. +
+ **LocalPoliciesSecurityOptions/InteractiveLogon_DoNotRequireCTRLALTDEL** @@ -1313,7 +1263,9 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. +
+ **LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit** @@ -1363,7 +1315,9 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. +
+ **LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn** @@ -1412,7 +1366,9 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete. +
+ **LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn** @@ -1459,7 +1415,9 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete. +
+ **LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior** @@ -1520,17 +1478,10 @@ Default: This policy is not defined, which means that the system treats it as No On Windows Vista and above: For this setting to work, the Smart Card Removal Policy service must be started. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsAlways** @@ -1592,17 +1543,10 @@ SMB packet signing can significantly degrade SMB performance, depending on diale For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees** @@ -1661,17 +1605,10 @@ SMB packet signing can significantly degrade SMB performance, depending on diale For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers** @@ -1717,17 +1654,10 @@ Sending unencrypted passwords is a security risk. Default: Disabled. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession** @@ -1775,17 +1705,10 @@ For this policy setting, a value of 0 means to disconnect an idle session as qui Default:This policy is not defined, which means that the system treats it as 15 minutes for servers and undefined for workstations. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways** @@ -1856,17 +1779,10 @@ HKLM\System\CurrentControlSet\Services\lanmanserver\parameters\enableW9xsecurity For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees** @@ -1929,17 +1845,10 @@ SMB packet signing can significantly degrade SMB performance, depending on diale For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts** @@ -1995,17 +1904,10 @@ Important This policy has no impact on domain controllers. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares** @@ -2051,17 +1953,10 @@ Windows allows anonymous users to perform certain activities, such as enumeratin Default: Disabled. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/NetworkAccess_LetEveryonePermissionsApplyToAnonymousUsers** @@ -2109,17 +2004,10 @@ If this policy is enabled, the Everyone SID is added to the token that is create Default: Disabled. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares** @@ -2165,17 +2053,10 @@ Network access: Shares that can be accessed anonymously Default: Enabled. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM** @@ -2221,17 +2102,10 @@ If not selected, the default security descriptor will be used. This policy is supported on at least Windows Server 2016. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/NetworkSecurity_AllowLocalSystemToUseComputerIdentityForNTLM** @@ -2285,17 +2159,10 @@ This policy is supported on at least Windows Vista or Windows Server 2008. Note: Windows Vista or Windows Server 2008 do not expose this setting in Group Policy. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests** @@ -2344,7 +2211,9 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. +
+ **LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange** @@ -2395,17 +2264,10 @@ Windows 2000 Service Pack 2 (SP2) and above offer compatibility with authenticat This setting can affect the ability of computers running Windows 2000 Server, Windows 2000 Professional, Windows XP, and the Windows Server 2003 family to communicate with computers running Windows 95 and Windows 98. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel** @@ -2471,17 +2333,10 @@ Windows Server 2003: Send NTLM response only Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: Send NTLMv2 response only - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients** @@ -2532,17 +2387,10 @@ Windows XP, Windows Vista, Windows 2000 Server, Windows Server 2003, and Windows Windows 7 and Windows Server 2008 R2: Require 128-bit encryption - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers** @@ -2593,17 +2441,10 @@ Windows XP, Windows Vista, Windows 2000 Server, Windows Server 2003, and Windows Windows 7 and Windows Server 2008 R2: Require 128-bit encryption - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon** @@ -2644,7 +2485,9 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. +
+ **LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn** @@ -2699,7 +2542,9 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. +
+ **LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile** @@ -2747,17 +2592,10 @@ When this policy is enabled, it causes the system pagefile to be cleared upon cl Default: Disabled. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems** @@ -2803,17 +2641,10 @@ If this setting is enabled, case insensitivity is enforced for all directory obj Default: Enabled. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation** @@ -2867,7 +2698,9 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. +
+ **LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators** @@ -2926,7 +2759,9 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. +
+ **LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers** @@ -2978,7 +2813,9 @@ The following list shows the supported values: +
+ **LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation** @@ -3026,17 +2863,10 @@ Enabled: (Default) When an application installation package is detected that req Disabled: Application installation packages are not detected and prompted for elevation. Enterprises that are running standard user desktops and use delegated installation technologies such as Group Policy Software Installation or Systems Management Server (SMS) should disable this policy setting. In this case, installer detection is unnecessary. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated** @@ -3085,7 +2915,9 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. +
+ **LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations** @@ -3140,7 +2972,9 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. +
+ **LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode** @@ -3190,7 +3024,9 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. +
+ **LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation** @@ -3239,7 +3075,9 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. +
+ **LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode** @@ -3287,17 +3125,10 @@ The options are: • Disabled: (Default) The built-in Administrator account runs all applications with full administrative privilege. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations** diff --git a/windows/client-management/mdm/policy-csp-location.md b/windows/client-management/mdm/policy-csp-location.md index bc22abef7f..3863b5f6b1 100644 --- a/windows/client-management/mdm/policy-csp-location.md +++ b/windows/client-management/mdm/policy-csp-location.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - Location @@ -24,7 +24,9 @@ ms.date: 11/01/2017 +
+ **Location/EnableLocation** diff --git a/windows/client-management/mdm/policy-csp-lockdown.md b/windows/client-management/mdm/policy-csp-lockdown.md index af9df333ee..e5f5ea3c9f 100644 --- a/windows/client-management/mdm/policy-csp-lockdown.md +++ b/windows/client-management/mdm/policy-csp-lockdown.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/14/2017 +ms.date: 01/29/2018 --- # Policy CSP - LockDown @@ -24,7 +24,9 @@ ms.date: 12/14/2017 +
+ **LockDown/AllowEdgeSwipe** diff --git a/windows/client-management/mdm/policy-csp-maps.md b/windows/client-management/mdm/policy-csp-maps.md index 06b6844b22..31f6725776 100644 --- a/windows/client-management/mdm/policy-csp-maps.md +++ b/windows/client-management/mdm/policy-csp-maps.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/14/2017 +ms.date: 01/29/2018 --- # Policy CSP - Maps @@ -27,7 +27,9 @@ ms.date: 12/14/2017 +
+ **Maps/AllowOfflineMapsDownloadOverMeteredConnection** @@ -78,7 +80,9 @@ The following list shows the supported values: +
+ **Maps/EnableOfflineMapsAutoUpdate** diff --git a/windows/client-management/mdm/policy-csp-messaging.md b/windows/client-management/mdm/policy-csp-messaging.md index aa1c3698b6..9d52633f18 100644 --- a/windows/client-management/mdm/policy-csp-messaging.md +++ b/windows/client-management/mdm/policy-csp-messaging.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - Messaging @@ -30,7 +30,9 @@ ms.date: 11/01/2017 +
+ **Messaging/AllowMMS** @@ -79,7 +81,9 @@ The following list shows the supported values: +
+ **Messaging/AllowMessageSync** @@ -125,7 +129,9 @@ The following list shows the supported values: +
+ **Messaging/AllowRCS** diff --git a/windows/client-management/mdm/policy-csp-networkisolation.md b/windows/client-management/mdm/policy-csp-networkisolation.md index 341511e93c..63b61350a9 100644 --- a/windows/client-management/mdm/policy-csp-networkisolation.md +++ b/windows/client-management/mdm/policy-csp-networkisolation.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - NetworkIsolation @@ -45,7 +45,9 @@ ms.date: 11/01/2017 +
+ **NetworkIsolation/EnterpriseCloudResources** @@ -86,7 +88,9 @@ Contains a list of Enterprise resource domains hosted in the cloud that need to +
+ **NetworkIsolation/EnterpriseIPRange** @@ -140,7 +144,9 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff +
+ **NetworkIsolation/EnterpriseIPRangesAreAuthoritative** @@ -181,7 +187,9 @@ Boolean value that tells the client to accept the configured list and not to use +
+ **NetworkIsolation/EnterpriseInternalProxyServers** @@ -222,7 +230,9 @@ This is the comma-separated list of internal proxy servers. For example "157.54. +
+ **NetworkIsolation/EnterpriseNetworkDomainNames** @@ -273,7 +283,9 @@ Here are the steps to create canonical domain names: +
+ **NetworkIsolation/EnterpriseProxyServers** @@ -314,7 +326,9 @@ This is a comma-separated list of proxy servers. Any server on this list is cons +
+ **NetworkIsolation/EnterpriseProxyServersAreAuthoritative** @@ -355,7 +369,9 @@ Boolean value that tells the client to accept the configured list of proxies and +
+ **NetworkIsolation/NeutralResources** diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md index f5d74704a5..3086806c49 100644 --- a/windows/client-management/mdm/policy-csp-notifications.md +++ b/windows/client-management/mdm/policy-csp-notifications.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/14/2017 +ms.date: 01/29/2018 --- # Policy CSP - Notifications @@ -24,7 +24,9 @@ ms.date: 12/14/2017 +
+ **Notifications/DisallowNotificationMirroring** diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md index e4ff5000c9..ac601b4c93 100644 --- a/windows/client-management/mdm/policy-csp-power.md +++ b/windows/client-management/mdm/policy-csp-power.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - Power @@ -48,7 +48,9 @@ ms.date: 11/01/2017 +
+ **Power/AllowStandbyWhenSleepingPluggedIn** @@ -108,7 +110,9 @@ ADMX Info: +
+ **Power/DisplayOffTimeoutOnBattery** @@ -170,7 +174,9 @@ ADMX Info: +
+ **Power/DisplayOffTimeoutPluggedIn** @@ -232,7 +238,9 @@ ADMX Info: +
+ **Power/HibernateTimeoutOnBattery** @@ -295,7 +303,9 @@ ADMX Info: +
+ **Power/HibernateTimeoutPluggedIn** @@ -357,7 +367,9 @@ ADMX Info: +
+ **Power/RequirePasswordWhenComputerWakesOnBattery** @@ -417,7 +429,9 @@ ADMX Info: +
+ **Power/RequirePasswordWhenComputerWakesPluggedIn** @@ -477,7 +491,9 @@ ADMX Info: +
+ **Power/StandbyTimeoutOnBattery** @@ -539,7 +555,9 @@ ADMX Info: +
+ **Power/StandbyTimeoutPluggedIn** diff --git a/windows/client-management/mdm/policy-csp-printers.md b/windows/client-management/mdm/policy-csp-printers.md index 8718ad65f0..dc79350f3f 100644 --- a/windows/client-management/mdm/policy-csp-printers.md +++ b/windows/client-management/mdm/policy-csp-printers.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - Printers @@ -30,7 +30,9 @@ ms.date: 11/01/2017 +
+ **Printers/PointAndPrintRestrictions** @@ -103,7 +105,9 @@ ADMX Info: +
+ **Printers/PointAndPrintRestrictions_User** @@ -176,7 +180,9 @@ ADMX Info: +
+ **Printers/PublishPrinters** diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md index 804f7611af..8cc054a89b 100644 --- a/windows/client-management/mdm/policy-csp-privacy.md +++ b/windows/client-management/mdm/policy-csp-privacy.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/14/2017 +ms.date: 01/29/2018 --- # Policy CSP - Privacy @@ -252,7 +252,9 @@ ms.date: 12/14/2017 +
+ **Privacy/AllowAutoAcceptPairingAndPrivacyConsentPrompts** @@ -306,7 +308,9 @@ The following list shows the supported values: +
+ **Privacy/AllowInputPersonalization** @@ -346,7 +350,6 @@ The following list shows the supported values: Updated in Windows 10, version 1709. Allows the usage of cloud based speech services for Cortana, dictation, or Store applications. Setting this policy to 1, lets Microsoft use the user's voice data to improve cloud speech services for all users. Most restricted value is 0. -  @@ -355,10 +358,11 @@ The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. - +
+ **Privacy/DisableAdvertisingId** @@ -409,7 +413,9 @@ The following list shows the supported values: +
+ **Privacy/EnableActivityFeed** @@ -457,7 +463,9 @@ The following list shows the supported values: +
+ **Privacy/LetAppsAccessAccountInfo** @@ -506,7 +514,9 @@ Most restricted value is 2. +
+ **Privacy/LetAppsAccessAccountInfo_ForceAllowTheseApps** @@ -547,7 +557,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessAccountInfo_ForceDenyTheseApps** @@ -588,7 +600,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessAccountInfo_UserInControlOfTheseApps** @@ -629,7 +643,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessCalendar** @@ -678,7 +694,9 @@ Most restricted value is 2. +
+ **Privacy/LetAppsAccessCalendar_ForceAllowTheseApps** @@ -719,7 +737,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessCalendar_ForceDenyTheseApps** @@ -760,7 +780,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessCalendar_UserInControlOfTheseApps** @@ -801,7 +823,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessCallHistory** @@ -850,7 +874,9 @@ Most restricted value is 2. +
+ **Privacy/LetAppsAccessCallHistory_ForceAllowTheseApps** @@ -891,7 +917,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessCallHistory_ForceDenyTheseApps** @@ -932,7 +960,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessCallHistory_UserInControlOfTheseApps** @@ -973,7 +1003,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessCamera** @@ -1022,7 +1054,9 @@ Most restricted value is 2. +
+ **Privacy/LetAppsAccessCamera_ForceAllowTheseApps** @@ -1063,7 +1097,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessCamera_ForceDenyTheseApps** @@ -1104,7 +1140,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessCamera_UserInControlOfTheseApps** @@ -1145,7 +1183,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessContacts** @@ -1194,7 +1234,9 @@ Most restricted value is 2. +
+ **Privacy/LetAppsAccessContacts_ForceAllowTheseApps** @@ -1235,7 +1277,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessContacts_ForceDenyTheseApps** @@ -1276,7 +1320,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessContacts_UserInControlOfTheseApps** @@ -1317,7 +1363,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessEmail** @@ -1366,7 +1414,9 @@ Most restricted value is 2. +
+ **Privacy/LetAppsAccessEmail_ForceAllowTheseApps** @@ -1407,7 +1457,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessEmail_ForceDenyTheseApps** @@ -1448,7 +1500,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessEmail_UserInControlOfTheseApps** @@ -1489,7 +1543,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessLocation** @@ -1538,7 +1594,9 @@ Most restricted value is 2. +
+ **Privacy/LetAppsAccessLocation_ForceAllowTheseApps** @@ -1579,7 +1637,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessLocation_ForceDenyTheseApps** @@ -1620,7 +1680,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessLocation_UserInControlOfTheseApps** @@ -1661,7 +1723,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessMessaging** @@ -1710,7 +1774,9 @@ Most restricted value is 2. +
+ **Privacy/LetAppsAccessMessaging_ForceAllowTheseApps** @@ -1751,7 +1817,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessMessaging_ForceDenyTheseApps** @@ -1792,7 +1860,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessMessaging_UserInControlOfTheseApps** @@ -1833,7 +1903,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessMicrophone** @@ -1882,7 +1954,9 @@ Most restricted value is 2. +
+ **Privacy/LetAppsAccessMicrophone_ForceAllowTheseApps** @@ -1923,7 +1997,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessMicrophone_ForceDenyTheseApps** @@ -1964,7 +2040,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessMicrophone_UserInControlOfTheseApps** @@ -2005,7 +2083,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessMotion** @@ -2054,7 +2134,9 @@ Most restricted value is 2. +
+ **Privacy/LetAppsAccessMotion_ForceAllowTheseApps** @@ -2095,7 +2177,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessMotion_ForceDenyTheseApps** @@ -2136,7 +2220,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessMotion_UserInControlOfTheseApps** @@ -2177,7 +2263,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessNotifications** @@ -2226,7 +2314,9 @@ Most restricted value is 2. +
+ **Privacy/LetAppsAccessNotifications_ForceAllowTheseApps** @@ -2267,7 +2357,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessNotifications_ForceDenyTheseApps** @@ -2308,7 +2400,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessNotifications_UserInControlOfTheseApps** @@ -2349,7 +2443,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessPhone** @@ -2398,7 +2494,9 @@ Most restricted value is 2. +
+ **Privacy/LetAppsAccessPhone_ForceAllowTheseApps** @@ -2439,7 +2537,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessPhone_ForceDenyTheseApps** @@ -2480,7 +2580,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessPhone_UserInControlOfTheseApps** @@ -2521,7 +2623,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessRadios** @@ -2570,7 +2674,9 @@ Most restricted value is 2. +
+ **Privacy/LetAppsAccessRadios_ForceAllowTheseApps** @@ -2611,7 +2717,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessRadios_ForceDenyTheseApps** @@ -2652,7 +2760,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessRadios_UserInControlOfTheseApps** @@ -2693,7 +2803,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessTasks** @@ -2734,7 +2846,9 @@ Added in Windows 10, version 1703. Specifies whether Windows apps can access tas +
+ **Privacy/LetAppsAccessTasks_ForceAllowTheseApps** @@ -2775,7 +2889,9 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family N +
+ **Privacy/LetAppsAccessTasks_ForceDenyTheseApps** @@ -2816,7 +2932,9 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family N +
+ **Privacy/LetAppsAccessTasks_UserInControlOfTheseApps** @@ -2857,7 +2975,9 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family N +
+ **Privacy/LetAppsAccessTrustedDevices** @@ -2906,7 +3026,9 @@ Most restricted value is 2. +
+ **Privacy/LetAppsAccessTrustedDevices_ForceAllowTheseApps** @@ -2947,7 +3069,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessTrustedDevices_ForceDenyTheseApps** @@ -2988,7 +3112,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessTrustedDevices_UserInControlOfTheseApps** @@ -3029,7 +3155,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsGetDiagnosticInfo** @@ -3078,7 +3206,9 @@ Most restricted value is 2. +
+ **Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps** @@ -3119,7 +3249,9 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps** @@ -3160,7 +3292,9 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsGetDiagnosticInfo_UserInControlOfTheseApps** @@ -3201,7 +3335,9 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsRunInBackground** @@ -3252,7 +3388,9 @@ Most restricted value is 2. +
+ **Privacy/LetAppsRunInBackground_ForceAllowTheseApps** @@ -3293,7 +3431,9 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsRunInBackground_ForceDenyTheseApps** @@ -3334,7 +3474,9 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsRunInBackground_UserInControlOfTheseApps** @@ -3375,7 +3517,9 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsSyncWithDevices** @@ -3424,7 +3568,9 @@ Most restricted value is 2. +
+ **Privacy/LetAppsSyncWithDevices_ForceAllowTheseApps** @@ -3465,7 +3611,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsSyncWithDevices_ForceDenyTheseApps** @@ -3506,7 +3654,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsSyncWithDevices_UserInControlOfTheseApps** @@ -3547,7 +3697,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/PublishUserActivities** diff --git a/windows/client-management/mdm/policy-csp-remoteassistance.md b/windows/client-management/mdm/policy-csp-remoteassistance.md index 29f29a7267..b0b51ab819 100644 --- a/windows/client-management/mdm/policy-csp-remoteassistance.md +++ b/windows/client-management/mdm/policy-csp-remoteassistance.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - RemoteAssistance @@ -33,7 +33,9 @@ ms.date: 11/01/2017 +
+ **RemoteAssistance/CustomizeWarningMessages** @@ -99,7 +101,9 @@ ADMX Info: +
+ **RemoteAssistance/SessionLogging** @@ -161,7 +165,9 @@ ADMX Info: +
+ **RemoteAssistance/SolicitedRemoteAssistance** @@ -231,7 +237,9 @@ ADMX Info: +
+ **RemoteAssistance/UnsolicitedRemoteAssistance** diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md index dc0834d71a..782ca41f12 100644 --- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md +++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - RemoteDesktopServices @@ -39,7 +39,9 @@ ms.date: 11/01/2017 +
+ **RemoteDesktopServices/AllowUsersToConnectRemotely** @@ -105,7 +107,9 @@ ADMX Info: +
+ **RemoteDesktopServices/ClientConnectionEncryptionLevel** @@ -175,7 +179,9 @@ ADMX Info: +
+ **RemoteDesktopServices/DoNotAllowDriveRedirection** @@ -239,7 +245,9 @@ ADMX Info: +
+ **RemoteDesktopServices/DoNotAllowPasswordSaving** @@ -299,7 +307,9 @@ ADMX Info: +
+ **RemoteDesktopServices/PromptForPasswordUponConnection** @@ -365,7 +375,9 @@ ADMX Info: +
+ **RemoteDesktopServices/RequireSecureRPCCommunication** diff --git a/windows/client-management/mdm/policy-csp-remotemanagement.md b/windows/client-management/mdm/policy-csp-remotemanagement.md index 315cac1258..176cd59211 100644 --- a/windows/client-management/mdm/policy-csp-remotemanagement.md +++ b/windows/client-management/mdm/policy-csp-remotemanagement.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - RemoteManagement @@ -66,7 +66,9 @@ ms.date: 11/01/2017 +
+ **RemoteManagement/AllowBasicAuthentication_Client** @@ -103,6 +105,7 @@ ms.date: 11/01/2017 + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -120,7 +123,9 @@ ADMX Info: +
+ **RemoteManagement/AllowBasicAuthentication_Service** @@ -157,6 +162,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -174,7 +180,9 @@ ADMX Info: +
+ **RemoteManagement/AllowCredSSPAuthenticationClient** @@ -211,6 +219,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -228,7 +237,9 @@ ADMX Info: +
+ **RemoteManagement/AllowCredSSPAuthenticationService** @@ -265,6 +276,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -282,7 +294,9 @@ ADMX Info: +
+ **RemoteManagement/AllowRemoteServerManagement** @@ -319,6 +333,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -336,7 +351,9 @@ ADMX Info: +
+ **RemoteManagement/AllowUnencryptedTraffic_Client** @@ -373,6 +390,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -390,7 +408,9 @@ ADMX Info: +
+ **RemoteManagement/AllowUnencryptedTraffic_Service** @@ -427,6 +447,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -444,7 +465,9 @@ ADMX Info: +
+ **RemoteManagement/DisallowDigestAuthentication** @@ -481,6 +504,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -498,7 +522,9 @@ ADMX Info: +
+ **RemoteManagement/DisallowNegotiateAuthenticationClient** @@ -535,6 +561,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -552,7 +579,9 @@ ADMX Info: +
+ **RemoteManagement/DisallowNegotiateAuthenticationService** @@ -589,6 +618,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -606,7 +636,9 @@ ADMX Info: +
+ **RemoteManagement/DisallowStoringOfRunAsCredentials** @@ -643,6 +675,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -660,7 +693,9 @@ ADMX Info: +
+ **RemoteManagement/SpecifyChannelBindingTokenHardeningLevel** @@ -697,6 +732,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -714,7 +750,9 @@ ADMX Info: +
+ **RemoteManagement/TrustedHosts** @@ -751,6 +789,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -768,7 +807,9 @@ ADMX Info: +
+ **RemoteManagement/TurnOnCompatibilityHTTPListener** @@ -805,6 +846,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -822,7 +864,9 @@ ADMX Info: +
+ **RemoteManagement/TurnOnCompatibilityHTTPSListener** @@ -859,6 +903,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). diff --git a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md index 1569a65e29..7f7c9c2e4d 100644 --- a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md +++ b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - RemoteProcedureCall @@ -27,7 +27,9 @@ ms.date: 11/01/2017 +
+ **RemoteProcedureCall/RPCEndpointMapperClientAuthentication** @@ -91,7 +93,9 @@ ADMX Info: +
+ **RemoteProcedureCall/RestrictUnauthenticatedRPCClients** diff --git a/windows/client-management/mdm/policy-csp-remoteshell.md b/windows/client-management/mdm/policy-csp-remoteshell.md index a9538c867b..3a66eb8677 100644 --- a/windows/client-management/mdm/policy-csp-remoteshell.md +++ b/windows/client-management/mdm/policy-csp-remoteshell.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - RemoteShell @@ -42,7 +42,9 @@ ms.date: 11/01/2017 +
+ **RemoteShell/AllowRemoteShellAccess** @@ -79,6 +81,7 @@ ms.date: 11/01/2017 + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -96,7 +99,9 @@ ADMX Info: +
+ **RemoteShell/MaxConcurrentUsers** @@ -133,6 +138,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -150,7 +156,9 @@ ADMX Info: +
+ **RemoteShell/SpecifyIdleTimeout** @@ -187,6 +195,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -204,7 +213,9 @@ ADMX Info: +
+ **RemoteShell/SpecifyMaxMemory** @@ -241,6 +252,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -258,7 +270,9 @@ ADMX Info: +
+ **RemoteShell/SpecifyMaxProcesses** @@ -295,6 +309,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -312,7 +327,9 @@ ADMX Info: +
+ **RemoteShell/SpecifyMaxRemoteShells** @@ -349,6 +366,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -366,7 +384,9 @@ ADMX Info: +
+ **RemoteShell/SpecifyShellTimeout** @@ -403,6 +423,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md index e5fca3da40..d992a30b6e 100644 --- a/windows/client-management/mdm/policy-csp-search.md +++ b/windows/client-management/mdm/policy-csp-search.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/08/2018 +ms.date: 01/29/2018 --- # Policy CSP - Search @@ -65,7 +65,9 @@ ms.date: 01/08/2018 +
+ **Search/AllowCloudSearch** @@ -111,7 +113,9 @@ The following list shows the supported values: +
+ **Search/AllowCortanaInAAD** @@ -157,16 +161,11 @@ The following list shows the supported values: - 0 (default) - Not allowed. The Cortana consent page will not appear in AAD OOBE during setup. - 1 - Allowed. The Cortana consent page will appear in Azure AAD OOBE during setup. - - - - - - - +
+ **Search/AllowIndexingEncryptedStoresOrItems** @@ -220,7 +219,9 @@ The following list shows the supported values: +
+ **Search/AllowSearchToUseLocation** @@ -270,7 +271,9 @@ The following list shows the supported values: +
+ **Search/AllowStoringImagesFromVisionSearch** @@ -288,7 +291,9 @@ This policy has been deprecated. +
+ **Search/AllowUsingDiacritics** @@ -336,7 +341,9 @@ Most restricted value is 0. +
+ **Search/AllowWindowsIndexer** @@ -377,7 +384,9 @@ Allow Windows indexer. Value type is integer. +
+ **Search/AlwaysUseAutoLangDetection** @@ -425,7 +434,9 @@ Most restricted value is 0. +
+ **Search/DisableBackoff** @@ -471,7 +482,9 @@ The following list shows the supported values: +
+ **Search/DisableRemovableDriveIndexing** @@ -521,7 +534,9 @@ The following list shows the supported values: +
+ **Search/DoNotUseWebResults** @@ -573,14 +588,10 @@ The following list shows the supported values: - 1 (default) - Allowed. Queries will be performed on the web and web results will be displayed when a user performs a query in Search. - - - - - - +
+ **Search/PreventIndexingLowDiskSpaceMB** @@ -630,7 +641,9 @@ The following list shows the supported values: +
+ **Search/PreventRemoteQueries** @@ -676,7 +689,9 @@ The following list shows the supported values: +
+ **Search/SafeSearchPermissions** diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md index 7f23c593d7..7da2bfbe1c 100644 --- a/windows/client-management/mdm/policy-csp-security.md +++ b/windows/client-management/mdm/policy-csp-security.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/16/2018 +ms.date: 01/29/2018 --- # Policy CSP - Security @@ -56,7 +56,9 @@ ms.date: 01/16/2018 +
+ **Security/AllowAddProvisioningPackage** @@ -104,7 +106,9 @@ The following list shows the supported values: +
+ **Security/AllowAutomaticDeviceEncryptionForAzureADJoinedDevices** @@ -150,7 +154,9 @@ The following list shows the supported values: +
+ **Security/AllowManualRootCertificateInstallation** @@ -204,7 +210,9 @@ The following list shows the supported values: +
+ **Security/AllowRemoveProvisioningPackage** @@ -252,7 +260,9 @@ The following list shows the supported values: +
+ **Security/AntiTheftMode** @@ -304,7 +314,9 @@ The following list shows the supported values: +
+ **Security/ClearTPMIfNotReady** @@ -355,7 +367,9 @@ The following list shows the supported values: +
+ **Security/ConfigureWindowsPasswords** @@ -404,15 +418,12 @@ The following list shows the supported values: - 0 -Disallow passwords (Asymmetric credentials will be promoted to replace passwords on Windows features) - 1- Allow passwords (Passwords continue to be allowed to be used for Windows features) - 2- Default (Feature defaults as per SKU and device capabilities. Windows 10 S devices will exhibit "Disallow passwords" default, and all other devices will default to "Allow passwords") + - - - - - - +
+ **Security/PreventAutomaticDeviceEncryptionForAzureADJoinedDevices** @@ -464,7 +475,9 @@ The following list shows the supported values: +
+ **Security/RequireDeviceEncryption** @@ -515,7 +528,9 @@ Most restricted value is 1. +
+ **Security/RequireProvisioningPackageSignature** @@ -561,7 +576,9 @@ The following list shows the supported values: +
+ **Security/RequireRetrieveHealthCertificateOnBoot** diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md index 614331c610..b21b911cc1 100644 --- a/windows/client-management/mdm/policy-csp-settings.md +++ b/windows/client-management/mdm/policy-csp-settings.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/19/2017 +ms.date: 01/29/2018 --- # Policy CSP - Settings @@ -65,7 +65,9 @@ ms.date: 12/19/2017 +
+ **Settings/AllowAutoPlay** @@ -120,7 +122,9 @@ The following list shows the supported values: +
+ **Settings/AllowDataSense** @@ -168,7 +172,9 @@ The following list shows the supported values: +
+ **Settings/AllowDateTime** @@ -216,7 +222,9 @@ The following list shows the supported values: +
+ **Settings/AllowEditDeviceName** @@ -264,7 +272,9 @@ The following list shows the supported values: +
+ **Settings/AllowLanguage** @@ -316,7 +326,9 @@ The following list shows the supported values: +
+ **Settings/AllowOnlineTips** @@ -356,18 +368,12 @@ The following list shows the supported values: Enables or disables the retrieval of online tips and help for the Settings app. If disabled, Settings will not contact Microsoft content services to retrieve tips and help content. + - - - - - - - - - +
+ **Settings/AllowPowerSleep** @@ -419,7 +425,9 @@ The following list shows the supported values: +
+ **Settings/AllowRegion** @@ -471,7 +479,9 @@ The following list shows the supported values: +
+ **Settings/AllowSignInOptions** @@ -523,7 +533,9 @@ The following list shows the supported values: +
+ **Settings/AllowVPN** @@ -571,7 +583,9 @@ The following list shows the supported values: +
+ **Settings/AllowWorkplace** @@ -623,7 +637,9 @@ The following list shows the supported values: +
+ **Settings/AllowYourAccount** @@ -671,7 +687,9 @@ The following list shows the supported values: +
+ **Settings/ConfigureTaskbarCalendar** @@ -719,7 +737,9 @@ The following list shows the supported values: +
+ **Settings/PageVisibilityList** diff --git a/windows/client-management/mdm/policy-csp-smartscreen.md b/windows/client-management/mdm/policy-csp-smartscreen.md index f842311ff1..4aeb3007f6 100644 --- a/windows/client-management/mdm/policy-csp-smartscreen.md +++ b/windows/client-management/mdm/policy-csp-smartscreen.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/14/2017 +ms.date: 01/29/2018 --- # Policy CSP - SmartScreen @@ -30,7 +30,9 @@ ms.date: 12/14/2017 +
+ **SmartScreen/EnableAppInstallControl** @@ -78,7 +80,9 @@ The following list shows the supported values: +
+ **SmartScreen/EnableSmartScreenInShell** @@ -126,7 +130,9 @@ The following list shows the supported values: +
+ **SmartScreen/PreventOverrideForFilesInShell** diff --git a/windows/client-management/mdm/policy-csp-speech.md b/windows/client-management/mdm/policy-csp-speech.md index ff34e8ec3b..eb15267764 100644 --- a/windows/client-management/mdm/policy-csp-speech.md +++ b/windows/client-management/mdm/policy-csp-speech.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/14/2017 +ms.date: 01/29/2018 --- # Policy CSP - Speech @@ -24,7 +24,9 @@ ms.date: 12/14/2017 +
+ **Speech/AllowSpeechModelUpdate** diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md index 4e4567d276..6dbef99ae1 100644 --- a/windows/client-management/mdm/policy-csp-start.md +++ b/windows/client-management/mdm/policy-csp-start.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/14/2017 +ms.date: 01/29/2018 --- # Policy CSP - Start @@ -108,7 +108,9 @@ ms.date: 12/14/2017 +
+ **Start/AllowPinnedFolderDocuments** @@ -157,7 +159,9 @@ The following list shows the supported values: +
+ **Start/AllowPinnedFolderDownloads** @@ -206,7 +210,9 @@ The following list shows the supported values: +
+ **Start/AllowPinnedFolderFileExplorer** @@ -255,7 +261,9 @@ The following list shows the supported values: +
+ **Start/AllowPinnedFolderHomeGroup** @@ -304,7 +312,9 @@ The following list shows the supported values: +
+ **Start/AllowPinnedFolderMusic** @@ -353,7 +363,9 @@ The following list shows the supported values: +
+ **Start/AllowPinnedFolderNetwork** @@ -402,7 +414,9 @@ The following list shows the supported values: +
+ **Start/AllowPinnedFolderPersonalFolder** @@ -451,7 +465,9 @@ The following list shows the supported values: +
+ **Start/AllowPinnedFolderPictures** @@ -500,7 +516,9 @@ The following list shows the supported values: +
+ **Start/AllowPinnedFolderSettings** @@ -549,7 +567,9 @@ The following list shows the supported values: +
+ **Start/AllowPinnedFolderVideos** @@ -598,7 +618,9 @@ The following list shows the supported values: +
+ **Start/ForceStartSize** @@ -651,7 +673,9 @@ If there is policy configuration conflict, the latest configuration request is a +
+ **Start/HideAppList** @@ -712,7 +736,9 @@ To validate on Desktop, do the following: +
+ **Start/HideChangeAccountSettings** @@ -765,7 +791,9 @@ The following list shows the supported values: +
+ **Start/HideFrequentlyUsedApps** @@ -825,7 +853,9 @@ The following list shows the supported values: +
+ **Start/HideHibernate** @@ -881,7 +911,9 @@ The following list shows the supported values: +
+ **Start/HideLock** @@ -934,7 +966,9 @@ The following list shows the supported values: +
+ **Start/HidePeopleBar** @@ -977,7 +1011,9 @@ Value type is integer. +
+ **Start/HidePowerButton** @@ -1033,7 +1069,9 @@ The following list shows the supported values: +
+ **Start/HideRecentJumplists** @@ -1096,7 +1134,9 @@ The following list shows the supported values: +
+ **Start/HideRecentlyAddedApps** @@ -1156,7 +1196,9 @@ The following list shows the supported values: +
+ **Start/HideRestart** @@ -1209,7 +1251,9 @@ The following list shows the supported values: +
+ **Start/HideShutDown** @@ -1262,7 +1306,9 @@ The following list shows the supported values: +
+ **Start/HideSignOut** @@ -1315,7 +1361,9 @@ The following list shows the supported values: +
+ **Start/HideSleep** @@ -1368,7 +1416,9 @@ The following list shows the supported values: +
+ **Start/HideSwitchAccount** @@ -1421,7 +1471,9 @@ The following list shows the supported values: +
+ **Start/HideUserTile** @@ -1478,7 +1530,9 @@ The following list shows the supported values: +
+ **Start/ImportEdgeAssets** @@ -1534,7 +1588,9 @@ To validate on Desktop, do the following: +
+ **Start/NoPinningToTaskbar** @@ -1590,7 +1646,9 @@ The following list shows the supported values: +
+ **Start/StartLayout** diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md index 189436f4eb..a14fd22cb2 100644 --- a/windows/client-management/mdm/policy-csp-storage.md +++ b/windows/client-management/mdm/policy-csp-storage.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/13/2017 +ms.date: 01/29/2018 --- # Policy CSP - Storage @@ -27,7 +27,9 @@ ms.date: 12/13/2017 +
+ **Storage/AllowDiskHealthModelUpdates** @@ -76,7 +78,9 @@ Value type is integer. +
+ **Storage/EnhancedStorageDevices** diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index 2435e96fe0..e9d50d3359 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/19/2017 +ms.date: 01/29/2018 --- # Policy CSP - System @@ -68,7 +68,9 @@ ms.date: 12/19/2017 +
+ **System/AllowBuildPreview** @@ -121,7 +123,9 @@ The following list shows the supported values: +
+ **System/AllowEmbeddedMode** @@ -171,7 +175,9 @@ The following list shows the supported values: +
+ **System/AllowExperimentation** @@ -223,7 +229,9 @@ Most restricted value is 0. +
+ **System/AllowFontProviders** @@ -284,7 +292,9 @@ To verify if System/AllowFontProviders is set to true: +
+ **System/AllowLocation** @@ -339,7 +349,9 @@ For example, an app's original Location setting is Off. The administrator then s +
+ **System/AllowStorageCard** @@ -389,7 +401,9 @@ The following list shows the supported values: +
+ **System/AllowTelemetry** @@ -506,7 +520,9 @@ Most restricted value is 0. +
+ **System/AllowUserToResetPhone** @@ -557,7 +573,9 @@ orted values: +
+ **System/BootStartDriverInitialization** @@ -611,7 +629,9 @@ ADMX Info: +
+ **System/DisableEnterpriseAuthProxy** @@ -651,11 +671,10 @@ ADMX Info: This policy setting blocks the Connected User Experience and Telemetry service from automatically using an authenticated proxy to send data back to Microsoft on Windows 10. If you disable or do not configure this policy setting, the Connected User Experience and Telemetry service will automatically use an authenticated proxy to send data back to Microsoft. Enabling this policy will block the Connected User Experience and Telemetry service from automatically using an authenticated proxy. - - - +
+ **System/DisableOneDriveFileSync** @@ -717,7 +736,9 @@ The following list shows the supported values: +
+ **System/DisableSystemRestore** @@ -783,7 +804,9 @@ ADMX Info: +
+ **System/FeedbackHubAlwaysSaveDiagnosticsLocally** @@ -795,6 +818,8 @@ ADMX Info: Business Enterprise Education + Mobile + Mobile Enterprise check mark4 @@ -802,6 +827,8 @@ ADMX Info: check mark4 check mark4 check mark4 + + @@ -826,14 +853,10 @@ The following list shows the supported values: - 1 - True. The Feedback Hub should always save a local copy of diagnostics that may be created when a feedback is submitted. - - - - - - +
+ **System/LimitEnhancedDiagnosticDataWindowsAnalytics** @@ -887,7 +910,9 @@ If you disable or do not configure this policy setting, then the level of diagno +
+ **System/TelemetryProxy** diff --git a/windows/client-management/mdm/policy-csp-systemservices.md b/windows/client-management/mdm/policy-csp-systemservices.md index c307f1e57f..cdee24bf7c 100644 --- a/windows/client-management/mdm/policy-csp-systemservices.md +++ b/windows/client-management/mdm/policy-csp-systemservices.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/03/2018 +ms.date: 01/29/2018 --- # Policy CSP - SystemServices @@ -41,7 +41,9 @@ ms.date: 01/03/2018 +
+ **SystemServices/ConfigureHomeGroupListenerServiceStartupMode** @@ -81,17 +83,10 @@ ms.date: 01/03/2018 Added in Windows 10, next major update. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual. - - - - - - - - - +
+ **SystemServices/ConfigureHomeGroupProviderServiceStartupMode** @@ -131,17 +126,10 @@ Added in Windows 10, next major update. This setting determines whether the serv Added in Windows 10, next major update. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual. - - - - - - - - - +
+ **SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode** @@ -181,17 +169,10 @@ Added in Windows 10, next major update. This setting determines whether the serv Added in Windows 10, next major update. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual. - - - - - - - - - +
+ **SystemServices/ConfigureXboxLiveAuthManagerServiceStartupMode** @@ -231,17 +212,10 @@ Added in Windows 10, next major update. This setting determines whether the serv Added in Windows 10, next major update. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual. - - - - - - - - - +
+ **SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode** @@ -281,17 +255,10 @@ Added in Windows 10, next major update. This setting determines whether the serv Added in Windows 10, next major update. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual. - - - - - - - - - +
+ **SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode** @@ -331,15 +298,6 @@ Added in Windows 10, next major update. This setting determines whether the serv Added in Windows 10, next major update. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual. - - - - - - - - -
diff --git a/windows/client-management/mdm/policy-csp-taskscheduler.md b/windows/client-management/mdm/policy-csp-taskscheduler.md index 0a8f13c708..71e1d6c905 100644 --- a/windows/client-management/mdm/policy-csp-taskscheduler.md +++ b/windows/client-management/mdm/policy-csp-taskscheduler.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/03/2018 +ms.date: 01/29/2018 --- # Policy CSP - TaskScheduler @@ -26,7 +26,9 @@ ms.date: 01/03/2018 +
+ **TaskScheduler/EnableXboxGameSaveTask** @@ -66,15 +68,6 @@ ms.date: 01/03/2018 Added in Windows 10, next major update. This setting determines whether the specific task is enabled (1) or disabled (0). Default: Enabled. - - - - - - - - -
diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md index fbb6857b81..d345d4add2 100644 --- a/windows/client-management/mdm/policy-csp-textinput.md +++ b/windows/client-management/mdm/policy-csp-textinput.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/19/2017 +ms.date: 01/29/2018 --- # Policy CSP - TextInput @@ -65,7 +65,9 @@ ms.date: 12/19/2017 +
+ **TextInput/AllowIMELogging** @@ -119,7 +121,9 @@ The following list shows the supported values: +
+ **TextInput/AllowIMENetworkAccess** @@ -173,7 +177,9 @@ The following list shows the supported values: +
+ **TextInput/AllowInputPanel** @@ -227,7 +233,9 @@ The following list shows the supported values: +
+ **TextInput/AllowJapaneseIMESurrogatePairCharacters** @@ -279,7 +287,9 @@ Most restricted value is 0. +
+ **TextInput/AllowJapaneseIVSCharacters** @@ -333,7 +343,9 @@ The following list shows the supported values: +
+ **TextInput/AllowJapaneseNonPublishingStandardGlyph** @@ -387,7 +399,9 @@ The following list shows the supported values: +
+ **TextInput/AllowJapaneseUserDictionary** @@ -441,7 +455,9 @@ The following list shows the supported values: +
+ **TextInput/AllowKeyboardTextSuggestions** @@ -500,7 +516,9 @@ The following list shows the supported values: +
+ **TextInput/AllowKoreanExtendedHanja** @@ -509,7 +527,9 @@ This policy has been deprecated. +
+ **TextInput/AllowLanguageFeaturesUninstall** @@ -563,7 +583,9 @@ The following list shows the supported values: +
+ **TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode** @@ -615,16 +637,11 @@ The following list shows the supported values: - 0 (default) - Disabled. - 1 - Enabled. - - - - - - - +
+ **TextInput/ExcludeJapaneseIMEExceptJIS0208** @@ -674,7 +691,9 @@ The following list shows the supported values: +
+ **TextInput/ExcludeJapaneseIMEExceptJIS0208andEUDC** @@ -724,7 +743,9 @@ The following list shows the supported values: +
+ **TextInput/ExcludeJapaneseIMEExceptShiftJIS** diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md index f97d7275a3..fedf2c5380 100644 --- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md +++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/14/2017 +ms.date: 01/29/2018 --- # Policy CSP - TimeLanguageSettings @@ -24,7 +24,9 @@ ms.date: 12/14/2017 +
+ **TimeLanguageSettings/AllowSet24HourClock** diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index 771fc0cab4..66e08b3185 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/19/2017 +ms.date: 01/29/2018 --- # Policy CSP - Update @@ -167,7 +167,9 @@ ms.date: 12/19/2017 +
+ **Update/ActiveHoursEnd** @@ -215,7 +217,9 @@ The default is 17 (5 PM). +
+ **Update/ActiveHoursMaxRange** @@ -260,7 +264,9 @@ The default value is 18 (hours). +
+ **Update/ActiveHoursStart** @@ -308,7 +314,9 @@ The default value is 8 (8 AM). +
+ **Update/AllowAutoUpdate** @@ -366,7 +374,9 @@ If the policy is not configured, end-users get the default behavior (Auto instal +
+ **Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork** @@ -418,7 +428,9 @@ The following list shows the supported values: +
+ **Update/AllowMUUpdateService** @@ -464,7 +476,9 @@ The following list shows the supported values: +
+ **Update/AllowNonMicrosoftSignedUpdate** @@ -516,7 +530,9 @@ The following list shows the supported values: +
+ **Update/AllowUpdateService** @@ -571,7 +587,9 @@ The following list shows the supported values: +
+ **Update/AutoRestartDeadlinePeriodInDays** @@ -616,7 +634,9 @@ The default value is 7 days. +
+ **Update/AutoRestartNotificationSchedule** @@ -663,7 +683,9 @@ Supported values are 15, 30, 60, 120, and 240 (minutes). +
+ **Update/AutoRestartRequiredNotificationDismissal** @@ -709,7 +731,9 @@ The following list shows the supported values: +
+ **Update/BranchReadinessLevel** @@ -760,7 +784,9 @@ The following list shows the supported values: +
+ **Update/ConfigureFeatureUpdateUninstallPeriod** @@ -787,16 +813,14 @@ The following list shows the supported values: - Added in Windows 10, next major update. Enable IT admin to configure feature update uninstall period. Values range 2 - 60 days. Default is 10 days. - - - +
+ **Update/DeferFeatureUpdatesPeriodInDays** @@ -844,7 +868,9 @@ Supported values are 0-365 days. +
+ **Update/DeferQualityUpdatesPeriodInDays** @@ -887,7 +913,9 @@ Supported values are 0-30. +
+ **Update/DeferUpdatePeriod** @@ -1021,7 +1049,9 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego +
+ **Update/DeferUpgradePeriod** @@ -1074,7 +1104,9 @@ If the "Allow Telemetry" policy is enabled and the Options value is set to 0, th +
+ **Update/DetectionFrequency** @@ -1115,7 +1147,9 @@ Added in Windows 10, version 1703. Specifies the scan frequency from every 1 - 2 +
+ **Update/DisableDualScan** @@ -1165,11 +1199,13 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. The following list shows the supported values: - 0 - allow scan against Windows Update -- 1 - do not allow update deferral policies to cause scans against Windows Update +- 1 - do not allow update deferral policies to cause scans against Windows Update +
+ **Update/EngagedRestartDeadline** @@ -1214,7 +1250,9 @@ The default value is 0 days (not specified). +
+ **Update/EngagedRestartSnoozeSchedule** @@ -1259,7 +1297,9 @@ The default value is 3 days. +
+ **Update/EngagedRestartTransitionSchedule** @@ -1304,7 +1344,9 @@ The default value is 7 days. +
+ **Update/ExcludeWUDriversInQualityUpdate** @@ -1353,7 +1395,9 @@ The following list shows the supported values: +
+ **Update/FillEmptyContentUrls** @@ -1402,7 +1446,9 @@ The following list shows the supported values: +
+ **Update/IgnoreMOAppDownloadLimit** @@ -1465,7 +1511,9 @@ To validate this policy: +
+ **Update/IgnoreMOUpdateDownloadLimit** @@ -1525,7 +1573,9 @@ The following list shows the supported values: +
+ **Update/ManagePreviewBuilds** @@ -1572,7 +1622,9 @@ The following list shows the supported values: +
+ **Update/PauseDeferrals** @@ -1626,7 +1678,9 @@ If the "Allow Telemetry" policy is enabled and the Options value is set to 0, th +
+ **Update/PauseFeatureUpdates** @@ -1675,7 +1729,9 @@ The following list shows the supported values: +
+ **Update/PauseFeatureUpdatesStartTime** @@ -1718,7 +1774,9 @@ Value type is string. Supported operations are Add, Get, Delete, and Replace. +
+ **Update/PauseQualityUpdates** @@ -1764,7 +1822,9 @@ The following list shows the supported values: +
+ **Update/PauseQualityUpdatesStartTime** @@ -1807,24 +1867,20 @@ Value type is string. Supported operations are Add, Get, Delete, and Replace. +
+ **Update/PhoneUpdateRestrictions** This policy is deprecated. Use [Update/RequireUpdateApproval](#update-requireupdateapproval) instead. + - - - - - - - - - +
+ **Update/RequireDeferUpgrade** @@ -1874,7 +1930,9 @@ The following list shows the supported values: +
+ **Update/RequireUpdateApproval** @@ -1926,7 +1984,9 @@ The following list shows the supported values: +
+ **Update/ScheduleImminentRestartWarning** @@ -1973,7 +2033,9 @@ Supported values are 15, 30, or 60 (minutes). +
+ **Update/ScheduleRestartWarning** @@ -2024,7 +2086,9 @@ Supported values are 2, 4, 8, 12, or 24 (hours). +
+ **Update/ScheduledInstallDay** @@ -2080,7 +2144,9 @@ The following list shows the supported values: +
+ **Update/ScheduledInstallEveryWeek** @@ -2125,7 +2191,9 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i +
+ **Update/ScheduledInstallFirstWeek** @@ -2170,7 +2238,9 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i +
+ **Update/ScheduledInstallFourthWeek** @@ -2215,7 +2285,9 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i +
+ **Update/ScheduledInstallSecondWeek** @@ -2260,7 +2332,9 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i +
+ **Update/ScheduledInstallThirdWeek** @@ -2305,7 +2379,9 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i +
+ **Update/ScheduledInstallTime** @@ -2358,7 +2434,9 @@ The default value is 3. +
+ **Update/SetAutoRestartNotificationDisable** @@ -2404,7 +2482,9 @@ The following list shows the supported values: +
+ **Update/SetEDURestart** @@ -2450,7 +2530,9 @@ The following list shows the supported values: +
+ **Update/UpdateServiceUrl** @@ -2519,7 +2601,9 @@ Example +
+ **Update/UpdateServiceUrlAlternate** diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md index 5a1943db52..7ebe88f286 100644 --- a/windows/client-management/mdm/policy-csp-userrights.md +++ b/windows/client-management/mdm/policy-csp-userrights.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/03/2018 +ms.date: 01/29/2018 --- # Policy CSP - UserRights @@ -110,7 +110,9 @@ ms.date: 01/03/2018 +
+ **UserRights/AccessCredentialManagerAsTrustedCaller** @@ -150,17 +152,10 @@ ms.date: 01/03/2018 This user right is used by Credential Manager during Backup/Restore. No accounts should have this privilege, as it is only assigned to Winlogon. Users' saved credentials might be compromised if this privilege is given to other entities. - - - - - - - - - +
+ **UserRights/AccessFromNetwork** @@ -200,17 +195,10 @@ This user right is used by Credential Manager during Backup/Restore. No accounts This user right determines which users and groups are allowed to connect to the computer over the network. Remote Desktop Services are not affected by this user right.Note: Remote Desktop Services was called Terminal Services in previous versions of Windows Server. - - - - - - - - - +
+ **UserRights/ActAsPartOfTheOperatingSystem** @@ -250,17 +238,10 @@ This user right determines which users and groups are allowed to connect to the This user right allows a process to impersonate any user without authentication. The process can therefore gain access to the same local resources as that user. Processes that require this privilege should use the LocalSystem account, which already includes this privilege, rather than using a separate user account with this privilege specially assigned. Caution:Assigning this user right can be a security risk. Only assign this user right to trusted users. - - - - - - - - - +
+ **UserRights/AllowLocalLogOn** @@ -297,20 +278,13 @@ This user right allows a process to impersonate any user without authentication. -This user right determines which users can log on to the computer. Note: Modifying this setting may affect compatibility with clients, services, and applications. For compatibility information about this setting, see Allow log on locally (https://go.microsoft.com/fwlink/?LinkId=24268 ) at the Microsoft website. +This user right determines which users can log on to the computer. Note: Modifying this setting may affect compatibility with clients, services, and applications. For compatibility information about this setting, see Allow log on locally (https://go.microsoft.com/fwlink/?LinkId=24268 ) at the Microsoft website. - - - - - - - - - +
+ **UserRights/BackupFilesAndDirectories** @@ -350,17 +324,10 @@ This user right determines which users can log on to the computer. Note: Modifyi This user right determines which users can bypass file, directory, registry, and other persistent objects permissions when backing up files and directories.Specifically, this user right is similar to granting the following permissions to the user or group in question on all files and folders on the system:Traverse Folder/Execute File, Read. Caution: Assigning this user right can be a security risk. Since users with this user right can read any registry settings and files, only assign this user right to trusted users - - - - - - - - - +
+ **UserRights/ChangeSystemTime** @@ -400,17 +367,10 @@ This user right determines which users can bypass file, directory, registry, and This user right determines which users and groups can change the time and date on the internal clock of the computer. Users that are assigned this user right can affect the appearance of event logs. If the system time is changed, events that are logged will reflect this new time, not the actual time that the events occurred. - - - - - - - - - +
+ **UserRights/CreateGlobalObjects** @@ -450,17 +410,10 @@ This user right determines which users and groups can change the time and date o This security setting determines whether users can create global objects that are available to all sessions. Users can still create objects that are specific to their own session if they do not have this user right. Users who can create global objects could affect processes that run under other users' sessions, which could lead to application failure or data corruption. Caution: Assigning this user right can be a security risk. Assign this user right only to trusted users. - - - - - - - - - +
+ **UserRights/CreatePageFile** @@ -500,17 +453,10 @@ This security setting determines whether users can create global objects that ar This user right determines which users and groups can call an internal application programming interface (API) to create and change the size of a page file. This user right is used internally by the operating system and usually does not need to be assigned to any users - - - - - - - - - +
+ **UserRights/CreatePermanentSharedObjects** @@ -550,17 +496,10 @@ This user right determines which users and groups can call an internal applicati This user right determines which accounts can be used by processes to create a directory object using the object manager. This user right is used internally by the operating system and is useful to kernel-mode components that extend the object namespace. Because components that are running in kernel mode already have this user right assigned to them, it is not necessary to specifically assign it. - - - - - - - - - +
+ **UserRights/CreateSymbolicLinks** @@ -600,17 +539,10 @@ This user right determines which accounts can be used by processes to create a d This user right determines if the user can create a symbolic link from the computer he is logged on to. Caution: This privilege should only be given to trusted users. Symbolic links can expose security vulnerabilities in applications that aren't designed to handle them. Note: This setting can be used in conjunction a symlink filesystem setting that can be manipulated with the command line utility to control the kinds of symlinks that are allowed on the machine. Type 'fsutil behavior set symlinkevaluation /?' at the command line to get more information about fsutil and symbolic links. - - - - - - - - - +
+ **UserRights/CreateToken** @@ -650,17 +582,10 @@ This user right determines if the user can create a symbolic link from the compu This user right determines which accounts can be used by processes to create a token that can then be used to get access to any local resources when the process uses an internal application programming interface (API) to create an access token. This user right is used internally by the operating system. Unless it is necessary, do not assign this user right to a user, group, or process other than Local System. Caution: Assigning this user right can be a security risk. Do not assign this user right to any user, group, or process that you do not want to take over the system. - - - - - - - - - +
+ **UserRights/DebugPrograms** @@ -700,17 +625,10 @@ This user right determines which accounts can be used by processes to create a t This user right determines which users can attach a debugger to any process or to the kernel. Developers who are debugging their own applications do not need to be assigned this user right. Developers who are debugging new system components will need this user right to be able to do so. This user right provides complete access to sensitive and critical operating system components. Caution:Assigning this user right can be a security risk. Only assign this user right to trusted users. - - - - - - - - - +
+ **UserRights/DenyAccessFromNetwork** @@ -750,17 +668,10 @@ This user right determines which users can attach a debugger to any process or t This user right determines which users are prevented from accessing a computer over the network. This policy setting supersedes the Access this computer from the network policy setting if a user account is subject to both policies. - - - - - - - - - +
+ **UserRights/DenyLocalLogOn** @@ -800,17 +711,10 @@ This user right determines which users are prevented from accessing a computer o This security setting determines which service accounts are prevented from registering a process as a service. Note: This security setting does not apply to the System, Local Service, or Network Service accounts. - - - - - - - - - +
+ **UserRights/DenyRemoteDesktopServicesLogOn** @@ -850,17 +754,10 @@ This security setting determines which service accounts are prevented from regis This user right determines which users and groups are prohibited from logging on as a Remote Desktop Services client. - - - - - - - - - +
+ **UserRights/EnableDelegation** @@ -900,17 +797,10 @@ This user right determines which users and groups are prohibited from logging on This user right determines which users can set the Trusted for Delegation setting on a user or computer object. The user or object that is granted this privilege must have write access to the account control flags on the user or computer object. A server process running on a computer (or under a user context) that is trusted for delegation can access resources on another computer using delegated credentials of a client, as long as the client account does not have the Account cannot be delegated account control flag set. Caution: Misuse of this user right, or of the Trusted for Delegation setting, could make the network vulnerable to sophisticated attacks using Trojan horse programs that impersonate incoming clients and use their credentials to gain access to network resources. - - - - - - - - - +
+ **UserRights/GenerateSecurityAudits** @@ -950,17 +840,10 @@ This user right determines which users can set the Trusted for Delegation settin This user right determines which accounts can be used by a process to add entries to the security log. The security log is used to trace unauthorized system access. Misuse of this user right can result in the generation of many auditing events, potentially hiding evidence of an attack or causing a denial of service. Shut down system immediately if unable to log security audits security policy setting is enabled. - - - - - - - - - +
+ **UserRights/ImpersonateClient** @@ -1004,17 +887,10 @@ Assigning this user right to a user allows programs running on behalf of that us Because of these factors, users do not usually need this user right. Warning: If you enable this setting, programs that previously had the Impersonate privilege may lose it, and they may not run. - - - - - - - - - +
+ **UserRights/IncreaseSchedulingPriority** @@ -1054,17 +930,10 @@ Because of these factors, users do not usually need this user right. Warning: If This user right determines which accounts can use a process with Write Property access to another process to increase the execution priority assigned to the other process. A user with this privilege can change the scheduling priority of a process through the Task Manager user interface. - - - - - - - - - +
+ **UserRights/LoadUnloadDeviceDrivers** @@ -1104,17 +973,10 @@ This user right determines which accounts can use a process with Write Property This user right determines which users can dynamically load and unload device drivers or other code in to kernel mode. This user right does not apply to Plug and Play device drivers. It is recommended that you do not assign this privilege to other users. Caution: Assigning this user right can be a security risk. Do not assign this user right to any user, group, or process that you do not want to take over the system. - - - - - - - - - +
+ **UserRights/LockMemory** @@ -1154,17 +1016,10 @@ This user right determines which users can dynamically load and unload device dr This user right determines which accounts can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Exercising this privilege could significantly affect system performance by decreasing the amount of available random access memory (RAM). - - - - - - - - - +
+ **UserRights/ManageAuditingAndSecurityLog** @@ -1204,17 +1059,10 @@ This user right determines which accounts can use a process to keep data in phys This user right determines which users can specify object access auditing options for individual resources, such as files, Active Directory objects, and registry keys. This security setting does not allow a user to enable file and object access auditing in general. You can view audited events in the security log of the Event Viewer. A user with this privilege can also view and clear the security log. - - - - - - - - - +
+ **UserRights/ManageVolume** @@ -1254,17 +1102,10 @@ This user right determines which users can specify object access auditing option This user right determines which users and groups can run maintenance tasks on a volume, such as remote defragmentation. Use caution when assigning this user right. Users with this user right can explore disks and extend files in to memory that contains other data. When the extended files are opened, the user might be able to read and modify the acquired data. - - - - - - - - - +
+ **UserRights/ModifyFirmwareEnvironment** @@ -1304,17 +1145,10 @@ This user right determines which users and groups can run maintenance tasks on a This user right determines who can modify firmware environment values. Firmware environment variables are settings stored in the nonvolatile RAM of non-x86-based computers. The effect of the setting depends on the processor.On x86-based computers, the only firmware environment value that can be modified by assigning this user right is the Last Known Good Configuration setting, which should only be modified by the system. On Itanium-based computers, boot information is stored in nonvolatile RAM. Users must be assigned this user right to run bootcfg.exe and to change the Default Operating System setting on Startup and Recovery in System Properties. On all computers, this user right is required to install or upgrade Windows.Note: This security setting does not affect who can modify the system environment variables and user environment variables that are displayed on the Advanced tab of System Properties. - - - - - - - - - +
+ **UserRights/ModifyObjectLabel** @@ -1354,17 +1188,10 @@ This user right determines who can modify firmware environment values. Firmware This user right determines which user accounts can modify the integrity label of objects, such as files, registry keys, or processes owned by other users. Processes running under a user account can modify the label of an object owned by that user to a lower level without this privilege. - - - - - - - - - +
+ **UserRights/ProfileSingleProcess** @@ -1404,17 +1231,10 @@ This user right determines which user accounts can modify the integrity label of This user right determines which users can use performance monitoring tools to monitor the performance of system processes. - - - - - - - - - +
+ **UserRights/RemoteShutdown** @@ -1454,17 +1274,10 @@ This user right determines which users can use performance monitoring tools to m This user right determines which users are allowed to shut down a computer from a remote location on the network. Misuse of this user right can result in a denial of service. - - - - - - - - - +
+ **UserRights/RestoreFilesAndDirectories** @@ -1504,17 +1317,10 @@ This user right determines which users are allowed to shut down a computer from This user right determines which users can bypass file, directory, registry, and other persistent objects permissions when restoring backed up files and directories, and determines which users can set any valid security principal as the owner of an object. Specifically, this user right is similar to granting the following permissions to the user or group in question on all files and folders on the system:Traverse Folder/Execute File, Write. Caution: Assigning this user right can be a security risk. Since users with this user right can overwrite registry settings, hide data, and gain ownership of system objects, only assign this user right to trusted users. - - - - - - - - - +
+ **UserRights/TakeOwnership** @@ -1554,15 +1360,6 @@ This user right determines which users can bypass file, directory, registry, and This user right determines which users can take ownership of any securable object in the system, including Active Directory objects, files and folders, printers, registry keys, processes, and threads. Caution: Assigning this user right can be a security risk. Since owners of objects have full control of them, only assign this user right to trusted users. - - - - - - - - -
diff --git a/windows/client-management/mdm/policy-csp-wifi.md b/windows/client-management/mdm/policy-csp-wifi.md index 043528cf1c..7416d833f4 100644 --- a/windows/client-management/mdm/policy-csp-wifi.md +++ b/windows/client-management/mdm/policy-csp-wifi.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/14/2017 +ms.date: 01/29/2018 --- # Policy CSP - Wifi @@ -42,7 +42,9 @@ ms.date: 12/14/2017 +
+ **WiFi/AllowWiFiHotSpotReporting** @@ -51,7 +53,9 @@ This policy has been deprecated. +
+ **Wifi/AllowAutoConnectToWiFiSenseHotspots** @@ -101,7 +105,9 @@ The following list shows the supported values: +
+ **Wifi/AllowInternetSharing** @@ -151,7 +157,9 @@ The following list shows the supported values: +
+ **Wifi/AllowManualWiFiConfiguration** @@ -204,7 +212,9 @@ The following list shows the supported values: +
+ **Wifi/AllowWiFi** @@ -254,7 +264,9 @@ The following list shows the supported values: +
+ **Wifi/AllowWiFiDirect** @@ -302,7 +314,9 @@ The following list shows the supported values: +
+ **Wifi/WLANScanMode** diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md index ff846b2bbe..4c421859f2 100644 --- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md +++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/29/2017 +ms.date: 01/29/2018 --- # Policy CSP - WindowsDefenderSecurityCenter @@ -80,7 +80,9 @@ ms.date: 12/29/2017 +
+ **WindowsDefenderSecurityCenter/CompanyName** @@ -123,7 +125,9 @@ Value type is string. Supported operations are Add, Get, Replace and Delete. +
+ **WindowsDefenderSecurityCenter/DisableAccountProtectionUI** @@ -168,17 +172,10 @@ Valid values: - 1 - (Enable) The users cannot see the display of the Account protection area in Windows Defender Security Center. - - - - - - - - - +
+ **WindowsDefenderSecurityCenter/DisableAppBrowserUI** @@ -220,7 +217,6 @@ Added in Windows 10, version 1709. Use this policy setting if you want to disabl Value type is integer. Supported operations are Add, Get, Replace and Delete. - The following list shows the supported values: @@ -229,7 +225,9 @@ The following list shows the supported values: +
+ **WindowsDefenderSecurityCenter/DisableDeviceSecurityUI** @@ -274,17 +272,10 @@ Valid values: - 1 - (Enable) The users cannot see the display of the Device secuirty area in Windows Defender Security Center. - - - - - - - - - +
+ **WindowsDefenderSecurityCenter/DisableEnhancedNotifications** @@ -337,7 +328,9 @@ The following list shows the supported values: +
+ **WindowsDefenderSecurityCenter/DisableFamilyUI** @@ -387,7 +380,9 @@ The following list shows the supported values: +
+ **WindowsDefenderSecurityCenter/DisableHealthUI** @@ -437,7 +432,9 @@ The following list shows the supported values: +
+ **WindowsDefenderSecurityCenter/DisableNetworkUI** @@ -487,7 +484,9 @@ The following list shows the supported values: +
+ **WindowsDefenderSecurityCenter/DisableNotifications** @@ -537,7 +536,9 @@ The following list shows the supported values: +
+ **WindowsDefenderSecurityCenter/DisableVirusUI** @@ -587,7 +588,9 @@ The following list shows the supported values: +
+ **WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride** @@ -637,7 +640,9 @@ The following list shows the supported values: +
+ **WindowsDefenderSecurityCenter/Email** @@ -680,7 +685,9 @@ Value type is string. Supported operations are Add, Get, Replace and Delete. +
+ **WindowsDefenderSecurityCenter/EnableCustomizedToasts** @@ -730,7 +737,9 @@ The following list shows the supported values: +
+ **WindowsDefenderSecurityCenter/EnableInAppCustomization** @@ -780,7 +789,9 @@ The following list shows the supported values: +
+ **WindowsDefenderSecurityCenter/HideRansomwareDataRecovery** @@ -822,19 +833,13 @@ Added in Windows 10, next major update. Use this policy setting to hide the Rans Valid values: - 0 - (Disable or not configured) The Ransomware data recovery area will be visible. -- 1 - (Enable) The Ransomware data recovery area is hidden. +- 1 - (Enable) The Ransomware data recovery area is hidden. + - - - - - - - - - +
+ **WindowsDefenderSecurityCenter/HideSecureBoot** @@ -877,18 +882,12 @@ Valid values: - 0 - (Disable or not configured) The Secure boot area is displayed. - 1 - (Enable) The Secure boot area is hidden. + - - - - - - - - - +
+ **WindowsDefenderSecurityCenter/HideTPMTroubleshooting** @@ -931,18 +930,12 @@ Valid values: - 0 - (Disable or not configured) The Security processor (TPM) troubleshooting area is displayed. - 1 - (Enable) The Security processor (TPM) troubleshooting area is hidden. + - - - - - - - - - +
+ **WindowsDefenderSecurityCenter/Phone** @@ -985,7 +978,9 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete. +
+ **WindowsDefenderSecurityCenter/URL** diff --git a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md index 53db2d066d..1ddb435ce8 100644 --- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md +++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/14/2017 +ms.date: 01/29/2018 --- # Policy CSP - WindowsInkWorkspace @@ -27,7 +27,9 @@ ms.date: 12/14/2017 +
+ **WindowsInkWorkspace/AllowSuggestedAppsInWindowsInkWorkspace** @@ -75,7 +77,9 @@ The following list shows the supported values: +
+ **WindowsInkWorkspace/AllowWindowsInkWorkspace** diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md index 9ee11366cd..62e9c0003c 100644 --- a/windows/client-management/mdm/policy-csp-windowslogon.md +++ b/windows/client-management/mdm/policy-csp-windowslogon.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/14/2017 +ms.date: 01/29/2018 --- # Policy CSP - WindowsLogon @@ -30,7 +30,9 @@ ms.date: 12/14/2017 +
+ **WindowsLogon/DisableLockScreenAppNotifications** @@ -90,7 +92,9 @@ ADMX Info: +
+ **WindowsLogon/DontDisplayNetworkSelectionUI** @@ -150,7 +154,9 @@ ADMX Info: +
+ **WindowsLogon/HideFastUserSwitching** diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md index e2de8af8b2..4e120a73e2 100644 --- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md +++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/14/2017 +ms.date: 01/29/2018 --- # Policy CSP - WirelessDisplay @@ -45,7 +45,9 @@ ms.date: 12/14/2017 +
+ **WirelessDisplay/AllowMdnsAdvertisement** @@ -82,7 +84,7 @@ ms.date: 12/14/2017 -Added in Windows 10, version 1709. This policy setting allows you to turn off the Wireless Display multicast DNS service advertisement from a Wireless Display receiver. If the network administrator is concerned about network congestion, they may set this policy to 0, disabling mDNS advertisement. +Added in Windows 10, version 1709. This policy setting allows you to turn off the Wireless Display multicast DNS service advertisement from a Wireless Display receiver. If the network administrator is concerned about network congestion, they may set this policy to 0, disabling mDNS advertisement. @@ -93,7 +95,9 @@ The following list shows the supported values: +
+ **WirelessDisplay/AllowMdnsDiscovery** @@ -130,7 +134,7 @@ The following list shows the supported values: -Added in Windows 10, version 1709. This policy setting allows you to turn off discovering the display service advertised over multicast DNS by a Wireless Display receiver. If the network administrator is concerned about network congestion, they may set this policy to 0, disabling mDNS discovery. +Added in Windows 10, version 1709. This policy setting allows you to turn off discovering the display service advertised over multicast DNS by a Wireless Display receiver. If the network administrator is concerned about network congestion, they may set this policy to 0, disabling mDNS discovery. @@ -141,7 +145,9 @@ The following list shows the supported values: +
+ **WirelessDisplay/AllowProjectionFromPC** @@ -178,7 +184,7 @@ The following list shows the supported values: -Added in Windows 10, version 1703. This policy allows you to turn off projection from a PC. +Added in Windows 10, version 1703. This policy allows you to turn off projection from a PC. @@ -189,7 +195,9 @@ The following list shows the supported values: +
+ **WirelessDisplay/AllowProjectionFromPCOverInfrastructure** @@ -226,7 +234,7 @@ The following list shows the supported values: -Added in Windows 10, version 1703. This policy allows you to turn off projection from a PC over infrastructure. +Added in Windows 10, version 1703. This policy allows you to turn off projection from a PC over infrastructure. @@ -237,7 +245,9 @@ The following list shows the supported values: +
+ **WirelessDisplay/AllowProjectionToPC** @@ -289,7 +299,9 @@ The following list shows the supported values: +
+ **WirelessDisplay/AllowProjectionToPCOverInfrastructure** @@ -326,7 +338,7 @@ The following list shows the supported values: -Added in Windows 10, version 1703. This policy setting allows you to turn off projection to a PC over infrastructure. +Added in Windows 10, version 1703. This policy setting allows you to turn off projection to a PC over infrastructure. @@ -337,7 +349,9 @@ The following list shows the supported values: +
+ **WirelessDisplay/AllowUserInputFromWirelessDisplayReceiver** @@ -362,7 +376,9 @@ The following list shows the supported values: +
+ **WirelessDisplay/RequirePinForPairing** From 7d40bbea1b967eec41dc0c38809dc0141375b79c Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Mon, 29 Jan 2018 20:53:31 +0000 Subject: [PATCH 036/109] fixing redirects --- .openpublishing.redirection.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index f8fae17740..395247be86 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -8452,12 +8452,12 @@ }, { "source_path": "bcs/support/microsoft-365-business-faqs.md", -"redirect_url": "/microsoft-365/business/microsoft-365-business-faqs", +"redirect_url": "/microsoft-365/business/support/microsoft-365-business-faqs", "redirect_document_id": true }, { "source_path": "bcs/support/transition-csp-subscription.md", -"redirect_url": "/microsoft-365/business/transition-csp-subscription", +"redirect_url": "/microsoft-365/business/support/transition-csp-subscription", "redirect_document_id": true } ] From 6adbec8de7de5bf2b1dc2a97d011886d092e3d44 Mon Sep 17 00:00:00 2001 From: Nicholas Brower Date: Mon, 29 Jan 2018 20:58:05 +0000 Subject: [PATCH 037/109] Merged PR 5556: updating token tag names to minimize automation output, and standardize naming schema --- .../mdm/policy-csp-abovelock.md | 36 +- ...csp-accountpoliciesaccountlockoutpolicy.md | 36 +- .../mdm/policy-csp-accounts.md | 48 +- .../mdm/policy-csp-activexcontrols.md | 16 +- .../mdm/policy-csp-applicationdefaults.md | 12 +- .../mdm/policy-csp-applicationmanagement.md | 132 +- .../mdm/policy-csp-appvirtualization.md | 448 +- .../mdm/policy-csp-attachmentmanager.md | 48 +- .../mdm/policy-csp-authentication.md | 60 +- .../mdm/policy-csp-autoplay.md | 48 +- .../mdm/policy-csp-bitlocker.md | 12 +- .../mdm/policy-csp-bluetooth.md | 60 +- .../mdm/policy-csp-browser.md | 456 +- .../mdm/policy-csp-camera.md | 12 +- .../mdm/policy-csp-cellular.md | 64 +- .../mdm/policy-csp-connectivity.md | 188 +- .../mdm/policy-csp-controlpolicyconflict.md | 12 +- .../mdm/policy-csp-credentialproviders.md | 44 +- .../mdm/policy-csp-credentialsui.md | 32 +- .../mdm/policy-csp-cryptography.md | 24 +- .../mdm/policy-csp-dataprotection.md | 24 +- .../mdm/policy-csp-datausage.md | 32 +- .../mdm/policy-csp-defender.md | 420 +- .../mdm/policy-csp-deliveryoptimization.md | 280 +- .../mdm/policy-csp-desktop.md | 16 +- .../mdm/policy-csp-deviceguard.md | 36 +- .../mdm/policy-csp-deviceinstallation.md | 32 +- .../mdm/policy-csp-devicelock.md | 208 +- .../mdm/policy-csp-display.md | 24 +- .../mdm/policy-csp-education.md | 36 +- .../mdm/policy-csp-enterprisecloudprint.md | 72 +- .../mdm/policy-csp-errorreporting.md | 80 +- .../mdm/policy-csp-eventlogservice.md | 64 +- .../mdm/policy-csp-experience.md | 236 +- .../mdm/policy-csp-exploitguard.md | 12 +- .../client-management/mdm/policy-csp-games.md | 12 +- .../mdm/policy-csp-handwriting.md | 12 +- .../mdm/policy-csp-internetexplorer.md | 3880 ++++++++--------- .../mdm/policy-csp-kerberos.md | 80 +- .../mdm/policy-csp-kioskbrowser.md | 72 +- .../mdm/policy-csp-licensing.md | 24 +- ...policy-csp-localpoliciessecurityoptions.md | 656 +-- .../mdm/policy-csp-location.md | 12 +- .../mdm/policy-csp-lockdown.md | 12 +- .../client-management/mdm/policy-csp-maps.md | 24 +- .../mdm/policy-csp-messaging.md | 36 +- .../mdm/policy-csp-networkisolation.md | 96 +- .../mdm/policy-csp-notifications.md | 12 +- .../client-management/mdm/policy-csp-power.md | 144 +- .../mdm/policy-csp-printers.md | 48 +- .../mdm/policy-csp-privacy.md | 924 ++-- .../mdm/policy-csp-remoteassistance.md | 64 +- .../mdm/policy-csp-remotedesktopservices.md | 96 +- .../mdm/policy-csp-remotemanagement.md | 240 +- .../mdm/policy-csp-remoteprocedurecall.md | 32 +- .../mdm/policy-csp-remoteshell.md | 112 +- .../mdm/policy-csp-search.md | 164 +- .../mdm/policy-csp-security.md | 128 +- .../mdm/policy-csp-settings.md | 168 +- .../mdm/policy-csp-smartscreen.md | 36 +- .../mdm/policy-csp-speech.md | 12 +- .../client-management/mdm/policy-csp-start.md | 348 +- .../mdm/policy-csp-storage.md | 28 +- .../mdm/policy-csp-system.md | 188 +- .../mdm/policy-csp-systemservices.md | 72 +- .../mdm/policy-csp-taskscheduler.md | 12 +- .../mdm/policy-csp-textinput.md | 160 +- .../mdm/policy-csp-timelanguagesettings.md | 12 +- .../mdm/policy-csp-update.md | 564 +-- .../mdm/policy-csp-userrights.md | 348 +- .../client-management/mdm/policy-csp-wifi.md | 76 +- ...olicy-csp-windowsdefendersecuritycenter.md | 228 +- .../mdm/policy-csp-windowsinkworkspace.md | 24 +- .../mdm/policy-csp-windowslogon.md | 44 +- .../mdm/policy-csp-wirelessdisplay.md | 92 +- 75 files changed, 6326 insertions(+), 6326 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-abovelock.md b/windows/client-management/mdm/policy-csp-abovelock.md index 544860e28f..8a9ab9e4cd 100644 --- a/windows/client-management/mdm/policy-csp-abovelock.md +++ b/windows/client-management/mdm/policy-csp-abovelock.md @@ -36,7 +36,7 @@ ms.date: 01/29/2018 **AboveLock/AllowActionCenterNotifications** - + @@ -58,8 +58,8 @@ ms.date: 01/29/2018
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -67,8 +67,8 @@ ms.date: 01/29/2018
- - + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. @@ -76,7 +76,7 @@ Specifies whether to allow Action Center notifications above the device lock scr Most restricted value is 0. - + The following list shows the supported values: @@ -91,7 +91,7 @@ The following list shows the supported values: **AboveLock/AllowCortanaAboveLock** - + @@ -113,8 +113,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -122,11 +122,11 @@ The following list shows the supported values:
- - + + Added in Windows 10, version 1607. Specifies whether or not the user can interact with Cortana using speech while the system is locked. If you enable or don’t configure this setting, the user can interact with Cortana using speech while the system is locked. If you disable this setting, the system will need to be unlocked for the user to interact with Cortana using speech. - + The following list shows the supported values: @@ -141,7 +141,7 @@ The following list shows the supported values: **AboveLock/AllowToasts** - + @@ -163,8 +163,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -172,13 +172,13 @@ The following list shows the supported values:
- - + + Specifies whether to allow toast notifications above the device lock screen. Most restricted value is 0. - + The following list shows the supported values: diff --git a/windows/client-management/mdm/policy-csp-accountpoliciesaccountlockoutpolicy.md b/windows/client-management/mdm/policy-csp-accountpoliciesaccountlockoutpolicy.md index 341cac943e..fef93c8458 100644 --- a/windows/client-management/mdm/policy-csp-accountpoliciesaccountlockoutpolicy.md +++ b/windows/client-management/mdm/policy-csp-accountpoliciesaccountlockoutpolicy.md @@ -38,7 +38,7 @@ ms.date: 01/29/2018 **AccountPoliciesAccountLockoutPolicy/AccountLockoutDuration** - + @@ -60,8 +60,8 @@ ms.date: 01/29/2018
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -69,15 +69,15 @@ ms.date: 01/29/2018
- - + + Added in Windows 10, next major release. This security setting determines the number of minutes a locked-out account remains locked out before automatically becoming unlocked. The available range is from 0 minutes through 99,999 minutes. If you set the account lockout duration to 0, the account will be locked out until an administrator explicitly unlocks it. If an account lockout threshold is defined, the account lockout duration must be greater than or equal to the reset time. Default: None, because this policy setting only has meaning when an Account lockout threshold is specified. - +
@@ -85,7 +85,7 @@ Default: None, because this policy setting only has meaning when an Account lock **AccountPoliciesAccountLockoutPolicy/AccountLockoutThreshold** - + @@ -107,8 +107,8 @@ Default: None, because this policy setting only has meaning when an Account lock
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -116,15 +116,15 @@ Default: None, because this policy setting only has meaning when an Account lock
- - + + Added in Windows 10, next major release. This security setting determines the number of failed logon attempts that causes a user account to be locked out. A locked-out account cannot be used until it is reset by an administrator or until the lockout duration for the account has expired. You can set a value between 0 and 999 failed logon attempts. If you set the value to 0, the account will never be locked out. Failed password attempts against workstations or member servers that have been locked using either CTRL+ALT+DELETE or password-protected screen savers count as failed logon attempts. Default: 0. - +
@@ -132,7 +132,7 @@ Default: 0. **AccountPoliciesAccountLockoutPolicy/ResetAccountLockoutCounterAfter** - + @@ -154,8 +154,8 @@ Default: 0.
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -163,15 +163,15 @@ Default: 0.
- - + + Added in Windows 10, next major release. This security setting determines the number of minutes that must elapse after a failed logon attempt before the failed logon attempt counter is reset to 0 bad logon attempts. The available range is 1 minute to 99,999 minutes. If an account lockout threshold is defined, this reset time must be less than or equal to the Account lockout duration. Default: None, because this policy setting only has meaning when an Account lockout threshold is specified. - +
diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md index 3eaaad3542..8bfbafa470 100644 --- a/windows/client-management/mdm/policy-csp-accounts.md +++ b/windows/client-management/mdm/policy-csp-accounts.md @@ -39,7 +39,7 @@ ms.date: 01/29/2018 **Accounts/AllowAddingNonMicrosoftAccountsManually** - + @@ -61,8 +61,8 @@ ms.date: 01/29/2018
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -70,8 +70,8 @@ ms.date: 01/29/2018
- - + + Specifies whether user is allowed to add non-MSA email accounts. Most restricted value is 0. @@ -79,7 +79,7 @@ Most restricted value is 0. > [!NOTE] > This policy will only block UI/UX-based methods for adding non-Microsoft accounts. Even if this policy is enforced, you can still provision non-MSA accounts using the [EMAIL2 CSP](email2-csp.md). - + The following list shows the supported values: @@ -94,7 +94,7 @@ The following list shows the supported values: **Accounts/AllowMicrosoftAccountConnection** - + @@ -116,8 +116,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -125,13 +125,13 @@ The following list shows the supported values:
- - + + Specifies whether the user is allowed to use an MSA account for non-email related connection authentication and services. Most restricted value is 0. - + The following list shows the supported values: @@ -146,7 +146,7 @@ The following list shows the supported values: **Accounts/AllowMicrosoftAccountSignInAssistant** - + @@ -168,8 +168,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -177,11 +177,11 @@ The following list shows the supported values:
- - + + Added in Windows 10, version 1703. Allows IT Admins the ability to disable the "Microsoft Account Sign-In Assistant" (wlidsvc) NT service. - + The following list shows the supported values: @@ -196,7 +196,7 @@ The following list shows the supported values: **Accounts/DomainNamesForEmailSync** - + @@ -218,8 +218,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -227,15 +227,15 @@ The following list shows the supported values:
- - + + Specifies a list of the domains that are allowed to sync email on the device. The data type is a string. The default value is an empty string, which allows all email accounts on the device to sync email. Otherwise, the string should contain a pipe-separated list of domains that are allowed to sync email on the device. For example, "contoso.com|fabrikam.net|woodgrove.gov". - +
diff --git a/windows/client-management/mdm/policy-csp-activexcontrols.md b/windows/client-management/mdm/policy-csp-activexcontrols.md index 43af11e725..c8facbef8f 100644 --- a/windows/client-management/mdm/policy-csp-activexcontrols.md +++ b/windows/client-management/mdm/policy-csp-activexcontrols.md @@ -30,7 +30,7 @@ ms.date: 01/29/2018 **ActiveXControls/ApprovedInstallationSites** - + @@ -52,8 +52,8 @@ ms.date: 01/29/2018
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -61,8 +61,8 @@ ms.date: 01/29/2018
- - + + This policy setting determines which ActiveX installation sites standard users in your organization can use to install ActiveX controls on their computers. When this setting is enabled, the administrator can create a list of approved Activex Install sites specified by host URL. If you enable this setting, the administrator can create a list of approved ActiveX Install sites specified by host URL. @@ -71,7 +71,7 @@ If you disable or do not configure this policy setting, ActiveX controls prompt Note: Wild card characters cannot be used when specifying the host URLs. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -79,14 +79,14 @@ Note: Wild card characters cannot be used when specifying the host URLs. > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Approved Installation Sites for ActiveX Controls* - GP name: *ApprovedActiveXInstallSites* - GP path: *Windows Components/ActiveX Installer Service* - GP ADMX file name: *ActiveXInstallService.admx* - +
diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md index 549937c7e9..a2454f2ffd 100644 --- a/windows/client-management/mdm/policy-csp-applicationdefaults.md +++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md @@ -30,7 +30,7 @@ ms.date: 01/29/2018 **ApplicationDefaults/DefaultAssociationsConfiguration** - + @@ -52,8 +52,8 @@ ms.date: 01/29/2018
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -61,8 +61,8 @@ ms.date: 01/29/2018
- - + + Added in Windows 10, version 1703. This policy allows an administrator to set default file type and protocol associations. When set, default associations will be applied on sign-in to the PC. The association file can be created using the DISM tool (dism /online /export-defaultappassociations:appassoc.xml), and then needs to be base64 encoded before being added to SyncML. If policy is enabled and the client machine is Azure Active Directory joined, the associations assigned in SyncML will be processed and default associations will be applied. @@ -119,7 +119,7 @@ Here is the SyncMl example: ``` - +
diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md index 2cd0eb5954..024a22b95c 100644 --- a/windows/client-management/mdm/policy-csp-applicationmanagement.md +++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md @@ -60,7 +60,7 @@ ms.date: 01/29/2018 **ApplicationManagement/AllowAllTrustedApps** - + @@ -82,8 +82,8 @@ ms.date: 01/29/2018
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -91,13 +91,13 @@ ms.date: 01/29/2018
- - + + Specifies whether non Microsoft Store apps are allowed. Most restricted value is 0. - + The following list shows the supported values: @@ -113,7 +113,7 @@ The following list shows the supported values: **ApplicationManagement/AllowAppStoreAutoUpdate** - + @@ -135,8 +135,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -144,8 +144,8 @@ The following list shows the supported values:
- - + + Specifies whether automatic update of apps from Microsoft Store are allowed. The following list shows the supported values: @@ -155,7 +155,7 @@ The following list shows the supported values: Most restricted value is 0. - +
@@ -163,7 +163,7 @@ Most restricted value is 0. **ApplicationManagement/AllowDeveloperUnlock** - + @@ -185,8 +185,8 @@ Most restricted value is 0.
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -194,13 +194,13 @@ Most restricted value is 0.
- - + + Specifies whether developer unlock is allowed. Most restricted value is 0. - + The following list shows the supported values: @@ -216,7 +216,7 @@ The following list shows the supported values: **ApplicationManagement/AllowGameDVR** - + @@ -238,8 +238,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -247,8 +247,8 @@ The following list shows the supported values:
- - + + > [!NOTE] > The policy is only enforced in Windows 10 for desktop. @@ -256,7 +256,7 @@ Specifies whether DVR and broadcasting is allowed. Most restricted value is 0. - + The following list shows the supported values: @@ -271,7 +271,7 @@ The following list shows the supported values: **ApplicationManagement/AllowSharedUserAppData** - + @@ -293,8 +293,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -302,13 +302,13 @@ The following list shows the supported values:
- - + + Specifies whether multiple users of the same app can share data. Most restricted value is 0. - + The following list shows the supported values: @@ -323,7 +323,7 @@ The following list shows the supported values: **ApplicationManagement/AllowStore** - + @@ -345,8 +345,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -354,13 +354,13 @@ The following list shows the supported values:
- - + + Specifies whether app store is allowed at the device. Most restricted value is 0. - + The following list shows the supported values: @@ -375,7 +375,7 @@ The following list shows the supported values: **ApplicationManagement/ApplicationRestrictions** - + @@ -397,8 +397,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -406,8 +406,8 @@ The following list shows the supported values:
- - + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. For desktop devices, use the [AppLocker CSP](applocker-csp.md) instead. @@ -432,7 +432,7 @@ Value type is chr. Value evaluation rule - The information for PolicyManager is opaque. There is no most restricted value evaluation. Whenever there is a change to the value, the device parses the node value and enforces specified policies. - +
@@ -440,7 +440,7 @@ Value evaluation rule - The information for PolicyManager is opaque. There is no **ApplicationManagement/DisableStoreOriginatedApps** - + @@ -462,8 +462,8 @@ Value evaluation rule - The information for PolicyManager is opaque. There is no
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -471,11 +471,11 @@ Value evaluation rule - The information for PolicyManager is opaque. There is no
- - + + Added in Windows 10, version 1607. Boolean value that disables the launch of all apps from Microsoft Store that came pre-installed or were downloaded. - + The following list shows the supported values: @@ -490,7 +490,7 @@ The following list shows the supported values: **ApplicationManagement/RequirePrivateStoreOnly** - + @@ -512,8 +512,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -521,8 +521,8 @@ The following list shows the supported values:
- - + + Allows disabling of the retail catalog and only enables the Private store. The following list shows the supported values: @@ -532,7 +532,7 @@ The following list shows the supported values: Most restricted value is 1. - +
@@ -540,7 +540,7 @@ Most restricted value is 1. **ApplicationManagement/RestrictAppDataToSystemVolume** - + @@ -562,8 +562,8 @@ Most restricted value is 1.
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -571,13 +571,13 @@ Most restricted value is 1.
- - + + Specifies whether application data is restricted to the system drive. Most restricted value is 1. - + The following list shows the supported values: @@ -592,7 +592,7 @@ The following list shows the supported values: **ApplicationManagement/RestrictAppToSystemVolume** - + @@ -614,8 +614,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -623,13 +623,13 @@ The following list shows the supported values:
- - + + Specifies whether the installation of applications is restricted to the system drive. Most restricted value is 1. - + The following list shows the supported values: diff --git a/windows/client-management/mdm/policy-csp-appvirtualization.md b/windows/client-management/mdm/policy-csp-appvirtualization.md index 53bb0578e4..b30da5cc6a 100644 --- a/windows/client-management/mdm/policy-csp-appvirtualization.md +++ b/windows/client-management/mdm/policy-csp-appvirtualization.md @@ -111,7 +111,7 @@ ms.date: 01/29/2018 **AppVirtualization/AllowAppVClient** - + @@ -133,8 +133,8 @@ ms.date: 01/29/2018
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -142,11 +142,11 @@ ms.date: 01/29/2018
- - + + This policy setting allows you to enable or disable Microsoft Application Virtualization (App-V) feature. Reboot is needed for disable to take effect. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -154,14 +154,14 @@ This policy setting allows you to enable or disable Microsoft Application Virtua > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Enable App-V Client* - GP name: *EnableAppV* - GP path: *System/App-V* - GP ADMX file name: *appv.admx* - +
@@ -169,7 +169,7 @@ ADMX Info: **AppVirtualization/AllowDynamicVirtualization** - + @@ -191,8 +191,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -200,11 +200,11 @@ ADMX Info:
- - + + Enables Dynamic Virtualization of supported shell extensions, browser helper objects, and ActiveX controls. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -212,14 +212,14 @@ Enables Dynamic Virtualization of supported shell extensions, browser helper obj > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Enable Dynamic Virtualization* - GP name: *Virtualization_JITVEnable* - GP path: *System/App-V/Virtualization* - GP ADMX file name: *appv.admx* - +
@@ -227,7 +227,7 @@ ADMX Info: **AppVirtualization/AllowPackageCleanup** - + @@ -249,8 +249,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -258,11 +258,11 @@ ADMX Info:
- - + + Enables automatic cleanup of appv packages that were added after Windows10 anniversary release. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -270,14 +270,14 @@ Enables automatic cleanup of appv packages that were added after Windows10 anniv > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Enable automatic cleanup of unused appv packages* - GP name: *PackageManagement_AutoCleanupEnable* - GP path: *System/App-V/PackageManagement* - GP ADMX file name: *appv.admx* - +
@@ -285,7 +285,7 @@ ADMX Info: **AppVirtualization/AllowPackageScripts** - + @@ -307,8 +307,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -316,11 +316,11 @@ ADMX Info:
- - + + Enables scripts defined in the package manifest of configuration files that should run. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -328,14 +328,14 @@ Enables scripts defined in the package manifest of configuration files that shou > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Enable Package Scripts* - GP name: *Scripting_Enable_Package_Scripts* - GP path: *System/App-V/Scripting* - GP ADMX file name: *appv.admx* - +
@@ -343,7 +343,7 @@ ADMX Info: **AppVirtualization/AllowPublishingRefreshUX** - + @@ -365,8 +365,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -374,11 +374,11 @@ ADMX Info:
- - + + Enables a UX to display to the user when a publishing refresh is performed on the client. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -386,14 +386,14 @@ Enables a UX to display to the user when a publishing refresh is performed on th > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Enable Publishing Refresh UX* - GP name: *Enable_Publishing_Refresh_UX* - GP path: *System/App-V/Publishing* - GP ADMX file name: *appv.admx* - +
@@ -401,7 +401,7 @@ ADMX Info: **AppVirtualization/AllowReportingServer** - + @@ -423,8 +423,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -432,8 +432,8 @@ ADMX Info:
- - + + Reporting Server URL: Displays the URL of reporting server. Reporting Time: When the client data should be reported to the server. Acceptable range is 0~23, corresponding to the 24 hours in a day. A good practice is, don't set this time to a busy hour, e.g. 9AM. @@ -446,7 +446,7 @@ Data Cache Limit: This value specifies the maximum size in megabytes (MB) of the Data Block Size: This value specifies the maximum size in bytes to transmit to the server at once on a reporting upload, to avoid permanent transmission failures when the log has reached a significant size. The default value is 65536. When transmitting report data to the server, one block at a time of application records that is less than or equal to the block size in bytes of XML data will be removed from the cache and sent to the server. Each block will have the general Client data and global package list data prepended, and these will not factor into the block size calculations; the potential exists for an extremely large package list to result in transmission failures over low bandwidth or unreliable connections. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -454,14 +454,14 @@ Data Block Size: This value specifies the maximum size in bytes to transmit to t > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Reporting Server* - GP name: *Reporting_Server_Policy* - GP path: *System/App-V/Reporting* - GP ADMX file name: *appv.admx* - +
@@ -469,7 +469,7 @@ ADMX Info: **AppVirtualization/AllowRoamingFileExclusions** - + @@ -491,8 +491,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -500,11 +500,11 @@ ADMX Info:
- - + + Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage: /FILEEXCLUSIONLIST='desktop;my pictures'. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -512,14 +512,14 @@ Specifies the file paths relative to %userprofile% that do not roam with a user' > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Roaming File Exclusions* - GP name: *Integration_Roaming_File_Exclusions* - GP path: *System/App-V/Integration* - GP ADMX file name: *appv.admx* - +
@@ -527,7 +527,7 @@ ADMX Info: **AppVirtualization/AllowRoamingRegistryExclusions** - + @@ -549,8 +549,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -558,11 +558,11 @@ ADMX Info:
- - + + Specifies the registry paths that do not roam with a user profile. Example usage: /REGISTRYEXCLUSIONLIST=software\classes;software\clients. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -570,14 +570,14 @@ Specifies the registry paths that do not roam with a user profile. Example usage > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Roaming Registry Exclusions* - GP name: *Integration_Roaming_Registry_Exclusions* - GP path: *System/App-V/Integration* - GP ADMX file name: *appv.admx* - +
@@ -585,7 +585,7 @@ ADMX Info: **AppVirtualization/AllowStreamingAutoload** - + @@ -607,8 +607,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -616,11 +616,11 @@ ADMX Info:
- - + + Specifies how new packages should be loaded automatically by App-V on a specific computer. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -628,14 +628,14 @@ Specifies how new packages should be loaded automatically by App-V on a specific > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Specify what to load in background (aka AutoLoad)* - GP name: *Steaming_Autoload* - GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* - +
@@ -643,7 +643,7 @@ ADMX Info: **AppVirtualization/ClientCoexistenceAllowMigrationmode** - + @@ -665,8 +665,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -674,11 +674,11 @@ ADMX Info:
- - + + Migration mode allows the App-V client to modify shortcuts and FTA's for packages created using a previous version of App-V. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -686,14 +686,14 @@ Migration mode allows the App-V client to modify shortcuts and FTA's for package > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Enable Migration Mode* - GP name: *Client_Coexistence_Enable_Migration_mode* - GP path: *System/App-V/Client Coexistence* - GP ADMX file name: *appv.admx* - +
@@ -701,7 +701,7 @@ ADMX Info: **AppVirtualization/IntegrationAllowRootGlobal** - + @@ -723,8 +723,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -732,11 +732,11 @@ ADMX Info:
- - + + Specifies the location where symbolic links are created to the current version of a per-user published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links are not used during publishing. Example: %localappdata%\Microsoft\AppV\Client\Integration. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -744,14 +744,14 @@ Specifies the location where symbolic links are created to the current version o > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Integration Root User* - GP name: *Integration_Root_User* - GP path: *System/App-V/Integration* - GP ADMX file name: *appv.admx* - +
@@ -759,7 +759,7 @@ ADMX Info: **AppVirtualization/IntegrationAllowRootUser** - + @@ -781,8 +781,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -790,11 +790,11 @@ ADMX Info:
- - + + Specifies the location where symbolic links are created to the current version of a globally published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links are not used during publishing. Example: %allusersprofile%\Microsoft\AppV\Client\Integration. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -802,14 +802,14 @@ Specifies the location where symbolic links are created to the current version o > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Integration Root Global* - GP name: *Integration_Root_Global* - GP path: *System/App-V/Integration* - GP ADMX file name: *appv.admx* - +
@@ -817,7 +817,7 @@ ADMX Info: **AppVirtualization/PublishingAllowServer1** - + @@ -839,8 +839,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -848,8 +848,8 @@ ADMX Info:
- - + + Publishing Server Display Name: Displays the name of publishing server. Publishing Server URL: Displays the URL of publishing server. @@ -870,7 +870,7 @@ User Publishing Refresh Interval: Specifies the publishing refresh interval usin User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31). - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -878,14 +878,14 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Publishing Server 1 Settings* - GP name: *Publishing_Server1_Policy* - GP path: *System/App-V/Publishing* - GP ADMX file name: *appv.admx* - +
@@ -893,7 +893,7 @@ ADMX Info: **AppVirtualization/PublishingAllowServer2** - + @@ -915,8 +915,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -924,8 +924,8 @@ ADMX Info:
- - + + Publishing Server Display Name: Displays the name of publishing server. Publishing Server URL: Displays the URL of publishing server. @@ -946,7 +946,7 @@ User Publishing Refresh Interval: Specifies the publishing refresh interval usin User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31). - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -954,14 +954,14 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Publishing Server 2 Settings* - GP name: *Publishing_Server2_Policy* - GP path: *System/App-V/Publishing* - GP ADMX file name: *appv.admx* - +
@@ -969,7 +969,7 @@ ADMX Info: **AppVirtualization/PublishingAllowServer3** - + @@ -991,8 +991,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1000,8 +1000,8 @@ ADMX Info:
- - + + Publishing Server Display Name: Displays the name of publishing server. Publishing Server URL: Displays the URL of publishing server. @@ -1022,7 +1022,7 @@ User Publishing Refresh Interval: Specifies the publishing refresh interval usin User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31). - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1030,14 +1030,14 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Publishing Server 3 Settings* - GP name: *Publishing_Server3_Policy* - GP path: *System/App-V/Publishing* - GP ADMX file name: *appv.admx* - +
@@ -1045,7 +1045,7 @@ ADMX Info: **AppVirtualization/PublishingAllowServer4** - + @@ -1067,8 +1067,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1076,8 +1076,8 @@ ADMX Info:
- - + + Publishing Server Display Name: Displays the name of publishing server. Publishing Server URL: Displays the URL of publishing server. @@ -1098,7 +1098,7 @@ User Publishing Refresh Interval: Specifies the publishing refresh interval usin User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31). - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1106,14 +1106,14 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Publishing Server 4 Settings* - GP name: *Publishing_Server4_Policy* - GP path: *System/App-V/Publishing* - GP ADMX file name: *appv.admx* - +
@@ -1121,7 +1121,7 @@ ADMX Info: **AppVirtualization/PublishingAllowServer5** - + @@ -1143,8 +1143,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1152,8 +1152,8 @@ ADMX Info:
- - + + Publishing Server Display Name: Displays the name of publishing server. Publishing Server URL: Displays the URL of publishing server. @@ -1174,7 +1174,7 @@ User Publishing Refresh Interval: Specifies the publishing refresh interval usin User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31). - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1182,14 +1182,14 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Publishing Server 5 Settings* - GP name: *Publishing_Server5_Policy* - GP path: *System/App-V/Publishing* - GP ADMX file name: *appv.admx* - +
@@ -1197,7 +1197,7 @@ ADMX Info: **AppVirtualization/StreamingAllowCertificateFilterForClient_SSL** - + @@ -1219,8 +1219,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1228,11 +1228,11 @@ ADMX Info:
- - + + Specifies the path to a valid certificate in the certificate store. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1240,14 +1240,14 @@ Specifies the path to a valid certificate in the certificate store. > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Certificate Filter For Client SSL* - GP name: *Streaming_Certificate_Filter_For_Client_SSL* - GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* - +
@@ -1255,7 +1255,7 @@ ADMX Info: **AppVirtualization/StreamingAllowHighCostLaunch** - + @@ -1277,8 +1277,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1286,11 +1286,11 @@ ADMX Info:
- - + + This setting controls whether virtualized applications are launched on Windows 8 machines connected via a metered network connection (e.g. 4G). - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1298,14 +1298,14 @@ This setting controls whether virtualized applications are launched on Windows 8 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow First Time Application Launches if on a High Cost Windows 8 Metered Connection* - GP name: *Streaming_Allow_High_Cost_Launch* - GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* - +
@@ -1313,7 +1313,7 @@ ADMX Info: **AppVirtualization/StreamingAllowLocationProvider** - + @@ -1335,8 +1335,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1344,11 +1344,11 @@ ADMX Info:
- - + + Specifies the CLSID for a compatible implementation of the IAppvPackageLocationProvider interface. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1356,14 +1356,14 @@ Specifies the CLSID for a compatible implementation of the IAppvPackageLocationP > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Location Provider* - GP name: *Streaming_Location_Provider* - GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* - +
@@ -1371,7 +1371,7 @@ ADMX Info: **AppVirtualization/StreamingAllowPackageInstallationRoot** - + @@ -1393,8 +1393,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1402,11 +1402,11 @@ ADMX Info:
- - + + Specifies directory where all new applications and updates will be installed. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1414,14 +1414,14 @@ Specifies directory where all new applications and updates will be installed. > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Package Installation Root* - GP name: *Streaming_Package_Installation_Root* - GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* - +
@@ -1429,7 +1429,7 @@ ADMX Info: **AppVirtualization/StreamingAllowPackageSourceRoot** - + @@ -1451,8 +1451,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1460,11 +1460,11 @@ ADMX Info:
- - + + Overrides source location for downloading package content. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1472,14 +1472,14 @@ Overrides source location for downloading package content. > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Package Source Root* - GP name: *Streaming_Package_Source_Root* - GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* - +
@@ -1487,7 +1487,7 @@ ADMX Info: **AppVirtualization/StreamingAllowReestablishmentInterval** - + @@ -1509,8 +1509,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1518,11 +1518,11 @@ ADMX Info:
- - + + Specifies the number of seconds between attempts to reestablish a dropped session. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1530,14 +1530,14 @@ Specifies the number of seconds between attempts to reestablish a dropped sessio > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Reestablishment Interval* - GP name: *Streaming_Reestablishment_Interval* - GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* - +
@@ -1545,7 +1545,7 @@ ADMX Info: **AppVirtualization/StreamingAllowReestablishmentRetries** - + @@ -1567,8 +1567,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1576,11 +1576,11 @@ ADMX Info:
- - + + Specifies the number of times to retry a dropped session. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1588,14 +1588,14 @@ Specifies the number of times to retry a dropped session. > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Reestablishment Retries* - GP name: *Streaming_Reestablishment_Retries* - GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* - +
@@ -1603,7 +1603,7 @@ ADMX Info: **AppVirtualization/StreamingSharedContentStoreMode** - + @@ -1625,8 +1625,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1634,11 +1634,11 @@ ADMX Info:
- - + + Specifies that streamed package contents will be not be saved to the local hard disk. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1646,14 +1646,14 @@ Specifies that streamed package contents will be not be saved to the local hard > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Shared Content Store (SCS) mode* - GP name: *Streaming_Shared_Content_Store_Mode* - GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* - +
@@ -1661,7 +1661,7 @@ ADMX Info: **AppVirtualization/StreamingSupportBranchCache** - + @@ -1683,8 +1683,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1692,11 +1692,11 @@ ADMX Info:
- - + + If enabled, the App-V client will support BrancheCache compatible HTTP streaming. If BranchCache support is not desired, this should be disabled. The client can then apply HTTP optimizations which are incompatible with BranchCache - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1704,14 +1704,14 @@ If enabled, the App-V client will support BrancheCache compatible HTTP streaming > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Enable Support for BranchCache* - GP name: *Streaming_Support_Branch_Cache* - GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* - +
@@ -1719,7 +1719,7 @@ ADMX Info: **AppVirtualization/StreamingVerifyCertificateRevocationList** - + @@ -1741,8 +1741,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1750,11 +1750,11 @@ ADMX Info:
- - + + Verifies Server certificate revocation status before streaming using HTTPS. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1762,14 +1762,14 @@ Verifies Server certificate revocation status before streaming using HTTPS. > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Verify certificate revocation list* - GP name: *Streaming_Verify_Certificate_Revocation_List* - GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* - +
@@ -1777,7 +1777,7 @@ ADMX Info: **AppVirtualization/VirtualComponentsAllowList** - + @@ -1799,8 +1799,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1808,11 +1808,11 @@ ADMX Info:
- - + + Specifies a list of process paths (may contain wildcards) which are candidates for using virtual components (shell extensions, browser helper objects, etc). Only processes whose full path matches one of these items can use virtual components. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1820,14 +1820,14 @@ Specifies a list of process paths (may contain wildcards) which are candidates f > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Virtual Component Process Allow List* - GP name: *Virtualization_JITVAllowList* - GP path: *System/App-V/Virtualization* - GP ADMX file name: *appv.admx* - +
diff --git a/windows/client-management/mdm/policy-csp-attachmentmanager.md b/windows/client-management/mdm/policy-csp-attachmentmanager.md index 21e12791ee..257d3f313a 100644 --- a/windows/client-management/mdm/policy-csp-attachmentmanager.md +++ b/windows/client-management/mdm/policy-csp-attachmentmanager.md @@ -36,7 +36,7 @@ ms.date: 01/29/2018 **AttachmentManager/DoNotPreserveZoneInformation** - + @@ -58,8 +58,8 @@ ms.date: 01/29/2018
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -67,8 +67,8 @@ ms.date: 01/29/2018
- - + + This policy setting allows you to manage whether Windows marks file attachments with information about their zone of origin (such as restricted, Internet, intranet, local). This requires NTFS in order to function correctly, and will fail without notice on FAT32. By not preserving the zone information, Windows cannot make proper risk assessments. If you enable this policy setting, Windows does not mark file attachments with their zone information. @@ -77,7 +77,7 @@ If you disable this policy setting, Windows marks file attachments with their zo If you do not configure this policy setting, Windows marks file attachments with their zone information. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -85,14 +85,14 @@ If you do not configure this policy setting, Windows marks file attachments with > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Do not preserve zone information in file attachments* - GP name: *AM_MarkZoneOnSavedAtttachments* - GP path: *Windows Components/Attachment Manager* - GP ADMX file name: *AttachmentManager.admx* - +
@@ -100,7 +100,7 @@ ADMX Info: **AttachmentManager/HideZoneInfoMechanism** - + @@ -122,8 +122,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -131,8 +131,8 @@ ADMX Info:
- - + + This policy setting allows you to manage whether users can manually remove the zone information from saved file attachments by clicking the Unblock button in the file's property sheet or by using a check box in the security warning dialog. Removing the zone information allows users to open potentially dangerous file attachments that Windows has blocked users from opening. If you enable this policy setting, Windows hides the check box and Unblock button. @@ -141,7 +141,7 @@ If you disable this policy setting, Windows shows the check box and Unblock butt If you do not configure this policy setting, Windows hides the check box and Unblock button. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -149,14 +149,14 @@ If you do not configure this policy setting, Windows hides the check box and Unb > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Hide mechanisms to remove zone information* - GP name: *AM_RemoveZoneInfo* - GP path: *Windows Components/Attachment Manager* - GP ADMX file name: *AttachmentManager.admx* - +
@@ -164,7 +164,7 @@ ADMX Info: **AttachmentManager/NotifyAntivirusPrograms** - + @@ -186,8 +186,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -195,8 +195,8 @@ ADMX Info:
- - + + This policy setting allows you to manage the behavior for notifying registered antivirus programs. If multiple programs are registered, they will all be notified. If the registered antivirus program already performs on-access checks or scans files as they arrive on the computer's email server, additional calls would be redundant. If you enable this policy setting, Windows tells the registered antivirus program to scan the file when a user opens a file attachment. If the antivirus program fails, the attachment is blocked from being opened. @@ -205,7 +205,7 @@ If you disable this policy setting, Windows does not call the registered antivir If you do not configure this policy setting, Windows does not call the registered antivirus programs when file attachments are opened. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -213,14 +213,14 @@ If you do not configure this policy setting, Windows does not call the registere > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Notify antivirus programs when opening attachments* - GP name: *AM_CallIOfficeAntiVirus* - GP path: *Windows Components/Attachment Manager* - GP ADMX file name: *AttachmentManager.admx* - +
diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md index 16cef802ca..d030e6f423 100644 --- a/windows/client-management/mdm/policy-csp-authentication.md +++ b/windows/client-management/mdm/policy-csp-authentication.md @@ -42,7 +42,7 @@ ms.date: 01/29/2018 **Authentication/AllowAadPasswordReset** - + @@ -64,8 +64,8 @@ ms.date: 01/29/2018
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -73,11 +73,11 @@ ms.date: 01/29/2018
- - + + Added in Windows 10, version 1709. Specifies whether password reset is enabled for Azure Active Directory accounts. This policy allows the Azure AD tenant administrators to enable self service password reset feature on the windows logon screen. - + The following list shows the supported values: @@ -92,7 +92,7 @@ The following list shows the supported values: **Authentication/AllowEAPCertSSO** - + @@ -114,8 +114,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -123,11 +123,11 @@ The following list shows the supported values:
- - + + Allows an EAP cert-based authentication for a single sign on (SSO) to access internal resources. - + The following list shows the supported values: @@ -142,7 +142,7 @@ The following list shows the supported values: **Authentication/AllowFastReconnect** - + @@ -164,8 +164,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -173,13 +173,13 @@ The following list shows the supported values:
- - + + Allows EAP Fast Reconnect from being attempted for EAP Method TLS. Most restricted value is 0. - + The following list shows the supported values: @@ -194,7 +194,7 @@ The following list shows the supported values: **Authentication/AllowFidoDeviceSignon** - + @@ -216,8 +216,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -225,15 +225,15 @@ The following list shows the supported values:
- - + + Preview release in Windows 10, version 1709. Supported in the next release. Specifies whether Fast Identity Online (FIDO) device can be used to sign on. This policy enables the Windows logon credential provider for FIDO 2.0 Value type is integer. Here is an example scenario: At Contoso, there are a lot of shared devices and kiosks that employees throughout the day using as many as 20 different devices. To minimize the loss in productivity when employees have to login with username and password everytime they pick up a device, the IT admin deploys SharePC CSP and Authentication/AllowFidoDeviceSignon policy to shared devices. The IT admin provisions and distributes FIDO 2.0 devices to employees, which allows them to authenticate to various shared devices and PCs. - + The following list shows the supported values: @@ -248,7 +248,7 @@ The following list shows the supported values: **Authentication/AllowSecondaryAuthenticationDevice** - + @@ -270,8 +270,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -279,13 +279,13 @@ The following list shows the supported values:
- - + + Added in Windows 10, version 1607. Allows secondary authentication devices to work with Windows. The default for this policy must be on for consumer devices (defined as local or Microsoft account connected device) and off for enterprise devices (such as cloud domain-joined, cloud domain-joined in an on-premise only environment, cloud domain-joined in a hybrid environment, and BYOD). - + The following list shows the supported values: diff --git a/windows/client-management/mdm/policy-csp-autoplay.md b/windows/client-management/mdm/policy-csp-autoplay.md index ea392f0f79..0c38facc2f 100644 --- a/windows/client-management/mdm/policy-csp-autoplay.md +++ b/windows/client-management/mdm/policy-csp-autoplay.md @@ -36,7 +36,7 @@ ms.date: 01/29/2018 **Autoplay/DisallowAutoplayForNonVolumeDevices** - + @@ -58,8 +58,8 @@ ms.date: 01/29/2018
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -68,15 +68,15 @@ ms.date: 01/29/2018
- - + + This policy setting disallows AutoPlay for MTP devices like cameras or phones. If you enable this policy setting, AutoPlay is not allowed for MTP devices like cameras or phones. If you disable or do not configure this policy setting, AutoPlay is enabled for non-volume devices. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -84,14 +84,14 @@ If you disable or do not configure this policy setting, AutoPlay is enabled for > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Disallow Autoplay for non-volume devices* - GP name: *NoAutoplayfornonVolume* - GP path: *Windows Components/AutoPlay Policies* - GP ADMX file name: *AutoPlay.admx* - +
@@ -99,7 +99,7 @@ ADMX Info: **Autoplay/SetDefaultAutoRunBehavior** - + @@ -121,8 +121,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -131,8 +131,8 @@ ADMX Info:
- - + + This policy setting sets the default behavior for Autorun commands. Autorun commands are generally stored in autorun.inf files. They often launch the installation program or other routines. @@ -148,7 +148,7 @@ b) Revert back to pre-Windows Vista behavior of automatically executing the auto If you disable or not configure this policy setting, Windows Vista or later will prompt the user whether autorun command is to be run. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -156,14 +156,14 @@ If you disable or not configure this policy setting, Windows Vista or later will > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Set the default behavior for AutoRun* - GP name: *NoAutorun* - GP path: *Windows Components/AutoPlay Policies* - GP ADMX file name: *AutoPlay.admx* - +
@@ -171,7 +171,7 @@ ADMX Info: **Autoplay/TurnOffAutoPlay** - + @@ -193,8 +193,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -203,8 +203,8 @@ ADMX Info:
- - + + This policy setting allows you to turn off the Autoplay feature. Autoplay begins reading from a drive as soon as you insert media in the drive. As a result, the setup file of programs and the music on audio media start immediately. @@ -221,7 +221,7 @@ If you disable or do not configure this policy setting, AutoPlay is enabled. Note: This policy setting appears in both the Computer Configuration and User Configuration folders. If the policy settings conflict, the policy setting in Computer Configuration takes precedence over the policy setting in User Configuration. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -229,14 +229,14 @@ Note: This policy setting appears in both the Computer Configuration and User Co > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn off Autoplay* - GP name: *Autorun* - GP path: *Windows Components/AutoPlay Policies* - GP ADMX file name: *AutoPlay.admx* - +
diff --git a/windows/client-management/mdm/policy-csp-bitlocker.md b/windows/client-management/mdm/policy-csp-bitlocker.md index 5310af5a0a..ab5e371656 100644 --- a/windows/client-management/mdm/policy-csp-bitlocker.md +++ b/windows/client-management/mdm/policy-csp-bitlocker.md @@ -30,7 +30,7 @@ ms.date: 01/29/2018 **Bitlocker/EncryptionMethod** - + @@ -52,8 +52,8 @@ ms.date: 01/29/2018
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -61,8 +61,8 @@ ms.date: 01/29/2018
- - + + Specifies the BitLocker Drive Encryption method and cipher strength. > [!NOTE] @@ -96,7 +96,7 @@ You can find the following policies in BitLocker CSP: - + The following list shows the supported values: diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md index aebbabd6f8..4cc182b25a 100644 --- a/windows/client-management/mdm/policy-csp-bluetooth.md +++ b/windows/client-management/mdm/policy-csp-bluetooth.md @@ -42,7 +42,7 @@ ms.date: 01/29/2018 **Bluetooth/AllowAdvertising** - + @@ -64,8 +64,8 @@ ms.date: 01/29/2018
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -73,15 +73,15 @@ ms.date: 01/29/2018
- - + + Specifies whether the device can send out Bluetooth advertisements. If this is not set or it is deleted, the default value of 1 (Allow) is used. Most restricted value is 0. - + The following list shows the supported values: @@ -96,7 +96,7 @@ The following list shows the supported values: **Bluetooth/AllowDiscoverableMode** - + @@ -118,8 +118,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -127,15 +127,15 @@ The following list shows the supported values:
- - + + Specifies whether other Bluetooth-enabled devices can discover the device. If this is not set or it is deleted, the default value of 1 (Allow) is used. Most restricted value is 0. - + The following list shows the supported values: @@ -150,7 +150,7 @@ The following list shows the supported values: **Bluetooth/AllowPrepairing** - + @@ -172,8 +172,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -181,11 +181,11 @@ The following list shows the supported values:
- - + + Specifies whether to allow specific bundled Bluetooth peripherals to automatically pair with the host device. - + The following list shows the supported values: @@ -200,7 +200,7 @@ The following list shows the supported values: **Bluetooth/LocalDeviceName** - + @@ -222,8 +222,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -231,15 +231,15 @@ The following list shows the supported values:
- - + + Sets the local Bluetooth device name. If this is set, the value that it is set to will be used as the Bluetooth device name. To verify the policy is set, open the Bluetooth control panel on the device. Then, go to another Bluetooth-enabled device, open the Bluetooth control panel, and verify that the value that was specified. If this policy is not set or it is deleted, the default local radio name is used. - +
@@ -247,7 +247,7 @@ If this policy is not set or it is deleted, the default local radio name is used **Bluetooth/ServicesAllowedList** - + @@ -269,8 +269,8 @@ If this policy is not set or it is deleted, the default local radio name is used
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -278,13 +278,13 @@ If this policy is not set or it is deleted, the default local radio name is used
- - + + Set a list of allowable services and profiles. String hex formatted array of Bluetooth service UUIDs in canonical format, delimited by semicolons. For example, {782AFCFC-7CAA-436C-8BF0-78CD0FFBD4AF}. The default value is an empty string. - +
diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md index 5e4018865e..cb2b6f9db3 100644 --- a/windows/client-management/mdm/policy-csp-browser.md +++ b/windows/client-management/mdm/policy-csp-browser.md @@ -143,7 +143,7 @@ ms.date: 01/29/2018 **Browser/AllowAddressBarDropdown** - + @@ -165,8 +165,8 @@ ms.date: 01/29/2018
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -175,8 +175,8 @@ ms.date: 01/29/2018
- - + + Added in Windows 10, version 1703. Specifies whether to allow the address bar drop-down functionality in Microsoft Edge. If you want to minimize network connections from Microsoft Edge to Microsoft services, we recommend disabling this functionality.  > [!NOTE] @@ -184,7 +184,7 @@ Added in Windows 10, version 1703. Specifies whether to allow the address bar dr Most restricted value is 0. - + The following list shows the supported values: @@ -199,7 +199,7 @@ The following list shows the supported values: **Browser/AllowAutofill** - + @@ -221,8 +221,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -231,8 +231,8 @@ The following list shows the supported values:
- - + + Specifies whether autofill on websites is allowed. Most restricted value is 0. @@ -244,7 +244,7 @@ To verify AllowAutofill is set to 0 (not allowed): 3. Click **Settings** in the drop down list, and select **View Advanced Settings**. 4. Verify the setting **Save form entries** is greyed out. - + The following list shows the supported values: @@ -259,7 +259,7 @@ The following list shows the supported values: **Browser/AllowBrowser** - + @@ -281,8 +281,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -291,8 +291,8 @@ The following list shows the supported values:
- - + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. For desktop devices, use the [AppLocker CSP](applocker-csp.md) instead. @@ -303,7 +303,7 @@ Most restricted value is 0. When this policy is set to 0 (not allowed), the Microsoft Edge for Windows 10 Mobile tile will appear greyed out, and clicking on the tile will display a message indicating theat Internet browsing has been disabled by your administrator. - + The following list shows the supported values: @@ -318,7 +318,7 @@ The following list shows the supported values: **Browser/AllowCookies** - + @@ -340,8 +340,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -350,8 +350,8 @@ The following list shows the supported values:
- - + + Specifies whether cookies are allowed. The following list shows the supported values: @@ -368,7 +368,7 @@ To verify AllowCookies is set to 0 (not allowed): 3. Click **Settings** in the drop down list, and select **View Advanced Settings**. 4. Verify the setting **Cookies** is greyed out. - +
@@ -376,7 +376,7 @@ To verify AllowCookies is set to 0 (not allowed): **Browser/AllowDeveloperTools** - + @@ -398,8 +398,8 @@ To verify AllowCookies is set to 0 (not allowed):
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -408,8 +408,8 @@ To verify AllowCookies is set to 0 (not allowed):
- - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -418,7 +418,7 @@ Specifies whether employees can use F12 Developer Tools on Microsoft Edge. Turni Most restricted value is 0. - + The following list shows the supported values: @@ -433,7 +433,7 @@ The following list shows the supported values: **Browser/AllowDoNotTrack** - + @@ -455,8 +455,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -465,8 +465,8 @@ The following list shows the supported values:
- - + + Specifies whether Do Not Track headers are allowed. Most restricted value is 1. @@ -478,7 +478,7 @@ To verify AllowDoNotTrack is set to 0 (not allowed): 3. Click **Settings** in the drop down list, and select **View Advanced Settings**. 4. Verify the setting **Send Do Not Track requests** is greyed out. - + The following list shows the supported values: @@ -493,7 +493,7 @@ The following list shows the supported values: **Browser/AllowExtensions** - + @@ -515,8 +515,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -525,11 +525,11 @@ The following list shows the supported values:
- - + + Added in Windows 10, version 1607. Specifies whether Microsoft Edge extensions are allowed. - + The following list shows the supported values: @@ -544,7 +544,7 @@ The following list shows the supported values: **Browser/AllowFlash** - + @@ -566,8 +566,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -576,11 +576,11 @@ The following list shows the supported values:
- - + + Added in Windows 10. Specifies whether Adobe Flash can run in Microsoft Edge. - + The following list shows the supported values: @@ -595,7 +595,7 @@ The following list shows the supported values: **Browser/AllowFlashClickToRun** - + @@ -617,8 +617,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -627,11 +627,11 @@ The following list shows the supported values:
- - + + Added in Windows 10, version 1703. Specifies whether users must take an action, such as clicking the content or a Click-to-Run button, before seeing content in Adobe Flash. - + The following list shows the supported values: @@ -646,7 +646,7 @@ The following list shows the supported values: **Browser/AllowInPrivate** - + @@ -668,8 +668,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -678,13 +678,13 @@ The following list shows the supported values:
- - + + Specifies whether InPrivate browsing is allowed on corporate networks. Most restricted value is 0. - + The following list shows the supported values: @@ -699,7 +699,7 @@ The following list shows the supported values: **Browser/AllowMicrosoftCompatibilityList** - + @@ -721,8 +721,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -731,8 +731,8 @@ The following list shows the supported values:
- - + + Added in Windows 10, version 1703. Specifies whether to use the Microsoft compatibility list in Microsoft Edge. The Microsoft compatibility list is a Microsoft-provided list that enables sites with known compatibility issues to display properly. By default, the Microsoft compatibility list is enabled and can be viewed by visiting "about:compat". @@ -740,7 +740,7 @@ If you enable or don’t configure this setting, Microsoft Edge periodically dow Most restricted value is 0. - + The following list shows the supported values: @@ -755,7 +755,7 @@ The following list shows the supported values: **Browser/AllowPasswordManager** - + @@ -777,8 +777,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -787,8 +787,8 @@ The following list shows the supported values:
- - + + Specifies whether saving and managing passwords locally on the device is allowed. Most restricted value is 0. @@ -800,7 +800,7 @@ To verify AllowPasswordManager is set to 0 (not allowed): 3. Click **Settings** in the drop down list, and select **View Advanced Settings**. 4. Verify the settings **Offer to save password** and **Manage my saved passwords** are greyed out. - + The following list shows the supported values: @@ -815,7 +815,7 @@ The following list shows the supported values: **Browser/AllowPopups** - + @@ -837,8 +837,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -847,8 +847,8 @@ The following list shows the supported values:
- - + + Specifies whether pop-up blocker is allowed or enabled. Most restricted value is 1. @@ -860,7 +860,7 @@ To verify AllowPopups is set to 0 (not allowed): 3. Click **Settings** in the drop down list, and select **View Advanced Settings**. 4. Verify the setting **Block pop-ups** is greyed out. - + The following list shows the supported values: @@ -875,7 +875,7 @@ The following list shows the supported values: **Browser/AllowSearchEngineCustomization** - + @@ -897,8 +897,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -907,15 +907,15 @@ The following list shows the supported values:
- - + + Added in Windows 10, version 1703. Allows search engine customization for MDM-enrolled devices. Users can change their default search engine.     If this setting is turned on or not configured, users can add new search engines and change the default used in the address bar from within Microsoft Edge settings. If this setting is disabled, users will be unable to add search engines or change the default used in the address bar. This policy applies only on domain-joined machines or when the device is MDM-enrolled. For more information, see Microsoft browser extension policy (aka.ms/browserpolicy).  Most restricted value is 0. - + The following list shows the supported values: @@ -930,7 +930,7 @@ The following list shows the supported values: **Browser/AllowSearchSuggestionsinAddressBar** - + @@ -952,8 +952,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -962,13 +962,13 @@ The following list shows the supported values:
- - + + Specifies whether search suggestions are allowed in the address bar. Most restricted value is 0. - + The following list shows the supported values: @@ -983,7 +983,7 @@ The following list shows the supported values: **Browser/AllowSmartScreen** - + @@ -1005,8 +1005,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1015,8 +1015,8 @@ The following list shows the supported values:
- - + + Specifies whether Windows Defender SmartScreen is allowed. Most restricted value is 1. @@ -1028,7 +1028,7 @@ To verify AllowSmartScreen is set to 0 (not allowed): 3. Click **Settings** in the drop down list, and select **View Advanced Settings**. 4. Verify the setting **Help protect me from malicious sites and download with SmartScreen Filter** is greyed out. - + The following list shows the supported values: @@ -1043,7 +1043,7 @@ The following list shows the supported values: **Browser/AlwaysEnableBooksLibrary** - + @@ -1065,8 +1065,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1075,11 +1075,11 @@ The following list shows the supported values:
- - + + Added in Windows 10, next majot update. Always show the Books Library in Microsoft Edge - + The following list shows the supported values: @@ -1094,7 +1094,7 @@ The following list shows the supported values: **Browser/ClearBrowsingDataOnExit** - + @@ -1116,8 +1116,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1126,8 +1126,8 @@ The following list shows the supported values:
- - + + Added in Windows 10, version 1703. Specifies whether to clear browsing data on exiting Microsoft Edge. Most restricted value is 1. @@ -1138,7 +1138,7 @@ To verify that browsing data is cleared on exit (ClearBrowsingDataOnExit is set 2. Close the Microsoft Edge window. 3. Open Microsoft Edge and start typing the same URL in address bar. Verify that it does not auto-complete from history. - + The following list shows the supported values: @@ -1153,7 +1153,7 @@ The following list shows the supported values: **Browser/ConfigureAdditionalSearchEngines** - + @@ -1175,8 +1175,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1185,8 +1185,8 @@ The following list shows the supported values:
- - + + Added in Windows 10, version 1703. Allows you to add up to 5 additional search engines for MDM-enrolled devices.    If this policy is enabled, you can add up to 5 additional search engines for your employees. For each additional search engine you want to add, specify a link to the OpenSearch XML file that contains, at a minimum, the short name and the URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/browser/search-provider-discovery/). @@ -1204,7 +1204,7 @@ The following list shows the supported values: Most restricted value is 0. - +
@@ -1212,7 +1212,7 @@ Most restricted value is 0. **Browser/DisableLockdownOfStartPages** - + @@ -1234,8 +1234,8 @@ Most restricted value is 0.
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1244,8 +1244,8 @@ Most restricted value is 0.
- - + + Added in Windows 10, version 1703. Boolean value that specifies whether the lockdown on the Start pages is disabled. This policy works with the Browser/HomePages policy, which locks down the Start pages that the users cannot modify. You can use the DisableLockdownOfStartPages policy to allow users to modify the Start pages when the Browser/HomePages policy is in effect.     > [!NOTE] @@ -1256,7 +1256,7 @@ Added in Windows 10, version 1703. Boolean value that specifies whether the lock Most restricted value is 0. - + The following list shows the supported values: @@ -1271,7 +1271,7 @@ The following list shows the supported values: **Browser/EnableExtendedBooksTelemetry** - + @@ -1293,8 +1293,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1303,13 +1303,13 @@ The following list shows the supported values:
- - + + This policy setting lets you decide how much data to send to Microsoft about the book you're reading from the Books tab in Microsoft Edge. If you enable this setting, Microsoft Edge sends additional telemetry data, on top of the basic telemetry data, from the Books tab. If you disable or don't configure this setting, Microsoft Edge only sends basic telemetry data, depending on your device configuration. - + The following list shows the supported values: @@ -1324,7 +1324,7 @@ The following list shows the supported values: **Browser/EnterpriseModeSiteList** - + @@ -1346,8 +1346,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1356,8 +1356,8 @@ The following list shows the supported values:
- - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -1369,7 +1369,7 @@ The following list shows the supported values: - Not configured. The device checks for updates from Microsoft Update. - Set to a URL location of the enterprise site list. - +
@@ -1377,7 +1377,7 @@ The following list shows the supported values: **Browser/EnterpriseSiteListServiceUrl** - + @@ -1399,8 +1399,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1409,12 +1409,12 @@ The following list shows the supported values:
- - + + > [!IMPORTANT] > This policy (introduced in Windows 10, version 1507) was deprecated in Windows 10, version 1511 by [Browser/EnterpriseModeSiteList](#browser-enterprisemodesitelist). - +
@@ -1422,7 +1422,7 @@ The following list shows the supported values: **Browser/FirstRunURL** - + @@ -1444,8 +1444,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1454,8 +1454,8 @@ The following list shows the supported values:
- - + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. @@ -1466,7 +1466,7 @@ The data type is a string. The default value is an empty string. Otherwise, the string should contain the URL of the webpage users will see the first time Microsoft Edge is run. For example, “contoso.com”. - +
@@ -1474,7 +1474,7 @@ The default value is an empty string. Otherwise, the string should contain the U **Browser/HomePages** - + @@ -1496,8 +1496,8 @@ The default value is an empty string. Otherwise, the string should contain the U
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1506,8 +1506,8 @@ The default value is an empty string. Otherwise, the string should contain the U
- - + + > [!NOTE] > This policy is only available for Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -1520,7 +1520,7 @@ Starting in Windows 10, version 1703, if you don’t want to send traffic to Mi > [!NOTE] > Turning this setting off, or not configuring it, sets your default Start pages to the webpages specified in App settings. - +
@@ -1528,7 +1528,7 @@ Starting in Windows 10, version 1703, if you don’t want to send traffic to Mi **Browser/LockdownFavorites** - + @@ -1550,8 +1550,8 @@ Starting in Windows 10, version 1703, if you don’t want to send traffic to Mi
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1560,8 +1560,8 @@ Starting in Windows 10, version 1703, if you don’t want to send traffic to Mi
- - + + Added in Windows 10, version 1709. This policy setting lets you decide whether employees can add, import, sort, or edit the Favorites list on Microsoft Edge. If you enable this setting, employees won't be able to add, import, or change anything in the Favorites list. Also as part of this, Save a Favorite, Import settings, and the context menu items (such as, Create a new folder) are all turned off. @@ -1573,7 +1573,7 @@ If you disable or don't configure this setting (default), employees can add, imp Data type is integer. - + The following list shows the supported values: @@ -1588,7 +1588,7 @@ The following list shows the supported values: **Browser/PreventAccessToAboutFlagsInMicrosoftEdge** - + @@ -1610,8 +1610,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1620,11 +1620,11 @@ The following list shows the supported values:
- - + + Specifies whether users can access the about:flags page, which is used to change developer settings and to enable experimental features. - + The following list shows the supported values: @@ -1639,7 +1639,7 @@ The following list shows the supported values: **Browser/PreventFirstRunPage** - + @@ -1661,8 +1661,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1671,13 +1671,13 @@ The following list shows the supported values:
- - + + Added in Windows 10, version 1703. Specifies whether to enable or disable the First Run webpage. On the first explicit user-launch of Microsoft Edge, a First Run webpage hosted on Microsoft.com opens automatically via a FWLINK. This policy allows enterprises (such as those enrolled in a zero-emissions configuration) to prevent this page from opening. Most restricted value is 1. - + The following list shows the supported values: @@ -1692,7 +1692,7 @@ The following list shows the supported values: **Browser/PreventLiveTileDataCollection** - + @@ -1714,8 +1714,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1724,13 +1724,13 @@ The following list shows the supported values:
- - + + Added in Windows 10, version 1703. Specifies whether Microsoft can collect information to create a Live Tile when pinning a site to Start from Microsoft Edge. Most restricted value is 1. - + The following list shows the supported values: @@ -1745,7 +1745,7 @@ The following list shows the supported values: **Browser/PreventSmartScreenPromptOverride** - + @@ -1767,8 +1767,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1777,13 +1777,13 @@ The following list shows the supported values:
- - + + Specifies whether users can override the Windows Defender SmartScreen Filter warnings about potentially malicious websites. Turning this setting on stops users from ignoring the Windows Defender SmartScreen Filter warnings and blocks them from going to the site. Turning this setting off, or not configuring it, lets users ignore the Windows Defender SmartScreen Filter warnings about potentially malicious websites and to continue to the site. - + The following list shows the supported values: @@ -1798,7 +1798,7 @@ The following list shows the supported values: **Browser/PreventSmartScreenPromptOverrideForFiles** - + @@ -1820,8 +1820,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1830,11 +1830,11 @@ The following list shows the supported values:
- - + + Specifies whether users can override the Windows Defender SmartScreen Filter warnings about downloading unverified files. Turning this setting on stops users from ignoring the Windows Defender SmartScreen Filter warnings and blocks them from downloading unverified files. Turning this setting off, or not configuring it, lets users ignore the Windows Defender SmartScreen Filter warnings about unverified files and lets them continue the download process. - + The following list shows the supported values: @@ -1849,7 +1849,7 @@ The following list shows the supported values: **Browser/PreventUsingLocalHostIPAddressForWebRTC** - + @@ -1871,8 +1871,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1881,15 +1881,15 @@ The following list shows the supported values:
- - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. Specifies whether a user's localhost IP address is displayed while making phone calls using the WebRTC protocol. Turning this setting on hides an user’s localhost IP address while making phone calls using WebRTC. Turning this setting off, or not configuring it, shows an user’s localhost IP address while making phone calls using WebRTC. - + The following list shows the supported values: @@ -1904,7 +1904,7 @@ The following list shows the supported values: **Browser/ProvisionFavorites** - + @@ -1926,8 +1926,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1936,8 +1936,8 @@ The following list shows the supported values:
- - + + Added in Windows 10, version 1709. This policy setting allows you to configure a default set of favorites, which will appear for employees. Employees cannot modify, sort, move, export or delete these provisioned favorites. Specify the URL which points to the file that has all the data for provisioning favorites (in html format). You can export a set of favorites from Edge and use that html file for provisioning user machines.   URL can be specified as: @@ -1953,7 +1953,7 @@ If you disable or don't configure this setting, employees will see the favorites Data type is string. - +
@@ -1961,7 +1961,7 @@ Data type is string. **Browser/SendIntranetTraffictoInternetExplorer** - + @@ -1983,8 +1983,8 @@ Data type is string.
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1993,8 +1993,8 @@ Data type is string.
- - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -2003,7 +2003,7 @@ Specifies whether to send intranet traffic over to Internet Explorer. Most restricted value is 0. - + The following list shows the supported values: @@ -2018,7 +2018,7 @@ The following list shows the supported values: **Browser/SetDefaultSearchEngine** - + @@ -2040,8 +2040,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2050,8 +2050,8 @@ The following list shows the supported values:
- - + + Added in Windows 10, version 1703. Allows you configure the default search engine for your employees. By default, your employees can change the default search engine at any time. If you want to prevent your employees from changing the default search engine that you set, you can do so by configuring the AllowSearchEngineCustomization policy. You must specify a link to the OpenSearch XML file that contains, at a minimum, the short name and the URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/browser/search-provider-discovery/). If you want your employees to use the Microsoft Edge factory settings for the default search engine for their market, set the string EDGEDEFAULT; otherwise, if you want your employees to use Bing as the default search engine, set the string EDGEBING.  @@ -2068,7 +2068,7 @@ The following list shows the supported values: Most restricted value is 0. - +
@@ -2076,7 +2076,7 @@ Most restricted value is 0. **Browser/ShowMessageWhenOpeningSitesInInternetExplorer** - + @@ -2098,8 +2098,8 @@ Most restricted value is 0.
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2108,8 +2108,8 @@ Most restricted value is 0.
- - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -2118,7 +2118,7 @@ Added in Windows 10, version 1607. Specifies whether users should see a full in Most restricted value is 0. - + The following list shows the supported values: @@ -2133,7 +2133,7 @@ The following list shows the supported values: **Browser/SyncFavoritesBetweenIEAndMicrosoftEdge** - + @@ -2155,8 +2155,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2165,8 +2165,8 @@ The following list shows the supported values:
- - + + Added in Windows 10, version 1703. Specifies whether favorites are kept in sync between Internet Explorer and Microsoft Edge. Changes to favorites in one browser are reflected in the other, including: additions, deletions, modifications, and ordering. > [!NOTE] @@ -2182,7 +2182,7 @@ To verify that favorites are in synchronized between Internet Explorer and Micro
  • Verify that the favorites added to Internet Explorer show up in the favorites list in Microsoft Edge. - + The following list shows the supported values: @@ -2197,7 +2197,7 @@ The following list shows the supported values: **Browser/UseSharedFolderForBooks** - + @@ -2219,8 +2219,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2229,11 +2229,11 @@ The following list shows the supported values:
    - - + + This setting specifies whether organizations should use a folder shared across users to store books from the Books Library. - + The following list shows the supported values: diff --git a/windows/client-management/mdm/policy-csp-camera.md b/windows/client-management/mdm/policy-csp-camera.md index 6e910bd0ff..d92acc51af 100644 --- a/windows/client-management/mdm/policy-csp-camera.md +++ b/windows/client-management/mdm/policy-csp-camera.md @@ -30,7 +30,7 @@ ms.date: 01/29/2018 **Camera/AllowCamera** - + @@ -52,8 +52,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -61,13 +61,13 @@ ms.date: 01/29/2018
    - - + + Disables or enables the camera. Most restricted value is 0. - + The following list shows the supported values: diff --git a/windows/client-management/mdm/policy-csp-cellular.md b/windows/client-management/mdm/policy-csp-cellular.md index c1be290991..8fd91336fe 100644 --- a/windows/client-management/mdm/policy-csp-cellular.md +++ b/windows/client-management/mdm/policy-csp-cellular.md @@ -42,7 +42,7 @@ ms.date: 01/29/2018 **Cellular/LetAppsAccessCellularData** - + @@ -64,8 +64,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -73,8 +73,8 @@ ms.date: 01/29/2018
    - - + + Added in Windows 10, version 1709. This policy setting specifies whether Windows apps can access cellular data. You can specify either a default setting for all apps or a per-app setting by specifying a Package Family Name. You can get the Package Family Name for an app by using the Get-AppPackage Windows PowerShell cmdlet. A per-app setting overrides the default setting. @@ -89,7 +89,7 @@ If you disable or do not configure this policy setting, employees in your organi If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.” - + The following list shows the supported values: @@ -105,7 +105,7 @@ The following list shows the supported values: **Cellular/LetAppsAccessCellularData_ForceAllowTheseApps** - + @@ -127,8 +127,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -136,11 +136,11 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1709. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. Value type is string. - +
    @@ -148,7 +148,7 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N **Cellular/LetAppsAccessCellularData_ForceDenyTheseApps** - + @@ -170,8 +170,8 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -179,11 +179,11 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N
    - - + + Added in Windows 10, version 1709. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. Value type is string. - +
    @@ -191,7 +191,7 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N **Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps** - + @@ -213,8 +213,8 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -222,11 +222,11 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N
    - - + + Added in Windows 10, version 1709. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the cellular data access setting for the listed apps. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. Value type is string. - +
    @@ -234,7 +234,7 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N **Cellular/ShowAppCellularAccessUI** - + @@ -256,8 +256,8 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -265,8 +265,8 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N
    - - + + This policy setting configures the visibility of the link to the per-application cellular access control page in the cellular setting UX. If this policy setting is enabled, a drop-down list box presenting possible values will be active. Select "Hide" or "Show" to hide or show the link to the per-application cellular access control page. @@ -278,7 +278,7 @@ Supported values: - 0 - Hide - 1 - Show - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -286,14 +286,14 @@ Supported values: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Set Per-App Cellular Access UI Visibility* - GP name: *ShowAppCellularAccessUI* - GP path: *Network/WWAN Service/WWAN UI Settings* - GP ADMX file name: *wwansvc.admx* - +
    diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md index e121d2f02c..537f8beffa 100644 --- a/windows/client-management/mdm/policy-csp-connectivity.md +++ b/windows/client-management/mdm/policy-csp-connectivity.md @@ -69,7 +69,7 @@ ms.date: 01/29/2018 **Connectivity/AllowBluetooth** - + @@ -91,8 +91,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -100,8 +100,8 @@ ms.date: 01/29/2018
    - - + + Allows the user to enable Bluetooth or restrict access. > [!NOTE] @@ -111,7 +111,7 @@ If this is not set or it is deleted, the default value of 2 (Allow) is used. Most restricted value is 0. - + The following list shows the supported values: @@ -127,7 +127,7 @@ The following list shows the supported values: **Connectivity/AllowCellularData** - + @@ -149,8 +149,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -158,11 +158,11 @@ The following list shows the supported values:
    - - + + Allows the cellular data channel on the device. Device reboot is not required to enforce the policy. - + The following list shows the supported values: @@ -178,7 +178,7 @@ The following list shows the supported values: **Connectivity/AllowCellularDataRoaming** - + @@ -200,8 +200,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -209,13 +209,13 @@ The following list shows the supported values:
    - - + + Allows or disallows cellular data roaming on the device. Device reboot is not required to enforce the policy. Most restricted value is 0. - + The following list shows the supported values: @@ -241,7 +241,7 @@ To validate on mobile devices, do the following: **Connectivity/AllowConnectedDevices** - + @@ -263,8 +263,8 @@ To validate on mobile devices, do the following:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -272,14 +272,14 @@ To validate on mobile devices, do the following:
    - - + + > [!NOTE] > This policy requires reboot to take effect. Added in Windows 10, version 1703. Allows IT Admins the ability to disable the Connected Devices Platform (CDP) component. CDP enables discovery and connection to other devices (either proximally with BT/LAN or through the cloud) to support remote app launching, remote messaging, remote app sessions, and other cross-device experiences. - + The following list shows the supported values: @@ -294,7 +294,7 @@ The following list shows the supported values: **Connectivity/AllowNFC** - + @@ -316,8 +316,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -325,8 +325,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. @@ -335,7 +335,7 @@ Allows or disallows near field communication (NFC) on the device. Most restricted value is 0. - + The following list shows the supported values: @@ -350,7 +350,7 @@ The following list shows the supported values: **Connectivity/AllowUSBConnection** - + @@ -372,8 +372,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -381,8 +381,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. @@ -393,7 +393,7 @@ Both Media Transfer Protocol (MTP) and IP over USB are disabled when this policy Most restricted value is 0. - + The following list shows the supported values: @@ -408,7 +408,7 @@ The following list shows the supported values: **Connectivity/AllowVPNOverCellular** - + @@ -430,8 +430,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -439,13 +439,13 @@ The following list shows the supported values:
    - - + + Specifies what type of underlying connections VPN is allowed to use. Most restricted value is 0. - + The following list shows the supported values: @@ -460,7 +460,7 @@ The following list shows the supported values: **Connectivity/AllowVPNRoamingOverCellular** - + @@ -482,8 +482,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -491,13 +491,13 @@ The following list shows the supported values:
    - - + + Prevents the device from connecting to VPN when the device roams over cellular networks. Most restricted value is 0. - + The following list shows the supported values: @@ -512,7 +512,7 @@ The following list shows the supported values: **Connectivity/DiablePrintingOverHTTP** - + @@ -534,8 +534,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -543,10 +543,10 @@ The following list shows the supported values:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -554,14 +554,14 @@ The following list shows the supported values: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn off printing over HTTP* - GP name: *DisableHTTPPrinting_2* - GP path: *Internet Communication settings* - GP ADMX file name: *ICM.admx* - +
    @@ -569,7 +569,7 @@ ADMX Info: **Connectivity/DisableDownloadingOfPrintDriversOverHTTP** - + @@ -591,8 +591,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -600,10 +600,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -611,14 +611,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn off downloading of print drivers over HTTP* - GP name: *DisableWebPnPDownload_2* - GP path: *Internet Communication settings* - GP ADMX file name: *ICM.admx* - +
    @@ -626,7 +626,7 @@ ADMX Info: **Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards** - + @@ -648,8 +648,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -657,10 +657,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -668,14 +668,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn off Internet download for Web publishing and online ordering wizards* - GP name: *ShellPreventWPWDownload_2* - GP path: *Internet Communication settings* - GP ADMX file name: *ICM.admx* - +
    @@ -683,7 +683,7 @@ ADMX Info: **Connectivity/DisallowNetworkConnectivityActiveTests** - + @@ -705,8 +705,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -714,13 +714,13 @@ ADMX Info:
    - - + + Added in Windows 10, version 1703. Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to http://www.msftconnecttest.com/connecttest.txt to determine if the device can communicate with the Internet. This policy disables the NCSI active probe, preventing network connectivity to www.msftconnecttest.com. Value type is integer. - +
    @@ -728,7 +728,7 @@ Value type is integer. **Connectivity/HardenedUNCPaths** - + @@ -750,8 +750,8 @@ Value type is integer.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -759,13 +759,13 @@ Value type is integer.
    - - + + This policy setting configures secure access to UNC paths. If you enable this policy, Windows only allows access to the specified UNC paths after fulfilling additional security requirements. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -773,14 +773,14 @@ If you enable this policy, Windows only allows access to the specified UNC paths > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Hardened UNC Paths* - GP name: *Pol_HardenedPaths* - GP path: *Network/Network Provider* - GP ADMX file name: *networkprovider.admx* - +
    @@ -788,7 +788,7 @@ ADMX Info: **Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge** - + @@ -810,8 +810,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -819,10 +819,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -830,14 +830,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Prohibit installation and configuration of Network Bridge on your DNS domain network* - GP name: *NC_AllowNetBridge_NLA* - GP path: *Network/Network Connections* - GP ADMX file name: *NetworkConnections.admx* - +
    diff --git a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md index 50f47bd8ee..2adc69c9bb 100644 --- a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md +++ b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md @@ -32,7 +32,7 @@ ms.date: 01/29/2018 **ControlPolicyConflict/MDMWinsOverGP** - + @@ -54,8 +54,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -63,8 +63,8 @@ ms.date: 01/29/2018
    - - + + Added in Windows 10, next major update. This policy allows the IT admin to control which policy will be used whenever both the MDM policy and its equivalent Group Policy are set on the device. This policy is used to ensure that MDM policy wins over GP when same setting is set by both GP and MDM channel. This policy doesn’t support Delete command. This policy doesn’t support setting the value to be 0 again after it was previously set 1. The default value is 0. In next major update, the MDM policies in Policy CSP will behave as described if this policy value is set 1. @@ -75,7 +75,7 @@ The policy should be set at every sync to ensure the device removes any settings - The current Policy Manager policies are refreshed from what MDM has set - Any values set by scripts/user outside of GP that conflict with MDM are removed - + The following list shows the supported values: diff --git a/windows/client-management/mdm/policy-csp-credentialproviders.md b/windows/client-management/mdm/policy-csp-credentialproviders.md index f7c8f906c5..7b5579ff02 100644 --- a/windows/client-management/mdm/policy-csp-credentialproviders.md +++ b/windows/client-management/mdm/policy-csp-credentialproviders.md @@ -36,7 +36,7 @@ ms.date: 01/29/2018 **CredentialProviders/AllowPINLogon** - + @@ -58,8 +58,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -67,8 +67,8 @@ ms.date: 01/29/2018
    - - + + This policy setting allows you to control whether a domain user can sign in using a convenience PIN. If you enable this policy setting, a domain user can set up and sign in with a convenience PIN. @@ -79,7 +79,7 @@ Note: The user's domain password will be cached in the system vault when using t To configure Windows Hello for Business, use the Administrative Template policies under Windows Hello for Business. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -87,14 +87,14 @@ To configure Windows Hello for Business, use the Administrative Template policie > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn on convenience PIN sign-in* - GP name: *AllowDomainPINLogon* - GP path: *System/Logon* - GP ADMX file name: *credentialproviders.admx* - +
    @@ -102,7 +102,7 @@ ADMX Info: **CredentialProviders/BlockPicturePassword** - + @@ -124,8 +124,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -133,8 +133,8 @@ ADMX Info:
    - - + + This policy setting allows you to control whether a domain user can sign in using a picture password. If you enable this policy setting, a domain user can't set up or sign in with a picture password. @@ -143,7 +143,7 @@ If you disable or don't configure this policy setting, a domain user can set up Note that the user's domain password will be cached in the system vault when using this feature. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -151,14 +151,14 @@ Note that the user's domain password will be cached in the system vault when usi > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn off picture password sign-in* - GP name: *BlockDomainPicturePassword* - GP path: *System/Logon* - GP ADMX file name: *credentialproviders.admx* - +
    @@ -166,7 +166,7 @@ ADMX Info: **CredentialProviders/DisableAutomaticReDeploymentCredentials** - + @@ -188,8 +188,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -197,13 +197,13 @@ ADMX Info:
    - - + + Added in Windows 10, version 1709. Boolean policy to disable the visibility of the credential provider that triggers the PC refresh on a device. This policy does not actually trigger the refresh. The admin user is required to authenticate to trigger the refresh on the target device. The Windows 10 Automatic ReDeployment feature allows admin to reset devices to a known good managed state while preserving the management enrollment. After the automatic redeployment is triggered the devices are for ready for use by information workers or students. - + The following list shows the supported values: diff --git a/windows/client-management/mdm/policy-csp-credentialsui.md b/windows/client-management/mdm/policy-csp-credentialsui.md index f3cedd07cc..f8e1d19c97 100644 --- a/windows/client-management/mdm/policy-csp-credentialsui.md +++ b/windows/client-management/mdm/policy-csp-credentialsui.md @@ -33,7 +33,7 @@ ms.date: 01/29/2018 **CredentialsUI/DisablePasswordReveal** - + @@ -55,8 +55,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -65,8 +65,8 @@ ms.date: 01/29/2018
    - - + + This policy setting allows you to configure the display of the password reveal button in password entry user experiences. If you enable this policy setting, the password reveal button will not be displayed after a user types a password in the password entry text box. @@ -77,7 +77,7 @@ By default, the password reveal button is displayed after a user types a passwor The policy applies to all Windows components and applications that use the Windows system controls, including Internet Explorer. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -85,14 +85,14 @@ The policy applies to all Windows components and applications that use the Windo > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Do not display the password reveal button* - GP name: *DisablePasswordReveal* - GP path: *Windows Components/Credential User Interface* - GP ADMX file name: *credui.admx* - +
    @@ -100,7 +100,7 @@ ADMX Info: **CredentialsUI/EnumerateAdministrators** - + @@ -122,8 +122,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -131,15 +131,15 @@ ADMX Info:
    - - + + This policy setting controls whether administrator accounts are displayed when a user attempts to elevate a running application. By default, administrator accounts are not displayed when the user attempts to elevate a running application. If you enable this policy setting, all local administrator accounts on the PC will be displayed so the user can choose one and enter the correct password. If you disable this policy setting, users will always be required to type a user name and password to elevate. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -147,14 +147,14 @@ If you disable this policy setting, users will always be required to type a user > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Enumerate administrator accounts on elevation* - GP name: *EnumerateAdministrators* - GP path: *Windows Components/Credential User Interface* - GP ADMX file name: *credui.admx* - +
    diff --git a/windows/client-management/mdm/policy-csp-cryptography.md b/windows/client-management/mdm/policy-csp-cryptography.md index 921ef9f0a0..4908b2af8e 100644 --- a/windows/client-management/mdm/policy-csp-cryptography.md +++ b/windows/client-management/mdm/policy-csp-cryptography.md @@ -33,7 +33,7 @@ ms.date: 01/29/2018 **Cryptography/AllowFipsAlgorithmPolicy** - + @@ -55,8 +55,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -64,8 +64,8 @@ ms.date: 01/29/2018
    - - + + Allows or disallows the Federal Information Processing Standard (FIPS) policy. The following list shows the supported values: @@ -73,7 +73,7 @@ The following list shows the supported values: - 0 (default) – Not allowed. - 1– Allowed. - +
    @@ -81,7 +81,7 @@ The following list shows the supported values: **Cryptography/TLSCipherSuites** - + @@ -103,8 +103,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -112,11 +112,11 @@ The following list shows the supported values:
    - - + + Lists the Cryptographic Cipher Algorithms allowed for SSL connections. Format is a semicolon delimited list. Last write win. - +
    diff --git a/windows/client-management/mdm/policy-csp-dataprotection.md b/windows/client-management/mdm/policy-csp-dataprotection.md index 9fc7abd61d..c1a23ddc73 100644 --- a/windows/client-management/mdm/policy-csp-dataprotection.md +++ b/windows/client-management/mdm/policy-csp-dataprotection.md @@ -33,7 +33,7 @@ ms.date: 01/29/2018 **DataProtection/AllowDirectMemoryAccess** - + @@ -55,8 +55,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -64,13 +64,13 @@ ms.date: 01/29/2018
    - - + + This policy setting allows you to block direct memory access (DMA) for all hot pluggable PCI downstream ports until a user logs into Windows. Once a user logs in, Windows will enumerate the PCI devices connected to the host plug PCI ports. Every time the user locks the machine, DMA will be blocked on hot plug PCI ports with no children devices until the user logs in again. Devices which were already enumerated when the machine was unlocked will continue to function until unplugged. This policy setting is only enforced when BitLocker or device encryption is enabled. Most restricted value is 0. - + The following list shows the supported values: @@ -85,7 +85,7 @@ The following list shows the supported values: **DataProtection/LegacySelectiveWipeID** - + @@ -107,8 +107,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -116,8 +116,8 @@ The following list shows the supported values:
    - - + + > [!IMPORTANT] > This policy may change in a future release. It may be used for testing purposes, but should not be used in a production environment at this time. @@ -127,7 +127,7 @@ Setting used by Windows 8.1 Selective Wipe. > [!NOTE] > This policy is not recommended for use in Windows 10. - +
    diff --git a/windows/client-management/mdm/policy-csp-datausage.md b/windows/client-management/mdm/policy-csp-datausage.md index ca2c55abb5..da3f7e483a 100644 --- a/windows/client-management/mdm/policy-csp-datausage.md +++ b/windows/client-management/mdm/policy-csp-datausage.md @@ -33,7 +33,7 @@ ms.date: 01/29/2018 **DataUsage/SetCost3G** - + @@ -55,8 +55,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -64,8 +64,8 @@ ms.date: 01/29/2018
    - - + + This policy setting configures the cost of 3G connections on the local machine. If this policy setting is enabled, a drop-down list box presenting possible cost values will be active. Selecting one of the following values from the list will set the cost of all 3G connections on the local machine: @@ -78,7 +78,7 @@ If this policy setting is enabled, a drop-down list box presenting possible cost If this policy setting is disabled or is not configured, the cost of 3G connections is Fixed by default. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -86,14 +86,14 @@ If this policy setting is disabled or is not configured, the cost of 3G connecti > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Set 3G Cost* - GP name: *SetCost3G* - GP path: *Network/WWAN Service/WWAN Media Cost* - GP ADMX file name: *wwansvc.admx* - +
    @@ -101,7 +101,7 @@ ADMX Info: **DataUsage/SetCost4G** - + @@ -123,8 +123,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -132,8 +132,8 @@ ADMX Info:
    - - + + This policy setting configures the cost of 4G connections on the local machine. If this policy setting is enabled, a drop-down list box presenting possible cost values will be active. Selecting one of the following values from the list will set the cost of all 4G connections on the local machine: @@ -146,7 +146,7 @@ If this policy setting is enabled, a drop-down list box presenting possible cost If this policy setting is disabled or is not configured, the cost of 4G connections is Fixed by default. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -154,14 +154,14 @@ If this policy setting is disabled or is not configured, the cost of 4G connecti > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Set 4G Cost* - GP name: *SetCost4G* - GP path: *Network/WWAN Service/WWAN Media Cost* - GP ADMX file name: *wwansvc.admx* - +
    diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index fc2c7798e6..f8ca333a92 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -132,7 +132,7 @@ ms.date: 01/29/2018 **Defender/AllowArchiveScanning** - + @@ -154,8 +154,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -163,8 +163,8 @@ ms.date: 01/29/2018
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -176,7 +176,7 @@ The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. - +
    @@ -184,7 +184,7 @@ The following list shows the supported values: **Defender/AllowBehaviorMonitoring** - + @@ -206,8 +206,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -215,8 +215,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -228,7 +228,7 @@ The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. - +
    @@ -236,7 +236,7 @@ The following list shows the supported values: **Defender/AllowCloudProtection** - + @@ -258,8 +258,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -267,8 +267,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -280,7 +280,7 @@ The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. - +
    @@ -288,7 +288,7 @@ The following list shows the supported values: **Defender/AllowEmailScanning** - + @@ -310,8 +310,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -319,8 +319,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -332,7 +332,7 @@ The following list shows the supported values: - 0 (default) – Not allowed. - 1 – Allowed. - +
    @@ -340,7 +340,7 @@ The following list shows the supported values: **Defender/AllowFullScanOnMappedNetworkDrives** - + @@ -362,8 +362,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -371,8 +371,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -384,7 +384,7 @@ The following list shows the supported values: - 0 (default) – Not allowed. - 1 – Allowed. - +
    @@ -392,7 +392,7 @@ The following list shows the supported values: **Defender/AllowFullScanRemovableDriveScanning** - + @@ -414,8 +414,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -423,8 +423,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -436,7 +436,7 @@ The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. - +
    @@ -444,7 +444,7 @@ The following list shows the supported values: **Defender/AllowIOAVProtection** - + @@ -466,8 +466,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -475,8 +475,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -488,7 +488,7 @@ The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. - +
    @@ -496,7 +496,7 @@ The following list shows the supported values: **Defender/AllowIntrusionPreventionSystem** - + @@ -518,8 +518,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -527,8 +527,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -540,7 +540,7 @@ The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. - +
    @@ -548,7 +548,7 @@ The following list shows the supported values: **Defender/AllowOnAccessProtection** - + @@ -570,8 +570,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -579,8 +579,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -592,7 +592,7 @@ The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. - +
    @@ -600,7 +600,7 @@ The following list shows the supported values: **Defender/AllowRealtimeMonitoring** - + @@ -622,8 +622,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -631,8 +631,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -644,7 +644,7 @@ The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. - +
    @@ -652,7 +652,7 @@ The following list shows the supported values: **Defender/AllowScanningNetworkFiles** - + @@ -674,8 +674,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -683,8 +683,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -696,7 +696,7 @@ The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. - +
    @@ -704,7 +704,7 @@ The following list shows the supported values: **Defender/AllowScriptScanning** - + @@ -726,8 +726,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -735,8 +735,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -748,7 +748,7 @@ The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. - +
    @@ -756,7 +756,7 @@ The following list shows the supported values: **Defender/AllowUserUIAccess** - + @@ -778,8 +778,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -787,8 +787,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -800,7 +800,7 @@ The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. - +
    @@ -808,7 +808,7 @@ The following list shows the supported values: **Defender/AttackSurfaceReductionOnlyExclusions** - + @@ -830,8 +830,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -839,8 +839,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -849,7 +849,7 @@ Added in Windows 10, version 1709. This policy setting allows you to prevent Att Value type is string. - +
    @@ -857,7 +857,7 @@ Value type is string. **Defender/AttackSurfaceReductionRules** - + @@ -879,8 +879,8 @@ Value type is string.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -888,8 +888,8 @@ Value type is string.
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -900,7 +900,7 @@ For more information about ASR rule ID and status ID, see [Enable Attack Surface Value type is string. - +
    @@ -908,7 +908,7 @@ Value type is string. **Defender/AvgCPULoadFactor** - + @@ -930,8 +930,8 @@ Value type is string.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -939,8 +939,8 @@ Value type is string.
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -951,7 +951,7 @@ Valid values: 0–100 The default value is 50. - +
    @@ -959,7 +959,7 @@ The default value is 50. **Defender/CloudBlockLevel** - + @@ -981,8 +981,8 @@ The default value is 50.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -990,8 +990,8 @@ The default value is 50.
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -1005,7 +1005,7 @@ For more information about specific values that are supported, see the Windows D > [!Note] > This feature requires the "Join Microsoft MAPS" setting enabled in order to function. - + The following list shows the supported values: @@ -1022,7 +1022,7 @@ The following list shows the supported values: **Defender/CloudExtendedTimeout** - + @@ -1044,8 +1044,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1053,8 +1053,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -1067,7 +1067,7 @@ For example, if the desired timeout is 60 seconds, specify 50 seconds in this se > [!Note] > This feature depends on three other MAPS settings the must all be enabled- "Configure the 'Block at First Sight' feature; "Join Microsoft MAPS"; "Send file samples when further analysis is required". - +
    @@ -1075,7 +1075,7 @@ For example, if the desired timeout is 60 seconds, specify 50 seconds in this se **Defender/ControlledFolderAccessAllowedApplications** - + @@ -1097,8 +1097,8 @@ For example, if the desired timeout is 60 seconds, specify 50 seconds in this se
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1106,14 +1106,14 @@ For example, if the desired timeout is 60 seconds, specify 50 seconds in this se
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. The previous name was GuardedFoldersAllowedApplications and changed to ControlledFolderAccessAllowedApplications. Added in Windows 10, version 1709. This policy setting allows user-specified applications to the guard my folders feature. Adding an allowed application means the guard my folders feature will allow the application to modify or delete content in certain folders such as My Documents. In most cases it will not be necessary to add entries. Windows Defender Antivirus will automatically detect and dynamically add applications that are friendly. Value type is string. Use the | as the substring separator. - +
    @@ -1121,7 +1121,7 @@ Added in Windows 10, version 1709. This policy setting allows user-specified app **Defender/ControlledFolderAccessProtectedFolders** - + @@ -1143,8 +1143,8 @@ Added in Windows 10, version 1709. This policy setting allows user-specified app
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1152,14 +1152,14 @@ Added in Windows 10, version 1709. This policy setting allows user-specified app
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. The previous name was GuardedFoldersList and changed to ControlledFolderAccessProtectedFolders. Added in Windows 10, version 1709. This policy settings allows adding user-specified folder locations to the guard my folders feature. These folders will complement the system defined folders such as My Documents and My Pictures. The list of system folders will be displayed in the user interface and can not be changed. Value type is string. Use the | as the substring separator. - +
    @@ -1167,7 +1167,7 @@ Added in Windows 10, version 1709. This policy settings allows adding user-speci **Defender/DaysToRetainCleanedMalware** - + @@ -1189,8 +1189,8 @@ Added in Windows 10, version 1709. This policy settings allows adding user-speci
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1198,8 +1198,8 @@ Added in Windows 10, version 1709. This policy settings allows adding user-speci
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -1210,7 +1210,7 @@ Valid values: 0–90 The default value is 0, which keeps items in quarantine, and does not automatically remove them. - +
    @@ -1218,7 +1218,7 @@ The default value is 0, which keeps items in quarantine, and does not automatica **Defender/EnableControlledFolderAccess** - + @@ -1240,8 +1240,8 @@ The default value is 0, which keeps items in quarantine, and does not automatica
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1249,14 +1249,14 @@ The default value is 0, which keeps items in quarantine, and does not automatica
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. The previous name was EnableGuardMyFolders and changed to EnableControlledFolderAccess. Added in Windows 10, version 1709. This policy enables setting the state (On/Off/Audit) for the guard my folders feature. The guard my folders feature removes modify and delete permissions from untrusted applications to certain folders such as My Documents. Value type is integer and the range is 0 - 2. - + The following list shows the supported values: @@ -1272,7 +1272,7 @@ The following list shows the supported values: **Defender/EnableNetworkProtection** - + @@ -1294,8 +1294,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1303,8 +1303,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -1316,7 +1316,7 @@ If you enable this policy with the ""Audit"" option, users/apps will not be bloc If you disable this policy, users/apps will not be blocked from connecting to dangerous domains. You will not see any network activity in Windows Defender Security Center. If you do not configure this policy, network blocking will be disabled by default. - + The following list shows the supported values: @@ -1332,7 +1332,7 @@ The following list shows the supported values: **Defender/ExcludedExtensions** - + @@ -1354,8 +1354,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1363,15 +1363,15 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop.   Allows an administrator to specify a list of file type extensions to ignore during a scan. Each file type in the list must be separated by a **|**. For example, "lib|obj". - +
    @@ -1379,7 +1379,7 @@ Allows an administrator to specify a list of file type extensions to ignore duri **Defender/ExcludedPaths** - + @@ -1401,8 +1401,8 @@ Allows an administrator to specify a list of file type extensions to ignore duri
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1410,15 +1410,15 @@ Allows an administrator to specify a list of file type extensions to ignore duri
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. Allows an administrator to specify a list of directory paths to ignore during a scan. Each path in the list must be separated by a **|**. For example, "C:\\Example|C:\\Example1". - +
    @@ -1426,7 +1426,7 @@ Allows an administrator to specify a list of directory paths to ignore during a **Defender/ExcludedProcesses** - + @@ -1448,8 +1448,8 @@ Allows an administrator to specify a list of directory paths to ignore during a
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1457,8 +1457,8 @@ Allows an administrator to specify a list of directory paths to ignore during a
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -1471,7 +1471,7 @@ Allows an administrator to specify a list of files opened by processes to ignore   Each file type must be separated by a **|**. For example, "C:\\Example.exe|C:\\Example1.exe". - +
    @@ -1479,7 +1479,7 @@ Each file type must be separated by a **|**. For example, "C:\\Example.exe|C:\\E **Defender/PUAProtection** - + @@ -1501,8 +1501,8 @@ Each file type must be separated by a **|**. For example, "C:\\Example.exe|C:\\E
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1510,8 +1510,8 @@ Each file type must be separated by a **|**. For example, "C:\\Example.exe|C:\\E
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -1524,7 +1524,7 @@ The following list shows the supported values: - 1 – PUA Protection on. Detected items are blocked. They will show in history along with other threats. - 2 – Audit mode. Windows Defender will detect potentially unwanted applications, but take no action. You can review information about the applications Windows Defender would have taken action against by searching for events created by Windows Defender in the Event Viewer. - +
    @@ -1532,7 +1532,7 @@ The following list shows the supported values: **Defender/RealTimeScanDirection** - + @@ -1554,8 +1554,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1563,8 +1563,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -1581,7 +1581,7 @@ The following list shows the supported values: - 1 – Monitor incoming files. - 2 – Monitor outgoing files. - +
    @@ -1589,7 +1589,7 @@ The following list shows the supported values: **Defender/ScanParameter** - + @@ -1611,8 +1611,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1620,8 +1620,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -1633,7 +1633,7 @@ The following list shows the supported values: - 1 (default) – Quick scan - 2 – Full scan - +
    @@ -1641,7 +1641,7 @@ The following list shows the supported values: **Defender/ScheduleQuickScanTime** - + @@ -1663,8 +1663,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1672,8 +1672,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -1690,7 +1690,7 @@ For example, a value of 0=12:00AM, a value of 60=1:00AM, a value of 120=2:00, an The default value is 120 - +
    @@ -1698,7 +1698,7 @@ The default value is 120 **Defender/ScheduleScanDay** - + @@ -1720,8 +1720,8 @@ The default value is 120
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1729,8 +1729,8 @@ The default value is 120
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -1753,7 +1753,7 @@ The following list shows the supported values: - 7 – Sunday - 8 – No scheduled scan - +
    @@ -1761,7 +1761,7 @@ The following list shows the supported values: **Defender/ScheduleScanTime** - + @@ -1783,8 +1783,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1792,8 +1792,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -1810,7 +1810,7 @@ For example, a value of 0=12:00AM, a value of 60=1:00AM, a value of 120=2:00, an The default value is 120. - +
    @@ -1818,7 +1818,7 @@ The default value is 120. **Defender/SignatureUpdateInterval** - + @@ -1840,8 +1840,8 @@ The default value is 120.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1849,8 +1849,8 @@ The default value is 120.
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -1863,7 +1863,7 @@ A value of 0 means no check for new signatures, a value of 1 means to check ever The default value is 8. - +
    @@ -1871,7 +1871,7 @@ The default value is 8. **Defender/SubmitSamplesConsent** - + @@ -1893,8 +1893,8 @@ The default value is 8.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1902,8 +1902,8 @@ The default value is 8.
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -1917,7 +1917,7 @@ The following list shows the supported values: - 2 – Never send. - 3 – Send all samples automatically. - +
    @@ -1925,7 +1925,7 @@ The following list shows the supported values: **Defender/ThreatSeverityDefaultAction** - + @@ -1947,8 +1947,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1956,8 +1956,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop.   @@ -1982,7 +1982,7 @@ The following list shows the supported values for possible actions: - 8 – User defined - 10 – Block - +
    diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md index 2489a17f31..44763626f4 100644 --- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md +++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md @@ -101,7 +101,7 @@ ms.date: 01/29/2018 **DeliveryOptimization/DOAbsoluteMaxCacheSize** - + @@ -123,8 +123,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -132,8 +132,8 @@ ms.date: 01/29/2018
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -142,7 +142,7 @@ Added in Windows 10, version 1607. Specifies the maximum size in GB of Delivery The default value is 10. - +
    @@ -150,7 +150,7 @@ The default value is 10. **DeliveryOptimization/DOAllowVPNPeerCaching** - + @@ -172,8 +172,8 @@ The default value is 10.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -181,15 +181,15 @@ The default value is 10.
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. Added in Windows 10, version 1703. Specifies whether the device is allowed to participate in Peer Caching while connected via VPN to the domain network. This means the device can download from or upload to other domain network devices, either on VPN or on the corporate domain network. - + The following list shows the supported values: @@ -204,7 +204,7 @@ The following list shows the supported values: **DeliveryOptimization/DODelayBackgroundDownloadFromHttp** - + @@ -226,8 +226,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -235,13 +235,13 @@ The following list shows the supported values:
    - - + + Added in Windows 10, next major update. This policy allows you to delay the use of an HTTP source in a background download that is allowed to use peer-to-peer. After the max delay is reached, the download will resume using HTTP, either downloading the entire payload or complementing the bytes that could not be downloaded from peers. Note that a download that is waiting for peer sources, will appear to be stuck for the end user. The recommended value is 1 hour (3600). - +
    @@ -249,7 +249,7 @@ After the max delay is reached, the download will resume using HTTP, either down **DeliveryOptimization/DODelayForegroundDownloadFromHttp** - + @@ -271,8 +271,8 @@ After the max delay is reached, the download will resume using HTTP, either down
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -280,8 +280,8 @@ After the max delay is reached, the download will resume using HTTP, either down
    - - + + Added in Windows 10, next major update. This policy allows you to delay the use of an HTTP source in a foreground (interactive) download that is allowed to use peer-to-peer. After the max delay has reached, the download will resume using HTTP, either downloading the entire payload or complementing the bytes that could not be downloaded from Peers. @@ -290,7 +290,7 @@ Note that a download that is waiting for peer sources, will appear to be stuck f The recommended value is 1 minute (60). - + The following list shows the supported values as number of seconds: @@ -306,7 +306,7 @@ The following list shows the supported values as number of seconds: **DeliveryOptimization/DODownloadMode** - + @@ -328,8 +328,8 @@ The following list shows the supported values as number of seconds:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -337,15 +337,15 @@ The following list shows the supported values as number of seconds:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. Specifies the download method that Delivery Optimization can use in downloads of Windows Updates, Apps and App updates. - + The following list shows the supported values: @@ -364,7 +364,7 @@ The following list shows the supported values: **DeliveryOptimization/DOGroupId** - + @@ -386,8 +386,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -395,8 +395,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -406,7 +406,7 @@ This Policy specifies an arbitrary group ID that the device belongs to. Use this > [!NOTE] > You must use a GUID as the group ID. - +
    @@ -414,7 +414,7 @@ This Policy specifies an arbitrary group ID that the device belongs to. Use this **DeliveryOptimization/DOGroupIdSource** - + @@ -436,8 +436,8 @@ This Policy specifies an arbitrary group ID that the device belongs to. Use this
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -445,8 +445,8 @@ This Policy specifies an arbitrary group ID that the device belongs to. Use this
    - - + + Added in Windows 10, next major update. Set this policy to restrict peer selection to a specific source. Options available are: 1 = AD Site, 2 = Authenticated domain SID, 3 = DHCP Option ID, 4 = DNS Suffix When set, the Group ID will be assigned automatically from the selected source. @@ -457,7 +457,7 @@ The options set in this policy only apply to Group (2) download mode. If Group ( For option 4 - DHCP Option ID, the client will query DHCP Option ID 234 and use the returned GUID value as the Group ID. - + The following list shows the supported values: @@ -474,7 +474,7 @@ The following list shows the supported values: **DeliveryOptimization/DOMaxCacheAge** - + @@ -496,8 +496,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -505,8 +505,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -515,7 +515,7 @@ Specifies the maximum time in seconds that each file is held in the Delivery Opt The default value is 259200 seconds (3 days). - +
    @@ -523,7 +523,7 @@ The default value is 259200 seconds (3 days). **DeliveryOptimization/DOMaxCacheSize** - + @@ -545,8 +545,8 @@ The default value is 259200 seconds (3 days).
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -554,8 +554,8 @@ The default value is 259200 seconds (3 days).
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -564,7 +564,7 @@ Specifies the maximum cache size that Delivery Optimization can utilize, as a pe The default value is 20. - +
    @@ -572,7 +572,7 @@ The default value is 20. **DeliveryOptimization/DOMaxDownloadBandwidth** - + @@ -594,8 +594,8 @@ The default value is 20.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -603,8 +603,8 @@ The default value is 20.
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.   @@ -613,7 +613,7 @@ Added in Windows 10, version 1607. Specifies the maximum download bandwidth in The default value 0 (zero) means that Delivery Optimization dynamically adjusts to use the available bandwidth for downloads. - +
    @@ -621,7 +621,7 @@ The default value 0 (zero) means that Delivery Optimization dynamically adjusts **DeliveryOptimization/DOMaxUploadBandwidth** - + @@ -643,8 +643,8 @@ The default value 0 (zero) means that Delivery Optimization dynamically adjusts
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -652,8 +652,8 @@ The default value 0 (zero) means that Delivery Optimization dynamically adjusts
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -662,7 +662,7 @@ Specifies the maximum upload bandwidth in KiloBytes/second that a device will us The default value is 0, which permits unlimited possible bandwidth (optimized for minimal usage of upload bandwidth). - +
    @@ -670,7 +670,7 @@ The default value is 0, which permits unlimited possible bandwidth (optimized fo **DeliveryOptimization/DOMinBackgroundQos** - + @@ -692,8 +692,8 @@ The default value is 0, which permits unlimited possible bandwidth (optimized fo
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -701,8 +701,8 @@ The default value is 0, which permits unlimited possible bandwidth (optimized fo
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -711,7 +711,7 @@ Added in Windows 10, version 1607. Specifies the minimum download QoS (Quality The default value is 500. - +
    @@ -719,7 +719,7 @@ The default value is 500. **DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload** - + @@ -741,8 +741,8 @@ The default value is 500.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -750,8 +750,8 @@ The default value is 500.
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -759,7 +759,7 @@ Added in Windows 10, version 1703. Specifies any value between 1 and 100 (in pe The default value is 0. The value 0 (zero) means "not limited" and the cloud service default value will be used. - +
    @@ -767,7 +767,7 @@ The default value is 0. The value 0 (zero) means "not limited" and the cloud ser **DeliveryOptimization/DOMinDiskSizeAllowedToPeer** - + @@ -789,8 +789,8 @@ The default value is 0. The value 0 (zero) means "not limited" and the cloud ser
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -798,8 +798,8 @@ The default value is 0. The value 0 (zero) means "not limited" and the cloud ser
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -811,7 +811,7 @@ Added in Windows 10, version 1703. Specifies the required minimum disk size (cap The default value is 32 GB. - +
    @@ -819,7 +819,7 @@ The default value is 32 GB. **DeliveryOptimization/DOMinFileSizeToCache** - + @@ -841,8 +841,8 @@ The default value is 32 GB.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -850,8 +850,8 @@ The default value is 32 GB.
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -860,7 +860,7 @@ Added in Windows 10, version 1703. Specifies the minimum content file size in MB The default value is 100 MB. - +
    @@ -868,7 +868,7 @@ The default value is 100 MB. **DeliveryOptimization/DOMinRAMAllowedToPeer** - + @@ -890,8 +890,8 @@ The default value is 100 MB.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -899,8 +899,8 @@ The default value is 100 MB.
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -909,7 +909,7 @@ Added in Windows 10, version 1703. Specifies the minimum RAM size in GB required The default value is 4 GB. - +
    @@ -917,7 +917,7 @@ The default value is 4 GB. **DeliveryOptimization/DOModifyCacheDrive** - + @@ -939,8 +939,8 @@ The default value is 4 GB.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -948,8 +948,8 @@ The default value is 4 GB.
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -958,7 +958,7 @@ Added in Windows 10, version 1607. Specifies the drive that Delivery Optimizati By default, %SystemDrive% is used to store the cache. - +
    @@ -966,7 +966,7 @@ By default, %SystemDrive% is used to store the cache. **DeliveryOptimization/DOMonthlyUploadDataCap** - + @@ -988,8 +988,8 @@ By default, %SystemDrive% is used to store the cache.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -997,8 +997,8 @@ By default, %SystemDrive% is used to store the cache.
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -1009,7 +1009,7 @@ The value 0 (zero) means "unlimited"; No monthly upload limit is applied if 0 is The default value is 20. - +
    @@ -1017,7 +1017,7 @@ The default value is 20. **DeliveryOptimization/DOPercentageMaxBackDownloadBandwidth** - + @@ -1039,8 +1039,8 @@ The default value is 20.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1048,13 +1048,13 @@ The default value is 20.
    - - + + Added in Windows 10, next major update. Specifies the maximum background download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. The default value 0 (zero) means that Delivery Optimization dynamically adjusts to use the available bandwidth for background downloads. Note that downloads from LAN peers will not be throttled even when this policy is set. - +
    @@ -1062,10 +1062,10 @@ Note that downloads from LAN peers will not be throttled even when this policy i **DeliveryOptimization/DOPercentageMaxDownloadBandwidth** - + This policy is deprecated. Use [DOPercentageMaxForeDownloadBandwidth](#deliveryoptimization-dopercentagemaxforedownloadbandwidth) and [DOPercentageMaxBackDownloadBandwidth](#deliveryoptimization-dopercentagemaxbackdownloadbandwidth) policies instead. - +
    @@ -1073,7 +1073,7 @@ This policy is deprecated. Use [DOPercentageMaxForeDownloadBandwidth](#deliveryo **DeliveryOptimization/DOPercentageMaxForeDownloadBandwidth** - + @@ -1095,8 +1095,8 @@ This policy is deprecated. Use [DOPercentageMaxForeDownloadBandwidth](#deliveryo
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1104,13 +1104,13 @@ This policy is deprecated. Use [DOPercentageMaxForeDownloadBandwidth](#deliveryo
    - - + + Added in Windows 10, next major update. Specifies the maximum foreground download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. The default value 0 (zero) means that Delivery Optimization dynamically adjusts to use the available bandwidth for foreground downloads. Note that downloads from LAN peers will not be throttled even when this policy is set. - +
    @@ -1118,7 +1118,7 @@ Note that downloads from LAN peers will not be throttled even when this policy i **DeliveryOptimization/DORestrictPeerSelectionBy** - + @@ -1140,8 +1140,8 @@ Note that downloads from LAN peers will not be throttled even when this policy i
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1149,14 +1149,14 @@ Note that downloads from LAN peers will not be throttled even when this policy i
    - - + + Added in Windows 10, next major update. Set this policy to restrict peer selection via selected option. Options available are: 1=Subnet mask (more options will be added in a future release). Option 1 (Subnet mask) applies to both Download Mode LAN (1) and Group (2). - + The following list shows the supported values: @@ -1170,7 +1170,7 @@ The following list shows the supported values: **DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth** - + @@ -1192,8 +1192,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1201,13 +1201,13 @@ The following list shows the supported values:
    - - + + Added in Windows 10, next major update. Specifies the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. Note that downloads from LAN peers will not be throttled even when this policy is set. - + This policy allows an IT Admin to define the following: @@ -1223,7 +1223,7 @@ This policy allows an IT Admin to define the following: **DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth** - + @@ -1245,8 +1245,8 @@ This policy allows an IT Admin to define the following:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1254,13 +1254,13 @@ This policy allows an IT Admin to define the following:
    - - + + Added in Windows 10, next major update. Specifies the maximum foreground download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. Note that downloads from LAN peers will not be throttled even when this policy is set. - + This policy allows an IT Admin to define the following: diff --git a/windows/client-management/mdm/policy-csp-desktop.md b/windows/client-management/mdm/policy-csp-desktop.md index bf93aa8e5e..fbbf63681d 100644 --- a/windows/client-management/mdm/policy-csp-desktop.md +++ b/windows/client-management/mdm/policy-csp-desktop.md @@ -30,7 +30,7 @@ ms.date: 01/29/2018 **Desktop/PreventUserRedirectionOfProfileFolders** - + @@ -52,8 +52,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -61,15 +61,15 @@ ms.date: 01/29/2018
    - - + + Prevents users from changing the path to their profile folders. By default, a user can change the location of their individual profile folders like Documents, Music etc. by typing a new path in the Locations tab of the folder's Properties dialog box. If you enable this setting, users are unable to type a new location in the Target box. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -77,14 +77,14 @@ If you enable this setting, users are unable to type a new location in the Targe > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Prohibit User from manually redirecting Profile Folders* - GP name: *DisablePersonalDirChange* - GP path: *Desktop* - GP ADMX file name: *desktop.admx* - +
    diff --git a/windows/client-management/mdm/policy-csp-deviceguard.md b/windows/client-management/mdm/policy-csp-deviceguard.md index 7a77348d53..decc360200 100644 --- a/windows/client-management/mdm/policy-csp-deviceguard.md +++ b/windows/client-management/mdm/policy-csp-deviceguard.md @@ -36,7 +36,7 @@ ms.date: 01/29/2018 **DeviceGuard/EnableVirtualizationBasedSecurity** - + @@ -58,8 +58,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -67,11 +67,11 @@ ms.date: 01/29/2018
    - - + + Added in Windows 10, version 1709. Turns on virtualization based security(VBS) at the next reboot. virtualization based security uses the Windows Hypervisor to provide support for security services. Value type is integer. - + The following list shows the supported values: @@ -86,7 +86,7 @@ The following list shows the supported values: **DeviceGuard/LsaCfgFlags** - + @@ -108,8 +108,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -117,11 +117,11 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1709. This setting lets users turn on Credential Guard with virtualization-based security to help protect credentials at next reboot. Value type is integer. - + The following list shows the supported values: @@ -137,7 +137,7 @@ The following list shows the supported values: **DeviceGuard/RequirePlatformSecurityFeatures** - + @@ -159,8 +159,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -168,11 +168,11 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1709. Specifies the platform security level at the next reboot. Value type is integer. - + The following list shows the supported values: diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md index efc8a18433..212324e984 100644 --- a/windows/client-management/mdm/policy-csp-deviceinstallation.md +++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md @@ -33,7 +33,7 @@ ms.date: 01/29/2018 **DeviceInstallation/PreventInstallationOfMatchingDeviceIDs** - + @@ -55,8 +55,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -64,15 +64,15 @@ ms.date: 01/29/2018
    - - + + This policy setting allows you to specify a list of Plug and Play hardware IDs and compatible IDs for devices that Windows is prevented from installing. This policy setting takes precedence over any other policy setting that allows Windows to install a device. If you enable this policy setting, Windows is prevented from installing a device whose hardware ID or compatible ID appears in the list you create. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server. If you disable or do not configure this policy setting, devices can be installed and updated as allowed or prevented by other policy settings. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -80,14 +80,14 @@ If you disable or do not configure this policy setting, devices can be installed > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Prevent installation of devices that match any of these device IDs* - GP name: *DeviceInstall_IDs_Deny* - GP path: *System/Device Installation/Device Installation Restrictions* - GP ADMX file name: *deviceinstallation.admx* - +
    @@ -95,7 +95,7 @@ ADMX Info: **DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses** - + @@ -117,8 +117,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -126,15 +126,15 @@ ADMX Info:
    - - + + This policy setting allows you to specify a list of device setup class globally unique identifiers (GUIDs) for device drivers that Windows is prevented from installing. This policy setting takes precedence over any other policy setting that allows Windows to install a device. If you enable this policy setting, Windows is prevented from installing or updating device drivers whose device setup class GUIDs appear in the list you create. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server. If you disable or do not configure this policy setting, Windows can install and update devices as allowed or prevented by other policy settings. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -142,14 +142,14 @@ If you disable or do not configure this policy setting, Windows can install and > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Prevent installation of devices using drivers that match these device setup classes* - GP name: *DeviceInstall_Classes_Deny* - GP path: *System/Device Installation/Device Installation Restrictions* - GP ADMX file name: *deviceinstallation.admx* - +
    diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md index 963e8714e8..8b22ded5b4 100644 --- a/windows/client-management/mdm/policy-csp-devicelock.md +++ b/windows/client-management/mdm/policy-csp-devicelock.md @@ -80,7 +80,7 @@ ms.date: 01/29/2018 **DeviceLock/AllowIdleReturnWithoutPassword** - + @@ -102,8 +102,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -111,8 +111,8 @@ ms.date: 01/29/2018
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. @@ -122,7 +122,7 @@ Specifies whether the user must input a PIN or password when the device resumes > [!NOTE] > This policy must be wrapped in an Atomic command. - + The following list shows the supported values: @@ -137,7 +137,7 @@ The following list shows the supported values: **DeviceLock/AllowScreenTimeoutWhileLockedUserConfig** - + @@ -159,8 +159,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -168,8 +168,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. @@ -188,7 +188,7 @@ The following list shows the supported values: > [!IMPORTANT] > If this policy is set to 1 (Allowed), the value set by **DeviceLock/ScreenTimeOutWhileLocked** is ignored. To ensure enterprise control over the screen timeout, set this policy to 0 (Not allowed) and use **DeviceLock/ScreenTimeOutWhileLocked** to set the screen timeout period. - +
    @@ -196,7 +196,7 @@ The following list shows the supported values: **DeviceLock/AllowSimpleDevicePassword** - + @@ -218,8 +218,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -227,8 +227,8 @@ The following list shows the supported values:
    - - + + Specifies whether PINs or passwords such as "1111" or "1234" are allowed. For the desktop, it also controls the use of picture passwords. > [!NOTE] @@ -242,7 +242,7 @@ The following list shows the supported values: For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx). - +
    @@ -250,7 +250,7 @@ For additional information about this policy, see [Exchange ActiveSync Policy En **DeviceLock/AlphanumericDevicePasswordRequired** - + @@ -272,8 +272,8 @@ For additional information about this policy, see [Exchange ActiveSync Policy En
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -281,8 +281,8 @@ For additional information about this policy, see [Exchange ActiveSync Policy En
    - - + + Determines the type of PIN or password required. This policy only applies if the **DeviceLock/DevicePasswordEnabled** policy is set to 0 (required). > [!NOTE] @@ -302,7 +302,7 @@ The following list shows the supported values: > > If **AlphanumericDevicePasswordRequired** is set to 0, then MinDevicePasswordLength = 4 and MinDevicePasswordComplexCharacters = 2. - +
    @@ -310,7 +310,7 @@ The following list shows the supported values: **DeviceLock/DevicePasswordEnabled** - + @@ -332,8 +332,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -341,8 +341,8 @@ The following list shows the supported values:
    - - + + Specifies whether device lock is enabled. > [!NOTE] @@ -390,7 +390,7 @@ The following list shows the supported values: > - MaxDevicePasswordFailedAttempts > - MaxInactivityTimeDeviceLock - +
    @@ -398,7 +398,7 @@ The following list shows the supported values: **DeviceLock/DevicePasswordExpiration** - + @@ -420,8 +420,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -429,8 +429,8 @@ The following list shows the supported values:
    - - + + Specifies when the password expires (in days). > [!NOTE] @@ -446,7 +446,7 @@ If all policy values = 0 then 0; otherwise, Min policy value is the most secure For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx). - +
    @@ -454,7 +454,7 @@ For additional information about this policy, see [Exchange ActiveSync Policy En **DeviceLock/DevicePasswordHistory** - + @@ -476,8 +476,8 @@ For additional information about this policy, see [Exchange ActiveSync Policy En
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -485,8 +485,8 @@ For additional information about this policy, see [Exchange ActiveSync Policy En
    - - + + Specifies how many passwords can be stored in the history that can’t be used. > [!NOTE] @@ -504,7 +504,7 @@ Max policy value is the most restricted. For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx). - +
    @@ -512,7 +512,7 @@ For additional information about this policy, see [Exchange ActiveSync Policy En **DeviceLock/EnforceLockScreenAndLogonImage** - + @@ -534,8 +534,8 @@ For additional information about this policy, see [Exchange ActiveSync Policy En
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -543,8 +543,8 @@ For additional information about this policy, see [Exchange ActiveSync Policy En
    - - + + Added in Windows 10, version 1607. Specifies the default lock screen and logon image shown when no user is signed in. It also sets the specified image for all users, which replaces the default image. The same image is used for both the lock and logon screens. Users will not be able to change this image. > [!NOTE] @@ -553,7 +553,7 @@ Added in Windows 10, version 1607. Specifies the default lock screen and logon Value type is a string, which is the full image filepath and filename. - +
    @@ -561,7 +561,7 @@ Value type is a string, which is the full image filepath and filename. **DeviceLock/EnforceLockScreenProvider** - + @@ -583,8 +583,8 @@ Value type is a string, which is the full image filepath and filename.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -592,8 +592,8 @@ Value type is a string, which is the full image filepath and filename.
    - - + + Added in Windows 10, version 1607. Restricts lock screen image to a specific lock screen provider. Users will not be able change this provider. > [!NOTE] @@ -602,7 +602,7 @@ Added in Windows 10, version 1607. Restricts lock screen image to a specific lo Value type is a string, which is the AppID. - +
    @@ -610,7 +610,7 @@ Value type is a string, which is the AppID. **DeviceLock/MaxDevicePasswordFailedAttempts** - + @@ -632,8 +632,8 @@ Value type is a string, which is the AppID.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -641,8 +641,8 @@ Value type is a string, which is the AppID.
    - - + + The number of authentication failures allowed before the device will be wiped. A value of 0 disables device wipe functionality. > [!NOTE] @@ -665,7 +665,7 @@ Most secure value is 0 if all policy values = 0; otherwise, Min policy value is For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx). - +
    @@ -673,7 +673,7 @@ For additional information about this policy, see [Exchange ActiveSync Policy En **DeviceLock/MaxInactivityTimeDeviceLock** - + @@ -695,8 +695,8 @@ For additional information about this policy, see [Exchange ActiveSync Policy En
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -704,8 +704,8 @@ For additional information about this policy, see [Exchange ActiveSync Policy En
    - - + + Specifies the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked. Users can select any existing timeout value less than the specified maximum time in the Settings app. Note the Lumia 950 and 950XL have a maximum timeout value of 5 minutes, regardless of the value set by this policy. > [!NOTE] @@ -719,7 +719,7 @@ The following list shows the supported values: For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx). - +
    @@ -727,7 +727,7 @@ For additional information about this policy, see [Exchange ActiveSync Policy En **DeviceLock/MaxInactivityTimeDeviceLockWithExternalDisplay** - + @@ -749,8 +749,8 @@ For additional information about this policy, see [Exchange ActiveSync Policy En
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -758,8 +758,8 @@ For additional information about this policy, see [Exchange ActiveSync Policy En
    - - + + Specifies the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked while connected to an external display. > [!NOTE] @@ -771,7 +771,7 @@ The following list shows the supported values: - An integer X where 0 <= X <= 999. - 0 (default) - No timeout is defined. The default of "0" is Windows Phone 7.5 parity and is interpreted by as "No timeout is defined." - +
    @@ -779,7 +779,7 @@ The following list shows the supported values: **DeviceLock/MinDevicePasswordComplexCharacters** - + @@ -801,8 +801,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -810,8 +810,8 @@ The following list shows the supported values:
    - - + + The number of complex element types (uppercase and lowercase letters, numbers, and punctuation) required for a strong PIN or password. > [!NOTE] @@ -885,7 +885,7 @@ The enforcement of policies for Microsoft accounts happen on the server, and the For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx) and [KB article](https://support.office.com/article/This-device-doesn-t-meet-the-security-requirements-set-by-your-email-administrator-87132fc7-2c7f-4a71-9de0-779ff81c86ca). - +
    @@ -893,7 +893,7 @@ For additional information about this policy, see [Exchange ActiveSync Policy En **DeviceLock/MinDevicePasswordLength** - + @@ -915,8 +915,8 @@ For additional information about this policy, see [Exchange ActiveSync Policy En
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -924,8 +924,8 @@ For additional information about this policy, see [Exchange ActiveSync Policy En
    - - + + Specifies the minimum number or characters required in the PIN or password. > [!NOTE] @@ -944,7 +944,7 @@ Max policy value is the most restricted. For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx) and [KB article](https://support.office.com/article/This-device-doesn-t-meet-the-security-requirements-set-by-your-email-administrator-87132fc7-2c7f-4a71-9de0-779ff81c86ca). - +
    @@ -952,7 +952,7 @@ For additional information about this policy, see [Exchange ActiveSync Policy En **DeviceLock/MinimumPasswordAge** - + @@ -974,8 +974,8 @@ For additional information about this policy, see [Exchange ActiveSync Policy En
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -983,15 +983,15 @@ For additional information about this policy, see [Exchange ActiveSync Policy En
    - - + + This security setting determines the period of time (in days) that a password must be used before the user can change it. You can set a value between 1 and 998 days, or you can allow changes immediately by setting the number of days to 0. The minimum password age must be less than the Maximum password age, unless the maximum password age is set to 0, indicating that passwords will never expire. If the maximum password age is set to 0, the minimum password age can be set to any value between 0 and 998. Configure the minimum password age to be more than 0 if you want Enforce password history to be effective. Without a minimum password age, users can cycle through passwords repeatedly until they get to an old favorite. The default setting does not follow this recommendation, so that an administrator can specify a password for a user and then require the user to change the administrator-defined password when the user logs on. If the password history is set to 0, the user does not have to choose a new password. For this reason, Enforce password history is set to 1 by default. - +
    @@ -999,7 +999,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor **DeviceLock/PreventLockScreenSlideShow** - + @@ -1021,8 +1021,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1030,15 +1030,15 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
    - - + + Disables the lock screen slide show settings in PC Settings and prevents a slide show from playing on the lock screen. By default, users can enable a slide show that will run after they lock the machine. If you enable this setting, users will no longer be able to modify slide show settings in PC Settings, and no slide show will ever start. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1046,14 +1046,14 @@ If you enable this setting, users will no longer be able to modify slide show se > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Prevent enabling lock screen slide show* - GP name: *CPL_Personalization_NoLockScreenSlideshow* - GP path: *Control Panel/Personalization* - GP ADMX file name: *ControlPanelDisplay.admx* - +
    @@ -1061,7 +1061,7 @@ ADMX Info: **DeviceLock/ScreenTimeoutWhileLocked** - + @@ -1083,8 +1083,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1092,8 +1092,8 @@ ADMX Info:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.   @@ -1107,7 +1107,7 @@ The default value is 10. Most restricted value is 0. - +
    diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md index 278ae2808f..3921cace6c 100644 --- a/windows/client-management/mdm/policy-csp-display.md +++ b/windows/client-management/mdm/policy-csp-display.md @@ -33,7 +33,7 @@ ms.date: 01/29/2018 **Display/TurnOffGdiDPIScalingForApps** - + @@ -55,8 +55,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -64,8 +64,8 @@ ms.date: 01/29/2018
    - - + + GDI DPI Scaling enables applications that are not DPI aware to become per monitor DPI aware. This policy setting lets you specify legacy applications that have GDI DPI Scaling turned off. @@ -81,7 +81,7 @@ To validate on Desktop, do the following: 1. Configure the setting for an app which has GDI DPI scaling enabled via MDM or any other supported mechanisms. 2. Run the app and observe blurry text. - +
    @@ -89,7 +89,7 @@ To validate on Desktop, do the following: **Display/TurnOnGdiDPIScalingForApps** - + @@ -111,8 +111,8 @@ To validate on Desktop, do the following:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -120,8 +120,8 @@ To validate on Desktop, do the following:
    - - + + GDI DPI Scaling enables applications that are not DPI aware to become per monitor DPI aware. This policy setting lets you specify legacy applications that have GDI DPI Scaling turned on. @@ -137,7 +137,7 @@ To validate on Desktop, do the following: 1. Configure the setting for an app which uses GDI. 2. Run the app and observe crisp text. - +
    diff --git a/windows/client-management/mdm/policy-csp-education.md b/windows/client-management/mdm/policy-csp-education.md index ed70c0cb02..6889a52380 100644 --- a/windows/client-management/mdm/policy-csp-education.md +++ b/windows/client-management/mdm/policy-csp-education.md @@ -36,7 +36,7 @@ ms.date: 01/29/2018 **Education/DefaultPrinterName** - + @@ -58,8 +58,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -67,13 +67,13 @@ ms.date: 01/29/2018
    - - + + Added in Windows 10, version 1709. This policy allows IT Admins to set the user's default printer. The policy value is expected to be the name (network host name) of an installed printer. - +
    @@ -81,7 +81,7 @@ The policy value is expected to be the name (network host name) of an installed **Education/PreventAddingNewPrinters** - + @@ -103,8 +103,8 @@ The policy value is expected to be the name (network host name) of an installed
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -112,11 +112,11 @@ The policy value is expected to be the name (network host name) of an installed
    - - + + Added in Windows 10, version 1709. Allows IT Admins to prevent user installation of additional printers from the printers settings. - + The following list shows the supported values: @@ -131,7 +131,7 @@ The following list shows the supported values: **Education/PrinterNames** - + @@ -153,8 +153,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -162,13 +162,13 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1709. Allows IT Admins to automatically provision printers based on their names (network host names). The policy value is expected to be a `````` seperated list of printer names. The OS will attempt to search and install the matching printer driver for each listed printer. - +
    diff --git a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md index 1a432f3397..38c3886970 100644 --- a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md +++ b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md @@ -45,7 +45,7 @@ ms.date: 01/29/2018 **EnterpriseCloudPrint/CloudPrintOAuthAuthority** - + @@ -67,8 +67,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -76,15 +76,15 @@ ms.date: 01/29/2018
    - - + + Added in Windows 10, version 1703. Specifies the authentication endpoint for acquiring OAuth tokens. This policy must target ./User, otherwise it fails. The datatype is a string. The default value is an empty string. Otherwise, the value should contain the URL of an endpoint. For example, "https://azuretenant.contoso.com/adfs". - +
    @@ -92,7 +92,7 @@ The default value is an empty string. Otherwise, the value should contain the UR **EnterpriseCloudPrint/CloudPrintOAuthClientId** - + @@ -114,8 +114,8 @@ The default value is an empty string. Otherwise, the value should contain the UR
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -123,15 +123,15 @@ The default value is an empty string. Otherwise, the value should contain the UR
    - - + + Added in Windows 10, version 1703. Specifies the GUID of a client application authorized to retrieve OAuth tokens from the OAuthAuthority. This policy must target ./User, otherwise it fails. The datatype is a string. The default value is an empty string. Otherwise, the value should contain a GUID. For example, "E1CF1107-FF90-4228-93BF-26052DD2C714". - +
    @@ -139,7 +139,7 @@ The default value is an empty string. Otherwise, the value should contain a GUID **EnterpriseCloudPrint/CloudPrintResourceId** - + @@ -161,8 +161,8 @@ The default value is an empty string. Otherwise, the value should contain a GUID
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -170,15 +170,15 @@ The default value is an empty string. Otherwise, the value should contain a GUID
    - - + + Added in Windows 10, version 1703. Specifies the per-user resource URL for which access is requested by the enterprise cloud print client during OAuth authentication. This policy must target ./User, otherwise it fails. The datatype is a string. The default value is an empty string. Otherwise, the value should contain a URL. For example, "http://MicrosoftEnterpriseCloudPrint/CloudPrint". - +
    @@ -186,7 +186,7 @@ The default value is an empty string. Otherwise, the value should contain a URL. **EnterpriseCloudPrint/CloudPrinterDiscoveryEndPoint** - + @@ -208,8 +208,8 @@ The default value is an empty string. Otherwise, the value should contain a URL.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -217,15 +217,15 @@ The default value is an empty string. Otherwise, the value should contain a URL.
    - - + + Added in Windows 10, version 1703. Specifies the per-user end point for discovering cloud printers. This policy must target ./User, otherwise it fails. The datatype is a string. The default value is an empty string. Otherwise, the value should contain the URL of an endpoint. For example, "https://cloudprinterdiscovery.contoso.com". - +
    @@ -233,7 +233,7 @@ The default value is an empty string. Otherwise, the value should contain the UR **EnterpriseCloudPrint/DiscoveryMaxPrinterLimit** - + @@ -255,8 +255,8 @@ The default value is an empty string. Otherwise, the value should contain the UR
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -264,15 +264,15 @@ The default value is an empty string. Otherwise, the value should contain the UR
    - - + + Added in Windows 10, version 1703. Defines the maximum number of printers that should be queried from a discovery end point. This policy must target ./User, otherwise it fails. The datatype is an integer. For Windows Mobile, the default value is 20. - +
    @@ -280,7 +280,7 @@ For Windows Mobile, the default value is 20. **EnterpriseCloudPrint/MopriaDiscoveryResourceId** - + @@ -302,8 +302,8 @@ For Windows Mobile, the default value is 20.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -311,15 +311,15 @@ For Windows Mobile, the default value is 20.
    - - + + Added in Windows 10, version 1703. Specifies the per-user resource URL for which access is requested by the Mopria discovery client during OAuth authentication. This policy must target ./User, otherwise it fails. The datatype is a string. The default value is an empty string. Otherwise, the value should contain a URL. For example, "http://MopriaDiscoveryService/CloudPrint". - +
    diff --git a/windows/client-management/mdm/policy-csp-errorreporting.md b/windows/client-management/mdm/policy-csp-errorreporting.md index 71b4c992f1..4f957acf78 100644 --- a/windows/client-management/mdm/policy-csp-errorreporting.md +++ b/windows/client-management/mdm/policy-csp-errorreporting.md @@ -42,7 +42,7 @@ ms.date: 01/29/2018 **ErrorReporting/CustomizeConsentSettings** - + @@ -64,8 +64,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -73,8 +73,8 @@ ms.date: 01/29/2018
    - - + + This policy setting determines the consent behavior of Windows Error Reporting for specific event types. If you enable this policy setting, you can add specific event types to a list by clicking Show, and typing event types in the Value Name column of the Show Contents dialog box. Event types are those for generic, non-fatal errors: crash, no response, and kernel fault errors. For each specified event type, you can set a consent level of 0, 1, 2, 3, or 4. @@ -91,7 +91,7 @@ If you enable this policy setting, you can add specific event types to a list by If you disable or do not configure this policy setting, then the default consent settings that are applied are those specified by the user in Control Panel, or in the Configure Default Consent policy setting. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -99,14 +99,14 @@ If you disable or do not configure this policy setting, then the default consent > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Customize consent settings* - GP name: *WerConsentCustomize_2* - GP path: *Windows Components/Windows Error Reporting/Consent* - GP ADMX file name: *ErrorReporting.admx* - +
    @@ -114,7 +114,7 @@ ADMX Info: **ErrorReporting/DisableWindowsErrorReporting** - + @@ -136,8 +136,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -145,15 +145,15 @@ ADMX Info:
    - - + + This policy setting turns off Windows Error Reporting, so that reports are not collected or sent to either Microsoft or internal servers within your organization when software unexpectedly stops working or fails. If you enable this policy setting, Windows Error Reporting does not send any problem information to Microsoft. Additionally, solution information is not available in Security and Maintenance in Control Panel. If you disable or do not configure this policy setting, the Turn off Windows Error Reporting policy setting in Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication settings takes precedence. If Turn off Windows Error Reporting is also either disabled or not configured, user settings in Control Panel for Windows Error Reporting are applied. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -161,14 +161,14 @@ If you disable or do not configure this policy setting, the Turn off Windows Err > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Disable Windows Error Reporting* - GP name: *WerDisable_2* - GP path: *Windows Components/Windows Error Reporting* - GP ADMX file name: *ErrorReporting.admx* - +
    @@ -176,7 +176,7 @@ ADMX Info: **ErrorReporting/DisplayErrorNotification** - + @@ -198,8 +198,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -207,8 +207,8 @@ ADMX Info:
    - - + + This policy setting controls whether users are shown an error dialog box that lets them report an error. If you enable this policy setting, users are notified in a dialog box that an error has occurred, and can display more details about the error. If the Configure Error Reporting policy setting is also enabled, the user can also report the error. @@ -219,7 +219,7 @@ If you do not configure this policy setting, users can change this setting in Co See also the Configure Error Reporting policy setting. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -227,14 +227,14 @@ See also the Configure Error Reporting policy setting. > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Display Error Notification* - GP name: *PCH_ShowUI* - GP path: *Windows Components/Windows Error Reporting* - GP ADMX file name: *ErrorReporting.admx* - +
    @@ -242,7 +242,7 @@ ADMX Info: **ErrorReporting/DoNotSendAdditionalData** - + @@ -264,8 +264,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -273,15 +273,15 @@ ADMX Info:
    - - + + This policy setting controls whether additional data in support of error reports can be sent to Microsoft automatically. If you enable this policy setting, any additional data requests from Microsoft in response to a Windows Error Reporting report are automatically declined, without notification to the user. If you disable or do not configure this policy setting, then consent policy settings in Computer Configuration/Administrative Templates/Windows Components/Windows Error Reporting/Consent take precedence. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -289,14 +289,14 @@ If you disable or do not configure this policy setting, then consent policy sett > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Do not send additional data* - GP name: *WerNoSecondLevelData_2* - GP path: *Windows Components/Windows Error Reporting* - GP ADMX file name: *ErrorReporting.admx* - +
    @@ -304,7 +304,7 @@ ADMX Info: **ErrorReporting/PreventCriticalErrorDisplay** - + @@ -326,8 +326,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -335,15 +335,15 @@ ADMX Info:
    - - + + This policy setting prevents the display of the user interface for critical errors. If you enable this policy setting, Windows Error Reporting does not display any GUI-based error messages or dialog boxes for critical errors. If you disable or do not configure this policy setting, Windows Error Reporting displays the user interface for critical errors. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -351,14 +351,14 @@ If you disable or do not configure this policy setting, Windows Error Reporting > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Prevent display of the user interface for critical errors* - GP name: *WerDoNotShowUI* - GP path: *Windows Components/Windows Error Reporting* - GP ADMX file name: *ErrorReporting.admx* - +
    diff --git a/windows/client-management/mdm/policy-csp-eventlogservice.md b/windows/client-management/mdm/policy-csp-eventlogservice.md index c98738d293..961555b8fe 100644 --- a/windows/client-management/mdm/policy-csp-eventlogservice.md +++ b/windows/client-management/mdm/policy-csp-eventlogservice.md @@ -39,7 +39,7 @@ ms.date: 01/29/2018 **EventLogService/ControlEventLogBehavior** - + @@ -61,8 +61,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -70,8 +70,8 @@ ms.date: 01/29/2018
    - - + + This policy setting controls Event Log behavior when the log file reaches its maximum size. If you enable this policy setting and a log file reaches its maximum size, new events are not written to the log and are lost. @@ -80,7 +80,7 @@ If you disable or do not configure this policy setting and a log file reaches it Note: Old events may or may not be retained according to the "Backup log automatically when full" policy setting. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -88,14 +88,14 @@ Note: Old events may or may not be retained according to the "Backup log automat > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Control Event Log behavior when the log file reaches its maximum size* - GP name: *Channel_Log_Retention_1* - GP path: *Windows Components/Event Log Service/Application* - GP ADMX file name: *eventlog.admx* - +
    @@ -103,7 +103,7 @@ ADMX Info: **EventLogService/SpecifyMaximumFileSizeApplicationLog** - + @@ -125,8 +125,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -134,15 +134,15 @@ ADMX Info:
    - - + + This policy setting specifies the maximum size of the log file in kilobytes. If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments. If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -150,14 +150,14 @@ If you disable or do not configure this policy setting, the maximum size of the > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Specify the maximum log file size (KB)* - GP name: *Channel_LogMaxSize_1* - GP path: *Windows Components/Event Log Service/Application* - GP ADMX file name: *eventlog.admx* - +
    @@ -165,7 +165,7 @@ ADMX Info: **EventLogService/SpecifyMaximumFileSizeSecurityLog** - + @@ -187,8 +187,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -196,15 +196,15 @@ ADMX Info:
    - - + + This policy setting specifies the maximum size of the log file in kilobytes. If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments. If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -212,14 +212,14 @@ If you disable or do not configure this policy setting, the maximum size of the > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Specify the maximum log file size (KB)* - GP name: *Channel_LogMaxSize_2* - GP path: *Windows Components/Event Log Service/Security* - GP ADMX file name: *eventlog.admx* - +
    @@ -227,7 +227,7 @@ ADMX Info: **EventLogService/SpecifyMaximumFileSizeSystemLog** - + @@ -249,8 +249,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -258,15 +258,15 @@ ADMX Info:
    - - + + This policy setting specifies the maximum size of the log file in kilobytes. If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments. If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -274,14 +274,14 @@ If you disable or do not configure this policy setting, the maximum size of the > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Specify the maximum log file size (KB)* - GP name: *Channel_LogMaxSize_4* - GP path: *Windows Components/Event Log Service/System* - GP ADMX file name: *eventlog.admx* - +
    diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md index c8aaf83293..1ee67cf404 100644 --- a/windows/client-management/mdm/policy-csp-experience.md +++ b/windows/client-management/mdm/policy-csp-experience.md @@ -92,7 +92,7 @@ ms.date: 01/29/2018 **Experience/AllowCopyPaste** - + @@ -114,8 +114,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -123,8 +123,8 @@ ms.date: 01/29/2018
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. @@ -132,7 +132,7 @@ Specifies whether copy and paste is allowed. Most restricted value is 0. - + The following list shows the supported values: @@ -147,7 +147,7 @@ The following list shows the supported values: **Experience/AllowCortana** - + @@ -169,8 +169,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -178,13 +178,13 @@ The following list shows the supported values:
    - - + + Specifies whether Cortana is allowed on the device. If you enable or don’t configure this setting, Cortana is allowed on the device. If you disable this setting, Cortana is turned off. When Cortana is off, users will still be able to use search to find items on the device. Most restricted value is 0. - + The following list shows the supported values: @@ -199,7 +199,7 @@ The following list shows the supported values: **Experience/AllowDeviceDiscovery** - + @@ -221,8 +221,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -230,15 +230,15 @@ The following list shows the supported values:
    - - + + Allows users to turn on/off device discovery UX. When set to 0 , the projection pane is disabled. The Win+P and Win+K shortcut keys will not work on. Most restricted value is 0. - + The following list shows the supported values: @@ -253,7 +253,7 @@ The following list shows the supported values: **Experience/AllowFindMyDevice** - + @@ -275,8 +275,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -284,15 +284,15 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. This policy turns on Find My Device. When Find My Device is on, the device and its location are registered in the cloud so that the device can be located when the user initiates a Find command from account.microsoft.com. In Windows 10, version 1709 devices that are compatible with active digitizers, enabling Find My Device will also allow the user to view the last location of use of their active digitizer on their device; this location is stored locally on the user's device after each use of their active digitizer. When Find My Device is off, the device and its location are not registered and the Find My Device feature will not work. In Windows 10, version 1709 the user will not be able to view the location of the last use of their active digitizer on their device. - + The following list shows the supported values: @@ -307,7 +307,7 @@ The following list shows the supported values: **Experience/AllowManualMDMUnenrollment** - + @@ -329,8 +329,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -338,8 +338,8 @@ The following list shows the supported values:
    - - + + Specifies whether to allow the user to delete the workplace account using the workplace control panel. If the device is Azure Active Directory joined and MDM enrolled (e.g. auto-enrolled), which is majority of the case for Intune, then disabling the MDM unenrollment has no effect. > [!NOTE] @@ -348,7 +348,7 @@ Specifies whether to allow the user to delete the workplace account using the wo Most restricted value is 0. - + The following list shows the supported values: @@ -363,7 +363,7 @@ The following list shows the supported values: **Experience/AllowSIMErrorDialogPromptWhenNoSIM** - + @@ -385,8 +385,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -394,15 +394,15 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. Specifies whether to display dialog prompt when no SIM card is detected. - + The following list shows the supported values: @@ -417,10 +417,10 @@ The following list shows the supported values: **Experience/AllowSaveAsOfOfficeFiles** - + This policy is deprecated. - +
    @@ -428,7 +428,7 @@ This policy is deprecated. **Experience/AllowScreenCapture** - + @@ -450,8 +450,8 @@ This policy is deprecated.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -459,8 +459,8 @@ This policy is deprecated.
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. @@ -469,7 +469,7 @@ Specifies whether screen capture is allowed. Most restricted value is 0. - + The following list shows the supported values: @@ -484,10 +484,10 @@ The following list shows the supported values: **Experience/AllowSharingOfOfficeFiles** - + This policy is deprecated. - +
    @@ -495,7 +495,7 @@ This policy is deprecated. **Experience/AllowSyncMySettings** - + @@ -517,8 +517,8 @@ This policy is deprecated.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -526,11 +526,11 @@ This policy is deprecated.
    - - + + Allows or disallows all Windows sync settings on the device. For information about what settings are sync'ed, see [About sync setting on Windows 10 devices](http://windows.microsoft.com/windows-10/about-sync-settings-on-windows-10-devices). - + The following list shows the supported values: @@ -545,7 +545,7 @@ The following list shows the supported values: **Experience/AllowTailoredExperiencesWithDiagnosticData** - + @@ -567,8 +567,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -576,8 +576,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -589,7 +589,7 @@ Diagnostic data can include browser, app and feature usage, depending on the "Di Most restricted value is 0. - + The following list shows the supported values: @@ -604,7 +604,7 @@ The following list shows the supported values: **Experience/AllowTaskSwitcher** - + @@ -626,8 +626,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -635,15 +635,15 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. Allows or disallows task switching on the device. - + The following list shows the supported values: @@ -658,7 +658,7 @@ The following list shows the supported values: **Experience/AllowThirdPartySuggestionsInWindowsSpotlight** - + @@ -680,8 +680,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -689,15 +689,15 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only available for Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education. Specifies whether to allow app and content suggestions from third-party software publishers in Windows spotlight features like lock screen spotlight, suggested apps in the Start menu, and Windows tips. Users may still see suggestions for Microsoft features, apps, and services. - + The following list shows the supported values: @@ -712,7 +712,7 @@ The following list shows the supported values: **Experience/AllowVoiceRecording** - + @@ -734,8 +734,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -743,8 +743,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. @@ -753,7 +753,7 @@ Specifies whether voice recording is allowed for apps. Most restricted value is 0. - + The following list shows the supported values: @@ -768,7 +768,7 @@ The following list shows the supported values: **Experience/AllowWindowsConsumerFeatures** - + @@ -790,8 +790,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -799,8 +799,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -809,7 +809,7 @@ This policy allows IT admins to turn on experiences that are typically for consu Most restricted value is 0. - + The following list shows the supported values: @@ -824,7 +824,7 @@ The following list shows the supported values: **Experience/AllowWindowsSpotlight** - + @@ -846,8 +846,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -855,8 +855,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only available for Windows 10 Enterprise and Windows 10 Education. @@ -865,7 +865,7 @@ Specifies whether to turn off all Windows spotlight features at once. If you ena Most restricted value is 0. - + The following list shows the supported values: @@ -880,7 +880,7 @@ The following list shows the supported values: **Experience/AllowWindowsSpotlightOnActionCenter** - + @@ -902,8 +902,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -911,8 +911,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -920,7 +920,7 @@ Added in Windows 10, version 1703. This policy allows administrators to prevent Most restricted value is 0. - + The following list shows the supported values: @@ -935,7 +935,7 @@ The following list shows the supported values: **Experience/AllowWindowsSpotlightWindowsWelcomeExperience** - + @@ -957,8 +957,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -966,8 +966,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -976,7 +976,7 @@ The Windows welcome experience feature introduces onboard users to Windows; for Most restricted value is 0. - + The following list shows the supported values: @@ -991,7 +991,7 @@ The following list shows the supported values: **Experience/AllowWindowsTips** - + @@ -1013,8 +1013,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1022,11 +1022,11 @@ The following list shows the supported values:
    - - + + Enables or disables Windows Tips / soft landing. - + The following list shows the supported values: @@ -1041,7 +1041,7 @@ The following list shows the supported values: **Experience/ConfigureWindowsSpotlightOnLockScreen** - + @@ -1063,8 +1063,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1072,8 +1072,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only available for Windows 10 Enterprise and Windows 10 Education. @@ -1086,7 +1086,7 @@ The following list shows the supported values: - 1 (default) – Windows spotlight enabled. - 2 – placeholder only for future extension. Using this value has no effect. - +
    @@ -1094,7 +1094,7 @@ The following list shows the supported values: **Experience/DoNotShowFeedbackNotifications** - + @@ -1116,8 +1116,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1125,8 +1125,8 @@ The following list shows the supported values:
    - - + + Prevents devices from showing feedback questions from Microsoft. If you enable this policy setting, users will no longer see feedback notifications through the Feedback hub app. If you disable or do not configure this policy setting, users may see notifications through the Feedback hub app asking users for feedback. @@ -1138,7 +1138,7 @@ The following list shows the supported values: - 0 (default) – Feedback notifications are not disabled. The actual state of feedback notifications on the device will then depend on what GP has configured or what the user has configured locally. - 1 – Feedback notifications are disabled. - +
    diff --git a/windows/client-management/mdm/policy-csp-exploitguard.md b/windows/client-management/mdm/policy-csp-exploitguard.md index c5da5ddb2d..ba0ff86d79 100644 --- a/windows/client-management/mdm/policy-csp-exploitguard.md +++ b/windows/client-management/mdm/policy-csp-exploitguard.md @@ -30,7 +30,7 @@ ms.date: 01/29/2018 **ExploitGuard/ExploitProtectionSettings** - + @@ -52,8 +52,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -61,8 +61,8 @@ ms.date: 01/29/2018
    - - + + Enables the IT admin to push out a configuration representing the desired system and application mitigation options to all the devices in the organization. The configuration is represented by an XML. For more information Exploit Protection, see [Protect devices from exploits with Windows Defender Exploit Guard](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard) and [Import, export, and deploy Exploit Protection configurations](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml). The system settings require a reboot; the application settings do not require a reboot. @@ -92,7 +92,7 @@ Here is an example: ``` - +
    diff --git a/windows/client-management/mdm/policy-csp-games.md b/windows/client-management/mdm/policy-csp-games.md index d0db2bf70f..51f293f7b8 100644 --- a/windows/client-management/mdm/policy-csp-games.md +++ b/windows/client-management/mdm/policy-csp-games.md @@ -30,7 +30,7 @@ ms.date: 01/29/2018 **Games/AllowAdvancedGamingServices** - + @@ -52,8 +52,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -61,11 +61,11 @@ ms.date: 01/29/2018
    - - + + Added in Windows 10, version 1709. Specifies whether advanced gaming services can be used. These services may send data to Microsoft or publishers of games that use these services. Value type is integer. - + The following list shows the supported values: diff --git a/windows/client-management/mdm/policy-csp-handwriting.md b/windows/client-management/mdm/policy-csp-handwriting.md index 98cb777d45..15016063fb 100644 --- a/windows/client-management/mdm/policy-csp-handwriting.md +++ b/windows/client-management/mdm/policy-csp-handwriting.md @@ -30,7 +30,7 @@ ms.date: 01/29/2018 **Handwriting/PanelDefaultModeDocked** - + @@ -52,8 +52,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -61,8 +61,8 @@ ms.date: 01/29/2018
    - - + + Added in Windows 10. version 1709. This policy allows an enterprise to configure the default mode for the handwriting panel. The handwriting panel has 2 modes - floats near the text box, or docked to the bottom of the screen. The default configuration to is floating near text box. If you want the panel to be fixed or docked, use this policy to fix it to the bottom of the screen. @@ -71,7 +71,7 @@ In floating mode, the content is hidden behind a flying-in panel and results in The docked mode is especially useful in Kiosk mode where you do not expect the end-user to drag the flying-in panel out of the way. - + The following list shows the supported values: diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md index 8eb6808dbe..2b29a32684 100644 --- a/windows/client-management/mdm/policy-csp-internetexplorer.md +++ b/windows/client-management/mdm/policy-csp-internetexplorer.md @@ -756,7 +756,7 @@ ms.date: 01/29/2018 **InternetExplorer/AddSearchProvider** - + @@ -778,8 +778,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -788,15 +788,15 @@ ms.date: 01/29/2018
    - - + + This policy setting allows you to add a specific list of search providers to the user's default list of search providers. Normally, search providers can be added from third-party toolbars or in Setup. The user can also add a search provider from the provider's website. If you enable this policy setting, the user can add and remove search providers, but only from the set of search providers specified in the list of policy keys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). Note: This list can be created from a custom administrative template file. For information about creating this custom administrative template file, see the Internet Explorer documentation on search providers. If you disable or do not configure this policy setting, the user can configure their list of search providers unless another policy setting restricts such configuration. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -804,14 +804,14 @@ If you disable or do not configure this policy setting, the user can configure t > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Add a specific list of search providers to the user's list of search providers* - GP name: *AddSearchProvider* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* - +
    @@ -819,7 +819,7 @@ ADMX Info: **InternetExplorer/AllowActiveXFiltering** - + @@ -841,8 +841,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -851,15 +851,15 @@ ADMX Info:
    - - + + This policy setting controls the ActiveX Filtering feature for websites that are running ActiveX controls. The user can choose to turn off ActiveX Filtering for specific websites so that ActiveX controls can run properly. If you enable this policy setting, ActiveX Filtering is enabled by default for the user. The user cannot turn off ActiveX Filtering, although they may add per-site exceptions. If you disable or do not configure this policy setting, ActiveX Filtering is not enabled by default for the user. The user can turn ActiveX Filtering on or off. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -867,14 +867,14 @@ If you disable or do not configure this policy setting, ActiveX Filtering is not > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn on ActiveX Filtering* - GP name: *TurnOnActiveXFiltering* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* - +
    @@ -882,7 +882,7 @@ ADMX Info: **InternetExplorer/AllowAddOnList** - + @@ -904,8 +904,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -914,8 +914,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage a list of add-ons to be allowed or denied by Internet Explorer. Add-ons in this case are controls like ActiveX Controls, Toolbars, and Browser Helper Objects (BHOs) which are specifically written to extend or enhance the functionality of the browser or web pages. This list can be used with the 'Deny all add-ons unless specifically allowed in the Add-on List' policy setting, which defines whether add-ons not listed here are assumed to be denied. @@ -928,7 +928,7 @@ Value - A number indicating whether Internet Explorer should deny or allow the a If you disable this policy setting, the list is deleted. The 'Deny all add-ons unless specifically allowed in the Add-on List' policy setting will still determine whether add-ons not in this list are assumed to be denied. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -936,14 +936,14 @@ If you disable this policy setting, the list is deleted. The 'Deny all add-ons u > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Add-on List* - GP name: *AddonManagement_AddOnList* - GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management* - GP ADMX file name: *inetres.admx* - +
    @@ -951,7 +951,7 @@ ADMX Info: **InternetExplorer/AllowAutoComplete** - + @@ -973,8 +973,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -982,10 +982,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -993,14 +993,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn on the auto-complete feature for user names and passwords on forms* - GP name: *RestrictFormSuggestPW* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* - +
    @@ -1008,7 +1008,7 @@ ADMX Info: **InternetExplorer/AllowCertificateAddressMismatchWarning** - + @@ -1030,8 +1030,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1040,10 +1040,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1051,14 +1051,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn on certificate address mismatch warning* - GP name: *IZ_PolicyWarnCertMismatch* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* - +
    @@ -1066,7 +1066,7 @@ ADMX Info: **InternetExplorer/AllowDeletingBrowsingHistoryOnExit** - + @@ -1088,8 +1088,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1098,10 +1098,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1109,14 +1109,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow deleting browsing history on exit* - GP name: *DBHDisableDeleteOnExit* - GP path: *Windows Components/Internet Explorer/Delete Browsing History* - GP ADMX file name: *inetres.admx* - +
    @@ -1124,7 +1124,7 @@ ADMX Info: **InternetExplorer/AllowEnhancedProtectedMode** - + @@ -1146,8 +1146,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1156,8 +1156,8 @@ ADMX Info:
    - - + + Enhanced Protected Mode provides additional protection against malicious websites by using 64-bit processes on 64-bit versions of Windows. For computers running at least Windows 8, Enhanced Protected Mode also limits the locations Internet Explorer can read from in the registry and the file system. If you enable this policy setting, Enhanced Protected Mode will be turned on. Any zone that has Protected Mode enabled will use Enhanced Protected Mode. Users will not be able to disable Enhanced Protected Mode. @@ -1166,7 +1166,7 @@ If you disable this policy setting, Enhanced Protected Mode will be turned off. If you do not configure this policy, users will be able to turn on or turn off Enhanced Protected Mode on the Advanced tab of the Internet Options dialog. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1174,14 +1174,14 @@ If you do not configure this policy, users will be able to turn on or turn off E > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn on Enhanced Protected Mode* - GP name: *Advanced_EnableEnhancedProtectedMode* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* - GP ADMX file name: *inetres.admx* - +
    @@ -1189,7 +1189,7 @@ ADMX Info: **InternetExplorer/AllowEnterpriseModeFromToolsMenu** - + @@ -1211,8 +1211,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1221,15 +1221,15 @@ ADMX Info:
    - - + + This policy setting lets you decide whether users can turn on Enterprise Mode for websites with compatibility issues. Optionally, this policy also lets you specify where to get reports (through post messages) about the websites for which users turn on Enterprise Mode using the Tools menu. If you turn this setting on, users can see and use the Enterprise Mode option from the Tools menu. If you turn this setting on, but don't specify a report location, Enterprise Mode will still be available to your users, but you won't get any reports. If you disable or don't configure this policy setting, the menu option won't appear and users won't be able to run websites in Enterprise Mode. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1237,14 +1237,14 @@ If you disable or don't configure this policy setting, the menu option won't app > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Let users turn on and use Enterprise Mode from the Tools menu* - GP name: *EnterpriseModeEnable* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* - +
    @@ -1252,7 +1252,7 @@ ADMX Info: **InternetExplorer/AllowEnterpriseModeSiteList** - + @@ -1274,8 +1274,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1284,15 +1284,15 @@ ADMX Info:
    - - + + This policy setting lets you specify where to find the list of websites you want opened using Enterprise Mode IE, instead of Standard mode, because of compatibility issues. Users can't edit this list. If you enable this policy setting, Internet Explorer downloads the website list from your location (HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\Main\EnterpriseMode), opening all listed websites using Enterprise Mode IE. If you disable or don't configure this policy setting, Internet Explorer opens all websites using Standards mode. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1300,14 +1300,14 @@ If you disable or don't configure this policy setting, Internet Explorer opens a > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Use the Enterprise Mode IE website list* - GP name: *EnterpriseModeSiteList* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* - +
    @@ -1315,7 +1315,7 @@ ADMX Info: **InternetExplorer/AllowFallbackToSSL3** - + @@ -1337,8 +1337,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1346,10 +1346,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1357,14 +1357,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow fallback to SSL 3.0 (Internet Explorer)* - GP name: *Advanced_EnableSSL3Fallback* - GP path: *Windows Components/Internet Explorer/Security Features* - GP ADMX file name: *inetres.admx* - +
    @@ -1372,7 +1372,7 @@ ADMX Info: **InternetExplorer/AllowInternetExplorer7PolicyList** - + @@ -1394,8 +1394,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1404,15 +1404,15 @@ ADMX Info:
    - - + + This policy setting allows you to add specific sites that must be viewed in Internet Explorer 7 Compatibility View. If you enable this policy setting, the user can add and remove sites from the list, but the user cannot remove the entries that you specify. If you disable or do not configure this policy setting, the user can add and remove sites from the list. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1420,14 +1420,14 @@ If you disable or do not configure this policy setting, the user can add and rem > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Use Policy List of Internet Explorer 7 sites* - GP name: *CompatView_UsePolicyList* - GP path: *Windows Components/Internet Explorer/Compatibility View* - GP ADMX file name: *inetres.admx* - +
    @@ -1435,7 +1435,7 @@ ADMX Info: **InternetExplorer/AllowInternetExplorerStandardsMode** - + @@ -1457,8 +1457,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1467,8 +1467,8 @@ ADMX Info:
    - - + + This policy setting controls how Internet Explorer displays local intranet content. Intranet content is defined as any webpage that belongs to the local intranet security zone. If you enable this policy setting, Internet Explorer uses the current user agent string for local intranet content. Additionally, all local intranet Standards Mode pages appear in the Standards Mode available with the latest version of Internet Explorer. The user cannot change this behavior through the Compatibility View Settings dialog box. @@ -1477,7 +1477,7 @@ If you disable this policy setting, Internet Explorer uses an Internet Explorer If you do not configure this policy setting, Internet Explorer uses an Internet Explorer 7 user agent string (with an additional string appended) for local intranet content. Additionally, all local intranet Standards Mode pages appear in Internet Explorer 7 Standards Mode. This option results in the greatest compatibility with existing webpages, but newer content written to common Internet standards may be displayed incorrectly. This option matches the default behavior of Internet Explorer. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1485,14 +1485,14 @@ If you do not configure this policy setting, Internet Explorer uses an Internet > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn on Internet Explorer Standards Mode for local intranet* - GP name: *CompatView_IntranetSites* - GP path: *Windows Components/Internet Explorer/Compatibility View* - GP ADMX file name: *inetres.admx* - +
    @@ -1500,7 +1500,7 @@ ADMX Info: **InternetExplorer/AllowInternetZoneTemplate** - + @@ -1522,8 +1522,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1532,8 +1532,8 @@ ADMX Info:
    - - + + This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults. @@ -1546,7 +1546,7 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1554,14 +1554,14 @@ Note. It is recommended to configure template policy settings in one Group Polic > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Internet Zone Template* - GP name: *IZ_PolicyInternetZoneTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* - +
    @@ -1569,7 +1569,7 @@ ADMX Info: **InternetExplorer/AllowIntranetZoneTemplate** - + @@ -1591,8 +1591,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1601,8 +1601,8 @@ ADMX Info:
    - - + + This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults. @@ -1615,7 +1615,7 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1623,14 +1623,14 @@ Note. It is recommended to configure template policy settings in one Group Polic > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Intranet Zone Template* - GP name: *IZ_PolicyIntranetZoneTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* - +
    @@ -1638,7 +1638,7 @@ ADMX Info: **InternetExplorer/AllowLocalMachineZoneTemplate** - + @@ -1660,8 +1660,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1670,8 +1670,8 @@ ADMX Info:
    - - + + This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults. @@ -1684,7 +1684,7 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1692,14 +1692,14 @@ Note. It is recommended to configure template policy settings in one Group Polic > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Local Machine Zone Template* - GP name: *IZ_PolicyLocalMachineZoneTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* - +
    @@ -1707,7 +1707,7 @@ ADMX Info: **InternetExplorer/AllowLockedDownInternetZoneTemplate** - + @@ -1729,8 +1729,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1739,8 +1739,8 @@ ADMX Info:
    - - + + This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults. @@ -1753,7 +1753,7 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1761,14 +1761,14 @@ Note. It is recommended to configure template policy settings in one Group Polic > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Locked-Down Internet Zone Template* - GP name: *IZ_PolicyInternetZoneLockdownTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* - +
    @@ -1776,7 +1776,7 @@ ADMX Info: **InternetExplorer/AllowLockedDownIntranetZoneTemplate** - + @@ -1798,8 +1798,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1808,8 +1808,8 @@ ADMX Info:
    - - + + This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults. @@ -1822,7 +1822,7 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1830,14 +1830,14 @@ Note. It is recommended to configure template policy settings in one Group Polic > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Locked-Down Intranet Zone Template* - GP name: *IZ_PolicyIntranetZoneLockdownTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* - +
    @@ -1845,7 +1845,7 @@ ADMX Info: **InternetExplorer/AllowLockedDownLocalMachineZoneTemplate** - + @@ -1867,8 +1867,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1877,8 +1877,8 @@ ADMX Info:
    - - + + This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults. @@ -1891,7 +1891,7 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1899,14 +1899,14 @@ Note. It is recommended to configure template policy settings in one Group Polic > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Locked-Down Local Machine Zone Template* - GP name: *IZ_PolicyLocalMachineZoneLockdownTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* - +
    @@ -1914,7 +1914,7 @@ ADMX Info: **InternetExplorer/AllowLockedDownRestrictedSitesZoneTemplate** - + @@ -1936,8 +1936,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1946,8 +1946,8 @@ ADMX Info:
    - - + + This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults. @@ -1960,7 +1960,7 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1968,14 +1968,14 @@ Note. It is recommended to configure template policy settings in one Group Polic > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Locked-Down Restricted Sites Zone Template* - GP name: *IZ_PolicyRestrictedSitesZoneLockdownTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* - +
    @@ -1983,7 +1983,7 @@ ADMX Info: **InternetExplorer/AllowOneWordEntry** - + @@ -2005,8 +2005,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2015,15 +2015,15 @@ ADMX Info:
    - - + + This policy allows the user to go directly to an intranet site for a one-word entry in the Address bar. If you enable this policy setting, Internet Explorer goes directly to an intranet site for a one-word entry in the Address bar, if it is available. If you disable or do not configure this policy setting, Internet Explorer does not go directly to an intranet site for a one-word entry in the Address bar. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -2031,14 +2031,14 @@ If you disable or do not configure this policy setting, Internet Explorer does n > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Go to an intranet site for a one-word entry in the Address bar* - GP name: *UseIntranetSiteForOneWordEntry* - GP path: *Windows Components/Internet Explorer/Internet Settings/Advanced settings/Browsing* - GP ADMX file name: *inetres.admx* - +
    @@ -2046,7 +2046,7 @@ ADMX Info: **InternetExplorer/AllowSiteToZoneAssignmentList** - + @@ -2068,8 +2068,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2078,8 +2078,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage a list of sites that you want to associate with a particular security zone. These zone numbers have associated security settings that apply to all of the sites in the zone. Internet Explorer has 4 security zones, numbered 1-4, and these are used by this policy setting to associate sites to zones. They are: (1) Intranet zone, (2) Trusted Sites zone, (3) Internet zone, and (4) Restricted Sites zone. Security settings can be set for each of these zones through other policy settings, and their default settings are: Trusted Sites zone (Low template), Intranet zone (Medium-Low template), Internet zone (Medium template), and Restricted Sites zone (High template). (The Local Machine zone and its locked down equivalent have special security settings that protect your local computer.) @@ -2092,7 +2092,7 @@ Value - A number indicating the zone with which this site should be associated f If you disable or do not configure this policy, users may choose their own site-to-zone assignments. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -2100,14 +2100,14 @@ If you disable or do not configure this policy, users may choose their own site- > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Site to Zone Assignment List* - GP name: *IZ_Zonemaps* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* - +
    @@ -2115,7 +2115,7 @@ ADMX Info: **InternetExplorer/AllowSoftwareWhenSignatureIsInvalid** - + @@ -2137,8 +2137,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2147,10 +2147,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -2158,14 +2158,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow software to run or install even if the signature is invalid* - GP name: *Advanced_InvalidSignatureBlock* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* - GP ADMX file name: *inetres.admx* - +
    @@ -2173,7 +2173,7 @@ ADMX Info: **InternetExplorer/AllowSuggestedSites** - + @@ -2195,8 +2195,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2205,8 +2205,8 @@ ADMX Info:
    - - + + This policy setting controls the Suggested Sites feature, which recommends websites based on the users browsing activity. Suggested Sites reports a users browsing history to Microsoft to suggest sites that the user might want to visit. If you enable this policy setting, the user is not prompted to enable Suggested Sites. The users browsing history is sent to Microsoft to produce suggestions. @@ -2215,7 +2215,7 @@ If you disable this policy setting, the entry points and functionality associate If you do not configure this policy setting, the user can turn on and turn off the Suggested Sites feature. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -2223,14 +2223,14 @@ If you do not configure this policy setting, the user can turn on and turn off t > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn on Suggested Sites* - GP name: *EnableSuggestedSites* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* - +
    @@ -2238,7 +2238,7 @@ ADMX Info: **InternetExplorer/AllowTrustedSitesZoneTemplate** - + @@ -2260,8 +2260,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2270,8 +2270,8 @@ ADMX Info:
    - - + + This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults. @@ -2284,7 +2284,7 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -2292,14 +2292,14 @@ Note. It is recommended to configure template policy settings in one Group Polic > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Trusted Sites Zone Template* - GP name: *IZ_PolicyTrustedSitesZoneTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* - +
    @@ -2307,7 +2307,7 @@ ADMX Info: **InternetExplorer/AllowsLockedDownTrustedSitesZoneTemplate** - + @@ -2329,8 +2329,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2339,8 +2339,8 @@ ADMX Info:
    - - + + This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults. @@ -2353,7 +2353,7 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -2361,14 +2361,14 @@ Note. It is recommended to configure template policy settings in one Group Polic > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Locked-Down Trusted Sites Zone Template* - GP name: *IZ_PolicyTrustedSitesZoneLockdownTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* - +
    @@ -2376,7 +2376,7 @@ ADMX Info: **InternetExplorer/AllowsRestrictedSitesZoneTemplate** - + @@ -2398,8 +2398,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2408,8 +2408,8 @@ ADMX Info:
    - - + + This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults. @@ -2422,7 +2422,7 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -2430,14 +2430,14 @@ Note. It is recommended to configure template policy settings in one Group Polic > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Restricted Sites Zone Template* - GP name: *IZ_PolicyRestrictedSitesZoneTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* - +
    @@ -2445,7 +2445,7 @@ ADMX Info: **InternetExplorer/CheckServerCertificateRevocation** - + @@ -2467,8 +2467,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2477,10 +2477,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -2488,14 +2488,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Check for server certificate revocation* - GP name: *Advanced_CertificateRevocation* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* - GP ADMX file name: *inetres.admx* - +
    @@ -2503,7 +2503,7 @@ ADMX Info: **InternetExplorer/CheckSignaturesOnDownloadedPrograms** - + @@ -2525,8 +2525,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2535,10 +2535,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -2546,14 +2546,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Check for signatures on downloaded programs* - GP name: *Advanced_DownloadSignatures* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* - GP ADMX file name: *inetres.admx* - +
    @@ -2561,7 +2561,7 @@ ADMX Info: **InternetExplorer/ConsistentMimeHandlingInternetExplorerProcesses** - + @@ -2583,8 +2583,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2593,10 +2593,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -2604,14 +2604,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Internet Explorer Processes* - GP name: *IESF_PolicyExplorerProcesses_2* - GP path: *Windows Components/Internet Explorer/Security Features/Binary Behavior Security Restriction* - GP ADMX file name: *inetres.admx* - +
    @@ -2619,7 +2619,7 @@ ADMX Info: **InternetExplorer/DisableAdobeFlash** - + @@ -2641,8 +2641,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2651,8 +2651,8 @@ ADMX Info:
    - - + + This policy setting turns off Adobe Flash in Internet Explorer and prevents applications from using Internet Explorer technology to instantiate Flash objects. If you enable this policy setting, Flash is turned off for Internet Explorer, and applications cannot use Internet Explorer technology to instantiate Flash objects. In the Manage Add-ons dialog box, the Flash status will be 'Disabled', and users cannot enable Flash. If you enable this policy setting, Internet Explorer will ignore settings made for Adobe Flash through the "Add-on List" and "Deny all add-ons unless specifically allowed in the Add-on List" policy settings. @@ -2661,7 +2661,7 @@ If you disable, or do not configure this policy setting, Flash is turned on for Note that Adobe Flash can still be disabled through the "Add-on List" and "Deny all add-ons unless specifically allowed in the Add-on List" policy settings, even if this policy setting is disabled, or not configured. However, if Adobe Flash is disabled through the "Add-on List" and "Deny all add-ons unless specifically allowed in the Add-on List" policy settings and not through this policy setting, all applications that use Internet Explorer technology to instantiate Flash object can still do so. For more information, see "Group Policy Settings in Internet Explorer 10" in the Internet Explorer TechNet library. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -2669,14 +2669,14 @@ Note that Adobe Flash can still be disabled through the "Add-on List" and "Deny > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects* - GP name: *DisableFlashInIE* - GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management* - GP ADMX file name: *inetres.admx* - +
    @@ -2684,7 +2684,7 @@ ADMX Info: **InternetExplorer/DisableBypassOfSmartScreenWarnings** - + @@ -2706,8 +2706,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2716,15 +2716,15 @@ ADMX Info:
    - - + + This policy setting determines whether the user can bypass warnings from SmartScreen Filter. SmartScreen Filter prevents the user from browsing to or downloading from sites that are known to host malicious content. SmartScreen Filter also prevents the execution of files that are known to be malicious. If you enable this policy setting, SmartScreen Filter warnings block the user. If you disable or do not configure this policy setting, the user can bypass SmartScreen Filter warnings. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -2732,14 +2732,14 @@ If you disable or do not configure this policy setting, the user can bypass Smar > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Prevent bypassing SmartScreen Filter warnings* - GP name: *DisableSafetyFilterOverride* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* - +
    @@ -2747,7 +2747,7 @@ ADMX Info: **InternetExplorer/DisableBypassOfSmartScreenWarningsAboutUncommonFiles** - + @@ -2769,8 +2769,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2779,15 +2779,15 @@ ADMX Info:
    - - + + This policy setting determines whether the user can bypass warnings from SmartScreen Filter. SmartScreen Filter warns the user about executable files that Internet Explorer users do not commonly download from the Internet. If you enable this policy setting, SmartScreen Filter warnings block the user. If you disable or do not configure this policy setting, the user can bypass SmartScreen Filter warnings. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -2795,14 +2795,14 @@ If you disable or do not configure this policy setting, the user can bypass Smar > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet* - GP name: *DisableSafetyFilterOverrideForAppRepUnknown* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* - +
    @@ -2810,7 +2810,7 @@ ADMX Info: **InternetExplorer/DisableConfiguringHistory** - + @@ -2832,8 +2832,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2842,10 +2842,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -2853,14 +2853,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Disable "Configuring History"* - GP name: *RestrictHistory* - GP path: *Windows Components/Internet Explorer/Delete Browsing History* - GP ADMX file name: *inetres.admx* - +
    @@ -2868,7 +2868,7 @@ ADMX Info: **InternetExplorer/DisableCrashDetection** - + @@ -2890,8 +2890,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2900,10 +2900,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -2911,14 +2911,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn off Crash Detection* - GP name: *AddonManagement_RestrictCrashDetection* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* - +
    @@ -2926,7 +2926,7 @@ ADMX Info: **InternetExplorer/DisableCustomerExperienceImprovementProgramParticipation** - + @@ -2948,8 +2948,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2958,8 +2958,8 @@ ADMX Info:
    - - + + This policy setting prevents the user from participating in the Customer Experience Improvement Program (CEIP). If you enable this policy setting, the user cannot participate in the CEIP, and the Customer Feedback Options command does not appear on the Help menu. @@ -2968,7 +2968,7 @@ If you disable this policy setting, the user must participate in the CEIP, and t If you do not configure this policy setting, the user can choose to participate in the CEIP. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -2976,14 +2976,14 @@ If you do not configure this policy setting, the user can choose to participate > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Prevent participation in the Customer Experience Improvement Program* - GP name: *SQM_DisableCEIP* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* - +
    @@ -2991,7 +2991,7 @@ ADMX Info: **InternetExplorer/DisableDeletingUserVisitedWebsites** - + @@ -3013,8 +3013,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3023,10 +3023,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -3034,14 +3034,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Prevent deleting websites that the user has visited* - GP name: *DBHDisableDeleteHistory* - GP path: *Windows Components/Internet Explorer/Delete Browsing History* - GP ADMX file name: *inetres.admx* - +
    @@ -3049,7 +3049,7 @@ ADMX Info: **InternetExplorer/DisableEnclosureDownloading** - + @@ -3071,8 +3071,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3081,15 +3081,15 @@ ADMX Info:
    - - + + This policy setting prevents the user from having enclosures (file attachments) downloaded from a feed to the user's computer. If you enable this policy setting, the user cannot set the Feed Sync Engine to download an enclosure through the Feed property page. A developer cannot change the download setting through the Feed APIs. If you disable or do not configure this policy setting, the user can set the Feed Sync Engine to download an enclosure through the Feed property page. A developer can change the download setting through the Feed APIs. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -3097,14 +3097,14 @@ If you disable or do not configure this policy setting, the user can set the Fee > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Prevent downloading of enclosures* - GP name: *Disable_Downloading_of_Enclosures* - GP path: *Windows Components/RSS Feeds* - GP ADMX file name: *inetres.admx* - +
    @@ -3112,7 +3112,7 @@ ADMX Info: **InternetExplorer/DisableEncryptionSupport** - + @@ -3134,8 +3134,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3144,8 +3144,8 @@ ADMX Info:
    - - + + This policy setting allows you to turn off support for Transport Layer Security (TLS) 1.0, TLS 1.1, TLS 1.2, Secure Sockets Layer (SSL) 2.0, or SSL 3.0 in the browser. TLS and SSL are protocols that help protect communication between the browser and the target server. When the browser attempts to set up a protected communication with the target server, the browser and server negotiate which protocol and version to use. The browser and server attempt to match each others list of supported protocols and versions, and they select the most preferred match. If you enable this policy setting, the browser negotiates or does not negotiate an encryption tunnel by using the encryption methods that you select from the drop-down list. @@ -3154,7 +3154,7 @@ If you disable or do not configure this policy setting, the user can select whic Note: SSL 2.0 is off by default and is no longer supported starting with Windows 10 Version 1607. SSL 2.0 is an outdated security protocol, and enabling SSL 2.0 impairs the performance and functionality of TLS 1.0. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -3162,14 +3162,14 @@ Note: SSL 2.0 is off by default and is no longer supported starting with Windows > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn off encryption support* - GP name: *Advanced_SetWinInetProtocols* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* - GP ADMX file name: *inetres.admx* - +
    @@ -3177,7 +3177,7 @@ ADMX Info: **InternetExplorer/DisableFirstRunWizard** - + @@ -3199,8 +3199,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3209,8 +3209,8 @@ ADMX Info:
    - - + + This policy setting prevents Internet Explorer from running the First Run wizard the first time a user starts the browser after installing Internet Explorer or Windows. If you enable this policy setting, you must make one of the following choices: @@ -3221,7 +3221,7 @@ Starting with Windows 8, the "Welcome to Internet Explorer" webpage is not avail If you disable or do not configure this policy setting, Internet Explorer may run the First Run wizard the first time the browser is started after installation. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -3229,14 +3229,14 @@ If you disable or do not configure this policy setting, Internet Explorer may ru > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Prevent running First Run wizard* - GP name: *NoFirstRunCustomise* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* - +
    @@ -3244,7 +3244,7 @@ ADMX Info: **InternetExplorer/DisableFlipAheadFeature** - + @@ -3266,8 +3266,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3276,8 +3276,8 @@ ADMX Info:
    - - + + This policy setting determines whether a user can swipe across a screen or click Forward to go to the next pre-loaded page of a website. Microsoft collects your browsing history to improve how flip ahead with page prediction works. This feature isn't available for Internet Explorer for the desktop. @@ -3288,7 +3288,7 @@ If you disable this policy setting, flip ahead with page prediction is turned on If you don't configure this setting, users can turn this behavior on or off, using the Settings charm. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -3296,14 +3296,14 @@ If you don't configure this setting, users can turn this behavior on or off, usi > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn off the flip ahead with page prediction feature* - GP name: *Advanced_DisableFlipAhead* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* - GP ADMX file name: *inetres.admx* - +
    @@ -3311,7 +3311,7 @@ ADMX Info: **InternetExplorer/DisableHomePageChange** - + @@ -3333,8 +3333,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3342,15 +3342,15 @@ ADMX Info:
    - - + + The Home page specified on the General tab of the Internet Options dialog box is the default Web page that Internet Explorer loads whenever it is run. If you enable this policy setting, a user cannot set a custom default home page. You must specify which default home page should load on the user machine. For machines with at least Internet Explorer 7, the home page can be set within this policy to override other home page policies. If you disable or do not configure this policy setting, the Home page box is enabled and users can choose their own home page. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -3358,14 +3358,14 @@ If you disable or do not configure this policy setting, the Home page box is ena > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Disable changing home page settings* - GP name: *RestrictHomePage* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* - +
    @@ -3373,7 +3373,7 @@ ADMX Info: **InternetExplorer/DisableIgnoringCertificateErrors** - + @@ -3395,8 +3395,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3405,10 +3405,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -3416,14 +3416,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Prevent ignoring certificate errors* - GP name: *NoCertError* - GP path: *Windows Components/Internet Explorer/Internet Control Panel* - GP ADMX file name: *inetres.admx* - +
    @@ -3431,7 +3431,7 @@ ADMX Info: **InternetExplorer/DisableInPrivateBrowsing** - + @@ -3453,8 +3453,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3463,10 +3463,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -3474,14 +3474,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn off InPrivate Browsing* - GP name: *DisableInPrivateBrowsing* - GP path: *Windows Components/Internet Explorer/Privacy* - GP ADMX file name: *inetres.admx* - +
    @@ -3489,7 +3489,7 @@ ADMX Info: **InternetExplorer/DisableProcessesInEnhancedProtectedMode** - + @@ -3511,8 +3511,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3521,10 +3521,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -3532,14 +3532,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows* - GP name: *Advanced_EnableEnhancedProtectedMode64Bit* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* - GP ADMX file name: *inetres.admx* - +
    @@ -3547,7 +3547,7 @@ ADMX Info: **InternetExplorer/DisableProxyChange** - + @@ -3569,8 +3569,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3579,15 +3579,15 @@ ADMX Info:
    - - + + This policy setting specifies if a user can change proxy settings. If you enable this policy setting, the user will not be able to configure proxy settings. If you disable or do not configure this policy setting, the user can configure proxy settings. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -3595,14 +3595,14 @@ If you disable or do not configure this policy setting, the user can configure p > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Prevent changing proxy settings* - GP name: *RestrictProxy* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* - +
    @@ -3610,7 +3610,7 @@ ADMX Info: **InternetExplorer/DisableSearchProviderChange** - + @@ -3632,8 +3632,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3642,15 +3642,15 @@ ADMX Info:
    - - + + This policy setting prevents the user from changing the default search provider for the Address bar and the toolbar Search box. If you enable this policy setting, the user cannot change the default search provider. If you disable or do not configure this policy setting, the user can change the default search provider. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -3658,14 +3658,14 @@ If you disable or do not configure this policy setting, the user can change the > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Prevent changing the default search provider* - GP name: *NoSearchProvider* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* - +
    @@ -3673,7 +3673,7 @@ ADMX Info: **InternetExplorer/DisableSecondaryHomePageChange** - + @@ -3695,8 +3695,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3705,8 +3705,8 @@ ADMX Info:
    - - + + Secondary home pages are the default Web pages that Internet Explorer loads in separate tabs from the home page whenever the browser is run. This policy setting allows you to set default secondary home pages. If you enable this policy setting, you can specify which default home pages should load as secondary home pages. The user cannot set custom default secondary home pages. @@ -3715,7 +3715,7 @@ If you disable or do not configure this policy setting, the user can add seconda Note: If the Disable Changing Home Page Settings policy is enabled, the user cannot add secondary home pages. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -3723,14 +3723,14 @@ Note: If the Disable Changing Home Page Settings policy is enabled, the user can > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Disable changing secondary home page settings* - GP name: *SecondaryHomePages* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* - +
    @@ -3738,7 +3738,7 @@ ADMX Info: **InternetExplorer/DisableSecuritySettingsCheck** - + @@ -3760,8 +3760,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3770,10 +3770,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -3781,14 +3781,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn off the Security Settings Check feature* - GP name: *Disable_Security_Settings_Check* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* - +
    @@ -3796,7 +3796,7 @@ ADMX Info: **InternetExplorer/DisableUpdateCheck** - + @@ -3818,8 +3818,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3827,8 +3827,8 @@ ADMX Info:
    - - + + Prevents Internet Explorer from checking whether a new version of the browser is available. If you enable this policy, it prevents Internet Explorer from checking to see whether it is the latest available browser version and notifying users if a new version is available. @@ -3837,7 +3837,7 @@ If you disable this policy or do not configure it, Internet Explorer checks ever This policy is intended to help the administrator maintain version control for Internet Explorer by preventing users from being notified about new versions of the browser. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -3845,14 +3845,14 @@ This policy is intended to help the administrator maintain version control for I > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Disable Periodic Check for Internet Explorer software updates* - GP name: *NoUpdateCheck* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* - +
    @@ -3860,7 +3860,7 @@ ADMX Info: **InternetExplorer/DoNotAllowActiveXControlsInProtectedMode** - + @@ -3882,8 +3882,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3892,10 +3892,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -3903,14 +3903,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled* - GP name: *Advanced_DisableEPMCompat* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* - GP ADMX file name: *inetres.admx* - +
    @@ -3918,7 +3918,7 @@ ADMX Info: **InternetExplorer/DoNotAllowUsersToAddSites** - + @@ -3940,8 +3940,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3949,8 +3949,8 @@ ADMX Info:
    - - + + Prevents users from adding or removing sites from security zones. A security zone is a group of Web sites with the same security level. If you enable this policy, the site management settings for security zones are disabled. (To see the site management settings for security zones, in the Internet Options dialog box, click the Security tab, and then click the Sites button.) @@ -3963,7 +3963,7 @@ Note: The "Disable the Security page" policy (located in \User Configuration\Ad Also, see the "Security zones: Use only machine settings" policy. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -3971,14 +3971,14 @@ Also, see the "Security zones: Use only machine settings" policy. > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Security Zones: Do not allow users to add/delete sites* - GP name: *Security_zones_map_edit* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* - +
    @@ -3986,7 +3986,7 @@ ADMX Info: **InternetExplorer/DoNotAllowUsersToChangePolicies** - + @@ -4008,8 +4008,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -4017,8 +4017,8 @@ ADMX Info:
    - - + + Prevents users from changing security zone settings. A security zone is a group of Web sites with the same security level. If you enable this policy, the Custom Level button and security-level slider on the Security tab in the Internet Options dialog box are disabled. @@ -4031,7 +4031,7 @@ Note: The "Disable the Security page" policy (located in \User Configuration\Adm Also, see the "Security zones: Use only machine settings" policy. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -4039,14 +4039,14 @@ Also, see the "Security zones: Use only machine settings" policy. > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Security Zones: Do not allow users to change policies* - GP name: *Security_options_edit* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* - +
    @@ -4054,7 +4054,7 @@ ADMX Info: **InternetExplorer/DoNotBlockOutdatedActiveXControls** - + @@ -4076,8 +4076,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -4086,8 +4086,8 @@ ADMX Info:
    - - + + This policy setting determines whether Internet Explorer blocks specific outdated ActiveX controls. Outdated ActiveX controls are never blocked in the Intranet Zone. If you enable this policy setting, Internet Explorer stops blocking outdated ActiveX controls. @@ -4096,7 +4096,7 @@ If you disable or don't configure this policy setting, Internet Explorer continu For more information, see "Outdated ActiveX Controls" in the Internet Explorer TechNet library. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -4104,14 +4104,14 @@ For more information, see "Outdated ActiveX Controls" in the Internet Explorer T > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn off blocking of outdated ActiveX controls for Internet Explorer* - GP name: *VerMgmtDisable* - GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management* - GP ADMX file name: *inetres.admx* - +
    @@ -4119,7 +4119,7 @@ ADMX Info: **InternetExplorer/DoNotBlockOutdatedActiveXControlsOnSpecificDomains** - + @@ -4141,8 +4141,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -4151,8 +4151,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage a list of domains on which Internet Explorer will stop blocking outdated ActiveX controls. Outdated ActiveX controls are never blocked in the Intranet Zone. If you enable this policy setting, you can enter a custom list of domains for which outdated ActiveX controls won't be blocked in Internet Explorer. Each domain entry must be formatted like one of the following: @@ -4165,7 +4165,7 @@ If you disable or don't configure this policy setting, the list is deleted and I For more information, see "Outdated ActiveX Controls" in the Internet Explorer TechNet library. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -4173,14 +4173,14 @@ For more information, see "Outdated ActiveX Controls" in the Internet Explorer T > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn off blocking of outdated ActiveX controls for Internet Explorer on specific domains* - GP name: *VerMgmtDomainAllowlist* - GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management* - GP ADMX file name: *inetres.admx* - +
    @@ -4188,7 +4188,7 @@ ADMX Info: **InternetExplorer/IncludeAllLocalSites** - + @@ -4210,8 +4210,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -4220,8 +4220,8 @@ ADMX Info:
    - - + + This policy setting controls whether local sites which are not explicitly mapped into any Security Zone are forced into the local Intranet security zone. If you enable this policy setting, local sites which are not explicitly mapped into a zone are considered to be in the Intranet Zone. @@ -4230,7 +4230,7 @@ If you disable this policy setting, local sites which are not explicitly mapped If you do not configure this policy setting, users choose whether to force local sites into the Intranet Zone. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -4238,14 +4238,14 @@ If you do not configure this policy setting, users choose whether to force local > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Intranet Sites: Include all local (intranet) sites not listed in other zones* - GP name: *IZ_IncludeUnspecifiedLocalSites* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* - +
    @@ -4253,7 +4253,7 @@ ADMX Info: **InternetExplorer/IncludeAllNetworkPaths** - + @@ -4275,8 +4275,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -4285,8 +4285,8 @@ ADMX Info:
    - - + + This policy setting controls whether URLs representing UNCs are mapped into the local Intranet security zone. If you enable this policy setting, all network paths are mapped into the Intranet Zone. @@ -4295,7 +4295,7 @@ If you disable this policy setting, network paths are not necessarily mapped int If you do not configure this policy setting, users choose whether network paths are mapped into the Intranet Zone. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -4303,14 +4303,14 @@ If you do not configure this policy setting, users choose whether network paths > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Intranet Sites: Include all network paths (UNCs)* - GP name: *IZ_UNCAsIntranet* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* - +
    @@ -4318,7 +4318,7 @@ ADMX Info: **InternetExplorer/InternetZoneAllowAccessToDataSources** - + @@ -4340,8 +4340,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -4350,8 +4350,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. @@ -4360,7 +4360,7 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -4368,14 +4368,14 @@ If you do not configure this policy setting, users cannot load a page in the zon > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -4383,7 +4383,7 @@ ADMX Info: **InternetExplorer/InternetZoneAllowAutomaticPromptingForActiveXControls** - + @@ -4405,8 +4405,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -4415,8 +4415,8 @@ ADMX Info:
    - - + + This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. @@ -4425,7 +4425,7 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -4433,14 +4433,14 @@ If you do not configure this policy setting, ActiveX control installations will > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -4448,7 +4448,7 @@ ADMX Info: **InternetExplorer/InternetZoneAllowAutomaticPromptingForFileDownloads** - + @@ -4470,8 +4470,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -4480,15 +4480,15 @@ ADMX Info:
    - - + + This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads. If you enable this setting, users will receive a file download dialog for automatic download attempts. If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -4496,14 +4496,14 @@ If you disable or do not configure this setting, file downloads that are not use > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -4511,7 +4511,7 @@ ADMX Info: **InternetExplorer/InternetZoneAllowCopyPasteViaScript** - + @@ -4533,8 +4533,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -4543,10 +4543,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -4554,14 +4554,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow cut, copy or paste operations from the clipboard via script* - GP name: *IZ_PolicyAllowPasteViaScript_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -4569,7 +4569,7 @@ ADMX Info: **InternetExplorer/InternetZoneAllowDragAndDropCopyAndPasteFiles** - + @@ -4591,8 +4591,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -4601,10 +4601,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -4612,14 +4612,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow drag and drop or copy and paste files* - GP name: *IZ_PolicyDropOrPasteFiles_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -4627,7 +4627,7 @@ ADMX Info: **InternetExplorer/InternetZoneAllowFontDownloads** - + @@ -4649,8 +4649,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -4659,8 +4659,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download. @@ -4669,7 +4669,7 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML fonts can be downloaded automatically. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -4677,14 +4677,14 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -4692,7 +4692,7 @@ ADMX Info: **InternetExplorer/InternetZoneAllowLessPrivilegedSites** - + @@ -4714,8 +4714,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -4724,8 +4724,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone. If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. @@ -4734,7 +4734,7 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -4742,14 +4742,14 @@ If you do not configure this policy setting, Web sites from less privileged zone > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -4757,7 +4757,7 @@ ADMX Info: **InternetExplorer/InternetZoneAllowLoadingOfXAMLFiles** - + @@ -4779,8 +4779,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -4789,10 +4789,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -4800,14 +4800,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow loading of XAML files* - GP name: *IZ_Policy_XAML_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -4815,7 +4815,7 @@ ADMX Info: **InternetExplorer/InternetZoneAllowNETFrameworkReliantComponents** - + @@ -4837,8 +4837,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -4847,8 +4847,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. @@ -4857,7 +4857,7 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will execute unsigned managed components. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -4865,14 +4865,14 @@ If you do not configure this policy setting, Internet Explorer will execute unsi > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -4880,7 +4880,7 @@ ADMX Info: **InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls** - + @@ -4902,8 +4902,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -4912,10 +4912,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -4923,14 +4923,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow only approved domains to use ActiveX controls without prompt* - GP name: *IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Internet* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -4938,7 +4938,7 @@ ADMX Info: **InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl** - + @@ -4960,8 +4960,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -4970,10 +4970,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -4981,14 +4981,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow only approved domains to use the TDC ActiveX control* - GP name: *IZ_PolicyAllowTDCControl_Both_Internet* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -4996,7 +4996,7 @@ ADMX Info: **InternetExplorer/InternetZoneAllowScriptInitiatedWindows** - + @@ -5018,8 +5018,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -5028,10 +5028,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5039,14 +5039,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow script-initiated windows without size or position constraints* - GP name: *IZ_PolicyWindowsRestrictionsURLaction_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -5054,7 +5054,7 @@ ADMX Info: **InternetExplorer/InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls** - + @@ -5076,8 +5076,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -5086,10 +5086,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5097,14 +5097,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow scripting of Internet Explorer WebBrowser controls* - GP name: *IZ_Policy_WebBrowserControl_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -5112,7 +5112,7 @@ ADMX Info: **InternetExplorer/InternetZoneAllowScriptlets** - + @@ -5134,8 +5134,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -5144,8 +5144,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run scriptlets. @@ -5154,7 +5154,7 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5162,14 +5162,14 @@ If you do not configure this policy setting, the user can enable or disable scri > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -5177,7 +5177,7 @@ ADMX Info: **InternetExplorer/InternetZoneAllowSmartScreenIE** - + @@ -5199,8 +5199,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -5209,8 +5209,8 @@ ADMX Info:
    - - + + This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content. @@ -5221,7 +5221,7 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5229,14 +5229,14 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -5244,7 +5244,7 @@ ADMX Info: **InternetExplorer/InternetZoneAllowUpdatesToStatusBarViaScript** - + @@ -5266,8 +5266,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -5276,10 +5276,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5287,14 +5287,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow updates to status bar via script* - GP name: *IZ_Policy_ScriptStatusBar_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -5302,7 +5302,7 @@ ADMX Info: **InternetExplorer/InternetZoneAllowUserDataPersistence** - + @@ -5324,8 +5324,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -5334,8 +5334,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured. If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. @@ -5344,7 +5344,7 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5352,14 +5352,14 @@ If you do not configure this policy setting, users can preserve information in t > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -5367,7 +5367,7 @@ ADMX Info: **InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControls** - + @@ -5389,8 +5389,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -5399,10 +5399,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5410,14 +5410,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Don't run antimalware programs against ActiveX controls* - GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -5425,7 +5425,7 @@ ADMX Info: **InternetExplorer/InternetZoneDownloadSignedActiveXControls** - + @@ -5447,8 +5447,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -5457,10 +5457,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5468,14 +5468,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Download signed ActiveX controls* - GP name: *IZ_PolicyDownloadSignedActiveX_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -5483,7 +5483,7 @@ ADMX Info: **InternetExplorer/InternetZoneDownloadUnsignedActiveXControls** - + @@ -5505,8 +5505,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -5515,10 +5515,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5526,14 +5526,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Download unsigned ActiveX controls* - GP name: *IZ_PolicyDownloadUnsignedActiveX_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -5541,7 +5541,7 @@ ADMX Info: **InternetExplorer/InternetZoneEnableCrossSiteScriptingFilter** - + @@ -5563,8 +5563,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -5573,10 +5573,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5584,14 +5584,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn on Cross-Site Scripting Filter* - GP name: *IZ_PolicyTurnOnXSSFilter_Both_Internet* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -5599,7 +5599,7 @@ ADMX Info: **InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows** - + @@ -5621,8 +5621,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -5631,10 +5631,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5642,14 +5642,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Enable dragging of content from different domains across windows* - GP name: *IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Internet* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -5657,7 +5657,7 @@ ADMX Info: **InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows** - + @@ -5679,8 +5679,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -5689,10 +5689,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5700,14 +5700,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Enable dragging of content from different domains within a window* - GP name: *IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Internet* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -5715,7 +5715,7 @@ ADMX Info: **InternetExplorer/InternetZoneEnableMIMESniffing** - + @@ -5737,8 +5737,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -5747,10 +5747,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5758,14 +5758,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Enable MIME Sniffing* - GP name: *IZ_PolicyMimeSniffingURLaction_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -5773,7 +5773,7 @@ ADMX Info: **InternetExplorer/InternetZoneEnableProtectedMode** - + @@ -5795,8 +5795,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -5805,10 +5805,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5816,14 +5816,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn on Protected Mode* - GP name: *IZ_Policy_TurnOnProtectedMode_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -5831,7 +5831,7 @@ ADMX Info: **InternetExplorer/InternetZoneIncludeLocalPathWhenUploadingFilesToServer** - + @@ -5853,8 +5853,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -5863,10 +5863,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5874,14 +5874,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Include local path when user is uploading files to a server* - GP name: *IZ_Policy_LocalPathForUpload_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -5889,7 +5889,7 @@ ADMX Info: **InternetExplorer/InternetZoneInitializeAndScriptActiveXControls** - + @@ -5911,8 +5911,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -5921,8 +5921,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. @@ -5933,7 +5933,7 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5941,14 +5941,14 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -5956,7 +5956,7 @@ ADMX Info: **InternetExplorer/InternetZoneInitializeAndScriptActiveXControlsNotMarkedSafe** - + @@ -5978,10 +5978,10 @@ ADMX Info:
    Home
    - - + + - +
    @@ -5989,7 +5989,7 @@ ADMX Info: **InternetExplorer/InternetZoneJavaPermissions** - + @@ -6011,8 +6011,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -6021,10 +6021,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -6032,14 +6032,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -6047,7 +6047,7 @@ ADMX Info: **InternetExplorer/InternetZoneLaunchingApplicationsAndFilesInIFRAME** - + @@ -6069,8 +6069,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -6079,10 +6079,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -6090,14 +6090,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Launching applications and files in an IFRAME* - GP name: *IZ_PolicyLaunchAppsAndFilesInIFRAME_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -6105,7 +6105,7 @@ ADMX Info: **InternetExplorer/InternetZoneLogonOptions** - + @@ -6127,8 +6127,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -6137,10 +6137,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -6148,14 +6148,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Logon options* - GP name: *IZ_PolicyLogon_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -6163,7 +6163,7 @@ ADMX Info: **InternetExplorer/InternetZoneNavigateWindowsAndFrames** - + @@ -6185,8 +6185,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -6195,8 +6195,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage the opening of windows and frames and access of applications across different domains. If you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. @@ -6205,7 +6205,7 @@ If you disable this policy setting, users cannot open windows and frames to acce If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -6213,14 +6213,14 @@ If you do not configure this policy setting, users can open windows and frames f > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -6228,7 +6228,7 @@ ADMX Info: **InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode** - + @@ -6250,8 +6250,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -6260,10 +6260,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -6271,14 +6271,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Run .NET Framework-reliant components signed with Authenticode* - GP name: *IZ_PolicySignedFrameworkComponentsURLaction_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -6286,7 +6286,7 @@ ADMX Info: **InternetExplorer/InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles** - + @@ -6308,8 +6308,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -6318,10 +6318,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -6329,14 +6329,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Show security warning for potentially unsafe files* - GP name: *IZ_Policy_UnsafeFiles_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -6344,7 +6344,7 @@ ADMX Info: **InternetExplorer/InternetZoneUsePopupBlocker** - + @@ -6366,8 +6366,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -6376,10 +6376,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -6387,14 +6387,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Use Pop-up Blocker* - GP name: *IZ_PolicyBlockPopupWindows_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -6402,7 +6402,7 @@ ADMX Info: **InternetExplorer/IntranetZoneAllowAccessToDataSources** - + @@ -6424,8 +6424,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -6434,8 +6434,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. @@ -6444,7 +6444,7 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -6452,14 +6452,14 @@ If you do not configure this policy setting, users are queried to choose whether > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -6467,7 +6467,7 @@ ADMX Info: **InternetExplorer/IntranetZoneAllowAutomaticPromptingForActiveXControls** - + @@ -6489,8 +6489,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -6499,8 +6499,8 @@ ADMX Info:
    - - + + This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. @@ -6509,7 +6509,7 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -6517,14 +6517,14 @@ If you do not configure this policy setting, users will receive a prompt when a > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -6532,7 +6532,7 @@ ADMX Info: **InternetExplorer/IntranetZoneAllowAutomaticPromptingForFileDownloads** - + @@ -6554,8 +6554,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -6564,15 +6564,15 @@ ADMX Info:
    - - + + This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads. If you enable this setting, users will receive a file download dialog for automatic download attempts. If you disable or do not configure this setting, users will receive a file download dialog for automatic download attempts. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -6580,14 +6580,14 @@ If you disable or do not configure this setting, users will receive a file downl > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -6595,7 +6595,7 @@ ADMX Info: **InternetExplorer/IntranetZoneAllowFontDownloads** - + @@ -6617,8 +6617,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -6627,8 +6627,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download. @@ -6637,7 +6637,7 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML fonts can be downloaded automatically. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -6645,14 +6645,14 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -6660,7 +6660,7 @@ ADMX Info: **InternetExplorer/IntranetZoneAllowLessPrivilegedSites** - + @@ -6682,8 +6682,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -6692,8 +6692,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone. If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. @@ -6702,7 +6702,7 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -6710,14 +6710,14 @@ If you do not configure this policy setting, Web sites from less privileged zone > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -6725,7 +6725,7 @@ ADMX Info: **InternetExplorer/IntranetZoneAllowNETFrameworkReliantComponents** - + @@ -6747,8 +6747,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -6757,8 +6757,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. @@ -6767,7 +6767,7 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will execute unsigned managed components. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -6775,14 +6775,14 @@ If you do not configure this policy setting, Internet Explorer will execute unsi > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -6790,7 +6790,7 @@ ADMX Info: **InternetExplorer/IntranetZoneAllowScriptlets** - + @@ -6812,8 +6812,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -6822,8 +6822,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run scriptlets. @@ -6832,7 +6832,7 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -6840,14 +6840,14 @@ If you do not configure this policy setting, the user can enable or disable scri > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -6855,7 +6855,7 @@ ADMX Info: **InternetExplorer/IntranetZoneAllowSmartScreenIE** - + @@ -6877,8 +6877,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -6887,8 +6887,8 @@ ADMX Info:
    - - + + This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content. @@ -6899,7 +6899,7 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -6907,14 +6907,14 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -6922,7 +6922,7 @@ ADMX Info: **InternetExplorer/IntranetZoneAllowUserDataPersistence** - + @@ -6944,8 +6944,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -6954,8 +6954,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured. If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. @@ -6964,7 +6964,7 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -6972,14 +6972,14 @@ If you do not configure this policy setting, users can preserve information in t > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -6987,7 +6987,7 @@ ADMX Info: **InternetExplorer/IntranetZoneDoNotRunAntimalwareAgainstActiveXControls** - + @@ -7009,8 +7009,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -7019,10 +7019,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -7030,14 +7030,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Don't run antimalware programs against ActiveX controls* - GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -7045,7 +7045,7 @@ ADMX Info: **InternetExplorer/IntranetZoneInitializeAndScriptActiveXControls** - + @@ -7067,8 +7067,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -7077,8 +7077,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. @@ -7089,7 +7089,7 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -7097,14 +7097,14 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -7112,7 +7112,7 @@ ADMX Info: **InternetExplorer/IntranetZoneJavaPermissions** - + @@ -7134,8 +7134,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -7144,10 +7144,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -7155,14 +7155,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -7170,7 +7170,7 @@ ADMX Info: **InternetExplorer/IntranetZoneNavigateWindowsAndFrames** - + @@ -7192,8 +7192,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -7202,8 +7202,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage the opening of windows and frames and access of applications across different domains. If you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. @@ -7212,7 +7212,7 @@ If you disable this policy setting, users cannot open windows and frames to acce If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -7220,14 +7220,14 @@ If you do not configure this policy setting, users can open windows and frames f > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -7235,7 +7235,7 @@ ADMX Info: **InternetExplorer/LocalMachineZoneAllowAccessToDataSources** - + @@ -7257,8 +7257,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -7267,8 +7267,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. @@ -7277,7 +7277,7 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -7285,14 +7285,14 @@ If you do not configure this policy setting, users can load a page in the zone t > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -7300,7 +7300,7 @@ ADMX Info: **InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForActiveXControls** - + @@ -7322,8 +7322,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -7332,8 +7332,8 @@ ADMX Info:
    - - + + This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. @@ -7342,7 +7342,7 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -7350,14 +7350,14 @@ If you do not configure this policy setting, users will receive a prompt when a > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -7365,7 +7365,7 @@ ADMX Info: **InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForFileDownloads** - + @@ -7387,8 +7387,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -7397,15 +7397,15 @@ ADMX Info:
    - - + + This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads. If you enable this setting, users will receive a file download dialog for automatic download attempts. If you disable or do not configure this setting, users will receive a file download dialog for automatic download attempts. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -7413,14 +7413,14 @@ If you disable or do not configure this setting, users will receive a file downl > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -7428,7 +7428,7 @@ ADMX Info: **InternetExplorer/LocalMachineZoneAllowFontDownloads** - + @@ -7450,8 +7450,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -7460,8 +7460,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download. @@ -7470,7 +7470,7 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML fonts can be downloaded automatically. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -7478,14 +7478,14 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -7493,7 +7493,7 @@ ADMX Info: **InternetExplorer/LocalMachineZoneAllowLessPrivilegedSites** - + @@ -7515,8 +7515,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -7525,8 +7525,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone. If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. @@ -7535,7 +7535,7 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -7543,14 +7543,14 @@ If you do not configure this policy setting, the possibly harmful navigations ar > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -7558,7 +7558,7 @@ ADMX Info: **InternetExplorer/LocalMachineZoneAllowNETFrameworkReliantComponents** - + @@ -7580,8 +7580,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -7590,8 +7590,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. @@ -7600,7 +7600,7 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -7608,14 +7608,14 @@ If you do not configure this policy setting, Internet Explorer will not execute > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -7623,7 +7623,7 @@ ADMX Info: **InternetExplorer/LocalMachineZoneAllowScriptlets** - + @@ -7645,8 +7645,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -7655,8 +7655,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run scriptlets. @@ -7665,7 +7665,7 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -7673,14 +7673,14 @@ If you do not configure this policy setting, the user can enable or disable scri > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -7688,7 +7688,7 @@ ADMX Info: **InternetExplorer/LocalMachineZoneAllowSmartScreenIE** - + @@ -7710,8 +7710,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -7720,8 +7720,8 @@ ADMX Info:
    - - + + This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content. @@ -7732,7 +7732,7 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -7740,14 +7740,14 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -7755,7 +7755,7 @@ ADMX Info: **InternetExplorer/LocalMachineZoneAllowUserDataPersistence** - + @@ -7777,8 +7777,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -7787,8 +7787,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured. If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. @@ -7797,7 +7797,7 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -7805,14 +7805,14 @@ If you do not configure this policy setting, users can preserve information in t > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -7820,7 +7820,7 @@ ADMX Info: **InternetExplorer/LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls** - + @@ -7842,8 +7842,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -7852,10 +7852,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -7863,14 +7863,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Don't run antimalware programs against ActiveX controls* - GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -7878,7 +7878,7 @@ ADMX Info: **InternetExplorer/LocalMachineZoneInitializeAndScriptActiveXControls** - + @@ -7900,8 +7900,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -7910,8 +7910,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. @@ -7922,7 +7922,7 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, users are queried whether to allow the control to be loaded with parameters or scripted. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -7930,14 +7930,14 @@ If you do not configure this policy setting, users are queried whether to allow > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -7945,7 +7945,7 @@ ADMX Info: **InternetExplorer/LocalMachineZoneJavaPermissions** - + @@ -7967,8 +7967,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -7977,10 +7977,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -7988,14 +7988,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -8003,7 +8003,7 @@ ADMX Info: **InternetExplorer/LocalMachineZoneNavigateWindowsAndFrames** - + @@ -8025,8 +8025,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -8035,8 +8035,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage the opening of windows and frames and access of applications across different domains. If you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. @@ -8045,7 +8045,7 @@ If you disable this policy setting, users cannot open windows and frames to acce If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -8053,14 +8053,14 @@ If you do not configure this policy setting, users can open windows and frames f > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -8068,7 +8068,7 @@ ADMX Info: **InternetExplorer/LockedDownInternetZoneAllowAccessToDataSources** - + @@ -8090,8 +8090,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -8100,8 +8100,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. @@ -8110,7 +8110,7 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -8118,14 +8118,14 @@ If you do not configure this policy setting, users cannot load a page in the zon > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -8133,7 +8133,7 @@ ADMX Info: **InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls** - + @@ -8155,8 +8155,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -8165,8 +8165,8 @@ ADMX Info:
    - - + + This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. @@ -8175,7 +8175,7 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -8183,14 +8183,14 @@ If you do not configure this policy setting, ActiveX control installations will > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -8198,7 +8198,7 @@ ADMX Info: **InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForFileDownloads** - + @@ -8220,8 +8220,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -8230,15 +8230,15 @@ ADMX Info:
    - - + + This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads. If you enable this setting, users will receive a file download dialog for automatic download attempts. If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -8246,14 +8246,14 @@ If you disable or do not configure this setting, file downloads that are not use > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -8261,7 +8261,7 @@ ADMX Info: **InternetExplorer/LockedDownInternetZoneAllowFontDownloads** - + @@ -8283,8 +8283,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -8293,8 +8293,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download. @@ -8303,7 +8303,7 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML fonts can be downloaded automatically. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -8311,14 +8311,14 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -8326,7 +8326,7 @@ ADMX Info: **InternetExplorer/LockedDownInternetZoneAllowLessPrivilegedSites** - + @@ -8348,8 +8348,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -8358,8 +8358,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone. If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. @@ -8368,7 +8368,7 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -8376,14 +8376,14 @@ If you do not configure this policy setting, the possibly harmful navigations ar > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -8391,7 +8391,7 @@ ADMX Info: **InternetExplorer/LockedDownInternetZoneAllowNETFrameworkReliantComponents** - + @@ -8413,8 +8413,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -8423,8 +8423,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. @@ -8433,7 +8433,7 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -8441,14 +8441,14 @@ If you do not configure this policy setting, Internet Explorer will not execute > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -8456,7 +8456,7 @@ ADMX Info: **InternetExplorer/LockedDownInternetZoneAllowScriptlets** - + @@ -8478,8 +8478,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -8488,8 +8488,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run scriptlets. @@ -8498,7 +8498,7 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -8506,14 +8506,14 @@ If you do not configure this policy setting, the user can enable or disable scri > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -8521,7 +8521,7 @@ ADMX Info: **InternetExplorer/LockedDownInternetZoneAllowSmartScreenIE** - + @@ -8543,8 +8543,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -8553,8 +8553,8 @@ ADMX Info:
    - - + + This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content. @@ -8565,7 +8565,7 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -8573,14 +8573,14 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -8588,7 +8588,7 @@ ADMX Info: **InternetExplorer/LockedDownInternetZoneAllowUserDataPersistence** - + @@ -8610,8 +8610,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -8620,8 +8620,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured. If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. @@ -8630,7 +8630,7 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -8638,14 +8638,14 @@ If you do not configure this policy setting, users can preserve information in t > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -8653,7 +8653,7 @@ ADMX Info: **InternetExplorer/LockedDownInternetZoneInitializeAndScriptActiveXControls** - + @@ -8675,8 +8675,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -8685,8 +8685,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. @@ -8697,7 +8697,7 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -8705,14 +8705,14 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -8720,7 +8720,7 @@ ADMX Info: **InternetExplorer/LockedDownInternetZoneJavaPermissions** - + @@ -8742,8 +8742,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -8752,10 +8752,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -8763,14 +8763,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -8778,7 +8778,7 @@ ADMX Info: **InternetExplorer/LockedDownInternetZoneNavigateWindowsAndFrames** - + @@ -8800,8 +8800,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -8810,8 +8810,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage the opening of windows and frames and access of applications across different domains. If you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. @@ -8820,7 +8820,7 @@ If you disable this policy setting, users cannot open windows and frames to acce If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -8828,14 +8828,14 @@ If you do not configure this policy setting, users can open windows and frames f > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -8843,7 +8843,7 @@ ADMX Info: **InternetExplorer/LockedDownIntranetZoneAllowAccessToDataSources** - + @@ -8865,8 +8865,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -8875,8 +8875,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. @@ -8885,7 +8885,7 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -8893,14 +8893,14 @@ If you do not configure this policy setting, users are queried to choose whether > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -8908,7 +8908,7 @@ ADMX Info: **InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls** - + @@ -8930,8 +8930,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -8940,8 +8940,8 @@ ADMX Info:
    - - + + This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. @@ -8950,7 +8950,7 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -8958,14 +8958,14 @@ If you do not configure this policy setting, ActiveX control installations will > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -8973,7 +8973,7 @@ ADMX Info: **InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads** - + @@ -8995,8 +8995,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -9005,15 +9005,15 @@ ADMX Info:
    - - + + This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads. If you enable this setting, users will receive a file download dialog for automatic download attempts. If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -9021,14 +9021,14 @@ If you disable or do not configure this setting, file downloads that are not use > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -9036,7 +9036,7 @@ ADMX Info: **InternetExplorer/LockedDownIntranetZoneAllowFontDownloads** - + @@ -9058,8 +9058,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -9068,8 +9068,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download. @@ -9078,7 +9078,7 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML fonts can be downloaded automatically. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -9086,14 +9086,14 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -9101,7 +9101,7 @@ ADMX Info: **InternetExplorer/LockedDownIntranetZoneAllowLessPrivilegedSites** - + @@ -9123,8 +9123,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -9133,8 +9133,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone. If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. @@ -9143,7 +9143,7 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -9151,14 +9151,14 @@ If you do not configure this policy setting, the possibly harmful navigations ar > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -9166,7 +9166,7 @@ ADMX Info: **InternetExplorer/LockedDownIntranetZoneAllowNETFrameworkReliantComponents** - + @@ -9188,8 +9188,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -9198,8 +9198,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. @@ -9208,7 +9208,7 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -9216,14 +9216,14 @@ If you do not configure this policy setting, Internet Explorer will not execute > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -9231,7 +9231,7 @@ ADMX Info: **InternetExplorer/LockedDownIntranetZoneAllowScriptlets** - + @@ -9253,8 +9253,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -9263,8 +9263,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run scriptlets. @@ -9273,7 +9273,7 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -9281,14 +9281,14 @@ If you do not configure this policy setting, the user can enable or disable scri > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -9296,7 +9296,7 @@ ADMX Info: **InternetExplorer/LockedDownIntranetZoneAllowSmartScreenIE** - + @@ -9318,8 +9318,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -9328,8 +9328,8 @@ ADMX Info:
    - - + + This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content. @@ -9340,7 +9340,7 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -9348,14 +9348,14 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -9363,7 +9363,7 @@ ADMX Info: **InternetExplorer/LockedDownIntranetZoneAllowUserDataPersistence** - + @@ -9385,8 +9385,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -9395,8 +9395,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured. If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. @@ -9405,7 +9405,7 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -9413,14 +9413,14 @@ If you do not configure this policy setting, users can preserve information in t > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -9428,7 +9428,7 @@ ADMX Info: **InternetExplorer/LockedDownIntranetZoneInitializeAndScriptActiveXControls** - + @@ -9450,8 +9450,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -9460,8 +9460,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. @@ -9472,7 +9472,7 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -9480,14 +9480,14 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -9495,7 +9495,7 @@ ADMX Info: **InternetExplorer/LockedDownIntranetZoneNavigateWindowsAndFrames** - + @@ -9517,8 +9517,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -9527,8 +9527,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage the opening of windows and frames and access of applications across different domains. If you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. @@ -9537,7 +9537,7 @@ If you disable this policy setting, users cannot open windows and frames to acce If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -9545,14 +9545,14 @@ If you do not configure this policy setting, users can open windows and frames f > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -9560,7 +9560,7 @@ ADMX Info: **InternetExplorer/LockedDownLocalMachineZoneAllowAccessToDataSources** - + @@ -9582,8 +9582,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -9592,8 +9592,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. @@ -9602,7 +9602,7 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -9610,14 +9610,14 @@ If you do not configure this policy setting, users can load a page in the zone t > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -9625,7 +9625,7 @@ ADMX Info: **InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForActiveXControls** - + @@ -9647,8 +9647,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -9657,8 +9657,8 @@ ADMX Info:
    - - + + This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. @@ -9667,7 +9667,7 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -9675,14 +9675,14 @@ If you do not configure this policy setting, ActiveX control installations will > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -9690,7 +9690,7 @@ ADMX Info: **InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForFileDownloads** - + @@ -9712,8 +9712,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -9722,15 +9722,15 @@ ADMX Info:
    - - + + This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads. If you enable this setting, users will receive a file download dialog for automatic download attempts. If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -9738,14 +9738,14 @@ If you disable or do not configure this setting, file downloads that are not use > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -9753,7 +9753,7 @@ ADMX Info: **InternetExplorer/LockedDownLocalMachineZoneAllowFontDownloads** - + @@ -9775,8 +9775,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -9785,8 +9785,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download. @@ -9795,7 +9795,7 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML fonts can be downloaded automatically. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -9803,14 +9803,14 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -9818,7 +9818,7 @@ ADMX Info: **InternetExplorer/LockedDownLocalMachineZoneAllowLessPrivilegedSites** - + @@ -9840,8 +9840,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -9850,8 +9850,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone. If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. @@ -9860,7 +9860,7 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -9868,14 +9868,14 @@ If you do not configure this policy setting, the possibly harmful navigations ar > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -9883,7 +9883,7 @@ ADMX Info: **InternetExplorer/LockedDownLocalMachineZoneAllowNETFrameworkReliantComponents** - + @@ -9905,8 +9905,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -9915,8 +9915,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. @@ -9925,7 +9925,7 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -9933,14 +9933,14 @@ If you do not configure this policy setting, Internet Explorer will not execute > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -9948,7 +9948,7 @@ ADMX Info: **InternetExplorer/LockedDownLocalMachineZoneAllowScriptlets** - + @@ -9970,8 +9970,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -9980,8 +9980,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run scriptlets. @@ -9990,7 +9990,7 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -9998,14 +9998,14 @@ If you do not configure this policy setting, the user can enable or disable scri > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -10013,7 +10013,7 @@ ADMX Info: **InternetExplorer/LockedDownLocalMachineZoneAllowSmartScreenIE** - + @@ -10035,8 +10035,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -10045,8 +10045,8 @@ ADMX Info:
    - - + + This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content. @@ -10057,7 +10057,7 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -10065,14 +10065,14 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -10080,7 +10080,7 @@ ADMX Info: **InternetExplorer/LockedDownLocalMachineZoneAllowUserDataPersistence** - + @@ -10102,8 +10102,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -10112,8 +10112,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured. If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. @@ -10122,7 +10122,7 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -10130,14 +10130,14 @@ If you do not configure this policy setting, users can preserve information in t > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -10145,7 +10145,7 @@ ADMX Info: **InternetExplorer/LockedDownLocalMachineZoneInitializeAndScriptActiveXControls** - + @@ -10167,8 +10167,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -10177,8 +10177,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. @@ -10189,7 +10189,7 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -10197,14 +10197,14 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -10212,7 +10212,7 @@ ADMX Info: **InternetExplorer/LockedDownLocalMachineZoneJavaPermissions** - + @@ -10234,8 +10234,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -10244,10 +10244,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -10255,14 +10255,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -10270,7 +10270,7 @@ ADMX Info: **InternetExplorer/LockedDownLocalMachineZoneNavigateWindowsAndFrames** - + @@ -10292,8 +10292,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -10302,8 +10302,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage the opening of windows and frames and access of applications across different domains. If you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. @@ -10312,7 +10312,7 @@ If you disable this policy setting, users cannot open windows and frames to acce If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -10320,14 +10320,14 @@ If you do not configure this policy setting, users can open windows and frames f > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -10335,7 +10335,7 @@ ADMX Info: **InternetExplorer/LockedDownRestrictedSitesZoneAllowAccessToDataSources** - + @@ -10357,8 +10357,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -10367,8 +10367,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. @@ -10377,7 +10377,7 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -10385,14 +10385,14 @@ If you do not configure this policy setting, users cannot load a page in the zon > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -10400,7 +10400,7 @@ ADMX Info: **InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls** - + @@ -10422,8 +10422,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -10432,8 +10432,8 @@ ADMX Info:
    - - + + This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. @@ -10442,7 +10442,7 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -10450,14 +10450,14 @@ If you do not configure this policy setting, ActiveX control installations will > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -10465,7 +10465,7 @@ ADMX Info: **InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForFileDownloads** - + @@ -10487,8 +10487,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -10497,15 +10497,15 @@ ADMX Info:
    - - + + This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads. If you enable this setting, users will receive a file download dialog for automatic download attempts. If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -10513,14 +10513,14 @@ If you disable or do not configure this setting, file downloads that are not use > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -10528,7 +10528,7 @@ ADMX Info: **InternetExplorer/LockedDownRestrictedSitesZoneAllowFontDownloads** - + @@ -10550,8 +10550,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -10560,8 +10560,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download. @@ -10570,7 +10570,7 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, users are queried whether to allow HTML fonts to download. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -10578,14 +10578,14 @@ If you do not configure this policy setting, users are queried whether to allow > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -10593,7 +10593,7 @@ ADMX Info: **InternetExplorer/LockedDownRestrictedSitesZoneAllowLessPrivilegedSites** - + @@ -10615,8 +10615,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -10625,8 +10625,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone. If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. @@ -10635,7 +10635,7 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -10643,14 +10643,14 @@ If you do not configure this policy setting, the possibly harmful navigations ar > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -10658,7 +10658,7 @@ ADMX Info: **InternetExplorer/LockedDownRestrictedSitesZoneAllowNETFrameworkReliantComponents** - + @@ -10680,8 +10680,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -10690,8 +10690,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. @@ -10700,7 +10700,7 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -10708,14 +10708,14 @@ If you do not configure this policy setting, Internet Explorer will not execute > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -10723,7 +10723,7 @@ ADMX Info: **InternetExplorer/LockedDownRestrictedSitesZoneAllowScriptlets** - + @@ -10745,8 +10745,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -10755,8 +10755,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run scriptlets. @@ -10765,7 +10765,7 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -10773,14 +10773,14 @@ If you do not configure this policy setting, the user can enable or disable scri > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -10788,7 +10788,7 @@ ADMX Info: **InternetExplorer/LockedDownRestrictedSitesZoneAllowSmartScreenIE** - + @@ -10810,8 +10810,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -10820,8 +10820,8 @@ ADMX Info:
    - - + + This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content. @@ -10832,7 +10832,7 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -10840,14 +10840,14 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -10855,7 +10855,7 @@ ADMX Info: **InternetExplorer/LockedDownRestrictedSitesZoneAllowUserDataPersistence** - + @@ -10877,8 +10877,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -10887,8 +10887,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured. If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. @@ -10897,7 +10897,7 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -10905,14 +10905,14 @@ If you do not configure this policy setting, users cannot preserve information i > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -10920,7 +10920,7 @@ ADMX Info: **InternetExplorer/LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls** - + @@ -10942,8 +10942,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -10952,8 +10952,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. @@ -10964,7 +10964,7 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -10972,14 +10972,14 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -10987,7 +10987,7 @@ ADMX Info: **InternetExplorer/LockedDownRestrictedSitesZoneJavaPermissions** - + @@ -11009,8 +11009,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -11019,10 +11019,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11030,14 +11030,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -11045,7 +11045,7 @@ ADMX Info: **InternetExplorer/LockedDownRestrictedSitesZoneNavigateWindowsAndFrames** - + @@ -11067,8 +11067,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -11077,8 +11077,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage the opening of windows and frames and access of applications across different domains. If you enable this policy setting, users can open additional windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow additional windows and frames to access applications from other domains. @@ -11087,7 +11087,7 @@ If you disable this policy setting, users cannot open other windows and frames f If you do not configure this policy setting, users cannot open other windows and frames from different domains or access applications from different domains. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11095,14 +11095,14 @@ If you do not configure this policy setting, users cannot open other windows and > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -11110,7 +11110,7 @@ ADMX Info: **InternetExplorer/LockedDownTrustedSitesZoneAllowAccessToDataSources** - + @@ -11132,8 +11132,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -11142,8 +11142,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. @@ -11152,7 +11152,7 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11160,14 +11160,14 @@ If you do not configure this policy setting, users can load a page in the zone t > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -11175,7 +11175,7 @@ ADMX Info: **InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls** - + @@ -11197,8 +11197,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -11207,8 +11207,8 @@ ADMX Info:
    - - + + This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. @@ -11217,7 +11217,7 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11225,14 +11225,14 @@ If you do not configure this policy setting, ActiveX control installations will > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -11240,7 +11240,7 @@ ADMX Info: **InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForFileDownloads** - + @@ -11262,8 +11262,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -11272,15 +11272,15 @@ ADMX Info:
    - - + + This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads. If you enable this setting, users will receive a file download dialog for automatic download attempts. If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11288,14 +11288,14 @@ If you disable or do not configure this setting, file downloads that are not use > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -11303,7 +11303,7 @@ ADMX Info: **InternetExplorer/LockedDownTrustedSitesZoneAllowFontDownloads** - + @@ -11325,8 +11325,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -11335,8 +11335,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download. @@ -11345,7 +11345,7 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML fonts can be downloaded automatically. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11353,14 +11353,14 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -11368,7 +11368,7 @@ ADMX Info: **InternetExplorer/LockedDownTrustedSitesZoneAllowLessPrivilegedSites** - + @@ -11390,8 +11390,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -11400,8 +11400,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone. If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. @@ -11410,7 +11410,7 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11418,14 +11418,14 @@ If you do not configure this policy setting, the possibly harmful navigations ar > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -11433,7 +11433,7 @@ ADMX Info: **InternetExplorer/LockedDownTrustedSitesZoneAllowNETFrameworkReliantComponents** - + @@ -11455,8 +11455,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -11465,8 +11465,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. @@ -11475,7 +11475,7 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11483,14 +11483,14 @@ If you do not configure this policy setting, Internet Explorer will not execute > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -11498,7 +11498,7 @@ ADMX Info: **InternetExplorer/LockedDownTrustedSitesZoneAllowScriptlets** - + @@ -11520,8 +11520,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -11530,8 +11530,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run scriptlets. @@ -11540,7 +11540,7 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11548,14 +11548,14 @@ If you do not configure this policy setting, the user can enable or disable scri > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -11563,7 +11563,7 @@ ADMX Info: **InternetExplorer/LockedDownTrustedSitesZoneAllowSmartScreenIE** - + @@ -11585,8 +11585,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -11595,8 +11595,8 @@ ADMX Info:
    - - + + This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content. @@ -11607,7 +11607,7 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11615,14 +11615,14 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -11630,7 +11630,7 @@ ADMX Info: **InternetExplorer/LockedDownTrustedSitesZoneAllowUserDataPersistence** - + @@ -11652,8 +11652,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -11662,8 +11662,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured. If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. @@ -11672,7 +11672,7 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11680,14 +11680,14 @@ If you do not configure this policy setting, users can preserve information in t > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -11695,7 +11695,7 @@ ADMX Info: **InternetExplorer/LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls** - + @@ -11717,8 +11717,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -11727,8 +11727,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. @@ -11739,7 +11739,7 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11747,14 +11747,14 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -11762,7 +11762,7 @@ ADMX Info: **InternetExplorer/LockedDownTrustedSitesZoneJavaPermissions** - + @@ -11784,8 +11784,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -11794,10 +11794,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11805,14 +11805,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -11820,7 +11820,7 @@ ADMX Info: **InternetExplorer/LockedDownTrustedSitesZoneNavigateWindowsAndFrames** - + @@ -11842,8 +11842,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -11852,8 +11852,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage the opening of windows and frames and access of applications across different domains. If you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. @@ -11862,7 +11862,7 @@ If you disable this policy setting, users cannot open windows and frames to acce If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11870,14 +11870,14 @@ If you do not configure this policy setting, users can open windows and frames f > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -11885,7 +11885,7 @@ ADMX Info: **InternetExplorer/MKProtocolSecurityRestrictionInternetExplorerProcesses** - + @@ -11907,8 +11907,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -11917,10 +11917,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11928,14 +11928,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Internet Explorer Processes* - GP name: *IESF_PolicyExplorerProcesses_3* - GP path: *Windows Components/Internet Explorer/Security Features/MK Protocol Security Restriction* - GP ADMX file name: *inetres.admx* - +
    @@ -11943,7 +11943,7 @@ ADMX Info: **InternetExplorer/MimeSniffingSafetyFeatureInternetExplorerProcesses** - + @@ -11965,8 +11965,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -11975,10 +11975,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11986,14 +11986,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Internet Explorer Processes* - GP name: *IESF_PolicyExplorerProcesses_6* - GP path: *Windows Components/Internet Explorer/Security Features/Mime Sniffing Safety Feature* - GP ADMX file name: *inetres.admx* - +
    @@ -12001,7 +12001,7 @@ ADMX Info: **InternetExplorer/NotificationBarInternetExplorerProcesses** - + @@ -12023,8 +12023,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -12033,10 +12033,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12044,14 +12044,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Internet Explorer Processes* - GP name: *IESF_PolicyExplorerProcesses_10* - GP path: *Windows Components/Internet Explorer/Security Features/Notification bar* - GP ADMX file name: *inetres.admx* - +
    @@ -12059,7 +12059,7 @@ ADMX Info: **InternetExplorer/PreventManagingSmartScreenFilter** - + @@ -12081,8 +12081,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -12091,10 +12091,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12102,14 +12102,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Prevent managing SmartScreen Filter* - GP name: *Disable_Managing_Safety_Filter_IE9* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* - +
    @@ -12117,7 +12117,7 @@ ADMX Info: **InternetExplorer/PreventPerUserInstallationOfActiveXControls** - + @@ -12139,8 +12139,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -12149,10 +12149,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12160,14 +12160,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Prevent per-user installation of ActiveX controls* - GP name: *DisablePerUserActiveXInstall* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* - +
    @@ -12175,7 +12175,7 @@ ADMX Info: **InternetExplorer/ProtectionFromZoneElevationInternetExplorerProcesses** - + @@ -12197,8 +12197,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -12207,10 +12207,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12218,14 +12218,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *All Processes* - GP name: *IESF_PolicyAllProcesses_9* - GP path: *Windows Components/Internet Explorer/Security Features/Protection From Zone Elevation* - GP ADMX file name: *inetres.admx* - +
    @@ -12233,7 +12233,7 @@ ADMX Info: **InternetExplorer/RemoveRunThisTimeButtonForOutdatedActiveXControls** - + @@ -12255,8 +12255,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -12265,10 +12265,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12276,14 +12276,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Remove "Run this time" button for outdated ActiveX controls in Internet Explorer * - GP name: *VerMgmtDisableRunThisTime* - GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management* - GP ADMX file name: *inetres.admx* - +
    @@ -12291,7 +12291,7 @@ ADMX Info: **InternetExplorer/RestrictActiveXInstallInternetExplorerProcesses** - + @@ -12313,8 +12313,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -12323,10 +12323,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12334,14 +12334,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *All Processes* - GP name: *IESF_PolicyAllProcesses_11* - GP path: *Windows Components/Internet Explorer/Security Features/Restrict ActiveX Install* - GP ADMX file name: *inetres.admx* - +
    @@ -12349,7 +12349,7 @@ ADMX Info: **InternetExplorer/RestrictFileDownloadInternetExplorerProcesses** - + @@ -12371,8 +12371,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -12381,10 +12381,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12392,14 +12392,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *All Processes* - GP name: *IESF_PolicyAllProcesses_12* - GP path: *Windows Components/Internet Explorer/Security Features/Restrict File Download* - GP ADMX file name: *inetres.admx* - +
    @@ -12407,7 +12407,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneAllowAccessToDataSources** - + @@ -12429,8 +12429,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -12439,8 +12439,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. @@ -12449,7 +12449,7 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12457,14 +12457,14 @@ If you do not configure this policy setting, users cannot load a page in the zon > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -12472,7 +12472,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneAllowActiveScripting** - + @@ -12494,8 +12494,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -12504,10 +12504,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12515,14 +12515,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow active scripting* - GP name: *IZ_PolicyActiveScripting_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -12530,7 +12530,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls** - + @@ -12552,8 +12552,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -12562,8 +12562,8 @@ ADMX Info:
    - - + + This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. @@ -12572,7 +12572,7 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12580,14 +12580,14 @@ If you do not configure this policy setting, ActiveX control installations will > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -12595,7 +12595,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads** - + @@ -12617,8 +12617,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -12627,15 +12627,15 @@ ADMX Info:
    - - + + This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads. If you enable this setting, users will receive a file download dialog for automatic download attempts. If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12643,14 +12643,14 @@ If you disable or do not configure this setting, file downloads that are not use > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -12658,7 +12658,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneAllowBinaryAndScriptBehaviors** - + @@ -12680,8 +12680,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -12690,10 +12690,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12701,14 +12701,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow binary and script behaviors* - GP name: *IZ_PolicyBinaryBehaviors_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -12716,7 +12716,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneAllowCopyPasteViaScript** - + @@ -12738,8 +12738,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -12748,10 +12748,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12759,14 +12759,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow cut, copy or paste operations from the clipboard via script* - GP name: *IZ_PolicyAllowPasteViaScript_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -12774,7 +12774,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles** - + @@ -12796,8 +12796,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -12806,10 +12806,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12817,14 +12817,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow drag and drop or copy and paste files* - GP name: *IZ_PolicyDropOrPasteFiles_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -12832,7 +12832,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneAllowFileDownloads** - + @@ -12854,8 +12854,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -12864,10 +12864,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12875,14 +12875,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow file downloads* - GP name: *IZ_PolicyFileDownload_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -12890,7 +12890,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneAllowFontDownloads** - + @@ -12912,8 +12912,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -12922,8 +12922,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download. @@ -12932,7 +12932,7 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, users are queried whether to allow HTML fonts to download. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12940,14 +12940,14 @@ If you do not configure this policy setting, users are queried whether to allow > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -12955,7 +12955,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneAllowLessPrivilegedSites** - + @@ -12977,8 +12977,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -12987,8 +12987,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone. If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. @@ -12997,7 +12997,7 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13005,14 +13005,14 @@ If you do not configure this policy setting, the possibly harmful navigations ar > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -13020,7 +13020,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneAllowLoadingOfXAMLFiles** - + @@ -13042,8 +13042,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -13052,10 +13052,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13063,14 +13063,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow loading of XAML files* - GP name: *IZ_Policy_XAML_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -13078,7 +13078,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneAllowMETAREFRESH** - + @@ -13100,8 +13100,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -13110,10 +13110,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13121,14 +13121,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow META REFRESH* - GP name: *IZ_PolicyAllowMETAREFRESH_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -13136,7 +13136,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneAllowNETFrameworkReliantComponents** - + @@ -13158,8 +13158,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -13168,8 +13168,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. @@ -13178,7 +13178,7 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13186,14 +13186,14 @@ If you do not configure this policy setting, Internet Explorer will not execute > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -13201,7 +13201,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls** - + @@ -13223,8 +13223,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -13233,10 +13233,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13244,14 +13244,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow only approved domains to use ActiveX controls without prompt* - GP name: *IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Restricted* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -13259,7 +13259,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl** - + @@ -13281,8 +13281,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -13291,10 +13291,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13302,14 +13302,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow only approved domains to use the TDC ActiveX control* - GP name: *IZ_PolicyAllowTDCControl_Both_Restricted* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -13317,7 +13317,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneAllowScriptInitiatedWindows** - + @@ -13339,8 +13339,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -13349,10 +13349,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13360,14 +13360,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow script-initiated windows without size or position constraints* - GP name: *IZ_PolicyWindowsRestrictionsURLaction_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -13375,7 +13375,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls** - + @@ -13397,8 +13397,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -13407,10 +13407,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13418,14 +13418,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow scripting of Internet Explorer WebBrowser controls* - GP name: *IZ_Policy_WebBrowserControl_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -13433,7 +13433,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneAllowScriptlets** - + @@ -13455,8 +13455,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -13465,8 +13465,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run scriptlets. @@ -13475,7 +13475,7 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13483,14 +13483,14 @@ If you do not configure this policy setting, the user can enable or disable scri > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -13498,7 +13498,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneAllowSmartScreenIE** - + @@ -13520,8 +13520,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -13530,8 +13530,8 @@ ADMX Info:
    - - + + This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content. @@ -13542,7 +13542,7 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13550,14 +13550,14 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -13565,7 +13565,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneAllowUpdatesToStatusBarViaScript** - + @@ -13587,8 +13587,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -13597,10 +13597,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13608,14 +13608,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow updates to status bar via script* - GP name: *IZ_Policy_ScriptStatusBar_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -13623,7 +13623,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneAllowUserDataPersistence** - + @@ -13645,8 +13645,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -13655,8 +13655,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured. If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. @@ -13665,7 +13665,7 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13673,14 +13673,14 @@ If you do not configure this policy setting, users cannot preserve information i > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -13688,7 +13688,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls** - + @@ -13710,8 +13710,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -13720,10 +13720,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13731,14 +13731,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Don't run antimalware programs against ActiveX controls* - GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -13746,7 +13746,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneDownloadSignedActiveXControls** - + @@ -13768,8 +13768,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -13778,10 +13778,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13789,14 +13789,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Download signed ActiveX controls* - GP name: *IZ_PolicyDownloadSignedActiveX_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -13804,7 +13804,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneDownloadUnsignedActiveXControls** - + @@ -13826,8 +13826,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -13836,10 +13836,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13847,14 +13847,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Download unsigned ActiveX controls* - GP name: *IZ_PolicyDownloadUnsignedActiveX_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -13862,7 +13862,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneEnableCrossSiteScriptingFilter** - + @@ -13884,8 +13884,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -13894,10 +13894,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13905,14 +13905,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn on Cross-Site Scripting Filter* - GP name: *IZ_PolicyTurnOnXSSFilter_Both_Restricted* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -13920,7 +13920,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows** - + @@ -13942,8 +13942,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -13952,10 +13952,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13963,14 +13963,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Enable dragging of content from different domains across windows* - GP name: *IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Restricted* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -13978,7 +13978,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows** - + @@ -14000,8 +14000,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -14010,10 +14010,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14021,14 +14021,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Enable dragging of content from different domains within a window* - GP name: *IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Restricted* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -14036,7 +14036,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneEnableMIMESniffing** - + @@ -14058,8 +14058,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -14068,10 +14068,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14079,14 +14079,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Enable MIME Sniffing* - GP name: *IZ_PolicyMimeSniffingURLaction_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -14094,7 +14094,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer** - + @@ -14116,8 +14116,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -14126,10 +14126,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14137,14 +14137,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Include local path when user is uploading files to a server* - GP name: *IZ_Policy_LocalPathForUpload_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -14152,7 +14152,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneInitializeAndScriptActiveXControls** - + @@ -14174,8 +14174,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -14184,8 +14184,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. @@ -14196,7 +14196,7 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14204,14 +14204,14 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -14219,7 +14219,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneJavaPermissions** - + @@ -14241,8 +14241,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -14251,10 +14251,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14262,14 +14262,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -14277,7 +14277,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME** - + @@ -14299,8 +14299,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -14309,10 +14309,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14320,14 +14320,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Launching applications and files in an IFRAME* - GP name: *IZ_PolicyLaunchAppsAndFilesInIFRAME_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -14335,7 +14335,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneLogonOptions** - + @@ -14357,8 +14357,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -14367,10 +14367,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14378,14 +14378,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Logon options* - GP name: *IZ_PolicyLogon_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -14393,7 +14393,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFrames** - + @@ -14415,8 +14415,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -14425,8 +14425,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage the opening of windows and frames and access of applications across different domains. If you enable this policy setting, users can open additional windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow additional windows and frames to access applications from other domains. @@ -14435,7 +14435,7 @@ If you disable this policy setting, users cannot open other windows and frames f If you do not configure this policy setting, users cannot open other windows and frames from different domains or access applications from different domains. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14443,14 +14443,14 @@ If you do not configure this policy setting, users cannot open other windows and > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -14458,7 +14458,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneRunActiveXControlsAndPlugins** - + @@ -14480,8 +14480,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -14490,10 +14490,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14501,14 +14501,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Run ActiveX controls and plugins* - GP name: *IZ_PolicyRunActiveXControls_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -14516,7 +14516,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode** - + @@ -14538,8 +14538,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -14548,10 +14548,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14559,14 +14559,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Run .NET Framework-reliant components signed with Authenticode* - GP name: *IZ_PolicySignedFrameworkComponentsURLaction_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -14574,7 +14574,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting** - + @@ -14596,8 +14596,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -14606,10 +14606,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14617,14 +14617,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Script ActiveX controls marked safe for scripting* - GP name: *IZ_PolicyScriptActiveXMarkedSafe_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -14632,7 +14632,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneScriptingOfJavaApplets** - + @@ -14654,8 +14654,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -14664,10 +14664,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14675,14 +14675,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Scripting of Java applets* - GP name: *IZ_PolicyScriptingOfJavaApplets_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -14690,7 +14690,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles** - + @@ -14712,8 +14712,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -14722,10 +14722,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14733,14 +14733,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Show security warning for potentially unsafe files* - GP name: *IZ_Policy_UnsafeFiles_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -14748,7 +14748,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneTurnOnProtectedMode** - + @@ -14770,8 +14770,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -14780,10 +14780,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14791,14 +14791,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn on Protected Mode* - GP name: *IZ_Policy_TurnOnProtectedMode_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -14806,7 +14806,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneUsePopupBlocker** - + @@ -14828,8 +14828,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -14838,10 +14838,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14849,14 +14849,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Use Pop-up Blocker* - GP name: *IZ_PolicyBlockPopupWindows_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -14864,7 +14864,7 @@ ADMX Info: **InternetExplorer/ScriptedWindowSecurityRestrictionsInternetExplorerProcesses** - + @@ -14886,8 +14886,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -14896,10 +14896,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14907,14 +14907,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *All Processes* - GP name: *IESF_PolicyAllProcesses_8* - GP path: *Windows Components/Internet Explorer/Security Features/Scripted Window Security Restrictions* - GP ADMX file name: *inetres.admx* - +
    @@ -14922,7 +14922,7 @@ ADMX Info: **InternetExplorer/SearchProviderList** - + @@ -14944,8 +14944,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -14954,15 +14954,15 @@ ADMX Info:
    - - + + This policy setting allows you to restrict the search providers that appear in the Search box in Internet Explorer to those defined in the list of policy keys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). Normally, search providers can be added from third-party toolbars or in Setup, but the user can also add them from a search provider's website. If you enable this policy setting, the user cannot configure the list of search providers on his or her computer, and any default providers installed do not appear (including providers installed from other applications). The only providers that appear are those in the list of policy keys for search providers. Note: This list can be created through a custom administrative template file. For information about creating this custom administrative template file, see the Internet Explorer documentation on search providers. If you disable or do not configure this policy setting, the user can configure his or her list of search providers. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14970,14 +14970,14 @@ If you disable or do not configure this policy setting, the user can configure h > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Restrict search providers to a specific list* - GP name: *SpecificSearchProvider* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* - +
    @@ -14985,7 +14985,7 @@ ADMX Info: **InternetExplorer/SecurityZonesUseOnlyMachineSettings** - + @@ -15007,8 +15007,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -15016,10 +15016,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -15027,14 +15027,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Security Zones: Use only machine settings * - GP name: *Security_HKLM_only* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* - +
    @@ -15042,7 +15042,7 @@ ADMX Info: **InternetExplorer/SpecifyUseOfActiveXInstallerService** - + @@ -15064,8 +15064,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -15074,10 +15074,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -15085,14 +15085,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Specify use of ActiveX Installer Service for installation of ActiveX controls* - GP name: *OnlyUseAXISForActiveXInstall* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* - +
    @@ -15100,7 +15100,7 @@ ADMX Info: **InternetExplorer/TrustedSitesZoneAllowAccessToDataSources** - + @@ -15122,8 +15122,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -15132,8 +15132,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. @@ -15142,7 +15142,7 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -15150,14 +15150,14 @@ If you do not configure this policy setting, users can load a page in the zone t > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -15165,7 +15165,7 @@ ADMX Info: **InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForActiveXControls** - + @@ -15187,8 +15187,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -15197,8 +15197,8 @@ ADMX Info:
    - - + + This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. @@ -15207,7 +15207,7 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -15215,14 +15215,14 @@ If you do not configure this policy setting, users will receive a prompt when a > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -15230,7 +15230,7 @@ ADMX Info: **InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForFileDownloads** - + @@ -15252,8 +15252,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -15262,15 +15262,15 @@ ADMX Info:
    - - + + This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads. If you enable this setting, users will receive a file download dialog for automatic download attempts. If you disable or do not configure this setting, users will receive a file download dialog for automatic download attempts. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -15278,14 +15278,14 @@ If you disable or do not configure this setting, users will receive a file downl > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -15293,7 +15293,7 @@ ADMX Info: **InternetExplorer/TrustedSitesZoneAllowFontDownloads** - + @@ -15315,8 +15315,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -15325,8 +15325,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download. @@ -15335,7 +15335,7 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML fonts can be downloaded automatically. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -15343,14 +15343,14 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -15358,7 +15358,7 @@ ADMX Info: **InternetExplorer/TrustedSitesZoneAllowLessPrivilegedSites** - + @@ -15380,8 +15380,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -15390,8 +15390,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone. If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. @@ -15400,7 +15400,7 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, a warning is issued to the user that potentially risky navigation is about to occur. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -15408,14 +15408,14 @@ If you do not configure this policy setting, a warning is issued to the user tha > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -15423,7 +15423,7 @@ ADMX Info: **InternetExplorer/TrustedSitesZoneAllowNETFrameworkReliantComponents** - + @@ -15445,8 +15445,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -15455,8 +15455,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. @@ -15465,7 +15465,7 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will execute unsigned managed components. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -15473,14 +15473,14 @@ If you do not configure this policy setting, Internet Explorer will execute unsi > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -15488,7 +15488,7 @@ ADMX Info: **InternetExplorer/TrustedSitesZoneAllowScriptlets** - + @@ -15510,8 +15510,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -15520,8 +15520,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run scriptlets. @@ -15530,7 +15530,7 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -15538,14 +15538,14 @@ If you do not configure this policy setting, the user can enable or disable scri > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -15553,7 +15553,7 @@ ADMX Info: **InternetExplorer/TrustedSitesZoneAllowSmartScreenIE** - + @@ -15575,8 +15575,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -15585,8 +15585,8 @@ ADMX Info:
    - - + + This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content. @@ -15597,7 +15597,7 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -15605,14 +15605,14 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -15620,7 +15620,7 @@ ADMX Info: **InternetExplorer/TrustedSitesZoneAllowUserDataPersistence** - + @@ -15642,8 +15642,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -15652,8 +15652,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured. If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. @@ -15662,7 +15662,7 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -15670,14 +15670,14 @@ If you do not configure this policy setting, users can preserve information in t > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -15685,7 +15685,7 @@ ADMX Info: **InternetExplorer/TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls** - + @@ -15707,8 +15707,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -15717,10 +15717,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -15728,14 +15728,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Don't run antimalware programs against ActiveX controls* - GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -15743,7 +15743,7 @@ ADMX Info: **InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControls** - + @@ -15765,8 +15765,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -15775,8 +15775,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. @@ -15787,7 +15787,7 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, users are queried whether to allow the control to be loaded with parameters or scripted. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -15795,14 +15795,14 @@ If you do not configure this policy setting, users are queried whether to allow > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -15810,7 +15810,7 @@ ADMX Info: **InternetExplorer/TrustedSitesZoneJavaPermissions** - + @@ -15832,8 +15832,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -15842,10 +15842,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -15853,14 +15853,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -15868,7 +15868,7 @@ ADMX Info: **InternetExplorer/TrustedSitesZoneNavigateWindowsAndFrames** - + @@ -15890,8 +15890,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -15900,8 +15900,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage the opening of windows and frames and access of applications across different domains. If you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. @@ -15910,7 +15910,7 @@ If you disable this policy setting, users cannot open windows and frames to acce If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -15918,14 +15918,14 @@ If you do not configure this policy setting, users can open windows and frames f > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    diff --git a/windows/client-management/mdm/policy-csp-kerberos.md b/windows/client-management/mdm/policy-csp-kerberos.md index 322d3801c4..66c8d28294 100644 --- a/windows/client-management/mdm/policy-csp-kerberos.md +++ b/windows/client-management/mdm/policy-csp-kerberos.md @@ -42,7 +42,7 @@ ms.date: 01/29/2018 **Kerberos/AllowForestSearchOrder** - + @@ -64,8 +64,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -73,15 +73,15 @@ ms.date: 01/29/2018
    - - + + This policy setting defines the list of trusting forests that the Kerberos client searches when attempting to resolve two-part service principal names (SPNs). If you enable this policy setting, the Kerberos client searches the forests in this list, if it is unable to resolve a two-part SPN. If a match is found, the Kerberos client requests a referral ticket to the appropriate domain. If you disable or do not configure this policy setting, the Kerberos client does not search the listed forests to resolve the SPN. If the Kerberos client is unable to resolve the SPN because the name is not found, NTLM authentication might be used. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -89,14 +89,14 @@ If you disable or do not configure this policy setting, the Kerberos client does > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Use forest search order* - GP name: *ForestSearch* - GP path: *System/Kerberos* - GP ADMX file name: *Kerberos.admx* - +
    @@ -104,7 +104,7 @@ ADMX Info: **Kerberos/KerberosClientSupportsClaimsCompoundArmor** - + @@ -126,8 +126,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -135,14 +135,14 @@ ADMX Info:
    - - + + This policy setting controls whether a device will request claims and compound authentication for Dynamic Access Control and Kerberos armoring using Kerberos authentication with domains that support these features. If you enable this policy setting, the client computers will request claims, provide information required to create compounded authentication and armor Kerberos messages in domains which support claims and compound authentication for Dynamic Access Control and Kerberos armoring. If you disable or do not configure this policy setting, the client devices will not request claims, provide information required to create compounded authentication and armor Kerberos messages. Services hosted on the device will not be able to retrieve claims for clients using Kerberos protocol transition. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -150,14 +150,14 @@ If you disable or do not configure this policy setting, the client devices will > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Kerberos client support for claims, compound authentication and Kerberos armoring* - GP name: *EnableCbacAndArmor* - GP path: *System/Kerberos* - GP ADMX file name: *Kerberos.admx* - +
    @@ -165,7 +165,7 @@ ADMX Info: **Kerberos/RequireKerberosArmoring** - + @@ -187,8 +187,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -196,8 +196,8 @@ ADMX Info:
    - - + + This policy setting controls whether a computer requires that Kerberos message exchanges be armored when communicating with a domain controller. Warning: When a domain does not support Kerberos armoring by enabling "Support Dynamic Access Control and Kerberos armoring", then all authentication for all its users will fail from computers with this policy setting enabled. @@ -208,7 +208,7 @@ Note: The Kerberos Group Policy "Kerberos client support for claims, compound au If you disable or do not configure this policy setting, the client computers in the domain enforce the use of Kerberos armoring when possible as supported by the target domain. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -216,14 +216,14 @@ If you disable or do not configure this policy setting, the client computers in > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Fail authentication requests when Kerberos armoring is not available* - GP name: *ClientRequireFast* - GP path: *System/Kerberos* - GP ADMX file name: *Kerberos.admx* - +
    @@ -231,7 +231,7 @@ ADMX Info: **Kerberos/RequireStrictKDCValidation** - + @@ -253,8 +253,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -262,15 +262,15 @@ ADMX Info:
    - - + + This policy setting controls the Kerberos client's behavior in validating the KDC certificate for smart card and system certificate logon. If you enable this policy setting, the Kerberos client requires that the KDC's X.509 certificate contains the KDC key purpose object identifier in the Extended Key Usage (EKU) extensions, and that the KDC's X.509 certificate contains a dNSName subjectAltName (SAN) extension that matches the DNS name of the domain. If the computer is joined to a domain, the Kerberos client requires that the KDC's X.509 certificate must be signed by a Certificate Authority (CA) in the NTAuth store. If the computer is not joined to a domain, the Kerberos client allows the root CA certificate on the smart card to be used in the path validation of the KDC's X.509 certificate. If you disable or do not configure this policy setting, the Kerberos client requires only that the KDC certificate contain the Server Authentication purpose object identifier in the EKU extensions which can be issued to any server. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -278,14 +278,14 @@ If you disable or do not configure this policy setting, the Kerberos client requ > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Require strict KDC validation* - GP name: *ValidateKDC* - GP path: *System/Kerberos* - GP ADMX file name: *Kerberos.admx* - +
    @@ -293,7 +293,7 @@ ADMX Info: **Kerberos/SetMaximumContextTokenSize** - + @@ -315,8 +315,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -324,8 +324,8 @@ ADMX Info:
    - - + + This policy setting allows you to set the value returned to applications which request the maximum size of the SSPI context token buffer size. The size of the context token buffer determines the maximum size of SSPI context tokens an application expects and allocates. Depending upon authentication request processing and group memberships, the buffer might be smaller than the actual size of the SSPI context token. @@ -336,7 +336,7 @@ If you disable or do not configure this policy setting, the Kerberos client or s Note: This policy setting configures the existing MaxTokenSize registry value in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters, which was added in Windows XP and Windows Server 2003, with a default value of 12,000 bytes. Beginning with Windows 8 the default is 48,000 bytes. Due to HTTP's base64 encoding of authentication context tokens, it is not advised to set this value more than 48,000 bytes. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -344,14 +344,14 @@ Note: This policy setting configures the existing MaxTokenSize registry value in > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Set maximum Kerberos SSPI context token buffer size* - GP name: *MaxTokenSize* - GP path: *System/Kerberos* - GP ADMX file name: *Kerberos.admx* - +
    diff --git a/windows/client-management/mdm/policy-csp-kioskbrowser.md b/windows/client-management/mdm/policy-csp-kioskbrowser.md index 3384e28b77..eba4551112 100644 --- a/windows/client-management/mdm/policy-csp-kioskbrowser.md +++ b/windows/client-management/mdm/policy-csp-kioskbrowser.md @@ -47,7 +47,7 @@ ms.date: 01/29/2018 **KioskBrowser/BlockedUrlExceptions** - + @@ -69,8 +69,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -79,11 +79,11 @@ ms.date: 01/29/2018
    - - + + Added in Windows 10, next major update. List of exceptions to the blocked website URLs (with wildcard support). This is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs. - +
    @@ -91,7 +91,7 @@ Added in Windows 10, next major update. List of exceptions to the blocked websit **KioskBrowser/BlockedUrls** - + @@ -113,8 +113,8 @@ Added in Windows 10, next major update. List of exceptions to the blocked websit
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -123,11 +123,11 @@ Added in Windows 10, next major update. List of exceptions to the blocked websit
    - - + + Added in Windows 10, next major update. List of blocked website URLs (with wildcard support). This is used to configure blocked URLs kiosk browsers cannot navigate to. - +
    @@ -135,7 +135,7 @@ Added in Windows 10, next major update. List of blocked website URLs (with wildc **KioskBrowser/DefaultURL** - + @@ -157,8 +157,8 @@ Added in Windows 10, next major update. List of blocked website URLs (with wildc
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -167,11 +167,11 @@ Added in Windows 10, next major update. List of blocked website URLs (with wildc
    - - + + Added in Windows 10, next major update. Configures the default URL kiosk browsers to navigate on launch and restart. - +
    @@ -179,7 +179,7 @@ Added in Windows 10, next major update. Configures the default URL kiosk browser **KioskBrowser/EnableHomeButton** - + @@ -201,8 +201,8 @@ Added in Windows 10, next major update. Configures the default URL kiosk browser
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -211,11 +211,11 @@ Added in Windows 10, next major update. Configures the default URL kiosk browser
    - - + + Added in Windows 10, next major update. Enable/disable kiosk browser's home button. - +
    @@ -223,7 +223,7 @@ Added in Windows 10, next major update. Enable/disable kiosk browser's home butt **KioskBrowser/EnableNavigationButtons** - + @@ -245,8 +245,8 @@ Added in Windows 10, next major update. Enable/disable kiosk browser's home butt
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -255,11 +255,11 @@ Added in Windows 10, next major update. Enable/disable kiosk browser's home butt
    - - + + Added in Windows 10, next major update. Enable/disable kiosk browser's navigation buttons (forward/back). - +
    @@ -267,7 +267,7 @@ Added in Windows 10, next major update. Enable/disable kiosk browser's navigatio **KioskBrowser/RestartOnIdleTime** - + @@ -289,8 +289,8 @@ Added in Windows 10, next major update. Enable/disable kiosk browser's navigatio
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -299,13 +299,13 @@ Added in Windows 10, next major update. Enable/disable kiosk browser's navigatio
    - - + + Added in Windows 10, next major update. Amount of time in minutes the session is idle until the kiosk browser restarts in a fresh state. The value is an int 1-1440 that specifies the amount of minutes the session is idle until the kiosk browser restarts in a fresh state. The default value is empty which means there is no idle timeout within the kiosk browser. - +
    diff --git a/windows/client-management/mdm/policy-csp-licensing.md b/windows/client-management/mdm/policy-csp-licensing.md index 6d5197aac8..8cd5d7c7a9 100644 --- a/windows/client-management/mdm/policy-csp-licensing.md +++ b/windows/client-management/mdm/policy-csp-licensing.md @@ -33,7 +33,7 @@ ms.date: 01/29/2018 **Licensing/AllowWindowsEntitlementReactivation** - + @@ -55,8 +55,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -64,11 +64,11 @@ ms.date: 01/29/2018
    - - + + Added in Windows 10, version 1607. Enables or Disable Windows license reactivation on managed devices. - + The following list shows the supported values: @@ -83,7 +83,7 @@ The following list shows the supported values: **Licensing/DisallowKMSClientOnlineAVSValidation** - + @@ -105,8 +105,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -114,11 +114,11 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1607. Enabling this setting prevents this computer from sending data to Microsoft regarding its activation state. - + The following list shows the supported values: diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md index 5bd76c04ea..79fc96e412 100644 --- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md +++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md @@ -194,7 +194,7 @@ ms.date: 01/29/2018 **LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts** - + @@ -216,8 +216,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -225,8 +225,8 @@ ms.date: 01/29/2018
    - - + + This policy setting prevents users from adding new Microsoft accounts on this computer. If you select the "Users cannot add Microsoft accounts" option, users will not be able to create new Microsoft accounts on this computer, switch a local account to a Microsoft account, or connect a domain account to a Microsoft account. This is the preferred option if you need to limit the use of Microsoft accounts in your enterprise. @@ -237,7 +237,7 @@ If you disable or do not configure this policy (recommended), users will be able Value type is integer. Supported operations are Add, Get, Replace, and Delete. - + The following list shows the supported values: @@ -252,7 +252,7 @@ The following list shows the supported values: **LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus** - + @@ -274,8 +274,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -283,8 +283,8 @@ The following list shows the supported values:
    - - + + This security setting determines whether the local Administrator account is enabled or disabled. If you try to reenable the Administrator account after it has been disabled, and if the current Administrator password does not meet the password requirements, you cannot reenable the account. In this case, an alternative member of the Administrators group must reset the password on the Administrator account. For information about how to reset a password, see To reset a password. @@ -299,7 +299,7 @@ Valid values: Value type is integer. Supported operations are Add, Get, Replace, and Delete. - +
    @@ -307,7 +307,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. **LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus** - + @@ -329,8 +329,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -338,8 +338,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    - - + + This security setting determines if the Guest account is enabled or disabled. Default: Disabled. @@ -351,7 +351,7 @@ Note: If the Guest account is disabled and the security option Network Access: S Value type is integer. Supported operations are Add, Get, Replace, and Delete. - +
    @@ -359,7 +359,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. **LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly** - + @@ -381,8 +381,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -390,8 +390,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    - - + + Accounts: Limit local account use of blank passwords to console logon only This security setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If enabled, local accounts that are not password protected will only be able to log on at the computer's keyboard. @@ -411,7 +411,7 @@ It is possible for applications that use remote interactive logons to bypass thi Value type is integer. Supported operations are Add, Get, Replace, and Delete. - +
    @@ -419,7 +419,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. **LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount** - + @@ -441,8 +441,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -450,8 +450,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    - - + + Accounts: Rename administrator account This security setting determines whether a different account name is associated with the security identifier (SID) for the account Administrator. Renaming the well-known Administrator account makes it slightly more difficult for unauthorized persons to guess this privileged user name and password combination. @@ -460,7 +460,7 @@ Default: Administrator. Value type is string. Supported operations are Add, Get, Replace, and Delete. - +
    @@ -468,7 +468,7 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete. **LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount** - + @@ -490,8 +490,8 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -499,8 +499,8 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
    - - + + Accounts: Rename guest account This security setting determines whether a different account name is associated with the security identifier (SID) for the account "Guest." Renaming the well-known Guest account makes it slightly more difficult for unauthorized persons to guess this user name and password combination. @@ -509,7 +509,7 @@ Default: Guest. Value type is string. Supported operations are Add, Get, Replace, and Delete. - +
    @@ -517,7 +517,7 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete. **LocalPoliciesSecurityOptions/Devices_AllowUndockWithoutHavingToLogon** - + @@ -539,8 +539,8 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -548,8 +548,8 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
    - - + + Devices: Allow undock without having to log on. This security setting determines whether a portable computer can be undocked without having to log on. If this policy is enabled, logon is not required and an external hardware eject button can be used to undock the computer. If disabled, a user must log on and have the Remove computer from docking station privilege to undock the computer. @@ -559,7 +559,7 @@ Caution: Disabling this policy may tempt users to try and physically remove the laptop from its docking station using methods other than the external hardware eject button. Since this may cause damage to the hardware, this setting, in general, should only be disabled on laptop configurations that are physically securable. - +
    @@ -567,7 +567,7 @@ Disabling this policy may tempt users to try and physically remove the laptop fr **LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia** - + @@ -589,8 +589,8 @@ Disabling this policy may tempt users to try and physically remove the laptop fr
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -598,8 +598,8 @@ Disabling this policy may tempt users to try and physically remove the laptop fr
    - - + + Devices: Allowed to format and eject removable media This security setting determines who is allowed to format and eject removable NTFS media. This capability can be given to: @@ -609,7 +609,7 @@ This security setting determines who is allowed to format and eject removable NT Default: This policy is not defined and only Administrators have this ability. - +
    @@ -617,7 +617,7 @@ Default: This policy is not defined and only Administrators have this ability. **LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters** - + @@ -639,8 +639,8 @@ Default: This policy is not defined and only Administrators have this ability.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -648,8 +648,8 @@ Default: This policy is not defined and only Administrators have this ability.
    - - + + Devices: Prevent users from installing printer drivers when connecting to shared printers For a computer to print to a shared printer, the driver for that shared printer must be installed on the local computer. This security setting determines who is allowed to install a printer driver as part of connecting to a shared printer. If this setting is enabled, only Administrators can install a printer driver as part of connecting to a shared printer. If this setting is disabled, any user can install a printer driver as part of connecting to a shared printer. @@ -661,7 +661,7 @@ Note This setting does not affect the ability to add a local printer. This setting does not affect Administrators. - +
    @@ -669,7 +669,7 @@ This setting does not affect the ability to add a local printer. This setting do **LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly** - + @@ -691,8 +691,8 @@ This setting does not affect the ability to add a local printer. This setting do
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -700,8 +700,8 @@ This setting does not affect the ability to add a local printer. This setting do
    - - + + Devices: Restrict CD-ROM access to locally logged-on user only This security setting determines whether a CD-ROM is accessible to both local and remote users simultaneously. @@ -710,7 +710,7 @@ If this policy is enabled, it allows only the interactively logged-on user to ac Default: This policy is not defined and CD-ROM access is not restricted to the locally logged-on user. - +
    @@ -718,7 +718,7 @@ Default: This policy is not defined and CD-ROM access is not restricted to the l **LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways** - + @@ -740,8 +740,8 @@ Default: This policy is not defined and CD-ROM access is not restricted to the l
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -749,8 +749,8 @@ Default: This policy is not defined and CD-ROM access is not restricted to the l
    - - + + Domain member: Digitally encrypt or sign secure channel data (always) This security setting determines whether all secure channel traffic initiated by the domain member must be signed or encrypted. @@ -770,7 +770,7 @@ If this policy is enabled, the policy Domain member: Digitally sign secure chann If this policy is enabled, the policy Domain member: Digitally sign secure channel data (when possible) is assumed to be enabled regardless of its current setting. This ensures that the domain member attempts to negotiate at least signing of the secure channel traffic. Logon information transmitted over the secure channel is always encrypted regardless of whether encryption of ALL other secure channel traffic is negotiated or not. - +
    @@ -778,7 +778,7 @@ Logon information transmitted over the secure channel is always encrypted regard **LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptSecureChannelDataWhenPossible** - + @@ -800,8 +800,8 @@ Logon information transmitted over the secure channel is always encrypted regard
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -809,8 +809,8 @@ Logon information transmitted over the secure channel is always encrypted regard
    - - + + Domain member: Digitally encrypt secure channel data (when possible) This security setting determines whether a domain member attempts to negotiate encryption for all secure channel traffic that it initiates. @@ -827,7 +827,7 @@ There is no known reason for disabling this setting. Besides unnecessarily reduc Note: Domain controllers are also domain members and establish secure channels with other domain controllers in the same domain as well as domain controllers in trusted domains. - +
    @@ -835,7 +835,7 @@ Note: Domain controllers are also domain members and establish secure channels w **LocalPoliciesSecurityOptions/DomainMember_DigitallySignSecureChannelDataWhenPossible** - + @@ -857,8 +857,8 @@ Note: Domain controllers are also domain members and establish secure channels w
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -866,8 +866,8 @@ Note: Domain controllers are also domain members and establish secure channels w
    - - + + Domain member: Digitally sign secure channel data (when possible) This security setting determines whether a domain member attempts to negotiate signing for all secure channel traffic that it initiates. @@ -878,7 +878,7 @@ This setting determines whether or not the domain member attempts to negotiate s Default: Enabled. - +
    @@ -886,7 +886,7 @@ Default: Enabled. **LocalPoliciesSecurityOptions/DomainMember_DisableMachineAccountPasswordChanges** - + @@ -908,8 +908,8 @@ Default: Enabled.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -917,8 +917,8 @@ Default: Enabled.
    - - + + Domain member: Disable machine account password changes Determines whether a domain member periodically changes its computer account password. If this setting is enabled, the domain member does not attempt to change its computer account password. If this setting is disabled, the domain member attempts to change its computer account password as specified by the setting for Domain Member: Maximum age for machine account password, which by default is every 30 days. @@ -930,7 +930,7 @@ Notes This security setting should not be enabled. Computer account passwords are used to establish secure channel communications between members and domain controllers and, within the domain, between the domain controllers themselves. Once it is established, the secure channel is used to transmit sensitive information that is necessary for making authentication and authorization decisions. This setting should not be used in an attempt to support dual-boot scenarios that use the same computer account. If you want to dual-boot two installations that are joined to the same domain, give the two installations different computer names. - +
    @@ -938,7 +938,7 @@ This setting should not be used in an attempt to support dual-boot scenarios tha **LocalPoliciesSecurityOptions/DomainMember_MaximumMachineAccountPasswordAge** - + @@ -960,8 +960,8 @@ This setting should not be used in an attempt to support dual-boot scenarios tha
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -969,8 +969,8 @@ This setting should not be used in an attempt to support dual-boot scenarios tha
    - - + + Domain member: Maximum machine account password age This security setting determines how often a domain member will attempt to change its computer account password. @@ -981,7 +981,7 @@ Important This setting applies to Windows 2000 computers, but it is not available through the Security Configuration Manager tools on these computers. - +
    @@ -989,7 +989,7 @@ This setting applies to Windows 2000 computers, but it is not available through **LocalPoliciesSecurityOptions/DomainMember_RequireStrongSessionKey** - + @@ -1011,8 +1011,8 @@ This setting applies to Windows 2000 computers, but it is not available through
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1020,8 +1020,8 @@ This setting applies to Windows 2000 computers, but it is not available through
    - - + + Domain member: Require strong (Windows 2000 or later) session key This security setting determines whether 128-bit key strength is required for encrypted secure channel data. @@ -1043,7 +1043,7 @@ Important In order to take advantage of this policy on member workstations and servers, all domain controllers that constitute the member's domain must be running Windows 2000 or later. In order to take advantage of this policy on domain controllers, all domain controllers in the same domain as well as all trusted domains must run Windows 2000 or later. - +
    @@ -1051,7 +1051,7 @@ In order to take advantage of this policy on domain controllers, all domain cont **LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked** - + @@ -1073,8 +1073,8 @@ In order to take advantage of this policy on domain controllers, all domain cont
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1082,8 +1082,8 @@ In order to take advantage of this policy on domain controllers, all domain cont
    - - + + Interactive Logon:Display user information when the session is locked Valid values: @@ -1093,7 +1093,7 @@ Valid values: Value type is integer. Supported operations are Add, Get, Replace, and Delete. - +
    @@ -1101,7 +1101,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. **LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayLastSignedIn** - + @@ -1123,8 +1123,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1132,8 +1132,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    - - + + Interactive logon: Don't display last signed-in This security setting determines whether the Windows sign-in screen will show the username of the last person who signed in on this PC. @@ -1148,7 +1148,7 @@ Valid values: Value type is integer. Supported operations are Add, Get, Replace, and Delete. - +
    @@ -1156,7 +1156,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. **LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayUsernameAtSignIn** - + @@ -1178,8 +1178,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1187,8 +1187,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    - - + + Interactive logon: Don't display username at sign-in This security setting determines whether the username of the person signing in to this PC appears at Windows sign-in, after credentials are entered, and before the PC desktop is shown. @@ -1204,7 +1204,7 @@ Valid values: Value type is integer. Supported operations are Add, Get, Replace, and Delete. - +
    @@ -1212,7 +1212,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. **LocalPoliciesSecurityOptions/InteractiveLogon_DoNotRequireCTRLALTDEL** - + @@ -1234,8 +1234,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1243,8 +1243,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    - - + + Interactive logon: Do not require CTRL+ALT+DEL This security setting determines whether pressing CTRL+ALT+DEL is required before a user can log on. @@ -1261,7 +1261,7 @@ Valid values: Value type is integer. Supported operations are Add, Get, Replace, and Delete. - +
    @@ -1269,7 +1269,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. **LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit** - + @@ -1291,8 +1291,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1300,8 +1300,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    - - + + Interactive logon: Machine inactivity limit. Windows notices inactivity of a logon session, and if the amount of inactive time exceeds the inactivity limit, then the screen saver will run, locking the session. @@ -1313,7 +1313,7 @@ Valid values: Value type is integer. Supported operations are Add, Get, Replace, and Delete. - +
    @@ -1321,7 +1321,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. **LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn** - + @@ -1343,8 +1343,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1352,8 +1352,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    - - + + Interactive logon: Message text for users attempting to log on This security setting specifies a text message that is displayed to users when they log on. @@ -1364,7 +1364,7 @@ Default: No message. Value type is string. Supported operations are Add, Get, Replace, and Delete. - +
    @@ -1372,7 +1372,7 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete. **LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn** - + @@ -1394,8 +1394,8 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1403,8 +1403,8 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
    - - + + Interactive logon: Message title for users attempting to log on This security setting allows the specification of a title to appear in the title bar of the window that contains the Interactive logon: Message text for users attempting to log on. @@ -1413,7 +1413,7 @@ Default: No message. Value type is string. Supported operations are Add, Get, Replace, and Delete. - +
    @@ -1421,7 +1421,7 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete. **LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior** - + @@ -1443,8 +1443,8 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1452,8 +1452,8 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
    - - + + Interactive logon: Smart card removal behavior This security setting determines what happens when the smart card for a logged-on user is removed from the smart card reader. @@ -1477,7 +1477,7 @@ Default: This policy is not defined, which means that the system treats it as No On Windows Vista and above: For this setting to work, the Smart Card Removal Policy service must be started. - +
    @@ -1485,7 +1485,7 @@ On Windows Vista and above: For this setting to work, the Smart Card Removal Pol **LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsAlways** - + @@ -1507,8 +1507,8 @@ On Windows Vista and above: For this setting to work, the Smart Card Removal Pol
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1516,8 +1516,8 @@ On Windows Vista and above: For this setting to work, the Smart Card Removal Pol
    - - + + Microsoft network client: Digitally sign communications (always) This security setting determines whether packet signing is required by the SMB client component. @@ -1542,7 +1542,7 @@ Microsoft network server: Digitally sign communications (if client agrees) - Con SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136. - +
    @@ -1550,7 +1550,7 @@ For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136. **LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees** - + @@ -1572,8 +1572,8 @@ For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1581,8 +1581,8 @@ For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.
    - - + + Microsoft network client: Digitally sign communications (if server agrees) This security setting determines whether the SMB client attempts to negotiate SMB packet signing. @@ -1604,7 +1604,7 @@ If both client-side and server-side SMB signing is enabled and the client establ SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. This setting only applies to SMB 1.0 connections. For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136. - +
    @@ -1612,7 +1612,7 @@ For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136. **LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers** - + @@ -1634,8 +1634,8 @@ For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1643,8 +1643,8 @@ For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.
    - - + + Microsoft network client: Send unencrypted password to connect to third-party SMB servers If this security setting is enabled, the Server Message Block (SMB) redirector is allowed to send plaintext passwords to non-Microsoft SMB servers that do not support password encryption during authentication. @@ -1653,7 +1653,7 @@ Sending unencrypted passwords is a security risk. Default: Disabled. - +
    @@ -1661,7 +1661,7 @@ Default: Disabled. **LocalPoliciesSecurityOptions/MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession** - + @@ -1683,8 +1683,8 @@ Default: Disabled.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1692,8 +1692,8 @@ Default: Disabled.
    - - + + Microsoft network server: Amount of idle time required before suspending a session This security setting determines the amount of continuous idle time that must pass in a Server Message Block (SMB) session before the session is suspended due to inactivity. @@ -1704,7 +1704,7 @@ For this policy setting, a value of 0 means to disconnect an idle session as qui Default:This policy is not defined, which means that the system treats it as 15 minutes for servers and undefined for workstations. - +
    @@ -1712,7 +1712,7 @@ Default:This policy is not defined, which means that the system treats it as 15 **LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways** - + @@ -1734,8 +1734,8 @@ Default:This policy is not defined, which means that the system treats it as 15
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1743,8 +1743,8 @@ Default:This policy is not defined, which means that the system treats it as 15
    - - + + Microsoft network server: Digitally sign communications (always) This security setting determines whether packet signing is required by the SMB server component. @@ -1778,7 +1778,7 @@ For Windows 2000 servers to negotiate signing with Windows NT 4.0 clients, the f HKLM\System\CurrentControlSet\Services\lanmanserver\parameters\enableW9xsecuritysignature For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136. - +
    @@ -1786,7 +1786,7 @@ For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136. **LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees** - + @@ -1808,8 +1808,8 @@ For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1817,8 +1817,8 @@ For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.
    - - + + Microsoft network server: Digitally sign communications (if client agrees) This security setting determines whether the SMB server will negotiate SMB packet signing with clients that request it. @@ -1844,7 +1844,7 @@ If both client-side and server-side SMB signing is enabled and the client establ SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. This setting only applies to SMB 1.0 connections. For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136. - +
    @@ -1852,7 +1852,7 @@ For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136. **LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts** - + @@ -1874,8 +1874,8 @@ For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1883,8 +1883,8 @@ For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.
    - - + + Network access: Do not allow anonymous enumeration of SAM accounts This security setting determines what additional permissions will be granted for anonymous connections to the computer. @@ -1903,7 +1903,7 @@ Important This policy has no impact on domain controllers. - +
    @@ -1911,7 +1911,7 @@ This policy has no impact on domain controllers. **LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares** - + @@ -1933,8 +1933,8 @@ This policy has no impact on domain controllers.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1942,8 +1942,8 @@ This policy has no impact on domain controllers.
    - - + + Network access: Do not allow anonymous enumeration of SAM accounts and shares This security setting determines whether anonymous enumeration of SAM accounts and shares is allowed. @@ -1952,7 +1952,7 @@ Windows allows anonymous users to perform certain activities, such as enumeratin Default: Disabled. - +
    @@ -1960,7 +1960,7 @@ Default: Disabled. **LocalPoliciesSecurityOptions/NetworkAccess_LetEveryonePermissionsApplyToAnonymousUsers** - + @@ -1982,8 +1982,8 @@ Default: Disabled.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1991,8 +1991,8 @@ Default: Disabled.
    - - + + Network access: Let Everyone permissions apply to anonymous users This security setting determines what additional permissions are granted for anonymous connections to the computer. @@ -2003,7 +2003,7 @@ If this policy is enabled, the Everyone SID is added to the token that is create Default: Disabled. - +
    @@ -2011,7 +2011,7 @@ Default: Disabled. **LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares** - + @@ -2033,8 +2033,8 @@ Default: Disabled.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2042,8 +2042,8 @@ Default: Disabled.
    - - + + Network access: Restrict anonymous access to Named Pipes and Shares When enabled, this security setting restricts anonymous access to shares and pipes to the settings for: @@ -2052,7 +2052,7 @@ Network access: Named pipes that can be accessed anonymously Network access: Shares that can be accessed anonymously Default: Enabled. - +
    @@ -2060,7 +2060,7 @@ Default: Enabled. **LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM** - + @@ -2082,8 +2082,8 @@ Default: Enabled.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2091,8 +2091,8 @@ Default: Enabled.
    - - + + Network access: Restrict clients allowed to make remote calls to SAM This policy setting allows you to restrict remote rpc connections to SAM. @@ -2101,7 +2101,7 @@ If not selected, the default security descriptor will be used. This policy is supported on at least Windows Server 2016. - +
    @@ -2109,7 +2109,7 @@ This policy is supported on at least Windows Server 2016. **LocalPoliciesSecurityOptions/NetworkSecurity_AllowLocalSystemToUseComputerIdentityForNTLM** - + @@ -2131,8 +2131,8 @@ This policy is supported on at least Windows Server 2016.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2140,8 +2140,8 @@ This policy is supported on at least Windows Server 2016.
    - - + + Network security: Allow Local System to use computer identity for NTLM This policy setting allows Local System services that use Negotiate to use the computer identity when reverting to NTLM authentication. @@ -2158,7 +2158,7 @@ This policy is supported on at least Windows Vista or Windows Server 2008. Note: Windows Vista or Windows Server 2008 do not expose this setting in Group Policy. - +
    @@ -2166,7 +2166,7 @@ Note: Windows Vista or Windows Server 2008 do not expose this setting in Group P **LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests** - + @@ -2188,8 +2188,8 @@ Note: Windows Vista or Windows Server 2008 do not expose this setting in Group P
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2197,8 +2197,8 @@ Note: Windows Vista or Windows Server 2008 do not expose this setting in Group P
    - - + + Network security: Allow PKU2U authentication requests to this computer to use online identities. This policy will be turned off by default on domain joined machines. This would prevent online identities from authenticating to the domain joined machine. @@ -2209,7 +2209,7 @@ Valid values: Value type is integer. Supported operations are Add, Get, Replace, and Delete. - +
    @@ -2217,7 +2217,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. **LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange** - + @@ -2239,8 +2239,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2248,8 +2248,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    - - + + Network security: Do not store LAN Manager hash value on next password change This security setting determines if, at the next password change, the LAN Manager (LM) hash value for the new password is stored. The LM hash is relatively weak and prone to attack, as compared with the cryptographically stronger Windows NT hash. Since the LM hash is stored on the local computer in the security database the passwords can be compromised if the security database is attacked. @@ -2263,7 +2263,7 @@ Important Windows 2000 Service Pack 2 (SP2) and above offer compatibility with authentication to previous versions of Windows, such as Microsoft Windows NT 4.0. This setting can affect the ability of computers running Windows 2000 Server, Windows 2000 Professional, Windows XP, and the Windows Server 2003 family to communicate with computers running Windows 95 and Windows 98. - +
    @@ -2271,7 +2271,7 @@ This setting can affect the ability of computers running Windows 2000 Server, Wi **LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel** - + @@ -2293,8 +2293,8 @@ This setting can affect the ability of computers running Windows 2000 Server, Wi
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2302,8 +2302,8 @@ This setting can affect the ability of computers running Windows 2000 Server, Wi
    - - + + Network security LAN Manager authentication level This security setting determines which challenge/response authentication protocol is used for network logons. This choice affects the level of authentication protocol used by clients, the level of session security negotiated, and the level of authentication accepted by servers as follows: @@ -2332,7 +2332,7 @@ Windows Server 2003: Send NTLM response only Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: Send NTLMv2 response only - +
    @@ -2340,7 +2340,7 @@ Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: Send **LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients** - + @@ -2362,8 +2362,8 @@ Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: Send
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2371,8 +2371,8 @@ Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: Send
    - - + + Network security: Minimum session security for NTLM SSP based (including secure RPC) clients This security setting allows a client to require the negotiation of 128-bit encryption and/or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value. The options are: @@ -2386,7 +2386,7 @@ Windows XP, Windows Vista, Windows 2000 Server, Windows Server 2003, and Windows Windows 7 and Windows Server 2008 R2: Require 128-bit encryption - +
    @@ -2394,7 +2394,7 @@ Windows 7 and Windows Server 2008 R2: Require 128-bit encryption **LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers** - + @@ -2416,8 +2416,8 @@ Windows 7 and Windows Server 2008 R2: Require 128-bit encryption
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2425,8 +2425,8 @@ Windows 7 and Windows Server 2008 R2: Require 128-bit encryption
    - - + + Network security: Minimum session security for NTLM SSP based (including secure RPC) servers This security setting allows a server to require the negotiation of 128-bit encryption and/or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value. The options are: @@ -2440,7 +2440,7 @@ Windows XP, Windows Vista, Windows 2000 Server, Windows Server 2003, and Windows Windows 7 and Windows Server 2008 R2: Require 128-bit encryption - +
    @@ -2448,7 +2448,7 @@ Windows 7 and Windows Server 2008 R2: Require 128-bit encryption **LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon** - + @@ -2470,8 +2470,8 @@ Windows 7 and Windows Server 2008 R2: Require 128-bit encryption
    Home
    - - + + Recovery console: Allow automatic administrative logon This security setting determines if the password for the Administrator account must be given before access to the system is granted. If this option is enabled, the Recovery Console does not require you to provide a password, and it automatically logs on to the system. @@ -2483,7 +2483,7 @@ Valid values: Value type is integer. Supported operations are Add, Get, Replace, and Delete. - +
    @@ -2491,7 +2491,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. **LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn** - + @@ -2513,8 +2513,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2522,8 +2522,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    - - + + Shutdown: Allow system to be shut down without having to log on This security setting determines whether a computer can be shut down without having to log on to Windows. @@ -2540,7 +2540,7 @@ Valid values: Value type is integer. Supported operations are Add, Get, Replace, and Delete. - +
    @@ -2548,7 +2548,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. **LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile** - + @@ -2570,8 +2570,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2579,8 +2579,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    - - + + Shutdown: Clear virtual memory pagefile This security setting determines whether the virtual memory pagefile is cleared when the system is shut down. @@ -2591,7 +2591,7 @@ When this policy is enabled, it causes the system pagefile to be cleared upon cl Default: Disabled. - +
    @@ -2599,7 +2599,7 @@ Default: Disabled. **LocalPoliciesSecurityOptions/SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems** - + @@ -2621,8 +2621,8 @@ Default: Disabled.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2630,8 +2630,8 @@ Default: Disabled.
    - - + + System objects: Require case insensitivity for non-Windows subsystems This security setting determines whether case insensitivity is enforced for all subsystems. The Win32 subsystem is case insensitive. However, the kernel supports case sensitivity for other subsystems, such as POSIX. @@ -2640,7 +2640,7 @@ If this setting is enabled, case insensitivity is enforced for all directory obj Default: Enabled. - +
    @@ -2648,7 +2648,7 @@ Default: Enabled. **LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation** - + @@ -2670,8 +2670,8 @@ Default: Enabled.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2679,8 +2679,8 @@ Default: Enabled.
    - - + + User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop. This policy setting controls whether User Interface Accessibility (UIAccess or UIA) programs can automatically disable the secure desktop for elevation prompts used by a standard user. @@ -2696,7 +2696,7 @@ The secure desktop can be disabled only by the user of the interactive desktop o Value type is integer. Supported operations are Add, Get, Replace, and Delete. - +
    @@ -2704,7 +2704,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. **LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators** - + @@ -2726,8 +2726,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2735,8 +2735,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    - - + + User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode This policy setting controls the behavior of the elevation prompt for administrators. @@ -2757,7 +2757,7 @@ The options are: Value type is integer. Supported operations are Add, Get, Replace, and Delete. - +
    @@ -2765,7 +2765,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. **LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers** - + @@ -2787,8 +2787,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2796,14 +2796,14 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    - - + + User Account Control: Behavior of the elevation prompt for standard users This policy setting controls the behavior of the elevation prompt for standard users. Value type is integer. Supported operations are Add, Get, Replace, and Delete. - + The following list shows the supported values: @@ -2819,7 +2819,7 @@ The following list shows the supported values: **LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation** - + @@ -2841,8 +2841,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2850,8 +2850,8 @@ The following list shows the supported values:
    - - + + User Account Control: Detect application installations and prompt for elevation This policy setting controls the behavior of application installation detection for the computer. @@ -2862,7 +2862,7 @@ Enabled: (Default) When an application installation package is detected that req Disabled: Application installation packages are not detected and prompted for elevation. Enterprises that are running standard user desktops and use delegated installation technologies such as Group Policy Software Installation or Systems Management Server (SMS) should disable this policy setting. In this case, installer detection is unnecessary. - +
    @@ -2870,7 +2870,7 @@ Disabled: Application installation packages are not detected and prompted for el **LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated** - + @@ -2892,8 +2892,8 @@ Disabled: Application installation packages are not detected and prompted for el
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2901,8 +2901,8 @@ Disabled: Application installation packages are not detected and prompted for el
    - - + + User Account Control: Only elevate executable files that are signed and validated This policy setting enforces public key infrastructure (PKI) signature checks for any interactive applications that request elevation of privilege. Enterprise administrators can control which applications are allowed to run by adding certificates to the Trusted Publishers certificate store on local computers. @@ -2913,7 +2913,7 @@ The options are: Value type is integer. Supported operations are Add, Get, Replace, and Delete. - +
    @@ -2921,7 +2921,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. **LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations** - + @@ -2943,8 +2943,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2952,8 +2952,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    - - + + User Account Control: Only elevate UIAccess applications that are installed in secure locations This policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system. Secure locations are limited to the following: @@ -2970,7 +2970,7 @@ The options are: Value type is integer. Supported operations are Add, Get, Replace, and Delete. - +
    @@ -2978,7 +2978,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. **LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode** - + @@ -3000,8 +3000,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3009,8 +3009,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    - - + + User Account Control: Turn on Admin Approval Mode This policy setting controls the behavior of all User Account Control (UAC) policy settings for the computer. If you change this policy setting, you must restart your computer. @@ -3022,7 +3022,7 @@ The options are: Value type is integer. Supported operations are Add, Get, Replace, and Delete. - +
    @@ -3030,7 +3030,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. **LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation** - + @@ -3052,8 +3052,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3061,8 +3061,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    - - + + User Account Control: Switch to the secure desktop when prompting for elevation This policy setting controls whether the elevation request prompt is displayed on the interactive user's desktop or the secure desktop. @@ -3073,7 +3073,7 @@ The options are: Value type is integer. Supported operations are Add, Get, Replace, and Delete. - +
    @@ -3081,7 +3081,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. **LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode** - + @@ -3103,8 +3103,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3112,8 +3112,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    - - + + User Account Control: Use Admin Approval Mode for the built-in Administrator account This policy setting controls the behavior of Admin Approval Mode for the built-in Administrator account. @@ -3124,7 +3124,7 @@ The options are: • Disabled: (Default) The built-in Administrator account runs all applications with full administrative privilege. - +
    @@ -3132,7 +3132,7 @@ The options are: **LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations** - + @@ -3154,8 +3154,8 @@ The options are:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3163,15 +3163,15 @@ The options are:
    - - + + User Account Control: Virtualize file and registry write failures to per-user locations This policy setting controls whether application write failures are redirected to defined registry and file system locations. This policy setting mitigates applications that run as administrator and write run-time application data to %ProgramFiles%, %Windir%, %Windir%\system32, or HKLM\Software. Value type is integer. Supported operations are Add, Get, Replace, and Delete. - + The following list shows the supported values: diff --git a/windows/client-management/mdm/policy-csp-location.md b/windows/client-management/mdm/policy-csp-location.md index 3863b5f6b1..533c3d2f12 100644 --- a/windows/client-management/mdm/policy-csp-location.md +++ b/windows/client-management/mdm/policy-csp-location.md @@ -30,7 +30,7 @@ ms.date: 01/29/2018 **Location/EnableLocation** - + @@ -52,8 +52,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -61,8 +61,8 @@ ms.date: 01/29/2018
    - - + + Added in Windows 10, version 1703. Optional policy that allows for IT admin to preconfigure whether or not Location Service's Device Switch is enabled or disabled for the device. Setting this policy is not required for Location Services to function. This policy controls a device wide state that affects all users, apps, and services ability to find the device's latitude and longitude on a map. There is a separate user switch that defines whether the location service is allowed to retrieve a position for the current user. In order to retrieve a position for a specific user, both the Device Switch and the User Switch must be enabled. If either is disabled, positions cannot be retrieved for the user. The user can later change both the User Switch and the Device Switch through the user interface on the Settings -> Privacy -> Location page. > [!IMPORTANT] @@ -78,7 +78,7 @@ To validate on Desktop, do the following: 1. Verify that Settings -> Privacy -> Location -> Location for this device is On/Off as expected. 2. Use Windows Maps Application (or similar) to see if a location can or cannot be obtained. - +
    diff --git a/windows/client-management/mdm/policy-csp-lockdown.md b/windows/client-management/mdm/policy-csp-lockdown.md index e5f5ea3c9f..d42f28adb1 100644 --- a/windows/client-management/mdm/policy-csp-lockdown.md +++ b/windows/client-management/mdm/policy-csp-lockdown.md @@ -30,7 +30,7 @@ ms.date: 01/29/2018 **LockDown/AllowEdgeSwipe** - + @@ -52,8 +52,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -61,13 +61,13 @@ ms.date: 01/29/2018
    - - + + Added in Windows 10, version 1607. Allows the user to invoke any system user interface by swiping in from any screen edge using touch. The easiest way to verify the policy is to restart the explorer process or to reboot after the policy is applied. And then try to swipe from the right edge of the screen. The desired result is for Action Center to not be invoked by the swipe. You can also enter tablet mode and attempt to swipe from the top of the screen to rearrange. That will also be disabled. - + The following list shows the supported values: diff --git a/windows/client-management/mdm/policy-csp-maps.md b/windows/client-management/mdm/policy-csp-maps.md index 31f6725776..178bc58f12 100644 --- a/windows/client-management/mdm/policy-csp-maps.md +++ b/windows/client-management/mdm/policy-csp-maps.md @@ -33,7 +33,7 @@ ms.date: 01/29/2018 **Maps/AllowOfflineMapsDownloadOverMeteredConnection** - + @@ -55,8 +55,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -64,13 +64,13 @@ ms.date: 01/29/2018
    - - + + Added in Windows 10, version 1607. Allows the download and update of map data over metered connections. After the policy is applied, you can verify the settings in the user interface in **System** > **Offline Maps**. - + The following list shows the supported values: @@ -86,7 +86,7 @@ The following list shows the supported values: **Maps/EnableOfflineMapsAutoUpdate** - + @@ -108,8 +108,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -117,13 +117,13 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1607. Disables the automatic download and update of map data. After the policy is applied, you can verify the settings in the user interface in **System** > **Offline Maps**. - + The following list shows the supported values: diff --git a/windows/client-management/mdm/policy-csp-messaging.md b/windows/client-management/mdm/policy-csp-messaging.md index 9d52633f18..a7f3f8050a 100644 --- a/windows/client-management/mdm/policy-csp-messaging.md +++ b/windows/client-management/mdm/policy-csp-messaging.md @@ -36,7 +36,7 @@ ms.date: 01/29/2018 **Messaging/AllowMMS** - + @@ -58,8 +58,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -67,8 +67,8 @@ ms.date: 01/29/2018
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. @@ -79,7 +79,7 @@ The following list shows the supported values: - 0 - Disabled. - 1 (default) - Enabled. - +
    @@ -87,7 +87,7 @@ The following list shows the supported values: **Messaging/AllowMessageSync** - + @@ -109,8 +109,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -118,8 +118,8 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1607. Enables text message back up and restore and Messaging Everywhere. This policy allows an organization to disable these features to avoid information being stored on servers outside of their control. The following list shows the supported values: @@ -127,7 +127,7 @@ The following list shows the supported values: - 0 - message sync is not allowed and cannot be changed by the user. - 1 - message sync is allowed. The user can change this setting. - +
    @@ -135,7 +135,7 @@ The following list shows the supported values: **Messaging/AllowRCS** - + @@ -157,8 +157,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -166,8 +166,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. @@ -178,7 +178,7 @@ The following list shows the supported values: - 0 - Disabled. - 1 (default) - Enabled. - +
    diff --git a/windows/client-management/mdm/policy-csp-networkisolation.md b/windows/client-management/mdm/policy-csp-networkisolation.md index 63b61350a9..bbbe2fb3fa 100644 --- a/windows/client-management/mdm/policy-csp-networkisolation.md +++ b/windows/client-management/mdm/policy-csp-networkisolation.md @@ -51,7 +51,7 @@ ms.date: 01/29/2018 **NetworkIsolation/EnterpriseCloudResources** - + @@ -73,8 +73,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -82,11 +82,11 @@ ms.date: 01/29/2018
    - - + + Contains a list of Enterprise resource domains hosted in the cloud that need to be protected. Connections to these resources are considered enterprise data. If a proxy is paired with a cloud resource, traffic to the cloud resource will be routed through the enterprise network via the denoted proxy server (on Port 80). A proxy server used for this purpose must also be configured using the **EnterpriseInternalProxyServers** policy. This domain list is a pipe-separated list of cloud resources. Each cloud resource can also be paired optionally with an internal proxy server by using a trailing comma followed by the proxy address. For example, **<*cloudresource*>|<*cloudresource*>|<*cloudresource*>,<*proxy*>|<*cloudresource*>|<*cloudresource*>,<*proxy*>|**. - +
    @@ -94,7 +94,7 @@ Contains a list of Enterprise resource domains hosted in the cloud that need to **NetworkIsolation/EnterpriseIPRange** - + @@ -116,8 +116,8 @@ Contains a list of Enterprise resource domains hosted in the cloud that need to
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -125,11 +125,11 @@ Contains a list of Enterprise resource domains hosted in the cloud that need to
    - - + + Sets the enterprise IP ranges that define the computers in the enterprise network. Data that comes from those computers will be considered part of the enterprise and protected. These locations will be considered a safe destination for enterprise data to be shared to. This is a comma-separated list of IPv4 and IPv6 ranges. - + For example: @@ -150,7 +150,7 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff **NetworkIsolation/EnterpriseIPRangesAreAuthoritative** - + @@ -172,8 +172,8 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -181,11 +181,11 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
    - - + + Boolean value that tells the client to accept the configured list and not to use heuristics to attempt to find other subnets. - +
    @@ -193,7 +193,7 @@ Boolean value that tells the client to accept the configured list and not to use **NetworkIsolation/EnterpriseInternalProxyServers** - + @@ -215,8 +215,8 @@ Boolean value that tells the client to accept the configured list and not to use
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -224,11 +224,11 @@ Boolean value that tells the client to accept the configured list and not to use
    - - + + This is the comma-separated list of internal proxy servers. For example "157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59". These proxies have been configured by the admin to connect to specific resources on the Internet. They are considered to be enterprise network locations. The proxies are only leveraged in configuring the **EnterpriseCloudResources** policy to force traffic to the matched cloud resources through these proxies. - +
    @@ -236,7 +236,7 @@ This is the comma-separated list of internal proxy servers. For example "157.54. **NetworkIsolation/EnterpriseNetworkDomainNames** - + @@ -258,8 +258,8 @@ This is the comma-separated list of internal proxy servers. For example "157.54.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -267,8 +267,8 @@ This is the comma-separated list of internal proxy servers. For example "157.54.
    - - + + This is the list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device will be considered enterprise data and protected These locations will be considered a safe destination for enterprise data to be shared to. This is a comma-separated list of domains, for example "contoso.sharepoint.com, Fabrikam.com". > [!NOTE] @@ -281,7 +281,7 @@ Here are the steps to create canonical domain names: 2. Call [IdnToAscii](https://msdn.microsoft.com/library/windows/desktop/dd318149.aspx) with IDN\_USE\_STD3\_ASCII\_RULES as the flags. 3. Call [IdnToUnicode](https://msdn.microsoft.com/library/windows/desktop/dd318151.aspx) with no flags set (dwFlags = 0). - +
    @@ -289,7 +289,7 @@ Here are the steps to create canonical domain names: **NetworkIsolation/EnterpriseProxyServers** - + @@ -311,8 +311,8 @@ Here are the steps to create canonical domain names:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -320,11 +320,11 @@ Here are the steps to create canonical domain names:
    - - + + This is a comma-separated list of proxy servers. Any server on this list is considered non-enterprise. For example "157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59". - +
    @@ -332,7 +332,7 @@ This is a comma-separated list of proxy servers. Any server on this list is cons **NetworkIsolation/EnterpriseProxyServersAreAuthoritative** - + @@ -354,8 +354,8 @@ This is a comma-separated list of proxy servers. Any server on this list is cons
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -363,11 +363,11 @@ This is a comma-separated list of proxy servers. Any server on this list is cons
    - - + + Boolean value that tells the client to accept the configured list of proxies and not try to detect other work proxies. - +
    @@ -375,7 +375,7 @@ Boolean value that tells the client to accept the configured list of proxies and **NetworkIsolation/NeutralResources** - + @@ -397,8 +397,8 @@ Boolean value that tells the client to accept the configured list of proxies and
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -406,11 +406,11 @@ Boolean value that tells the client to accept the configured list of proxies and
    - - + + List of domain names that can used for work or personal resource. - +
    diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md index 3086806c49..767c680221 100644 --- a/windows/client-management/mdm/policy-csp-notifications.md +++ b/windows/client-management/mdm/policy-csp-notifications.md @@ -30,7 +30,7 @@ ms.date: 01/29/2018 **Notifications/DisallowNotificationMirroring** - + @@ -52,8 +52,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -61,15 +61,15 @@ ms.date: 01/29/2018
    - - + + Added in Windows 10, version 1607. Boolean value that turns off notification mirroring. For each user logged into the device, if you enable this policy (set value to 1) the app and system notifications received by this user on this device will not get mirrored to other devices of the same logged in user. If you disable or do not configure this policy (set value to 0) the notifications received by this user on this device will be mirrored to other devices of the same logged in user. This feature can be turned off by apps that do not want to participate in Notification Mirroring. This feature can also be turned off by the user in the Cortana setting page. No reboot or service restart is required for this policy to take effect. - + The following list shows the supported values: diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md index ac601b4c93..8de63327aa 100644 --- a/windows/client-management/mdm/policy-csp-power.md +++ b/windows/client-management/mdm/policy-csp-power.md @@ -54,7 +54,7 @@ ms.date: 01/29/2018 **Power/AllowStandbyWhenSleepingPluggedIn** - + @@ -76,8 +76,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -85,15 +85,15 @@ ms.date: 01/29/2018
    - - + + This policy setting manages whether or not Windows is allowed to use standby states when putting the computer in a sleep state. If you enable or do not configure this policy setting, Windows uses standby states to put the computer in a sleep state. If you disable this policy setting, standby states (S1-S3) are not allowed. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -101,14 +101,14 @@ If you disable this policy setting, standby states (S1-S3) are not allowed. > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow standby states (S1-S3) when sleeping (plugged in)* - GP name: *AllowStandbyStatesAC_2* - GP path: *System/Power Management/Sleep Settings* - GP ADMX file name: *power.admx* - +
    @@ -116,7 +116,7 @@ ADMX Info: **Power/DisplayOffTimeoutOnBattery** - + @@ -138,8 +138,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -147,8 +147,8 @@ ADMX Info:
    - - + + Added in Windows 10, version 1709. Turn off the display (on battery). This policy setting allows you to specify the period of inactivity before Windows turns off the display. If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the display. @@ -157,7 +157,7 @@ If you disable or do not configure this policy setting, users control this setti If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the display from turning off. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -165,14 +165,14 @@ If the user has configured a slide show to run on the lock screen when the machi > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn off the display (on battery)* - GP name: *VideoPowerDownTimeOutDC_2* - GP path: *System/Power Management/Video and Display Settings* - GP ADMX file name: *power.admx* - +
    @@ -180,7 +180,7 @@ ADMX Info: **Power/DisplayOffTimeoutPluggedIn** - + @@ -202,8 +202,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -211,8 +211,8 @@ ADMX Info:
    - - + + Added in Windows 10, version 1709. Turn off the display (plugged in). This policy setting allows you to specify the period of inactivity before Windows turns off the display. If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the display. @@ -221,7 +221,7 @@ If you disable or do not configure this policy setting, users control this setti If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the display from turning off. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -229,14 +229,14 @@ If the user has configured a slide show to run on the lock screen when the machi > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn off the display (plugged in)* - GP name: *VideoPowerDownTimeOutAC_2* - GP path: *System/Power Management/Video and Display Settings* - GP ADMX file name: *power.admx* - +
    @@ -244,7 +244,7 @@ ADMX Info: **Power/HibernateTimeoutOnBattery** - + @@ -266,8 +266,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -275,8 +275,8 @@ ADMX Info:
    - - + + Added in Windows 10, version 1709. Specify the system hibernate timeout (on battery). This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate. If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to hibernate. @@ -286,7 +286,7 @@ If you disable or do not configure this policy setting, users control this setti If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -294,14 +294,14 @@ If the user has configured a slide show to run on the lock screen when the machi > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Specify the system hibernate timeout (on battery)* - GP name: *DCHibernateTimeOut_2* - GP path: *System/Power Management/Sleep Settings* - GP ADMX file name: *power.admx* - +
    @@ -309,7 +309,7 @@ ADMX Info: **Power/HibernateTimeoutPluggedIn** - + @@ -331,8 +331,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -340,8 +340,8 @@ ADMX Info:
    - - + + Added in Windows 10, version 1709. Specify the system hibernate timeout (plugged in). This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate. If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to hibernate. @@ -350,7 +350,7 @@ If you disable or do not configure this policy setting, users control this setti If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -358,14 +358,14 @@ If the user has configured a slide show to run on the lock screen when the machi > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Specify the system hibernate timeout (plugged in)* - GP name: *ACHibernateTimeOut_2* - GP path: *System/Power Management/Sleep Settings* - GP ADMX file name: *power.admx* - +
    @@ -373,7 +373,7 @@ ADMX Info: **Power/RequirePasswordWhenComputerWakesOnBattery** - + @@ -395,8 +395,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -404,15 +404,15 @@ ADMX Info:
    - - + + This policy setting specifies whether or not the user is prompted for a password when the system resumes from sleep. If you enable or do not configure this policy setting, the user is prompted for a password when the system resumes from sleep. If you disable this policy setting, the user is not prompted for a password when the system resumes from sleep. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -420,14 +420,14 @@ If you disable this policy setting, the user is not prompted for a password when > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Require a password when a computer wakes (on battery)* - GP name: *DCPromptForPasswordOnResume_2* - GP path: *System/Power Management/Sleep Settings* - GP ADMX file name: *power.admx* - +
    @@ -435,7 +435,7 @@ ADMX Info: **Power/RequirePasswordWhenComputerWakesPluggedIn** - + @@ -457,8 +457,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -466,15 +466,15 @@ ADMX Info:
    - - + + This policy setting specifies whether or not the user is prompted for a password when the system resumes from sleep. If you enable or do not configure this policy setting, the user is prompted for a password when the system resumes from sleep. If you disable this policy setting, the user is not prompted for a password when the system resumes from sleep. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -482,14 +482,14 @@ If you disable this policy setting, the user is not prompted for a password when > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Require a password when a computer wakes (plugged in)* - GP name: *ACPromptForPasswordOnResume_2* - GP path: *System/Power Management/Sleep Settings* - GP ADMX file name: *power.admx* - +
    @@ -497,7 +497,7 @@ ADMX Info: **Power/StandbyTimeoutOnBattery** - + @@ -519,8 +519,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -528,8 +528,8 @@ ADMX Info:
    - - + + Added in Windows 10, version 1709. Specify the system sleep timeout (on battery). This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep. If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to sleep. @@ -538,7 +538,7 @@ If you disable or do not configure this policy setting, users control this setti If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -546,14 +546,14 @@ If the user has configured a slide show to run on the lock screen when the machi > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Specify the system sleep timeout (on battery)* - GP name: *DCStandbyTimeOut_2* - GP path: *System/Power Management/Sleep Settings* - GP ADMX file name: *power.admx* - +
    @@ -561,7 +561,7 @@ ADMX Info: **Power/StandbyTimeoutPluggedIn** - + @@ -583,8 +583,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -592,8 +592,8 @@ ADMX Info:
    - - + + Added in Windows 10, version 1709. Specify the system sleep timeout (plugged in). This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep. If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to sleep. @@ -602,7 +602,7 @@ If you disable or do not configure this policy setting, users control this setti If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -610,14 +610,14 @@ If the user has configured a slide show to run on the lock screen when the machi > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Specify the system sleep timeout (plugged in)* - GP name: *ACStandbyTimeOut_2* - GP path: *System/Power Management/Sleep Settings* - GP ADMX file name: *power.admx* - +
    diff --git a/windows/client-management/mdm/policy-csp-printers.md b/windows/client-management/mdm/policy-csp-printers.md index dc79350f3f..e6535304b1 100644 --- a/windows/client-management/mdm/policy-csp-printers.md +++ b/windows/client-management/mdm/policy-csp-printers.md @@ -36,7 +36,7 @@ ms.date: 01/29/2018 **Printers/PointAndPrintRestrictions** - + @@ -58,8 +58,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -67,8 +67,8 @@ ms.date: 01/29/2018
    - - + + This policy setting controls the client Point and Print behavior, including the security prompts for Windows Vista computers. The policy setting applies only to non-Print Administrator clients, and only to computers that are members of a domain. If you enable this policy setting: @@ -88,7 +88,7 @@ If you disable this policy setting: -Windows Server 2003 and Windows XP client computers can create a printer connection to any server using Point and Print. -The "Users can only point and print to computers in their forest" setting applies only to Windows Server 2003 and Windows XP SP1 (and later service packs). - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -96,14 +96,14 @@ If you disable this policy setting: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Point and Print Restrictions* - GP name: *PointAndPrint_Restrictions_Win7* - GP path: *Printers* - GP ADMX file name: *Printing.admx* - +
    @@ -111,7 +111,7 @@ ADMX Info: **Printers/PointAndPrintRestrictions_User** - + @@ -133,8 +133,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -142,8 +142,8 @@ ADMX Info:
    - - + + This policy setting controls the client Point and Print behavior, including the security prompts for Windows Vista computers. The policy setting applies only to non-Print Administrator clients, and only to computers that are members of a domain. If you enable this policy setting: @@ -163,7 +163,7 @@ If you disable this policy setting: -Windows Server 2003 and Windows XP client computers can create a printer connection to any server using Point and Print. -The "Users can only point and print to computers in their forest" setting applies only to Windows Server 2003 and Windows XP SP1 (and later service packs). - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -171,14 +171,14 @@ If you disable this policy setting: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Point and Print Restrictions* - GP name: *PointAndPrint_Restrictions* - GP path: *Control Panel/Printers* - GP ADMX file name: *Printing.admx* - +
    @@ -186,7 +186,7 @@ ADMX Info: **Printers/PublishPrinters** - + @@ -208,8 +208,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -217,8 +217,8 @@ ADMX Info:
    - - + + Determines whether the computer's shared printers can be published in Active Directory. If you enable this setting or do not configure it, users can use the "List in directory" option in the Printer's Properties' Sharing tab to publish shared printers in Active Directory. @@ -227,7 +227,7 @@ If you disable this setting, this computer's shared printers cannot be published Note: This settings takes priority over the setting "Automatically publish new printers in the Active Directory". - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -235,14 +235,14 @@ Note: This settings takes priority over the setting "Automatically publish new p > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow printers to be published* - GP name: *PublishPrinters* - GP path: *Printers* - GP ADMX file name: *Printing2.admx* - +
    diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md index 8cc054a89b..79f182b572 100644 --- a/windows/client-management/mdm/policy-csp-privacy.md +++ b/windows/client-management/mdm/policy-csp-privacy.md @@ -258,7 +258,7 @@ ms.date: 01/29/2018 **Privacy/AllowAutoAcceptPairingAndPrivacyConsentPrompts** - + @@ -280,8 +280,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -289,8 +289,8 @@ ms.date: 01/29/2018
    - - + + Allows or disallows the automatic acceptance of the pairing and privacy user consent dialog when launching apps. > [!Note] @@ -299,7 +299,7 @@ Allows or disallows the automatic acceptance of the pairing and privacy user con Most restricted value is 0. - + The following list shows the supported values: @@ -314,7 +314,7 @@ The following list shows the supported values: **Privacy/AllowInputPersonalization** - + @@ -336,8 +336,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -345,13 +345,13 @@ The following list shows the supported values:
    - - + + Updated in Windows 10, version 1709. Allows the usage of cloud based speech services for Cortana, dictation, or Store applications. Setting this policy to 1, lets Microsoft use the user's voice data to improve cloud speech services for all users. Most restricted value is 0. - + The following list shows the supported values: @@ -366,7 +366,7 @@ The following list shows the supported values: **Privacy/DisableAdvertisingId** - + @@ -388,8 +388,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -397,13 +397,13 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1607. Enables or disables the Advertising ID. Most restricted value is 0. - + The following list shows the supported values: @@ -419,7 +419,7 @@ The following list shows the supported values: **Privacy/EnableActivityFeed** - + @@ -441,8 +441,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -450,11 +450,11 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1709. Allows IT Admins to allow Apps/OS to publish to the activity feed. - + The following list shows the supported values: @@ -469,7 +469,7 @@ The following list shows the supported values: **Privacy/LetAppsAccessAccountInfo** - + @@ -491,8 +491,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -500,8 +500,8 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1607. Specifies whether Windows apps can access account information. The following list shows the supported values: @@ -512,7 +512,7 @@ The following list shows the supported values: Most restricted value is 2. - +
    @@ -520,7 +520,7 @@ Most restricted value is 2. **Privacy/LetAppsAccessAccountInfo_ForceAllowTheseApps** - + @@ -542,8 +542,8 @@ Most restricted value is 2.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -551,11 +551,11 @@ Most restricted value is 2.
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps. - +
    @@ -563,7 +563,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessAccountInfo_ForceDenyTheseApps** - + @@ -585,8 +585,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -594,11 +594,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps. - +
    @@ -606,7 +606,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessAccountInfo_UserInControlOfTheseApps** - + @@ -628,8 +628,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -637,11 +637,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the account information privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps. - +
    @@ -649,7 +649,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessCalendar** - + @@ -671,8 +671,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -680,8 +680,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. Specifies whether Windows apps can access the calendar. The following list shows the supported values: @@ -692,7 +692,7 @@ The following list shows the supported values: Most restricted value is 2. - +
    @@ -700,7 +700,7 @@ Most restricted value is 2. **Privacy/LetAppsAccessCalendar_ForceAllowTheseApps** - + @@ -722,8 +722,8 @@ Most restricted value is 2.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -731,11 +731,11 @@ Most restricted value is 2.
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps. - +
    @@ -743,7 +743,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessCalendar_ForceDenyTheseApps** - + @@ -765,8 +765,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -774,11 +774,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps. - +
    @@ -786,7 +786,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessCalendar_UserInControlOfTheseApps** - + @@ -808,8 +808,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -817,11 +817,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the calendar privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps. - +
    @@ -829,7 +829,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessCallHistory** - + @@ -851,8 +851,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -860,8 +860,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. Specifies whether Windows apps can access call history. The following list shows the supported values: @@ -872,7 +872,7 @@ The following list shows the supported values: Most restricted value is 2. - +
    @@ -880,7 +880,7 @@ Most restricted value is 2. **Privacy/LetAppsAccessCallHistory_ForceAllowTheseApps** - + @@ -902,8 +902,8 @@ Most restricted value is 2.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -911,11 +911,11 @@ Most restricted value is 2.
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps. - +
    @@ -923,7 +923,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessCallHistory_ForceDenyTheseApps** - + @@ -945,8 +945,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -954,11 +954,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps. - +
    @@ -966,7 +966,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessCallHistory_UserInControlOfTheseApps** - + @@ -988,8 +988,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -997,11 +997,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the call history privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps. - +
    @@ -1009,7 +1009,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessCamera** - + @@ -1031,8 +1031,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1040,8 +1040,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. Specifies whether Windows apps can access the camera. The following list shows the supported values: @@ -1052,7 +1052,7 @@ The following list shows the supported values: Most restricted value is 2. - +
    @@ -1060,7 +1060,7 @@ Most restricted value is 2. **Privacy/LetAppsAccessCamera_ForceAllowTheseApps** - + @@ -1082,8 +1082,8 @@ Most restricted value is 2.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1091,11 +1091,11 @@ Most restricted value is 2.
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps. - +
    @@ -1103,7 +1103,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessCamera_ForceDenyTheseApps** - + @@ -1125,8 +1125,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1134,11 +1134,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps. - +
    @@ -1146,7 +1146,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessCamera_UserInControlOfTheseApps** - + @@ -1168,8 +1168,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1177,11 +1177,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the camera privacy setting for the listed apps. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps. - +
    @@ -1189,7 +1189,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessContacts** - + @@ -1211,8 +1211,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1220,8 +1220,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. Specifies whether Windows apps can access contacts. The following list shows the supported values: @@ -1232,7 +1232,7 @@ The following list shows the supported values: Most restricted value is 2. - +
    @@ -1240,7 +1240,7 @@ Most restricted value is 2. **Privacy/LetAppsAccessContacts_ForceAllowTheseApps** - + @@ -1262,8 +1262,8 @@ Most restricted value is 2.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1271,11 +1271,11 @@ Most restricted value is 2.
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps. - +
    @@ -1283,7 +1283,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessContacts_ForceDenyTheseApps** - + @@ -1305,8 +1305,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1314,11 +1314,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps. - +
    @@ -1326,7 +1326,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessContacts_UserInControlOfTheseApps** - + @@ -1348,8 +1348,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1357,11 +1357,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the contacts privacy setting for the listed apps. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps. - +
    @@ -1369,7 +1369,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessEmail** - + @@ -1391,8 +1391,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1400,8 +1400,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. Specifies whether Windows apps can access email. The following list shows the supported values: @@ -1412,7 +1412,7 @@ The following list shows the supported values: Most restricted value is 2. - +
    @@ -1420,7 +1420,7 @@ Most restricted value is 2. **Privacy/LetAppsAccessEmail_ForceAllowTheseApps** - + @@ -1442,8 +1442,8 @@ Most restricted value is 2.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1451,11 +1451,11 @@ Most restricted value is 2.
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps. - +
    @@ -1463,7 +1463,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessEmail_ForceDenyTheseApps** - + @@ -1485,8 +1485,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1494,11 +1494,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps. - +
    @@ -1506,7 +1506,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessEmail_UserInControlOfTheseApps** - + @@ -1528,8 +1528,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1537,11 +1537,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the email privacy setting for the listed apps. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps. - +
    @@ -1549,7 +1549,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessLocation** - + @@ -1571,8 +1571,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1580,8 +1580,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. Specifies whether Windows apps can access location. The following list shows the supported values: @@ -1592,7 +1592,7 @@ The following list shows the supported values: Most restricted value is 2. - +
    @@ -1600,7 +1600,7 @@ Most restricted value is 2. **Privacy/LetAppsAccessLocation_ForceAllowTheseApps** - + @@ -1622,8 +1622,8 @@ Most restricted value is 2.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1631,11 +1631,11 @@ Most restricted value is 2.
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps. - +
    @@ -1643,7 +1643,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessLocation_ForceDenyTheseApps** - + @@ -1665,8 +1665,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1674,11 +1674,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps. - +
    @@ -1686,7 +1686,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessLocation_UserInControlOfTheseApps** - + @@ -1708,8 +1708,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1717,11 +1717,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the location privacy setting for the listed apps. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps. - +
    @@ -1729,7 +1729,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessMessaging** - + @@ -1751,8 +1751,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1760,8 +1760,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. Specifies whether Windows apps can read or send messages (text or MMS). The following list shows the supported values: @@ -1772,7 +1772,7 @@ The following list shows the supported values: Most restricted value is 2. - +
    @@ -1780,7 +1780,7 @@ Most restricted value is 2. **Privacy/LetAppsAccessMessaging_ForceAllowTheseApps** - + @@ -1802,8 +1802,8 @@ Most restricted value is 2.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1811,11 +1811,11 @@ Most restricted value is 2.
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps. - +
    @@ -1823,7 +1823,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessMessaging_ForceDenyTheseApps** - + @@ -1845,8 +1845,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1854,11 +1854,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are not allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps. - +
    @@ -1866,7 +1866,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessMessaging_UserInControlOfTheseApps** - + @@ -1888,8 +1888,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1897,11 +1897,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the messaging privacy setting for the listed apps. This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps. - +
    @@ -1909,7 +1909,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessMicrophone** - + @@ -1931,8 +1931,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1940,8 +1940,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. Specifies whether Windows apps can access the microphone. The following list shows the supported values: @@ -1952,7 +1952,7 @@ The following list shows the supported values: Most restricted value is 2. - +
    @@ -1960,7 +1960,7 @@ Most restricted value is 2. **Privacy/LetAppsAccessMicrophone_ForceAllowTheseApps** - + @@ -1982,8 +1982,8 @@ Most restricted value is 2.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1991,11 +1991,11 @@ Most restricted value is 2.
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps. - +
    @@ -2003,7 +2003,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessMicrophone_ForceDenyTheseApps** - + @@ -2025,8 +2025,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2034,11 +2034,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps. - +
    @@ -2046,7 +2046,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessMicrophone_UserInControlOfTheseApps** - + @@ -2068,8 +2068,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2077,11 +2077,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the microphone privacy setting for the listed apps. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps. - +
    @@ -2089,7 +2089,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessMotion** - + @@ -2111,8 +2111,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2120,8 +2120,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. Specifies whether Windows apps can access motion data. The following list shows the supported values: @@ -2132,7 +2132,7 @@ The following list shows the supported values: Most restricted value is 2. - +
    @@ -2140,7 +2140,7 @@ Most restricted value is 2. **Privacy/LetAppsAccessMotion_ForceAllowTheseApps** - + @@ -2162,8 +2162,8 @@ Most restricted value is 2.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2171,11 +2171,11 @@ Most restricted value is 2.
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps. - +
    @@ -2183,7 +2183,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessMotion_ForceDenyTheseApps** - + @@ -2205,8 +2205,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2214,11 +2214,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps. - +
    @@ -2226,7 +2226,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessMotion_UserInControlOfTheseApps** - + @@ -2248,8 +2248,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2257,11 +2257,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the motion privacy setting for the listed apps. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps. - +
    @@ -2269,7 +2269,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessNotifications** - + @@ -2291,8 +2291,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2300,8 +2300,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. Specifies whether Windows apps can access notifications. The following list shows the supported values: @@ -2312,7 +2312,7 @@ The following list shows the supported values: Most restricted value is 2. - +
    @@ -2320,7 +2320,7 @@ Most restricted value is 2. **Privacy/LetAppsAccessNotifications_ForceAllowTheseApps** - + @@ -2342,8 +2342,8 @@ Most restricted value is 2.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2351,11 +2351,11 @@ Most restricted value is 2.
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps. - +
    @@ -2363,7 +2363,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessNotifications_ForceDenyTheseApps** - + @@ -2385,8 +2385,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2394,11 +2394,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps. - +
    @@ -2406,7 +2406,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessNotifications_UserInControlOfTheseApps** - + @@ -2428,8 +2428,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2437,11 +2437,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the notifications privacy setting for the listed apps. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps. - +
    @@ -2449,7 +2449,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessPhone** - + @@ -2471,8 +2471,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2480,8 +2480,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. Specifies whether Windows apps can make phone calls. The following list shows the supported values: @@ -2492,7 +2492,7 @@ The following list shows the supported values: Most restricted value is 2. - +
    @@ -2500,7 +2500,7 @@ Most restricted value is 2. **Privacy/LetAppsAccessPhone_ForceAllowTheseApps** - + @@ -2522,8 +2522,8 @@ Most restricted value is 2.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2531,11 +2531,11 @@ Most restricted value is 2.
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps. - +
    @@ -2543,7 +2543,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessPhone_ForceDenyTheseApps** - + @@ -2565,8 +2565,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2574,11 +2574,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are not allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps. - +
    @@ -2586,7 +2586,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessPhone_UserInControlOfTheseApps** - + @@ -2608,8 +2608,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2617,11 +2617,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the phone call privacy setting for the listed apps. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps. - +
    @@ -2629,7 +2629,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessRadios** - + @@ -2651,8 +2651,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2660,8 +2660,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. Specifies whether Windows apps have access to control radios. The following list shows the supported values: @@ -2672,7 +2672,7 @@ The following list shows the supported values: Most restricted value is 2. - +
    @@ -2680,7 +2680,7 @@ Most restricted value is 2. **Privacy/LetAppsAccessRadios_ForceAllowTheseApps** - + @@ -2702,8 +2702,8 @@ Most restricted value is 2.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2711,11 +2711,11 @@ Most restricted value is 2.
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps. - +
    @@ -2723,7 +2723,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessRadios_ForceDenyTheseApps** - + @@ -2745,8 +2745,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2754,11 +2754,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps. - +
    @@ -2766,7 +2766,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessRadios_UserInControlOfTheseApps** - + @@ -2788,8 +2788,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2797,11 +2797,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the radios privacy setting for the listed apps. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps. - +
    @@ -2809,7 +2809,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessTasks** - + @@ -2831,8 +2831,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2840,11 +2840,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1703. Specifies whether Windows apps can access tasks. - +
    @@ -2852,7 +2852,7 @@ Added in Windows 10, version 1703. Specifies whether Windows apps can access tas **Privacy/LetAppsAccessTasks_ForceAllowTheseApps** - + @@ -2874,8 +2874,8 @@ Added in Windows 10, version 1703. Specifies whether Windows apps can access tas
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2883,11 +2883,11 @@ Added in Windows 10, version 1703. Specifies whether Windows apps can access tas
    - - + + Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps. - +
    @@ -2895,7 +2895,7 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family N **Privacy/LetAppsAccessTasks_ForceDenyTheseApps** - + @@ -2917,8 +2917,8 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family N
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2926,11 +2926,11 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family N
    - - + + Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps. - +
    @@ -2938,7 +2938,7 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family N **Privacy/LetAppsAccessTasks_UserInControlOfTheseApps** - + @@ -2960,8 +2960,8 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family N
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2969,11 +2969,11 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family N
    - - + + Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the tasks privacy setting for the listed apps. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps. - +
    @@ -2981,7 +2981,7 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family N **Privacy/LetAppsAccessTrustedDevices** - + @@ -3003,8 +3003,8 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family N
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3012,8 +3012,8 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family N
    - - + + Added in Windows 10, version 1607. Specifies whether Windows apps can access trusted devices. The following list shows the supported values: @@ -3024,7 +3024,7 @@ The following list shows the supported values: Most restricted value is 2. - +
    @@ -3032,7 +3032,7 @@ Most restricted value is 2. **Privacy/LetAppsAccessTrustedDevices_ForceAllowTheseApps** - + @@ -3054,8 +3054,8 @@ Most restricted value is 2.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3063,11 +3063,11 @@ Most restricted value is 2.
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps. - +
    @@ -3075,7 +3075,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessTrustedDevices_ForceDenyTheseApps** - + @@ -3097,8 +3097,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3106,11 +3106,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps. - +
    @@ -3118,7 +3118,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessTrustedDevices_UserInControlOfTheseApps** - + @@ -3140,8 +3140,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3149,11 +3149,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'trusted devices' privacy setting for the listed apps. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps. - +
    @@ -3161,7 +3161,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsGetDiagnosticInfo** - + @@ -3183,8 +3183,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3192,8 +3192,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1703. Force allow, force deny or give user control of apps that can get diagnostic information about other running apps. The following list shows the supported values: @@ -3204,7 +3204,7 @@ The following list shows the supported values: Most restricted value is 2. - +
    @@ -3212,7 +3212,7 @@ Most restricted value is 2. **Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps** - + @@ -3234,8 +3234,8 @@ Most restricted value is 2.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3243,11 +3243,11 @@ Most restricted value is 2.
    - - + + Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to diagnostic information about other running apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps. - +
    @@ -3255,7 +3255,7 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family **Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps** - + @@ -3277,8 +3277,8 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3286,11 +3286,11 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to diagnostic information about other running apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps. - +
    @@ -3298,7 +3298,7 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family **Privacy/LetAppsGetDiagnosticInfo_UserInControlOfTheseApps** - + @@ -3320,8 +3320,8 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3329,11 +3329,11 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'get diagnostic info' privacy setting for the listed apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps. - +
    @@ -3341,7 +3341,7 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family **Privacy/LetAppsRunInBackground** - + @@ -3363,8 +3363,8 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3372,8 +3372,8 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1703. Specifies whether Windows apps can run in the background. The following list shows the supported values: @@ -3386,7 +3386,7 @@ Most restricted value is 2. > [!WARNING] > Be careful when determining which apps should have their background activity disabled. Communication apps normally update tiles and notifications through background processes. Turning off background activity for these types of apps could cause text message, email, and voicemail notifications to not function. This could also cause background email syncing to not function properly. - +
    @@ -3394,7 +3394,7 @@ Most restricted value is 2. **Privacy/LetAppsRunInBackground_ForceAllowTheseApps** - + @@ -3416,8 +3416,8 @@ Most restricted value is 2.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3425,11 +3425,11 @@ Most restricted value is 2.
    - - + + Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are able to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps. - +
    @@ -3437,7 +3437,7 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family **Privacy/LetAppsRunInBackground_ForceDenyTheseApps** - + @@ -3459,8 +3459,8 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3468,11 +3468,11 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied the ability to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps. - +
    @@ -3480,7 +3480,7 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family **Privacy/LetAppsRunInBackground_UserInControlOfTheseApps** - + @@ -3502,8 +3502,8 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3511,11 +3511,11 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the background apps privacy setting for the listed apps. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps. - +
    @@ -3523,7 +3523,7 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family **Privacy/LetAppsSyncWithDevices** - + @@ -3545,8 +3545,8 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3554,8 +3554,8 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. Specifies whether Windows apps can sync with devices. The following list shows the supported values: @@ -3566,7 +3566,7 @@ The following list shows the supported values: Most restricted value is 2. - +
    @@ -3574,7 +3574,7 @@ Most restricted value is 2. **Privacy/LetAppsSyncWithDevices_ForceAllowTheseApps** - + @@ -3596,8 +3596,8 @@ Most restricted value is 2.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3605,11 +3605,11 @@ Most restricted value is 2.
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to sync with devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps. - +
    @@ -3617,7 +3617,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsSyncWithDevices_ForceDenyTheseApps** - + @@ -3639,8 +3639,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3648,11 +3648,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to sync with devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps. - +
    @@ -3660,7 +3660,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsSyncWithDevices_UserInControlOfTheseApps** - + @@ -3682,8 +3682,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3691,11 +3691,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'sync with devices' privacy setting for the listed apps. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps. - +
    @@ -3703,7 +3703,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/PublishUserActivities** - + @@ -3725,8 +3725,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3734,11 +3734,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1709. Allows It Admins to enable publishing of user activities to the activity feed. - + The following list shows the supported values: diff --git a/windows/client-management/mdm/policy-csp-remoteassistance.md b/windows/client-management/mdm/policy-csp-remoteassistance.md index b0b51ab819..25c6878ae9 100644 --- a/windows/client-management/mdm/policy-csp-remoteassistance.md +++ b/windows/client-management/mdm/policy-csp-remoteassistance.md @@ -39,7 +39,7 @@ ms.date: 01/29/2018 **RemoteAssistance/CustomizeWarningMessages** - + @@ -61,8 +61,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -70,8 +70,8 @@ ms.date: 01/29/2018
    - - + + This policy setting lets you customize warning messages. The "Display warning message before sharing control" policy setting allows you to specify a custom message to display before a user shares control of his or her computer. @@ -84,7 +84,7 @@ If you disable this policy setting, the user sees the default warning message. If you do not configure this policy setting, the user sees the default warning message. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -92,14 +92,14 @@ If you do not configure this policy setting, the user sees the default warning m > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Customize warning messages* - GP name: *RA_Options* - GP path: *System/Remote Assistance* - GP ADMX file name: *remoteassistance.admx* - +
    @@ -107,7 +107,7 @@ ADMX Info: **RemoteAssistance/SessionLogging** - + @@ -129,8 +129,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -138,8 +138,8 @@ ADMX Info:
    - - + + This policy setting allows you to turn logging on or off. Log files are located in the user's Documents folder under Remote Assistance. If you enable this policy setting, log files are generated. @@ -148,7 +148,7 @@ If you disable this policy setting, log files are not generated. If you do not configure this setting, application-based settings are used. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -156,14 +156,14 @@ If you do not configure this setting, application-based settings are used. > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn on session logging* - GP name: *RA_Logging* - GP path: *System/Remote Assistance* - GP ADMX file name: *remoteassistance.admx* - +
    @@ -171,7 +171,7 @@ ADMX Info: **RemoteAssistance/SolicitedRemoteAssistance** - + @@ -193,8 +193,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -202,8 +202,8 @@ ADMX Info:
    - - + + This policy setting allows you to turn on or turn off Solicited (Ask for) Remote Assistance on this computer. If you enable this policy setting, users on this computer can use email or file transfer to ask someone for help. Also, users can use instant messaging programs to allow connections to this computer, and you can configure additional Remote Assistance settings. @@ -220,7 +220,7 @@ The "Select the method for sending email invitations" setting specifies which em If you enable this policy setting you should also enable appropriate firewall exceptions to allow Remote Assistance communications. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -228,14 +228,14 @@ If you enable this policy setting you should also enable appropriate firewall ex > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Configure Solicited Remote Assistance* - GP name: *RA_Solicit* - GP path: *System/Remote Assistance* - GP ADMX file name: *remoteassistance.admx* - +
    @@ -243,7 +243,7 @@ ADMX Info: **RemoteAssistance/UnsolicitedRemoteAssistance** - + @@ -265,8 +265,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -274,8 +274,8 @@ ADMX Info:
    - - + + This policy setting allows you to turn on or turn off Offer (Unsolicited) Remote Assistance on this computer. If you enable this policy setting, users on this computer can get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance. @@ -315,7 +315,7 @@ Port 135:TCP %WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe Allow Remote Desktop Exception - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -323,14 +323,14 @@ Allow Remote Desktop Exception > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Configure Offer Remote Assistance* - GP name: *RA_Unsolicit* - GP path: *System/Remote Assistance* - GP ADMX file name: *remoteassistance.admx* - +
    diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md index 782ca41f12..1ff2a93cea 100644 --- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md +++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md @@ -45,7 +45,7 @@ ms.date: 01/29/2018 **RemoteDesktopServices/AllowUsersToConnectRemotely** - + @@ -67,8 +67,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -76,8 +76,8 @@ ms.date: 01/29/2018
    - - + + This policy setting allows you to configure remote access to computers by using Remote Desktop Services. If you enable this policy setting, users who are members of the Remote Desktop Users group on the target computer can connect remotely to the target computer by using Remote Desktop Services. @@ -90,7 +90,7 @@ Note: You can limit which clients are able to connect remotely by using Remote D You can limit the number of users who can connect simultaneously by configuring the policy setting at Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Limit number of connections, or by configuring the policy setting Maximum Connections by using the Remote Desktop Session Host WMI Provider. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -98,14 +98,14 @@ You can limit the number of users who can connect simultaneously by configuring > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow users to connect remotely by using Remote Desktop Services* - GP name: *TS_DISABLE_CONNECTIONS* - GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Connections* - GP ADMX file name: *terminalserver.admx* - +
    @@ -113,7 +113,7 @@ ADMX Info: **RemoteDesktopServices/ClientConnectionEncryptionLevel** - + @@ -135,8 +135,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -144,8 +144,8 @@ ADMX Info:
    - - + + Specifies whether to require the use of a specific encryption level to secure communications between client computers and RD Session Host servers during Remote Desktop Protocol (RDP) connections. This policy only applies when you are using native RDP encryption. However, native RDP encryption (as opposed to SSL encryption) is not recommended. This policy does not apply to SSL encryption. If you enable this policy setting, all communications between clients and RD Session Host servers during remote connections must use the encryption method specified in this setting. By default, the encryption level is set to High. The following encryption methods are available: @@ -162,7 +162,7 @@ Important FIPS compliance can be configured through the System cryptography. Use FIPS compliant algorithms for encryption, hashing, and signing settings in Group Policy (under Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options.) The FIPS compliant setting encrypts and decrypts data sent from the client to the server and from the server to the client, with the Federal Information Processing Standard (FIPS) 140 encryption algorithms, by using Microsoft cryptographic modules. Use this encryption level when communications between clients and RD Session Host servers requires the highest level of encryption. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -170,14 +170,14 @@ FIPS compliance can be configured through the System cryptography. Use FIPS comp > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Set client connection encryption level* - GP name: *TS_ENCRYPTION_POLICY* - GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security* - GP ADMX file name: *terminalserver.admx* - +
    @@ -185,7 +185,7 @@ ADMX Info: **RemoteDesktopServices/DoNotAllowDriveRedirection** - + @@ -207,8 +207,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -216,8 +216,8 @@ ADMX Info:
    - - + + This policy setting specifies whether to prevent the mapping of client drives in a Remote Desktop Services session (drive redirection). By default, an RD Session Host server maps client drives automatically upon connection. Mapped drives appear in the session folder tree in File Explorer or Computer in the format on . You can use this policy setting to override this behavior. @@ -228,7 +228,7 @@ If you disable this policy setting, client drive redirection is always allowed. If you do not configure this policy setting, client drive redirection and Clipboard file copy redirection are not specified at the Group Policy level. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -236,14 +236,14 @@ If you do not configure this policy setting, client drive redirection and Clipbo > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Do not allow drive redirection* - GP name: *TS_CLIENT_DRIVE_M* - GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Device and Resource Redirection* - GP ADMX file name: *terminalserver.admx* - +
    @@ -251,7 +251,7 @@ ADMX Info: **RemoteDesktopServices/DoNotAllowPasswordSaving** - + @@ -273,8 +273,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -282,15 +282,15 @@ ADMX Info:
    - - + + Controls whether passwords can be saved on this computer from Remote Desktop Connection. If you enable this setting the password saving checkbox in Remote Desktop Connection will be disabled and users will no longer be able to save passwords. When a user opens an RDP file using Remote Desktop Connection and saves his settings, any password that previously existed in the RDP file will be deleted. If you disable this setting or leave it not configured, the user will be able to save passwords using Remote Desktop Connection. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -298,14 +298,14 @@ If you disable this setting or leave it not configured, the user will be able to > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Do not allow passwords to be saved* - GP name: *TS_CLIENT_DISABLE_PASSWORD_SAVING_2* - GP path: *Windows Components/Remote Desktop Services/Remote Desktop Connection Client* - GP ADMX file name: *terminalserver.admx* - +
    @@ -313,7 +313,7 @@ ADMX Info: **RemoteDesktopServices/PromptForPasswordUponConnection** - + @@ -335,8 +335,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -344,8 +344,8 @@ ADMX Info:
    - - + + This policy setting specifies whether Remote Desktop Services always prompts the client for a password upon connection. You can use this setting to enforce a password prompt for users logging on to Remote Desktop Services, even if they already provided the password in the Remote Desktop Connection client. @@ -358,7 +358,7 @@ If you disable this policy setting, users can always log on to Remote Desktop Se If you do not configure this policy setting, automatic logon is not specified at the Group Policy level. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -366,14 +366,14 @@ If you do not configure this policy setting, automatic logon is not specified at > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Always prompt for password upon connection* - GP name: *TS_PASSWORD* - GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security* - GP ADMX file name: *terminalserver.admx* - +
    @@ -381,7 +381,7 @@ ADMX Info: **RemoteDesktopServices/RequireSecureRPCCommunication** - + @@ -403,8 +403,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -412,8 +412,8 @@ ADMX Info:
    - - + + Specifies whether a Remote Desktop Session Host server requires secure RPC communication with all clients or allows unsecured communication. You can use this setting to strengthen the security of RPC communication with clients by allowing only authenticated and encrypted requests. @@ -426,7 +426,7 @@ If the status is set to Not Configured, unsecured communication is allowed. Note: The RPC interface is used for administering and configuring Remote Desktop Services. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -434,14 +434,14 @@ Note: The RPC interface is used for administering and configuring Remote Desktop > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Require secure RPC communication* - GP name: *TS_RPC_ENCRYPTION* - GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security* - GP ADMX file name: *terminalserver.admx* - +
    diff --git a/windows/client-management/mdm/policy-csp-remotemanagement.md b/windows/client-management/mdm/policy-csp-remotemanagement.md index 176cd59211..762edfe54e 100644 --- a/windows/client-management/mdm/policy-csp-remotemanagement.md +++ b/windows/client-management/mdm/policy-csp-remotemanagement.md @@ -72,7 +72,7 @@ ms.date: 01/29/2018 **RemoteManagement/AllowBasicAuthentication_Client** - + @@ -94,8 +94,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -103,10 +103,10 @@ ms.date: 01/29/2018
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -114,14 +114,14 @@ ms.date: 01/29/2018 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow Basic authentication* - GP name: *AllowBasic_2* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client* - GP ADMX file name: *WindowsRemoteManagement.admx* - +
    @@ -129,7 +129,7 @@ ADMX Info: **RemoteManagement/AllowBasicAuthentication_Service** - + @@ -151,8 +151,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -160,10 +160,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -171,14 +171,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow Basic authentication* - GP name: *AllowBasic_1* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* - GP ADMX file name: *WindowsRemoteManagement.admx* - +
    @@ -186,7 +186,7 @@ ADMX Info: **RemoteManagement/AllowCredSSPAuthenticationClient** - + @@ -208,8 +208,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -217,10 +217,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -228,14 +228,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow CredSSP authentication* - GP name: *AllowCredSSP_2* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client* - GP ADMX file name: *WindowsRemoteManagement.admx* - +
    @@ -243,7 +243,7 @@ ADMX Info: **RemoteManagement/AllowCredSSPAuthenticationService** - + @@ -265,8 +265,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -274,10 +274,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -285,14 +285,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow CredSSP authentication* - GP name: *AllowCredSSP_1* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* - GP ADMX file name: *WindowsRemoteManagement.admx* - +
    @@ -300,7 +300,7 @@ ADMX Info: **RemoteManagement/AllowRemoteServerManagement** - + @@ -322,8 +322,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -331,10 +331,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -342,14 +342,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow remote server management through WinRM* - GP name: *AllowAutoConfig* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* - GP ADMX file name: *WindowsRemoteManagement.admx* - +
    @@ -357,7 +357,7 @@ ADMX Info: **RemoteManagement/AllowUnencryptedTraffic_Client** - + @@ -379,8 +379,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -388,10 +388,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -399,14 +399,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow unencrypted traffic* - GP name: *AllowUnencrypted_2* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client* - GP ADMX file name: *WindowsRemoteManagement.admx* - +
    @@ -414,7 +414,7 @@ ADMX Info: **RemoteManagement/AllowUnencryptedTraffic_Service** - + @@ -436,8 +436,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -445,10 +445,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -456,14 +456,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow unencrypted traffic* - GP name: *AllowUnencrypted_1* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* - GP ADMX file name: *WindowsRemoteManagement.admx* - +
    @@ -471,7 +471,7 @@ ADMX Info: **RemoteManagement/DisallowDigestAuthentication** - + @@ -493,8 +493,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -502,10 +502,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -513,14 +513,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Disallow Digest authentication* - GP name: *DisallowDigest* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client* - GP ADMX file name: *WindowsRemoteManagement.admx* - +
    @@ -528,7 +528,7 @@ ADMX Info: **RemoteManagement/DisallowNegotiateAuthenticationClient** - + @@ -550,8 +550,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -559,10 +559,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -570,14 +570,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Disallow Negotiate authentication* - GP name: *DisallowNegotiate_2* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client* - GP ADMX file name: *WindowsRemoteManagement.admx* - +
    @@ -585,7 +585,7 @@ ADMX Info: **RemoteManagement/DisallowNegotiateAuthenticationService** - + @@ -607,8 +607,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -616,10 +616,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -627,14 +627,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Disallow Negotiate authentication* - GP name: *DisallowNegotiate_1* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* - GP ADMX file name: *WindowsRemoteManagement.admx* - +
    @@ -642,7 +642,7 @@ ADMX Info: **RemoteManagement/DisallowStoringOfRunAsCredentials** - + @@ -664,8 +664,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -673,10 +673,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -684,14 +684,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Disallow WinRM from storing RunAs credentials* - GP name: *DisableRunAs* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* - GP ADMX file name: *WindowsRemoteManagement.admx* - +
    @@ -699,7 +699,7 @@ ADMX Info: **RemoteManagement/SpecifyChannelBindingTokenHardeningLevel** - + @@ -721,8 +721,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -730,10 +730,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -741,14 +741,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Specify channel binding token hardening level* - GP name: *CBTHardeningLevel_1* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* - GP ADMX file name: *WindowsRemoteManagement.admx* - +
    @@ -756,7 +756,7 @@ ADMX Info: **RemoteManagement/TrustedHosts** - + @@ -778,8 +778,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -787,10 +787,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -798,14 +798,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Trusted Hosts* - GP name: *TrustedHosts* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client* - GP ADMX file name: *WindowsRemoteManagement.admx* - +
    @@ -813,7 +813,7 @@ ADMX Info: **RemoteManagement/TurnOnCompatibilityHTTPListener** - + @@ -835,8 +835,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -844,10 +844,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -855,14 +855,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn On Compatibility HTTP Listener* - GP name: *HttpCompatibilityListener* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* - GP ADMX file name: *WindowsRemoteManagement.admx* - +
    @@ -870,7 +870,7 @@ ADMX Info: **RemoteManagement/TurnOnCompatibilityHTTPSListener** - + @@ -892,8 +892,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -901,10 +901,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -912,14 +912,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn On Compatibility HTTPS Listener* - GP name: *HttpsCompatibilityListener* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* - GP ADMX file name: *WindowsRemoteManagement.admx* - +
    diff --git a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md index 7f7c9c2e4d..12189ebcb2 100644 --- a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md +++ b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md @@ -33,7 +33,7 @@ ms.date: 01/29/2018 **RemoteProcedureCall/RPCEndpointMapperClientAuthentication** - + @@ -55,8 +55,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -64,8 +64,8 @@ ms.date: 01/29/2018
    - - + + This policy setting controls whether RPC clients authenticate with the Endpoint Mapper Service when the call they are making contains authentication information. The Endpoint Mapper Service on computers running Windows NT4 (all service packs) cannot process authentication information supplied in this manner. If you disable this policy setting, RPC clients will not authenticate to the Endpoint Mapper Service, but they will be able to communicate with the Endpoint Mapper Service on Windows NT4 Server. @@ -76,7 +76,7 @@ If you do not configure this policy setting, it remains disabled. RPC clients w Note: This policy will not be applied until the system is rebooted. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -84,14 +84,14 @@ Note: This policy will not be applied until the system is rebooted. > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Enable RPC Endpoint Mapper Client Authentication* - GP name: *RpcEnableAuthEpResolution* - GP path: *System/Remote Procedure Call* - GP ADMX file name: *rpc.admx* - +
    @@ -99,7 +99,7 @@ ADMX Info: **RemoteProcedureCall/RestrictUnauthenticatedRPCClients** - + @@ -121,8 +121,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -130,8 +130,8 @@ ADMX Info:
    - - + + This policy setting controls how the RPC server runtime handles unauthenticated RPC clients connecting to RPC servers. This policy setting impacts all RPC applications. In a domain environment this policy setting should be used with caution as it can impact a wide range of functionality including group policy processing itself. Reverting a change to this policy setting can require manual intervention on each affected machine. This policy setting should never be applied to a domain controller. @@ -150,7 +150,7 @@ If you enable this policy setting, it directs the RPC server runtime to restrict Note: This policy setting will not be applied until the system is rebooted. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -158,14 +158,14 @@ Note: This policy setting will not be applied until the system is rebooted. > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Restrict Unauthenticated RPC clients* - GP name: *RpcRestrictRemoteClients* - GP path: *System/Remote Procedure Call* - GP ADMX file name: *rpc.admx* - +
    diff --git a/windows/client-management/mdm/policy-csp-remoteshell.md b/windows/client-management/mdm/policy-csp-remoteshell.md index 3a66eb8677..bb014aba29 100644 --- a/windows/client-management/mdm/policy-csp-remoteshell.md +++ b/windows/client-management/mdm/policy-csp-remoteshell.md @@ -48,7 +48,7 @@ ms.date: 01/29/2018 **RemoteShell/AllowRemoteShellAccess** - + @@ -70,8 +70,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -79,10 +79,10 @@ ms.date: 01/29/2018
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -90,14 +90,14 @@ ms.date: 01/29/2018 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow Remote Shell Access* - GP name: *AllowRemoteShellAccess* - GP path: *Windows Components/Windows Remote Shell* - GP ADMX file name: *WindowsRemoteShell.admx* - +
    @@ -105,7 +105,7 @@ ADMX Info: **RemoteShell/MaxConcurrentUsers** - + @@ -127,8 +127,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -136,10 +136,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -147,14 +147,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *MaxConcurrentUsers* - GP name: *MaxConcurrentUsers* - GP path: *Windows Components/Windows Remote Shell* - GP ADMX file name: *WindowsRemoteShell.admx* - +
    @@ -162,7 +162,7 @@ ADMX Info: **RemoteShell/SpecifyIdleTimeout** - + @@ -184,8 +184,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -193,10 +193,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -204,14 +204,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Specify idle Timeout* - GP name: *IdleTimeout* - GP path: *Windows Components/Windows Remote Shell* - GP ADMX file name: *WindowsRemoteShell.admx* - +
    @@ -219,7 +219,7 @@ ADMX Info: **RemoteShell/SpecifyMaxMemory** - + @@ -241,8 +241,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -250,10 +250,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -261,14 +261,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Specify maximum amount of memory in MB per Shell* - GP name: *MaxMemoryPerShellMB* - GP path: *Windows Components/Windows Remote Shell* - GP ADMX file name: *WindowsRemoteShell.admx* - +
    @@ -276,7 +276,7 @@ ADMX Info: **RemoteShell/SpecifyMaxProcesses** - + @@ -298,8 +298,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -307,10 +307,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -318,14 +318,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Specify maximum number of processes per Shell* - GP name: *MaxProcessesPerShell* - GP path: *Windows Components/Windows Remote Shell* - GP ADMX file name: *WindowsRemoteShell.admx* - +
    @@ -333,7 +333,7 @@ ADMX Info: **RemoteShell/SpecifyMaxRemoteShells** - + @@ -355,8 +355,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -364,10 +364,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -375,14 +375,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Specify maximum number of remote shells per user* - GP name: *MaxShellsPerUser* - GP path: *Windows Components/Windows Remote Shell* - GP ADMX file name: *WindowsRemoteShell.admx* - +
    @@ -390,7 +390,7 @@ ADMX Info: **RemoteShell/SpecifyShellTimeout** - + @@ -412,8 +412,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -421,10 +421,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -432,14 +432,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Specify Shell Timeout* - GP name: *ShellTimeOut* - GP path: *Windows Components/Windows Remote Shell* - GP ADMX file name: *WindowsRemoteShell.admx* - +
    diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md index d992a30b6e..8a9ea5fa7c 100644 --- a/windows/client-management/mdm/policy-csp-search.md +++ b/windows/client-management/mdm/policy-csp-search.md @@ -71,7 +71,7 @@ ms.date: 01/29/2018 **Search/AllowCloudSearch** - + @@ -93,8 +93,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -102,8 +102,8 @@ ms.date: 01/29/2018
    - - + + Added in Windows 10, version 1709. Allow search and Cortana to search cloud sources like OneDrive and SharePoint. This policy allows corporate administrators to control whether employees can turn off/on the search of these cloud sources. The default policy value is to allow employees access to the setting that controls search of cloud sources. The following list shows the supported values: @@ -111,7 +111,7 @@ The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. - +
    @@ -119,7 +119,7 @@ The following list shows the supported values: **Search/AllowCortanaInAAD** - + @@ -141,8 +141,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -150,11 +150,11 @@ The following list shows the supported values:
    - - + + Added in Windows 10, next major update. This specifies whether the Cortana consent page can appear in the Azure Active Directory (AAD) device out-of-box-experience (OOBE) flow. If this policy is left in its default state, Cortana will not be shown in the AAD OOBE flow. If you opt-in to this policy, then the Cortana consent page will appear in the AAD OOBE flow.. - + The following list shows the supported values: @@ -169,7 +169,7 @@ The following list shows the supported values: **Search/AllowIndexingEncryptedStoresOrItems** - + @@ -191,8 +191,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -200,8 +200,8 @@ The following list shows the supported values:
    - - + + Allows or disallows the indexing of items. This switch is for the Windows Search Indexer, which controls whether it will index items that are encrypted, such as the Windows Information Protection (WIP) protected files. When the policy is enabled, WIP protected items are indexed and the metadata about them are stored in an unencrypted location. The metadata includes things like file path and date modified. @@ -210,7 +210,7 @@ When the policy is disabled, the WIP protected items are not indexed and do not Most restricted value is 0. - + The following list shows the supported values: @@ -225,7 +225,7 @@ The following list shows the supported values: **Search/AllowSearchToUseLocation** - + @@ -247,8 +247,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -256,13 +256,13 @@ The following list shows the supported values:
    - - + + Specifies whether search can leverage location information. Most restricted value is 0. - + The following list shows the supported values: @@ -277,7 +277,7 @@ The following list shows the supported values: **Search/AllowStoringImagesFromVisionSearch** - + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -285,11 +285,11 @@ The following list shows the supported values:
    - - + + This policy has been deprecated. - +
    @@ -297,7 +297,7 @@ This policy has been deprecated. **Search/AllowUsingDiacritics** - + @@ -319,8 +319,8 @@ This policy has been deprecated.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -328,8 +328,8 @@ This policy has been deprecated.
    - - + + Allows the use of diacritics. The following list shows the supported values: @@ -339,7 +339,7 @@ The following list shows the supported values: Most restricted value is 0. - +
    @@ -347,7 +347,7 @@ Most restricted value is 0. **Search/AllowWindowsIndexer** - + @@ -369,8 +369,8 @@ Most restricted value is 0.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -378,11 +378,11 @@ Most restricted value is 0.
    - - + + Allow Windows indexer. Value type is integer. - +
    @@ -390,7 +390,7 @@ Allow Windows indexer. Value type is integer. **Search/AlwaysUseAutoLangDetection** - + @@ -412,8 +412,8 @@ Allow Windows indexer. Value type is integer.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -421,8 +421,8 @@ Allow Windows indexer. Value type is integer.
    - - + + Specifies whether to always use automatic language detection when indexing content and properties. The following list shows the supported values: @@ -432,7 +432,7 @@ The following list shows the supported values: Most restricted value is 0. - +
    @@ -440,7 +440,7 @@ Most restricted value is 0. **Search/DisableBackoff** - + @@ -462,8 +462,8 @@ Most restricted value is 0.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -471,8 +471,8 @@ Most restricted value is 0.
    - - + + If enabled, the search indexer backoff feature will be disabled. Indexing will continue at full speed even when system activity is high. If disabled, backoff logic will be used to throttle back indexing activity when system activity is high. Default is disabled. The following list shows the supported values: @@ -480,7 +480,7 @@ The following list shows the supported values: - 0 (default) – Disable. - 1 – Enable. - +
    @@ -488,7 +488,7 @@ The following list shows the supported values: **Search/DisableRemovableDriveIndexing** - + @@ -510,8 +510,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -519,8 +519,8 @@ The following list shows the supported values:
    - - + + This policy setting configures whether or not locations on removable drives can be added to libraries. If you enable this policy setting, locations on removable drives cannot be added to libraries. In addition, locations on removable drives cannot be indexed. @@ -532,7 +532,7 @@ The following list shows the supported values: - 0 (default) – Disable. - 1 – Enable. - +
    @@ -540,7 +540,7 @@ The following list shows the supported values: **Search/DoNotUseWebResults** - + @@ -562,8 +562,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -571,8 +571,8 @@ The following list shows the supported values:
    - - + + Added in Windows 10, next major update. Don't search the web or display web results in Search. This policy setting allows you to control whether or not Search can perform queries on the web, and if the web results are displayed in Search. @@ -580,7 +580,7 @@ If you enable this policy setting, queries won't be performed on the web and web If you disable this policy setting, queries will be performed on the web and web results will be displayed when a user performs a query in Search. - + The following list shows the supported values: @@ -595,7 +595,7 @@ The following list shows the supported values: **Search/PreventIndexingLowDiskSpaceMB** - + @@ -617,8 +617,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -626,8 +626,8 @@ The following list shows the supported values:
    - - + + Enabling this policy prevents indexing from continuing after less than the specified amount of hard drive space is left on the same drive as the index location. Select between 0 and 1. Enable this policy if computers in your environment have extremely limited hard drive space. @@ -639,7 +639,7 @@ The following list shows the supported values: - 0 – Disable. - 1 (default) – Enable. - +
    @@ -647,7 +647,7 @@ The following list shows the supported values: **Search/PreventRemoteQueries** - + @@ -669,8 +669,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -678,8 +678,8 @@ The following list shows the supported values:
    - - + + If enabled, clients will be unable to query this computer's index remotely. Thus, when they are browsing network shares that are stored on this computer, they will not search them using the index. If disabled, client search requests will use this computer's index.. The following list shows the supported values: @@ -687,7 +687,7 @@ The following list shows the supported values: - 0 – Disable. - 1 (default) – Enable. - +
    @@ -695,7 +695,7 @@ The following list shows the supported values: **Search/SafeSearchPermissions** - + @@ -717,8 +717,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -726,8 +726,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. @@ -741,7 +741,7 @@ The following list shows the supported values: Most restricted value is 0. - +
    diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md index 7da2bfbe1c..ac48498127 100644 --- a/windows/client-management/mdm/policy-csp-security.md +++ b/windows/client-management/mdm/policy-csp-security.md @@ -62,7 +62,7 @@ ms.date: 01/29/2018 **Security/AllowAddProvisioningPackage** - + @@ -84,8 +84,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -93,11 +93,11 @@ ms.date: 01/29/2018
    - - + + Specifies whether to allow the runtime configuration agent to install provisioning packages. - + The following list shows the supported values: @@ -112,7 +112,7 @@ The following list shows the supported values: **Security/AllowAutomaticDeviceEncryptionForAzureADJoinedDevices** - + @@ -134,8 +134,8 @@ The following list shows the supported values:
    Home
    - - + + > [!NOTE] > This policy has been deprecated in Windows 10, version 1607 @@ -152,7 +152,7 @@ The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. - +
    @@ -160,7 +160,7 @@ The following list shows the supported values: **Security/AllowManualRootCertificateInstallation** - + @@ -182,8 +182,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -191,8 +191,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. @@ -201,7 +201,7 @@ Specifies whether the user is allowed to manually install root and intermediate Most restricted value is 0. - + The following list shows the supported values: @@ -216,7 +216,7 @@ The following list shows the supported values: **Security/AllowRemoveProvisioningPackage** - + @@ -238,8 +238,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -247,11 +247,11 @@ The following list shows the supported values:
    - - + + Specifies whether to allow the runtime configuration agent to remove provisioning packages. - + The following list shows the supported values: @@ -266,7 +266,7 @@ The following list shows the supported values: **Security/AntiTheftMode** - + @@ -288,8 +288,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -297,15 +297,15 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.   Allows or disallow Anti Theft Mode on the device. - + The following list shows the supported values: @@ -320,7 +320,7 @@ The following list shows the supported values: **Security/ClearTPMIfNotReady** - + @@ -342,8 +342,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -351,14 +351,14 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. Added in Windows 10, version 1709. Admin access is required. The prompt will appear on first admin logon after a reboot when the TPM is in a non-ready state that can be remediated with a TPM Clear. The prompt will have a description of what clearing the TPM does and that it requires a reboot. The user can dismiss it, but it will appear on next admin logon after restart. - + The following list shows the supported values: @@ -373,7 +373,7 @@ The following list shows the supported values: **Security/ConfigureWindowsPasswords** - + @@ -395,8 +395,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -404,14 +404,14 @@ The following list shows the supported values:
    - - + + Added in Windows 10, next major update. Configures the use of passwords for Windows features. > [!Note] > This policy is only supported in Windows 10 S. - + The following list shows the supported values: @@ -427,7 +427,7 @@ The following list shows the supported values: **Security/PreventAutomaticDeviceEncryptionForAzureADJoinedDevices** - + @@ -449,8 +449,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -458,8 +458,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -473,7 +473,7 @@ The following list shows the supported values: - 0 (default) – Encryption enabled. - 1 – Encryption disabled. - +
    @@ -481,7 +481,7 @@ The following list shows the supported values: **Security/RequireDeviceEncryption** - + @@ -503,8 +503,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -512,8 +512,8 @@ The following list shows the supported values:
    - - + + Allows enterprise to turn on internal storage encryption. The following list shows the supported values: @@ -526,7 +526,7 @@ Most restricted value is 1. > [!IMPORTANT] > If encryption has been enabled, it cannot be turned off by using this policy. - +
    @@ -534,7 +534,7 @@ Most restricted value is 1. **Security/RequireProvisioningPackageSignature** - + @@ -556,8 +556,8 @@ Most restricted value is 1.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -565,8 +565,8 @@ Most restricted value is 1.
    - - + + Specifies whether provisioning packages must have a certificate signed by a device trusted authority. The following list shows the supported values: @@ -574,7 +574,7 @@ The following list shows the supported values: - 0 (default) – Not required. - 1 – Required. - +
    @@ -582,7 +582,7 @@ The following list shows the supported values: **Security/RequireRetrieveHealthCertificateOnBoot** - + @@ -604,8 +604,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -613,8 +613,8 @@ The following list shows the supported values:
    - - + + Specifies whether to retrieve and post TCG Boot logs, and get or cache an encrypted or signed Health Attestation Report from the Microsoft Health Attestation Service (HAS) when a device boots or reboots. The following list shows the supported values: @@ -633,7 +633,7 @@ Setting this policy to 1 (Required): Most restricted value is 1. - +
    diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md index b21b911cc1..f80b9cac01 100644 --- a/windows/client-management/mdm/policy-csp-settings.md +++ b/windows/client-management/mdm/policy-csp-settings.md @@ -71,7 +71,7 @@ ms.date: 01/29/2018 **Settings/AllowAutoPlay** - + @@ -93,8 +93,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -102,8 +102,8 @@ ms.date: 01/29/2018
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -113,7 +113,7 @@ Allows the user to change Auto Play settings. > [!NOTE] > Setting this policy to 0 (Not allowed) does not affect the autoplay dialog box that appears when a device is connected. - + The following list shows the supported values: @@ -128,7 +128,7 @@ The following list shows the supported values: **Settings/AllowDataSense** - + @@ -150,8 +150,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -159,11 +159,11 @@ The following list shows the supported values:
    - - + + Allows the user to change Data Sense settings. - + The following list shows the supported values: @@ -178,7 +178,7 @@ The following list shows the supported values: **Settings/AllowDateTime** - + @@ -200,8 +200,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -209,11 +209,11 @@ The following list shows the supported values:
    - - + + Allows the user to change date and time settings. - + The following list shows the supported values: @@ -228,7 +228,7 @@ The following list shows the supported values: **Settings/AllowEditDeviceName** - + @@ -250,8 +250,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -259,11 +259,11 @@ The following list shows the supported values:
    - - + + Allows editing of the device name. - + The following list shows the supported values: @@ -278,7 +278,7 @@ The following list shows the supported values: **Settings/AllowLanguage** - + @@ -300,8 +300,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -309,15 +309,15 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. Allows the user to change the language settings. - + The following list shows the supported values: @@ -332,7 +332,7 @@ The following list shows the supported values: **Settings/AllowOnlineTips** - + @@ -354,8 +354,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -363,13 +363,13 @@ The following list shows the supported values:
    - - + + Enables or disables the retrieval of online tips and help for the Settings app. If disabled, Settings will not contact Microsoft content services to retrieve tips and help content. - +
    @@ -377,7 +377,7 @@ If disabled, Settings will not contact Microsoft content services to retrieve ti **Settings/AllowPowerSleep** - + @@ -399,8 +399,8 @@ If disabled, Settings will not contact Microsoft content services to retrieve ti
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -408,15 +408,15 @@ If disabled, Settings will not contact Microsoft content services to retrieve ti
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. Allows the user to change power and sleep settings. - + The following list shows the supported values: @@ -431,7 +431,7 @@ The following list shows the supported values: **Settings/AllowRegion** - + @@ -453,8 +453,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -462,15 +462,15 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. Allows the user to change the region settings. - + The following list shows the supported values: @@ -485,7 +485,7 @@ The following list shows the supported values: **Settings/AllowSignInOptions** - + @@ -507,8 +507,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -516,15 +516,15 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. Allows the user to change sign-in options. - + The following list shows the supported values: @@ -539,7 +539,7 @@ The following list shows the supported values: **Settings/AllowVPN** - + @@ -561,8 +561,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -570,11 +570,11 @@ The following list shows the supported values:
    - - + + Allows the user to change VPN settings. - + The following list shows the supported values: @@ -589,7 +589,7 @@ The following list shows the supported values: **Settings/AllowWorkplace** - + @@ -611,8 +611,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -620,15 +620,15 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. Allows user to change workplace settings. - + The following list shows the supported values: @@ -643,7 +643,7 @@ The following list shows the supported values: **Settings/AllowYourAccount** - + @@ -665,8 +665,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -674,11 +674,11 @@ The following list shows the supported values:
    - - + + Allows user to change account settings. - + The following list shows the supported values: @@ -693,7 +693,7 @@ The following list shows the supported values: **Settings/ConfigureTaskbarCalendar** - + @@ -715,8 +715,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -724,8 +724,8 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. Allows IT Admins to configure the default setting for showing additional calendars (besides the default calendar for the locale) in the taskbar clock and calendar flyout. In this version of Windows 10, supported additional calendars are: Simplified or Traditional Chinese lunar calendar. Turning on one of these calendars will display Chinese lunar dates below the default calendar for the locale. Select "Don't show additional calendars" to prevent showing other calendars besides the default calendar for the locale. The following list shows the supported values: @@ -735,7 +735,7 @@ The following list shows the supported values: - 2 - Simplified Chinese (Lunar). - 3 - Traditional Chinese (Lunar). - +
    @@ -743,7 +743,7 @@ The following list shows the supported values: **Settings/PageVisibilityList** - + @@ -765,8 +765,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -774,8 +774,8 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. Allows IT Admins to either prevent specific pages in the System Settings app from being visible or accessible, or to do so for all pages except those specified. The mode will be specified by the policy string beginning with either the string "showonly:" or "hide:".  Pages are identified by a shortened version of their already published URIs, which is the URI minus the "ms-settings:" prefix. For example, if the URI for a settings page is "ms-settings:foo", the page identifier used in the policy will be just "foo". Multiple page identifiers are separated by semicolons. The following example illustrates a policy that would allow access only to the about and bluetooth pages, which have URI "ms-settings:about" and "ms-settings:bluetooth" respectively: @@ -808,7 +808,7 @@ To validate on Desktop, do the following: 2. Configure the policy with the following string: "hide:about". 3. Open System Settings again and verify that the About page is no longer accessible. - +
    diff --git a/windows/client-management/mdm/policy-csp-smartscreen.md b/windows/client-management/mdm/policy-csp-smartscreen.md index 4aeb3007f6..c487c7699c 100644 --- a/windows/client-management/mdm/policy-csp-smartscreen.md +++ b/windows/client-management/mdm/policy-csp-smartscreen.md @@ -36,7 +36,7 @@ ms.date: 01/29/2018 **SmartScreen/EnableAppInstallControl** - + @@ -58,8 +58,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -67,11 +67,11 @@ ms.date: 01/29/2018
    - - + + Added in Windows 10, version 1703. Allows IT Admins to control whether users are allowed to install apps from places other than the Store. - + The following list shows the supported values: @@ -86,7 +86,7 @@ The following list shows the supported values: **SmartScreen/EnableSmartScreenInShell** - + @@ -108,8 +108,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -117,11 +117,11 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. Allows IT Admins to configure SmartScreen for Windows. - + The following list shows the supported values: @@ -136,7 +136,7 @@ The following list shows the supported values: **SmartScreen/PreventOverrideForFilesInShell** - + @@ -158,8 +158,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -167,11 +167,11 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. Allows IT Admins to control whether users can can ignore SmartScreen warnings and run malicious files. - + The following list shows the supported values: diff --git a/windows/client-management/mdm/policy-csp-speech.md b/windows/client-management/mdm/policy-csp-speech.md index eb15267764..6da3005afa 100644 --- a/windows/client-management/mdm/policy-csp-speech.md +++ b/windows/client-management/mdm/policy-csp-speech.md @@ -30,7 +30,7 @@ ms.date: 01/29/2018 **Speech/AllowSpeechModelUpdate** - + @@ -52,8 +52,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -61,11 +61,11 @@ ms.date: 01/29/2018
    - - + + Added in Windows 10, version 1607. Specifies whether the device will receive updates to the speech recognition and speech synthesis models. A speech model contains data used by the speech engine to convert audio to text (or vice-versa). The models are periodically updated to improve accuracy and performance. Models are non-executable data files. If enabled, the device will periodically check for updated speech models and then download them from a Microsoft service using the Background Internet Transfer Service (BITS). - + The following list shows the supported values: diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md index 6dbef99ae1..af43f0bf48 100644 --- a/windows/client-management/mdm/policy-csp-start.md +++ b/windows/client-management/mdm/policy-csp-start.md @@ -114,7 +114,7 @@ ms.date: 01/29/2018 **Start/AllowPinnedFolderDocuments** - + @@ -136,8 +136,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -145,11 +145,11 @@ ms.date: 01/29/2018
    - - + + Added in Windows 10, version 1703. This policy controls the visibility of the Documents shortcut on the Start menu. - + The following list shows the supported values: @@ -165,7 +165,7 @@ The following list shows the supported values: **Start/AllowPinnedFolderDownloads** - + @@ -187,8 +187,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -196,11 +196,11 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. This policy controls the visibility of the Downloads shortcut on the Start menu. - + The following list shows the supported values: @@ -216,7 +216,7 @@ The following list shows the supported values: **Start/AllowPinnedFolderFileExplorer** - + @@ -238,8 +238,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -247,11 +247,11 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. This policy controls the visibility of the File Explorer shortcut on the Start menu. - + The following list shows the supported values: @@ -267,7 +267,7 @@ The following list shows the supported values: **Start/AllowPinnedFolderHomeGroup** - + @@ -289,8 +289,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -298,11 +298,11 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. This policy controls the visibility of the HomeGroup shortcut on the Start menu. - + The following list shows the supported values: @@ -318,7 +318,7 @@ The following list shows the supported values: **Start/AllowPinnedFolderMusic** - + @@ -340,8 +340,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -349,11 +349,11 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. This policy controls the visibility of the Music shortcut on the Start menu. - + The following list shows the supported values: @@ -369,7 +369,7 @@ The following list shows the supported values: **Start/AllowPinnedFolderNetwork** - + @@ -391,8 +391,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -400,11 +400,11 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. This policy controls the visibility of the Network shortcut on the Start menu. - + The following list shows the supported values: @@ -420,7 +420,7 @@ The following list shows the supported values: **Start/AllowPinnedFolderPersonalFolder** - + @@ -442,8 +442,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -451,11 +451,11 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. This policy controls the visibility of the PersonalFolder shortcut on the Start menu. - + The following list shows the supported values: @@ -471,7 +471,7 @@ The following list shows the supported values: **Start/AllowPinnedFolderPictures** - + @@ -493,8 +493,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -502,11 +502,11 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. This policy controls the visibility of the Pictures shortcut on the Start menu. - + The following list shows the supported values: @@ -522,7 +522,7 @@ The following list shows the supported values: **Start/AllowPinnedFolderSettings** - + @@ -544,8 +544,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -553,11 +553,11 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. This policy controls the visibility of the Settings shortcut on the Start menu. - + The following list shows the supported values: @@ -573,7 +573,7 @@ The following list shows the supported values: **Start/AllowPinnedFolderVideos** - + @@ -595,8 +595,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -604,11 +604,11 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. This policy controls the visibility of the Videos shortcut on the Start menu. - + The following list shows the supported values: @@ -624,7 +624,7 @@ The following list shows the supported values: **Start/ForceStartSize** - + @@ -646,8 +646,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -655,8 +655,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -671,7 +671,7 @@ The following list shows the supported values: If there is policy configuration conflict, the latest configuration request is applied to the device. - +
    @@ -679,7 +679,7 @@ If there is policy configuration conflict, the latest configuration request is a **Start/HideAppList** - + @@ -701,8 +701,8 @@ If there is policy configuration conflict, the latest configuration request is a
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -710,8 +710,8 @@ If there is policy configuration conflict, the latest configuration request is a
    - - + + > [!NOTE] > This policy requires reboot to take effect. @@ -734,7 +734,7 @@ To validate on Desktop, do the following: - 2b - If set to '2': Verify that the all apps list is collapsed, and that the Settings toggle is grayed out. - 2c - If set to '3': Verify that there is no way of opening the all apps list from Start, and that the Settings toggle is grayed out. - +
    @@ -742,7 +742,7 @@ To validate on Desktop, do the following: **Start/HideChangeAccountSettings** - + @@ -764,8 +764,8 @@ To validate on Desktop, do the following:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -773,8 +773,8 @@ To validate on Desktop, do the following:
    - - + + Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Change account settings" from appearing in the user tile. To validate on Desktop, do the following: @@ -782,7 +782,7 @@ To validate on Desktop, do the following: 1. Enable policy. 2. Open Start, click on the user tile, and verify that "Change account settings" is not available. - + The following list shows the supported values: @@ -797,7 +797,7 @@ The following list shows the supported values: **Start/HideFrequentlyUsedApps** - + @@ -819,8 +819,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -828,8 +828,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy requires reboot to take effect. @@ -844,7 +844,7 @@ To validate on Desktop, do the following: 5. Check that "Show most used apps" Settings toggle is grayed out. 6. Check that most used apps do not appear in Start. - + The following list shows the supported values: @@ -859,7 +859,7 @@ The following list shows the supported values: **Start/HideHibernate** - + @@ -881,8 +881,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -890,8 +890,8 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Hibernate" from appearing in the Power button. To validate on Laptop, do the following: @@ -902,7 +902,7 @@ To validate on Laptop, do the following: > [!NOTE] > This policy can only be verified on laptops as "Hibernate" does not appear on regular PC's. - + The following list shows the supported values: @@ -917,7 +917,7 @@ The following list shows the supported values: **Start/HideLock** - + @@ -939,8 +939,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -948,8 +948,8 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Lock" from appearing in the user tile. To validate on Desktop, do the following: @@ -957,7 +957,7 @@ To validate on Desktop, do the following: 1. Enable policy. 2. Open Start, click on the user tile, and verify "Lock" is not available. - + The following list shows the supported values: @@ -972,7 +972,7 @@ The following list shows the supported values: **Start/HidePeopleBar** - + @@ -994,8 +994,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1003,13 +1003,13 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1709. Enabling this policy removes the people icon from the taskbar as well as the corresponding settings toggle. It also prevents users from pinning people to the taskbar. Value type is integer. - +
    @@ -1017,7 +1017,7 @@ Value type is integer. **Start/HidePowerButton** - + @@ -1039,8 +1039,8 @@ Value type is integer.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1048,8 +1048,8 @@ Value type is integer.
    - - + + > [!NOTE] > This policy requires reboot to take effect. @@ -1060,7 +1060,7 @@ To validate on Desktop, do the following: 1. Enable policy. 2. Open Start, and verify the power button is not available. - + The following list shows the supported values: @@ -1075,7 +1075,7 @@ The following list shows the supported values: **Start/HideRecentJumplists** - + @@ -1097,8 +1097,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1106,8 +1106,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy requires reboot to take effect. @@ -1125,7 +1125,7 @@ To validate on Desktop, do the following: 8. Repeat Step 2. 9. Right Click pinned photos app and verify that there is no jumplist of recent items. - + The following list shows the supported values: @@ -1140,7 +1140,7 @@ The following list shows the supported values: **Start/HideRecentlyAddedApps** - + @@ -1162,8 +1162,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1171,8 +1171,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy requires reboot to take effect. @@ -1187,7 +1187,7 @@ To validate on Desktop, do the following: 5. Check that "Show recently added apps" Settings toggle is grayed out. 6. Check that recently added apps do not appear in Start. - + The following list shows the supported values: @@ -1202,7 +1202,7 @@ The following list shows the supported values: **Start/HideRestart** - + @@ -1224,8 +1224,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1233,8 +1233,8 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Restart" and "Update and restart" from appearing in the Power button. To validate on Desktop, do the following: @@ -1242,7 +1242,7 @@ To validate on Desktop, do the following: 1. Enable policy. 2. Open Start, click on the Power button, and verify "Restart" and "Update and restart" are not available. - + The following list shows the supported values: @@ -1257,7 +1257,7 @@ The following list shows the supported values: **Start/HideShutDown** - + @@ -1279,8 +1279,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1288,8 +1288,8 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Shut down" and "Update and shut down" from appearing in the Power button. To validate on Desktop, do the following: @@ -1297,7 +1297,7 @@ To validate on Desktop, do the following: 1. Enable policy. 2. Open Start, click on the Power button, and verify "Shut down" and "Update and shut down" are not available. - + The following list shows the supported values: @@ -1312,7 +1312,7 @@ The following list shows the supported values: **Start/HideSignOut** - + @@ -1334,8 +1334,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1343,8 +1343,8 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Sign out" from appearing in the user tile. To validate on Desktop, do the following: @@ -1352,7 +1352,7 @@ To validate on Desktop, do the following: 1. Enable policy. 2. Open Start, click on the user tile, and verify "Sign out" is not available. - + The following list shows the supported values: @@ -1367,7 +1367,7 @@ The following list shows the supported values: **Start/HideSleep** - + @@ -1389,8 +1389,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1398,8 +1398,8 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Sleep" from appearing in the Power button. To validate on Desktop, do the following: @@ -1407,7 +1407,7 @@ To validate on Desktop, do the following: 1. Enable policy. 2. Open Start, click on the Power button, and verify that "Sleep" is not available. - + The following list shows the supported values: @@ -1422,7 +1422,7 @@ The following list shows the supported values: **Start/HideSwitchAccount** - + @@ -1444,8 +1444,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1453,8 +1453,8 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Switch account" from appearing in the user tile. To validate on Desktop, do the following: @@ -1462,7 +1462,7 @@ To validate on Desktop, do the following: 1. Enable policy. 2. Open Start, click on the user tile, and verify that "Switch account" is not available. - + The following list shows the supported values: @@ -1477,7 +1477,7 @@ The following list shows the supported values: **Start/HideUserTile** - + @@ -1499,8 +1499,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1508,8 +1508,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy requires reboot to take effect. @@ -1521,7 +1521,7 @@ To validate on Desktop, do the following: 2. Log off. 3. Log in, and verify that the user tile is gone from Start. - + The following list shows the supported values: @@ -1536,7 +1536,7 @@ The following list shows the supported values: **Start/ImportEdgeAssets** - + @@ -1558,8 +1558,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1567,8 +1567,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy requires reboot to take effect. @@ -1586,7 +1586,7 @@ To validate on Desktop, do the following: 3. Sign out/in. 4. Verify that all Edge assets defined in XML show up in %LOCALAPPDATA%\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState path. - +
    @@ -1594,7 +1594,7 @@ To validate on Desktop, do the following: **Start/NoPinningToTaskbar** - + @@ -1616,8 +1616,8 @@ To validate on Desktop, do the following:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1625,8 +1625,8 @@ To validate on Desktop, do the following:
    - - + + Added in Windows 10, version 1703. Allows IT Admins to configure the taskbar by disabling pinning and unpinning apps on the taskbar. To validate on Desktop, do the following: @@ -1637,7 +1637,7 @@ To validate on Desktop, do the following: 4. Open Start and right click on one of the app list icons. 5. Verify that More->Pin to taskbar menu does not show. - + The following list shows the supported values: @@ -1652,7 +1652,7 @@ The following list shows the supported values: **Start/StartLayout** - + @@ -1674,8 +1674,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1684,8 +1684,8 @@ The following list shows the supported values:
    - - + + > [!IMPORTANT] > Added in Windows 10 version 1703: In addition to being able to set this node on a per user-basis, it can now also be set on a per-device basis. For more information, see [Policy scope](./policy-configuration-service-provider.md#policy-scope) @@ -1693,7 +1693,7 @@ Allows you to override the default Start layout and prevents the user from chang For further details on how to customize the Start layout, please see [Customize and export Start layout](https://docs.microsoft.com/en-us/windows/configuration/customize-and-export-start-layout) and [Configure Windows 10 taskbar](https://docs.microsoft.com/en-us/windows/configuration/configure-windows-10-taskbar). - +
    diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md index a14fd22cb2..f7c55ff050 100644 --- a/windows/client-management/mdm/policy-csp-storage.md +++ b/windows/client-management/mdm/policy-csp-storage.md @@ -33,7 +33,7 @@ ms.date: 01/29/2018 **Storage/AllowDiskHealthModelUpdates** - + @@ -55,8 +55,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -64,8 +64,8 @@ ms.date: 01/29/2018
    - - + + Added in Windows 10, version 1709. Allows disk health model updates. @@ -76,7 +76,7 @@ The following list shows the supported values: Value type is integer. - +
    @@ -84,7 +84,7 @@ Value type is integer. **Storage/EnhancedStorageDevices** - + @@ -106,8 +106,8 @@ Value type is integer.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -115,15 +115,15 @@ Value type is integer.
    - - + + This policy setting configures whether or not Windows will activate an Enhanced Storage device. If you enable this policy setting, Windows will not activate unactivated Enhanced Storage devices. If you disable or do not configure this policy setting, Windows will activate unactivated Enhanced Storage devices. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -131,14 +131,14 @@ If you disable or do not configure this policy setting, Windows will activate un > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Do not allow Windows to activate Enhanced Storage devices* - GP name: *TCGSecurityActivationDisabled* - GP path: *System/Enhanced Storage Access* - GP ADMX file name: *enhancedstorage.admx* - +
    diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index e9d50d3359..eb2ff5cb90 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -74,7 +74,7 @@ ms.date: 01/29/2018 **System/AllowBuildPreview** - + @@ -96,8 +96,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -105,8 +105,8 @@ ms.date: 01/29/2018
    - - + + > [!NOTE] > This policy setting applies only to devices running Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education, Windows 10 Mobile, and Windows 10 Mobile Enterprise. @@ -121,7 +121,7 @@ The following list shows the supported values: - 1 – Allowed. Users can make their devices available for downloading and installing preview software. - 2 (default) – Not configured. Users can make their devices available for downloading and installing preview software. - +
    @@ -129,7 +129,7 @@ The following list shows the supported values: **System/AllowEmbeddedMode** - + @@ -151,8 +151,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -160,13 +160,13 @@ The following list shows the supported values:
    - - + + Specifies whether set general purpose device to be in embedded mode. Most restricted value is 0. - + The following list shows the supported values: @@ -181,7 +181,7 @@ The following list shows the supported values: **System/AllowExperimentation** - + @@ -203,8 +203,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -212,8 +212,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is not supported in Windows 10, version 1607. @@ -227,7 +227,7 @@ The following list shows the supported values: Most restricted value is 0. - +
    @@ -235,7 +235,7 @@ Most restricted value is 0. **System/AllowFontProviders** - + @@ -257,8 +257,8 @@ Most restricted value is 0.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -266,8 +266,8 @@ Most restricted value is 0.
    - - + + Added in Windows 10, version 1703. Boolean policy setting that determines whether Windows is allowed to download fonts and font catalog data from an online font provider. If you enable this setting, Windows periodically queries an online font provider to determine whether a new font catalog is available. Windows may also download font data if needed to format or render text. If you disable this policy setting, Windows does not connect to an online font provider and only enumerates locally-installed fonts. This MDM setting corresponds to the EnableFontProviders Group Policy setting. If both the Group Policy and the MDM settings are configured, the group policy setting takes precedence. If neither is configured, the behavior depends on a DisableFontProviders registry value. In server editions, this registry value is set to 1 by default, so the default behavior is false (disabled). In all other editions, the registry value is not set by default, so the default behavior is true (enabled). @@ -277,7 +277,7 @@ This setting is used by lower-level components for text display and fond handlin > [!Note] > Reboot is required after setting the policy; alternatively you can stop and restart the FontCache service. - + The following list shows the supported values: @@ -298,7 +298,7 @@ To verify if System/AllowFontProviders is set to true: **System/AllowLocation** - + @@ -320,8 +320,8 @@ To verify if System/AllowFontProviders is set to true:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -329,8 +329,8 @@ To verify if System/AllowFontProviders is set to true:
    - - + + Specifies whether to allow app access to the Location service. The following list shows the supported values: @@ -347,7 +347,7 @@ When switching the policy back from 0 (Force Location Off) or 2 (Force Location For example, an app's original Location setting is Off. The administrator then sets the **AllowLocation** policy to 2 (Force Location On.) The Location service starts working for that app, overriding the original setting. Later, if the administrator switches the **AllowLocation** policy back to 1 (User Control), the app will revert to using its original setting of Off. - +
    @@ -355,7 +355,7 @@ For example, an app's original Location setting is Off. The administrator then s **System/AllowStorageCard** - + @@ -377,8 +377,8 @@ For example, an app's original Location setting is Off. The administrator then s
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -386,13 +386,13 @@ For example, an app's original Location setting is Off. The administrator then s
    - - + + Controls whether the user is allowed to use the storage card for device storage. This setting prevents programmatic access to the storage card. Most restricted value is 0. - + The following list shows the supported values: @@ -407,7 +407,7 @@ The following list shows the supported values: **System/AllowTelemetry** - + @@ -429,8 +429,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -439,8 +439,8 @@ The following list shows the supported values:
    - - + + Allow the device to send diagnostic and usage telemetry data, such as Watson. The following tables describe the supported values: @@ -518,7 +518,7 @@ Windows 10 Values: Most restricted value is 0. - +
    @@ -526,7 +526,7 @@ Most restricted value is 0. **System/AllowUserToResetPhone** - + @@ -548,8 +548,8 @@ Most restricted value is 0.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -557,13 +557,13 @@ Most restricted value is 0.
    - - + + Specifies whether to allow the user to factory reset the phone by using control panel and hardware key combination. Most restricted value is 0. - + The following list shows the supported values: orted values: @@ -579,7 +579,7 @@ orted values: **System/BootStartDriverInitialization** - + @@ -601,8 +601,8 @@ orted values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -610,11 +610,11 @@ orted values:
    - - + + N/A - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -622,12 +622,12 @@ N/A > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP name: *POL_DriverLoadPolicy_Name* - GP ADMX file name: *earlylauncham.admx* - +
    @@ -635,7 +635,7 @@ ADMX Info: **System/DisableEnterpriseAuthProxy** - + @@ -657,8 +657,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -666,11 +666,11 @@ ADMX Info:
    - - + + This policy setting blocks the Connected User Experience and Telemetry service from automatically using an authenticated proxy to send data back to Microsoft on Windows 10. If you disable or do not configure this policy setting, the Connected User Experience and Telemetry service will automatically use an authenticated proxy to send data back to Microsoft. Enabling this policy will block the Connected User Experience and Telemetry service from automatically using an authenticated proxy. - +
    @@ -678,7 +678,7 @@ This policy setting blocks the Connected User Experience and Telemetry service f **System/DisableOneDriveFileSync** - + @@ -700,8 +700,8 @@ This policy setting blocks the Connected User Experience and Telemetry service f
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -709,8 +709,8 @@ This policy setting blocks the Connected User Experience and Telemetry service f
    - - + + Added in Windows 10, version 1703. Allows IT Admins to prevent apps and features from working with files on OneDrive. If you enable this policy setting: * Users cannot access OneDrive from the OneDrive app or file picker. @@ -727,7 +727,7 @@ To validate on Desktop, do the following: 2. Restart machine. 3. Verify that OneDrive.exe is not running in Task Manager. - + The following list shows the supported values: @@ -742,7 +742,7 @@ The following list shows the supported values: **System/DisableSystemRestore** - + @@ -764,8 +764,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -773,8 +773,8 @@ The following list shows the supported values:
    - - + + Allows you to disable System Restore. This policy setting allows you to turn off System Restore. @@ -787,7 +787,7 @@ If you disable or do not configure this policy setting, users can perform System Also, see the "Turn off System Restore configuration" policy setting. If the "Turn off System Restore" policy setting is disabled or not configured, the "Turn off System Restore configuration" policy setting is used to determine whether the option to configure System Restore is available. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -795,14 +795,14 @@ Also, see the "Turn off System Restore configuration" policy setting. If the "Tu > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn off System Restore* - GP name: *SR_DisableSR* - GP path: *System/System Restore* - GP ADMX file name: *systemrestore.admx* - +
    @@ -810,7 +810,7 @@ ADMX Info: **System/FeedbackHubAlwaysSaveDiagnosticsLocally** - + @@ -832,8 +832,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -841,11 +841,11 @@ ADMX Info:
    - - + + Added in Windows 10, next major update. When filing feedback in the Feedback Hub, diagnostic logs are collected for certain types of feedback. We now offer the option for users to save it locally, in addition to sending it to Microsoft. This policy will allow enterprises to mandate that all diagnostics are saved locally for use in internal investigations. - + The following list shows the supported values: @@ -860,7 +860,7 @@ The following list shows the supported values: **System/LimitEnhancedDiagnosticDataWindowsAnalytics** - + @@ -882,8 +882,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -891,8 +891,8 @@ The following list shows the supported values:
    - - + + This policy setting, in combination with the System/AllowTelemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. @@ -908,7 +908,7 @@ Enabling enhanced diagnostic data in the System/AllowTelemetry policy in combina If you disable or do not configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy. - +
    @@ -916,7 +916,7 @@ If you disable or do not configure this policy setting, then the level of diagno **System/TelemetryProxy** - + @@ -938,8 +938,8 @@ If you disable or do not configure this policy setting, then the level of diagno
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -947,13 +947,13 @@ If you disable or do not configure this policy setting, then the level of diagno
    - - + + Allows you to specify the fully qualified domain name (FQDN) or IP address of a proxy server to forward Connected User Experiences and Telemetry requests. The format for this setting is *<server>:<port>*. The connection is made over a Secure Sockets Layer (SSL) connection. If the named proxy fails, or if there is no proxy specified when this policy is enabled, the Connected User Experiences and Telemetry data will not be transmitted and will remain on the local device. If you disable or do not configure this policy setting, Connected User Experiences and Telemetry will go to Microsoft using the default proxy configuration. - +
    diff --git a/windows/client-management/mdm/policy-csp-systemservices.md b/windows/client-management/mdm/policy-csp-systemservices.md index cdee24bf7c..121c82b0ca 100644 --- a/windows/client-management/mdm/policy-csp-systemservices.md +++ b/windows/client-management/mdm/policy-csp-systemservices.md @@ -47,7 +47,7 @@ ms.date: 01/29/2018 **SystemServices/ConfigureHomeGroupListenerServiceStartupMode** - + @@ -69,8 +69,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -78,11 +78,11 @@ ms.date: 01/29/2018
    - - + + Added in Windows 10, next major update. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual. - +
    @@ -90,7 +90,7 @@ Added in Windows 10, next major update. This setting determines whether the serv **SystemServices/ConfigureHomeGroupProviderServiceStartupMode** - + @@ -112,8 +112,8 @@ Added in Windows 10, next major update. This setting determines whether the serv
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -121,11 +121,11 @@ Added in Windows 10, next major update. This setting determines whether the serv
    - - + + Added in Windows 10, next major update. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual. - +
    @@ -133,7 +133,7 @@ Added in Windows 10, next major update. This setting determines whether the serv **SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode** - + @@ -155,8 +155,8 @@ Added in Windows 10, next major update. This setting determines whether the serv
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -164,11 +164,11 @@ Added in Windows 10, next major update. This setting determines whether the serv
    - - + + Added in Windows 10, next major update. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual. - +
    @@ -176,7 +176,7 @@ Added in Windows 10, next major update. This setting determines whether the serv **SystemServices/ConfigureXboxLiveAuthManagerServiceStartupMode** - + @@ -198,8 +198,8 @@ Added in Windows 10, next major update. This setting determines whether the serv
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -207,11 +207,11 @@ Added in Windows 10, next major update. This setting determines whether the serv
    - - + + Added in Windows 10, next major update. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual. - +
    @@ -219,7 +219,7 @@ Added in Windows 10, next major update. This setting determines whether the serv **SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode** - + @@ -241,8 +241,8 @@ Added in Windows 10, next major update. This setting determines whether the serv
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -250,11 +250,11 @@ Added in Windows 10, next major update. This setting determines whether the serv
    - - + + Added in Windows 10, next major update. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual. - +
    @@ -262,7 +262,7 @@ Added in Windows 10, next major update. This setting determines whether the serv **SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode** - + @@ -284,8 +284,8 @@ Added in Windows 10, next major update. This setting determines whether the serv
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -293,11 +293,11 @@ Added in Windows 10, next major update. This setting determines whether the serv
    - - + + Added in Windows 10, next major update. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual. - +
    diff --git a/windows/client-management/mdm/policy-csp-taskscheduler.md b/windows/client-management/mdm/policy-csp-taskscheduler.md index 71e1d6c905..9f01af6518 100644 --- a/windows/client-management/mdm/policy-csp-taskscheduler.md +++ b/windows/client-management/mdm/policy-csp-taskscheduler.md @@ -32,7 +32,7 @@ ms.date: 01/29/2018 **TaskScheduler/EnableXboxGameSaveTask** - + @@ -54,8 +54,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -63,11 +63,11 @@ ms.date: 01/29/2018
    - - + + Added in Windows 10, next major update. This setting determines whether the specific task is enabled (1) or disabled (0). Default: Enabled. - +
    diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md index d345d4add2..c9ef2af75d 100644 --- a/windows/client-management/mdm/policy-csp-textinput.md +++ b/windows/client-management/mdm/policy-csp-textinput.md @@ -71,7 +71,7 @@ ms.date: 01/29/2018 **TextInput/AllowIMELogging** - + @@ -93,8 +93,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -102,8 +102,8 @@ ms.date: 01/29/2018
    - - + + > [!NOTE] > The policy is only enforced in Windows 10 for desktop. @@ -112,7 +112,7 @@ Allows the user to turn on and off the logging for incorrect conversion and savi Most restricted value is 0. - + The following list shows the supported values: @@ -127,7 +127,7 @@ The following list shows the supported values: **TextInput/AllowIMENetworkAccess** - + @@ -149,8 +149,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -158,8 +158,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > The policy is only enforced in Windows 10 for desktop. @@ -168,7 +168,7 @@ Allows the user to turn on Open Extended Dictionary, Internet search integration Most restricted value is 0. - + The following list shows the supported values: @@ -183,7 +183,7 @@ The following list shows the supported values: **TextInput/AllowInputPanel** - + @@ -205,8 +205,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -214,8 +214,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > The policy is only enforced in Windows 10 for desktop. @@ -224,7 +224,7 @@ Allows the IT admin to disable the touch/handwriting keyboard on Windows. Most restricted value is 0. - + The following list shows the supported values: @@ -239,7 +239,7 @@ The following list shows the supported values: **TextInput/AllowJapaneseIMESurrogatePairCharacters** - + @@ -261,8 +261,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -270,8 +270,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > The policy is only enforced in Windows 10 for desktop. @@ -285,7 +285,7 @@ The following list shows the supported values: Most restricted value is 0. - +
    @@ -293,7 +293,7 @@ Most restricted value is 0. **TextInput/AllowJapaneseIVSCharacters** - + @@ -315,8 +315,8 @@ Most restricted value is 0.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -324,8 +324,8 @@ Most restricted value is 0.
    - - + + > [!NOTE] > The policy is only enforced in Windows 10 for desktop. @@ -334,7 +334,7 @@ Allows Japanese Ideographic Variation Sequence (IVS) characters. Most restricted value is 0. - + The following list shows the supported values: @@ -349,7 +349,7 @@ The following list shows the supported values: **TextInput/AllowJapaneseNonPublishingStandardGlyph** - + @@ -371,8 +371,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -380,8 +380,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > The policy is only enforced in Windows 10 for desktop. @@ -390,7 +390,7 @@ Allows the Japanese non-publishing standard glyph. Most restricted value is 0. - + The following list shows the supported values: @@ -405,7 +405,7 @@ The following list shows the supported values: **TextInput/AllowJapaneseUserDictionary** - + @@ -427,8 +427,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -436,8 +436,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > The policy is only enforced in Windows 10 for desktop. @@ -446,7 +446,7 @@ Allows the Japanese user dictionary. Most restricted value is 0. - + The following list shows the supported values: @@ -461,7 +461,7 @@ The following list shows the supported values: **TextInput/AllowKeyboardTextSuggestions** - + @@ -483,8 +483,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -492,8 +492,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > The policy is only enforced in Windows 10 for desktop. @@ -507,7 +507,7 @@ To validate that text prediction is disabled on Windows 10 for desktop, do the f 2. Launch the input panel/touch keyboard by touching a text input field or launching it from the taskbar. Verify that text prediction is disabled by typing some text. Text prediction on the keyboard will be disabled even if the “Show text suggestions as I type” setting is enabled in the Settings app. 3. Launch the handwriting tool from the touch keyboard. Verify that text prediction is disabled when you write using the tool. - + The following list shows the supported values: @@ -522,10 +522,10 @@ The following list shows the supported values: **TextInput/AllowKoreanExtendedHanja** - + This policy has been deprecated. - +
    @@ -533,7 +533,7 @@ This policy has been deprecated. **TextInput/AllowLanguageFeaturesUninstall** - + @@ -555,8 +555,8 @@ This policy has been deprecated.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -564,8 +564,8 @@ This policy has been deprecated.
    - - + + > [!NOTE] > The policy is only enforced in Windows 10 for desktop. @@ -574,7 +574,7 @@ Allows the uninstall of language features, such as spell checkers, on a device. Most restricted value is 0. - + The following list shows the supported values: @@ -589,7 +589,7 @@ The following list shows the supported values: **TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode** - + @@ -611,8 +611,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -620,8 +620,8 @@ The following list shows the supported values:
    - - + + Added in Windows 10, next major update. This policy allows the IT admin to enable the touch keyboard to automatically show up when the device is in the desktop mode. The touch keyboard is enabled in both the tablet and desktop mode. In the tablet mode, when you touch a textbox, the touch keyboard automatically shows up. @@ -630,7 +630,7 @@ When this policy is enabled, the touch keyboard automatically shows up when the This policy corresponds to "Show the touch keyboard when not in tablet mode and there's no keyboard attached" in the Settings app. - + The following list shows the supported values: @@ -645,7 +645,7 @@ The following list shows the supported values: **TextInput/ExcludeJapaneseIMEExceptJIS0208** - + @@ -667,8 +667,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -676,8 +676,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > The policy is only enforced in Windows 10 for desktop. @@ -689,7 +689,7 @@ The following list shows the supported values: - 0 (default) – No characters are filtered. - 1 – All characters except JIS0208 are filtered. - +
    @@ -697,7 +697,7 @@ The following list shows the supported values: **TextInput/ExcludeJapaneseIMEExceptJIS0208andEUDC** - + @@ -719,8 +719,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -728,8 +728,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > The policy is only enforced in Windows 10 for desktop. @@ -741,7 +741,7 @@ The following list shows the supported values: - 0 (default) – No characters are filtered. - 1 – All characters except JIS0208 and EUDC are filtered. - +
    @@ -749,7 +749,7 @@ The following list shows the supported values: **TextInput/ExcludeJapaneseIMEExceptShiftJIS** - + @@ -771,8 +771,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -780,8 +780,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > The policy is only enforced in Windows 10 for desktop. @@ -793,7 +793,7 @@ The following list shows the supported values: - 0 (default) – No characters are filtered. - 1 – All characters except ShiftJIS are filtered. - +
    diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md index fedf2c5380..ae92f571db 100644 --- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md +++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md @@ -30,7 +30,7 @@ ms.date: 01/29/2018 **TimeLanguageSettings/AllowSet24HourClock** - + @@ -52,8 +52,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -61,11 +61,11 @@ ms.date: 01/29/2018
    - - + + Allows for the configuration of the default clock setting to be the 24 hour format. Selecting 'Set 24 hour Clock' enables this setting. Selecting 'Locale default setting' uses the default clock as prescribed by the current locale setting. - + The following list shows the supported values: diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index 66e08b3185..2b7ed79caf 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -173,7 +173,7 @@ ms.date: 01/29/2018 **Update/ActiveHoursEnd** - + @@ -195,8 +195,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -204,8 +204,8 @@ ms.date: 01/29/2018
    - - + + Added in Windows 10, version 1607. Allows the IT admin (when used with **Update/ActiveHoursStart**) to manage a range of active hours where update reboots are not scheduled. This value sets the end time. There is a 12 hour maximum from start time. > [!NOTE] @@ -215,7 +215,7 @@ Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, etc. The default is 17 (5 PM). - +
    @@ -223,7 +223,7 @@ The default is 17 (5 PM). **Update/ActiveHoursMaxRange** - + @@ -245,8 +245,8 @@ The default is 17 (5 PM).
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -254,15 +254,15 @@ The default is 17 (5 PM).
    - - + + Added in Windows 10, version 1703. Allows the IT admin to specify the max active hours range. This value sets max number of active hours from start time. Supported values are 8-18. The default value is 18 (hours). - +
    @@ -270,7 +270,7 @@ The default value is 18 (hours). **Update/ActiveHoursStart** - + @@ -292,8 +292,8 @@ The default value is 18 (hours).
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -301,8 +301,8 @@ The default value is 18 (hours).
    - - + + Added in Windows 10, version 1607. Allows the IT admin (when used with **Update/ActiveHoursEnd**) to manage a range of hours where update reboots are not scheduled. This value sets the start time. There is a 12 hour maximum from end time. > [!NOTE] @@ -312,7 +312,7 @@ Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, etc. The default value is 8 (8 AM). - +
    @@ -320,7 +320,7 @@ The default value is 8 (8 AM). **Update/AllowAutoUpdate** - + @@ -342,8 +342,8 @@ The default value is 8 (8 AM).
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -351,8 +351,8 @@ The default value is 8 (8 AM).
    - - + + Enables the IT admin to manage automatic update behavior to scan, download, and install updates. Supported operations are Get and Replace. @@ -372,7 +372,7 @@ The following list shows the supported values: If the policy is not configured, end-users get the default behavior (Auto install and restart). - +
    @@ -380,7 +380,7 @@ If the policy is not configured, end-users get the default behavior (Auto instal **Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork** - + @@ -402,8 +402,8 @@ If the policy is not configured, end-users get the default behavior (Auto instal
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -411,15 +411,15 @@ If the policy is not configured, end-users get the default behavior (Auto instal
    - - + + Added in Windows 10, version 1709. Option to download updates automatically over metered connections (off by default). Value type is integer. A significant number of devices primarily use cellular data and do not have Wi-Fi access, which leads to a lower number of devices getting updates. Since a large number of devices have large data plans or unlimited data, this policy can unblock devices from getting updates. This policy is accessible through the Update setting in the user interface or Group Policy. - + The following list shows the supported values: @@ -434,7 +434,7 @@ The following list shows the supported values: **Update/AllowMUUpdateService** - + @@ -456,8 +456,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -465,8 +465,8 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1607. Allows the IT admin to manage whether to scan for app updates from Microsoft Update. The following list shows the supported values: @@ -474,7 +474,7 @@ The following list shows the supported values: - 0 – Not allowed or not configured. - 1 – Allowed. Accepts updates received through Microsoft Update. - +
    @@ -482,7 +482,7 @@ The following list shows the supported values: **Update/AllowNonMicrosoftSignedUpdate** - + @@ -504,8 +504,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -513,15 +513,15 @@ The following list shows the supported values:
    - - + + Allows the IT admin to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. This policy supports using WSUS for 3rd party software and patch distribution. Supported operations are Get and Replace. This policy is specific to desktop and local publishing via WSUS for 3rd party updates (binaries and updates not hosted on Microsoft Update) and allows IT to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found on an intranet Microsoft update service location. - + The following list shows the supported values: @@ -536,7 +536,7 @@ The following list shows the supported values: **Update/AllowUpdateService** - + @@ -558,8 +558,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -567,8 +567,8 @@ The following list shows the supported values:
    - - + + Specifies whether the device could use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store. Even when Windows Update is configured to receive updates from an intranet update service, it will periodically retrieve information from the public Windows Update service to enable future connections to Windows Update, and other services like Microsoft Update or the Microsoft Store @@ -578,7 +578,7 @@ Enabling this policy will disable that functionality, and may cause connection t > [!NOTE] > This policy applies only when the desktop or device is configured to connect to an intranet update service using the "Specify intranet Microsoft update service location" policy. - + The following list shows the supported values: @@ -593,7 +593,7 @@ The following list shows the supported values: **Update/AutoRestartDeadlinePeriodInDays** - + @@ -615,8 +615,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -624,15 +624,15 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. This policy defines the deadline in days after which a reboot for updates will become mandatory. Supported values are 2-30 days. The default value is 7 days. - +
    @@ -640,7 +640,7 @@ The default value is 7 days. **Update/AutoRestartNotificationSchedule** - + @@ -662,8 +662,8 @@ The default value is 7 days.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -671,13 +671,13 @@ The default value is 7 days.
    - - + + Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart reminder notifications. The default value is 15 (minutes). - + Supported values are 15, 30, 60, 120, and 240 (minutes). @@ -689,7 +689,7 @@ Supported values are 15, 30, 60, 120, and 240 (minutes). **Update/AutoRestartRequiredNotificationDismissal** - + @@ -711,8 +711,8 @@ Supported values are 15, 30, 60, 120, and 240 (minutes).
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -720,8 +720,8 @@ Supported values are 15, 30, 60, 120, and 240 (minutes).
    - - + + Added in Windows 10, version 1703. Allows the IT Admin to specify the method by which the auto-restart required notification is dismissed. The following list shows the supported values: @@ -729,7 +729,7 @@ The following list shows the supported values: - 1 (default) – Auto Dismissal. - 2 – User Dismissal. - +
    @@ -737,7 +737,7 @@ The following list shows the supported values: **Update/BranchReadinessLevel** - + @@ -759,8 +759,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -768,11 +768,11 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1607. Allows the IT admin to set which branch a device receives their updates from. - + The following list shows the supported values: @@ -790,7 +790,7 @@ The following list shows the supported values: **Update/ConfigureFeatureUpdateUninstallPeriod** - + @@ -812,11 +812,11 @@ The following list shows the supported values:
    Home
    - - + + Added in Windows 10, next major update. Enable IT admin to configure feature update uninstall period. Values range 2 - 60 days. Default is 10 days. - +
    @@ -824,7 +824,7 @@ Added in Windows 10, next major update. Enable IT admin to configure feature up **Update/DeferFeatureUpdatesPeriodInDays** - + @@ -846,8 +846,8 @@ Added in Windows 10, next major update. Enable IT admin to configure feature up
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -855,8 +855,8 @@ Added in Windows 10, next major update. Enable IT admin to configure feature up
    - - + + Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect. Added in Windows 10, version 1607. Defers Feature Updates for the specified number of days. @@ -866,7 +866,7 @@ Supported values are 0-365 days. > [!IMPORTANT] > The default maximum number of days to defer an update has been increased from 180 (Windows 10, version 1607) to 365 in Windows 10, version 1703. - +
    @@ -874,7 +874,7 @@ Supported values are 0-365 days. **Update/DeferQualityUpdatesPeriodInDays** - + @@ -896,8 +896,8 @@ Supported values are 0-365 days.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -905,13 +905,13 @@ Supported values are 0-365 days.
    - - + + Added in Windows 10, version 1607. Defers Quality Updates for the specified number of days. Supported values are 0-30. - +
    @@ -919,7 +919,7 @@ Supported values are 0-30. **Update/DeferUpdatePeriod** - + @@ -941,8 +941,8 @@ Supported values are 0-30.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -950,8 +950,8 @@ Supported values are 0-30.
    - - + + > [!NOTE] > Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use DeferUpdatePeriod for Windows 10, version 1511 devices. @@ -1047,7 +1047,7 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego --> - +
    @@ -1055,7 +1055,7 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego **Update/DeferUpgradePeriod** - + @@ -1077,8 +1077,8 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1086,8 +1086,8 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
    - - + + > [!NOTE] > Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect. > @@ -1102,7 +1102,7 @@ If the "Specify intranet Microsoft update service location" policy is enabled, t If the "Allow Telemetry" policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. - +
    @@ -1110,7 +1110,7 @@ If the "Allow Telemetry" policy is enabled and the Options value is set to 0, th **Update/DetectionFrequency** - + @@ -1132,8 +1132,8 @@ If the "Allow Telemetry" policy is enabled and the Options value is set to 0, th
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1141,11 +1141,11 @@ If the "Allow Telemetry" policy is enabled and the Options value is set to 0, th
    - - + + Added in Windows 10, version 1703. Specifies the scan frequency from every 1 - 22 hours. Default is 22 hours. - +
    @@ -1153,7 +1153,7 @@ Added in Windows 10, version 1703. Specifies the scan frequency from every 1 - 2 **Update/DisableDualScan** - + @@ -1175,8 +1175,8 @@ Added in Windows 10, version 1703. Specifies the scan frequency from every 1 - 2
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1184,8 +1184,8 @@ Added in Windows 10, version 1703. Specifies the scan frequency from every 1 - 2
    - - + + Added in Windows 10, version 1709, but was added to 1607 and 1703 service releases. Do not allow update deferral policies to cause scans against Windows Update. If this policy is not enabled, then configuring deferral policies will result in the client unexpectedly scanning Windows update. With the policy enabled, those scans are prevented, and users can configure deferral policies as much as they like. For more information about dual scan, see [Demystifying "Dual Scan"](https://blogs.technet.microsoft.com/wsus/2017/05/05/demystifying-dual-scan/) and [Improving Dual Scan on 1607](https://blogs.technet.microsoft.com/wsus/2017/08/04/improving-dual-scan-on-1607/). @@ -1194,7 +1194,7 @@ This is the same as the Group Policy in Windows Components > Window Update "Do n Value type is integer. Supported operations are Add, Get, Replace, and Delete. - + The following list shows the supported values: @@ -1209,7 +1209,7 @@ The following list shows the supported values: **Update/EngagedRestartDeadline** - + @@ -1231,8 +1231,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1240,15 +1240,15 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. Allows the IT Admin to specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to be automatically executed within the specified period. If no deadline is specified or deadline is set to 0, the restart will not be automatically executed and will remain Engaged restart (pending user scheduling). Supported values are 2-30 days. The default value is 0 days (not specified). - +
    @@ -1256,7 +1256,7 @@ The default value is 0 days (not specified). **Update/EngagedRestartSnoozeSchedule** - + @@ -1278,8 +1278,8 @@ The default value is 0 days (not specified).
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1287,15 +1287,15 @@ The default value is 0 days (not specified).
    - - + + Added in Windows 10, version 1703. Allows the IT Admin to control the number of days a user can snooze Engaged restart reminder notifications. Supported values are 1-3 days. The default value is 3 days. - +
    @@ -1303,7 +1303,7 @@ The default value is 3 days. **Update/EngagedRestartTransitionSchedule** - + @@ -1325,8 +1325,8 @@ The default value is 3 days.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1334,15 +1334,15 @@ The default value is 3 days.
    - - + + Added in Windows 10, version 1703. Allows the IT Admin to control the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. The period can be set between 2 and 30 days from the time the restart becomes pending. Supported values are 2-30 days. The default value is 7 days. - +
    @@ -1350,7 +1350,7 @@ The default value is 7 days. **Update/ExcludeWUDriversInQualityUpdate** - + @@ -1372,8 +1372,8 @@ The default value is 7 days.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1381,8 +1381,8 @@ The default value is 7 days.
    - - + + > [!NOTE] > Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect. @@ -1393,7 +1393,7 @@ The following list shows the supported values: - 0 (default) – Allow Windows Update drivers. - 1 – Exclude Windows Update drivers. - +
    @@ -1401,7 +1401,7 @@ The following list shows the supported values: **Update/FillEmptyContentUrls** - + @@ -1423,8 +1423,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1432,8 +1432,8 @@ The following list shows the supported values:
    - - + + Added in the April service release of Windows 10, version 1607. Allows Windows Update Agent to determine the download URL when it is missing from the metadata. This scenario will occur when intranet update service stores the metadata files but the download contents are stored in the ISV file cache (specified as the alternate download URL). > [!NOTE] @@ -1444,7 +1444,7 @@ The following list shows the supported values: - 0 (default) – Disabled. - 1 – Enabled. - +
    @@ -1452,7 +1452,7 @@ The following list shows the supported values: **Update/IgnoreMOAppDownloadLimit** - + @@ -1474,8 +1474,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1483,14 +1483,14 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for apps and their updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies. > [!WARNING] > Setting this policy might cause devices to incur costs from MO operators. - + The following list shows the supported values: @@ -1517,7 +1517,7 @@ To validate this policy: **Update/IgnoreMOUpdateDownloadLimit** - + @@ -1539,8 +1539,8 @@ To validate this policy:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1548,8 +1548,8 @@ To validate this policy:
    - - + + Added in Windows 10, version 1703. Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for OS updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies. > [!WARNING] @@ -1564,7 +1564,7 @@ To validate this policy: 3. Verify that any downloads that are above the download size limit will complete without being paused. - + The following list shows the supported values: @@ -1579,7 +1579,7 @@ The following list shows the supported values: **Update/ManagePreviewBuilds** - + @@ -1601,8 +1601,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1610,8 +1610,8 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1709. Used to manage Windows 10 Insider Preview builds. Value type is integer. The following list shows the supported values: @@ -1620,7 +1620,7 @@ The following list shows the supported values: - 1 - Disable Preview builds once the next release is public - 2 - Enable Preview builds - +
    @@ -1628,7 +1628,7 @@ The following list shows the supported values: **Update/PauseDeferrals** - + @@ -1650,8 +1650,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1659,8 +1659,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use PauseDeferrals for Windows 10, version 1511 devices. @@ -1676,7 +1676,7 @@ If the "Specify intranet Microsoft update service location" policy is enabled, t If the "Allow Telemetry" policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. - +
    @@ -1684,7 +1684,7 @@ If the "Allow Telemetry" policy is enabled and the Options value is set to 0, th **Update/PauseFeatureUpdates** - + @@ -1706,8 +1706,8 @@ If the "Allow Telemetry" policy is enabled and the Options value is set to 0, th
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1715,8 +1715,8 @@ If the "Allow Telemetry" policy is enabled and the Options value is set to 0, th
    - - + + Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect. @@ -1727,7 +1727,7 @@ The following list shows the supported values: - 0 (default) – Feature Updates are not paused. - 1 – Feature Updates are paused for 60 days or until value set to back to 0, whichever is sooner. - +
    @@ -1735,7 +1735,7 @@ The following list shows the supported values: **Update/PauseFeatureUpdatesStartTime** - + @@ -1757,8 +1757,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1766,13 +1766,13 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. Specifies the date and time when the IT admin wants to start pausing the Feature Updates. Value type is string. Supported operations are Add, Get, Delete, and Replace. - +
    @@ -1780,7 +1780,7 @@ Value type is string. Supported operations are Add, Get, Delete, and Replace. **Update/PauseQualityUpdates** - + @@ -1802,8 +1802,8 @@ Value type is string. Supported operations are Add, Get, Delete, and Replace.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1811,8 +1811,8 @@ Value type is string. Supported operations are Add, Get, Delete, and Replace.
    - - + + Added in Windows 10, version 1607. Allows IT Admins to pause Quality Updates. The following list shows the supported values: @@ -1820,7 +1820,7 @@ The following list shows the supported values: - 0 (default) – Quality Updates are not paused. - 1 – Quality Updates are paused for 35 days or until value set back to 0, whichever is sooner. - +
    @@ -1828,7 +1828,7 @@ The following list shows the supported values: **Update/PauseQualityUpdatesStartTime** - + @@ -1850,8 +1850,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1859,13 +1859,13 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. Specifies the date and time when the IT admin wants to start pausing the Quality Updates. Value type is string. Supported operations are Add, Get, Delete, and Replace. - +
    @@ -1873,10 +1873,10 @@ Value type is string. Supported operations are Add, Get, Delete, and Replace. **Update/PhoneUpdateRestrictions** - + This policy is deprecated. Use [Update/RequireUpdateApproval](#update-requireupdateapproval) instead. - +
    @@ -1884,7 +1884,7 @@ This policy is deprecated. Use [Update/RequireUpdateApproval](#update-requireupd **Update/RequireDeferUpgrade** - + @@ -1906,8 +1906,8 @@ This policy is deprecated. Use [Update/RequireUpdateApproval](#update-requireupd
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1915,8 +1915,8 @@ This policy is deprecated. Use [Update/RequireUpdateApproval](#update-requireupd
    - - + + > [!NOTE] > Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use RequireDeferUpgrade for Windows 10, version 1511 devices. @@ -1928,7 +1928,7 @@ The following list shows the supported values: - 0 (default) – User gets upgrades from Semi-Annual Channel (Targeted). - 1 – User gets upgrades from Semi-Annual Channel. - +
    @@ -1936,7 +1936,7 @@ The following list shows the supported values: **Update/RequireUpdateApproval** - + @@ -1958,8 +1958,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1967,8 +1967,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > If you previously used the **Update/PhoneUpdateRestrictions** policy in previous versions of Windows, it has been deprecated. Please use this policy instead. @@ -1982,7 +1982,7 @@ The following list shows the supported values: - 0 – Not configured. The device installs all applicable updates. - 1 – The device only installs updates that are both applicable and on the Approved Updates list. Set this policy to 1 if IT wants to control the deployment of updates on devices, such as when testing is required prior to deployment. - +
    @@ -1990,7 +1990,7 @@ The following list shows the supported values: **Update/ScheduleImminentRestartWarning** - + @@ -2012,8 +2012,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2021,13 +2021,13 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart imminent warning notifications. The default value is 15 (minutes). - + Supported values are 15, 30, or 60 (minutes). @@ -2039,7 +2039,7 @@ Supported values are 15, 30, or 60 (minutes). **Update/ScheduleRestartWarning** - + @@ -2061,8 +2061,8 @@ Supported values are 15, 30, or 60 (minutes).
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2070,8 +2070,8 @@ Supported values are 15, 30, or 60 (minutes).
    - - + + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -2080,7 +2080,7 @@ Added in Windows 10, version 1703. Allows the IT Admin to specify the period fo The default value is 4 (hours). - + Supported values are 2, 4, 8, 12, or 24 (hours). @@ -2092,7 +2092,7 @@ Supported values are 2, 4, 8, 12, or 24 (hours). **Update/ScheduledInstallDay** - + @@ -2114,8 +2114,8 @@ Supported values are 2, 4, 8, 12, or 24 (hours).
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2123,8 +2123,8 @@ Supported values are 2, 4, 8, 12, or 24 (hours).
    - - + + Enables the IT admin to schedule the day of the update installation. The data type is a integer. @@ -2142,7 +2142,7 @@ The following list shows the supported values: - 6 – Friday - 7 – Saturday - +
    @@ -2150,7 +2150,7 @@ The following list shows the supported values: **Update/ScheduledInstallEveryWeek** - + @@ -2172,8 +2172,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2181,15 +2181,15 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the every week. Value type is integer. Supported values:
    • 0 - no update in the schedule
    • 1 - update is scheduled every week
    - +
    @@ -2197,7 +2197,7 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i **Update/ScheduledInstallFirstWeek** - + @@ -2219,8 +2219,8 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2228,15 +2228,15 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i
    - - + + Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the first week of the month. Value type is integer. Supported values:
    • 0 - no update in the schedule
    • 1 - update is scheduled every first week of the month
    - +
    @@ -2244,7 +2244,7 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i **Update/ScheduledInstallFourthWeek** - + @@ -2266,8 +2266,8 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2275,15 +2275,15 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i
    - - + + Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the fourth week of the month. Value type is integer. Supported values:
    • 0 - no update in the schedule
    • 1 - update is scheduled every fourth week of the month
    - +
    @@ -2291,7 +2291,7 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i **Update/ScheduledInstallSecondWeek** - + @@ -2313,8 +2313,8 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2322,15 +2322,15 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i
    - - + + Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the second week of the month. Value type is integer. Supported values:
    • 0 - no update in the schedule
    • 1 - update is scheduled every second week of the month
    - +
    @@ -2338,7 +2338,7 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i **Update/ScheduledInstallThirdWeek** - + @@ -2360,8 +2360,8 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2369,15 +2369,15 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i
    - - + + Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the third week of the month. Value type is integer. Supported values:
    • 0 - no update in the schedule
    • 1 - update is scheduled every third week of the month
    - +
    @@ -2385,7 +2385,7 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i **Update/ScheduledInstallTime** - + @@ -2407,8 +2407,8 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2416,8 +2416,8 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i
    - - + + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -2432,7 +2432,7 @@ Supported values are 0-23, where 0 = 12 AM and 23 = 11 PM. The default value is 3. - +
    @@ -2440,7 +2440,7 @@ The default value is 3. **Update/SetAutoRestartNotificationDisable** - + @@ -2462,8 +2462,8 @@ The default value is 3.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2471,8 +2471,8 @@ The default value is 3.
    - - + + Added in Windows 10, version 1703. Allows the IT Admin to disable auto-restart notifications for update installations. The following list shows the supported values: @@ -2480,7 +2480,7 @@ The following list shows the supported values: - 0 (default) – Enabled - 1 – Disabled - +
    @@ -2488,7 +2488,7 @@ The following list shows the supported values: **Update/SetEDURestart** - + @@ -2510,8 +2510,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2519,8 +2519,8 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. For devices in a cart, this policy skips all restart checks to ensure that the reboot will happen at ScheduledInstallTime. The following list shows the supported values: @@ -2528,7 +2528,7 @@ The following list shows the supported values: - 0 - not configured - 1 - configured - +
    @@ -2536,7 +2536,7 @@ The following list shows the supported values: **Update/UpdateServiceUrl** - + @@ -2558,8 +2558,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2567,8 +2567,8 @@ The following list shows the supported values:
    - - + + > [!Important] > Starting in Windows 10, version 1703 this policy is not supported in Windows 10 Mobile Enteprise and IoT Mobile. @@ -2599,7 +2599,7 @@ Example ``` - +
    @@ -2607,7 +2607,7 @@ Example **Update/UpdateServiceUrlAlternate** - + @@ -2629,8 +2629,8 @@ Example
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2638,8 +2638,8 @@ Example
    - - + + Added in the January service release of Windows 10, version 1607. Specifies an alternate intranet server to host updates from Microsoft Update. You can then use this update service to automatically update computers on your network. This setting lets you specify a server on your network to function as an internal update service. The Automatic Updates client will search this service for updates that apply to the computers on your network. @@ -2653,7 +2653,7 @@ Value type is string and the default value is an empty string, "". If the settin > If the "Alternate Download Server" Group Policy is not set, it will use the WSUS server by default to download updates. > This policy is not supported on Windows RT. Setting this policy will not have any effect on Windows RT PCs. - +
    diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md index 7ebe88f286..6e21e25c40 100644 --- a/windows/client-management/mdm/policy-csp-userrights.md +++ b/windows/client-management/mdm/policy-csp-userrights.md @@ -116,7 +116,7 @@ ms.date: 01/29/2018 **UserRights/AccessCredentialManagerAsTrustedCaller** - + @@ -138,8 +138,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -147,11 +147,11 @@ ms.date: 01/29/2018
    - - + + This user right is used by Credential Manager during Backup/Restore. No accounts should have this privilege, as it is only assigned to Winlogon. Users' saved credentials might be compromised if this privilege is given to other entities. - +
    @@ -159,7 +159,7 @@ This user right is used by Credential Manager during Backup/Restore. No accounts **UserRights/AccessFromNetwork** - + @@ -181,8 +181,8 @@ This user right is used by Credential Manager during Backup/Restore. No accounts
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -190,11 +190,11 @@ This user right is used by Credential Manager during Backup/Restore. No accounts
    - - + + This user right determines which users and groups are allowed to connect to the computer over the network. Remote Desktop Services are not affected by this user right.Note: Remote Desktop Services was called Terminal Services in previous versions of Windows Server. - +
    @@ -202,7 +202,7 @@ This user right determines which users and groups are allowed to connect to the **UserRights/ActAsPartOfTheOperatingSystem** - + @@ -224,8 +224,8 @@ This user right determines which users and groups are allowed to connect to the
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -233,11 +233,11 @@ This user right determines which users and groups are allowed to connect to the
    - - + + This user right allows a process to impersonate any user without authentication. The process can therefore gain access to the same local resources as that user. Processes that require this privilege should use the LocalSystem account, which already includes this privilege, rather than using a separate user account with this privilege specially assigned. Caution:Assigning this user right can be a security risk. Only assign this user right to trusted users. - +
    @@ -245,7 +245,7 @@ This user right allows a process to impersonate any user without authentication. **UserRights/AllowLocalLogOn** - + @@ -267,8 +267,8 @@ This user right allows a process to impersonate any user without authentication.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -276,11 +276,11 @@ This user right allows a process to impersonate any user without authentication.
    - - + + This user right determines which users can log on to the computer. Note: Modifying this setting may affect compatibility with clients, services, and applications. For compatibility information about this setting, see Allow log on locally (https://go.microsoft.com/fwlink/?LinkId=24268 ) at the Microsoft website. - +
    @@ -288,7 +288,7 @@ This user right determines which users can log on to the computer. Note: Modifyi **UserRights/BackupFilesAndDirectories** - + @@ -310,8 +310,8 @@ This user right determines which users can log on to the computer. Note: Modifyi
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -319,11 +319,11 @@ This user right determines which users can log on to the computer. Note: Modifyi
    - - + + This user right determines which users can bypass file, directory, registry, and other persistent objects permissions when backing up files and directories.Specifically, this user right is similar to granting the following permissions to the user or group in question on all files and folders on the system:Traverse Folder/Execute File, Read. Caution: Assigning this user right can be a security risk. Since users with this user right can read any registry settings and files, only assign this user right to trusted users - +
    @@ -331,7 +331,7 @@ This user right determines which users can bypass file, directory, registry, and **UserRights/ChangeSystemTime** - + @@ -353,8 +353,8 @@ This user right determines which users can bypass file, directory, registry, and
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -362,11 +362,11 @@ This user right determines which users can bypass file, directory, registry, and
    - - + + This user right determines which users and groups can change the time and date on the internal clock of the computer. Users that are assigned this user right can affect the appearance of event logs. If the system time is changed, events that are logged will reflect this new time, not the actual time that the events occurred. - +
    @@ -374,7 +374,7 @@ This user right determines which users and groups can change the time and date o **UserRights/CreateGlobalObjects** - + @@ -396,8 +396,8 @@ This user right determines which users and groups can change the time and date o
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -405,11 +405,11 @@ This user right determines which users and groups can change the time and date o
    - - + + This security setting determines whether users can create global objects that are available to all sessions. Users can still create objects that are specific to their own session if they do not have this user right. Users who can create global objects could affect processes that run under other users' sessions, which could lead to application failure or data corruption. Caution: Assigning this user right can be a security risk. Assign this user right only to trusted users. - +
    @@ -417,7 +417,7 @@ This security setting determines whether users can create global objects that ar **UserRights/CreatePageFile** - + @@ -439,8 +439,8 @@ This security setting determines whether users can create global objects that ar
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -448,11 +448,11 @@ This security setting determines whether users can create global objects that ar
    - - + + This user right determines which users and groups can call an internal application programming interface (API) to create and change the size of a page file. This user right is used internally by the operating system and usually does not need to be assigned to any users - +
    @@ -460,7 +460,7 @@ This user right determines which users and groups can call an internal applicati **UserRights/CreatePermanentSharedObjects** - + @@ -482,8 +482,8 @@ This user right determines which users and groups can call an internal applicati
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -491,11 +491,11 @@ This user right determines which users and groups can call an internal applicati
    - - + + This user right determines which accounts can be used by processes to create a directory object using the object manager. This user right is used internally by the operating system and is useful to kernel-mode components that extend the object namespace. Because components that are running in kernel mode already have this user right assigned to them, it is not necessary to specifically assign it. - +
    @@ -503,7 +503,7 @@ This user right determines which accounts can be used by processes to create a d **UserRights/CreateSymbolicLinks** - + @@ -525,8 +525,8 @@ This user right determines which accounts can be used by processes to create a d
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -534,11 +534,11 @@ This user right determines which accounts can be used by processes to create a d
    - - + + This user right determines if the user can create a symbolic link from the computer he is logged on to. Caution: This privilege should only be given to trusted users. Symbolic links can expose security vulnerabilities in applications that aren't designed to handle them. Note: This setting can be used in conjunction a symlink filesystem setting that can be manipulated with the command line utility to control the kinds of symlinks that are allowed on the machine. Type 'fsutil behavior set symlinkevaluation /?' at the command line to get more information about fsutil and symbolic links. - +
    @@ -546,7 +546,7 @@ This user right determines if the user can create a symbolic link from the compu **UserRights/CreateToken** - + @@ -568,8 +568,8 @@ This user right determines if the user can create a symbolic link from the compu
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -577,11 +577,11 @@ This user right determines if the user can create a symbolic link from the compu
    - - + + This user right determines which accounts can be used by processes to create a token that can then be used to get access to any local resources when the process uses an internal application programming interface (API) to create an access token. This user right is used internally by the operating system. Unless it is necessary, do not assign this user right to a user, group, or process other than Local System. Caution: Assigning this user right can be a security risk. Do not assign this user right to any user, group, or process that you do not want to take over the system. - +
    @@ -589,7 +589,7 @@ This user right determines which accounts can be used by processes to create a t **UserRights/DebugPrograms** - + @@ -611,8 +611,8 @@ This user right determines which accounts can be used by processes to create a t
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -620,11 +620,11 @@ This user right determines which accounts can be used by processes to create a t
    - - + + This user right determines which users can attach a debugger to any process or to the kernel. Developers who are debugging their own applications do not need to be assigned this user right. Developers who are debugging new system components will need this user right to be able to do so. This user right provides complete access to sensitive and critical operating system components. Caution:Assigning this user right can be a security risk. Only assign this user right to trusted users. - +
    @@ -632,7 +632,7 @@ This user right determines which users can attach a debugger to any process or t **UserRights/DenyAccessFromNetwork** - + @@ -654,8 +654,8 @@ This user right determines which users can attach a debugger to any process or t
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -663,11 +663,11 @@ This user right determines which users can attach a debugger to any process or t
    - - + + This user right determines which users are prevented from accessing a computer over the network. This policy setting supersedes the Access this computer from the network policy setting if a user account is subject to both policies. - +
    @@ -675,7 +675,7 @@ This user right determines which users are prevented from accessing a computer o **UserRights/DenyLocalLogOn** - + @@ -697,8 +697,8 @@ This user right determines which users are prevented from accessing a computer o
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -706,11 +706,11 @@ This user right determines which users are prevented from accessing a computer o
    - - + + This security setting determines which service accounts are prevented from registering a process as a service. Note: This security setting does not apply to the System, Local Service, or Network Service accounts. - +
    @@ -718,7 +718,7 @@ This security setting determines which service accounts are prevented from regis **UserRights/DenyRemoteDesktopServicesLogOn** - + @@ -740,8 +740,8 @@ This security setting determines which service accounts are prevented from regis
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -749,11 +749,11 @@ This security setting determines which service accounts are prevented from regis
    - - + + This user right determines which users and groups are prohibited from logging on as a Remote Desktop Services client. - +
    @@ -761,7 +761,7 @@ This user right determines which users and groups are prohibited from logging on **UserRights/EnableDelegation** - + @@ -783,8 +783,8 @@ This user right determines which users and groups are prohibited from logging on
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -792,11 +792,11 @@ This user right determines which users and groups are prohibited from logging on
    - - + + This user right determines which users can set the Trusted for Delegation setting on a user or computer object. The user or object that is granted this privilege must have write access to the account control flags on the user or computer object. A server process running on a computer (or under a user context) that is trusted for delegation can access resources on another computer using delegated credentials of a client, as long as the client account does not have the Account cannot be delegated account control flag set. Caution: Misuse of this user right, or of the Trusted for Delegation setting, could make the network vulnerable to sophisticated attacks using Trojan horse programs that impersonate incoming clients and use their credentials to gain access to network resources. - +
    @@ -804,7 +804,7 @@ This user right determines which users can set the Trusted for Delegation settin **UserRights/GenerateSecurityAudits** - + @@ -826,8 +826,8 @@ This user right determines which users can set the Trusted for Delegation settin
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -835,11 +835,11 @@ This user right determines which users can set the Trusted for Delegation settin
    - - + + This user right determines which accounts can be used by a process to add entries to the security log. The security log is used to trace unauthorized system access. Misuse of this user right can result in the generation of many auditing events, potentially hiding evidence of an attack or causing a denial of service. Shut down system immediately if unable to log security audits security policy setting is enabled. - +
    @@ -847,7 +847,7 @@ This user right determines which accounts can be used by a process to add entrie **UserRights/ImpersonateClient** - + @@ -869,8 +869,8 @@ This user right determines which accounts can be used by a process to add entrie
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -878,15 +878,15 @@ This user right determines which accounts can be used by a process to add entrie
    - - + + Assigning this user right to a user allows programs running on behalf of that user to impersonate a client. Requiring this user right for this kind of impersonation prevents an unauthorized user from convincing a client to connect (for example, by remote procedure call (RPC) or named pipes) to a service that they have created and then impersonating that client, which can elevate the unauthorized user's permissions to administrative or system levels. Caution: Assigning this user right can be a security risk. Only assign this user right to trusted users. Note: By default, services that are started by the Service Control Manager have the built-in Service group added to their access tokens. Component Object Model (COM) servers that are started by the COM infrastructure and that are configured to run under a specific account also have the Service group added to their access tokens. As a result, these services get this user right when they are started. In addition, a user can also impersonate an access token if any of the following conditions exist. 1) The access token that is being impersonated is for this user. 2) The user, in this logon session, created the access token by logging on to the network with explicit credentials. 3) The requested level is less than Impersonate, such as Anonymous or Identify. Because of these factors, users do not usually need this user right. Warning: If you enable this setting, programs that previously had the Impersonate privilege may lose it, and they may not run. - +
    @@ -894,7 +894,7 @@ Because of these factors, users do not usually need this user right. Warning: If **UserRights/IncreaseSchedulingPriority** - + @@ -916,8 +916,8 @@ Because of these factors, users do not usually need this user right. Warning: If
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -925,11 +925,11 @@ Because of these factors, users do not usually need this user right. Warning: If
    - - + + This user right determines which accounts can use a process with Write Property access to another process to increase the execution priority assigned to the other process. A user with this privilege can change the scheduling priority of a process through the Task Manager user interface. - +
    @@ -937,7 +937,7 @@ This user right determines which accounts can use a process with Write Property **UserRights/LoadUnloadDeviceDrivers** - + @@ -959,8 +959,8 @@ This user right determines which accounts can use a process with Write Property
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -968,11 +968,11 @@ This user right determines which accounts can use a process with Write Property
    - - + + This user right determines which users can dynamically load and unload device drivers or other code in to kernel mode. This user right does not apply to Plug and Play device drivers. It is recommended that you do not assign this privilege to other users. Caution: Assigning this user right can be a security risk. Do not assign this user right to any user, group, or process that you do not want to take over the system. - +
    @@ -980,7 +980,7 @@ This user right determines which users can dynamically load and unload device dr **UserRights/LockMemory** - + @@ -1002,8 +1002,8 @@ This user right determines which users can dynamically load and unload device dr
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1011,11 +1011,11 @@ This user right determines which users can dynamically load and unload device dr
    - - + + This user right determines which accounts can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Exercising this privilege could significantly affect system performance by decreasing the amount of available random access memory (RAM). - +
    @@ -1023,7 +1023,7 @@ This user right determines which accounts can use a process to keep data in phys **UserRights/ManageAuditingAndSecurityLog** - + @@ -1045,8 +1045,8 @@ This user right determines which accounts can use a process to keep data in phys
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1054,11 +1054,11 @@ This user right determines which accounts can use a process to keep data in phys
    - - + + This user right determines which users can specify object access auditing options for individual resources, such as files, Active Directory objects, and registry keys. This security setting does not allow a user to enable file and object access auditing in general. You can view audited events in the security log of the Event Viewer. A user with this privilege can also view and clear the security log. - +
    @@ -1066,7 +1066,7 @@ This user right determines which users can specify object access auditing option **UserRights/ManageVolume** - + @@ -1088,8 +1088,8 @@ This user right determines which users can specify object access auditing option
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1097,11 +1097,11 @@ This user right determines which users can specify object access auditing option
    - - + + This user right determines which users and groups can run maintenance tasks on a volume, such as remote defragmentation. Use caution when assigning this user right. Users with this user right can explore disks and extend files in to memory that contains other data. When the extended files are opened, the user might be able to read and modify the acquired data. - +
    @@ -1109,7 +1109,7 @@ This user right determines which users and groups can run maintenance tasks on a **UserRights/ModifyFirmwareEnvironment** - + @@ -1131,8 +1131,8 @@ This user right determines which users and groups can run maintenance tasks on a
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1140,11 +1140,11 @@ This user right determines which users and groups can run maintenance tasks on a
    - - + + This user right determines who can modify firmware environment values. Firmware environment variables are settings stored in the nonvolatile RAM of non-x86-based computers. The effect of the setting depends on the processor.On x86-based computers, the only firmware environment value that can be modified by assigning this user right is the Last Known Good Configuration setting, which should only be modified by the system. On Itanium-based computers, boot information is stored in nonvolatile RAM. Users must be assigned this user right to run bootcfg.exe and to change the Default Operating System setting on Startup and Recovery in System Properties. On all computers, this user right is required to install or upgrade Windows.Note: This security setting does not affect who can modify the system environment variables and user environment variables that are displayed on the Advanced tab of System Properties. - +
    @@ -1152,7 +1152,7 @@ This user right determines who can modify firmware environment values. Firmware **UserRights/ModifyObjectLabel** - + @@ -1174,8 +1174,8 @@ This user right determines who can modify firmware environment values. Firmware
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1183,11 +1183,11 @@ This user right determines who can modify firmware environment values. Firmware
    - - + + This user right determines which user accounts can modify the integrity label of objects, such as files, registry keys, or processes owned by other users. Processes running under a user account can modify the label of an object owned by that user to a lower level without this privilege. - +
    @@ -1195,7 +1195,7 @@ This user right determines which user accounts can modify the integrity label of **UserRights/ProfileSingleProcess** - + @@ -1217,8 +1217,8 @@ This user right determines which user accounts can modify the integrity label of
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1226,11 +1226,11 @@ This user right determines which user accounts can modify the integrity label of
    - - + + This user right determines which users can use performance monitoring tools to monitor the performance of system processes. - +
    @@ -1238,7 +1238,7 @@ This user right determines which users can use performance monitoring tools to m **UserRights/RemoteShutdown** - + @@ -1260,8 +1260,8 @@ This user right determines which users can use performance monitoring tools to m
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1269,11 +1269,11 @@ This user right determines which users can use performance monitoring tools to m
    - - + + This user right determines which users are allowed to shut down a computer from a remote location on the network. Misuse of this user right can result in a denial of service. - +
    @@ -1281,7 +1281,7 @@ This user right determines which users are allowed to shut down a computer from **UserRights/RestoreFilesAndDirectories** - + @@ -1303,8 +1303,8 @@ This user right determines which users are allowed to shut down a computer from
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1312,11 +1312,11 @@ This user right determines which users are allowed to shut down a computer from
    - - + + This user right determines which users can bypass file, directory, registry, and other persistent objects permissions when restoring backed up files and directories, and determines which users can set any valid security principal as the owner of an object. Specifically, this user right is similar to granting the following permissions to the user or group in question on all files and folders on the system:Traverse Folder/Execute File, Write. Caution: Assigning this user right can be a security risk. Since users with this user right can overwrite registry settings, hide data, and gain ownership of system objects, only assign this user right to trusted users. - +
    @@ -1324,7 +1324,7 @@ This user right determines which users can bypass file, directory, registry, and **UserRights/TakeOwnership** - + @@ -1346,8 +1346,8 @@ This user right determines which users can bypass file, directory, registry, and
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1355,11 +1355,11 @@ This user right determines which users can bypass file, directory, registry, and
    - - + + This user right determines which users can take ownership of any securable object in the system, including Active Directory objects, files and folders, printers, registry keys, processes, and threads. Caution: Assigning this user right can be a security risk. Since owners of objects have full control of them, only assign this user right to trusted users. - +
    diff --git a/windows/client-management/mdm/policy-csp-wifi.md b/windows/client-management/mdm/policy-csp-wifi.md index 7416d833f4..75609b7de1 100644 --- a/windows/client-management/mdm/policy-csp-wifi.md +++ b/windows/client-management/mdm/policy-csp-wifi.md @@ -48,10 +48,10 @@ ms.date: 01/29/2018 **WiFi/AllowWiFiHotSpotReporting** - + This policy has been deprecated. - +
    @@ -59,7 +59,7 @@ This policy has been deprecated. **Wifi/AllowAutoConnectToWiFiSenseHotspots** - + @@ -81,8 +81,8 @@ This policy has been deprecated.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -90,13 +90,13 @@ This policy has been deprecated.
    - - + + Allow or disallow the device to automatically connect to Wi-Fi hotspots. Most restricted value is 0. - + The following list shows the supported values: @@ -111,7 +111,7 @@ The following list shows the supported values: **Wifi/AllowInternetSharing** - + @@ -133,8 +133,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -142,13 +142,13 @@ The following list shows the supported values:
    - - + + Allow or disallow internet sharing. Most restricted value is 0. - + The following list shows the supported values: @@ -163,7 +163,7 @@ The following list shows the supported values: **Wifi/AllowManualWiFiConfiguration** - + @@ -185,8 +185,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -194,8 +194,8 @@ The following list shows the supported values:
    - - + + Allow or disallow connecting to Wi-Fi outside of MDM server-installed networks. Most restricted value is 0. @@ -203,7 +203,7 @@ Most restricted value is 0. > [!NOTE] > Setting this policy deletes any previously installed user-configured and Wi-Fi sense Wi-Fi profiles from the device. Certain Wi-Fi profiles that are not user configured nor Wi-Fi sense might not be deleted. In addition, not all non-MDM profiles are completely deleted. - + The following list shows the supported values: @@ -218,7 +218,7 @@ The following list shows the supported values: **Wifi/AllowWiFi** - + @@ -240,8 +240,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -249,13 +249,13 @@ The following list shows the supported values:
    - - + + Allow or disallow WiFi connection. Most restricted value is 0. - + The following list shows the supported values: @@ -270,7 +270,7 @@ The following list shows the supported values: **Wifi/AllowWiFiDirect** - + @@ -292,8 +292,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -301,11 +301,11 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. Allow WiFi Direct connection.. - + The following list shows the supported values: @@ -320,7 +320,7 @@ The following list shows the supported values: **Wifi/WLANScanMode** - + @@ -342,8 +342,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -351,8 +351,8 @@ The following list shows the supported values:
    - - + + Allow an enterprise to control the WLAN scanning behavior and how aggressively devices should be actively scanning for Wi-Fi networks to get devices connected. Supported values are 0-500, where 100 = normal scan frequency and 500 = low scan frequency. @@ -361,7 +361,7 @@ The default value is 0. Supported operations are Add, Delete, Get, and Replace. - +
    diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md index 4c421859f2..084f29982c 100644 --- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md +++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md @@ -86,7 +86,7 @@ ms.date: 01/29/2018 **WindowsDefenderSecurityCenter/CompanyName** - + @@ -108,8 +108,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -117,13 +117,13 @@ ms.date: 01/29/2018
    - - + + Added in Windows 10, version 1709. The company name that is displayed to the users. CompanyName is required for both EnableCustomizedToasts and EnableInAppCustomization. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices will not display the contact options. Value type is string. Supported operations are Add, Get, Replace and Delete. - +
    @@ -131,7 +131,7 @@ Value type is string. Supported operations are Add, Get, Replace and Delete. **WindowsDefenderSecurityCenter/DisableAccountProtectionUI** - + @@ -153,8 +153,8 @@ Value type is string. Supported operations are Add, Get, Replace and Delete.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -162,8 +162,8 @@ Value type is string. Supported operations are Add, Get, Replace and Delete.
    - - + + Added in Windows 10, next major release. Use this policy setting to specify if to display the Account protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area. Valid values: @@ -171,7 +171,7 @@ Valid values: - 0 - (Disable) The users can see the display of the Account protection area in Windows Defender Security Center. - 1 - (Enable) The users cannot see the display of the Account protection area in Windows Defender Security Center. - +
    @@ -179,7 +179,7 @@ Valid values: **WindowsDefenderSecurityCenter/DisableAppBrowserUI** - + @@ -201,8 +201,8 @@ Valid values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -210,13 +210,13 @@ Valid values:
    - - + + Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the app and browser protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area. Value type is integer. Supported operations are Add, Get, Replace and Delete. - + The following list shows the supported values: @@ -231,7 +231,7 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/DisableDeviceSecurityUI** - + @@ -253,8 +253,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -262,8 +262,8 @@ The following list shows the supported values:
    - - + + Added in Windows 10, next major release. Use this policy setting if you want to disable the display of the Device security area in the Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area. Valid values: @@ -271,7 +271,7 @@ Valid values: - 0 - (Disable) The users can see the display of the Device security area in Windows Defender Security Center. - 1 - (Enable) The users cannot see the display of the Device secuirty area in Windows Defender Security Center. - +
    @@ -279,7 +279,7 @@ Valid values: **WindowsDefenderSecurityCenter/DisableEnhancedNotifications** - + @@ -301,8 +301,8 @@ Valid values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -310,8 +310,8 @@ Valid values:
    - - + + Added in Windows 10, version 1709. Use this policy if you want Windows Defender Security Center to only display notifications which are considered critical. If you disable or do not configure this setting, Windows Defender Security Center will display critical and non-critical notifications to users. > [!Note] @@ -319,7 +319,7 @@ Added in Windows 10, version 1709. Use this policy if you want Windows Defender Value type is integer. Supported operations are Add, Get, Replace and Delete. - + The following list shows the supported values: @@ -334,7 +334,7 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/DisableFamilyUI** - + @@ -356,8 +356,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -365,13 +365,13 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the family options area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area. Value type is integer. Supported operations are Add, Get, Replace and Delete. - + The following list shows the supported values: @@ -386,7 +386,7 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/DisableHealthUI** - + @@ -408,8 +408,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -417,13 +417,13 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the device performance and health area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area. Value type is integer. Supported operations are Add, Get, Replace and Delete. - + The following list shows the supported values: @@ -438,7 +438,7 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/DisableNetworkUI** - + @@ -460,8 +460,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -469,13 +469,13 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the firewall and network protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area. Value type is integer. Supported operations are Add, Get, Replace and Delete. - + The following list shows the supported values: @@ -490,7 +490,7 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/DisableNotifications** - + @@ -512,8 +512,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -521,13 +521,13 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of Windows Defender Security Center notifications. If you disable or do not configure this setting, Windows Defender Security Center notifications will display on devices. Value type is integer. Supported operations are Add, Get, Replace and Delete. - + The following list shows the supported values: @@ -542,7 +542,7 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/DisableVirusUI** - + @@ -564,8 +564,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -573,13 +573,13 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the virus and threat protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area. Value type is integer. Supported operations are Add, Get, Replace and Delete. - + The following list shows the supported values: @@ -594,7 +594,7 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride** - + @@ -616,8 +616,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -625,13 +625,13 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1709. Prevent users from making changes to the exploit protection settings area in the Windows Defender Security Center. If you disable or do not configure this setting, local users can make changes in the exploit protection settings area. Value type is integer. Supported operations are Add, Get, Replace and Delete. - + The following list shows the supported values: @@ -646,7 +646,7 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/Email** - + @@ -668,8 +668,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -677,13 +677,13 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1709. The email address that is displayed to users.  The default mail application is used to initiate email actions. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices will not display contact options. Value type is string. Supported operations are Add, Get, Replace and Delete. - +
    @@ -691,7 +691,7 @@ Value type is string. Supported operations are Add, Get, Replace and Delete. **WindowsDefenderSecurityCenter/EnableCustomizedToasts** - + @@ -713,8 +713,8 @@ Value type is string. Supported operations are Add, Get, Replace and Delete.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -722,13 +722,13 @@ Value type is string. Supported operations are Add, Get, Replace and Delete.
    - - + + Added in Windows 10, version 1709. Enable this policy to display your company name and contact options in the notifications. If you disable or do not configure this setting, or do not provide CompanyName and a minimum of one contact method (Phone using Skype, Email, Help portal URL) Windows Defender Security Center will display a default notification text. Value type is integer. Supported operations are Add, Get, Replace, and Delete. - + The following list shows the supported values: @@ -743,7 +743,7 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/EnableInAppCustomization** - + @@ -765,8 +765,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -774,13 +774,13 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1709. Enable this policy to have your company name and contact options displayed in a contact card fly out in Windows Defender Security Center. If you disable or do not configure this setting, or do not provide CompanyName and a minimum of one contact method (Phone using Skype, Email, Help portal URL) Windows Defender Security Center will not display the contact card fly out notification. Value type is integer. Supported operations are Add, Get, Replace, and Delete. - + The following list shows the supported values: @@ -795,7 +795,7 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/HideRansomwareDataRecovery** - + @@ -817,8 +817,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -826,8 +826,8 @@ The following list shows the supported values:
    - - + + Added in Windows 10, next major update. Use this policy setting to hide the Ransomware data recovery area in Windows Defender Security Center. Valid values: @@ -835,7 +835,7 @@ Valid values: - 0 - (Disable or not configured) The Ransomware data recovery area will be visible. - 1 - (Enable) The Ransomware data recovery area is hidden. - +
    @@ -843,7 +843,7 @@ Valid values: **WindowsDefenderSecurityCenter/HideSecureBoot** - + @@ -865,8 +865,8 @@ Valid values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -874,8 +874,8 @@ Valid values:
    - - + + Added in Windows 10, next major update. Use this policy to hide the Secure boot area in the Windows Defender Security Center. Valid values: @@ -883,7 +883,7 @@ Valid values: - 0 - (Disable or not configured) The Secure boot area is displayed. - 1 - (Enable) The Secure boot area is hidden. - +
    @@ -891,7 +891,7 @@ Valid values: **WindowsDefenderSecurityCenter/HideTPMTroubleshooting** - + @@ -913,8 +913,8 @@ Valid values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -922,8 +922,8 @@ Valid values:
    - - + + Added in Windows 10, next major update. Use this policy to hide the Security processor (TPM) troubleshooting area in the Windows Defender Security Center. Valid values: @@ -931,7 +931,7 @@ Valid values: - 0 - (Disable or not configured) The Security processor (TPM) troubleshooting area is displayed. - 1 - (Enable) The Security processor (TPM) troubleshooting area is hidden. - +
    @@ -939,7 +939,7 @@ Valid values: **WindowsDefenderSecurityCenter/Phone** - + @@ -961,8 +961,8 @@ Valid values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -970,13 +970,13 @@ Valid values:
    - - + + Added in Windows 10, version 1709. The phone number or Skype ID that is displayed to users.  Skype is used to initiate the call. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices will not display contact options. Value type is string. Supported operations are Add, Get, Replace, and Delete. - +
    @@ -984,7 +984,7 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete. **WindowsDefenderSecurityCenter/URL** - + @@ -1006,8 +1006,8 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1015,13 +1015,13 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
    - - + + Added in Windows 10, version 1709. The help portal URL this is displayed to users. The default browser is used to initiate this action. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then the device will not display contact options. Value type is Value type is string. Supported operations are Add, Get, Replace, and Delete. - +
    diff --git a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md index 1ddb435ce8..11511b33b1 100644 --- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md +++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md @@ -33,7 +33,7 @@ ms.date: 01/29/2018 **WindowsInkWorkspace/AllowSuggestedAppsInWindowsInkWorkspace** - + @@ -55,8 +55,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -64,11 +64,11 @@ ms.date: 01/29/2018
    - - + + Added in Windows 10, version 1607. Show recommended app suggestions in the ink workspace. - + The following list shows the supported values: @@ -83,7 +83,7 @@ The following list shows the supported values: **WindowsInkWorkspace/AllowWindowsInkWorkspace** - + @@ -105,8 +105,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -114,8 +114,8 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1607. Specifies whether to allow the user to access the ink workspace. Value type is int. The following list shows the supported values: @@ -124,7 +124,7 @@ Value type is int. The following list shows the supported values: - 1 - ink workspace is enabled (feature is turned on), but the user cannot access it above the lock screen. - 2 (default) - ink workspace is enabled (feature is turned on), and the user is allowed to use it above the lock screen. - +
    diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md index 62e9c0003c..685f5e228e 100644 --- a/windows/client-management/mdm/policy-csp-windowslogon.md +++ b/windows/client-management/mdm/policy-csp-windowslogon.md @@ -36,7 +36,7 @@ ms.date: 01/29/2018 **WindowsLogon/DisableLockScreenAppNotifications** - + @@ -58,8 +58,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -67,15 +67,15 @@ ms.date: 01/29/2018
    - - + + This policy setting allows you to prevent app notifications from appearing on the lock screen. If you enable this policy setting, no app notifications are displayed on the lock screen. If you disable or do not configure this policy setting, users can choose which apps display notifications on the lock screen. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -83,14 +83,14 @@ If you disable or do not configure this policy setting, users can choose which a > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn off app notifications on the lock screen* - GP name: *DisableLockScreenAppNotifications* - GP path: *System/Logon* - GP ADMX file name: *logon.admx* - +
    @@ -98,7 +98,7 @@ ADMX Info: **WindowsLogon/DontDisplayNetworkSelectionUI** - + @@ -120,8 +120,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -129,15 +129,15 @@ ADMX Info:
    - - + + This policy setting allows you to control whether anyone can interact with available networks UI on the logon screen. If you enable this policy setting, the PC's network connectivity state cannot be changed without signing into Windows. If you disable or don't configure this policy setting, any user can disconnect the PC from the network or can connect the PC to other available networks without signing into Windows. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -145,14 +145,14 @@ If you disable or don't configure this policy setting, any user can disconnect t > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Do not display network selection UI* - GP name: *DontDisplayNetworkSelectionUI* - GP path: *System/Logon* - GP ADMX file name: *logon.admx* - +
    @@ -160,7 +160,7 @@ ADMX Info: **WindowsLogon/HideFastUserSwitching** - + @@ -182,8 +182,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -191,8 +191,8 @@ ADMX Info:
    - - + + Added in Windows 10, version 1703. This policy setting allows you to hide the Switch account button on the sign-in screen, Start, and the Task Manager. If you enable this policy setting, the Switch account button is hidden from the user who is attempting to sign-in or is signed in to the computer that has this policy applied. If you disable or do not configure this policy setting, the Switch account button is accessible to the user in the three locations. To validate on Desktop, do the following: @@ -200,7 +200,7 @@ To validate on Desktop, do the following: 1. Enable policy. 2. Verify that the Switch account button in Start is hidden. - + The following list shows the supported values: diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md index 4e120a73e2..0ef62935e1 100644 --- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md +++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md @@ -51,7 +51,7 @@ ms.date: 01/29/2018 **WirelessDisplay/AllowMdnsAdvertisement** - + @@ -73,8 +73,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -82,11 +82,11 @@ ms.date: 01/29/2018
    - - + + Added in Windows 10, version 1709. This policy setting allows you to turn off the Wireless Display multicast DNS service advertisement from a Wireless Display receiver. If the network administrator is concerned about network congestion, they may set this policy to 0, disabling mDNS advertisement. - + The following list shows the supported values: @@ -101,7 +101,7 @@ The following list shows the supported values: **WirelessDisplay/AllowMdnsDiscovery** - + @@ -123,8 +123,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -132,11 +132,11 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1709. This policy setting allows you to turn off discovering the display service advertised over multicast DNS by a Wireless Display receiver. If the network administrator is concerned about network congestion, they may set this policy to 0, disabling mDNS discovery. - + The following list shows the supported values: @@ -151,7 +151,7 @@ The following list shows the supported values: **WirelessDisplay/AllowProjectionFromPC** - + @@ -173,8 +173,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -182,11 +182,11 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. This policy allows you to turn off projection from a PC. - + The following list shows the supported values: @@ -201,7 +201,7 @@ The following list shows the supported values: **WirelessDisplay/AllowProjectionFromPCOverInfrastructure** - + @@ -223,8 +223,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -232,11 +232,11 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. This policy allows you to turn off projection from a PC over infrastructure. - + The following list shows the supported values: @@ -251,7 +251,7 @@ The following list shows the supported values: **WirelessDisplay/AllowProjectionToPC** - + @@ -273,8 +273,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -282,15 +282,15 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1607. Allow or disallow turning off the projection to a PC. If you set it to 0 (zero), your PC is not discoverable and you cannot project to it. If you set it to 1, your PC is discoverable and you can project to it above the lock screen. The user has an option to turn it always on or always off except for manual launch. In PCs that support Miracast, after the policy is applied you can verify the setting from the user interface in **Settings** > **System** > **Projecting to this PC**. Value type is integer. - + The following list shows the supported values: @@ -305,7 +305,7 @@ The following list shows the supported values: **WirelessDisplay/AllowProjectionToPCOverInfrastructure** - + @@ -327,8 +327,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -336,11 +336,11 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. This policy setting allows you to turn off projection to a PC over infrastructure. - + The following list shows the supported values: @@ -355,7 +355,7 @@ The following list shows the supported values: **WirelessDisplay/AllowUserInputFromWirelessDisplayReceiver** - + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -363,11 +363,11 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. Setting this policy controls whether or not the wireless display can send input—keyboard, mouse, pen, and touch input if the display supports it—back to the source device. - + The following list shows the supported values: @@ -382,7 +382,7 @@ The following list shows the supported values: **WirelessDisplay/RequirePinForPairing** - + @@ -404,8 +404,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -413,15 +413,15 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1607. Allow or disallow requirement for a PIN for pairing. If you turn this on, the pairing ceremony for new devices will always require a PIN. If you turn this off or do not configure it, a PIN is not required for pairing. In PCs that support Miracast, after the policy is applied you can verify the setting from the user interface in **Settings** > **System** > **Projecting to this PC**. Value type is integer. - + The following list shows the supported values: From 33595c56f8f3a328c730dca8b38b405116fefde1 Mon Sep 17 00:00:00 2001 From: Tara Meyer Date: Mon, 29 Jan 2018 21:10:08 +0000 Subject: [PATCH 038/109] Initialize open publishing repository: https://cpubwin.visualstudio.com/DefaultCollection/it-client/_git/it-client of branch master --- .openpublishing.publish.config.json | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index 75b0bd92c0..7754fdf882 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -125,6 +125,7 @@ "build_output_subfolder": "microsoft-365", "locale": "en-us", "monikers": [], + "moniker_ranges": [], "open_to_public_contributors": false, "type_mapping": { "Conceptual": "Content", @@ -483,7 +484,8 @@ "branches_to_filter": [ "" ], - "git_repository_url_open_to_public_contributors": "https://cpubwin.visualstudio.com/_git/it-client", + "git_repository_url_open_to_public_contributors": "https://github.com/MicrosoftDocs/windows-itpro-docs", + "git_repository_branch_open_to_public_contributors": "master", "skip_source_output_uploading": false, "need_preview_pull_request": true, "resolve_user_profile_using_github": true, From ce9fbfa8a437e6a2a34f44f2eefb9e6bf56c7b52 Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Mon, 29 Jan 2018 13:57:16 -0800 Subject: [PATCH 039/109] updating repo url --- .openpublishing.publish.config.json | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index 7754fdf882..430506237d 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -484,8 +484,7 @@ "branches_to_filter": [ "" ], - "git_repository_url_open_to_public_contributors": "https://github.com/MicrosoftDocs/windows-itpro-docs", - "git_repository_branch_open_to_public_contributors": "master", + "git_repository_url_open_to_public_contributors": "https://cpubwin.visualstudio.com/_git/it-client", "skip_source_output_uploading": false, "need_preview_pull_request": true, "resolve_user_profile_using_github": true, From 7c9a90989a3e8c4413e5d4a6fc58c597eae5df96 Mon Sep 17 00:00:00 2001 From: Nicholas Brower Date: Mon, 29 Jan 2018 23:15:06 +0000 Subject: [PATCH 040/109] Merged PR 5559: fixing typo in SupportedSKUs end tag --- .../mdm/policy-csp-abovelock.md | 6 +- ...csp-accountpoliciesaccountlockoutpolicy.md | 6 +- .../mdm/policy-csp-accounts.md | 8 +- .../mdm/policy-csp-activexcontrols.md | 2 +- .../mdm/policy-csp-applicationdefaults.md | 2 +- .../mdm/policy-csp-applicationmanagement.md | 22 +- .../mdm/policy-csp-appvirtualization.md | 56 +- .../mdm/policy-csp-attachmentmanager.md | 6 +- .../mdm/policy-csp-authentication.md | 10 +- .../mdm/policy-csp-autoplay.md | 6 +- .../mdm/policy-csp-bitlocker.md | 2 +- .../mdm/policy-csp-bluetooth.md | 10 +- .../mdm/policy-csp-browser.md | 76 +-- .../mdm/policy-csp-camera.md | 2 +- .../mdm/policy-csp-cellular.md | 10 +- .../mdm/policy-csp-connectivity.md | 28 +- .../mdm/policy-csp-controlpolicyconflict.md | 2 +- .../mdm/policy-csp-credentialproviders.md | 6 +- .../mdm/policy-csp-credentialsui.md | 4 +- .../mdm/policy-csp-cryptography.md | 4 +- .../mdm/policy-csp-dataprotection.md | 4 +- .../mdm/policy-csp-datausage.md | 4 +- .../mdm/policy-csp-defender.md | 70 +-- .../mdm/policy-csp-deliveryoptimization.md | 46 +- .../mdm/policy-csp-desktop.md | 2 +- .../mdm/policy-csp-deviceguard.md | 6 +- .../mdm/policy-csp-deviceinstallation.md | 4 +- .../mdm/policy-csp-devicelock.md | 34 +- .../mdm/policy-csp-display.md | 4 +- .../mdm/policy-csp-education.md | 6 +- .../mdm/policy-csp-enterprisecloudprint.md | 12 +- .../mdm/policy-csp-errorreporting.md | 10 +- .../mdm/policy-csp-eventlogservice.md | 8 +- .../mdm/policy-csp-experience.md | 38 +- .../mdm/policy-csp-exploitguard.md | 2 +- .../client-management/mdm/policy-csp-games.md | 2 +- .../mdm/policy-csp-handwriting.md | 2 +- .../mdm/policy-csp-internetexplorer.md | 486 +++++++++--------- .../mdm/policy-csp-kerberos.md | 10 +- .../mdm/policy-csp-kioskbrowser.md | 12 +- .../mdm/policy-csp-licensing.md | 4 +- ...policy-csp-localpoliciessecurityoptions.md | 110 ++-- .../mdm/policy-csp-location.md | 2 +- .../mdm/policy-csp-lockdown.md | 2 +- .../client-management/mdm/policy-csp-maps.md | 4 +- .../mdm/policy-csp-messaging.md | 6 +- .../mdm/policy-csp-networkisolation.md | 16 +- .../mdm/policy-csp-notifications.md | 2 +- .../client-management/mdm/policy-csp-power.md | 18 +- .../mdm/policy-csp-printers.md | 6 +- .../mdm/policy-csp-privacy.md | 154 +++--- .../mdm/policy-csp-remoteassistance.md | 8 +- .../mdm/policy-csp-remotedesktopservices.md | 12 +- .../mdm/policy-csp-remotemanagement.md | 30 +- .../mdm/policy-csp-remoteprocedurecall.md | 4 +- .../mdm/policy-csp-remoteshell.md | 14 +- .../mdm/policy-csp-search.md | 26 +- .../mdm/policy-csp-security.md | 22 +- .../mdm/policy-csp-settings.md | 28 +- .../mdm/policy-csp-smartscreen.md | 6 +- .../mdm/policy-csp-speech.md | 2 +- .../client-management/mdm/policy-csp-start.md | 58 +-- .../mdm/policy-csp-storage.md | 4 +- .../mdm/policy-csp-system.md | 30 +- .../mdm/policy-csp-systemservices.md | 12 +- .../mdm/policy-csp-taskscheduler.md | 2 +- .../mdm/policy-csp-textinput.md | 26 +- .../mdm/policy-csp-timelanguagesettings.md | 2 +- .../mdm/policy-csp-update.md | 94 ++-- .../mdm/policy-csp-userrights.md | 58 +-- .../client-management/mdm/policy-csp-wifi.md | 12 +- ...olicy-csp-windowsdefendersecuritycenter.md | 38 +- .../mdm/policy-csp-windowsinkworkspace.md | 4 +- .../mdm/policy-csp-windowslogon.md | 6 +- .../mdm/policy-csp-wirelessdisplay.md | 14 +- 75 files changed, 933 insertions(+), 933 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-abovelock.md b/windows/client-management/mdm/policy-csp-abovelock.md index 8a9ab9e4cd..09bab6143a 100644 --- a/windows/client-management/mdm/policy-csp-abovelock.md +++ b/windows/client-management/mdm/policy-csp-abovelock.md @@ -58,7 +58,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -113,7 +113,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -163,7 +163,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-accountpoliciesaccountlockoutpolicy.md b/windows/client-management/mdm/policy-csp-accountpoliciesaccountlockoutpolicy.md index fef93c8458..e74c715473 100644 --- a/windows/client-management/mdm/policy-csp-accountpoliciesaccountlockoutpolicy.md +++ b/windows/client-management/mdm/policy-csp-accountpoliciesaccountlockoutpolicy.md @@ -60,7 +60,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -107,7 +107,7 @@ Default: None, because this policy setting only has meaning when an Account lock - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -154,7 +154,7 @@ Default: 0. - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md index 8bfbafa470..14b5d262f0 100644 --- a/windows/client-management/mdm/policy-csp-accounts.md +++ b/windows/client-management/mdm/policy-csp-accounts.md @@ -61,7 +61,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -116,7 +116,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -168,7 +168,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -218,7 +218,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-activexcontrols.md b/windows/client-management/mdm/policy-csp-activexcontrols.md index c8facbef8f..6b16327ccb 100644 --- a/windows/client-management/mdm/policy-csp-activexcontrols.md +++ b/windows/client-management/mdm/policy-csp-activexcontrols.md @@ -52,7 +52,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md index a2454f2ffd..9016bca75e 100644 --- a/windows/client-management/mdm/policy-csp-applicationdefaults.md +++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md @@ -52,7 +52,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md index 024a22b95c..a28201a263 100644 --- a/windows/client-management/mdm/policy-csp-applicationmanagement.md +++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md @@ -82,7 +82,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -135,7 +135,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -185,7 +185,7 @@ Most restricted value is 0. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -238,7 +238,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -293,7 +293,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -345,7 +345,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -397,7 +397,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -462,7 +462,7 @@ Value evaluation rule - The information for PolicyManager is opaque. There is no - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -512,7 +512,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -562,7 +562,7 @@ Most restricted value is 1. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -614,7 +614,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-appvirtualization.md b/windows/client-management/mdm/policy-csp-appvirtualization.md index b30da5cc6a..f1bfd67657 100644 --- a/windows/client-management/mdm/policy-csp-appvirtualization.md +++ b/windows/client-management/mdm/policy-csp-appvirtualization.md @@ -133,7 +133,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -191,7 +191,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -249,7 +249,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -307,7 +307,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -365,7 +365,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -423,7 +423,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -491,7 +491,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -549,7 +549,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -607,7 +607,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -665,7 +665,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -723,7 +723,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -781,7 +781,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -839,7 +839,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -915,7 +915,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -991,7 +991,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1067,7 +1067,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1143,7 +1143,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1219,7 +1219,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1277,7 +1277,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1335,7 +1335,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1393,7 +1393,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1451,7 +1451,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1509,7 +1509,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1567,7 +1567,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1625,7 +1625,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1683,7 +1683,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1741,7 +1741,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1799,7 +1799,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-attachmentmanager.md b/windows/client-management/mdm/policy-csp-attachmentmanager.md index 257d3f313a..b23d0fec1c 100644 --- a/windows/client-management/mdm/policy-csp-attachmentmanager.md +++ b/windows/client-management/mdm/policy-csp-attachmentmanager.md @@ -58,7 +58,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -122,7 +122,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -186,7 +186,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md index d030e6f423..6755d07861 100644 --- a/windows/client-management/mdm/policy-csp-authentication.md +++ b/windows/client-management/mdm/policy-csp-authentication.md @@ -64,7 +64,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -114,7 +114,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -164,7 +164,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -216,7 +216,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -270,7 +270,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-autoplay.md b/windows/client-management/mdm/policy-csp-autoplay.md index 0c38facc2f..1691a0fce0 100644 --- a/windows/client-management/mdm/policy-csp-autoplay.md +++ b/windows/client-management/mdm/policy-csp-autoplay.md @@ -58,7 +58,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -121,7 +121,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -193,7 +193,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-bitlocker.md b/windows/client-management/mdm/policy-csp-bitlocker.md index ab5e371656..35eb61f9df 100644 --- a/windows/client-management/mdm/policy-csp-bitlocker.md +++ b/windows/client-management/mdm/policy-csp-bitlocker.md @@ -52,7 +52,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md index 4cc182b25a..dc992781e7 100644 --- a/windows/client-management/mdm/policy-csp-bluetooth.md +++ b/windows/client-management/mdm/policy-csp-bluetooth.md @@ -64,7 +64,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -118,7 +118,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -172,7 +172,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -222,7 +222,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -269,7 +269,7 @@ If this policy is not set or it is deleted, the default local radio name is used - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md index cb2b6f9db3..07b993c521 100644 --- a/windows/client-management/mdm/policy-csp-browser.md +++ b/windows/client-management/mdm/policy-csp-browser.md @@ -165,7 +165,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -221,7 +221,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -281,7 +281,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -340,7 +340,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -398,7 +398,7 @@ To verify AllowCookies is set to 0 (not allowed): - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -455,7 +455,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -515,7 +515,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -566,7 +566,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -617,7 +617,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -668,7 +668,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -721,7 +721,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -777,7 +777,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -837,7 +837,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -897,7 +897,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -952,7 +952,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1005,7 +1005,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1065,7 +1065,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1116,7 +1116,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1175,7 +1175,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1234,7 +1234,7 @@ Most restricted value is 0. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1293,7 +1293,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1346,7 +1346,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1399,7 +1399,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1444,7 +1444,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1496,7 +1496,7 @@ The default value is an empty string. Otherwise, the string should contain the U - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1550,7 +1550,7 @@ Starting in Windows 10, version 1703, if you don’t want to send traffic to Mi - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1610,7 +1610,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1661,7 +1661,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1714,7 +1714,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1767,7 +1767,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1820,7 +1820,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1871,7 +1871,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1926,7 +1926,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1983,7 +1983,7 @@ Data type is string. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2040,7 +2040,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2098,7 +2098,7 @@ Most restricted value is 0. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2155,7 +2155,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2219,7 +2219,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-camera.md b/windows/client-management/mdm/policy-csp-camera.md index d92acc51af..fc227b1f17 100644 --- a/windows/client-management/mdm/policy-csp-camera.md +++ b/windows/client-management/mdm/policy-csp-camera.md @@ -52,7 +52,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-cellular.md b/windows/client-management/mdm/policy-csp-cellular.md index 8fd91336fe..db8f20499e 100644 --- a/windows/client-management/mdm/policy-csp-cellular.md +++ b/windows/client-management/mdm/policy-csp-cellular.md @@ -64,7 +64,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -127,7 +127,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -170,7 +170,7 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -213,7 +213,7 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -256,7 +256,7 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md index 537f8beffa..c4e91457b4 100644 --- a/windows/client-management/mdm/policy-csp-connectivity.md +++ b/windows/client-management/mdm/policy-csp-connectivity.md @@ -91,7 +91,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -149,7 +149,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -200,7 +200,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -263,7 +263,7 @@ To validate on mobile devices, do the following: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -316,7 +316,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -372,7 +372,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -430,7 +430,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -482,7 +482,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -534,7 +534,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -591,7 +591,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -648,7 +648,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -705,7 +705,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -750,7 +750,7 @@ Value type is integer. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -810,7 +810,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md index 2adc69c9bb..421980c7b1 100644 --- a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md +++ b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md @@ -54,7 +54,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-credentialproviders.md b/windows/client-management/mdm/policy-csp-credentialproviders.md index 7b5579ff02..20a5e4fc8d 100644 --- a/windows/client-management/mdm/policy-csp-credentialproviders.md +++ b/windows/client-management/mdm/policy-csp-credentialproviders.md @@ -58,7 +58,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -124,7 +124,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -188,7 +188,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-credentialsui.md b/windows/client-management/mdm/policy-csp-credentialsui.md index f8e1d19c97..29395b9209 100644 --- a/windows/client-management/mdm/policy-csp-credentialsui.md +++ b/windows/client-management/mdm/policy-csp-credentialsui.md @@ -55,7 +55,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -122,7 +122,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-cryptography.md b/windows/client-management/mdm/policy-csp-cryptography.md index 4908b2af8e..e35c21d6ee 100644 --- a/windows/client-management/mdm/policy-csp-cryptography.md +++ b/windows/client-management/mdm/policy-csp-cryptography.md @@ -55,7 +55,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -103,7 +103,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-dataprotection.md b/windows/client-management/mdm/policy-csp-dataprotection.md index c1a23ddc73..0a497016a1 100644 --- a/windows/client-management/mdm/policy-csp-dataprotection.md +++ b/windows/client-management/mdm/policy-csp-dataprotection.md @@ -55,7 +55,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -107,7 +107,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-datausage.md b/windows/client-management/mdm/policy-csp-datausage.md index da3f7e483a..736ad17532 100644 --- a/windows/client-management/mdm/policy-csp-datausage.md +++ b/windows/client-management/mdm/policy-csp-datausage.md @@ -55,7 +55,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -123,7 +123,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index f8ca333a92..1324fc9bf1 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -154,7 +154,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -206,7 +206,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -258,7 +258,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -310,7 +310,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -362,7 +362,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -414,7 +414,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -466,7 +466,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -518,7 +518,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -570,7 +570,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -622,7 +622,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -674,7 +674,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -726,7 +726,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -778,7 +778,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -830,7 +830,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -879,7 +879,7 @@ Value type is string. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -930,7 +930,7 @@ Value type is string. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -981,7 +981,7 @@ The default value is 50. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1044,7 +1044,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1097,7 +1097,7 @@ For example, if the desired timeout is 60 seconds, specify 50 seconds in this se - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1143,7 +1143,7 @@ Added in Windows 10, version 1709. This policy setting allows user-specified app - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1189,7 +1189,7 @@ Added in Windows 10, version 1709. This policy settings allows adding user-speci - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1240,7 +1240,7 @@ The default value is 0, which keeps items in quarantine, and does not automatica - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1294,7 +1294,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1354,7 +1354,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1401,7 +1401,7 @@ Allows an administrator to specify a list of file type extensions to ignore duri - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1448,7 +1448,7 @@ Allows an administrator to specify a list of directory paths to ignore during a - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1501,7 +1501,7 @@ Each file type must be separated by a **|**. For example, "C:\\Example.exe|C:\\E - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1554,7 +1554,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1611,7 +1611,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1663,7 +1663,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1720,7 +1720,7 @@ The default value is 120 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1783,7 +1783,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1840,7 +1840,7 @@ The default value is 120. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1893,7 +1893,7 @@ The default value is 8. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1947,7 +1947,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md index 44763626f4..066c6de874 100644 --- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md +++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md @@ -123,7 +123,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -172,7 +172,7 @@ The default value is 10. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -226,7 +226,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -271,7 +271,7 @@ After the max delay is reached, the download will resume using HTTP, either down - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -328,7 +328,7 @@ The following list shows the supported values as number of seconds: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -386,7 +386,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -436,7 +436,7 @@ This Policy specifies an arbitrary group ID that the device belongs to. Use this - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -496,7 +496,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -545,7 +545,7 @@ The default value is 259200 seconds (3 days). - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -594,7 +594,7 @@ The default value is 20. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -643,7 +643,7 @@ The default value 0 (zero) means that Delivery Optimization dynamically adjusts - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -692,7 +692,7 @@ The default value is 0, which permits unlimited possible bandwidth (optimized fo - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -741,7 +741,7 @@ The default value is 500. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -789,7 +789,7 @@ The default value is 0. The value 0 (zero) means "not limited" and the cloud ser - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -841,7 +841,7 @@ The default value is 32 GB. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -890,7 +890,7 @@ The default value is 100 MB. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -939,7 +939,7 @@ The default value is 4 GB. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -988,7 +988,7 @@ By default, %SystemDrive% is used to store the cache. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1039,7 +1039,7 @@ The default value is 20. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1095,7 +1095,7 @@ This policy is deprecated. Use [DOPercentageMaxForeDownloadBandwidth](#deliveryo - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1140,7 +1140,7 @@ Note that downloads from LAN peers will not be throttled even when this policy i - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1192,7 +1192,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1245,7 +1245,7 @@ This policy allows an IT Admin to define the following: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-desktop.md b/windows/client-management/mdm/policy-csp-desktop.md index fbbf63681d..009265655e 100644 --- a/windows/client-management/mdm/policy-csp-desktop.md +++ b/windows/client-management/mdm/policy-csp-desktop.md @@ -52,7 +52,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-deviceguard.md b/windows/client-management/mdm/policy-csp-deviceguard.md index decc360200..d2cc249634 100644 --- a/windows/client-management/mdm/policy-csp-deviceguard.md +++ b/windows/client-management/mdm/policy-csp-deviceguard.md @@ -58,7 +58,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -108,7 +108,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -159,7 +159,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md index 212324e984..d104e70a92 100644 --- a/windows/client-management/mdm/policy-csp-deviceinstallation.md +++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md @@ -55,7 +55,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -117,7 +117,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md index 8b22ded5b4..97297f2da1 100644 --- a/windows/client-management/mdm/policy-csp-devicelock.md +++ b/windows/client-management/mdm/policy-csp-devicelock.md @@ -102,7 +102,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -159,7 +159,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -218,7 +218,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -272,7 +272,7 @@ For additional information about this policy, see [Exchange ActiveSync Policy En - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -332,7 +332,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -420,7 +420,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -476,7 +476,7 @@ For additional information about this policy, see [Exchange ActiveSync Policy En - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -534,7 +534,7 @@ For additional information about this policy, see [Exchange ActiveSync Policy En - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -583,7 +583,7 @@ Value type is a string, which is the full image filepath and filename. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -632,7 +632,7 @@ Value type is a string, which is the AppID. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -695,7 +695,7 @@ For additional information about this policy, see [Exchange ActiveSync Policy En - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -749,7 +749,7 @@ For additional information about this policy, see [Exchange ActiveSync Policy En - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -801,7 +801,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -915,7 +915,7 @@ For additional information about this policy, see [Exchange ActiveSync Policy En - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -974,7 +974,7 @@ For additional information about this policy, see [Exchange ActiveSync Policy En - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1021,7 +1021,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1083,7 +1083,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md index 3921cace6c..395598e623 100644 --- a/windows/client-management/mdm/policy-csp-display.md +++ b/windows/client-management/mdm/policy-csp-display.md @@ -55,7 +55,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -111,7 +111,7 @@ To validate on Desktop, do the following: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-education.md b/windows/client-management/mdm/policy-csp-education.md index 6889a52380..70e051604f 100644 --- a/windows/client-management/mdm/policy-csp-education.md +++ b/windows/client-management/mdm/policy-csp-education.md @@ -58,7 +58,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -103,7 +103,7 @@ The policy value is expected to be the name (network host name) of an installed - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -153,7 +153,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md index 38c3886970..635152c9cc 100644 --- a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md +++ b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md @@ -67,7 +67,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -114,7 +114,7 @@ The default value is an empty string. Otherwise, the value should contain the UR - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -161,7 +161,7 @@ The default value is an empty string. Otherwise, the value should contain a GUID - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -208,7 +208,7 @@ The default value is an empty string. Otherwise, the value should contain a URL. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -255,7 +255,7 @@ The default value is an empty string. Otherwise, the value should contain the UR - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -302,7 +302,7 @@ For Windows Mobile, the default value is 20. - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-errorreporting.md b/windows/client-management/mdm/policy-csp-errorreporting.md index 4f957acf78..8b4deb16d5 100644 --- a/windows/client-management/mdm/policy-csp-errorreporting.md +++ b/windows/client-management/mdm/policy-csp-errorreporting.md @@ -64,7 +64,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -136,7 +136,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -198,7 +198,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -264,7 +264,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -326,7 +326,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-eventlogservice.md b/windows/client-management/mdm/policy-csp-eventlogservice.md index 961555b8fe..b531654651 100644 --- a/windows/client-management/mdm/policy-csp-eventlogservice.md +++ b/windows/client-management/mdm/policy-csp-eventlogservice.md @@ -61,7 +61,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -125,7 +125,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -187,7 +187,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -249,7 +249,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md index 1ee67cf404..08a7c01d46 100644 --- a/windows/client-management/mdm/policy-csp-experience.md +++ b/windows/client-management/mdm/policy-csp-experience.md @@ -114,7 +114,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -169,7 +169,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -221,7 +221,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -275,7 +275,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -329,7 +329,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -385,7 +385,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -450,7 +450,7 @@ This policy is deprecated. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -517,7 +517,7 @@ This policy is deprecated. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -567,7 +567,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -626,7 +626,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -680,7 +680,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -734,7 +734,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -790,7 +790,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -846,7 +846,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -902,7 +902,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -957,7 +957,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1013,7 +1013,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1063,7 +1063,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1116,7 +1116,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-exploitguard.md b/windows/client-management/mdm/policy-csp-exploitguard.md index ba0ff86d79..421c1c41e8 100644 --- a/windows/client-management/mdm/policy-csp-exploitguard.md +++ b/windows/client-management/mdm/policy-csp-exploitguard.md @@ -52,7 +52,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-games.md b/windows/client-management/mdm/policy-csp-games.md index 51f293f7b8..233f091ce6 100644 --- a/windows/client-management/mdm/policy-csp-games.md +++ b/windows/client-management/mdm/policy-csp-games.md @@ -52,7 +52,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-handwriting.md b/windows/client-management/mdm/policy-csp-handwriting.md index 15016063fb..ac276081cf 100644 --- a/windows/client-management/mdm/policy-csp-handwriting.md +++ b/windows/client-management/mdm/policy-csp-handwriting.md @@ -52,7 +52,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md index 2b29a32684..ba26acd4fc 100644 --- a/windows/client-management/mdm/policy-csp-internetexplorer.md +++ b/windows/client-management/mdm/policy-csp-internetexplorer.md @@ -778,7 +778,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -841,7 +841,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -904,7 +904,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -973,7 +973,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1030,7 +1030,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1088,7 +1088,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1146,7 +1146,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1211,7 +1211,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1274,7 +1274,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1337,7 +1337,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1394,7 +1394,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1457,7 +1457,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1522,7 +1522,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1591,7 +1591,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1660,7 +1660,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1729,7 +1729,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1798,7 +1798,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1867,7 +1867,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1936,7 +1936,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2005,7 +2005,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2068,7 +2068,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2137,7 +2137,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2195,7 +2195,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2260,7 +2260,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2329,7 +2329,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2398,7 +2398,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2467,7 +2467,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2525,7 +2525,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2583,7 +2583,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2641,7 +2641,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2706,7 +2706,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2769,7 +2769,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2832,7 +2832,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2890,7 +2890,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2948,7 +2948,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3013,7 +3013,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3071,7 +3071,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3134,7 +3134,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3199,7 +3199,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3266,7 +3266,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3333,7 +3333,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3395,7 +3395,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3453,7 +3453,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3511,7 +3511,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3569,7 +3569,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3632,7 +3632,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3695,7 +3695,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3760,7 +3760,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3818,7 +3818,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3882,7 +3882,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3940,7 +3940,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -4008,7 +4008,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -4076,7 +4076,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -4141,7 +4141,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -4210,7 +4210,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -4275,7 +4275,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -4340,7 +4340,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -4405,7 +4405,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -4470,7 +4470,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -4533,7 +4533,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -4591,7 +4591,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -4649,7 +4649,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -4714,7 +4714,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -4779,7 +4779,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -4837,7 +4837,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -4902,7 +4902,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -4960,7 +4960,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -5018,7 +5018,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -5076,7 +5076,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -5134,7 +5134,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -5199,7 +5199,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -5266,7 +5266,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -5324,7 +5324,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -5389,7 +5389,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -5447,7 +5447,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -5505,7 +5505,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -5563,7 +5563,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -5621,7 +5621,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -5679,7 +5679,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -5737,7 +5737,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -5795,7 +5795,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -5853,7 +5853,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -5911,7 +5911,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -5978,7 +5978,7 @@ ADMX Info: - + @@ -6011,7 +6011,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -6069,7 +6069,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -6127,7 +6127,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -6185,7 +6185,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -6250,7 +6250,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -6308,7 +6308,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -6366,7 +6366,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -6424,7 +6424,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -6489,7 +6489,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -6554,7 +6554,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -6617,7 +6617,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -6682,7 +6682,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -6747,7 +6747,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -6812,7 +6812,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -6877,7 +6877,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -6944,7 +6944,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -7009,7 +7009,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -7067,7 +7067,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -7134,7 +7134,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -7192,7 +7192,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -7257,7 +7257,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -7322,7 +7322,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -7387,7 +7387,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -7450,7 +7450,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -7515,7 +7515,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -7580,7 +7580,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -7645,7 +7645,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -7710,7 +7710,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -7777,7 +7777,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -7842,7 +7842,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -7900,7 +7900,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -7967,7 +7967,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -8025,7 +8025,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -8090,7 +8090,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -8155,7 +8155,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -8220,7 +8220,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -8283,7 +8283,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -8348,7 +8348,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -8413,7 +8413,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -8478,7 +8478,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -8543,7 +8543,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -8610,7 +8610,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -8675,7 +8675,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -8742,7 +8742,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -8800,7 +8800,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -8865,7 +8865,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -8930,7 +8930,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -8995,7 +8995,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -9058,7 +9058,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -9123,7 +9123,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -9188,7 +9188,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -9253,7 +9253,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -9318,7 +9318,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -9385,7 +9385,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -9450,7 +9450,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -9517,7 +9517,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -9582,7 +9582,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -9647,7 +9647,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -9712,7 +9712,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -9775,7 +9775,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -9840,7 +9840,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -9905,7 +9905,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -9970,7 +9970,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -10035,7 +10035,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -10102,7 +10102,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -10167,7 +10167,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -10234,7 +10234,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -10292,7 +10292,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -10357,7 +10357,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -10422,7 +10422,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -10487,7 +10487,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -10550,7 +10550,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -10615,7 +10615,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -10680,7 +10680,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -10745,7 +10745,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -10810,7 +10810,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -10877,7 +10877,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -10942,7 +10942,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -11009,7 +11009,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -11067,7 +11067,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -11132,7 +11132,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -11197,7 +11197,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -11262,7 +11262,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -11325,7 +11325,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -11390,7 +11390,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -11455,7 +11455,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -11520,7 +11520,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -11585,7 +11585,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -11652,7 +11652,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -11717,7 +11717,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -11784,7 +11784,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -11842,7 +11842,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -11907,7 +11907,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -11965,7 +11965,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -12023,7 +12023,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -12081,7 +12081,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -12139,7 +12139,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -12197,7 +12197,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -12255,7 +12255,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -12313,7 +12313,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -12371,7 +12371,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -12429,7 +12429,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -12494,7 +12494,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -12552,7 +12552,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -12617,7 +12617,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -12680,7 +12680,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -12738,7 +12738,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -12796,7 +12796,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -12854,7 +12854,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -12912,7 +12912,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -12977,7 +12977,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -13042,7 +13042,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -13100,7 +13100,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -13158,7 +13158,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -13223,7 +13223,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -13281,7 +13281,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -13339,7 +13339,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -13397,7 +13397,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -13455,7 +13455,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -13520,7 +13520,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -13587,7 +13587,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -13645,7 +13645,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -13710,7 +13710,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -13768,7 +13768,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -13826,7 +13826,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -13884,7 +13884,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -13942,7 +13942,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -14000,7 +14000,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -14058,7 +14058,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -14116,7 +14116,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -14174,7 +14174,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -14241,7 +14241,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -14299,7 +14299,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -14357,7 +14357,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -14415,7 +14415,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -14480,7 +14480,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -14538,7 +14538,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -14596,7 +14596,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -14654,7 +14654,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -14712,7 +14712,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -14770,7 +14770,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -14828,7 +14828,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -14886,7 +14886,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -14944,7 +14944,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -15007,7 +15007,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -15064,7 +15064,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -15122,7 +15122,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -15187,7 +15187,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -15252,7 +15252,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -15315,7 +15315,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -15380,7 +15380,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -15445,7 +15445,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -15510,7 +15510,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -15575,7 +15575,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -15642,7 +15642,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -15707,7 +15707,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -15765,7 +15765,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -15832,7 +15832,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -15890,7 +15890,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-kerberos.md b/windows/client-management/mdm/policy-csp-kerberos.md index 66c8d28294..7a2e9f901b 100644 --- a/windows/client-management/mdm/policy-csp-kerberos.md +++ b/windows/client-management/mdm/policy-csp-kerberos.md @@ -64,7 +64,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -126,7 +126,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -187,7 +187,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -253,7 +253,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -315,7 +315,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-kioskbrowser.md b/windows/client-management/mdm/policy-csp-kioskbrowser.md index eba4551112..769c55b3dd 100644 --- a/windows/client-management/mdm/policy-csp-kioskbrowser.md +++ b/windows/client-management/mdm/policy-csp-kioskbrowser.md @@ -69,7 +69,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -113,7 +113,7 @@ Added in Windows 10, next major update. List of exceptions to the blocked websit - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -157,7 +157,7 @@ Added in Windows 10, next major update. List of blocked website URLs (with wildc - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -201,7 +201,7 @@ Added in Windows 10, next major update. Configures the default URL kiosk browser - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -245,7 +245,7 @@ Added in Windows 10, next major update. Enable/disable kiosk browser's home butt - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -289,7 +289,7 @@ Added in Windows 10, next major update. Enable/disable kiosk browser's navigatio - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-licensing.md b/windows/client-management/mdm/policy-csp-licensing.md index 8cd5d7c7a9..28751d2800 100644 --- a/windows/client-management/mdm/policy-csp-licensing.md +++ b/windows/client-management/mdm/policy-csp-licensing.md @@ -55,7 +55,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -105,7 +105,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md index 79fc96e412..d142ceb56a 100644 --- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md +++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md @@ -216,7 +216,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -274,7 +274,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -329,7 +329,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -381,7 +381,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -441,7 +441,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -490,7 +490,7 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -539,7 +539,7 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -589,7 +589,7 @@ Disabling this policy may tempt users to try and physically remove the laptop fr - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -639,7 +639,7 @@ Default: This policy is not defined and only Administrators have this ability. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -691,7 +691,7 @@ This setting does not affect the ability to add a local printer. This setting do - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -740,7 +740,7 @@ Default: This policy is not defined and CD-ROM access is not restricted to the l - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -800,7 +800,7 @@ Logon information transmitted over the secure channel is always encrypted regard - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -857,7 +857,7 @@ Note: Domain controllers are also domain members and establish secure channels w - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -908,7 +908,7 @@ Default: Enabled. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -960,7 +960,7 @@ This setting should not be used in an attempt to support dual-boot scenarios tha - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1011,7 +1011,7 @@ This setting applies to Windows 2000 computers, but it is not available through - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1073,7 +1073,7 @@ In order to take advantage of this policy on domain controllers, all domain cont - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1123,7 +1123,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1178,7 +1178,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1234,7 +1234,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1291,7 +1291,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1343,7 +1343,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1394,7 +1394,7 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1443,7 +1443,7 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1507,7 +1507,7 @@ On Windows Vista and above: For this setting to work, the Smart Card Removal Pol - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1572,7 +1572,7 @@ For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1634,7 +1634,7 @@ For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1683,7 +1683,7 @@ Default: Disabled. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1734,7 +1734,7 @@ Default:This policy is not defined, which means that the system treats it as 15 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1808,7 +1808,7 @@ For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1874,7 +1874,7 @@ For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1933,7 +1933,7 @@ This policy has no impact on domain controllers. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1982,7 +1982,7 @@ Default: Disabled. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2033,7 +2033,7 @@ Default: Disabled. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2082,7 +2082,7 @@ Default: Enabled. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2131,7 +2131,7 @@ This policy is supported on at least Windows Server 2016. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2188,7 +2188,7 @@ Note: Windows Vista or Windows Server 2008 do not expose this setting in Group P - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2239,7 +2239,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2293,7 +2293,7 @@ This setting can affect the ability of computers running Windows 2000 Server, Wi - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2362,7 +2362,7 @@ Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: Send - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2416,7 +2416,7 @@ Windows 7 and Windows Server 2008 R2: Require 128-bit encryption - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2470,7 +2470,7 @@ Windows 7 and Windows Server 2008 R2: Require 128-bit encryption - + Recovery console: Allow automatic administrative logon @@ -2513,7 +2513,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2570,7 +2570,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2621,7 +2621,7 @@ Default: Disabled. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2670,7 +2670,7 @@ Default: Enabled. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2726,7 +2726,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2787,7 +2787,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2841,7 +2841,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2892,7 +2892,7 @@ Disabled: Application installation packages are not detected and prompted for el - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2943,7 +2943,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3000,7 +3000,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3052,7 +3052,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3103,7 +3103,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3154,7 +3154,7 @@ The options are: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-location.md b/windows/client-management/mdm/policy-csp-location.md index 533c3d2f12..f5a62a9471 100644 --- a/windows/client-management/mdm/policy-csp-location.md +++ b/windows/client-management/mdm/policy-csp-location.md @@ -52,7 +52,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-lockdown.md b/windows/client-management/mdm/policy-csp-lockdown.md index d42f28adb1..38165bb182 100644 --- a/windows/client-management/mdm/policy-csp-lockdown.md +++ b/windows/client-management/mdm/policy-csp-lockdown.md @@ -52,7 +52,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-maps.md b/windows/client-management/mdm/policy-csp-maps.md index 178bc58f12..d4c5ac8af2 100644 --- a/windows/client-management/mdm/policy-csp-maps.md +++ b/windows/client-management/mdm/policy-csp-maps.md @@ -55,7 +55,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -108,7 +108,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-messaging.md b/windows/client-management/mdm/policy-csp-messaging.md index a7f3f8050a..a10d85a033 100644 --- a/windows/client-management/mdm/policy-csp-messaging.md +++ b/windows/client-management/mdm/policy-csp-messaging.md @@ -58,7 +58,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -109,7 +109,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -157,7 +157,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-networkisolation.md b/windows/client-management/mdm/policy-csp-networkisolation.md index bbbe2fb3fa..1e104d4c8a 100644 --- a/windows/client-management/mdm/policy-csp-networkisolation.md +++ b/windows/client-management/mdm/policy-csp-networkisolation.md @@ -73,7 +73,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -116,7 +116,7 @@ Contains a list of Enterprise resource domains hosted in the cloud that need to - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -172,7 +172,7 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -215,7 +215,7 @@ Boolean value that tells the client to accept the configured list and not to use - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -258,7 +258,7 @@ This is the comma-separated list of internal proxy servers. For example "157.54. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -311,7 +311,7 @@ Here are the steps to create canonical domain names: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -354,7 +354,7 @@ This is a comma-separated list of proxy servers. Any server on this list is cons - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -397,7 +397,7 @@ Boolean value that tells the client to accept the configured list of proxies and - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md index 767c680221..d9bb95050c 100644 --- a/windows/client-management/mdm/policy-csp-notifications.md +++ b/windows/client-management/mdm/policy-csp-notifications.md @@ -52,7 +52,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md index 8de63327aa..7ea180fcf7 100644 --- a/windows/client-management/mdm/policy-csp-power.md +++ b/windows/client-management/mdm/policy-csp-power.md @@ -76,7 +76,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -138,7 +138,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -202,7 +202,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -266,7 +266,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -331,7 +331,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -395,7 +395,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -457,7 +457,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -519,7 +519,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -583,7 +583,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-printers.md b/windows/client-management/mdm/policy-csp-printers.md index e6535304b1..709afa0ddb 100644 --- a/windows/client-management/mdm/policy-csp-printers.md +++ b/windows/client-management/mdm/policy-csp-printers.md @@ -58,7 +58,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -133,7 +133,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -208,7 +208,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md index 79f182b572..8ab600b9d8 100644 --- a/windows/client-management/mdm/policy-csp-privacy.md +++ b/windows/client-management/mdm/policy-csp-privacy.md @@ -280,7 +280,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -336,7 +336,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -388,7 +388,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -441,7 +441,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -491,7 +491,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -542,7 +542,7 @@ Most restricted value is 2. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -585,7 +585,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -628,7 +628,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -671,7 +671,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -722,7 +722,7 @@ Most restricted value is 2. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -765,7 +765,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -808,7 +808,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -851,7 +851,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -902,7 +902,7 @@ Most restricted value is 2. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -945,7 +945,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -988,7 +988,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1031,7 +1031,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1082,7 +1082,7 @@ Most restricted value is 2. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1125,7 +1125,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1168,7 +1168,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1211,7 +1211,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1262,7 +1262,7 @@ Most restricted value is 2. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1305,7 +1305,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1348,7 +1348,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1391,7 +1391,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1442,7 +1442,7 @@ Most restricted value is 2. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1485,7 +1485,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1528,7 +1528,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1571,7 +1571,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1622,7 +1622,7 @@ Most restricted value is 2. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1665,7 +1665,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1708,7 +1708,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1751,7 +1751,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1802,7 +1802,7 @@ Most restricted value is 2. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1845,7 +1845,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1888,7 +1888,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1931,7 +1931,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1982,7 +1982,7 @@ Most restricted value is 2. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2025,7 +2025,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2068,7 +2068,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2111,7 +2111,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2162,7 +2162,7 @@ Most restricted value is 2. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2205,7 +2205,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2248,7 +2248,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2291,7 +2291,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2342,7 +2342,7 @@ Most restricted value is 2. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2385,7 +2385,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2428,7 +2428,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2471,7 +2471,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2522,7 +2522,7 @@ Most restricted value is 2. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2565,7 +2565,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2608,7 +2608,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2651,7 +2651,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2702,7 +2702,7 @@ Most restricted value is 2. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2745,7 +2745,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2788,7 +2788,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2831,7 +2831,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2874,7 +2874,7 @@ Added in Windows 10, version 1703. Specifies whether Windows apps can access tas - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2917,7 +2917,7 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family N - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2960,7 +2960,7 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family N - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3003,7 +3003,7 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family N - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3054,7 +3054,7 @@ Most restricted value is 2. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3097,7 +3097,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3140,7 +3140,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3183,7 +3183,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3234,7 +3234,7 @@ Most restricted value is 2. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3277,7 +3277,7 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3320,7 +3320,7 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3363,7 +3363,7 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3416,7 +3416,7 @@ Most restricted value is 2. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3459,7 +3459,7 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3502,7 +3502,7 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3545,7 +3545,7 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3596,7 +3596,7 @@ Most restricted value is 2. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3639,7 +3639,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3682,7 +3682,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3725,7 +3725,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-remoteassistance.md b/windows/client-management/mdm/policy-csp-remoteassistance.md index 25c6878ae9..1cf07a4456 100644 --- a/windows/client-management/mdm/policy-csp-remoteassistance.md +++ b/windows/client-management/mdm/policy-csp-remoteassistance.md @@ -61,7 +61,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -129,7 +129,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -193,7 +193,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -265,7 +265,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md index 1ff2a93cea..2c808afadf 100644 --- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md +++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md @@ -67,7 +67,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -135,7 +135,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -207,7 +207,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -273,7 +273,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -335,7 +335,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -403,7 +403,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-remotemanagement.md b/windows/client-management/mdm/policy-csp-remotemanagement.md index 762edfe54e..141fbaed7e 100644 --- a/windows/client-management/mdm/policy-csp-remotemanagement.md +++ b/windows/client-management/mdm/policy-csp-remotemanagement.md @@ -94,7 +94,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -151,7 +151,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -208,7 +208,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -265,7 +265,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -322,7 +322,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -379,7 +379,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -436,7 +436,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -493,7 +493,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -550,7 +550,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -607,7 +607,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -664,7 +664,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -721,7 +721,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -778,7 +778,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -835,7 +835,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -892,7 +892,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md index 12189ebcb2..6038112891 100644 --- a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md +++ b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md @@ -55,7 +55,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -121,7 +121,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-remoteshell.md b/windows/client-management/mdm/policy-csp-remoteshell.md index bb014aba29..d1a746424c 100644 --- a/windows/client-management/mdm/policy-csp-remoteshell.md +++ b/windows/client-management/mdm/policy-csp-remoteshell.md @@ -70,7 +70,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -127,7 +127,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -184,7 +184,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -241,7 +241,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -298,7 +298,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -355,7 +355,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -412,7 +412,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md index 8a9ea5fa7c..6aac1d55e9 100644 --- a/windows/client-management/mdm/policy-csp-search.md +++ b/windows/client-management/mdm/policy-csp-search.md @@ -93,7 +93,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -141,7 +141,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -191,7 +191,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -247,7 +247,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -319,7 +319,7 @@ This policy has been deprecated. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -369,7 +369,7 @@ Most restricted value is 0. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -412,7 +412,7 @@ Allow Windows indexer. Value type is integer. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -462,7 +462,7 @@ Most restricted value is 0. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -510,7 +510,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -562,7 +562,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -617,7 +617,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -669,7 +669,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -717,7 +717,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md index ac48498127..7ee5db3300 100644 --- a/windows/client-management/mdm/policy-csp-security.md +++ b/windows/client-management/mdm/policy-csp-security.md @@ -84,7 +84,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -134,7 +134,7 @@ The following list shows the supported values: - + > [!NOTE] > This policy has been deprecated in Windows 10, version 1607 @@ -182,7 +182,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -238,7 +238,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -288,7 +288,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -342,7 +342,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -395,7 +395,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -449,7 +449,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -503,7 +503,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -556,7 +556,7 @@ Most restricted value is 1. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -604,7 +604,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md index f80b9cac01..f5a811c564 100644 --- a/windows/client-management/mdm/policy-csp-settings.md +++ b/windows/client-management/mdm/policy-csp-settings.md @@ -93,7 +93,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -150,7 +150,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -200,7 +200,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -250,7 +250,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -300,7 +300,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -354,7 +354,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -399,7 +399,7 @@ If disabled, Settings will not contact Microsoft content services to retrieve ti - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -453,7 +453,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -507,7 +507,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -561,7 +561,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -611,7 +611,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -665,7 +665,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -715,7 +715,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -765,7 +765,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-smartscreen.md b/windows/client-management/mdm/policy-csp-smartscreen.md index c487c7699c..27398259c1 100644 --- a/windows/client-management/mdm/policy-csp-smartscreen.md +++ b/windows/client-management/mdm/policy-csp-smartscreen.md @@ -58,7 +58,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -108,7 +108,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -158,7 +158,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-speech.md b/windows/client-management/mdm/policy-csp-speech.md index 6da3005afa..2c38f752bb 100644 --- a/windows/client-management/mdm/policy-csp-speech.md +++ b/windows/client-management/mdm/policy-csp-speech.md @@ -52,7 +52,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md index af43f0bf48..fa95c2c0a3 100644 --- a/windows/client-management/mdm/policy-csp-start.md +++ b/windows/client-management/mdm/policy-csp-start.md @@ -136,7 +136,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -187,7 +187,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -238,7 +238,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -289,7 +289,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -340,7 +340,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -391,7 +391,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -442,7 +442,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -493,7 +493,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -544,7 +544,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -595,7 +595,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -646,7 +646,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -701,7 +701,7 @@ If there is policy configuration conflict, the latest configuration request is a - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -764,7 +764,7 @@ To validate on Desktop, do the following: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -819,7 +819,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -881,7 +881,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -939,7 +939,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -994,7 +994,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1039,7 +1039,7 @@ Value type is integer. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1097,7 +1097,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1162,7 +1162,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1224,7 +1224,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1279,7 +1279,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1334,7 +1334,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1389,7 +1389,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1444,7 +1444,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1499,7 +1499,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1558,7 +1558,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1616,7 +1616,7 @@ To validate on Desktop, do the following: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1674,7 +1674,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md index f7c55ff050..62c833ad36 100644 --- a/windows/client-management/mdm/policy-csp-storage.md +++ b/windows/client-management/mdm/policy-csp-storage.md @@ -55,7 +55,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -106,7 +106,7 @@ Value type is integer. - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index eb2ff5cb90..e8c1f500f6 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -96,7 +96,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -151,7 +151,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -203,7 +203,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -257,7 +257,7 @@ Most restricted value is 0. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -320,7 +320,7 @@ To verify if System/AllowFontProviders is set to true: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -377,7 +377,7 @@ For example, an app's original Location setting is Off. The administrator then s - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -429,7 +429,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -548,7 +548,7 @@ Most restricted value is 0. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -601,7 +601,7 @@ orted values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -657,7 +657,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -700,7 +700,7 @@ This policy setting blocks the Connected User Experience and Telemetry service f - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -764,7 +764,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -832,7 +832,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -882,7 +882,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -938,7 +938,7 @@ If you disable or do not configure this policy setting, then the level of diagno - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-systemservices.md b/windows/client-management/mdm/policy-csp-systemservices.md index 121c82b0ca..e717d43451 100644 --- a/windows/client-management/mdm/policy-csp-systemservices.md +++ b/windows/client-management/mdm/policy-csp-systemservices.md @@ -69,7 +69,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -112,7 +112,7 @@ Added in Windows 10, next major update. This setting determines whether the serv - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -155,7 +155,7 @@ Added in Windows 10, next major update. This setting determines whether the serv - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -198,7 +198,7 @@ Added in Windows 10, next major update. This setting determines whether the serv - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -241,7 +241,7 @@ Added in Windows 10, next major update. This setting determines whether the serv - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -284,7 +284,7 @@ Added in Windows 10, next major update. This setting determines whether the serv - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-taskscheduler.md b/windows/client-management/mdm/policy-csp-taskscheduler.md index 9f01af6518..0da5ed456d 100644 --- a/windows/client-management/mdm/policy-csp-taskscheduler.md +++ b/windows/client-management/mdm/policy-csp-taskscheduler.md @@ -54,7 +54,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md index c9ef2af75d..7b2956f975 100644 --- a/windows/client-management/mdm/policy-csp-textinput.md +++ b/windows/client-management/mdm/policy-csp-textinput.md @@ -93,7 +93,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -149,7 +149,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -205,7 +205,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -261,7 +261,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -315,7 +315,7 @@ Most restricted value is 0. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -371,7 +371,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -427,7 +427,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -483,7 +483,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -555,7 +555,7 @@ This policy has been deprecated. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -611,7 +611,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -667,7 +667,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -719,7 +719,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -771,7 +771,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md index ae92f571db..ddda234337 100644 --- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md +++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md @@ -52,7 +52,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index 2b7ed79caf..d6e49b9bb0 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -195,7 +195,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -245,7 +245,7 @@ The default is 17 (5 PM). - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -292,7 +292,7 @@ The default value is 18 (hours). - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -342,7 +342,7 @@ The default value is 8 (8 AM). - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -402,7 +402,7 @@ If the policy is not configured, end-users get the default behavior (Auto instal - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -456,7 +456,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -504,7 +504,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -558,7 +558,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -615,7 +615,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -662,7 +662,7 @@ The default value is 7 days. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -711,7 +711,7 @@ Supported values are 15, 30, 60, 120, and 240 (minutes). - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -759,7 +759,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -812,7 +812,7 @@ The following list shows the supported values: - + Added in Windows 10, next major update. Enable IT admin to configure feature update uninstall period. Values range 2 - 60 days. Default is 10 days. @@ -846,7 +846,7 @@ Added in Windows 10, next major update. Enable IT admin to configure feature up - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -896,7 +896,7 @@ Supported values are 0-365 days. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -941,7 +941,7 @@ Supported values are 0-30. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1077,7 +1077,7 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1132,7 +1132,7 @@ If the "Allow Telemetry" policy is enabled and the Options value is set to 0, th - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1175,7 +1175,7 @@ Added in Windows 10, version 1703. Specifies the scan frequency from every 1 - 2 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1231,7 +1231,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1278,7 +1278,7 @@ The default value is 0 days (not specified). - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1325,7 +1325,7 @@ The default value is 3 days. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1372,7 +1372,7 @@ The default value is 7 days. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1423,7 +1423,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1474,7 +1474,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1539,7 +1539,7 @@ To validate this policy: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1601,7 +1601,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1650,7 +1650,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1706,7 +1706,7 @@ If the "Allow Telemetry" policy is enabled and the Options value is set to 0, th - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1757,7 +1757,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1802,7 +1802,7 @@ Value type is string. Supported operations are Add, Get, Delete, and Replace. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1850,7 +1850,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1906,7 +1906,7 @@ This policy is deprecated. Use [Update/RequireUpdateApproval](#update-requireupd - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1958,7 +1958,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2012,7 +2012,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2061,7 +2061,7 @@ Supported values are 15, 30, or 60 (minutes). - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2114,7 +2114,7 @@ Supported values are 2, 4, 8, 12, or 24 (hours). - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2172,7 +2172,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2219,7 +2219,7 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2266,7 +2266,7 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2313,7 +2313,7 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2360,7 +2360,7 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2407,7 +2407,7 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2462,7 +2462,7 @@ The default value is 3. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2510,7 +2510,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2558,7 +2558,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2629,7 +2629,7 @@ Example - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md index 6e21e25c40..53cf96c3f3 100644 --- a/windows/client-management/mdm/policy-csp-userrights.md +++ b/windows/client-management/mdm/policy-csp-userrights.md @@ -138,7 +138,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -181,7 +181,7 @@ This user right is used by Credential Manager during Backup/Restore. No accounts - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -224,7 +224,7 @@ This user right determines which users and groups are allowed to connect to the - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -267,7 +267,7 @@ This user right allows a process to impersonate any user without authentication. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -310,7 +310,7 @@ This user right determines which users can log on to the computer. Note: Modifyi - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -353,7 +353,7 @@ This user right determines which users can bypass file, directory, registry, and - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -396,7 +396,7 @@ This user right determines which users and groups can change the time and date o - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -439,7 +439,7 @@ This security setting determines whether users can create global objects that ar - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -482,7 +482,7 @@ This user right determines which users and groups can call an internal applicati - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -525,7 +525,7 @@ This user right determines which accounts can be used by processes to create a d - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -568,7 +568,7 @@ This user right determines if the user can create a symbolic link from the compu - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -611,7 +611,7 @@ This user right determines which accounts can be used by processes to create a t - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -654,7 +654,7 @@ This user right determines which users can attach a debugger to any process or t - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -697,7 +697,7 @@ This user right determines which users are prevented from accessing a computer o - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -740,7 +740,7 @@ This security setting determines which service accounts are prevented from regis - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -783,7 +783,7 @@ This user right determines which users and groups are prohibited from logging on - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -826,7 +826,7 @@ This user right determines which users can set the Trusted for Delegation settin - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -869,7 +869,7 @@ This user right determines which accounts can be used by a process to add entrie - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -916,7 +916,7 @@ Because of these factors, users do not usually need this user right. Warning: If - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -959,7 +959,7 @@ This user right determines which accounts can use a process with Write Property - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1002,7 +1002,7 @@ This user right determines which users can dynamically load and unload device dr - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1045,7 +1045,7 @@ This user right determines which accounts can use a process to keep data in phys - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1088,7 +1088,7 @@ This user right determines which users can specify object access auditing option - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1131,7 +1131,7 @@ This user right determines which users and groups can run maintenance tasks on a - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1174,7 +1174,7 @@ This user right determines who can modify firmware environment values. Firmware - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1217,7 +1217,7 @@ This user right determines which user accounts can modify the integrity label of - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1260,7 +1260,7 @@ This user right determines which users can use performance monitoring tools to m - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1303,7 +1303,7 @@ This user right determines which users are allowed to shut down a computer from - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1346,7 +1346,7 @@ This user right determines which users can bypass file, directory, registry, and - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-wifi.md b/windows/client-management/mdm/policy-csp-wifi.md index 75609b7de1..5d27b9d4f0 100644 --- a/windows/client-management/mdm/policy-csp-wifi.md +++ b/windows/client-management/mdm/policy-csp-wifi.md @@ -81,7 +81,7 @@ This policy has been deprecated. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -133,7 +133,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -185,7 +185,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -240,7 +240,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -292,7 +292,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -342,7 +342,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md index 084f29982c..78fb5ed4b9 100644 --- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md +++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md @@ -108,7 +108,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -153,7 +153,7 @@ Value type is string. Supported operations are Add, Get, Replace and Delete. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -201,7 +201,7 @@ Valid values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -253,7 +253,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -301,7 +301,7 @@ Valid values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -356,7 +356,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -408,7 +408,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -460,7 +460,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -512,7 +512,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -564,7 +564,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -616,7 +616,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -668,7 +668,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -713,7 +713,7 @@ Value type is string. Supported operations are Add, Get, Replace and Delete. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -765,7 +765,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -817,7 +817,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -865,7 +865,7 @@ Valid values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -913,7 +913,7 @@ Valid values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -961,7 +961,7 @@ Valid values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1006,7 +1006,7 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete. - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md index 11511b33b1..eda04ac82d 100644 --- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md +++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md @@ -55,7 +55,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -105,7 +105,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md index 685f5e228e..e0a364f38a 100644 --- a/windows/client-management/mdm/policy-csp-windowslogon.md +++ b/windows/client-management/mdm/policy-csp-windowslogon.md @@ -58,7 +58,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -120,7 +120,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -182,7 +182,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md index 0ef62935e1..e7c65f476a 100644 --- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md +++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md @@ -73,7 +73,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -123,7 +123,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -173,7 +173,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -223,7 +223,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -273,7 +273,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -327,7 +327,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -404,7 +404,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): From b56cd0d2d221189e2db7546f6223e48e8899085d Mon Sep 17 00:00:00 2001 From: Nicholas Brower Date: Mon, 29 Jan 2018 23:51:03 +0000 Subject: [PATCH 041/109] Merged PR 5577: best effort tokenization of Policy CSP (by automation) --- .../mdm/policy-csp-applicationdefaults.md | 4 +- .../mdm/policy-csp-applicationmanagement.md | 18 +- .../mdm/policy-csp-browser.md | 145 +++++++----- .../mdm/policy-csp-cryptography.md | 4 +- .../mdm/policy-csp-defender.md | 99 ++++++-- .../mdm/policy-csp-devicelock.md | 104 ++++++--- .../mdm/policy-csp-display.md | 8 +- .../mdm/policy-csp-experience.md | 8 +- .../mdm/policy-csp-exploitguard.md | 4 +- ...policy-csp-localpoliciessecurityoptions.md | 108 ++++++--- .../mdm/policy-csp-location.md | 6 +- .../mdm/policy-csp-messaging.md | 12 +- .../mdm/policy-csp-privacy.md | 157 ++++++++----- .../mdm/policy-csp-search.md | 47 ++-- .../mdm/policy-csp-security.md | 34 ++- .../mdm/policy-csp-settings.md | 8 +- .../client-management/mdm/policy-csp-start.md | 221 ++++++++++-------- .../mdm/policy-csp-storage.md | 9 +- .../mdm/policy-csp-system.md | 40 ++-- .../mdm/policy-csp-textinput.md | 35 ++- .../mdm/policy-csp-update.md | 93 +++++--- ...olicy-csp-windowsdefendersecuritycenter.md | 20 +- .../mdm/policy-csp-windowsinkworkspace.md | 4 +- .../mdm/policy-csp-windowslogon.md | 12 +- 24 files changed, 784 insertions(+), 416 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md index 9016bca75e..2889bb4f2a 100644 --- a/windows/client-management/mdm/policy-csp-applicationdefaults.md +++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md @@ -67,6 +67,8 @@ Added in Windows 10, version 1703. This policy allows an administrator to set de If policy is enabled and the client machine is Azure Active Directory joined, the associations assigned in SyncML will be processed and default associations will be applied. + + To create create the SyncML, follow these steps:
    1. Install a few apps and change your defaults.
    2. @@ -119,7 +121,7 @@ Here is the SyncMl example: ``` - +
      diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md index a28201a263..1ca01c5a3f 100644 --- a/windows/client-management/mdm/policy-csp-applicationmanagement.md +++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md @@ -148,14 +148,17 @@ The following list shows the supported values: Specifies whether automatic update of apps from Microsoft Store are allowed. + +Most restricted value is 0. + + + The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. -Most restricted value is 0. - - +
      @@ -525,14 +528,17 @@ The following list shows the supported values: Allows disabling of the retail catalog and only enables the Private store. + +Most restricted value is 1. + + + The following list shows the supported values: - 0 (default) – Allow both public and Private store. - 1 – Only Private store is enabled. -Most restricted value is 1. - - +
      diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md index 07b993c521..51ca199a31 100644 --- a/windows/client-management/mdm/policy-csp-browser.md +++ b/windows/client-management/mdm/policy-csp-browser.md @@ -237,13 +237,6 @@ Specifies whether autofill on websites is allowed. Most restricted value is 0. -To verify AllowAutofill is set to 0 (not allowed): - -1. Open Microsoft Edge. -2. In the upper-right corner of the browser, click **…**. -3. Click **Settings** in the drop down list, and select **View Advanced Settings**. -4. Verify the setting **Save form entries** is greyed out. - The following list shows the supported values: @@ -252,6 +245,15 @@ The following list shows the supported values: - 1 (default) – Allowed. + +To verify AllowAutofill is set to 0 (not allowed): + +1. Open Microsoft Edge. +2. In the upper-right corner of the browser, click **…**. +3. Click **Settings** in the drop down list, and select **View Advanced Settings**. +4. Verify the setting **Save form entries** is greyed out. + +
      @@ -354,13 +356,18 @@ The following list shows the supported values: Specifies whether cookies are allowed. + +Most restricted value is 0. + + + The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. -Most restricted value is 0. - + + To verify AllowCookies is set to 0 (not allowed): 1. Open Microsoft Edge or Microsoft Edge for Windows 10 Mobile. @@ -368,7 +375,7 @@ To verify AllowCookies is set to 0 (not allowed): 3. Click **Settings** in the drop down list, and select **View Advanced Settings**. 4. Verify the setting **Cookies** is greyed out. - +
      @@ -471,13 +478,6 @@ Specifies whether Do Not Track headers are allowed. Most restricted value is 1. -To verify AllowDoNotTrack is set to 0 (not allowed): - -1. Open Microsoft Edge or Microsoft Edge for Windows 10 Mobile. -2. In the upper-right corner of the browser, click **…**. -3. Click **Settings** in the drop down list, and select **View Advanced Settings**. -4. Verify the setting **Send Do Not Track requests** is greyed out. - The following list shows the supported values: @@ -486,6 +486,15 @@ The following list shows the supported values: - 1 – Allowed. + +To verify AllowDoNotTrack is set to 0 (not allowed): + +1. Open Microsoft Edge or Microsoft Edge for Windows 10 Mobile. +2. In the upper-right corner of the browser, click **…**. +3. Click **Settings** in the drop down list, and select **View Advanced Settings**. +4. Verify the setting **Send Do Not Track requests** is greyed out. + +
      @@ -793,13 +802,6 @@ Specifies whether saving and managing passwords locally on the device is allowed Most restricted value is 0. -To verify AllowPasswordManager is set to 0 (not allowed): - -1. Open Microsoft Edge or Microsoft Edge for Windows 10 Mobile. -2. In the upper-right corner of the browser, click **…**. -3. Click **Settings** in the drop down list, and select **View Advanced Settings**. -4. Verify the settings **Offer to save password** and **Manage my saved passwords** are greyed out. - The following list shows the supported values: @@ -808,6 +810,15 @@ The following list shows the supported values: - 1 (default) – Allowed. + +To verify AllowPasswordManager is set to 0 (not allowed): + +1. Open Microsoft Edge or Microsoft Edge for Windows 10 Mobile. +2. In the upper-right corner of the browser, click **…**. +3. Click **Settings** in the drop down list, and select **View Advanced Settings**. +4. Verify the settings **Offer to save password** and **Manage my saved passwords** are greyed out. + +
      @@ -853,13 +864,6 @@ Specifies whether pop-up blocker is allowed or enabled. Most restricted value is 1. -To verify AllowPopups is set to 0 (not allowed): - -1. Open Microsoft Edge. -2. In the upper-right corner of the browser, click **…**. -3. Click **Settings** in the drop down list, and select **View Advanced Settings**. -4. Verify the setting **Block pop-ups** is greyed out. - The following list shows the supported values: @@ -868,6 +872,15 @@ The following list shows the supported values: - 1 – Pop-up blocker is allowed or enabled. It means that pop-up browser windows are blocked. + +To verify AllowPopups is set to 0 (not allowed): + +1. Open Microsoft Edge. +2. In the upper-right corner of the browser, click **…**. +3. Click **Settings** in the drop down list, and select **View Advanced Settings**. +4. Verify the setting **Block pop-ups** is greyed out. + +
      @@ -1021,13 +1034,6 @@ Specifies whether Windows Defender SmartScreen is allowed. Most restricted value is 1. -To verify AllowSmartScreen is set to 0 (not allowed): - -1. Open Microsoft Edge or Microsoft Edge for Windows 10 Mobile. -2. In the upper-right corner of the browser, click **…**. -3. Click **Settings** in the drop down list, and select **View Advanced Settings**. -4. Verify the setting **Help protect me from malicious sites and download with SmartScreen Filter** is greyed out. - The following list shows the supported values: @@ -1036,6 +1042,15 @@ The following list shows the supported values: - 1 (default) – Allowed. + +To verify AllowSmartScreen is set to 0 (not allowed): + +1. Open Microsoft Edge or Microsoft Edge for Windows 10 Mobile. +2. In the upper-right corner of the browser, click **…**. +3. Click **Settings** in the drop down list, and select **View Advanced Settings**. +4. Verify the setting **Help protect me from malicious sites and download with SmartScreen Filter** is greyed out. + +
      @@ -1132,12 +1147,6 @@ Added in Windows 10, version 1703. Specifies whether to clear browsing data on e Most restricted value is 1. -To verify that browsing data is cleared on exit (ClearBrowsingDataOnExit is set to 1): - -1. Open Microsoft Edge and browse to websites. -2. Close the Microsoft Edge window. -3. Open Microsoft Edge and start typing the same URL in address bar. Verify that it does not auto-complete from history. - The following list shows the supported values: @@ -1146,6 +1155,14 @@ The following list shows the supported values: - 1 – Browsing data is cleared on exit. + +To verify that browsing data is cleared on exit (ClearBrowsingDataOnExit is set to 1): + +1. Open Microsoft Edge and browse to websites. +2. Close the Microsoft Edge window. +3. Open Microsoft Edge and start typing the same URL in address bar. Verify that it does not auto-complete from history. + +
      @@ -1197,14 +1214,17 @@ If this setting is not configured, the search engines used are the ones that are > [!IMPORTANT] > Due to Protected Settings (aka.ms/browserpolicy), this setting will apply only on domain-joined machines or when the device is MDM-enrolled.  + +Most restricted value is 0. + + + The following list shows the supported values: - 0 (default) – Additional search engines are not allowed. - 1 – Additional search engines are allowed. -Most restricted value is 0. - - +
      @@ -1364,12 +1384,14 @@ The following list shows the supported values:   Allows the user to specify an URL of an enterprise site list. + + The following list shows the supported values: - Not configured. The device checks for updates from Microsoft Update. - Set to a URL location of the enterprise site list. - +
      @@ -2061,14 +2083,17 @@ If this setting is not configured, the default search engine is set to the one s > [!IMPORTANT] > This setting can be used only with domain-joined or MDM-enrolled devices. For more information, see the Microsoft browser extension policy (aka.ms/browserpolicy). + +Most restricted value is 0. + + + The following list shows the supported values: - 0 (default) - The default search engine is set to the one specified in App settings. - 1 - Allows you to configure the default search engine for your employees. -Most restricted value is 0. - - +
      @@ -2174,14 +2199,6 @@ Added in Windows 10, version 1703. Specifies whether favorites are kept in sync > > Enabling this setting stops Microsoft Edge favorites from syncing between connected Windows 10 devices. -To verify that favorites are in synchronized between Internet Explorer and Microsoft Edge: - -
        -
      1. Open Internet Explorer and add some favorites. -
      2. Open Microsoft Edge, then select Hub > Favorites. -
      3. Verify that the favorites added to Internet Explorer show up in the favorites list in Microsoft Edge. -
      - The following list shows the supported values: @@ -2190,6 +2207,16 @@ The following list shows the supported values: - 1 – Synchronization is on. + +To verify that favorites are in synchronized between Internet Explorer and Microsoft Edge: + +
        +
      1. Open Internet Explorer and add some favorites. +
      2. Open Microsoft Edge, then select Hub > Favorites. +
      3. Verify that the favorites added to Internet Explorer show up in the favorites list in Microsoft Edge. +
      + +
      diff --git a/windows/client-management/mdm/policy-csp-cryptography.md b/windows/client-management/mdm/policy-csp-cryptography.md index e35c21d6ee..2957dd9d77 100644 --- a/windows/client-management/mdm/policy-csp-cryptography.md +++ b/windows/client-management/mdm/policy-csp-cryptography.md @@ -68,12 +68,14 @@ ms.date: 01/29/2018 Allows or disallows the Federal Information Processing Standard (FIPS) policy. + + The following list shows the supported values: - 0 (default) – Not allowed. - 1– Allowed. - +
      diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index 1324fc9bf1..bcd17f7911 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -171,12 +171,14 @@ ms.date: 01/29/2018 Allows or disallows scanning of archives. + + The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. - +
      @@ -223,12 +225,14 @@ The following list shows the supported values:   Allows or disallows Windows Defender Behavior Monitoring functionality. + + The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. - +
      @@ -275,12 +279,14 @@ The following list shows the supported values: To best protect your PC, Windows Defender will send information to Microsoft about any problems it finds. Microsoft will analyze that information, learn more about problems affecting you and other customers, and offer improved solutions. + + The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. - +
      @@ -327,12 +333,14 @@ The following list shows the supported values: Allows or disallows scanning of email. + + The following list shows the supported values: - 0 (default) – Not allowed. - 1 – Allowed. - +
      @@ -379,12 +387,14 @@ The following list shows the supported values: Allows or disallows a full scan of mapped network drives. + + The following list shows the supported values: - 0 (default) – Not allowed. - 1 – Allowed. - +
      @@ -431,12 +441,14 @@ The following list shows the supported values: Allows or disallows a full scan of removable drives. + + The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. - +
      @@ -483,12 +495,14 @@ The following list shows the supported values:   Allows or disallows Windows Defender IOAVP Protection functionality. + + The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. - +
      @@ -535,12 +549,14 @@ The following list shows the supported values: Allows or disallows Windows Defender Intrusion Prevention functionality. + + The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. - +
      @@ -587,12 +603,14 @@ The following list shows the supported values: Allows or disallows Windows Defender On Access Protection functionality. + + The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. - +
      @@ -639,12 +657,14 @@ The following list shows the supported values: Allows or disallows Windows Defender Realtime Monitoring functionality. + + The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. - +
      @@ -691,12 +711,14 @@ The following list shows the supported values:   Allows or disallows a scanning of network files. + + The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. - +
      @@ -743,12 +765,14 @@ The following list shows the supported values: Allows or disallows Windows Defender Script Scanning functionality. + + The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. - +
      @@ -795,12 +819,14 @@ The following list shows the supported values: Allows or disallows user access to the Windows Defender UI. If disallowed, all Windows Defender notifications will also be suppressed. + + The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. - +
      @@ -947,11 +973,14 @@ Value type is string.   Represents the average CPU load factor for the Windows Defender scan (in percent). -Valid values: 0–100 The default value is 50. + +Valid values: 0–100 + +
      @@ -1206,11 +1235,14 @@ Added in Windows 10, version 1709. This policy settings allows adding user-speci   Time period (in days) that quarantine items will be stored on the system. -Valid values: 0–90 The default value is 0, which keeps items in quarantine, and does not automatically remove them. + +Valid values: 0–90 + +
      @@ -1518,13 +1550,15 @@ Each file type must be separated by a **|**. For example, "C:\\Example.exe|C:\\E Added in Windows 10, version 1607. Specifies the level of detection for potentially unwanted applications (PUAs). Windows Defender alerts you when potentially unwanted software is being downloaded or attempts to install itself on your computer. + + The following list shows the supported values: - 0 (default) – PUA Protection off. Windows Defender will not protect against potentially unwanted applications. - 1 – PUA Protection on. Detected items are blocked. They will show in history along with other threats. - 2 – Audit mode. Windows Defender will detect potentially unwanted applications, but take no action. You can review information about the applications Windows Defender would have taken action against by searching for events created by Windows Defender in the Event Viewer. - +
      @@ -1574,14 +1608,15 @@ Controls which sets of files should be monitored. > [!NOTE] > If **AllowOnAccessProtection** is not allowed, then this configuration can be used to monitor specific files. - + + The following list shows the supported values: - 0 (default) – Monitor all files (bi-directional). - 1 – Monitor incoming files. - 2 – Monitor outgoing files. - +
      @@ -1628,12 +1663,14 @@ The following list shows the supported values: Selects whether to perform a quick scan or full scan. + + The following list shows the supported values: - 1 (default) – Quick scan - 2 – Full scan - +
      @@ -1684,13 +1721,16 @@ Selects the time of day that the Windows Defender quick scan should run. > The scan type will depends on what scan type is selected in the **Defender/ScanParameter** setting.   -Valid values: 0–1380 For example, a value of 0=12:00AM, a value of 60=1:00AM, a value of 120=2:00, and so on, up to a value of 1380=11:00PM. The default value is 120 + +Valid values: 0–1380 + +
      @@ -1740,7 +1780,8 @@ Selects the day that the Windows Defender scan should run. > [!NOTE] > The scan type will depends on what scan type is selected in the **Defender/ScanParameter** setting. - + + The following list shows the supported values: - 0 (default) – Every day @@ -1753,7 +1794,7 @@ The following list shows the supported values: - 7 – Sunday - 8 – No scheduled scan - +
      @@ -1804,13 +1845,16 @@ Selects the time of day that the Windows Defender scan should run. > The scan type will depends on what scan type is selected in the **Defender/ScanParameter** setting. -Valid values: 0–1380. For example, a value of 0=12:00AM, a value of 60=1:00AM, a value of 120=2:00, and so on, up to a value of 1380=11:00PM. The default value is 120. + +Valid values: 0–1380. + +
      @@ -1857,13 +1901,16 @@ The default value is 120.   Specifies the interval (in hours) that will be used to check for signatures, so instead of using the ScheduleDay and ScheduleTime the check for new signatures will be set according to the interval. -Valid values: 0–24. A value of 0 means no check for new signatures, a value of 1 means to check every hour, a value of 2 means to check every two hours, and so on, up to a value of 24, which means to check every day. The default value is 8. + +Valid values: 0–24. + +
      @@ -1910,6 +1957,8 @@ The default value is 8.   Checks for the user consent level in Windows Defender to send data. If the required consent has already been granted, Windows Defender submits them. If not, (and if the user has specified never to ask), the UI is launched to ask for user consent (when **Defender/AllowCloudProtection** is allowed) before sending data. + + The following list shows the supported values: - 0 – Always prompt. @@ -1917,7 +1966,7 @@ The following list shows the supported values: - 2 – Never send. - 3 – Send all samples automatically. - +
      diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md index 97297f2da1..3b169444ca 100644 --- a/windows/client-management/mdm/policy-csp-devicelock.md +++ b/windows/client-management/mdm/policy-csp-devicelock.md @@ -180,15 +180,18 @@ Specifies whether to show a user-configurable setting to control the screen time > This policy must be wrapped in an Atomic command. -The following list shows the supported values: - -- 0 (default) – Not allowed. -- 1 – Allowed. > [!IMPORTANT] > If this policy is set to 1 (Allowed), the value set by **DeviceLock/ScreenTimeOutWhileLocked** is ignored. To ensure enterprise control over the screen timeout, set this policy to 0 (Not allowed) and use **DeviceLock/ScreenTimeOutWhileLocked** to set the screen timeout period. + +The following list shows the supported values: + +- 0 (default) – Not allowed. +- 1 – Allowed. + +
      @@ -235,14 +238,17 @@ Specifies whether PINs or passwords such as "1111" or "1234" are allowed. For th > This policy must be wrapped in an Atomic command. + +For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx). + + + The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. -For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx). - - +
      @@ -291,11 +297,6 @@ Determines the type of PIN or password required. This policy only applies if the > Always use the Replace command instead of Add for this policy in Windows 10 for desktop editions (Home, Pro, Enterprise, and Education). -The following list shows the supported values: - -- 0 – Alphanumeric PIN or password required. -- 1 – Numeric PIN or password required. -- 2 (default) – Users can choose: Numeric PIN or password, or Alphanumeric PIN or password. > [!NOTE] > If **AlphanumericDevicePasswordRequired** is set to 1 or 2, then MinDevicePasswordLength = 0 and MinDevicePasswordComplexCharacters = 1. @@ -303,6 +304,14 @@ The following list shows the supported values: > If **AlphanumericDevicePasswordRequired** is set to 0, then MinDevicePasswordLength = 4 and MinDevicePasswordComplexCharacters = 2. + +The following list shows the supported values: + +- 0 – Alphanumeric PIN or password required. +- 1 – Numeric PIN or password required. +- 2 (default) – Users can choose: Numeric PIN or password, or Alphanumeric PIN or password. + +
      @@ -351,10 +360,6 @@ Specifies whether device lock is enabled. > Always use the Replace command instead of Add for this policy in Windows 10 for desktop editions.   -The following list shows the supported values: - -- 0 (default) – Enabled -- 1 – Disabled > [!IMPORTANT] > The **DevicePasswordEnabled** setting must be set to 0 (device password is enabled) for the following policy settings to take effect: @@ -391,6 +396,13 @@ The following list shows the supported values: > - MaxInactivityTimeDeviceLock + +The following list shows the supported values: + +- 0 (default) – Enabled +- 1 – Disabled + +
      @@ -437,16 +449,19 @@ Specifies when the password expires (in days). > This policy must be wrapped in an Atomic command. -The following list shows the supported values: - -- An integer X where 0 <= X <= 730. -- 0 (default) - Passwords do not expire. If all policy values = 0 then 0; otherwise, Min policy value is the most secure value. For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx). + +The following list shows the supported values: + +- An integer X where 0 <= X <= 730. +- 0 (default) - Passwords do not expire. + +
      @@ -493,10 +508,6 @@ Specifies how many passwords can be stored in the history that can’t be used. > This policy must be wrapped in an Atomic command. -The following list shows the supported values: - -- An integer X where 0 <= X <= 50. -- 0 (default) The value includes the user's current password. This means that with a setting of 1 the user cannot reuse their current password when choosing a new password, while a setting of 5 means that a user cannot set their new password to their current password or any of their previous four passwords. @@ -505,6 +516,13 @@ Max policy value is the most restricted. For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx). + +The following list shows the supported values: + +- An integer X where 0 <= X <= 50. +- 0 (default) + +
      @@ -656,16 +674,19 @@ This policy has different behaviors on the mobile device and desktop. Prior to reaching the failed attempts limit, the user is sent to the lock screen and warned that more failed attempts will lock their computer. When the user reaches the limit, the device automatically reboots and shows the BitLocker recovery page. This page prompts the user for the BitLocker recovery key. -The following list shows the supported values: - -- An integer X where 4 <= X <= 16 for desktop and 0 <= X <= 999 for mobile devices. -- 0 (default) - The device is never wiped after an incorrect PIN or password is entered. Most secure value is 0 if all policy values = 0; otherwise, Min policy value is the most secure value. For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx). + +The following list shows the supported values: + +- An integer X where 4 <= X <= 16 for desktop and 0 <= X <= 999 for mobile devices. +- 0 (default) - The device is never wiped after an incorrect PIN or password is entered. + +
      @@ -712,14 +733,17 @@ Specifies the maximum amount of time (in minutes) allowed after the device is id > This policy must be wrapped in an Atomic command. + +For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx). + + + The following list shows the supported values: - An integer X where 0 <= X <= 999. - 0 (default) - No timeout is defined. The default of "0" is Windows Phone 7.5 parity and is interpreted by as "No timeout is defined." -For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx). - - +
      @@ -765,13 +789,14 @@ Specifies the maximum amount of time (in minutes) allowed after the device is id > [!NOTE] > This policy must be wrapped in an Atomic command. - + + The following list shows the supported values: - An integer X where 0 <= X <= 999. - 0 (default) - No timeout is defined. The default of "0" is Windows Phone 7.5 parity and is interpreted by as "No timeout is defined." - +
      @@ -934,17 +959,20 @@ Specifies the minimum number or characters required in the PIN or password. > Always use the Replace command instead of Add for this policy in Windows 10 for desktop editions. -The following list shows the supported values: - -- An integer X where 4 <= X <= 16 for mobile devices and desktop. However, local accounts will always enforce a minimum password length of 6. -- Not enforced. -- The default value is 4 for mobile devices and desktop devices. Max policy value is the most restricted. For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx) and [KB article](https://support.office.com/article/This-device-doesn-t-meet-the-security-requirements-set-by-your-email-administrator-87132fc7-2c7f-4a71-9de0-779ff81c86ca). + +The following list shows the supported values: + +- An integer X where 4 <= X <= 16 for mobile devices and desktop. However, local accounts will always enforce a minimum password length of 6. +- Not enforced. +- The default value is 4 for mobile devices and desktop devices. + +
      diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md index 395598e623..e2302d2679 100644 --- a/windows/client-management/mdm/policy-csp-display.md +++ b/windows/client-management/mdm/policy-csp-display.md @@ -76,12 +76,14 @@ If you disable or do not configure this policy setting, GDI DPI Scaling might st If GDI DPI Scaling is configured to both turn off and turn on an application, the application will be turned off. + + To validate on Desktop, do the following: 1. Configure the setting for an app which has GDI DPI scaling enabled via MDM or any other supported mechanisms. 2. Run the app and observe blurry text. - +
      @@ -132,12 +134,14 @@ If you disable or do not configure this policy setting, GDI DPI Scaling will not If GDI DPI Scaling is configured to both turn off and turn on an application, the application will be turned off. + + To validate on Desktop, do the following: 1. Configure the setting for an app which uses GDI. 2. Run the app and observe crisp text. - +
      diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md index 08a7c01d46..9c346946d7 100644 --- a/windows/client-management/mdm/policy-csp-experience.md +++ b/windows/client-management/mdm/policy-csp-experience.md @@ -1080,13 +1080,15 @@ The following list shows the supported values: Allows IT admins to specify whether spotlight should be used on the user's lock screen. If your organization does not have an Enterprise spotlight content service, then this policy will behave the same as a setting of 1. + + The following list shows the supported values: - 0 – None. - 1 (default) – Windows spotlight enabled. - 2 – placeholder only for future extension. Using this value has no effect. - +
      @@ -1133,12 +1135,14 @@ If you enable this policy setting, users will no longer see feedback notificatio If you disable or do not configure this policy setting, users can control how often they receive feedback questions. + + The following list shows the supported values: - 0 (default) – Feedback notifications are not disabled. The actual state of feedback notifications on the device will then depend on what GP has configured or what the user has configured locally. - 1 – Feedback notifications are disabled. - +
      diff --git a/windows/client-management/mdm/policy-csp-exploitguard.md b/windows/client-management/mdm/policy-csp-exploitguard.md index 421c1c41e8..9f742bb32f 100644 --- a/windows/client-management/mdm/policy-csp-exploitguard.md +++ b/windows/client-management/mdm/policy-csp-exploitguard.md @@ -67,6 +67,8 @@ Enables the IT admin to push out a configuration representing the desired system The system settings require a reboot; the application settings do not require a reboot. + + Here is an example: ``` syntax @@ -92,7 +94,7 @@ Here is an example: ``` - +
      diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md index d142ceb56a..1207e03022 100644 --- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md +++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md @@ -293,13 +293,16 @@ Disabling the Administrator account can become a maintenance issue under certain Under Safe Mode boot, the disabled Administrator account will only be enabled if the machine is non-domain joined and there are no other local active administrator accounts. If the computer is domain joined the disabled administrator will not be enabled. Default: Disabled. -Valid values: -- 0 - local Administrator account is disabled -- 1 - local Administrator account is enabled Value type is integer. Supported operations are Add, Get, Replace, and Delete. + +Valid values: +- 0 - local Administrator account is disabled +- 1 - local Administrator account is enabled + +
      @@ -343,15 +346,18 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. This security setting determines if the Guest account is enabled or disabled. Default: Disabled. -Valid values: -- 0 - local Guest account is disabled -- 1 - local Guest account is enabled Note: If the Guest account is disabled and the security option Network Access: Sharing and Security Model for local accounts is set to Guest Only, network logons, such as those performed by the Microsoft Network Server (SMB Service), will fail. Value type is integer. Supported operations are Add, Get, Replace, and Delete. + +Valid values: +- 0 - local Guest account is disabled +- 1 - local Guest account is enabled + +
      @@ -397,9 +403,6 @@ Accounts: Limit local account use of blank passwords to console logon only This security setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If enabled, local accounts that are not password protected will only be able to log on at the computer's keyboard. Default: Enabled. -Valid values: -- 0 - disabled - local accounts that are not password protected can be used to log on from locations other than the physical computer console -- 1 - enabled - local accounts that are not password protected will only be able to log on at the computer's keyboard Warning: @@ -412,6 +415,12 @@ It is possible for applications that use remote interactive logons to bypass thi Value type is integer. Supported operations are Add, Get, Replace, and Delete. + +Valid values: +- 0 - disabled - local accounts that are not password protected can be used to log on from locations other than the physical computer console +- 1 - enabled - local accounts that are not password protected will only be able to log on at the computer's keyboard + +
      @@ -1086,14 +1095,17 @@ In order to take advantage of this policy on domain controllers, all domain cont Interactive Logon:Display user information when the session is locked + +Value type is integer. Supported operations are Add, Get, Replace, and Delete. + + + Valid values: - 1 - User display name, domain and user names - 2 - User display name only - 3 - Do not display user information -Value type is integer. Supported operations are Add, Get, Replace, and Delete. - - +
      @@ -1142,13 +1154,16 @@ If this policy is enabled, the username will not be shown. If this policy is disabled, the username will be shown. Default: Disabled. -Valid values: -- 0 - disabled (username will be shown) -- 1 - enabled (username will not be shown) Value type is integer. Supported operations are Add, Get, Replace, and Delete. + +Valid values: +- 0 - disabled (username will be shown) +- 1 - enabled (username will not be shown) + +
      @@ -1198,13 +1213,16 @@ If this policy is enabled, the username will not be shown. If this policy is disabled, the username will be shown. Default: Disabled. -Valid values: -- 0 - disabled (username will be shown) -- 1 - enabled (username will not be shown) Value type is integer. Supported operations are Add, Get, Replace, and Delete. + +Valid values: +- 0 - disabled (username will be shown) +- 1 - enabled (username will not be shown) + +
      @@ -1255,13 +1273,16 @@ If this policy is disabled, any user is required to press CTRL+ALT+DEL before lo Default on domain-computers: Enabled: At least Windows 8/Disabled: Windows 7 or earlier. Default on stand-alone computers: Enabled. -Valid values: -- 0 - disabled -- 1 - enabled (a user is not required to press CTRL+ALT+DEL to log on) Value type is integer. Supported operations are Add, Get, Replace, and Delete. + +Valid values: +- 0 - disabled +- 1 - enabled (a user is not required to press CTRL+ALT+DEL to log on) + +
      @@ -1307,13 +1328,16 @@ Interactive logon: Machine inactivity limit. Windows notices inactivity of a logon session, and if the amount of inactive time exceeds the inactivity limit, then the screen saver will run, locking the session. Default: not enforced. -Valid values: -- 0 - disabled -- 1 - enabled (session will lock after amount of inactive time exceeds the inactivity limit) Value type is integer. Supported operations are Add, Get, Replace, and Delete. + +Valid values: +- 0 - disabled +- 1 - enabled (session will lock after amount of inactive time exceeds the inactivity limit) + +
      @@ -2203,13 +2227,16 @@ Network security: Allow PKU2U authentication requests to this computer to use on This policy will be turned off by default on domain joined machines. This would prevent online identities from authenticating to the domain joined machine. -Valid values: -- 0 - disabled -- 1 - enabled (allow PKU2U authentication requests to this computer to use online identities.) Value type is integer. Supported operations are Add, Get, Replace, and Delete. + +Valid values: +- 0 - disabled +- 1 - enabled (allow PKU2U authentication requests to this computer to use online identities.) + +
      @@ -2477,13 +2504,16 @@ Recovery console: Allow automatic administrative logon This security setting determines if the password for the Administrator account must be given before access to the system is granted. If this option is enabled, the Recovery Console does not require you to provide a password, and it automatically logs on to the system. Default: This policy is not defined and automatic administrative logon is not allowed. -Valid values: -- 0 - disabled -- 1 - enabled (allow automatic administrative logon) Value type is integer. Supported operations are Add, Get, Replace, and Delete. + +Valid values: +- 0 - disabled +- 1 - enabled (allow automatic administrative logon) + +
      @@ -2534,13 +2564,16 @@ When this policy is disabled, the option to shut down the computer does not appe Default on workstations: Enabled. Default on servers: Disabled. -Valid values: -- 0 - disabled -- 1 - enabled (allow system to be shut down without having to log on) Value type is integer. Supported operations are Add, Get, Replace, and Delete. + +Valid values: +- 0 - disabled +- 1 - enabled (allow system to be shut down without having to log on) + +
      @@ -2688,15 +2721,18 @@ This policy setting controls whether User Interface Accessibility (UIAccess or U Enabled: UIA programs, including Windows Remote Assistance, automatically disable the secure desktop for elevation prompts. If you do not disable the "User Account Control: Switch to the secure desktop when prompting for elevation" policy setting, the prompts appear on the interactive user's desktop instead of the secure desktop. Disabled: (Default) -Valid values: -- 0 - disabled -- 1 - enabled (allow UIAccess applications to prompt for elevation without using the secure desktop) The secure desktop can be disabled only by the user of the interactive desktop or by disabling the "User Account Control: Switch to the secure desktop when prompting for elevation" policy setting. Value type is integer. Supported operations are Add, Get, Replace, and Delete. + +Valid values: +- 0 - disabled +- 1 - enabled (allow UIAccess applications to prompt for elevation without using the secure desktop) + +
      diff --git a/windows/client-management/mdm/policy-csp-location.md b/windows/client-management/mdm/policy-csp-location.md index f5a62a9471..3d2a9f5773 100644 --- a/windows/client-management/mdm/policy-csp-location.md +++ b/windows/client-management/mdm/policy-csp-location.md @@ -68,17 +68,21 @@ Added in Windows 10, version 1703. Optional policy that allows for IT admin to > [!IMPORTANT] > This policy is not intended to ever be set, pushed, or refreshed more than one time after the first boot of the device because it is meant as initial configuration. Refreshing this policy might result in the Location Service's Device Switch changing state to something the user did not select, which is not an intended use for this policy. + + The following list shows the supported values: - 0 (default) – Disabled. - 1 – Enabled. + + To validate on Desktop, do the following: 1. Verify that Settings -> Privacy -> Location -> Location for this device is On/Off as expected. 2. Use Windows Maps Application (or similar) to see if a location can or cannot be obtained. - +
      diff --git a/windows/client-management/mdm/policy-csp-messaging.md b/windows/client-management/mdm/policy-csp-messaging.md index a10d85a033..743c206a04 100644 --- a/windows/client-management/mdm/policy-csp-messaging.md +++ b/windows/client-management/mdm/policy-csp-messaging.md @@ -74,12 +74,14 @@ ms.date: 01/29/2018 Added in Windows 10, version 1703. Enables or disables the MMS send/receive functionality on the device. For enterprises, this policy can be used to disable MMS on devices as part of the auditing or management requirement. + + The following list shows the supported values: - 0 - Disabled. - 1 (default) - Enabled. - +
      @@ -122,12 +124,14 @@ The following list shows the supported values: Added in Windows 10, version 1607. Enables text message back up and restore and Messaging Everywhere. This policy allows an organization to disable these features to avoid information being stored on servers outside of their control. + + The following list shows the supported values: - 0 - message sync is not allowed and cannot be changed by the user. - 1 - message sync is allowed. The user can change this setting. - +
      @@ -173,12 +177,14 @@ The following list shows the supported values: Added in Windows 10, version 1703. Enables or disables the RCS send/receive functionality on the device. For enterprises, this policy can be used to disable RCS on devices as part of the auditing or management requirement. + + The following list shows the supported values: - 0 - Disabled. - 1 (default) - Enabled. - +
      diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md index 8ab600b9d8..5422f5440f 100644 --- a/windows/client-management/mdm/policy-csp-privacy.md +++ b/windows/client-management/mdm/policy-csp-privacy.md @@ -504,15 +504,18 @@ The following list shows the supported values: Added in Windows 10, version 1607. Specifies whether Windows apps can access account information. + +Most restricted value is 2. + + + The following list shows the supported values: - 0 – User in control. - 1 – Force allow. - 2 - Force deny. -Most restricted value is 2. - - +
      @@ -684,15 +687,18 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. Specifies whether Windows apps can access the calendar. + +Most restricted value is 2. + + + The following list shows the supported values: - 0 – User in control. - 1 – Force allow. - 2 - Force deny. -Most restricted value is 2. - - +
      @@ -864,15 +870,18 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. Specifies whether Windows apps can access call history. + +Most restricted value is 2. + + + The following list shows the supported values: - 0 – User in control. - 1 – Force allow. - 2 - Force deny. -Most restricted value is 2. - - +
      @@ -1044,15 +1053,18 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. Specifies whether Windows apps can access the camera. + +Most restricted value is 2. + + + The following list shows the supported values: - 0 – User in control. - 1 – Force allow. - 2 - Force deny. -Most restricted value is 2. - - +
      @@ -1224,15 +1236,18 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. Specifies whether Windows apps can access contacts. + +Most restricted value is 2. + + + The following list shows the supported values: - 0 – User in control. - 1 – Force allow. - 2 - Force deny. -Most restricted value is 2. - - +
      @@ -1404,15 +1419,18 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. Specifies whether Windows apps can access email. + +Most restricted value is 2. + + + The following list shows the supported values: - 0 – User in control. - 1 – Force allow. - 2 - Force deny. -Most restricted value is 2. - - +
      @@ -1584,15 +1602,18 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. Specifies whether Windows apps can access location. + +Most restricted value is 2. + + + The following list shows the supported values: - 0 – User in control. - 1 – Force allow. - 2 - Force deny. -Most restricted value is 2. - - +
      @@ -1764,15 +1785,18 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. Specifies whether Windows apps can read or send messages (text or MMS). + +Most restricted value is 2. + + + The following list shows the supported values: - 0 – User in control. - 1 – Force allow. - 2 - Force deny. -Most restricted value is 2. - - +
      @@ -1944,15 +1968,18 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. Specifies whether Windows apps can access the microphone. + +Most restricted value is 2. + + + The following list shows the supported values: - 0 – User in control. - 1 – Force allow. - 2 - Force deny. -Most restricted value is 2. - - +
      @@ -2124,15 +2151,18 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. Specifies whether Windows apps can access motion data. + +Most restricted value is 2. + + + The following list shows the supported values: - 0 – User in control. - 1 – Force allow. - 2 - Force deny. -Most restricted value is 2. - - +
      @@ -2304,15 +2334,18 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. Specifies whether Windows apps can access notifications. + +Most restricted value is 2. + + + The following list shows the supported values: - 0 – User in control. - 1 – Force allow. - 2 - Force deny. -Most restricted value is 2. - - +
      @@ -2484,15 +2517,18 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. Specifies whether Windows apps can make phone calls. + +Most restricted value is 2. + + + The following list shows the supported values: - 0 – User in control. - 1 – Force allow. - 2 - Force deny. -Most restricted value is 2. - - +
      @@ -2664,15 +2700,18 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. Specifies whether Windows apps have access to control radios. + +Most restricted value is 2. + + + The following list shows the supported values: - 0 – User in control. - 1 – Force allow. - 2 - Force deny. -Most restricted value is 2. - - +
      @@ -3016,15 +3055,18 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family N Added in Windows 10, version 1607. Specifies whether Windows apps can access trusted devices. + +Most restricted value is 2. + + + The following list shows the supported values: - 0 – User in control. - 1 – Force allow. - 2 - Force deny. -Most restricted value is 2. - - +
      @@ -3196,15 +3238,18 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1703. Force allow, force deny or give user control of apps that can get diagnostic information about other running apps. + +Most restricted value is 2. + + + The following list shows the supported values: - 0 – User in control. - 1 – Force allow. - 2 - Force deny. -Most restricted value is 2. - - +
      @@ -3376,17 +3421,20 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family Added in Windows 10, version 1703. Specifies whether Windows apps can run in the background. -The following list shows the supported values: - -- 0 – User in control (default). -- 1 – Force allow. -- 2 - Force deny. Most restricted value is 2. > [!WARNING] > Be careful when determining which apps should have their background activity disabled. Communication apps normally update tiles and notifications through background processes. Turning off background activity for these types of apps could cause text message, email, and voicemail notifications to not function. This could also cause background email syncing to not function properly. + +The following list shows the supported values: + +- 0 – User in control (default). +- 1 – Force allow. +- 2 - Force deny. + +
      @@ -3558,15 +3606,18 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family Added in Windows 10, version 1607. Specifies whether Windows apps can sync with devices. + +Most restricted value is 2. + + + The following list shows the supported values: - 0 – User in control. - 1 – Force allow. - 2 - Force deny. -Most restricted value is 2. - - +
      diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md index 6aac1d55e9..743ea8568e 100644 --- a/windows/client-management/mdm/policy-csp-search.md +++ b/windows/client-management/mdm/policy-csp-search.md @@ -106,12 +106,14 @@ ms.date: 01/29/2018 Added in Windows 10, version 1709. Allow search and Cortana to search cloud sources like OneDrive and SharePoint. This policy allows corporate administrators to control whether employees can turn off/on the search of these cloud sources. The default policy value is to allow employees access to the setting that controls search of cloud sources. + + The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. - +
      @@ -332,14 +334,17 @@ This policy has been deprecated. Allows the use of diacritics. + +Most restricted value is 0. + + + The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. -Most restricted value is 0. - - +
      @@ -425,14 +430,17 @@ Allow Windows indexer. Value type is integer. Specifies whether to always use automatic language detection when indexing content and properties. + +Most restricted value is 0. + + + The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. -Most restricted value is 0. - - +
      @@ -475,12 +483,14 @@ Most restricted value is 0. If enabled, the search indexer backoff feature will be disabled. Indexing will continue at full speed even when system activity is high. If disabled, backoff logic will be used to throttle back indexing activity when system activity is high. Default is disabled. + + The following list shows the supported values: - 0 (default) – Disable. - 1 – Enable. - +
      @@ -527,12 +537,14 @@ If you enable this policy setting, locations on removable drives cannot be added If you disable or do not configure this policy setting, locations on removable drives can be added to libraries. In addition, locations on removable drives can be indexed. + + The following list shows the supported values: - 0 (default) – Disable. - 1 – Enable. - +
      @@ -634,12 +646,14 @@ Enable this policy if computers in your environment have extremely limited hard When this policy is disabled or not configured, Windows Desktop Search automatically manages your index size. + + The following list shows the supported values: - 0 – Disable. - 1 (default) – Enable. - +
      @@ -682,12 +696,14 @@ The following list shows the supported values: If enabled, clients will be unable to query this computer's index remotely. Thus, when they are browsing network shares that are stored on this computer, they will not search them using the index. If disabled, client search requests will use this computer's index.. + + The following list shows the supported values: - 0 – Disable. - 1 (default) – Enable. - +
      @@ -734,14 +750,17 @@ The following list shows the supported values: Specifies what level of safe search (filtering adult content) is required. + +Most restricted value is 0. + + + The following list shows the supported values: - 0 – Strict, highest filtering against adult content. - 1 (default) – Moderate filtering against adult content (valid search results will not be filtered). -Most restricted value is 0. - - +
      diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md index 7ee5db3300..8d7edec458 100644 --- a/windows/client-management/mdm/policy-csp-security.md +++ b/windows/client-management/mdm/policy-csp-security.md @@ -147,12 +147,14 @@ The following list shows the supported values: Specifies whether to allow automatic device encryption during OOBE when the device is Azure AD joined. + + The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. - +
      @@ -468,12 +470,14 @@ Added in Windows 10, version 1607 to replace the deprecated policy **Security/A Specifies whether to allow automatic device encryption during OOBE when the device is Azure AD joined. + + The following list shows the supported values: - 0 (default) – Encryption enabled. - 1 – Encryption disabled. - +
      @@ -516,10 +520,6 @@ The following list shows the supported values: Allows enterprise to turn on internal storage encryption. -The following list shows the supported values: - -- 0 (default) – Encryption is not required. -- 1 – Encryption is required. Most restricted value is 1. @@ -527,6 +527,13 @@ Most restricted value is 1. > If encryption has been enabled, it cannot be turned off by using this policy. + +The following list shows the supported values: + +- 0 (default) – Encryption is not required. +- 1 – Encryption is required. + +
      @@ -569,12 +576,14 @@ Most restricted value is 1. Specifies whether provisioning packages must have a certificate signed by a device trusted authority. + + The following list shows the supported values: - 0 (default) – Not required. - 1 – Required. - +
      @@ -617,10 +626,6 @@ The following list shows the supported values: Specifies whether to retrieve and post TCG Boot logs, and get or cache an encrypted or signed Health Attestation Report from the Microsoft Health Attestation Service (HAS) when a device boots or reboots. -The following list shows the supported values: - -- 0 (default) – Not required. -- 1 – Required. Setting this policy to 1 (Required): @@ -634,6 +639,13 @@ Setting this policy to 1 (Required): Most restricted value is 1. + +The following list shows the supported values: + +- 0 (default) – Not required. +- 1 – Required. + +
      diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md index f5a811c564..1ba96f10d0 100644 --- a/windows/client-management/mdm/policy-csp-settings.md +++ b/windows/client-management/mdm/policy-csp-settings.md @@ -728,6 +728,8 @@ The following list shows the supported values: Added in Windows 10, version 1703. Allows IT Admins to configure the default setting for showing additional calendars (besides the default calendar for the locale) in the taskbar clock and calendar flyout. In this version of Windows 10, supported additional calendars are: Simplified or Traditional Chinese lunar calendar. Turning on one of these calendars will display Chinese lunar dates below the default calendar for the locale. Select "Don't show additional calendars" to prevent showing other calendars besides the default calendar for the locale. + + The following list shows the supported values: - 0 (default) – User will be allowed to configure the setting. @@ -735,7 +737,7 @@ The following list shows the supported values: - 2 - Simplified Chinese (Lunar). - 3 - Traditional Chinese (Lunar). - +
      @@ -802,13 +804,15 @@ Example 2, specifies that the wifi page should not be shown: hide:wifi + + To validate on Desktop, do the following: 1. Open System Settings and verfiy that the About page is visible and accessible. 2. Configure the policy with the following string: "hide:about". 3. Open System Settings again and verify that the About page is no longer accessible. - +
      diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md index fa95c2c0a3..eabc6aabe7 100644 --- a/windows/client-management/mdm/policy-csp-start.md +++ b/windows/client-management/mdm/policy-csp-start.md @@ -663,15 +663,18 @@ The following list shows the supported values: Forces the start screen size. + +If there is policy configuration conflict, the latest configuration request is applied to the device. + + + The following list shows the supported values: - 0 (default) – Do not force size of Start. - 1 – Force non-fullscreen size of Start. - 2 - Force a fullscreen size of Start. -If there is policy configuration conflict, the latest configuration request is applied to the device. - - +
      @@ -720,12 +723,6 @@ Allows IT Admins to configure Start by collapsing or removing the all apps list. > [!Note] > There were issues reported with the previous release of this policy and a fix was added in Windows 10, version 1709. -The following list shows the supported values: - -- 0 (default) – None. -- 1 – Hide all apps list. -- 2 - Hide all apps list, and Disable "Show app list in Start menu" in Settings app. -- 3 - Hide all apps list, remove all apps button, and Disable "Show app list in Start menu" in Settings app. To validate on Desktop, do the following: @@ -735,6 +732,15 @@ To validate on Desktop, do the following: - 2c - If set to '3': Verify that there is no way of opening the all apps list from Start, and that the Settings toggle is grayed out. + +The following list shows the supported values: + +- 0 (default) – None. +- 1 – Hide all apps list. +- 2 - Hide all apps list, and Disable "Show app list in Start menu" in Settings app. +- 3 - Hide all apps list, remove all apps button, and Disable "Show app list in Start menu" in Settings app. + +
      @@ -777,11 +783,6 @@ To validate on Desktop, do the following: Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Change account settings" from appearing in the user tile. -To validate on Desktop, do the following: - -1. Enable policy. -2. Open Start, click on the user tile, and verify that "Change account settings" is not available. - The following list shows the supported values: @@ -790,6 +791,13 @@ The following list shows the supported values: - 1 - True (hide). + +To validate on Desktop, do the following: + +1. Enable policy. +2. Open Start, click on the user tile, and verify that "Change account settings" is not available. + +
      @@ -835,6 +843,15 @@ The following list shows the supported values: Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding most used apps. + + +The following list shows the supported values: + +- 0 (default) – False (do not hide). +- 1 - True (hide). + + + To validate on Desktop, do the following: 1. Enable "Show most used apps" in the Settings app. @@ -844,14 +861,7 @@ To validate on Desktop, do the following: 5. Check that "Show most used apps" Settings toggle is grayed out. 6. Check that most used apps do not appear in Start. - - -The following list shows the supported values: - -- 0 (default) – False (do not hide). -- 1 - True (hide). - - +
      @@ -894,10 +904,6 @@ The following list shows the supported values: Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Hibernate" from appearing in the Power button. -To validate on Laptop, do the following: - -1. Enable policy. -2. Open Start, click on the Power button, and verify "Hibernate" is not available. > [!NOTE] > This policy can only be verified on laptops as "Hibernate" does not appear on regular PC's. @@ -910,6 +916,13 @@ The following list shows the supported values: - 1 - True (hide). + +To validate on Laptop, do the following: + +1. Enable policy. +2. Open Start, click on the Power button, and verify "Hibernate" is not available. + +
      @@ -952,11 +965,6 @@ The following list shows the supported values: Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Lock" from appearing in the user tile. -To validate on Desktop, do the following: - -1. Enable policy. -2. Open Start, click on the user tile, and verify "Lock" is not available. - The following list shows the supported values: @@ -965,6 +973,13 @@ The following list shows the supported values: - 1 - True (hide). + +To validate on Desktop, do the following: + +1. Enable policy. +2. Open Start, click on the user tile, and verify "Lock" is not available. + +
      @@ -1055,11 +1070,6 @@ Value type is integer. Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding the Power button from appearing. -To validate on Desktop, do the following: - -1. Enable policy. -2. Open Start, and verify the power button is not available. - The following list shows the supported values: @@ -1068,6 +1078,13 @@ The following list shows the supported values: - 1 - True (hide). + +To validate on Desktop, do the following: + +1. Enable policy. +2. Open Start, and verify the power button is not available. + +
      @@ -1113,6 +1130,15 @@ The following list shows the supported values: Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding recently opened items in the jumplists from appearing. + + +The following list shows the supported values: + +- 0 (default) – False (do not hide). +- 1 - True (hide). + + + To validate on Desktop, do the following: 1. Enable "Show recently opened items in Jump Lists on Start of the taskbar" in Settings. @@ -1125,14 +1151,7 @@ To validate on Desktop, do the following: 8. Repeat Step 2. 9. Right Click pinned photos app and verify that there is no jumplist of recent items. - - -The following list shows the supported values: - -- 0 (default) – False (do not hide). -- 1 - True (hide). - - +
      @@ -1178,6 +1197,15 @@ The following list shows the supported values: Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding recently added apps. + + +The following list shows the supported values: + +- 0 (default) – False (do not hide). +- 1 - True (hide). + + + To validate on Desktop, do the following: 1. Enable "Show recently added apps" in the Settings app. @@ -1187,14 +1215,7 @@ To validate on Desktop, do the following: 5. Check that "Show recently added apps" Settings toggle is grayed out. 6. Check that recently added apps do not appear in Start. - - -The following list shows the supported values: - -- 0 (default) – False (do not hide). -- 1 - True (hide). - - +
      @@ -1237,11 +1258,6 @@ The following list shows the supported values: Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Restart" and "Update and restart" from appearing in the Power button. -To validate on Desktop, do the following: - -1. Enable policy. -2. Open Start, click on the Power button, and verify "Restart" and "Update and restart" are not available. - The following list shows the supported values: @@ -1250,6 +1266,13 @@ The following list shows the supported values: - 1 - True (hide). + +To validate on Desktop, do the following: + +1. Enable policy. +2. Open Start, click on the Power button, and verify "Restart" and "Update and restart" are not available. + +
      @@ -1292,11 +1315,6 @@ The following list shows the supported values: Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Shut down" and "Update and shut down" from appearing in the Power button. -To validate on Desktop, do the following: - -1. Enable policy. -2. Open Start, click on the Power button, and verify "Shut down" and "Update and shut down" are not available. - The following list shows the supported values: @@ -1305,6 +1323,13 @@ The following list shows the supported values: - 1 - True (hide). + +To validate on Desktop, do the following: + +1. Enable policy. +2. Open Start, click on the Power button, and verify "Shut down" and "Update and shut down" are not available. + +
      @@ -1347,11 +1372,6 @@ The following list shows the supported values: Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Sign out" from appearing in the user tile. -To validate on Desktop, do the following: - -1. Enable policy. -2. Open Start, click on the user tile, and verify "Sign out" is not available. - The following list shows the supported values: @@ -1360,6 +1380,13 @@ The following list shows the supported values: - 1 - True (hide). + +To validate on Desktop, do the following: + +1. Enable policy. +2. Open Start, click on the user tile, and verify "Sign out" is not available. + +
      @@ -1402,11 +1429,6 @@ The following list shows the supported values: Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Sleep" from appearing in the Power button. -To validate on Desktop, do the following: - -1. Enable policy. -2. Open Start, click on the Power button, and verify that "Sleep" is not available. - The following list shows the supported values: @@ -1415,6 +1437,13 @@ The following list shows the supported values: - 1 - True (hide). + +To validate on Desktop, do the following: + +1. Enable policy. +2. Open Start, click on the Power button, and verify that "Sleep" is not available. + +
      @@ -1457,11 +1486,6 @@ The following list shows the supported values: Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Switch account" from appearing in the user tile. -To validate on Desktop, do the following: - -1. Enable policy. -2. Open Start, click on the user tile, and verify that "Switch account" is not available. - The following list shows the supported values: @@ -1470,6 +1494,13 @@ The following list shows the supported values: - 1 - True (hide). + +To validate on Desktop, do the following: + +1. Enable policy. +2. Open Start, click on the user tile, and verify that "Switch account" is not available. + +
      @@ -1515,12 +1546,6 @@ The following list shows the supported values: Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding the user tile. -To validate on Desktop, do the following: - -1. Enable policy. -2. Log off. -3. Log in, and verify that the user tile is gone from Start. - The following list shows the supported values: @@ -1529,6 +1554,14 @@ The following list shows the supported values: - 1 - True (hide). + +To validate on Desktop, do the following: + +1. Enable policy. +2. Log off. +3. Log in, and verify that the user tile is gone from Start. + +
      @@ -1579,6 +1612,8 @@ Added in Windows 10, version 1703. This policy imports Edge assets (e.g. .png/. The value set for this policy is an XML string containing Edge assets. For an example XML string, see [Add image for secondary Microsoft Edge tiles](https://docs.microsoft.com/en-us/windows/configuration/start-secondary-tiles). + + To validate on Desktop, do the following: 1. Set policy with an XML for Edge assets. @@ -1586,7 +1621,7 @@ To validate on Desktop, do the following: 3. Sign out/in. 4. Verify that all Edge assets defined in XML show up in %LOCALAPPDATA%\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState path. - +
      @@ -1629,14 +1664,6 @@ To validate on Desktop, do the following: Added in Windows 10, version 1703. Allows IT Admins to configure the taskbar by disabling pinning and unpinning apps on the taskbar. -To validate on Desktop, do the following: - -1. Enable policy. -2. Right click on a program pinned to taskbar. -3. Verify that "Unpin from taskbar" menu does not show. -4. Open Start and right click on one of the app list icons. -5. Verify that More->Pin to taskbar menu does not show. - The following list shows the supported values: @@ -1645,6 +1672,16 @@ The following list shows the supported values: - 1 - True (pinning disabled). + +To validate on Desktop, do the following: + +1. Enable policy. +2. Right click on a program pinned to taskbar. +3. Verify that "Unpin from taskbar" menu does not show. +4. Open Start and right click on one of the app list icons. +5. Verify that More->Pin to taskbar menu does not show. + +
      diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md index 62c833ad36..b7bc8809d4 100644 --- a/windows/client-management/mdm/policy-csp-storage.md +++ b/windows/client-management/mdm/policy-csp-storage.md @@ -69,14 +69,17 @@ ms.date: 01/29/2018 Added in Windows 10, version 1709. Allows disk health model updates. + +Value type is integer. + + + The following list shows the supported values: - 0 - Do not allow - 1 (default) - Allow -Value type is integer. - - +
      diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index e8c1f500f6..f7c6e8a3f8 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -115,13 +115,15 @@ This policy setting determines whether users can access the Insider build contro If you enable or do not configure this policy setting, users can download and install Windows preview software on their devices. If you disable this policy setting, the item "Get Insider builds" will be unavailable. + + The following list shows the supported values: - 0 – Not allowed. The item "Get Insider builds" is unavailable, users are unable to make their devices available for preview software. - 1 – Allowed. Users can make their devices available for downloading and installing preview software. - 2 (default) – Not configured. Users can make their devices available for downloading and installing preview software. - +
      @@ -219,15 +221,18 @@ The following list shows the supported values: This policy setting determines the level that Microsoft can experiment with the product to study user preferences or device behavior. + +Most restricted value is 0. + + + The following list shows the supported values: - 0 – Disabled. - 1 (default) – Permits Microsoft to configure device settings only. - 2 – Allows Microsoft to conduct full experimentations. -Most restricted value is 0. - - +
      @@ -333,11 +338,6 @@ To verify if System/AllowFontProviders is set to true: Specifies whether to allow app access to the Location service. -The following list shows the supported values: - -- 0 – Force Location Off. All Location Privacy settings are toggled off and greyed out. Users cannot change the settings, and no apps are allowed access to the Location service, including Cortana and Search. -- 1 (default) – Location service is allowed. The user has control and can change Location Privacy settings on or off. -- 2 – Force Location On. All Location Privacy settings are toggled on and greyed out. Users cannot change the settings and all consent permissions will be automatically suppressed. Most restricted value is 0. @@ -348,6 +348,14 @@ When switching the policy back from 0 (Force Location Off) or 2 (Force Location For example, an app's original Location setting is Off. The administrator then sets the **AllowLocation** policy to 2 (Force Location On.) The Location service starts working for that app, overriding the original setting. Later, if the administrator switches the **AllowLocation** policy back to 1 (User Control), the app will revert to using its original setting of Off. + +The following list shows the supported values: + +- 0 – Force Location Off. All Location Privacy settings are toggled off and greyed out. Users cannot change the settings, and no apps are allowed access to the Location service, including Cortana and Search. +- 1 (default) – Location service is allowed. The user has control and can change Location Privacy settings on or off. +- 2 – Force Location On. All Location Privacy settings are toggled on and greyed out. Users cannot change the settings and all consent permissions will be automatically suppressed. + +
      @@ -721,12 +729,6 @@ Added in Windows 10, version 1703. Allows IT Admins to prevent apps and features If you disable or do not configure this policy setting, apps and features can work with OneDrive file storage. -To validate on Desktop, do the following: - -1. Enable policy. -2. Restart machine. -3. Verify that OneDrive.exe is not running in Task Manager. - The following list shows the supported values: @@ -735,6 +737,14 @@ The following list shows the supported values: - 1 – True (sync disabled). + +To validate on Desktop, do the following: + +1. Enable policy. +2. Restart machine. +3. Verify that OneDrive.exe is not running in Task Manager. + +
      diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md index 7b2956f975..e712a54e76 100644 --- a/windows/client-management/mdm/policy-csp-textinput.md +++ b/windows/client-management/mdm/policy-csp-textinput.md @@ -278,14 +278,17 @@ The following list shows the supported values: Allows the Japanese IME surrogate pair characters. + +Most restricted value is 0. + + + The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. -Most restricted value is 0. - - +
      @@ -501,12 +504,6 @@ Added in Windows 10, version 1703. Specifies whether text prediction is enabled Most restricted value is 0. -To validate that text prediction is disabled on Windows 10 for desktop, do the following: - -1. Search for and launch the on-screen keyboard. Verify that text prediction is disabled by typing some text. Text prediction on the keyboard will be disabled even if the “Use Text Prediction” setting is enabled from the options button. -2. Launch the input panel/touch keyboard by touching a text input field or launching it from the taskbar. Verify that text prediction is disabled by typing some text. Text prediction on the keyboard will be disabled even if the “Show text suggestions as I type” setting is enabled in the Settings app. -3. Launch the handwriting tool from the touch keyboard. Verify that text prediction is disabled when you write using the tool. - The following list shows the supported values: @@ -515,6 +512,14 @@ The following list shows the supported values: - 1 (default) – Enabled. + +To validate that text prediction is disabled on Windows 10 for desktop, do the following: + +1. Search for and launch the on-screen keyboard. Verify that text prediction is disabled by typing some text. Text prediction on the keyboard will be disabled even if the “Use Text Prediction” setting is enabled from the options button. +2. Launch the input panel/touch keyboard by touching a text input field or launching it from the taskbar. Verify that text prediction is disabled by typing some text. Text prediction on the keyboard will be disabled even if the “Show text suggestions as I type” setting is enabled in the Settings app. +3. Launch the handwriting tool from the touch keyboard. Verify that text prediction is disabled when you write using the tool. + +
      @@ -684,12 +689,14 @@ The following list shows the supported values: Allows the users to restrict character code range of conversion by setting the character filter. + + The following list shows the supported values: - 0 (default) – No characters are filtered. - 1 – All characters except JIS0208 are filtered. - +
      @@ -736,12 +743,14 @@ The following list shows the supported values: Allows the users to restrict character code range of conversion by setting the character filter. + + The following list shows the supported values: - 0 (default) – No characters are filtered. - 1 – All characters except JIS0208 and EUDC are filtered. - +
      @@ -788,12 +797,14 @@ The following list shows the supported values: Allows the users to restrict character code range of conversion by setting the character filter. + + The following list shows the supported values: - 0 (default) – No characters are filtered. - 1 – All characters except ShiftJIS are filtered. - +
      diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index d6e49b9bb0..3eac735f1d 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -357,6 +357,15 @@ Enables the IT admin to manage automatic update behavior to scan, download, and Supported operations are Get and Replace. + +> [!IMPORTANT] +> This option should be used only for systems under regulatory compliance, as you will not get security updates as well. +  + +If the policy is not configured, end-users get the default behavior (Auto install and restart). + + + The following list shows the supported values: - 0 – Notify the user before downloading the update. This policy is used by the enterprise who wants to enable the end-users to manage data usage. With this option users are notified when there are updates that apply to the device and are ready for download. Users can download and install the updates from the Windows Update control panel. @@ -366,13 +375,7 @@ The following list shows the supported values: - 4 – Auto install and restart without end-user control. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device is not actively being used. This setting option also sets the end-user control panel to read-only. - 5 – Turn off automatic updates. -> [!IMPORTANT] -> This option should be used only for systems under regulatory compliance, as you will not get security updates as well. -  - -If the policy is not configured, end-users get the default behavior (Auto install and restart). - - +
      @@ -469,12 +472,14 @@ The following list shows the supported values: Added in Windows 10, version 1607. Allows the IT admin to manage whether to scan for app updates from Microsoft Update. + + The following list shows the supported values: - 0 – Not allowed or not configured. - 1 – Allowed. Accepts updates received through Microsoft Update. - +
      @@ -724,12 +729,14 @@ Supported values are 15, 30, 60, 120, and 240 (minutes). Added in Windows 10, version 1703. Allows the IT Admin to specify the method by which the auto-restart required notification is dismissed. + + The following list shows the supported values: - 1 (default) – Auto Dismissal. - 2 – User Dismissal. - +
      @@ -1388,12 +1395,14 @@ The default value is 7 days. Added in Windows 10, version 1607. Allows IT Admins to exclude Windows Update (WU) drivers during updates. + + The following list shows the supported values: - 0 (default) – Allow Windows Update drivers. - 1 – Exclude Windows Update drivers. - +
      @@ -1439,12 +1448,14 @@ Added in the April service release of Windows 10, version 1607. Allows Windows U > [!NOTE] > This setting should only be used in combination with an alternate download URL and configured to use ISV file cache. This setting is used when the intranet update service does not provide download URLs in the update metadata for files which are available on the alternate download server. + + The following list shows the supported values: - 0 (default) – Disabled. - 1 – Enabled. - +
      @@ -1556,10 +1567,6 @@ Added in Windows 10, version 1703. Specifies whether to ignore the MO download > Setting this policy might cause devices to incur costs from MO operators. -To validate this policy: - -1. Enable the policy and ensure the device is on a cellular network. -2. Run the scheduled task on phone to check for OS updates in the background. For example, on a mobile device, run the following commands in TShell: - `exec-device schtasks.exe -arguments ""/run /tn """"\Microsoft\Windows\WindowsUpdate\AUScheduledInstall"""" /I""` 3. Verify that any downloads that are above the download size limit will complete without being paused. @@ -1572,6 +1579,13 @@ The following list shows the supported values: - 1 – Ignore MO download limit (allow unlimited downloading) for OS updates. + +To validate this policy: + +1. Enable the policy and ensure the device is on a cellular network. +2. Run the scheduled task on phone to check for OS updates in the background. For example, on a mobile device, run the following commands in TShell: + +
      @@ -1614,13 +1628,15 @@ The following list shows the supported values: Added in Windows 10, version 1709. Used to manage Windows 10 Insider Preview builds. Value type is integer. + + The following list shows the supported values: - 0 - Disable Preview builds - 1 - Disable Preview builds once the next release is public - 2 - Enable Preview builds - +
      @@ -1667,16 +1683,19 @@ The following list shows the supported values: Allows IT Admins to pause updates and upgrades for up to 5 weeks. Paused deferrals will be reset after 5 weeks. -The following list shows the supported values: - -- 0 (default) – Deferrals are not paused. -- 1 – Deferrals are paused. If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. If the "Allow Telemetry" policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. + +The following list shows the supported values: + +- 0 (default) – Deferrals are not paused. +- 1 – Deferrals are paused. + +
      @@ -1722,12 +1741,14 @@ Since this policy is not blocked, you will not get a failure message when you us Added in Windows 10, version 1607. Allows IT Admins to pause Feature Updates for up to 60 days. + + The following list shows the supported values: - 0 (default) – Feature Updates are not paused. - 1 – Feature Updates are paused for 60 days or until value set to back to 0, whichever is sooner. - +
      @@ -1815,12 +1836,14 @@ Value type is string. Supported operations are Add, Get, Delete, and Replace. Added in Windows 10, version 1607. Allows IT Admins to pause Quality Updates. + + The following list shows the supported values: - 0 (default) – Quality Updates are not paused. - 1 – Quality Updates are paused for 35 days or until value set back to 0, whichever is sooner. - +
      @@ -1923,12 +1946,14 @@ This policy is deprecated. Use [Update/RequireUpdateApproval](#update-requireupd Allows the IT admin to set a device to Semi-Annual Channel train. + + The following list shows the supported values: - 0 (default) – User gets upgrades from Semi-Annual Channel (Targeted). - 1 – User gets upgrades from Semi-Annual Channel. - +
      @@ -1977,12 +2002,14 @@ Allows the IT admin to restrict the updates that are installed on a device to on Supported operations are Get and Replace. + + The following list shows the supported values: - 0 – Not configured. The device installs all applicable updates. - 1 – The device only installs updates that are both applicable and on the Approved Updates list. Set this policy to 1 if IT wants to control the deployment of updates on devices, such as when testing is required prior to deployment. - +
      @@ -2131,6 +2158,8 @@ The data type is a integer. Supported operations are Add, Delete, Get, and Replace. + + The following list shows the supported values: - 0 (default) – Every day @@ -2142,7 +2171,7 @@ The following list shows the supported values: - 6 – Friday - 7 – Saturday - +
      @@ -2475,12 +2504,14 @@ The default value is 3. Added in Windows 10, version 1703. Allows the IT Admin to disable auto-restart notifications for update installations. + + The following list shows the supported values: - 0 (default) – Enabled - 1 – Disabled - +
      @@ -2523,12 +2554,14 @@ The following list shows the supported values: Added in Windows 10, version 1703. For devices in a cart, this policy skips all restart checks to ensure that the reboot will happen at ScheduledInstallTime. + + The following list shows the supported values: - 0 - not configured - 1 - configured - +
      @@ -2576,11 +2609,15 @@ Allows the device to check for updates from a WSUS server instead of Microsoft U Supported operations are Get and Replace. + + The following list shows the supported values: - Not configured. The device checks for updates from Microsoft Update. - Set to a URL, such as `http://abcd-srv:8530`. The device checks for updates from the WSUS server at the specified URL. + + Example ``` syntax @@ -2599,7 +2636,7 @@ Example ``` - +
      diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md index 78fb5ed4b9..a7f22fe4fc 100644 --- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md +++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md @@ -166,12 +166,14 @@ Value type is string. Supported operations are Add, Get, Replace and Delete. Added in Windows 10, next major release. Use this policy setting to specify if to display the Account protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area. + + Valid values: - 0 - (Disable) The users can see the display of the Account protection area in Windows Defender Security Center. - 1 - (Enable) The users cannot see the display of the Account protection area in Windows Defender Security Center. - +
      @@ -266,12 +268,14 @@ The following list shows the supported values: Added in Windows 10, next major release. Use this policy setting if you want to disable the display of the Device security area in the Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area. + + Valid values: - 0 - (Disable) The users can see the display of the Device security area in Windows Defender Security Center. - 1 - (Enable) The users cannot see the display of the Device secuirty area in Windows Defender Security Center. - +
      @@ -830,12 +834,14 @@ The following list shows the supported values: Added in Windows 10, next major update. Use this policy setting to hide the Ransomware data recovery area in Windows Defender Security Center. + + Valid values: - 0 - (Disable or not configured) The Ransomware data recovery area will be visible. - 1 - (Enable) The Ransomware data recovery area is hidden. - +
      @@ -878,12 +884,14 @@ Valid values: Added in Windows 10, next major update. Use this policy to hide the Secure boot area in the Windows Defender Security Center. + + Valid values: - 0 - (Disable or not configured) The Secure boot area is displayed. - 1 - (Enable) The Secure boot area is hidden. - +
      @@ -926,12 +934,14 @@ Valid values: Added in Windows 10, next major update. Use this policy to hide the Security processor (TPM) troubleshooting area in the Windows Defender Security Center. + + Valid values: - 0 - (Disable or not configured) The Security processor (TPM) troubleshooting area is displayed. - 1 - (Enable) The Security processor (TPM) troubleshooting area is hidden. - +
      diff --git a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md index eda04ac82d..69290e276b 100644 --- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md +++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md @@ -118,13 +118,15 @@ The following list shows the supported values: Added in Windows 10, version 1607. Specifies whether to allow the user to access the ink workspace. + + Value type is int. The following list shows the supported values: - 0 - access to ink workspace is disabled. The feature is turned off. - 1 - ink workspace is enabled (feature is turned on), but the user cannot access it above the lock screen. - 2 (default) - ink workspace is enabled (feature is turned on), and the user is allowed to use it above the lock screen. - +
      diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md index e0a364f38a..9679d7b3a3 100644 --- a/windows/client-management/mdm/policy-csp-windowslogon.md +++ b/windows/client-management/mdm/policy-csp-windowslogon.md @@ -195,11 +195,6 @@ ADMX Info: Added in Windows 10, version 1703. This policy setting allows you to hide the Switch account button on the sign-in screen, Start, and the Task Manager. If you enable this policy setting, the Switch account button is hidden from the user who is attempting to sign-in or is signed in to the computer that has this policy applied. If you disable or do not configure this policy setting, the Switch account button is accessible to the user in the three locations. -To validate on Desktop, do the following: - -1. Enable policy. -2. Verify that the Switch account button in Start is hidden. - The following list shows the supported values: @@ -208,6 +203,13 @@ The following list shows the supported values: - 1 - Enabled (hidden). + +To validate on Desktop, do the following: + +1. Enable policy. +2. Verify that the Switch account button in Start is hidden. + +
      From 3e02444b5be0586e72b5c065c996e96aad04a00e Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Mon, 29 Jan 2018 23:56:22 +0000 Subject: [PATCH 042/109] Removing old Microsoft 365 files --- bcs/TOC.md | 4 - bcs/breadcrumb/toc.yml | 11 - .../bcs-information-product-help-office.svg | 94 - ...bcs-information-product-help-windows10.svg | 122 - .../bcs-iw-devicesetup-move-files-2.svg | 76 - bcs/images/bcs-iw-devicesetup-setup-1.svg | 91 - ...rtner-advanced-management- add-group-5.svg | 69 - ...partner-advanced-management- billing-7.svg | 115 - ...partner-advanced-management- install-4.svg | 62 - ...d-management- management-4_placeholder.svg | 39 - ...partner-advanced-management- reports-9.svg | 106 - ...rtner-advanced-management-add-domain-2.svg | 75 - ...partner-advanced-management-add-user-1.svg | 69 - ...rtner-advanced-management-auto-pilot-3.svg | 88 - .../bcs-partner-advanced-management-faq-2.svg | 88 - ...ner-advanced-management-find-partner-1.svg | 105 - ...ner-advanced-management-find-partner-2.svg | 73 - ...s-partner-advanced-management-intune-1.svg | 76 - ...tner-advanced-management-learn-about-1.svg | 70 - ...partner-advanced-management-password-3.svg | 56 - ...ced-management-resources-6_placeholder.svg | 37 - ...partner-advanced-management-settings-8.svg | 85 - ...dvanced-management-technical-support-4.svg | 88 - ...-advanced-management-troubleshooting-3.svg | 78 - ...artner-advanced-management-windows10-2.svg | 59 - ...tner-advanced-management-windows10pc-3.svg | 96 - bcs/images/bcs-partner-get-started-1.svg | 116 - bcs/images/bcs-partner-identity-manager.svg | 91 - bcs/images/bcs-partner-install-2.svg | 90 - bcs/images/bcs-partner-office-migration-1.svg | 67 - ...s-partner-policies-set-device-config-1.svg | 85 - .../bcs-partner-policies-view-policies-2.svg | 78 - bcs/images/bcs-partner-prepare-office-1.svg | 66 - bcs/images/bcs-partner-remove-3.svg | 150 -- bcs/images/bcs-partner-reset-windows-4.svg | 85 - bcs/images/bcs-partner-upgrade-2.svg | 60 - .../bcs-user-management-add-customer-1.svg | 99 - .../bcs-user-management-remove-customer-2.svg | 150 -- bcs/images/icon_video.svg | 59 - bcs/images/partner-fastrack-3.svg | 82 - bcs/images/partner-news-2.svg | 123 - bcs/images/partner-resource-training-1.svg | 72 - bcs/index.md | 2087 ----------------- .../pc_customer_m365bpreview_suspend.png | Bin 73363 -> 0 bytes ..._customer_m365bpreview_suspend_confirm.png | Bin 48298 -> 0 bytes .../pc_customer_reviewnewsubscription.png | Bin 35056 -> 0 bytes .../images/pc_customer_subscriptions.PNG | Bin 58677 -> 0 bytes .../images/pc_customer_subscriptions_1.png | Bin 43712 -> 0 bytes ..._customer_userslicenses_m365b_validate.png | Bin 58685 -> 0 bytes bcs/support/microsoft-365-business-faqs.md | 186 -- bcs/support/transition-csp-subscription.md | 103 - microsoft-365/TOC.md | 1 - microsoft-365/images/M365-education.svg | 171 -- microsoft-365/index.md | 90 - 54 files changed, 6043 deletions(-) delete mode 100644 bcs/TOC.md delete mode 100644 bcs/breadcrumb/toc.yml delete mode 100644 bcs/images/bcs-information-product-help-office.svg delete mode 100644 bcs/images/bcs-information-product-help-windows10.svg delete mode 100644 bcs/images/bcs-iw-devicesetup-move-files-2.svg delete mode 100644 bcs/images/bcs-iw-devicesetup-setup-1.svg delete mode 100644 bcs/images/bcs-partner-advanced-management- add-group-5.svg delete mode 100644 bcs/images/bcs-partner-advanced-management- billing-7.svg delete mode 100644 bcs/images/bcs-partner-advanced-management- install-4.svg delete mode 100644 bcs/images/bcs-partner-advanced-management- management-4_placeholder.svg delete mode 100644 bcs/images/bcs-partner-advanced-management- reports-9.svg delete mode 100644 bcs/images/bcs-partner-advanced-management-add-domain-2.svg delete mode 100644 bcs/images/bcs-partner-advanced-management-add-user-1.svg delete mode 100644 bcs/images/bcs-partner-advanced-management-auto-pilot-3.svg delete mode 100644 bcs/images/bcs-partner-advanced-management-faq-2.svg delete mode 100644 bcs/images/bcs-partner-advanced-management-find-partner-1.svg delete mode 100644 bcs/images/bcs-partner-advanced-management-find-partner-2.svg delete mode 100644 bcs/images/bcs-partner-advanced-management-intune-1.svg delete mode 100644 bcs/images/bcs-partner-advanced-management-learn-about-1.svg delete mode 100644 bcs/images/bcs-partner-advanced-management-password-3.svg delete mode 100644 bcs/images/bcs-partner-advanced-management-resources-6_placeholder.svg delete mode 100644 bcs/images/bcs-partner-advanced-management-settings-8.svg delete mode 100644 bcs/images/bcs-partner-advanced-management-technical-support-4.svg delete mode 100644 bcs/images/bcs-partner-advanced-management-troubleshooting-3.svg delete mode 100644 bcs/images/bcs-partner-advanced-management-windows10-2.svg delete mode 100644 bcs/images/bcs-partner-advanced-management-windows10pc-3.svg delete mode 100644 bcs/images/bcs-partner-get-started-1.svg delete mode 100644 bcs/images/bcs-partner-identity-manager.svg delete mode 100644 bcs/images/bcs-partner-install-2.svg delete mode 100644 bcs/images/bcs-partner-office-migration-1.svg delete mode 100644 bcs/images/bcs-partner-policies-set-device-config-1.svg delete mode 100644 bcs/images/bcs-partner-policies-view-policies-2.svg delete mode 100644 bcs/images/bcs-partner-prepare-office-1.svg delete mode 100644 bcs/images/bcs-partner-remove-3.svg delete mode 100644 bcs/images/bcs-partner-reset-windows-4.svg delete mode 100644 bcs/images/bcs-partner-upgrade-2.svg delete mode 100644 bcs/images/bcs-user-management-add-customer-1.svg delete mode 100644 bcs/images/bcs-user-management-remove-customer-2.svg delete mode 100644 bcs/images/icon_video.svg delete mode 100644 bcs/images/partner-fastrack-3.svg delete mode 100644 bcs/images/partner-news-2.svg delete mode 100644 bcs/images/partner-resource-training-1.svg delete mode 100644 bcs/index.md delete mode 100644 bcs/support/images/pc_customer_m365bpreview_suspend.png delete mode 100644 bcs/support/images/pc_customer_m365bpreview_suspend_confirm.png delete mode 100644 bcs/support/images/pc_customer_reviewnewsubscription.png delete mode 100644 bcs/support/images/pc_customer_subscriptions.PNG delete mode 100644 bcs/support/images/pc_customer_subscriptions_1.png delete mode 100644 bcs/support/images/pc_customer_userslicenses_m365b_validate.png delete mode 100644 bcs/support/microsoft-365-business-faqs.md delete mode 100644 bcs/support/transition-csp-subscription.md delete mode 100644 microsoft-365/TOC.md delete mode 100644 microsoft-365/images/M365-education.svg delete mode 100644 microsoft-365/index.md diff --git a/bcs/TOC.md b/bcs/TOC.md deleted file mode 100644 index 1b161ed802..0000000000 --- a/bcs/TOC.md +++ /dev/null @@ -1,4 +0,0 @@ -# [Microsoft 365 Business documentation and resources](index.md) -# [Support]() -## [Microsoft 365 Business FAQ](support/microsoft-365-business-faqs.md) -## [Transition a Microsoft 365 Business CSP subscription](support/transition-csp-subscription.md) \ No newline at end of file diff --git a/bcs/breadcrumb/toc.yml b/bcs/breadcrumb/toc.yml deleted file mode 100644 index 6a29a6b202..0000000000 --- a/bcs/breadcrumb/toc.yml +++ /dev/null @@ -1,11 +0,0 @@ -- name: Docs - tocHref: / - topicHref: / - items: - - name: Microsoft 365 Business - tocHref: /microsoft-365-business/ - topicHref: /microsoft-365-business/index - items: - - name: Support - tocHref: /microsoft-365-business/support/ - topicHref: /microsoft-365-business/support/microsoft-365-business-faqs \ No newline at end of file diff --git a/bcs/images/bcs-information-product-help-office.svg b/bcs/images/bcs-information-product-help-office.svg deleted file mode 100644 index a748576afa..0000000000 --- a/bcs/images/bcs-information-product-help-office.svg +++ /dev/null @@ -1,94 +0,0 @@ - - - - - bcs-information-product-help-office - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/bcs/images/bcs-information-product-help-windows10.svg b/bcs/images/bcs-information-product-help-windows10.svg deleted file mode 100644 index f9c36f40be..0000000000 --- a/bcs/images/bcs-information-product-help-windows10.svg +++ /dev/null @@ -1,122 +0,0 @@ - - - - - bcs-information-product-help-windows10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/bcs/images/bcs-iw-devicesetup-move-files-2.svg b/bcs/images/bcs-iw-devicesetup-move-files-2.svg deleted file mode 100644 index 8eff6a423a..0000000000 --- a/bcs/images/bcs-iw-devicesetup-move-files-2.svg +++ /dev/null @@ -1,76 +0,0 @@ - - - - - bcs-partner-advanced-management-move-files-2 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/bcs/images/bcs-iw-devicesetup-setup-1.svg b/bcs/images/bcs-iw-devicesetup-setup-1.svg deleted file mode 100644 index 6011499c3a..0000000000 --- a/bcs/images/bcs-iw-devicesetup-setup-1.svg +++ /dev/null @@ -1,91 +0,0 @@ - - - - - bcs-partner-advanced-management-setup-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/bcs/images/bcs-partner-advanced-management- add-group-5.svg b/bcs/images/bcs-partner-advanced-management- add-group-5.svg deleted file mode 100644 index 435e4bc752..0000000000 --- a/bcs/images/bcs-partner-advanced-management- add-group-5.svg +++ /dev/null @@ -1,69 +0,0 @@ - - - - - bcs-partner-advanced-management- add-group-5 - - - - - - - - - - - - - - - - - - - - - - - diff --git a/bcs/images/bcs-partner-advanced-management- billing-7.svg b/bcs/images/bcs-partner-advanced-management- billing-7.svg deleted file mode 100644 index 50af1d2262..0000000000 --- a/bcs/images/bcs-partner-advanced-management- billing-7.svg +++ /dev/null @@ -1,115 +0,0 @@ - - - - - bcs-partner-advanced-management- billing-7 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/bcs/images/bcs-partner-advanced-management- install-4.svg b/bcs/images/bcs-partner-advanced-management- install-4.svg deleted file mode 100644 index 24f2df79ca..0000000000 --- a/bcs/images/bcs-partner-advanced-management- install-4.svg +++ /dev/null @@ -1,62 +0,0 @@ - - - - - bcs-partner-advanced-management- install-4 - - - - - - - - - - - - - - - - - - - - - - diff --git a/bcs/images/bcs-partner-advanced-management- management-4_placeholder.svg b/bcs/images/bcs-partner-advanced-management- management-4_placeholder.svg deleted file mode 100644 index 81370d6388..0000000000 --- a/bcs/images/bcs-partner-advanced-management- management-4_placeholder.svg +++ /dev/null @@ -1,39 +0,0 @@ - - - - - bcs-partner-advanced-management- management-4 - - - - - - - - - diff --git a/bcs/images/bcs-partner-advanced-management- reports-9.svg b/bcs/images/bcs-partner-advanced-management- reports-9.svg deleted file mode 100644 index f34b2f595e..0000000000 --- a/bcs/images/bcs-partner-advanced-management- reports-9.svg +++ /dev/null @@ -1,106 +0,0 @@ - - - - - bcs-partner-advanced-management- reports-9 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/bcs/images/bcs-partner-advanced-management-add-domain-2.svg b/bcs/images/bcs-partner-advanced-management-add-domain-2.svg deleted file mode 100644 index 2fab39dd10..0000000000 --- a/bcs/images/bcs-partner-advanced-management-add-domain-2.svg +++ /dev/null @@ -1,75 +0,0 @@ - - - - - bcs-partner-advanced-management-add-domain- - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/bcs/images/bcs-partner-advanced-management-add-user-1.svg b/bcs/images/bcs-partner-advanced-management-add-user-1.svg deleted file mode 100644 index 30bebd62f4..0000000000 --- a/bcs/images/bcs-partner-advanced-management-add-user-1.svg +++ /dev/null @@ -1,69 +0,0 @@ - - - - - bcs-partner-advanced-management-add-user-1 - - - - - - - - - - - - - - - - - - - - - - diff --git a/bcs/images/bcs-partner-advanced-management-auto-pilot-3.svg b/bcs/images/bcs-partner-advanced-management-auto-pilot-3.svg deleted file mode 100644 index bd992b7c7f..0000000000 --- a/bcs/images/bcs-partner-advanced-management-auto-pilot-3.svg +++ /dev/null @@ -1,88 +0,0 @@ - - - - - bcs-partner-advanced-management-auto-pilot-3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/bcs/images/bcs-partner-advanced-management-faq-2.svg b/bcs/images/bcs-partner-advanced-management-faq-2.svg deleted file mode 100644 index a89de48058..0000000000 --- a/bcs/images/bcs-partner-advanced-management-faq-2.svg +++ /dev/null @@ -1,88 +0,0 @@ - - - - - bcs-partner-advanced-management-faq-2 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/bcs/images/bcs-partner-advanced-management-find-partner-1.svg b/bcs/images/bcs-partner-advanced-management-find-partner-1.svg deleted file mode 100644 index ffae69af7c..0000000000 --- a/bcs/images/bcs-partner-advanced-management-find-partner-1.svg +++ /dev/null @@ -1,105 +0,0 @@ - - - - - bcs-partner-advanced-management-fid-oartner-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/bcs/images/bcs-partner-advanced-management-find-partner-2.svg b/bcs/images/bcs-partner-advanced-management-find-partner-2.svg deleted file mode 100644 index 221c47548e..0000000000 --- a/bcs/images/bcs-partner-advanced-management-find-partner-2.svg +++ /dev/null @@ -1,73 +0,0 @@ - - - - - bcs-partner-advanced-management-find-partner-2 - - - - - - - - - - - - - - - - - - - diff --git a/bcs/images/bcs-partner-advanced-management-intune-1.svg b/bcs/images/bcs-partner-advanced-management-intune-1.svg deleted file mode 100644 index ba86b50274..0000000000 --- a/bcs/images/bcs-partner-advanced-management-intune-1.svg +++ /dev/null @@ -1,76 +0,0 @@ - - - - - bcs-partner-advanced-management-intune-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/bcs/images/bcs-partner-advanced-management-learn-about-1.svg b/bcs/images/bcs-partner-advanced-management-learn-about-1.svg deleted file mode 100644 index 5237e929eb..0000000000 --- a/bcs/images/bcs-partner-advanced-management-learn-about-1.svg +++ /dev/null @@ -1,70 +0,0 @@ - - - - - bcs-partner-advanced-management-learn-about-1 - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/bcs/images/bcs-partner-advanced-management-password-3.svg b/bcs/images/bcs-partner-advanced-management-password-3.svg deleted file mode 100644 index f1f91ab410..0000000000 --- a/bcs/images/bcs-partner-advanced-management-password-3.svg +++ /dev/null @@ -1,56 +0,0 @@ - - - - - bcs-partner-advanced-management-password-3 - - - - - - - - - - - - - - - - - - diff --git a/bcs/images/bcs-partner-advanced-management-resources-6_placeholder.svg b/bcs/images/bcs-partner-advanced-management-resources-6_placeholder.svg deleted file mode 100644 index 1a4d5ad540..0000000000 --- a/bcs/images/bcs-partner-advanced-management-resources-6_placeholder.svg +++ /dev/null @@ -1,37 +0,0 @@ - - - - - bcs-partner-advanced-management-resources-6 - - - - - - - - - diff --git a/bcs/images/bcs-partner-advanced-management-settings-8.svg b/bcs/images/bcs-partner-advanced-management-settings-8.svg deleted file mode 100644 index 5b556a7ce0..0000000000 --- a/bcs/images/bcs-partner-advanced-management-settings-8.svg +++ /dev/null @@ -1,85 +0,0 @@ - - - - - bcs-partner-advanced-management-settings-8 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/bcs/images/bcs-partner-advanced-management-technical-support-4.svg b/bcs/images/bcs-partner-advanced-management-technical-support-4.svg deleted file mode 100644 index 00fe5333f8..0000000000 --- a/bcs/images/bcs-partner-advanced-management-technical-support-4.svg +++ /dev/null @@ -1,88 +0,0 @@ - - - - - bcs-partner-advanced-management-technical-support-4 - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/bcs/images/bcs-partner-advanced-management-troubleshooting-3.svg b/bcs/images/bcs-partner-advanced-management-troubleshooting-3.svg deleted file mode 100644 index d70739d1c2..0000000000 --- a/bcs/images/bcs-partner-advanced-management-troubleshooting-3.svg +++ /dev/null @@ -1,78 +0,0 @@ - - - - - bcs-partner-advanced-management-troubleshooting-3 - - - - - - - - - - - - - - - - - - - - - - diff --git a/bcs/images/bcs-partner-advanced-management-windows10-2.svg b/bcs/images/bcs-partner-advanced-management-windows10-2.svg deleted file mode 100644 index dbfef70e2d..0000000000 --- a/bcs/images/bcs-partner-advanced-management-windows10-2.svg +++ /dev/null @@ -1,59 +0,0 @@ - - - - - bcs-partner-advanced-management-windows10-2 - - - - - - - - - - - - - - - - - - - - diff --git a/bcs/images/bcs-partner-advanced-management-windows10pc-3.svg b/bcs/images/bcs-partner-advanced-management-windows10pc-3.svg deleted file mode 100644 index 5e772085f1..0000000000 --- a/bcs/images/bcs-partner-advanced-management-windows10pc-3.svg +++ /dev/null @@ -1,96 +0,0 @@ - - - - - bcs-partner-advanced-management-windows10pc-3 - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/bcs/images/bcs-partner-get-started-1.svg b/bcs/images/bcs-partner-get-started-1.svg deleted file mode 100644 index 3fda6d92c6..0000000000 --- a/bcs/images/bcs-partner-get-started-1.svg +++ /dev/null @@ -1,116 +0,0 @@ - - - - - bcs-partner-get-started-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/bcs/images/bcs-partner-identity-manager.svg b/bcs/images/bcs-partner-identity-manager.svg deleted file mode 100644 index c75db3c46f..0000000000 --- a/bcs/images/bcs-partner-identity-manager.svg +++ /dev/null @@ -1,91 +0,0 @@ - - - - - bcs-partner-identity-manager - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/bcs/images/bcs-partner-install-2.svg b/bcs/images/bcs-partner-install-2.svg deleted file mode 100644 index e112e26bc1..0000000000 --- a/bcs/images/bcs-partner-install-2.svg +++ /dev/null @@ -1,90 +0,0 @@ - - - - - bcs-partner-install-2 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/bcs/images/bcs-partner-office-migration-1.svg b/bcs/images/bcs-partner-office-migration-1.svg deleted file mode 100644 index 4d3078c578..0000000000 --- a/bcs/images/bcs-partner-office-migration-1.svg +++ /dev/null @@ -1,67 +0,0 @@ - - - - - bcs-partner-identitiy-integration-1 - - - - - - - - - - - - - - - - - - - diff --git a/bcs/images/bcs-partner-policies-set-device-config-1.svg b/bcs/images/bcs-partner-policies-set-device-config-1.svg deleted file mode 100644 index 78c1851ca6..0000000000 --- a/bcs/images/bcs-partner-policies-set-device-config-1.svg +++ /dev/null @@ -1,85 +0,0 @@ - - - - - bcs-partner-policies-set-device-config-1 - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/bcs/images/bcs-partner-policies-view-policies-2.svg b/bcs/images/bcs-partner-policies-view-policies-2.svg deleted file mode 100644 index a9864295ae..0000000000 --- a/bcs/images/bcs-partner-policies-view-policies-2.svg +++ /dev/null @@ -1,78 +0,0 @@ - - - - - bcs-partner-policies-view-policies-2 - - - - - - - - - - - - - - - - - - - - diff --git a/bcs/images/bcs-partner-prepare-office-1.svg b/bcs/images/bcs-partner-prepare-office-1.svg deleted file mode 100644 index 4a32ab1c8a..0000000000 --- a/bcs/images/bcs-partner-prepare-office-1.svg +++ /dev/null @@ -1,66 +0,0 @@ - - - - - bcs-partner-prepare-office-1 - - - - - - - - - - - - - - - - - - - - - - - diff --git a/bcs/images/bcs-partner-remove-3.svg b/bcs/images/bcs-partner-remove-3.svg deleted file mode 100644 index c0391193d3..0000000000 --- a/bcs/images/bcs-partner-remove-3.svg +++ /dev/null @@ -1,150 +0,0 @@ - - - - - bcs-partner-remove-3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/bcs/images/bcs-partner-reset-windows-4.svg b/bcs/images/bcs-partner-reset-windows-4.svg deleted file mode 100644 index a4edc0ec2e..0000000000 --- a/bcs/images/bcs-partner-reset-windows-4.svg +++ /dev/null @@ -1,85 +0,0 @@ - - - - - bcs-partner-reset-windows-4 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/bcs/images/bcs-partner-upgrade-2.svg b/bcs/images/bcs-partner-upgrade-2.svg deleted file mode 100644 index 6caf6e7678..0000000000 --- a/bcs/images/bcs-partner-upgrade-2.svg +++ /dev/null @@ -1,60 +0,0 @@ - - - - - bcs-partner-upgrade-2 - - - - - - - - - - - - - - - - diff --git a/bcs/images/bcs-user-management-add-customer-1.svg b/bcs/images/bcs-user-management-add-customer-1.svg deleted file mode 100644 index ce7d0b8c16..0000000000 --- a/bcs/images/bcs-user-management-add-customer-1.svg +++ /dev/null @@ -1,99 +0,0 @@ - - - - - bcs-user-management-add-customer-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/bcs/images/bcs-user-management-remove-customer-2.svg b/bcs/images/bcs-user-management-remove-customer-2.svg deleted file mode 100644 index d6e01e0d1e..0000000000 --- a/bcs/images/bcs-user-management-remove-customer-2.svg +++ /dev/null @@ -1,150 +0,0 @@ - - - - - bcs-user-management-remove-customer-2 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/bcs/images/icon_video.svg b/bcs/images/icon_video.svg deleted file mode 100644 index 76aebcbd5b..0000000000 --- a/bcs/images/icon_video.svg +++ /dev/null @@ -1,59 +0,0 @@ - - - - - 5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/bcs/images/partner-fastrack-3.svg b/bcs/images/partner-fastrack-3.svg deleted file mode 100644 index 6501c59e6f..0000000000 --- a/bcs/images/partner-fastrack-3.svg +++ /dev/null @@ -1,82 +0,0 @@ - - - - - ms365enterprise-partner-fastrack-3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/bcs/images/partner-news-2.svg b/bcs/images/partner-news-2.svg deleted file mode 100644 index 29eaeb8f09..0000000000 --- a/bcs/images/partner-news-2.svg +++ /dev/null @@ -1,123 +0,0 @@ - - - - - ms365enterprise-partner-news-2 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/bcs/images/partner-resource-training-1.svg b/bcs/images/partner-resource-training-1.svg deleted file mode 100644 index f76cf7ea96..0000000000 --- a/bcs/images/partner-resource-training-1.svg +++ /dev/null @@ -1,72 +0,0 @@ - - - - - ms365enterprise-partner-resource-training-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/bcs/index.md b/bcs/index.md deleted file mode 100644 index 37096ad62b..0000000000 --- a/bcs/index.md +++ /dev/null @@ -1,2087 +0,0 @@ ---- -layout: HubPage -hide_bc: true -author: CelesteDG -ms.author: celested -keywords: Microsoft 365 Business, Microsoft 365, business, SMB, small to midsize business, Microsoft 365 Business documentation, docs, documentation, technical information -ms.topic: hub-page -ms.localizationpriority: high -audience: microsoft-business  -title: Microsoft 365 Business documentation and resources -description: Learn about the product documentation and resources available for Microsoft 365 Business partners, IT admins, information workers, and business owners. -ms.date: 11/01/2017 ---- -
      - -
      -

      Microsoft 365 Business documentation and resources

      - - - -
      -
      diff --git a/bcs/support/images/pc_customer_m365bpreview_suspend.png b/bcs/support/images/pc_customer_m365bpreview_suspend.png deleted file mode 100644 index 7017cf8105a5d4163050853e039ce8b12904a987..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 73363 zcmbSycQjnl_iqZ(5`rKIqPHN4Zj|V~_c}rJGWuXJ5k&7Tdh||2FEgU|8ol>!bOvKQ z`Toj#f4{xftb6xe``$VGoO^ct+)y9#7;rlBhf{nz6eDW>v@(i7w z_!;oigA)?7bG!$D=?v!jLud9n8Is;~9 zZ|P`bV_{)|UK_SiH&x$N7E1)><#%;4PSMTw$|;87Vaun(7_DqWt3Qr4dU)3(A%N=u zwde5(uaZ$ZUoielZPYVgJvb4u0rdC4 zJ4z3KwlGH41$wARNN8z&`I{+8YMIJhhx?%V>TL*mWU(YL?^UI7AoMM2QO}r)q$NIs zp(}{rLDQA){dx|^`2?_+{l~08kuZRrjt%bpt4I`NwQP?KA{o*8sPTl7U&PBa+vzYc z=IeWt^`WXt#504ZV$hbGR>B=A7=&U>Uhi+V#Bug0C@XN|YTF0FwKYGD{comLa@Q}F zbO1p`;p`W9H}#$bPzS{8HE@6HzVh~c^7S7d#uoIkwuUd%xZqyAFEVEVKP~XbpUe1Y zJnzDfxe<&~LHzOqy+7|)llww@?Ux}p2aVi?DhEq-`j-1TOz$_OK|CD86KvDC$M1EpF+&|Mp58j|AWiHF?78v3ZFnSvQQMDvq)}PM(!{MZbRj>}5(B0(c-6e(P^(%Iobs4++P? z2}O^u-*#r7y{n78y{TA!`^)!gDOZ*tJ2|k`DY52!t9;($VCH)PlJQ6!WFk*%!cK|N znLjEFZDZ5=YGVAs8O6T|d4J#NMF75y*Jwe64Wx$F|e>*o>Y8$ z_V5zv$TjhFNd2bg{ z*X+=fXuQ^U-3sba5Rh-w8}mq0yz`V_l!#wmDFV;&@0JvdlC zkgrLlq?OmnKwV@IZyqWN&&F{MobLgHUdFj$({-xf1xU2JeNmN@3%NT@PQ^RCK-_KD zDi6LZFVnIBg@uQ%f=6+1al>cMK7~;VeQrEzh9aV{95Mf@{+4W@~0SbV#q2 zZX4%wyLJ&=RD+asP+*``=gEnRk3}qKnK%UB+WixeSPk&H2~Nw%SY{b1-&`xO~8IOp?HA^*xf* z_Qg|FbTtm5pYI$CLzohdE$G;ZZwx&6O#V&cRuby##)X3Sn3!Rn* z>H1_bFfev?c8(I}Tz&l^;BCPmH+j}szx-@`A_PDhk>SIkhp-E)ub5}J5=Jw*eY02molxl^hyOX_Jozi{RAyW1?# ztjE#H%57%oRBzo(j(_=T#t|W7DMOr|k&&KZ>^U0Ptoqr~W#f!k;~UM5TrfxyfHu9} z+b~u&L*l)dZ@`{jH2b!eBQY+UDbb*iUi78knUFJg}&|6@qs%O`z1wk)ro#tMk#No*LdP6axLroTE zxv_p-7kIzk$`^L@{#cP=o<+fNq2c}@lAZa|2VHp2?xPSDCpA+qe_Ur_rptSApt4%o zI{OxO#6mlBQZ^`tJ_Xx|^rU~+XdmOCyGJS*^<)uRzH2^7I~4ukMplalL`?%RFU5Yo zkIOtrZZwVksv}mdY5i36#y|cgnULr3Tamf#gih}=eTCt^jgKXn23!PoXCnRy1-MsNzmOT7t9Mtr-G!L9Vw8!%us-OyG>{SLdDCi%%#qJ!nK3uOtxTeTz9n z^CRi4mm9ks@v>K;VTy-hzLv{~^6}=&f3CLrynxVcf8jftt(DYJ zdLvEvfpwP(0Cv11pL1;__{&( zZ)(XB1U%Qe@w~40xAE~p6sU!Lw}v~m>qn?(S{$~C1sfr{sv)7UcpVL_y>?xm_X^+A)7OtgoKZG zVTIIU4VAkalA(27s^1b4X0{Hu5u%B{m*<_C$}B{VM8tERYmQ3tL9yTCT!q8U&h2}W zsCHN~7vMGeN^5_r;-`-mny-{NE8$T)`Hj%|OiePbB`A7rsf&Jm?OTpnGe|5p9tM_| z(Qvz};;u)CczLdGY+X6d8$D&2MzmbAd}QoUl{|@!i!Ci}TNda>(UGihzT}Am#fT~!3y$-1?W!am~k_~8v*FW++Q*-$Bg+% zbeE{d!NL&WYV%9ho1|DGqF1w3+vx{**RuR0;UOUiVV8rO@@6n~|2X@e4MwxC;ZkD* z`Gb{0cErCVU2wn9mr;iMmy~@Ewa`)NFI{i${BkKGk$T#d}NLQm?}?fIIzAVA}1M(6bM3JtcR zJPw|{fYquh&aXthddE9&8xBgBz$Fp?3(7qHz7TuVR>XJ1hTz@MQnt{OFZp&o(wME+ zJ^Y4BPc?)$D(&^S8sueUtnc{2Wj>M%320icxvaP{C$p>W7nH*kO%1bsc&p~t!WvKZ zyIwuVamNfbp+>ASP>hYBkofZIIP$dORqNAP`m=%!7@c3fFdxivx{rJ(vdd+HJHi?Q zk(aqvx!8`nU=V7pl*7C3{C%Y16H2}ur1MF!$dHP|bR*e`(#_pER&=It6=;M|Od~G% zCUoCYYH6>Oi)l}n25y}~wBl~RF7v^UoQ{Kz#m9J?; zY<;4T1|mj<{6W!&sE>3K?Ydd>JrFp0{~oo>B^md|L5oD`uX39=FM zgW7hVwpTzm(bS@dZa{9pA$EcQo*hB!OcPtuK{@4^AW7r%%H9K%CxLcxWINqAO3vcc zo;U}-Fnc~c`H$)`)uBoubsrLwVH`oxtS55eijLkzrs$j1ME7NEV|BjqnC4m>8k*bM zP7Hn{tq+XEhhI8_0)rSGUki3(cr{=K&!qMt;00@k<_N+xa_iHBL=`!(YjJi|levnq z_Or2!%*2CSnB*rpBhP@1ry1i>-3=_sDAZc#=l#6&ci_a}G=dg6`2n}z)j8ZbTt)z^ zIE}?PRnP0=)Qr~Xvnq; zLdtWyYrjGzQ{{1I0(Rlu8XZxNghV0YdMqaoeiPk6V6Q1@4{RO%RadY2C6Bxh_%Wi- zo+FI+Bj3BCO4a8)K4qUZrj3b-5OId-m#0YoZ8nn+*-4J8uk0FSzteh^YZn`EaXQA5 z8g~eP`&RVpM~&o@zq;GQ$w0irrF!Vdl(L3w1wgv9i6Tw5Gf;S?ry~N9W^E2&yip8ZpXqe?9k#^|FR!l2B|;~AVftT zcZU9AX!-u~YMYZ#3v^Zrt}$A$@92AHm?67YHx^+{x!F_CC01K%>u`P=I>^Q9to{U-Qdf@%h-N0Schjip@fPCX{3i8Bytm+FCI@;JJhJydC6R8ZS9K1^4BnS%QSdu zoUxx`V}V2N_Izr4h6UA*`b8M&Aqka6g#2I-xJR~LwGrvX0-U)S>D7HKU$Z_h%~>kY zbGs|w`{spWh_9R6@rz~sXKnNFaCe{P;Ki!(-k&&?3JVTzuCGt7hyF^g?n^44zmv-r zQso16j?7Ygy54JlIxzlCz>a%4LFzt@IbYStrzG1ZBR0j(O@TMFO-lg1nRO+i8W9b+ z;-}SaK4+*8-VeHpOR4hU8%xZW7qU&Y(Pl(=IQ9*O?BBwridBvDb|xGo4boeS!=WnD zapmRJ)wR3ar7R_F;kP3^>p4TMu?rIKSiIdWss~?G9~6xeQ}W|tJ2sTr%7j)KF}L)+ zf4j61RA%xr!`{MELPp^r11tEUKBjmGD7RQQU0<SykBOU47k0rYw8U0F7b;0Hne$v2ff>V8gTp;OVQBwd&i=$grS!09=m;Q zV!OVD7PR()G6)Iq7dzM3nKUb*sD}F5Jffp&o$qIpMN@Va$98 zh>1z&JP%~7O^Qo17#SJ6&e4ffSR<^~w%_x=+zR%kNiz%Xiz3DDPpsE9u=-g2FXGxojZwa81}0_AnrZM%YSo9mS6Po+mduwlE36b<1qMe&7%m)=MC^&`_S7?Y2exb$gr8 zKc2Y!b|Ct0L?=&*dlGPulnH_4vpg7@M^2vbrkjXVB5$AQygyBqm!%DHPY$l^m)R=| z5M&)cui0#Ou^8jahY@5897h^TFP2WXD~G_e=Nt?aflxTL!-V^mBsf%d1m@t8wDnwN}m*<4OK?-4RY| zZ~K%thgH5Ex(kMyQkZ=94WIX@b{yDP-m=t)Yc28o*eiK=J~VB%wzl7DaP{XS%ebcD zP8tY)y*B`osxwskC^89TNh4~Hpsu{Xp>%ex0>MeuPC}mZv|bSubC+K4rH7`4M;`F+ zV=lSXU0(sE4aHs=w5n)5hYn}f)P!tIVMR1_${O;au0c>@k(>9T!Ol+26Hf<<)HF$O z9N}}$2S!Q_16>Y4^fXzTyMwhjF4*gOuU`}Jy>)7dJKC%_@UA@zTIG26{bFDA9(Bew z6)sZEe5wQV{g9u}fXP^IsHq>jH4+3zQ&81D6yJ+Nj=x`gOSU*9LMeBmPqr)7pDz2{ z3GP`s&g>F>a@G-O8`9m++M81gP=m*f@EfYHZ)tB3RF-jO?HUkOm{ts+MqlE*BNKcduLf_*vs8(y zBSPL(0v!b8%o3$$ZI@ua>jz`|QTUxsSJQJ*&c*O&-ZJ9yw5qMImd&zsHk`IM3PeUU zZ2Wb>ct3p@&j#Nz3SRy^=Ny=La=YJyzvtDB*-+Bl8MnxLf0+e^*hrpN@m3WS%r6R7 zZGLsp7l*Hg7uF*dMBGuoHXzZb@kFFa4Q@wW@%ueefznf3lU-+tqpRUttdBFXMDKf+ zTal;~e{-{%O*^aBkVm<#cMg@!cprMl!ZY8{Jy>=GxtA3~queUUyK0{_P)c=MSBSIG z=49LRdJpL!;TW3_pSx3J?qaCFWn@m>WAlnh5yd}E8pEk;QbnU9u|vBi{AwVrWu~~? z_IKMvLIocX&$a?5B&@iDn(H0ki22Tir4rME4W*nSmzqoS@`I#0dB2hOp_AgE*U|UY zhh>1sy!920AC$$XJ4+dc$(Ph{nzncEMH_qriaNK3(gHC8J*eQ6Y3V!G_DXayAUPku zWucg@yOqRTE{=&k(ESBL{4Y6GVT@#F^tb=@M#_MAx|Cm8V@k7I&Od(1C~c znX1CC&F;Ex`DV{widcayt^X{w-f1s0|C!v8cuPNNvO1VdC)+n6N7=d}^%32371-ix z^b-`4RY?qX51TgTKKl7Nc)MNpsDPv}YxZ=qB5hB)D~}#9{TbE2#4ESGka&xmYH4Xn zy7jF7q~|C!T%phNnb$q>X=2QuU98oV;$(b~@zq6Bns;Cynk@*g8IE2XU{9Tr4^^RT zO?dC35UJM0@z&>0auVql@@6KRewtbs=IqlWjdvgN+0H-mo5mX5N7+hg25yJREE++# z<8D{_XCixTDI8c8!kP&%*!>Fme32Anvo!5$IZ9FaqgE3Hxzg5LNfoy)0XiZ?+uo8q zp_kp9pnm19V$;+ueQP4%^LZNI2C*pgkcu(#l*@-!xDZKvYx(<@gM*35ohhQ-O&tzd z>19;B+Socx$e7Q|66ho>=VhG2dnm&`^x&k;x^4P06G>-5YcWK{r=Ku_K8a`VyHw0d z4RCyGpL1jgt4Hse%MKeszI-Wz>KWV=YYKxdz(6G&_0{qokox!;{hJq+CIapU6DftK zl{6-Rw{KlLA6^d25+~Hks$F#AklRKbF36d{!m~J?=p`xH+%J{k89_k>n~rVD$w9fQ z3WJ_Y`&s83+7Bre_j`y~$sTIf-M!W(Mp{miwx6#D9OmEF@cC*@B(|bv;?{~;YZ0J* zer!a;JIb_9C-9jnyPUe%4O^U)x-fl{<9y$7-a9B2FBQ9O-X@1>3QRO1hPj@rDVPb_ z0MOs>0}64Zbz;N4lpc-frseTf#Mj|jee_Ynf8(X5rjK$9KX)%>32Ph3-8RX4Wnn7@ zl?aK3dU}mqn$J}&RrCa5NHYd9;xC7qZo~wzl1O`{sv^Xu`COkD#Q6?J%lqt;lOe(3 zIC$Y@tJS;eaG`4n=H_<;BRvCc$Syl#5sDytki*46zq)?f`)6bH0w1`hlFbnv8TXv|AuQP1H=Vk6(a zQDRJqjsIqNMh>fS#yg+5>)D1FFPiaGEbw5f<^^HJ{4OEF`CbH%`PIwoP&(1@ItyEY zPXv{R(XZPs!R!c$qbC57TwC5f8&kerl!$Bh5suezHCCb_e@4i`LxWytf6T#U>r#_@ zYG+P2DSK=u|Du{D84FBPgg z9>#_Md>sDQaoXhilFg+{aPY;RZZ6hF*QJU5d5v#uOxiGn%4iMqXGV#*N z%*Qk@03|8Nfz`9}(D5i_@;E_fLeM9Tb*0JWm#nu%HK(03ECw!ljW?ui)o_#;-0uox zH08|Py;hq1(!O#R0J)iOMVi4T*a6`0A!b9x^J-g)gFZ^r>2?oZ^P420pzEhh6$HTcO$eeNi@OMbVA`u60>le;G<)r|s+4q>8jXgMp6C5; zbH(HA$LPo6a7R^68ohdxo!(kqIBmAScw1CAF2JG_6GJ-6IPLC`4O z^ek^1*8h-TWqq3X^ffDaFZV1*BF&_P0^S6taUbrK3glW!=GJQEq^dOVa%(xg*YNJ06tZ# z+irVR0Hm(heja8uQpbTj+w?d9xZRvr83VvaOI6a|@q-9hv$}SQ!!4&tlh5u#-{O27 zVyW70Ag#wnK~d3u+23Ar47>K1*WUsTfX9(^HPJ_`s0<-5r+b9)gL{sht?|0eGzOe( z&kfke5hX9c?stO1xA756jTX1VxmFJaa3_yxOBCf_(VIVy(DtJavMT9tx9ig`?qGiT zFlr$$#AzZsGrl8X?5xY_LKmJ@)ZrZ5;r7xP;^83OS_`;5c&K=vF{PA4JdWn*0xnIw z|4to3E)SAs83ITTXMXEj-VVc>!C`pe4>tLAt(Vi4rKx&f2IT5+p-GzPeyy5no71Sp zXBUOeNV^6eT{_DT*vnLMT?s2Hf)?RVVS)1x&EZ1*9pc*=&LS7SXJv3wpKAeT6+?vVB|J1cOx(+8(r4nl~r}TCJ zAI-o??uQ#VnpLwzeVwLeyP+|Ba{arm$Rb9Izm_QslH)rUL20;pP92<&A5e9kevDRZEk4E%@U zmGgZa%|X&qV_eUK!pD)i(}x1?TZ3)J_vy(*4@LzU`3XvD!FMF)a=Mn!PBxN*eodUA4dMj8eRN?KA<&lArmB&-M=h@b{FF)=LnHe*Hbm!ez@ z-^7SwZo4!=`zu+*>uFMkJ%D9oZXRPG2Ii>Dvanc8Jua@Pr`^JnH>pyD;nVok7(pjT z^hqyCNJ%?dwQwuHLbb`@g=-1)w46c+E>12_138VLIHY@#*A!7*xNLl9c#I{R zQ|DPbRf3x3c#oMBHXEHpISl_q}Jmy=@d723j%h0^Klu}SbPquoMqNp49? zYTVJ~`$pdU-K7VAu{)_GdjjFqTnQ>Jxg>%!~>D-LU28FvlB83y|#K>$r?ILA!LJWA_7fI zR8rUm&oj&sfi|O$GS1!&iQpo1wOnZ+Y@u1^sNzs$RqL7d+z!L><>}#vwaV2!&RmRc z!(m?+5d#7-o*F9D^BgZ6)bWXn8(-e__T>;ODkPX=$ahKTTkGucGClg1*n!A_LOFZU z>y~I`JrERaEca<8B@~t$)X%?Mw!KvD)y>=sL^mP%DZA7>)+)M6L!&iUgL@Y-gxHG? zvaU4#^=?~9JegnKL&DK&F5FM*v;JgkUP?9iGEAKO0bmu)fBlBJm-e%Dqo^lT*ZZ%X z_ifMB&|Z!CRlDZ%)kK8Sx6du79FD*kw>*1VPa|Kisu{~!F?C-^_r z{>j!pzW#^P`$tpHGAkSEz5YGoA0f3dFfc@k{|6m+TL z1L|hacRQHEO-DzU=ErJdW0NrSzvD;mJY+*ES)!3oh{QPVeE#>IN5Q9)Dcn~7EBB}J zBK}&zz&k#H2YLe$|DV}?w4l1dzN>7=rwE$=R#-;!IfE?|z%REhX5k3LW}B&VVJk!~oV>6($!bhD-Wx8)QXwrbXR z=F-)HYOE)fiKk!CCIR-gCP0r-(qDAwTTvYwG8D@^VKT&S1W&DOaVn3AJE?bzK?sAb z5#M*~#=JJWm>mbakb!dAOKY&ND?fVcmdBY?D0T0K8J$8S_#ZVU>O5#)W`{qKbHh(3iBrsaNR1)=>#iOs%oW{43~X zWZeQw+6u-wzP0L!U;gU(VV9k4O;Y~pN?lV5w4=AZe{HZ2sg*mtp{|Tjq>J|eZJW2OUp*;hkrc~Qh|C4+g z(XE-dJ=)U4(^Z;hJ`MS+wua`s91c_*FC4fuE*H4Sv7`&FdW|-{EIy0V2wwNi);BfP#huc z-yxk{@{E+qmt)M|#N_dZL*j*oj{qZm^{Gh{GU``qliXu-YHDJCx&;ndfcdp+i?HF- z^9|H9o+{zVEKz^lVH9u(dZ)~f5T3WDAX1QCu>>I0@n6VvLV&4cTyLAa}c3V1Wf`d-2DNzHXtczur|xyadF-M&b-G`xZu$_;oMM( zg6uUXuN~!sITE%%u=LGZH1^%7R;C78oGRRg@U)2*a9;Re46OTt`#6p6?6bm{V8~$UhKNDLz@;WGAu#X`T zqN{z-E9OJ87p-q#V1Sk;EB=pfL48N5!HMEy1e;WUM;>3%t}Q2NpyNJY)PC)?WMxH< zgYVK$N*QEDUVzZgr{&Dy;r{N}DQnh9g{fXE7tFL`Ceao*t@%HFV#4E-TD$$O8G9!r z_P-A%6Gar7IN|rN=c9gY2@gu!UtjmE5BHQqpZi?w z#1g>p6JOd>BVcS~l2PaHHDO-BuJ-P+v7wQ9gU!@*OX9gDKtJ6@t*|_bd?7t3Q$vnW zG)YJ1%o8OwoBYxu`^0GMql+JA+7Y{}+b>*fdM|?#G0nRDOv4g+f(Ccn`j%o@OL_L@ zL}%?28?rF5#K6*?OG<-V87ZkEv4+!e9*X>o#1x%s-TGJ04{|!5D7zgwF4i#T?!)}7 zz+NS_DZUIrfpdO`FB?PFUi{rXt>d<=2n^|cd7YN5EuuMw8{R=8qzbYzXp+Lb*==cZ zSsDF%1D16n1-v*~mbblgY%v&qUfXi7*Tw&CZh3O8O|mgi0rh(Rw*<|y*VYa(Df!CH z+R4+AP71BwAzdvVLI%O;;fd--#-b&enz~kp1*q4(vkbr zNLeM!A+dVoPkptA&UbeEEE-WC=~}nr!{g6T^^KIfkKo$!?y;)j2>i?F3V1rlrk9eX ztu%X>SNbYCb9Z*Pza^qXWl3$rUR#tsD8*p;%;T4pV*_tS-ymDDd8>_ILv2`}QXgCK zHp%naNt^y<&(9lK#ztB(^1|SiFljvrQ&$@BYJFt#GZT&4PR-@hn8XFxr*mpwtY%J? zq5hpTrV(HtcML096cg7+2iv*)0d?qtiA%64fybi_=4jl2H zZ<@(ul&>t8;pcRa=Z5xgsph@jS0yfI;7xj&z0nFOuUVL{on$NzHtcrhXyngmsuN&&RfAi|v;>QP0VQ;IbPzw9*#J1VRR7Tl* zpZ5wnI8ZroQgL*_f-BVa$OJUqZKE^4oC5mn@w%{1jusMl`PEDPZr?SMQVsnMz6@w! z^6_!Z7TnD&AhPwXV7fsrY3h4oxBW7ix-$gZZC9N@IgglfX)ZgUSj(`hd?t|oB{(_klE+cnzU1T0Y3MBps)9A@Zw5WM zCvOwL-|}moJJYy1YiOSFIeT=SXTfG)CMB=86Yu+AF?(JE>a&%${UzzLkHbmHl|_6b zWyK^rz2}Z^be#s)w9m8}K;*{F?~PEXIoN?8`f;OJYyQrU?hF%d_NPI7&v2Uz`k$do z`yA#L)h5ULm8LtNFh)mxk*(FmM*?h3-*y@pN-IwfYRQfOJZzlDHTU=IL;&m}L&s$@ z!=AaY8$4-VDoRC>MyrvQUF41$R5~tc4bPZfQ`@(v-%t46FS*B}2!eJ0S-$ov;FKzV%(4XWf#r$v^j~VbrYO!Ku!lz! zJk+rR)1PaDgiWYfrU1Tendko`?sp42m#Bre-JbVKC8()`T@wpEW9%CDR7m4|t#%_e z(S-H&5AuC|0k=U@k(8)YM~ZgE8X zC#bVqd5Fm^Q^e zqCUa~yVlfJe;oDsEx9F*e#K`g(?$*@-h_qlnWoaLmGK6vDEHW{;- zC^=uBb!J|BO!}6J(M{G+k)1M)ne0+b&0Ug_@Y1$>4CVKJQfG>(A^{+{pHsH^3ACkh zrrq^gM2n}Noo#4jWMG8r-H@{9>G6juKhr9~)p0bQiXYr0B>HMn@izT8*021>E-~@> zwHd|VQU1AD^6o_-vDKg6fG`N&galqda%Dk3HWzQ?b$$GhN6VCF46iV8uDjURMhfg^ z`y(;rl<}A9r|y0#mvwwoO=0}?nL5@6-QItVcuks*#Rh3ur@R?;#RPZRm{mD8>m!w? zY?rjTpxc%ohCi*A8XCMfD$uK#l4=En`ImY*=F@M&qhws&mpYoakO5D;wg8Efjs;id z7onF&+oj}b+g#=YNXj86KZo^<$qXu2AnoUiN8`fwiRt6l+;)N7dPU_0=^0r$NQrVA zish>@iaka5`F^voraIbw-HbjJiZIWnUR-X^vR%QpMatn*A}fn=RR1MJM#_hpDk!lm zU7n$GS#0cw=lyr1jzP0@v@3_MpP7-70X17V%ul+)^Q&Pv_iCQY@(;BLratPqEoWs< z+Nr`5J+b`<=p%<}oh+u8VCoL*{w#0gI%Krnt)a4P=Zj;`vB3$V!)iFH8pLzJawEDQh8mDR^9<#N%&BhTdFXmoWCJOZJf~3)p4- z%|E@g@^U7(QwFyzvJYL)|Sp_Dek(385;P23Lo}MzWro}$?M$`_i3-oIsE9T+Oe%PkEPNr{E}L$ zXA8cL0-faxukASOh-*JC<{j_ITXOjk*~;tu?xx*Qb|^xBY>9)-WN|^RyhQ6SeasIu z_2)yc3C%aR)f4T{nLKz}+%|sLUJ=zTBtBr=l*R5P|Fd1bE=SNbiM}LEj)~oP#%8mt zycW02?b3C2RzWbK?hZT*F`se!vCHi~-@A7yZeJ{U5o z`&lW`u9Fap75%xH>WIkZqQ&r%A1j-sI|?n)4+*Qr#0FTTD#e2_GI+LwTWaW5+@^Fy z=;(I?nCo!SreQ?_32>NxvSLA2%eU z2*IUT@JU=NyPoqUPpj8$pqfS^8b*sk4@gGJOnh95B{%Enat{v~t%jfR!@{3o{gy;5 zHEm1wtwts?U=_6-``o_n(`h=hlh)<&Z;j1q0OfV*Y(i2aqCm{kn|&2CJHI{yxmX;G?J$x_O!I&IkRacm$qlW3uG zGhv@2`aKGGnqlS2jOMI;pU#t*u5S8aa(C`9d9}}?W!*;JwaE_gjcGh1;rwuS;iG*S zgO>WFeJZzu&taaIwTribt%1j6?Ml?8-lryRB|{y6rizrZnu&>;8mF|UR&G5XRBCqF z!+SN{bkcb@@3=?FfAEZYN|zZPd=|=V$Q|hal3!3@nHRJSaH{+AEgn&1N*LFJD0TYi z?BO&XQIxThH%oET>5}#jMfeEGaUJV(QE?5t&RDo(!^4-k z)Lg|89w*|@F-07W5K5Tngo!#8>mHpfKGLD-t{C;a*cggu(s?t45Lmq~88{vLn{#PW zuUo%S&Qer5o#+UW8Tziv+I>Dwg6Z>#zFk~etR!7muFlU^dUcy!R@%J>w9W2Ia(k5t z%C1Dmsfk7^Pw&AKMvNmlJqum*)^}llG+L~hXVRQ6ciM{B-1Ibc!gO;=P7u2iuH(ip zq)p)7`4#s}z*^Rl<)POb34ui-qbJ*pCGhq?>$g|cOH7n4;diLP4mQWiM*c;+@2{>vP_{@d=o&CQsb5PWtnVq-L3<_3OsKmAs}toJ*q*d>2G5-K{e&_fsmDHstEtI zZjsX+UwIVGpa$$*izA0D$8#fLfO&0u4r9Zu=lu&=W_rUPZs?(es)J3ndx`|f z*1sC0?AHC!rqFK+>RA>_aonqXGm60vbY7Oj<5=*yxQs+`oGq4Z>jEc+K2ts4XZJ>Z zpnINH>vc{S$M1CZY!MwQ|AiX*-R|etyz}-@nwLFcKx03Rq3%|`@xcAZyXE?)weY;ObCX_jpA|oRrB9sUF z^pP<~QilEk@U;gtMFbmyH_*JiEy}yzaRFDZ+(3DtSI%of*#Ix(!)1R+%3-L#Lhl?XL->HA=VhFO z`;$M*6QFR8ey08>K{Rn zoL2T4RPi=hCWi@)8GqNUTobf|OW$1vO(T>p-E!Lou(;gIjTfj)L*krc6g~E3VRymp#oJ1qnJ<9++Yv3Q^u+_-4SW;r3d449 zjW;@~R90_kG9u&T?HgP5&Q2Dmg{JT?JqqSjM`+?J{kGBU6^ZFi^8he)(Qb;Mpq@<; z>owzgvO-eNt#Biko$ZmWMNVm+qk0?cx!q4X@zpj-V{Qnu9kB&wWFD?h<=KPkDXV1D zgk#0@N!jM_TknMnzCu4K&6CM^$XiEiNDMj(d)gfBt$ndNMV%{aU%fF2s%;<8Wkimy z{3xwMP3{vYJvpYVk_newjsmjgCa10E`p!S1;nU}B@g8I9PC4G7SAZ)T2vI;iFWoE_`(K(yk`#de@T$Gb^!c(_Wc*XO8j5TawpG91l4;@clEk7Dq zoiYE*ubZ*fa0L{sF!?gQ{s3bD65!$o_I zRW5Pqd$wCX<|Ta!tBGO1rPZ(6UC0!HciE|-f=6rriD14iCp9)Umg-jG;^CeB9Ur;k zKAk+U2HUw_&5!(XR!r1)Q?Pd#*^$zj?` zmJ}J1Y-#TbJ?Ly0{2jH~Rs4O*vL<}s?^EUSLljBUcBX<`P|4r zw6YfdY){7Z#ey%s%VTXxuI)7Y=RpkiOxm~WgJ5#5b+l{5`DS(iub^p;oDRI1r|z`G zi+g`E0&d^o-k8-&?KQllL{Od5PxebmA+cy_gsRJ6DKh_}{^E&2u?e%C+{dTFctBhl z`j#d2<3fqiJAQ2)J5KP&CsDdEmi@e^v#2_=8Ezd4HvW0S^*vNvpQ!Pa{%}#dwq~93vWV35eb-6o$CCna_@@s3Vi$bV6BXdF7jka$~0*x2Add zPiVZuO7<(oR_z~%ZzlZvroC84_2-=Ed#>q!BN@#ywsoPhSKDHP~b=k zKbN;*^2jgsJp(qcird`xbT}ePrC^h(sBk%ZCt^NyXnP{A{8T9yZdqwMubP1JWEM4) zwc@*{`0EDdUAs zZ;ZX{RN{BBR`AEAE{mIg!dYDmC+VUXR42S|SvJV=jv!43xGpTtbB{H;aSNc6w*R<90O7+NCx+`+8F-d{9GmDLV#G{N z%gM+3@~@T`lYmENW=6s7MF_9`-?ECs zM-Q#>gY}xQ2~JPuq~p@Oapu(&en(HXVoUGjT9v#+VI8G;+LRflL92#h=G6EeFH2n@ zZIt?VFOEOX_)L?PjV*v=W`8O_l8E1PV^_$GfXn{F1$c}RoMdKTU}AV`Zd%}S+a{>D z9r+b>qshpRacG=lthc>kQh0V$_T6gZQ7HCLPrrFumy(v2mXeZsAu$o@SLN@!_^PPR z<}aAno$n~~LfF}_CaWmH<1dxBHQUJo_xGB++W$>j{{KtP{tvY8-Lwq{{>!veh6sNH z;-7YSdvW!vu4QW!j*08%89G3SNd)KKLwr&a7|c66eh@tieM!sDk@QXVBph4=?|7EDsd%6IW`o z02W|tp&hQY>~+0CPJZt0&#?@gQFAR*OPZL(B(3|MIU@<%NoI+KiRsDdZvt!x7R7DG z71d?T?sH=(wNJSh> z(zeALdNdJ{rt1!Jd;>1u>u|EoDgGQ9Hz+lRucyD6nrpJF8Mwkdq4@q3A6mnq;4=Ww ziZDVKj$zEGs5oV7E7{}sHww+z-W5 zR;ii#WAK{T8an2%vd0Wam7n(Af-)Le0j=NQ`LpLtbSyM*i>=W4GotD?oNld+DvE23 z!`Q>aZXCm<7_z72<04mt!Ala=NIjf;HO5M;cCz^S*|j$Ij?n3Uin-iDL4*NBV|siY zJ;Ec?qul|~vketB5Ys+%q~zxI#J#lS$H#A5Eb|I&wiM|L@uqr^E}h)kS~<;*-yy=4tOAql>Y)p8=JRgx7@eBtB1d>7Lv; zVjf7iwppMZwcHWANwzji^dg~!&X0mFxQqf0LSDM7?$4{tWYg#87LxW&O&4Gg%dH2$ zyd4Bl&?JGxrM1EbGV4!^78VzoXz?Vmg*CZhM|M>i2Af*&&^WV!8uiErG2G)55>5HX*JRHy- zHPct@Y%u!{%?|T+*15`8(;FFq7_av3Jh0dCW_rG+!xD(e#6O;kacOjlmlS3d<2*>j z7);Hm4T`ARXY4`}H4?r(a19R9ay~|*QGI78w46`{DDS({kvP_HxUKQu+w;lSRuGGlYQTIQD^TUiBer_~7F+Q!QOPnGjr(eIW%^XO&S`y4n z$PtZ-i-yVD7 z7?sj-dL^k}tto0}qOGsNy6${*bu(&rJ4d@aPR1{(oOb)1e>lZmCnt6lmW7cWQ7fCE zsH+^D6(QKeS~n@o?pU4K0IQbt@ge`GadLqueTVaodK#r0F3rPM#;uO`%VkNCsN{&` zfEMkX_4lYY7e%|w@O)@jhJfY)(Y*YJz5T4bibPR%_Q0hQ6Mzc=o5oh*&Twa7z{k8~ z3tcTMkU|AZ=ua0+xCOpK^6+rp=a%{{dsPSTD4!<;jJ|#!b=G#~IQ$(`yzT_e-lmX3 z3ERjel0qTL6nnAULllGbc4rLL`PS+5;v>8v1Z%(*ln%R!w0P1&^-l(*tB{2U+?e-c zX>Hj#IU_|l!Wg|~dJd%@sOrL}b4;kI)rE6(Q|7;EUM>vuKzS9b+EK$ z71Pb}gapBJB{&Ko>NVt@v{GJ-X`ANMUX42J;!sl;-jDaWCHe4BySS(m-V8_^!g)G6 z6Pg8uhucToUQM+*>%7$FSv-H>YPkQJlpYN0;0mV?GfzuhxKkT$+)!u}Dah1VTg}lA z2vG`{G1PDq>jq}%OmnD)R$NiIdoh-f%=CT!IQFBq5l zo9KpC!e0+{@D3z%wp4O@K|Jm+b903i`mTm8p*XTE>=RenTXJ2s)JTeZHHu5xc}n#P z!(m(7I@keuwtcj_cAHO9OX8bLUT>SKm#?0M#x19fprg?ws|BwLq3^%})!EV~Dl<|3 zT9?@vA&+B2wAA;#nYS=i=()N-e(CEW|U>Q8lWcQ zS(KX{9F`27Bf(2$Memgix{ONb*fDWZFt?XsX{wu2eG5SCCl4n81EK9TB;=)CwDf1^ z)SPr>Knir>y>vJ_gn2Hw`x;Qn^+50}+o-;pj=q4DlC!(SIU+2cX>q>+vpAW8eAlnR zK|KdYTP4<37sS&CpH)O;rz6;|B5D~UzIBml2x1Hf5h!cB5mELpa;&?v9*~RAjl{## z90)mQnF;^)v6Qas+~hkMRAWLkp1ddmYxG!Ifm5A}y06cyLQHy$kcUH4VIb#0ikM3) zd~V-8Hmy_KX>|8$v{ll;DQ;(3g37|RWmtuH4$$s1r-chD%E5vNG`^Rf@!;ie1!`&R36*b;CgQ1 z;Wo$!J2rgOuRM>rF{i$en2gT1J@5tB7bIW$f&f_Gpfv|0)|CvuR@|&4Wc~@Spy*Q?Uo-5IUCzHhenf< zy?wr-(B?(4JaMpz5uuqeXIUCpCaY$Ib!R*Kp8t4hsK? z5=0H|NVA*#_st%=MOut{pNv9cucIHgV5z_E8sS##x_WN+D)aS2P!(WA_;1xearXM^$ zJoIAL>mI4V;yvq~V1w~O(P3H4(z}z2ikc=3uCaPi4Q?+Zb)aDa?_i=Id)<7m9RTJQ z%EQZ`fL?JL4KB77%Q_9qsNmu#YrUHG%1nA-|8|GPV`dbateMt(O-+4-(7YGVkF-4^4~o(}zNuU$$17-R6=&`TGRF z)YbQ_OiPQ)Y~|awWB_`?*jfsVh;Yb=l*U(e=%Dl{A*&){+Z{5#Cm>cTY0w*i20=Ss#Txz3x$3R!&V(-oX+!jAxvTm$WTUc1tB0H%EvD_qfgv zboKG!$EPF$4Adpo09{24dB3fIUVLV9Jci@pU}>5%YRNBOtokq)#3yo|N|bQ3;Q<=h z1!1x>BO-R3tp%Z9vW3}EuCSPcglVe1Hc}%?JFGekoS=ihgh>yqM+DKu=S~!gbC&u( zAI&G$l?9Xt+q%1QYB0{J36e#JXr5_bbXub&3e%Jv5#k+N5v2%FmzI~>=w-~Wyj1E4 z>(P~Z-}Zv2Y5J*6PVmeLdy~^7WQn8nE_a#2Se92OCc;BR1KpZezm9UvEOT-;^RSHL z6G?vl6r8(M_S9*hqwF>YaxVbrWqFw3Xm;$t-~_WWFIa)x$IzRZXmR3xI;}-sK-@%7 z_K%>-Vb7NJ{iiG8X zpe)f$F=4N&Gxh;*H5=pRA54}sK|!%kv(tg>JuC~_1N`tOQ)~gaEaGIgk7O_FJ$v6Y zH$U0_-wF^6}7OiK#5AVK($`J$({f zn4Nslz{!D?oGsB8zVG}=` z{rV>N$ZI{a-r|>Y8lF30e*TN3WUX!Mr0?4_M`B+rJ?-OY6uxh zaF@SR+!$Q;5Fqm(IlcF4t{3P(B6japrvL1J^FLrb|K9F@koNOoSY(G*hvL8dg@E3) z3$&By*u?MdtUi{lZTt7cRkD#V=^tS^MRSHyzhI6|4A1B0#yR08;uGxc6Ksuro4fkr zrKnfj?=5hK$5FUw#VE3~TGI=$ ze07lOge0S~#_G)b?ViuRMu^MJjAl%aa=qo^m~;A3m8 zkNs;p&sR^EHVu4GUAxm&p%@+E=lBPU6P+f@W2Wh;J=7?+_HKH3yEwP&L2i0ZmZYNG zBJ2c>iLaRDRQYEcxelI0ZlIEtUO549cd?gCZUoMSnzp?92&BB*cZ?ijyMwy=n42=* zWGgc$L_4uy%(1C*T{SUvy3)MbcE7ybf|E}@pz?mn5P$`3qyr=Cr1O0z9WjnYJ_G-KZl{^_ zY{K`-iKB1zvj-r!9*<)OR%sFCVrvQprcuW@m<4BmzM5u0q>-=+-^f92G%9s#C2wd^ z&eH+~Rco1#2%@C$=ZcmfTq&t6KP>C`yo3{@^0+vN@+Qu7>*6Kx{6fuXtl>V6It#_) zZlnP3uld%T)_(35->(c}!@6n0HrF`b$T1BpP0mrrFQ_L!4m0MokZ8{?wL96{TNljA zN=q-&dKlGoND1&adz7@(4NQ>65~4mWFt#{3yJk`f>GTwUOtQ!m*Y=3GClkxpMAA}^ zW@@K1lpF3 z0+I;85c)JH$$wo#2d!BivDk>Kk=z*Vn6SC$XE?(*0NhJNd`*^`U88D*M^`xRLlO=~ zj|zx}+8={2f5pkzsVgpPx1dVIOr%9U<%G+y+xCP-|z>Pb0_hj!2|Y%7dZucd?(K3OrW zoGO4VcG8>#&FlOhqJNEub~SVf{wnLzkgTKY8BiV*=_cnau3iUAomJiTPY+iT<|!yj zp|2RzVh=lpw_^OKF(pyZ*jO#}Jl?I;NU!r8NJGqc+_!~S@ciN&Kk(aFSv-9BIGMTO z@c0CAD;C2}BK}b!K)ed*NZp@zNE?t59dBTE|BH2HQYEQS`3sL#(+^C`_4w(9l~1N- z$*LOYx~Glax+94vgg8i&U2&tL@GIy0V8pC?(pEpqQ=wtu;s!C)AUNUL-9RJ&AnaNS z4Ss=ZXd?_=d+Jhi=aH5!tag}Win3AM#I$7QY$j0^7ni=H#^0aZC-AE~Y~AE1kDV0< zI|Kw$q?n}zHc`2cpU266B+aVEo8}Vt_+YUj}zal~-L>2L zj&FlYQ~WK>a>Zn#s4I2b90jQLNssTLaVQ3NqR6V^nzF3iK{eTu#7tJY#J7pC(3)u# z%&HX#3<>MV-@>m{m`xI0uD$>OtSHAf2 zLIac8*eH(NWTY%TqMgUk`AK0U)+(_#4v|%Phe`0t++pK`?um*Gbfr<9CmeR2`QdJy z+SeT`-L3Qlbv1Q<-Z4wM;e6)<%|)2{dS&!Hf1b&j((RQmz(w^Vi-WtJ(NaUJp=8~- zn3Qt~NdkR{s#@1#h$rA$*@cM1roF)iR1;hF%+->`GxMd7iG{yC?|muzdYh2gl7iN3fLQeW3$qg*9-h|&VgS;t@xt7k=s3LGy|89lTy416M}+nvP!Vlw74&m` zJ{fq`m!q?l*Hkx$dU~L@cOkzBtDJczN#Du>ElwpkFSMYoV4xsJqlIu*%`CXM6i}2Z zAI@)8LC(Ljun-=dvcSRfHSwc~nc2@7F0R=rHSI~Zah0zsv)^@7CJ#a^+1RG!O#*M` zSZW&E19$ZFcTuNVcvX85YbtBUiq`nUKk{#7G1t6)r3K~=APH5Q6qVBu5cq@>6%wUJ zG^RP*PEx^YVw((&nhQ%JP=7X|d~cF#(!|7_-QbCxe5y~LBlD~4;_q{L2g$wruiUX; z&Ht|{9DTqg`042C=;@Q!pJ)uysF!biWI6yR_ISf8wf&N?_%?OV`P=;hhB7m}jsG~b zUqr*OTePE8z;WMBIyyQ%7+5Hb8N{rrfsWCpfSGyn(c$jBC+4DRRv;%QFAK0fsGMnT zUTJZTZ>WRAZWGC&);9*Bz}m8;Jg?5i1cY4vpVY&4ZldV&fS50_$ZUL^3(*+3BS*(3 znLVFkaHi3XbiYao>-HTD%1P6aa+3407TacJ)6kNUkod$ZEwA)S1k37mD{LkL9HcA# z&eV)VFMpBM%m20Vo4eNgAMU_tVKTM|>+!8YXEAr4IDrqBVG?wMlD4<-dbyR%A)um5 zMcYG-Q0%CEk=g-a1s3)&q-k=F1sHTptUK2RMmyWRb@@gx!O-1bKK6Hn^^kE+%M~^K zebu?AQ18b+C&s;a)LW*3+S*!xmd8{VAa;B$qu;M`JC4Nli-s;akg6tvTNJDw{7%ip z#lgZtk=6~a%P3$nTaX&Z!CCGP^bSegTunt8P>l)JC45;IwpAjFO5ltzvf2@IIf zLkq=oWitPqxP~K4`ws@fC!wlhip9aH=XV}L0|O(=7SwQ1G;#6ra@>5A>51q>Xc*Dj zbG4mjf0DZ(#_-hPBi4c7jD-_vqYasdgehc8r-KlSq)8{`q#`0vurPOzk7D_lrDvi1;|h0& zF*+wLV4m^MPEt=kf@JO3f3EPB#n_@fLj`spdfm($zaGkZy>5iId)=(Q9?xmD?i8K| zl(_7w=7(<<-Pu_IC>I6^8cSC==bTmcUfZ{m*#ED)Q0%|*r+W~@^80jtT7F?3)L>}6 zkarO;S+35PRVMJ+jo&3XHhg`q9($p4_{GmxOvd>D;esLg@MjV9Lf}FD7O51t%@_by z_pAQtvmCN9^R)UQr^dv%v2}3szxL!K|55%+tb0t=#rF=eSz}`?Jyq#;l$6us^3;pl z<2-Aww|%w#g9E$kS-#ifQTaOswoEv>qSKyBi=oy)TO{ZsDgrbNGSiswn#?^5Tijo{KZxudUKO_D2rVQjeWHs4gMHY(GuS z(&4sv?4_?sOoC>i3C8k!FsW}Y?CYZOuDQwO6jrY4;{JRguwf3D|;Re}VsD1XNDucXI)_nt)4&?|(ZqduaT@Xk>+ zC-T&^Km{caZCiN{Cm|KRFO1a9Rdqiw3bRdr(VZTdmVbc1fJ6GAujDv70`zxt{`8^a zbBC}iK6q@oJwx9pVmV#-v#>~j;m>O%hpk7hhL4Ju6b%E#^xTjN@!8C@z3ko}k4_1a z6%PTbZaVdVODJ$$*-~pL@`2O*ecf2DyOG>IcNteg_;F6mr5*Cl^eM6)^@lpI>EttY>{XBPJ)XW^zP>!RzmC0LpX#($WoFdN>qoEFF}yy2Mc;M< zYmqc@Cb+8Bt6z6tom4e-9B1QSFMl%J9?xH|@;^#3uu*Pxe1CP?Osre4V|n+gKeqe} zdv++@tM#O~{fS{>6QxLW&F1)zvDRWPr|v8G+;|8+v$3XO`=l&F{!u>8V;adrR3o!@l#j3xzqv4e7?#LBO>J^hmGl}p-?kcQz0F!MmG=tQuOk97(B1W-<~|R2Cv&mP{zuS*WiBe^w@W!zTiPoq-eR8+bEpUFig;^d!;enuaur`jfPMl|3Ei zuEOTFBi6D)YEny|*rYB{PJd;OD8MJGsi}WK)~{fa!K5x}@bIhw0wQ7)QL)xVGK>rj zcj8ppBs$!%7GVk7gMC(e!_}jYKSmWH7&S2A44-Y7-`p(`oA6AKf$T-7MWu+PLaOvUB zGo|&1Oi^E4Mvm5DTn(fI#3bdF$Qp_38*06>n!giD^lKA@QAxtf_JjH}VOb<7D*Qc} z6Bi~Yv^9QUVF>h>4~8Q}lpUVP1YL#8>h%P;_%p&MRiSmo3{8X-P6sWN?Xwo4a5lD7 zSC=*rGmw!r6ofyj{ihVdUH)Cht|oD-v@)m5J-F1v#I-7)vp%P)wAjhWvZ=U@q`bo1 z8HNamYhqepM%2kDBdIK)Eq=@jD^k7RmbPvf#=?XS<%$dQOtdYgZ&*C%h>qqfIC0oG(j(>M4XJX8WFt z_{OFt2G$QKSMp+jbaf`%Grp?!pf zos2d$g{=ROdOXF#a$HJ|6P)vFZLX5MghJxNPGoWDo?OTD$u23r1 z>uJ@kUg$viYTU+0?~H|8P_~IWzLn5I5G~SUGzV(-RYO<$fgR z{cHUnvcwQ@EvOwl(KxxdgvzJOqIHcWhwCSlVIx6^1I2$L-E^)uV+Z` zabD+ijga!pwR_KZCoDiGA_QoU{JA!+1^wBx(N6(M5y~c15a|_&(C8Fx&8Wy!ae3a{ z`XV|_vjBYfc(TqTHi_8$9H*~a6irok)^A|T~E)q zG;CwCs1fgvXzz`eJw&g-v8gO#*yW6ZgJ)`0aEiYXUzXV@OjBv<443|OpA1@f`c|5C z1}rlw(Dp!}CQj}$IB-bzvliR~t+2O^&4z}*DX%7|%T@ zuBQS+80p&u-bqWfPE0eQaKWI^DGzjZ*k$7?%g>GTy7Zr!uIKFICiI&z5JSO0$u9;p z+6`uVM+Q_*0z>?1i+_RcyX;4A_u5HO>)Z0pydoGCd|*ACW)jVi{O+L<_S*8tNjPgp?A7kzx8W!*-W|f2{08G&Dr@SIGiKoNDToZqfE!wd=51|c z?39$00q9d)ovpo~+?YMtg41-I10vx|giYT0lA7oy`kI_lE_U8}0}!fa!hxA-(a2c8 z>0atT+g-=NlIbJlrx$!jWlJMV@%Kp@x{>IH`IxhHU5W@VaVkblkAV|jVsmF*a$RIZ=BFJE$~o>(P@SrMHpm6szr1Qgjm23BxaJ#v_Y5 zD#ZDh^VPx9Gr0AMsgf}x)NB!%ts|zcb*?e^bi>y!P_!e;(w~jLc^X!9_RItMSvp4t z-&(Lzk3LGb=><}O$T4Mg(R$d{{i=8lXxl4Vc60aqV(9Nn_gy7#3=P2gr^&* z<4mLBg0!izYY9p5MFl?!Mqe`h_84(#X?e?QvUma|WC4R&WJ@lux8!NA-JIyuBT?IHv`9cPVK_;iZ?$_lto%CPMs*>Ow9qcVYaG(WLh$G!~LDku!xno^9GNWwogu0+?fB#I*+i z*la@Ai~uW;-FWMng0|{Sl&jz~M;*snPVN?JG=^C1;9i2|NQg5%Z8@=Vlsq>xIA!k? zD}XJnizEQ^#`;#DzGH^G*%2nW2u?=Iyg)BejD-Srq10gu9iuje`SMv$Xt0Tkr)IiE zFFLE#UBjqiekOMODhyvC$R}@xmR!hI!GRjULtklQnX|CU8WygL=r-%qTNz*SQP~AZ zK#)I3cydPnr^PgV|p0O(|{RHcg0nbyb|kz zHVz?XOadVmHsS0N7|hSZH>r+_jmgw;{49gW3Vjb7>#%ull<}E?IAmes>kbk2%-lHk zCsd|^4wwVxy)bi{IJt3VU+H=`7w5XOaui{8`mCbHq)*~>wA3GvGo|UX`A$CiVxy-f z&4QO%m^l^GrGv6&_2!skJ}H9vhZ56=GXtkg5G9=DK%Rhpcsh7a73KmCy_TS(gh5!eSE=;z@_1punL> zj~3z_pN8a9j@VR`9i*I%Gm?aZ*?l7^D=0PeNd<$V)-$*KPDV%Xa&kv>Tcrul@GzbXZ8{y6C6R#5_ECIi?k@ zTtM=CXl1~lRJnPHbgn3r=ns(VgBb4Rhqrzo^xXANtu5qj)rh~x%d<6pc>foVg~WN$ zD1)l~gBweTZt++ukW#+JMnheG=%SZ705HkylqLPvla|NoeT6EbSg=GdUF2_4V+Q?{yu=+{_c%85O(wTp5Q-wejlvZ z`HiFgqC~#HxKsP{ZxZAfB$DNTAV~W6EAGk~8iVPs@8e?Q;vj$rYR$tf+oR=rbM>jr zrF;FBre{@WhaLl$Mqj zA+cxAH7IDJ6{{fUp@b$vjUFiHG5sOwpSLhz%1^;9Q2v4+;Au?I3aDdO$5}N{r7tJ3 z;57==wHr2$F+fDXh@=e*bYKL${O|s*(QnZbq^9TQ#v94vDu5cvx^Zd#4$5+r`y!+% zz=Q(W5CKl}fnZ0no=XY}{=ty*sCg~c3=RzyLdr@q!L0Sh%oMDl+{?*K6%Nm^RSI&% zuy_X+b_=2))_Z#f3z)aTTfc?~_b7`Z6_5rcsU|Z93n(;Db19&5(PQc5NKH_a zL;)EO1yBN?p-TPXXKEkmqv6t0^q0nb@~Mqd8Zrc4Fz&3YBdS#9864jQ-wl3hfr}-QoBL;q z3OO@OUR^yHl*Q43@Xf?jS{ezStR<5smdV)^9#B+NB-r809u6<>EdXfYuIs`(7Qh&n zo%V!OwE;nipx5X*H~<&k)@ZGKM3dkvz?I-GcxSabZkds8()?ior{?oChlbyR0Qp{q zGk2H*js~=PxW(Q_=U@bjpjnP0S&A4J@&a5gs2Z!54%!-$1y%{~mg?^+TgQwv!lp>i zkfAM;1uFQ_OaN1a2zenqb^QB-Wp`;u)qEq}zMaA+eN9qNNIfYDgF_CDFbp3Zn>D0B zBMGWBASuow09aB1=;-K2=*k4Ci%EF-#wi(V8$28fl5wR!d?t608L?UH;wn~S^6O_5 zG!Ru0S5W##O7DCLKEF8@105e*dMHsng;rLEI6C{i?*}li-DS2`C7Iwq*7hPO$<;iG z1bAqe0wjGC3t~UTxM{NBJacmJZ=SxIa#1rg(~xl05mS=#P%&n=BzLW|#^(9^Kd{)E zVHpKZp=AX#b+7IDwY?A)CHn_7x;gY=TY3EwyI6MjpL`dBM8%!i|NR1np*{mHmfksZ zTvn+c4?$4UsrO{;ks|7w2JBSF$ z-rBK_Pfr)kMq;iD8qG;r?|ecuH43!L&f`*f$twjWIMHIzO0_I{267l(wbg9|&26`b zx4zkX%NmKpQFD~E)B;lRzl_laBUy_VpHOE%HUtOG zFAyP<>(K=rR?(1BG#Yj{-ksHB$iwUtxvO~(zYU8{DMu%OM#Y#RViNz83DP$~?+_&j zs0uQ;OsL@r3vjK5;Q=D+5VL<$il8|goM5%;531*qplCrlpF|!MX>pY6UpJ(z`5=-3 zc65%LU@Zz0L}oZXvqcZlZL#i=G$|0M`K*K{o$c-C_@;DdNapt&NLeUO-be7!8(!XU zn%M_4v-WIrm#^t#X^>}@tvyEp?&-MPW&w4LX-%Msh!R>Zbq#uHP<+;ne02+#N&GDO z|8{wNSNE7PLdRPsf<~U1)%fezuTa!wRTPltm0i5d6%nBflY}1uVa5PxC&FNto>_XlmsPuMyB+HhyRl~v|DNyyI6n>8~ zNvrgUUOUwa+&$}6ec1xnvhRePXzbwXpanS%R+`wvXK`-vc|ESY4B^ck>E95e0i}V@ zx}~`xqpGoyoIL4Aw0yKogv3Cx#r{#MPKq8BEEy0fo2ztQ36143=^Vq+u8uuwLNjU` z4O>w~0jxIriwsrYZYX)NIdAu_-Y|{~MqYt?mvZQdw_s|{7No=&s*a8SQDa6y_UxL$ zq#zRI10ZdU?rL_tpa$w46IXr-l|Q!dP$`2ra>TdkS>?ON<}H5EP|X~Q9s z-uk|EhI8M)gkVNzlB;Ax~`yLjV(DcB~SLfIU)p5&9i_-fl+VTW({iCCmnb>$|`!|@W zX7{fNGzV3yNtb)>U0k4ZeHGL1(AM4}Zx;)ms0uJ-b>#%rx`NH?Nx|g5bHar?yOY`kAdVL zBmK*D|2pl3-7Y@Q+vpz7Dtbr3+YG0f77~f5A3v+C#6F{96d=|YH_HxYon_w462~D2 zD7&C48JVe?N+}KE2gI>tGY`UIXF7UT-f!c;c^ZhSO2!8&T0f7IwVVEJJcRkb%W#hq zy1I@WDg}sNAZK19DaGhdI%C1BFa;NG`z{TfV814Ky8Cp6knW&kk@p${bk#hN0rgc3 z0Q#H;J3{?>5wyhRYz(H);)+WS|K4@&b}Ro9Jo!b^`==QzAT90V>B&KqhTNxZBDG1* zxkYxl6oHG#Z&!$s*H>&m1fOs)2+*F9n7aM)PLdKBZDn6S0Q$*u?Wz2?VwO3ArP;;$ z$efVl{GCM|q`C;y*75;kV=_`B7sh|T?QZMYz75x`+yDc7kr#M)SuMf!us}=N^^}d{ za&$kxVPEBC;;gN8I_!)EC_P~ht_EM6u-VQ5aRpUMyS2lis@}aqz zG)GQNP?PI3`}lMsT@&jMDF*H5=Ol9}$@d15Gg@i|lWa~OE>5MHaAIM0xW#ZE?_b%N z$%hOPh@1^cJ19fJKz;ngJcrFTug=R++pqJhnrD7R?bZ|ZcVpZ70(n>8dFvSD1Q=au zj8Kx0boNO}_Y``Xn;O~cS;B47jfTlaWaEPsv=bn!QU&H2&Byq9B4Xql1cJ5-SAL;?4 zmtw)Js@e`F|6Gjd5BdIko|(2!3;-&i-nQ`|O4_g@>*Xkn2uU`nU@qdcL8WKD$at}f zv0%77CWNGA?FIIw;i@0-C|8-347ND#Y`x#~_E9Q|w{p+gELO~?7a?Pos!a`GEaB>% zC1pk;s@71)m%co;wkIszwt5G#Bwb`Y71d#!{bu$sLaXv%zSEM@`4Pw>64AZ}D9?nT zi!T3ljBw#JL9YMG@f%qBn?AWC>N=7`<4(XJVObg2!>+~g&**^gA3PrMkroJ#_xh5{ zrZ;VspXCFh$d^;LN72(i*6+t{)2JvEgf<2k*-LB3X4-x%!rXjfuFYg0?DL%o2}c)e zy%1I&~PoGbk#dZPVqD5P9C zUmkRkf3)OR94A-u!MOw_IZ>cPF>Y@>UccjanSFVP@Jx#BcX}Bs(Mm#YIwdFE6*~KcWrHV+Rk#{UTzjn%xv7oIdh?F z1CVrJn3*K_;6aVWprU+SUKUM+A->pCWAPnZN~!K?kdbjSL|?D{V5DR_`-k^|s6?1X z?03v)c~#lj*i@Rm9!fyZXHr5bBkx@t03*h|ZEqV5F3cQ+?9kq$UHUD!R~1vkl?qbM zGi!)e3DIGMeXUaLKWJ00?#cyKMLsDcSLA+P{3+YQ+`tY2B4$R9Y4jxHI@1Lo*-lw?C*Q3j=)mL-vjR7%BIsMn6!DCVvU2<_YF@AvT})3 z5Or{VO90LwQyL;HW7mS5f`Wn^s$T>B{YlKt%&N-T3bXU=6^xO(k|V%e@>&2(%q0ZN z892vL@^UotX${l8)E~L7&5k*$q<&KP)iyfQnxCY!CG3gJgpUTi%J?_!Hhf+IzHT-ONz@p-k$l%w1XfG*ZCpI%PCT2auE#a7At{2 z8RoySmhf-&ICw?S#>$;jbAKMHUz8B^Cd=+bJp?4BaRrULV%%Xn9OBMQ&UJ4>%RwyAeh9R8l;3fJUo1er|-q(rJ0%8ec;<) zMB;XKEHMK)a#V;g@1I{r$2Mh+ewPOO75E1oiY=E@p}t3gtaM*eUcL*tn-`*_q$HIh z>i^>It)k*+!gkR(0fJlb5Q4i~fZ*;Hbb`CPN08v|7TgDSW+1q`%is*|uBXYj_uA{f z+voC}zGC$>Rn=Xu)$>|VM{;s9a0m|%4+pTE^73*pn9&F2X)>>8PoNAS9$IZBO-v}$ z8UKb?_=i&gHpHF!J58`Uy2_MSB_~UV#%72R%Mu7dY)gTQBZRkFSl| zKD_=;`hBSpSQ>z#Jq+C9;^AdyXD1{iT%SIz@k&WBt;}R*4}1WFK?Sas4j+8C{7Etr zms^fn=BSd&6vJs{O+SsA9h+;q7l*J8XzgAVKmL7%)#aQ14;sVXJJx+tBqf^tJ69t8?3V30Hrr_kAHSt zeNsmx1XsVvc+Z(ajD>Xy8Lp6&lA@ueULJn>5XukOQ<}kQhbT?cjMiXOGY+N3J$A3Ch)CH>OMkfay^h&y z0URCuZ?_eqW{Ek$rB=s|=855c5y-&l$UTI2hA$a8iaJ zSv_BzP5C0K)|Pb|AU+>$*si%D7lK~iN>%vh&oi--y*;b5hq96qS!wCuurOj$QaIBS z>$D;~$>DefW)KinjEjT4j)#i_H>DVjaX77v!SCg{zBcbYJKOtN$>sVDl2Ud`KnadO$d(!Ka2=Q#&VvYAAJ>X#d{MK5<$yu_ZVZad_j~S5GA;eVNC$1t&{$ z6E9hHB^xg<6E$1g$BDfcrpD%81>`@rK$C*QmPFqb2Di4TZ)$*$5#Rz!o!luu?VcC& zKm7C4shXy}59+V<$jHRRq%@GaUV2Ot0jYvvW#!S2QZCq_#@@r`%%73+o`UMOzLSNW z%5X3qFM+8eXfOPAULmr8Od1;gdhSuKDuQyPOspNQo=9Hi5j%F#eA~BY>~3vY%oK zaGzuYBg1+AQoTptU#_@>%z#}-VPWAhB&2=41ISe$xYV`4v$>_Jwj!Sp?c3lY@fvb! zyqAaM+XhbpWjtWgCBgqKhz>CVaR?&6gjLiyTBmm9rBu;7u|wML$k)bn)P`Zx$JVxe z?%SILgj;3=$-f69Zt9a`R1)>n1?)S%80KHGptd}OCO26S6C3oM()g91 z6+Fw8VG7et4YSP{x6oale4=)rx+mdnY-0lkN_lN?6#(L-sVT+x{j=|`PVj3zKF7_P zoymKVYZ9Ocyb`T0praO$3n*5%880QYya4o%Hf1u{B1x`ma3&Wfnf zYva3F97mP$(}gnEH8d4_?&hF4v5TIbo>zoWO&~d?^^o-cCb$Kd;_3PyA+ds7puesO z|NQ_o=eRur{O&p`vpl?m8MooN$LVb)10_F$qcrbUnwL!V|1{a6`uZ{bugC9Dz0IH& zjDvr2H{}L=eLp8#m41Bnnj+5>&Wta1?#(vN76R00vA0Qve2+(UuB&lAk3fxc|H_*) z{VqFtw&J0yYg38yL5y~yW3+6d^JKNVLYH2u5O(@1OG;#G+!S!sqQvAzQ zUSFWACDn1Joq6lB%jR$Iqc+wUIvA>AKK|515ozWbYC})Mp5_gabHW};dOhgRlR0Xn z?qe>(F)lsLOk3rV)k5}pCPnnqYZaBQt{W*Bqt6PquPxIH29|+tF3NldbDvKkLP1pB zDr=6n^Om3YiGzA)H{1)AGIQ3e+sLpNfi;v6qnhS6=7}>jcZ8}Y>!>bG2&%yZFcX!* z($wNrKnyw^o!$P^VvmG;ctK%xIP8j+IsQteW`OI4D*R4)3(zhlGEuj%W$u zry~zynV90Ss;r7kPX?*9eiF@dieUUUW2ZxHZ%0BG5+Yr4Ac8~3W;Tm|J*vOLaQYRC zpZ-%ZF`+H$Z%MP_zH(O-dKw0l6FXDNil1!-D(|O23D^X}mZXU*)_?`oN>G^@yTvBa zKx2`cS!?2C_Dn9fnxWv+yEu*MmdhjpV4=@^W)$GX{@W`?4x(P_*GF43BOh$Oef#ES zg-JTNs+nXe=HGGeySMn-Z9#mM^Qgj*Z{Qs&HxQBNILFLB!D${H00>(mzVQ9TC#efD zG5N~oIcn)Wcm8J1_mB|+ZjqV4ygX|d56u~s%yvH0(&C|&P&Ko*p>|=dV^~(I*@l{+ zVmPUpo8%ONb+yFu($Xo?$_(~G)9~B8a1P-BE@fh+&Ak}Xed+eHC5GK4t&3Fs)K>%_FACM`|KO5)Qo9J1}t9K=HSbCiA zaCn@V5ffW`#9Nrv6v^n!8$9h4srT$<8F$T(^dTipS^MKhGx|Z6NpD*#)3tB#L_M9T zEz5jsGwY&L*ceA8HQV38&aQz8nzE9CVV&*;CU6loOj4q~Z)$3Rp**jsXJ~>okfP_T zvM!wF5AFCn`h}uo887;QJ)*@I24jTCnC}L3cBqRQKa95b_I6CLm%gnlfA;KCFJG0? zC}VV%me17+!ii9w&0^)aio=e!8c|!J`e#zW;e8|qJ-f$!p`M$O;3_}aGQjyl-P%Uo z#6>CTh*V#om{~AIQ*C(7fzXn+l9i2)(2uEcnNtlfHg+6qZ>}=5B-KNnPOOHLll?@C zhNQSKs6AiH4JE8iZlrX>$aoV+!_IA?tINcL$3;X;UYxRObKEfK*|QHAb4oRw$8j&@ z*G4i$I=7`ez9=N5doGd%1|B|nVZD-=1~u59XLPR|cL4JFs);$I%yTz>qR&t+LqM0P zRP^(rPO>%)4&3ee!GF&S{sXyeX_9)UTq1I*1_osLoOdR0!JO6$Gi~N4{l+boAz4S= z8^GYuC;8bbsB3At%aM(KDZBD=W<_70%N8~=;x=qpm8?~O%(!ttW`BlhEd%Jo)|S90 zXJ;uC1Ch^3g&|A2o=9F>jj`$?ShuzaL3GVcYHN3PMarDbZ7rhPXNRd z4H(zYp838itH{c#3}Pr0oc^m29xlUVft?`G4Gs>uD8ha?7X?&H%e#LADNlCxmXUxU zZV!9N-dyQMBp<9;R7R^&=`j)nrXx$wFPt2H)dR~sO8D0a3q;%Xuu|x1bM~q@Gn18k zhW1l(I_mjRNPiI!@zdaT9js~Qq8~hrl}i-?)^jV_>{(F>d+mb;v>d!wZmIpTR+xQx zHTz4&6#UA>zF903D@2|qCBSpk<`$!IWy;|9y_|xWayiUq zJppNVV*k7;2?lYL&?cXYp>{5Rq9U@{z3?D@UGqGft<6ox>lN$y0v*nb;L3*MMgRPP zBI&eS_`Agy6SjKQ;lZv-%|)grK5)27*+O*8eq4Gp%W(y}BD+hWfr%iu>pTbR!61Y% z{0GZaUm5n~Uf2Z5YycdOawem}h4Y^S^+EX`xkR9|2h113+>D~%8{hYhrhv<*IZu9< zG6uWydR{lGS=q-X?8tSyH3|$q))eJF%$6dQ!CG8z=gj#P@?GH*hQ%~RJ@XTHg<~(V z;O|$a!B!}xM5(Fa8H+C05BJ&$W$!KUn@8()B!|ryn7v#%_AjAHz@8pW3O~6vnbe4| zb_fZg(6_xd<2^)k4m+Ee?q2FDJlIWqY_4bKBb$)E-XaYAVA`2xO41o{3xnEGQ8TDL zUR!(T|Ea$!p=3PWe(-z{Q^Iph5R31$rVS|H$^XS7SA`Bin# z?Bt{u>pWJOkzCPxDa^Akf>i6qXr!MVPrSwZXzSRp6llrw{_uC(8)?N9;u!R4=^8gP zS^-b66&zPfRpeNDHDf%4UqcSaYul|M=_W6b7FaCEYZH`#}>%I4%wOPmDg zv!>djTBxQDz%*Cm|DHlKqnE0ws+eG_c`HR{gE8%0IN+vHHKJ<25;6&Z?_%&Vtke@L zg|fG(Vm0i{hQBa<4+no**}_|Y^8Tnld)=3H-)_j->F*n&(l3iNyc#4E{nw@-{KWnw zVkj@)eK0Ov-h@|u$iF7zFzFANyB8)rJOir>9n5wsd9Og_O-v`QPwf5PLV7HXD6O)% z;mn{jh|GgGz(%NdL9qN1kbdq@On#J`Oj|V|TdIOov_ohiBP~O?BmHY}Z_kT-$4ym4 z%*0ElKH-;)vJVHuNJJ_=Buv-N3YS0a{igLAf$ESAgXD2VP_MZ)Bbt5Hd6;aLp-{@s zoe>ao&|>$dC9a5R_;&>I?F?#|cHF)NeCA6XzOAE-RNZemHF&_xO>Q01jtInB_g7Ym zUr-iH*YM>0@cdt%=ISEGz$hZjy$wwCNlv<<;n_~U#Dkpgy12{R%OpwS)A7dL+>K4Q z+_ zvM}FKZ{N&gYYUZ|G)N*U%3bK3$j+A0rrZPLZu zn~($(cYS{sy9cN)VTeOD!+UGAY2v9x@QN~?GY-dSJqOqizm9wlcOK&@q&_SN#Lz*| zcci?5o@#_Fz0;AF?JnEhNOEwO2 zDxhpC6D`N&l2rE$9}`pWC@fQbBzbEeH-;`eyt*-z+7@1~9!zL+_yvI?7_?%rs&PKg z_p209h=gpr6LEBiCCmS#t}JVjA0*_2E1bqAYn-&bpJ_&LgoU}f;2;8~4k#a~|0G`= zzW)BBCUkWQ?~U6$p=Hal)Ifi@^NAc?=5BMdfx*Xxm(iWW&jWa9pj;KTb*wBE?_?w| z9D@f-OC{@S>)y)Kt%j`1xL2lVc>T01VjL8prJ!hoF{Qy?O)pX~KemHf`a<4?yhA+- zR-o?-LVkPdY9B^zUEt&?!?pL#xX6_F{jxrma$g?a`t_|S9B;ER`8E6aG1EBHN6v}f zR^g=q*pzH{A6HK0hvBIs)0Q*xwgSRAG}{ zL;RW--_qROpKa{tOY*EOa*<9kzr4J>tJi_vFgthU#5zYWx=zH3THAh&p)RNz(9zCP zpQ6kCM$Fjpm8$CR8g38|VLtMynq^{yk`;}FV#49>1|B|uiEU@ZMkH{(cy`A`2G~Ze z2^I#FgzsmK_u6-*zz^Jdz>8MGD%K5i2R}QB)xzUA( z;u`fvkE2an1g4Lul&NlF%}yk>G(n*00g^3p+0 zS@Fme-A`hOt6uvr#{2umUs^%38`@Cn7&;9_8{NezI4ie|x@98H?a^e*=oRWJ&Wo@F zM5*68Ob3~qxaW?(3HMouj~CT&yhLBgaDMab`y-It31}#XpC@N_bdE0#W#)6Tg8TN| z2-)}~w3}jA`^NSp#f4sr*<%@u6VBY}h)06KQeTWviwmdvd&g!bK2iexL%D&}TFvM^ zTPuSDtdv2UrXQ0)+A&^%soDAg@t{6(qGl%PoK&&Z!%=~@Wm-a-w{+4`C)%;kMP{M# znW&+AQGtGbssm?T;mBmiMDJ`T7dz0c;v?mUiXeF#3Pf{%iiH3JG-NhItnQMwHMdMETddb@^9( z0JmTn`wAg>f%;$g($AYJEduHL=AR)c&`%sSt0=&*zPkU@YzIt{5BUGTzO^5&rW>7- zGT&p1lOXt(&As6^UuFAz^`n@*tX}%ncI-ud@FP-w1uYX77oW^;&2f70z3xI5LjHxG z=NbbekZx%YE+?dzlv@p6T8?f0T(RG*M4kU>wRKb1gv@>QhH1RdHVe&4>fH9Sf^rgm zG_{{+pSxP=cW;rXg&fkkca@IVz>PIM1$Il#wHTXEL<&M+o&tol@p!%DR zLUQDf_a*$EYj9?j71)s03;@^MFTLq2TJejN={jBwMk`?|qf-9$tFKdRZsYuA&YQ;* zDyA&MPz9&BsJOUn=ZEdwjQR`LV`V(lPcd9Acz6`W0*`}1=MX-Z$e5V@Y-Zh2#+|zB z=&9I~#b>N1p;Ee)8-GxBZIe2KcUxpjMk#Ju!*#rC#C6Ej3G*hy1eO_jRx5M71!PNP z>x^G+>&C`KWuozVPjnY;Squ{jTPE`3WtzEg1@h~jQi%+2!!Y`l#Tdqd9rp+T{_K+*3)Z_GVM{+qnHl$5b%W>a>Ur4y$v zD0A#)|M~xs2+b4B_>+5YdIe| zG10M`5{TZQbb+Ymj}KTVLH^qnE~xTS1C+rDO^zjJImlfYhvaehoF_>&wDSIr)N`YQPw$!(MkuG*Hm28s1lG*-v`8H zM5H(>*Oo_}417rV?q;GCz_+Mmnex5=4;UDX(WCD!;bH_ELoj zw}oX&Gt$CpN-d=zX2WhckFJSY4Poy1h3{N*eUw?7z)5*|CTgbF3`7)=jdT^DHA;*O zGr!5+i4KVLFz4z$=#u$4|4(xvC#nSl|KqX-`hF$1X6rk0|0LSk)AKLFc_n-}n73pG z_LZFPqS7wM@0**OWkPPE|E3sLjd{KNi65$1*7}W6%w7gd%rwxHCPm)!we4^TdCoWm zMfb-Q)QN`K@q1S$D>FiTy^_aA~K@0TiM4h0sCZ)LR)Q*_}E zW@uz-8eUCBRoL4CrV1AJe_d{(y)NP+6qd#C?>^FvJKwaaSwa_gdU})v1Om@e@h}N1 zd~(j3NnvVnqKCTl3cTlg#F@)SNQg1aep`* z_1qoYzL6t7tj*#mX)4^<>@aBCbFRmur4BZ2K{S*YE!LR`rwgjn|Xa8HuKG_zN@kFDk zA5JPLJ!o#VX+6%GRTg3r!i{o^3H_T_P)H85-O<%?_Ike0TC)1|)Q3_|m};gashYyl zA=R0dYr7wqCX_j8Ob%>#DKMTVw>Ra!j4T1q5SNy_yGDWB%TzU?-W>>+r%kOMuXWSD z+g-GcG*J}#IV$v#s>*9NS&voJWveLB!KQJT&|iqS>EeLR>?*y!a)9bq{T(5@N$Oo| zZj&twVG1BxZn$O1O+nXc?-*U;6LuZcb0hf;#=-T`cQWbp9K{>8Vz_65ki*22M1P|<%lEP>hTD;Jy#;&0o z&`1ez)p9$Ml9K9;>x39}9lEmm%!Jrj14R>wC0@R;h7xi_9@ud;Fse-P|3+d-|BtD&v`T2mN8^?V;}T~`J3O}j4?vUb?jt~ZP0?z@J|zxVsJCJ z$9VP7uLKYyn0A(}>2_oTo^nlZdG4uUy8z>Di5Qs3mXZQvdGwSv8)>Qh{W>DyacYbM znfKgM#T)OSJNB5>ZCvAD{5EMB5;SnMW;#UwelmA0wyMV3)#GF_zbA4-!b+4ss{pes zDy^qNB3`SmPR2FuAVK@!*sQL4fg0}DK|anqc3ng>n?=4|h#N_oQy=I=XhZ@^{^syA zQYipTGM^`XiQjZEkd)En`oWUKEtoJzi-EE1fZ0OB*s{2Hn@1UmuUJc)-G@LdplqmU z!-lWow|Z<5!MMe1))|u6 zI_;1%k8^r;@(PQ0G;ItO$Mvb8>6~`R2g>Y<`s*cMhGjZ`z@DKVKZeqi5jS0uFcOL5n&xRenbqJ37Z|A+ zZ+YO~EhjXMfHX^ZV>Q_#4Ln)8$_D~!s3 zX^hxex4#nZNj$&Qrk1{j)8t$_tgP8%ca|EK5KmiflUd$~-1U$BXrCr>VRoCSc#O>7 zgbuq#9I&s6Do3|(G4eB-A=T9y8cpxxr7sFxg`Gt@8=v(h<-J^Q)b)kCcrGb^ocG;s zJfC;j<8_e_n!Ok#m0uaIYIMq|7f?A{)|yCzjY0w0NO!vlz|YoD;h4&z+05gC=;zDp+gBf<&cF zM!rAiZp>MR^|3m(8=j>qL)rNnI;a@b(VgT zmX^@oC`7yovzKP(6ZVk1$aJL~Zw}c*H})R4?Uq!S%bctAR}5og^$Sg}ak|g5=DXBY z^>Rpt`A4)*xQ>;PtlgC zU{H(qGkC8aXWvsjdKl;xu9=Ydfd#!3Y21)Pky2XXhzskmR%!+RytZ1Q*XPTu5oplyXoMyc z$ImTmx8`zx4(Z{&)LG&9E(%y7O)HZ+x&n!3Nyk$?6EidG*DD-nuN#wXE5{x*bH-bZ z={Q4oB_uOw{+jpRnx1X3+wBFT6mJKEk-7yRlaZf5g0NJ4v&# z&0P~^&!DYoko=t*?7L8i?>BIB=JhSHi}9w-<1Exa1dpldzHMr&vlbPyY4#pUEZ1{@ z0B*=^#PX0qOJ(;x{wYTpenBVRC%aH20*^b)m%L1T{Pp9+d@OhACQXnbGU1~kD$8o= z4f@Gxu~{&!?vy{hKq1ja!B|G5{b_=&7EhgFAh-@C`$ZV|@^Hblw~o+^k}N}yCTgvS zw~`7!huQIX)&IUJy0aT+SDU)?7n>B^*hxId=bVkqyL5H+q99a7E5ZODuXK;Rr z$=XVmu*%H7ZH%oOO$;KAjo)Q999_j((hK@+uft=%d{ij2B}dv~GOCl&>?nOX9I)L1 zZ|{)j+L!HlF#XXc9Q5eNXf)~!3Z~WJ{T-_J$ULT*6#m@;!}*Ly-@#Pk5(d#24YPr* z#U~w`9begq42Ms4Z6?Kd zCg(FY-hbkp=VfuVj5ljizcczvkMp3cSAP@d%EJYr9o|~kt)TPVR`r^$f!3B>$17E6 zeH%2489P!2r#Sw-Y?K`?q4ca%t~qM#M$Kh(j}H0@*f=)HNE{gpUZx};8P(a+VfE(3 zI$w^FVo7v9`>J*Ro!YyWnPk0b6XaWd=ycRj3$-3p1r;^kZ#u7u9oygyr}H}BG+U+~ zmA)(#*hEW*GT4r4gnSz01&TIMW#)T3u8@ zfuB^e=LSZkl5c&PFgw{v2O|>$C(Z23OB+GXv1XP(BHgDqy=??+omKhUZxnb$?{{AB z#?km(4k6wiPtBC=*Qyu99NcSAhB@hk*!i3((v+4A2%STdO?9yrBs{^t4)wR=}AL?cj@;Gk0YZ+^^m14+iaUIh5+>tHk-0n?jBcoE-vG}-e zP8iei<=3I5Ul}1SLH^pYH@lyj*l|LZRMjk6Au{l|v%yf+4D*{j7AzuLL7x;&iJI8% zrIveY?q5TKFI?|Eog$b7*s@P8yj^C}klV{g4X#qvj@ zygj>+;)LPiB(Y#zTu$q|9VpmwrW^jUCOl71`z%4kE8};cwg$cMrzDj=8>eJlY1uly z>Jt(v-fHb8Gg;tjn^wLTTaX@Q^YbM+!D%IJE$l1j7|q8|(z@#O^`HSVVV*sc4E^%Q zSo^Mu?DQv4R)l1@wdO2XF3CdF(ZpkoqJNCgC3kwU$idNKsa|coU)*2aqMJhr8#MeY z3FvMuX$5U0XDdxI5LMr%U{~STn+C^mpm^zakEwJG@P)@wl*BK8XALwGn4~>Iq!u(# zbD7WPE#8MsX9PS24FDGiPoSly=m%(Oq|G|FU~1}w*GH|2`LSG+!B~!gA*-+U5~Z%T z7D*KJ3H_~>pikx>G4^|VTwQE69C&Mg5@_cEKxv zj|&?+1pYM1Gp|nIY2wMe20?D$<1{Grp@}bnsinWfQh$;IsGm)jF*!2xg-J28?YHr# z<1NuneXeO$%FfP>$-1}6j`E}e4)dRKYJUCP_95q)O~ctbi)eV zpXT^p2E>3@XHaIRB+$2o%put@9TK=*^9XPRF<>5@@H-DU(e@+N#Of{ZIm-456n>h! zNpKFd<*z^K_s2_;dOkl@`mj=K;#bx#M~ny8pqeU~HQHOhIf|F25X+s}DbT#CuI2bw z`TK}N2>SCv<>qX;U(!TIJG1AoCO$i}lej9eZ7Ti+liV*?lovh@zatuUs^~NrV%i66 z)5bFKs@xnGsIohRRVGcr+K;io(aL~J1)Gb4lbxNh2Ate!%r&8kv;-W}6(?Ks3pRse{jP%Nx`MSOw+7I{zz~dGtiUkf+9r z{{CWjul)l8D5mAPEr$T#($n0+A{e-?k%L1+Wo2Zr4*z8kwBm^Xv;yGQPjf%A z0~%iM$&C#JNIVrWo%>hw0f0Bg0jt>aT4uet{>l%i@~|!%P)~otbQ1RmTGW^{|M4FN z^6ZZE>EEFbUO2;&Z% z&Yj|<6|_NACt(DdS`hd1i3twwAdG2F_^Fo~0Up+JI&HF5VR6Y?wQ}qq9uD45yc7~& zlu$Y~^~sdf=%05QYTzb(q7==?Rvig(Ae3$wCa;ts1Ug)m_(c{>n0S~6XAl$O#6(h9 z0a^v{(}zEODX)!dS^+Ya)=^QJ@eed~^POKMK<$h?6q(jj@arP_D2$yHvg8t1E~mkw z5(QKTmt(v0kl#!L@+cQ4@6Zs>Pvz-{6;!>m;aEGS7T@A@72lifZ()$c=xTwY)7K9$ zgqc?35@U#WH<#DjCHqXs|84G_+|xc>_nqR9N3B>}7vx&B^~kz%anvf-$lsw|7ya#S z<6>Z&g;A-yF$HIh2@`>~wQg_S-&+t;P=4b5Dlrn*KsKeMc^#BaLL$Ht#-N(h&!=nY zDu`yu(EdGj@2#onZEUpG=-ks=9&z~rXZQ`eVGaAx4m&i*+&TgbL@8VXTc?5MXsoq) z6JSdcL$4H<=tqrW5(-_l)T4uHJdKgXYEEL>7vJrBRXIA!^wH6=V(!zEYthgOcJWfS z1ZUObuRI)}VyyU>0Qpr74cEpv=T2BC#z~Bv0p>V5O27V1?Fxi~?{5_Qwuo7MB%cyK z++Xypi)B9-F??@dv5KDoFK%3Tg@wal$cDVsQ~w1%k|pjU6j~OQ7Y_k_^)}WlhtxDQ z7(dG{hkoks=SUyY=#+x>x?hh9fN^p2l!7|da9+Di;cmv)B6d#3C9zD!Z%)CUtI0Lj zc0F;>vh5Sy_G@I6ZTaEg;bGxpqob1$<2|zI-t&T#V!tm=C~9j=cdWjBRcgJIY5^{@ zw8Di-md6bjmX=x@*=rZ7dw|Qu3;ZW%6sJcfYMC>}MVZ=HPp);;b*&i)ncSYF#?`Gb zz%(a#JsQr;QnLgRzVa%2LK5W zPd{AcKgsE_nVI*vxVXo7*qE5nsj2j^f5|rAnE-{m@87?Hi-Uvn_!N8{~vz- zzY`Y!-+t=vqpZ97&oW;#Vg;R?g7^|Y^v97i1)P1k5p292ytuFQj1P~~W2xw?#POQq z_Ll9-&X}fUd@wv_ z6TUYbN9xQ)lg7*zCdX=6eJW>tX9@^0m{uAnZK=UB0VP{U=lI7)T$rf5K)tX|4)s)A zn8^Bigjdm3+4`&PyXxKB!>JOj28VO?iM6~?p=n8tbyo%Q0Um|Q9e*?P6SU;RVBDytO$8@V6Eo!TY?-3u=$*MnsM>8jsC zKq;?uHOoM!QF?6yKhV|YEYWT_LD2RbzZU7OEN0BQ_Wi1&sp-tGt@G!&PZgZL0CjKg zi=%51^q>Ln3Hpma&#x>9Wk64O2n(27?GtC5RIW88A~Teq4k~U@EM7}Vp|VLHg_!Hd z;R|pJqp|I`@}vpQ$a`Xz_w~ulWTX)pSD;b>D=T-|=;PRBGOy=6?K~GQslFaF+KNwU z2_KZpH+7}>6>s#|z2yG3FK!s5=pc!K2aw#uUx47f?L+RN_@br=C;OW1OA8C-TEsay+C?rIn8H|iH_SOhdleyZfDE{N>x~hIhlvI14G|Zk zFxa4cURTL=34>!S#GL#{=!1CI)f*9r%p)G_B>I^I{c^#q@Nv-VE|50a-S2+rX1+EO%67YCC zyJ!DOJ0FxRXV-Xf_@wy{>||r{(nYAnMjYKJ=WZ`eYSH(ARZ!z3*Y<2cYV% z2%n_XM!uU{X08|L4tGku+t_+2-f9gHt=if(ryeZxtZtNWZ=o{ z#VGqCwsR13z4qyNlon_4zd(F?+`NxZ=P$pN;!A6po#z0XMRog3jrnFcy+JV zH1n<+=hjz8z;d9z@XcSfpKrRLo#YZ>1RN#@(%CbZLhj41$hahYzWYtR!>A6m~Cx<>Fh`>I%BrZQ1z~ z<2h}|Dkg0De%n}A%Eop{byx1aaZ013MoAWIz8wmg&WqUd?WK+fuT0`C&Q-Z=EejEH zl_ebVUV)QlGdss4T3qr>HFflwj+WcM++HqGkMOH~ZCtZc=b#$jz9`w)1*Zw}i2JP9 zA!KMEQVZ$cOnS?_K_g(dILWjk5$qK*J~s0>Hjg;-OIS3wQ4m0lxeEoMsnkr{HGmVG zl>Ntnj(HL?!}A_ir(7{z@?W=;M-_2x8m$ge`R6%Hb?hmd=;5%;I43HTJ?<3Eeuk6r zR7pH>8hTA%hT@#N4WZY(&w5<8ug7sLm71_Sd$k1X+XLp?vS4WBQp4vLoEF8nWiu6q zomq<#l@>+s$__|qKl9}+jw+PM*QD}G2H0e3EEzNQPMSk$$Gd4m3HVPN_1-T&_PyU7 zJl#M*AvnA5H8n+J%*Kn^o?DxFiPO2ebl6}mgb+)Q7U!?x7gh>$Y$#9Hz&-XE3gwsv zXQXgAU9}P8IS>fG;rlVW9ha>^WULfB{VUAx-PF4)}V760od2phft=ZL2hM{e> zq>IaL1+Cq<_WWebTG?c;Y2M_d%__s28KrD-(q{dM0lfF11#Z)|1BT+fhm+;&3SH!j z^oG-W;A_c#U5Ow4ifhyCw8^Dmo1Rg~yfd#d92UnEo?tTIovcy@y-U z6btG_8f$zwcC6TkN@@Nq7Pi&&AoWB|`IhzpS{QHaoh?%LFx3_l%c2}$#a&!-aWoRV z!KYE8<#Jc?a1Y`HdF_4~4ykfyQ_#DLYSLe|@VcCVg-CO#xd(D7%${Z%y0pDX8L&CX zOh~SCKI}3cA2#b6xrG>ev=9#q_D=%J=ur|-M(MB4^EFTsJz@T88`8Lw08;7e=B5C4D8gkA@rHSnry!czLCf5nSK%o;n!Ql~op$|M~N$2ud?}B1H8O za+nz(esX=FObo{NcWdSq{XM}HF#$f*`m(-Wy2fg2oBG*%X+DCBJ}WHTB{uqCtW+Wb zCNlZ4ufJ^x?T~Fb(6D8MMwqVt)977%s%m})X~A}Z<&D4F;Z0s(N!#kQEl6%xfzsB! z*S566=W=VO697E>&vjgQ_$K8tv7$it{hqnI5X9@1Al=``VW`UdjKw>j`6|PqZV+qq z{gR8S>VeJyTWTR4i25VVH{lanjpzc4IT*n4US{@I&V6&no(b@)m{%Y;FVM`8|2eU%n zeCg~`*j$oIECKMQOD%EGbg{Q!S^?tK4pQG9^&sl7yq3;z5`S=%_%C&g= z)QG+j8wW?O^rLsZm>jZPX%I()M_7ATnNEX4xfMKY+G#aa&za2VVzX+Kgskgw3XAoo zB7SHWnJ+gdpvWVjAnh?;60JFFJrdV|zZ6gN?$n>K#cFHOFv!(vB%p%0yYxX*LZZ91 zqjzy-P!yllaN514C$T-m_>HYHnD!{svuX3l+XKP$oKj{;Gxw$?rwMX$bwAB@F{Zf} zt|qJ}cKULO&$o@TuPxAc z+Oc0D^<3p`gIR*^s!LiAO5G9S4Il=uI|Y{@$NjD8i>mFF>=&V#5s#hI9uGgJWY(q1 zH2Gk3g2dxV^gQ5%y;9hZ$S{q#^z=Un8awmZt_NvX@u+h0NgVN}xG_R(Hj9uZBeU)d z62kcw-ivL=Q6<JjM)?uq{-GHhwn z^_Z5-Z;t&$yIFLb(kIYutapD8X%F!?IGQEx9hJ6Gfs>m9op$%b@2xGP4GsfeTVYb>QrFVNEAbw zt={4@?|1FbFO4Ux6XyqNsPpU0$hd5~uMAkF=!@RCo8gbcHCyx?&r$Tk3Av^OWYBGW z?7Ig1FG2jepL5#xv{4aFx+O2|VNUXWY=;Y(Em^gHgQJLXiJ0+f6gqc7Ifk;2D{GYD z#4y8|(9>xJm$;qdi+1MwO_m|RXfo;HYVWzBTEU*I_pV$h0kQ%i?4IbFabIuBISw>O z6dE0e5o0J(2uDnNVV0)#XIJM{Jom=xx?|Y|V>I4PM9S}QYiQegVJzU`{@^DlcCL}z|w~pZOAbBj47OXsvKoqA|uF`m`U@ll0J_^7|r z$I3t(iU^+#qA?g?rC5SpLy?H~PE>~;eD zqwT9mbBs^|-+Kmhf&@CVThsF6s*P=zdQzF6QZwFZi5qzV5ZO04 z1qJK-P+=3}oC6ABqv67Nz9fMixgH({P(IbIaU*RB-1}oz zR$)uDr~_Y__P>LJ3<9O8__nOhiFbV{bO>mP-%@n&a!%OD_!)~dd1k)`ig^GbINn2g z}BwB90b*ay-zPq%ru))HK#Nz#zs3{HR%%@ML=@P+WMh{A8H=j2=8w_gULj?%4okQh3n}obY2a-6C z#OVO$*kcoGaImMRY;C(8-K%mUCpy9ycjn-OQ6RquQC0`TFBbCVO!u5 z$qh?kUToO7@hxg>M&lhp$SO&aLI9Z8z_N@_Bw(O<o~?$3oJzz@RHAqQ#NME=YarIKF?V2qxX6Zv#MgQ zP}NNg$K?x}BC|y^R_EI)GcJxsnlx@)V&q{kvFwdPTpeSp@1#YA!*lfYVV2jwjZN7* z!~*+D8l-tZz`&FUrJ$7=TS-4UqH}rQFf80LAY~EX;5HG3M>5efu{nnGtq9GK`Q9#4IU=ra_L_)1E1M=$7X#CTF~ns#WinueKAEEP++b-1ao|0v^+q3 z8t$IAi<4~XXz3?AHM%Fk31%K)As2wz9?5`W`k>cB1Z^TjrLG)Q+_%HFnR`7x!%2j-z5dk_mBOCJ> zLIK_xMRAK8O7c3)sKWluq6R5!q&Zzna_2_=OpG@$uqeNVk)z3&fHBtgJyG6v&8*FU z18Qb`X#uK9JA2_ziF?O$$VByk3;+=|k6lF2{XsX#SLaA9XiOxUO8kDq?=G@M)7ogU@MyAI-Wq zoBr}{TBx0TCgY8$nF8@l_QQw|Z*@@;tEUHj5J48?n`pAG2tmQz-{EM()vX3HvEPhkZ;rhrJ8IeTnm>a_DjCe z6&|}<3z10H&)+{LKqj1<0a7l1`1%p8XU0&$*FCiJBi_jHrxJ-lj>xZF8d=M(l~EA`AQ7N zuOo;8o`5=l%s~W;xVe3YOV#4zdAHBJF4Nxb%^i!NGU_&3b|%^*QyILNmbT7Af85>d za?vz}h;!bZB!(|7jbFv0BN^VoBy1Wq;z)a5;9{Y5zqc2+-Movj?R6g%NK$1zdbr3B zpXtWG*@nJlSE)cd8O2P@-r$VZ8E1$#VtKX= z^E|KGLBYH&`!r>n9hzq8JEURxI$j3wffiGf#eBKNe2%cq@SQ)%omXv~&8Ju51jW6v z{RFS6dFJzQZfGj@LRg?a=$O0QWwE+@+}lrHx0NDD4L^lne=8e(=aY@K(BVbC=?k!J z4@r6K@v9IALqT^Y@zA)m`>(fwHNEQMr>%`{4do7<6q5?vB4K9?Em6)RlEi8|9(q8};jD7&7Xqqfrtc;}8g- zUxf_OGnEok1R-2go)TUI5pqx8`u$_D{#;8&dzZxcq8^#%*6b_Yk|IQ zc*%5{9$@5Q$!TFgzf=^D@nh8%$6j%%=xo*%A5#KjgUtABn`!wBV_{@U)bQOdKjbGq zS-mw1e!{}My3WZ8!0M>Ba-!0D0cS8%&0^!*GzqjMv^!M`kFm!vK-YYsZPN~=kP*Zl z2AGex%h!e&+S{u-QAcQ)9NDo^EG(f^G#-TkEPi!b;w&{@`!nP{IKLE4B3O*XKXd`P zG5-CeQAZz5Q)|m(1w#|%7Tb+xxm*JjVppgtKZk`5uEIp7ad+OI>T(HTR5wXEKZs1b zMKceN`H9cR;n&$FH{pnoo9bI*#4P3qg)Ix}D8Bz+Er2Xwd(m8h> z)Ba(*dFwNJy*&9Rn>nHMi%{t6=kO|bcU#>#YW0GuPJ{<8d+&xn=dASbs+}Mi+e$e6 zSisFZ#cW>C4I|mkrA~15wcI;C?X)VN5Dfbc?7yFjYGsAh=X~J9h3ms9-oHfXOA9 zKkRWIske5_o+uq5s>W#^o_Vvx7IkN#dpYrp3TWvHY;yd_Z=?f-s-BI=Uz#bD*v3hN zaPN?|%=N1^JfqFw9~Uu#RwGU5nQDX?i{kQ31izW^+{6%#{0L0jX4_swQK@&1oXxIM zni!M-VkBRW)4Hi#y>YLrxn@HG#rNOyo=xq*6?B{2&EZ+V8=LLBWUzg^plDFf6ZEjHZ>~bT%&ChQMQP zA29!c;r_bJtH?59-$tFV@S7muP@?jYn|;F0(QCz&Jt0`6%3CH-<_{Zhk)nSsz^SO% zC11R%9QiKYA2=5suK6tYsz6f!sM9)>v#FdI?fv%(oAL(L;4Fk4nwHHNOI2`7r2p1% z!tT_|vVw9O9Lk*$dFoFTPzKpD8z0ARDU)GQ*#`m#}hpDl&D73h@By3IVO-gHlsb6!S&-ylbOeOUbiZ+Q8Vf<-4Hg5NKuj(04r)hJpVPR`!jx1S>5e&%}B5%D1A*`VTm{ zZ2732%iiq-gtbdwTKi~UOwEQ;XHA{GKSpUFfmhGk(p%=Q5tc%z4~iDRk{Ill_6wCA z4Usf(EblB6hQ;PPfs}WE>C+yq;#=mVxoT+SxN1YaD@EmxwY0Oz4&MAixyKHDFGhNN zRV2rQO>M4Cf|6et#Ws#RRaG~c#%l{HX5QDCSz(HkF}?OnicszvshzS*U}#)I4;%iiY{8EBBsAyu~SU|M>ba z^XA9V(b1Dl(~E^+lar@Qi%OL*Kohl2D}ypSYD5ZAdw15AOnR06*vu|YGqJjzi>FPN z(oIJ@Zh&0_*qt0i@i@1)q}l2In}Ioha@_Ui7@&AS`QI5U^%fx@js_R_P*MT`WZvP6 z*iv)dyWR6WEkNa&@EW1xMlJpD!6M{nsGBCe;T_8~+Yem|_EyeJU%iN}qw_*dS>ZGX zXD3U`^xUj6r~;Ol{TsmIX`h*eEm59zj2(`;EZ=TV3jiuBN8u_RbFR{m(5MPWBbX!^iUv{r=EY ztgK#QV~5>hAcIb1q+0b@9%(Ay1z#dTeHmqCq%)_=fZi+8QlzC|$Gc$VfaTh-~PycRDa)w36iP^>Uynq&!dO#%*W&hh+jA9 z=pvZ16NNpt^RH$kOKrA)3R-Ni_ImBT?AZjFfXC_KnbyI`+b+L)btJ*zc)i2!L3Y%L z!LM_*@_Dvq4GB{*BM6<#s>n>(Khz-YN|=NrVe0)Wd30y1q8iQ5fYy!5sy}3bWm_a= z2uWXn7O%bySb;|85oy|+$4zSX5up~*Nd;GFB*Pg@gx&oW>deaM+V~r4ax*zNXJ;k* z$JtAYN|`!`d&gT?-{%GcqYljWzgpXx7#u8(Oh@A2q}W>EK~-CGi%;w;*h)aMUne;u zvuk5xxt+b)0}Tis`*nNwhmG?OKgG~GqtK+UNA`r7tyHN}URKI1;moCpUdG7#+QgrF zhd-Eq4C5QWcB6Dctu_-4|3LfnA}1&3;7|((JGZ>TTxNKGkbRZEwA=-|z5j5&Rb~zs zfQ@&lW4_{@$K3Me7v7kb93Cv2e|Rz0|Kh~}-GvRld;O@(gDA-tMf}JLjTZTKe6Y@7 z@;4zMNIUpcohlT%4{4>~rlYgLYP9CLP{UTK{pz^t+|)Q$Q1OvnZCS!aJ`ZAw?{1Kjj&u_NZm4bZXxc{M zk=~`fUiF0EsNqQ|s%oBxkFp?KG;GA78pg7oyfOrUhuFx9+ej`>w6II>jN9Wb49~zqk4mOd;3YQ3Cy%mzVp~zX=gnnLZnXjBh%NLXXcvWrwoh ztZc8{8$H%orMU+&JAHs4IR`l@YY%I2D{oIb=gLDJuiId6W?Q|7fwH=~-vfW?EqS*Q z>DNC_?jiUOA!uh(vyStm_7NxVZ)7aQJ;Q!{WAbDuk)_Av3|90rl!{dL+ zd;9Wy!u1wE8D^J(9YUvm2e1L>$2!jR ze3#UP$)~qYS?#a%a*Sg?#tBMH)PK>=qSdPmaxg7K2N3x88<3pg664$OYR$f9@(hU1 z%Dd4Ar z6e;Z!;wy?gwk%J05^(KodwIYSZH%bn>~WbrnjuuMK}K8SbkHgMfFd32DA@lh{GGegT5wVyqao}b9cSmJ&K9x1%ODM${fI@2Gj(5doO02KUb}geJNNpH<(+F^4{|`lDekgu?SoAMP2H&{u3k{wA)|HY zq4&)8SBvYe_K$g@EzL+fC?sIA-*0#vnlwFW*^-eX z9+)RH;d*r$7vCFTjf*NPaFL)TFXwXS$)XLRA%6o)E`^q^vQbGLfV(=LZw(Iw`Of;vx?KcEK9cF z`E_&4BqbF=Ow+(L{DPy&^8lJwdXh~{!RUxx6-v1vq27(p@oBt4kUQv?0BWn4lz!+z zhz_L(lDFW7fOceDUh#HID>RvnDJ30kkM6|&tXnmMgT<>>TKB`CO?HRyk6AHzX-}wj4WPrZ)oTnHCRmI?ukgr*za=tDmjD;n)^>G$o}qi! zCB8E#Bi3#(syktHjr^5fZVV`|42X_O;6mddkkFgv2$DSGc7=VJmQ_Aa$UgnyVMdTB zJZwyj*5GElZeW;|wJ(lc_WZ=p);C1QLyn8%qmyF6aJeZ!q#S`6iD+;!*`%Cr{lbR1 z()!6!9`h3s1MDoX)N3-KJJ5F#RJ~L79y)61@bDvA<87mn{Isd5u-ROxLH$-^Bhp?n zp*%mU4qBq0*QLJ4y+DQZdFzE`G48wl}T@MnypD|_gDu1a?=3oRUG}aK zSZML?YO&-5-FD!eWRF?fG;R)9$~Tob_O_v%pq)kQf`qDB=ZyW|5OR4Sj&nt}P;BC8 zV%R>?Tu?mimWyMvf2QN0$jd>weCG|hYtkq)>Npg-S*)u*OU>-C6(?ZzY=&rs_c;*J z%gFPUDmGq|QZzO%)Kn-)jJZt?&qQ4bD*TRvEL5?y`oA)#TGDQ&NkEvW6>16A5K|oQ zL|E)F+U$~kvK#nK<$xMYWcun1VWOwuzgZ$LQi!V*Ip-is_WiT% zhZf2E-zaJ1q2vtA~IY~N_9uVS*b~l~b{++XFtKH{4N)8xj#8PNw7ga&lo-b(Ts!`fX-f zz#F6zThia!zSffWWWg^O$_G)ehI&mjep?#=j9_4s2^zK+sZCfjeA$p_A_mOWPD!Hp zm}~7Dn@SXr%6IL#uBSkJB{A88`W-wS(|8dAkmGfi8vtref&y~p_&rv3(NF&ZtA)_g zp|k5Y86Dl$M$}7Vf2jzybH1irfXu~x_65il7~bTO{HD^OkxyoE`YQ3BZGb9YduQMn z@&Y&JW4wUbwC2U9BT`zy%64ziNEmK1tNcY(_)xml`@fqbs2jUKYF>x@y|6n>lzJsJ zY}7+L7tES|=a4A@iP4H{c4;`YQg0S^el@9AmRBr2&6|A@OBl2%OTuk)(s(R*tWAYn z)VDg1u=#3~7}J&l2cJ{U$6)pGgn|aRxIHYUCtM6Ji>NhGYuck1T$-7vzz!EMrEgfX zH(pr2hZU*Vy&yZ7zul`|YT~#kaVbge!NPd6Xwa)UA7oWqv~jqtl3jF6W;`#PV5y|U zuhJIl(o6B9H@QjsP3DDzpZwFXCC}{C+=MSfnaV9!?6^ktj>OF?FFb?_-7IhrRo`3j znP#*}n;}Z3J|V+3Z*E#R8&Ltgz$ulB`=j277#m1)PV#PKI(h)pT0MCFy2b1Do1(Y0 z<%m_ws30w=C1V%RPwDX;hPjQO@4i!ou@({f({z6I(_a0gG z6ui3r{_u!lt4bT&2t?((T%lLFpfBP!8BZx!wkkql#WSC%v_S70$NxU|(mkMVe8U%1 z>%*j$;r}xk)jzlxfRUr2e9(dC}3p_=9K4U6#9S_)$$v%yOe zv!X8ra1t~byv^*|jxqZC=k3?b`!Z7bZ5rh$XgklZ2-wh za}24UEH*=qd#%UzAH0=KE$rQi{M#2fz6&rng{AY3?prL1r%8cZIC7UJl5nw`Gf_qi zF=D+Bthfd{xklv<-lvt>*qFd_Yo)NbIlQM`l! zOm}R_Z%vnKUFfO>N6^t5Dx#GwCzhH?L7Kv<_`-S26Gfw3!osPwqP&QMgp0{9H)hYu zaov6~a*kW+CEhzzgMJ|%hG=f5->|OIV7eNI`7MDF+`R*^m4r~EkyGP(r-Epz^&FFu z9OFK%4bwV9lYq2{?`iXhjz!}{Yoo&|G9?W8x6gC3ydsdxw;1~Buz-@#I6~LN-d(IX zm-jgTh12j>TFDAs%xi58c6I$uA+&Z=(1_;Y!q6E;*DKa>I<5J4kLy|E7Jq4aw!k-R znC31DxgFz`W^Vi-rq}DVJDw{;U@nY0$Q!NmmK&*N;4DP!K%%_Z>ch0H%u~mH{7RV2 zjZC>-9=LyMqFuO*-^}l{+)eH|j+9q7*ZcLnJfqJRGzoC158takvq~mC7`0{fVA0)h zEjFxf%G1xJOO?mcCrpN7k1xu&${#;mTECM&D&0uu1#N$_K*VVVjtQ{DfZ~Yh8I?2mll7>@_BWY$D@&9_wA{4Bz*lp|1GiG70VqC2BIBK$e4TpVMxSUfZ|11EZVV z-y{W!&;?d{9_7?730A`Rgd_zMJ~pMW8l8U+m4Vzx77L#Z{lZ!k>CaL3TJt_-RY<>R zHoBW0a&T%qt8Nl8>T-pTuxwLqE?%`$TSKUs6jkg~`pjmK($`+-XlP~)or7`jyx}Z} zKVczqFO~ae4_{DDnsj3p=>3u)n`ec7TS-9u(>8wmm%kUBZW<>d*7yYz(UaV;J$5!L z-Tor1ydZ6?J39+Wx{+lsVIiRt@g351SzcZ#Cm13`@h7(|@c%^mPR=BG^i`;w+;JYd zj@vM=ns!`85yni>s$6oMsT!E1T#MnT`ikE3CUQ{*QkA0STA_cuKGFQPv0f6M-${H< z#`A6Ub|OI$rR^NKgg^gX<4(1+x{Q6W+Sgm;xu>|H)0VD@vL8NCykNP?fbx^N$W|r9 zT-#6X!f`Ml26YS{=@I_ojjoTrTxYq#vB*qxNc-X&4%LlX$^#b#@!U`lLOV?Js>D z1%aFUTZIf9KhUePvbseHh;9Iq0M9M za~hr2P2#yA=CG2iw&C}5H<9vO)gw<7t1F_-%-NbkdycRrC4Xptj)Q#k0Ab3I3-d6+*B*`F(^>`6(;QoBXFORUj0`l9>8E7al`*I4C zqpx*T-)25~>F$iR{b)2jU|^JsTS)j=w<$Kf$dg-to5zdiGrHr~3)Yu~a@t!dKcv%uNV^hphIpi)7shIfJUuH=KLAal^^(k0X4O%XF*b|leW zf}C&hVBvrcZ=&oheX!>gKISf)8`wmAd>_&18w?fZe1HXEU(h4V8Oy_K$4k7?zG^Q{ zfI318Iti>x6RTzxptcX$5gWEhxNh!#*)l8jN7pX}35hidz3BN*B;x zpOSdOnsyF_EE3MWDF3{Pc{4k9>&xJq8QL3S5uK^)VkOc2Gg+2?H89@MDu_`jev#`< zLdFY+spLmIz!$h_l?Q(v$;89~*C5=wVe8wlTIds*jO!NHTFzz?iq=S#>LM$ z^fYbbBcCI5#dP{-MqvXg{S>lXoUMb>%COuY_mP`E7{n^oy@t^!bsDvP>q;szIrULd zY9E??aLv;54dJ-Bn-&NnMJ+8eTNAQ4c?tZg8OR&A%d_U9MZ6Ja%iqIs!jhm^p4bMCm2TIKWv2qQAQ4S97Vpv+XC&?umVq8|b zWQpS=jO8|ZpNLoOPq+tm$}+Q-^`>4#tX?N-a>ykM~HIJ39uXU2AMaENJ4-rKm&^X$} z$I#a^om!*oJXe&-)Bd@pnFt5b_D($xPimO{YQz-B$vZjy2NbK3SM&NB3N6x{&5CQA z3Vfr5Fy{^MrJJ8ggj(*A>MCpOel<$`GL#lCLn0Uaw=#o^V=XFAe38KDebM9(d&HF# z&Z(~d@H6G0(|Faq%C05Y=n%U)q64gy)QyU+_e*`lEK7*xu6K-&@@L#^x|ZHHe)UV~sAuG8#MQ{x zvdE6D7sFJJ3=h-87mx90_iq%N0^c;s(bF}6Vx$p<)qRCTK20ctKf))l83Ql0qBFCB z3+1@F-@LD)8jD9k2SvM#J#_WBm@gC2HKcJB59JTI>pfK6j`G@O^buZFy1Tl6qu zimh~Zbp~uVU$Cyx17c&kqrV+nYTdd^7r9P;$ebjp{Q3w~vJo_0_b)|UeaiTe<{YT% zV_%u(J~2>ltNwOM(&r|+G0-f7KEZaHStO0VSW6Y?@T?WGAs&oMFlCT_89j+QiJ4?j zukB=lQXCG5qj?toh_lwI%!OcN$wT>EdiP^}Db^fxu%o2#2v7!%AG>jO^+UDlDXO|=S z5utZQN4bf65YGd#1Q}(5sgoC#tYpvZF*fmH@<5~DihI8QLRX0@Aq|=1*XGy5^Cs8h z%f)y3*AIXHBaQr@iJbqpi@ieihDa2m+-0?mTrnnLeLLa9s~F?}Ai*i8M9@^@Mss$jKn9wIu=W%@>~332GN!RPV|_&Od!U#QP)Jzh6B}A9;P0luc5N zgh8{ircVFBpxKWws71bkVY)}KN)f-EEC$P^{$SL!Y*%|ZTDuaP-ePU)c0>fRk?VS) zsZGh|;0`thLma&tQwHZZoytWbH{*)RKUnY~@Xuw^zgoiCHYDhIl)egoV74eb$=G?Wm5ivXXq$SSwlT2Ep^1t z&oD1C+%vhbb+;2ttr+xY(DWXm4T)TN0G1x)4Kz`^D)So%jNuz1qW@q-whH$mt z$D7A1YFSdwT(AC2r#y0MiZq4y9E+ElJZ`RQ`RlRs2vJnwC`&c=Yqh?rUuCte&8x;> zywy-TH`lDF4VJ&>R}px>*BT@8k=}&WoYDtrYlK)78ihYmDILXh4oCu58=9OKC`rNp z$lo75&>oT_;a#ZSS=IhBp4yg$5uFKYsH$hqdc2QKa4-B-ybMUoo$eT;&;3cs^cYiPe*l|@QpMMcFYxlp}u$O#yj0{;b^dj5eO_1@`qc6E#SxwzJ#d5ggaWwft$ z+^LpNT;}mdKX6h;D=M|)$o=sYxW)Pxf)yAd6CCu3?ThE(`ih7cUUJD>@q$aHM-e?A zH_Q8XGM{GpY-~2GD#n!m76|Jmr~n?I3jM&iSLCZnOz~Es$HBDb7P4)zj%Ste5;0hbn!CU0yU&od4Vc4IM=?F3EV>?jA~9gid{%#S3v z{X|3ztlDw|B=hY=o#ua-5BD~YVr`^5Kwx;!VJXL$Dx1DhmP;&=R<0&Z)`yD0Yd*aw zDpp|+HqnSPvMw@&j|;R2+8OeZBO!`x(|mO~CMLne)GRsrb$0rOcK3=Xcbr6K*3Da9 z=3{y-I{L-A`9)3^PR8jLfe!-XlT^%gpxIMWKdN!0T>l6i{r((v+u~Y^yH?&e zzD^UXx3@W>I2Jv)C&hjALx1-efSrA4fLC56L#ZuE7olEPU+;?cY~w?A4R6O-6iR88 zz0bsMpf*^>k5*j2COfYvGrc}PU+*hX%<6|{+}y60s_bj%Lda`=Z>IS(hb~R8o4AThlcIKdsb6!V1ci1hp_Yms)BnP8-(Wa-t1; zXGFFIX4NG=lZp7k!?7W*DQ1HI25!{#tiGOCJmZ5ekFzgzW(Kf~YY<39*Ne>75;w=& z{STS`)IB69Hr83(z`wfDH$Jd3LC}lh{upoX#Jv-_H9fyLIXw!I8)WP=byjAg9-oZm(7exoA0#s2}i@+z{-Xqth3s!81toaI7H~^VgTPxOu zWt(d2MwRG1F0D)6Kg#_xcz*2G7MHkzw6w*0N?mQrV;5v_%H#jPJ%XP1e_w6u{X@_B z{(#K${7=FDe=rJ&h>6?V+TP#)6c!Od#smHb3VL{T+t=5Z*PMd1-KeYM`M10H@lyXi zy3e21{`G%`I`seXcl~ryi|c%jj%mzs)VYD}K2gl5TT7X$iWJjVT~}H&fE%t=j`Yk6 zdeAY@(GM@uso-ismYxJO7XzWjXtvz`LBFTo;=bRN&^9TpS>>EYnW`FGxEadko-*Ay zy|N%fJX(5>so)b4y-o&FFg;*YqMI-f0KQx>zCj{@dTZNlC_9w&&sNLcBJ~E78}&@l zRsQ{Y!Yz5D0w=IbmUQTBcToO4sjj?*wxnH(oz>szc^b`#mSPna63&6RY%K=C6UV1>)QJhMVd)t^|)CziGcX`FZxH*qT9m9 zVzwn6H(xy(#d?lwY|ZA=ddmd=-IA1V_Tf&}uvats689q7mkRICutpLh_QoruYK zv0hExGeKs5Qy9%U$=NHWIa37(C76Js!}rEA9kK~ z5|-gTTx7$kznn2QW;en~8E&cra;VocUs6n29d{ZBepBNUfb9PKMQ?wU&Uq6fuW=$X z+APE090flT4kepMvrvpPUd{8&-fhVX_m)KOHW_LA{u=3kK#%RZ6trLE2Cez1_|h$k zF#QI-TRi?H^rTU1-qdsjEmvOcIl`2v9|Wne97szFI77}KPO4+tfw#{Omym+plyXax z*XD6dI(0pLPTb}s47#ffUvI8Qi5t!Ag>tMO0&z~aMs%n$=EA^^NX%KdS5?h7RAc>@ z3Jp`xcqgG887H#Re&17|AMJSQ!uz|zCwrsGM(kZKj<*^~ND8haZjaDeVj#`EH3 zhxdGEawMy14T}vfmc)z$FZIc?vhI6Vs}Sy))Lmah<`T2n&2G%j>^nDVsscdJ$ zX2q(s>PeNicbgMI@ZkwujrCYxD29?~wYls9yg-nR}N*!0fd~4mw^HT zPCd>x3$-MRau}O)M@kd00%|XyY(KX;%1+zy-g=)Y}g(Q0Z&aifE-z26}Y;e zXi#EdesWUn{GEC(b_e@Y6?`w3#_Bg@4n!fb<$>|~-!v<_cn34yukc4Rn=;~7_k48| zv1Yq4Q7uf5^OaCfD-W*=j7L!hxn&D*sv{;aJct1_mXvM>pY-v>N~PC|_v0lpt`i|< z6jr`EDMg~>0cu6zai{ag6|by4WNb~fbaW1?Zn)lb&ewmPj-62RF@z1!2VQulXS|M* zuuU0L*XivOjMIHTJNem}*_sdbcSu(csL^KABBLnB1g8i0oI+fKiwh89<-;3Gel-*K zYQm|YW-%*%IBN0Q)rELFe*H!D?AJ`0;?ptZPfFI?%G%V9G$Pdt$TDdleEdo6q+9S` zf02QuM1@o`mVPT!RRV2XXBSyYhqCDDiJb8G=!b8LJ`w7Zs6jU@QwvPhhHVZjK7o$H z@Suzb72hmfQ`q_%hL_axEe9Mm>mg#n#73iSj68rb2V^+ z!?2DxSin|u#`Up(2U=i$8>>1Ed;wxrRAo1u9KYf*YX-9S=Ds$*s(Y!kK`^Y>B$H>A zs!6{mD;S(x2gFlov2&+b3O`j+FWz~3M*(F64-@k^Ei53Ta+AEurQo@t;Q<_|zWa+q zSzRV9iqK*ps7#bIhEnI#7K;)KHa$Q}#qEZgwYiCQajK<*LSXEqyfmkL(o=?h2PX8M(?rPX@Ojq!I&7w=PWcAj#`J-`6&vB6 zGE8DrCkmuyxpQ;FhWvBSfDC!ja;{lB<+rhKB6wX2v3%WJ^mB*T(qr~%jWIjFg^VWX z(vM{iqHx`u$TFC1PWc!a{5%*?9f<|ZXA-4A3A{FSNAbUhY;H~N=eeJ{^?$54_!70p zDjN6_T58qX@xxnkp;ER`vMg>f`BXWU*|P1qYZS(8sYdIpGTM1Uz1_;;iU?M&OC=JW z{`A#Ejny{UMyr&4O5gt__tm)S*{rMZHKbnO9-uL1yO=tk_wz2oC`+%}T9%nQ!>h~| z`VhegD$k#SaHe2TP;zFDvro@2a2lnwwfV52g+R?-pCA@>U1F=;;jNpc=zduj8X#3? zjG+}o^=Tbt*3k5~g|Y74^Y74a?OmY>EEkFYz|-lbOi-3I0*bqk_tM(rds`zOX{JUk zFNHbi(Uc0t5#Clcg)Rdl;YC2B$0Vg-?;`Ajf1dm-u&8S!1MflWte;8Z+=VAfp`3lFmWKU<= z^4p&3wT-%SQbGN;#H6q?HW4)}D%=YJhl#Wp600{!YlZGbG>9x_oB7@3A+#DT*`0Ts zCS7fWhBvRqc05$frTkZZ+u{$zv6to#{Hk^u#ZvIhn6u@@%@8k?&4oY9A>R?@2}|NL z-c1=2Rb8aY7d}{xhopA_5(SNW{Lgd|t2Zo9wk5XG3yB#ZvNcDfDwb95mR>nb1 zXAm4+;{2DBsL%)-A!{E;`oJaJg;cz7IDcS?RVe;t{MCZe%1jv|-de;{js3ov5({@RP>2QuSu2fNiFDp>)1Y zh07^_ID$j}xB#aS9U(v+EyC{8NXp_~V|?B0OoA)}E*~H>`et#8`CL~%mmTFgSeu`& zE}j}E^L7rZ&xX4@%*H}3-Oa7lu27h4Ha!By&DTVEe6=;%avmxe@DkhLf{=jG+ufTdfAzF-`k1TL;l7xo<`h?WfNBNO%2j6#m(6V)qahZ4 zh|EHfd1IEX+qR{BSW_UlC!1Dv_f{wg|6s~;=NV()*5BcAuXJQGW0Pny!sIw~)M||l zE|BgF&!z=ZyiR47hRM+xcuR!!TRJL>7n^{bCwQT98I#`fNp7dR9*TlL(#oQHe!FC2 zdSkq(aS@n37TvB9a+k@SdTU;GW-X~K)v?zuQLHD(Tgp50O=R$VBQDHT7%dKx*M!rZ z{d>i20#T{6Z+kFr`8zIVtxewOZ~#wmSCdA@@5SIN{r)!_XHJ3?Wt&o~b0Pa-=f9Z@ zttq{#&wj;w%Em}ckjK)pAG@7-e>WxVrA;_x4O(Mxm0Jkc1D3dn$AmBO8=yPKs9_OR zuBN0PVeqJYoUJg0rP+JGbQr?nj5Ts~na?R@(asataxoPy(qhgv$VY(I(l+|^N*y`k`eC-=|=Cd&7e@wQ=>=yE9mrQLjFoygHJCQ{_MT?e&fSGBT<7_+!P5EW z(|o4Rtlw8&{Dww6wM43@wOqe#n7wD)3$>_M8&K@G}WVsn;HoHtCP&m#yq0Eu+&$visek{QKVPF-p+1pONdy0Lb&MfIPS9qbSAdvJg219MWpyH)sZ1JwGHDb&yu&J_D zl91JC^Vs7C8_MIRxdf1^kjvw1%SnC{2NqJ};y6R>P=gP+Z$OG-V|7eMH@vnyb4fZ2 z_5(JB9ZQ?}w|mO2fUB9Gx`-oRx(KxggPivbLe+=$I%p7X*Ui;R|63EqlT~*-`RuFs zWx|DC|4zZp@hUrY6ka%HQWc_U6oW?~1iLUD%zBjoF&dR}(>2^Jqw|_Xy0v(W{j8xc znnmZqalEmCH|d2Y)f{OL!nPr%?`_{QHK3R|oZJ+72qxb0qgkM4FD*=abcBLIT5wgz z3^x6_jz>d|&?!XIpmvkXLu5V{JuNmi*~<`0=YGii~zr+m#atGDm~wWvn55uc}5c&OzAOP_@MX@0tHe)KtI6 z!nM47YI)_{U6IFzo<=O=_UGt@s#F4HK~}Y*rEK@J7mvLEre}V|Mmi+gOc1UQg4II3 z<$Ynj=?`~DfkleP1yXtV&*N)tFNEZ$x&tJ-0{rdRkCt7D6!o*pr+ z{$>2KE1No3{*ud`Y$4PwN-XVAKQM4r{N|9TUe?KyA6^KK(*J$AbR>w4d<($Lz8#+z zFq&qqZy8x$ezm4m|2!PB5p4xB#th&7?m2aqo(YON<&ORg$ZMHgj0fmcVrf z{Gi%Q)=`TkS0VdJ`WxT#U0$bL5rf(jq-<3wXj3_pBj!2ca!7FhQbjmR@AlIDYfbc_ zV&~bJ6i`%vMRTRKGvZx_Sv2|Nz32SRZ z-rALb?7k$oSI00)-W@czfbo`PO&%RlMiS9#Q6{47F-sk7u9T^QWN8^?le702#jc|) zHai(M$NBq_8$QK^9~h@>x5|JrXpTEI+b!Ad8^uokp}ID;jEqr7f*-eGxd&f-aPDp} z<5LK}ytM}X{Pjd0k^E3$uz%-EX2iWRJ)oXqY20Y#KM<(Ay*cce(mnoxwf}wskR;i? z^5VtGxy}pFST;f9zLqc^4>r~M+)Y<8m}z_5?J|$uvJR(gB`*+>bSJvK7B?cq_#1Jo z?Hn2cZE#)*#$kP$#YICv`@q_GQG(M}I^)K8vqmRu&uBxsHJRyUXLSwU;j!|uS10TY zj1%iQmcTllf66A+j7fjA2u4R3M=M!e!alxl=BQ=`7xKkb026c{w%dMqm>kF}U@QqB z=_{9Upc6D*3AnfsC5YtxAE?+H^}prsBtnvzeTP~Tn22KF5?0WW-0l{| z7b4e~zmkpdl|}s0B;2w`)0s`HSsPvJ68a+Vle!0AonO~Vn1l~o^VsB~y;y3|cUqYn zmWOcTJw*1)NL>IG5R!NO1q!(QQw?T0QqzLQTO~LV2ysYV`lxo?r}XY@7Sfti)W-G7 z!gK`od|kOK`D?pg-y;yd-}6A7NSAIv4b$iB!m6Jyf_Q(1O~hg5Nq{4h5FP<3!%10Q6<@#OfC(>8 z)c&{$&okfwJ5#T%n=-%;EW`~rHydPZY$&h7Lxp5=l3Mh?ATB0~R%atx)Qr5wFG(W7 zfG`*N)0=UWFtA8jx$k{3U`q9y4oBKzl*FE+5}iZZ0Q(s18?k2Q*BvZ$d6QkAfj}4q z>&KSyaaHH!T-MIdKrvV=;A2bc0LLv%>%HhUh5>Mio{p|Li18J~lN!*~-7=je{kimo z!5O9;8w1g6FRQ|zownL3Kog&BOUuS|HASV$az{2+l}fDFLm`fz6oHk+**V+0@ASQ- zO}MFK^(2&O^l2^7K^!cO7;8rw0w&uQ_%JOlhoLos#la2~mGqr?XH*M5RkL=<9=Dzj2C&9pLS?rmB*Qxh}9 zEx7l}kvmGmnWM~sGc`vbTDb?#kjflrfZNO@M}ns2LU^g(<9NTn|G<6U*Z6WB=kK~t zyh1qgt3}PIy5spxnW*cMIaRaKZ9MMaESly4Ao49lOacjZyctk&LUjWbs zj)`E2D9qKttnCm>7c0Cy4EOKB{Zbs=O6$%%v$4qp_<8w(WUq}}#s4DPO5n>&h==%Qs3Wso`r&y6fXKF$Ps`GnuN`PFE?sv4XU#UEL0S5S z)U(D}{8Wr!p-c=y-(ad{KO=Wl`F?dSIwwIBqlL`R4+sDvefGV#1iB@a@ptOEc_28p ziF2bNW;5|9X-;(5)>niK^3{7oC{FEFAt3o%{Iw|5r(=g#P5*=%{0siah0e3!(Jlb1@nu@VavEvL4lv?A&W$L9JwnIBk zr!Fm=A|nGAb0K|hORF|y!kb`ShqNCt=QPrE?i&JGdc&XMB5ew^_L!`fJnhilS?S8G zMai$MER6RP8l|e(zar)N4g6l^76d0@zBN$a9~TrhFNx;Ky4vy7MB0>nggBb=k)Poo z7iVK+fifvJ78`U=j?yFxxcA~erfwXD{uD%1<`S?`0(KE&p4O%v$*FVCg{4LSD(^@4c?I1|_4NVAMuR~!+$@DoGsa4(@|Bw=T{k)zp z-srX1XRAa?QI3&AY-9rB>CL;wuEs7RGjCS7U7rG}Z0+6H$?0C~4w-w?jSc;BtP~4Z z=_41u>N#MVE`Bjh`U!r#uA5|%A~92OcmFfSXW&4$q?i0ow@aeg2@~R_1G^X=Xch;WFUu?(Vf7s3(6Whtglz~8EtCc5|)Zczh z0EcOtpQ1nm08r{zD;J@;(aG+%T998!-%#}zmG#RZ%MW8%*V)zuP2(`y)6>&2M|H>a zyGRV9FC<)I)M)hDq97oPzWo4JDRrIDS462a3X0GdTkUg1FizYzadR@#x@HTl1 z=p9aOxAxL^0C5rS6ao-GOBlx$m@(O)m^1WNrs!sknL*6GRJ8eoMo6X0EznJ!)mpP< z13@yVE59sG(;u%j0#G1$7|ZNOVHICothabxryg^uE=7hf`yA92(Od z@X5bCDN6XYq$-`U$tF<_?Y;jhr2oHDF_f!^WHvnjJMniF^$2}OT_`;x!`#WqX@n%D zu0Gz^SB^xQOfSqa7uBJ15RjvHWKqj+P4x)OH!LiSg@uKQNo>6%C1YLSiHZDY&n89F zqM1`@Y_{03SD4rXtL<1jF>8lyRz(nq>s)n$Py$9P-o7L^KVP!=50C=`ZEtUjii-NF zwr}`i7lX^o%elC?u-bHOra+vYhbK47PQMNf38}YijreJ+%i7-5(vfW180<43^-%%| z=UG}@p@2vx9Orxy6Nm?t00o0ITHCi+t?(kNFiDg*vbOHzSZ9YXsk8g>mW+qLGzJJV z4)9Kn_ybq0hvReVY-FtZ*v!n*Vt`5|Q!=! z#?3n8W=Yx{tX*V=PF2Ou2Qj%6ST$tzD{s}il_uTH{Y#E&Y6a2z7Oek3Y75#*?IOJ& zy(z979po}kE91O)dq-A#m$tUhCmvXFIf35bzlrDf!0Qmd6N)edxqykcQ?n#$Pladb zl~k43Iv?Q?;+5ZdruoyZK=C)L^K2Ic9hc64m-HBcQ!ooSUBO@x+;~BW?+~`VeS%et zkZilS#TfN%Bru>`Pge5Vr0_6;%61orcL@rOs;fqx;n(^7+kpKi&qRp6qWvT%t4>{` z&=VP|-8;TUPR`hdG)qC&s|vNM)RMW*D1wya^v@06Gf@g!+x4@{SUx)+pvGS_5mB=} zpbs^4$yT;)XGXx*LsL$VGotLu?{a>jE~xFL4Ez5|l`Vu#M-zGKT5%my^n%E7-(}mb zZ$E;W#xed1C)*{(+G)@4e%3qGCyme;q#+Ew0i4Jp#PC#BFkCpTa^>9IZvQ7(civTq z>RD%*A<1whoJjoWy@{4%$JPK9i%sZICu(rj=s)nW=xCF`Er>+L+H$sV$z7WkKa;p7BpKH}KKp)6x#)#U zYk!GJ-z zAqvMX+K65B@hM$avLDo#_hb^Pxh`3jH+gdv9jJd{HnV62#amRM@G=2Xreqlr80b9H z*fJj{8wbgU+>`a4=8#(9rs$#@(|jg$gKz2IzdkmMYAP%~pO=V0fW?oy-Bo}SFM&1P zOxR*duLGW;9H+F}pO*LccItkYnHQsE=ROBpS!c;pZiJu7H-M3)#NkZmy9)a%9a8hNygj_qSR z$)n4R=8mYwl=X-PmETkZHG2qr2BkXi!(uky9irT>Ayp4*mFNKxWsr*w=2dDiirrOT z5IGPG-bR|(^PYy6yE-s}EO$Vp$rqWA7sSvhYz}6JN8a#HtiqgWod!MGHs5^02Lq*Q zpP!YRDi~kMarWmPKE(-#>Vzc4!XYfLB)k<7x5jK>A$nZbfz&DVH>;qGArCLj)q9yQ z$8v#gip!Q4i=%s-qy)^#vo1WF0U8%K&Su~0>zVN{kv^5oO0*X^pL2)8{yUIUQu3Y$ zoSNSU>mJuZd2hI2tP4|7q+0eDZ`td2b`Pbqdp1o=OguLZ{wbX*l1}qe@%^ZLvGIA6 zq*lpFbYub#q9XE^-q>=ohIC;Rtt$C?V0^|78^>(Tc5=4^?qZ&hSzmX;$E8PI7HZ9L zxzZj3?W83c-m0?sAi5E=*K|)ePGjtQ994xM=>O>v_@X6LYyt0{cCc!=$G?-KBk{Cz zqhh^Waf0ygUh{4Egz&?fj~P9Nufpc`V$YLBKWO%c%?xjw6p6paOexl^70Fj0pEdJ* zo!+<+Gh|0-C*suT3f?so@EZd+E^96{LH@?IFFww@6Q4W|k0^A_KSQgdqAUl6%&yPn zwZq`UY-RsEAFSNrZvOL{>h;1E=_AfrCf|_WH=Opr5gVL706is^su!q*@4Gzi09%~Q zu@`4=Bwbb1(?|HRRCy+vthIje{wav=l8gG3^^v=rNDiQY{{snWiK2yjti5d1 ze{Wy7CJQ)up+j6=4}WmhfmOPB_)d`gO@nzS)$^$!9-BRZaiO6L?t(=+(|vIR_1>K6 z!rH>jmO1t3+%^$j2z>$)TcRXU%})*8a)1=dLU4K^Gx MHUR3^>N>^!2dnbo@c;k- diff --git a/bcs/support/images/pc_customer_m365bpreview_suspend_confirm.png b/bcs/support/images/pc_customer_m365bpreview_suspend_confirm.png deleted file mode 100644 index f44337889b9723d99396a9277dd36b975b2f4318..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 48298 zcmb4qbyQo;7H^Hx(gH17yv3as2o!H|_uvV|B{&3vx3m-pR@~i#yF+nzf`=4$XmIE8 z-Fx4C_un^XopokrjqH79&bIlTAXQ}{Bu8CG^c?*c+ey! zC;3?u2Hr(s!6>v__#6(J-7xw#r1QCQgD>9&2;lPY2;zNzjF&)W9Fkx*z}@$DU~q6y z@zHnFKKcO?Zwq<`rADi1+li^YTVG_l|IR)bd?A(t z%VlBQd-(5)uW4}tT|BlN8~`&0Vkop|$2O6?U%r2vTu+bOT0URmXrKd4YHP~@1pooi z;v9w8Cg<0QiQ90TLjoN6esVGOzzJ1tpysR606)J9L_-zPf96^L!iiDT0BLx345N~? z*|mEzXDAXA6X%3n5A>Q16r4|{OnUH&KqVOer2~9<5w_a2!(e#uGY3&bR=JL{S~6J< zF96^YTO{hW-HwFt+ZnXF?r(D95=&LzRWZ)Z&21xC;qnOkk!_(-O|4(kIyFnjIfc`u zhOMqA{kMA%0AM|SbQC9_g_Tu2_3^)G`qMf~xt#FxlD0ZWI)TIN_9v^8lRbIvWb|6> zf%oW~hVw~!>~=|G`Rm&NZB~{b!k??GowcPBUX3ck&mvCY-u1F`TpVg~pdyo9#g{zO z)9Pw^H9MUr`Wr61n&^-cL{Xj5SqEZ!{DFl6o2Q$T>+9jIF#=*Uxlf*+()Q_(fM#nP z*kPzfFC7`Bi=jWIZ_Wn%@4)Fr^tBfupNUuif}K6X-BT$112Z=b84X{u3An;V(-M#{%6Y`T4BAFs|cgwaN}$D=hZ*l{mHXl1e(wTPJNlEu8Rjb zQVX~MA*Cs~t5o`VCHbs!BIFgpz?V&xdGWY$_&fb9>1Ejk85udnIR%+TMVW})jEs!j z+%O!ZW;9VuG;*@s4%78Z9$~$0nU8=8bJ*JALIIQh@X5(h&BSE^X1R@YL}qqTW4X?D$$0BXt{y% zbNxV=qvh*<>zQq5ZWyb;nL+N zTGyN`s|ISQX==9T`c}fK9?8Sm@D~S|2l-m-6r?_%PN;~*09AEsjQ#QE-c(uI)L60s z%WXf)s7WZvslB#sG-b-q&$qH>w&WZO#|vI4%|iSzXIoU5A($*zkS-T43RhMg&nb!T#Pxpvn2rw}D>zEqdt5pQN)-n+y*@;s;ljA698ruH`Ey^P)q zT7B5Gf9Tl(+gKvuXDrM|_#(%~x?9G6rM}-j5H>6mNcX;2sd;Fk&jwbgN<`Qj+J-ia zK1Co*4jvsOG0r(}&v=slvxqGMn)q>EFg710sneX5~%&i#$);emoNv6`q`Moli8|7^32^1vwfmnTK<-gPDDg z*MrLf^G8*^G~>^@Bq-L_h^k`k_#98@egqJ9G^rdIo^3tqLNOgYc}?3PE|JwPL2Ynu zv(!#JZFoNIf=3jY>5W2(M;>mID?D!l^Q)AIf5R$%3%5wZ6CQ$}EHrCs=_+ZsmK%RD z&b(RKqZ#0+znqMC^_p7x?d80vPGP-{-E0_BO)A$AsJ-25k7_qd{Yby?u>E>ZrC9Lq z--7QQ8a(LHzk!=?v7<{aKGvLS=ypA>9W<~pX!4fuq73Cr zM~G-mBULq#r+Um_B--CyI1w>?>-Koa8@iHzO`GD^oU2r#s&x*jd=>?><& zae>;!JC-vaj~wV{wXCLB`szV6G}K|E-*;q4eGpDvqnyI5w6u)dIb#5*yZatMf6u_i z21WVz{8wXMj{XfQ9SN?0PPa{La3+g3U^AGwFct(Gy(2ecg+et)z%6!1>&S-0W%f&R zX4hrX28sHveMs0QvEcW;=1xGTtuI~vvk)hoVFEn-5$I++7O$sxNV8JKvrI@ z5=YY)GU>kNjm&JiCX*nH>d7OH(FCiUUp%u+nS{pL&3bR{)*t2J?@x}YsuSkfJ;9B$ ziB3dpBTgvzN+!BmR(|d0a_#j^XJsn)*`T>>ZIy@_+>40=hLal|Zg4Lwrg-Wp=f-|oOZalP+*0n4clvvTUog2kTy=W0@&76;5 z=^IFCx#=9bO@&83LgdS@AA3ZOh-ERPO-F`1^)aWvap z$vhnoV$B9(X_~Dgl8C*(q;#7F_e!c{#Rw|kQ;L>DQIXIq``oqM1))~AiwcH$6=B5z z`9@#Mu4RTsaM#AHp+JMC5_E-X;8$Q=(lonai>7{semTtbuda0T(bF#cyAuqPb<4elH8^{_r_?;1!E@5@l;cd4#EL%9qpzCagbxGcbhg;kx-CTrH% zwAdqdsd3GQ*7BmF2uf@KoGadsze-==g;`j)a64&NBYbyj(iDu`fVnV|qXQ`?+C4ehZ{Ck81D3UQ_G zucBl2Y?{<{<$w~-_4^29VO#;i7>#Yog#@+QRsT$6J;e$bjs!ra*+H4#wd5@d@B~lF z`>Lx|i*+>gEoS=x3V_Mu(3Hc8o7mz}2BO$EXt4kQk7as}tdU9ZUEX))*TgYqh0``V zt*$}CqLG{PIi}!kSrr!eEP5g8T`snfY})x5A6v~)>Pkfgno?4> z3HymBJ5zyY1XDzXjULSPLW#pyQTz4G3biK<)3OD_(zj`uht`TV)cf=J0wfc^O8z@t_@#^C1UeVza16@ei zLG^ak``lGbnm{0+TD!!sQMzf&Qkxyr>@fs4+dO!z-+J~8k^!!nd!{n{8*8Q!E0WL) z&rZ!CJHN%6s%AqBI0axLi3+vbVP?yC?B`mUcsX9Z!&jnP|8ft~w=XU8a2{j12AwW3 ztQ1!QlBIMq*O%(G`XITffHoSVHAOnDJ~sp|PqR!4imOexa8MkcCJG9M3&OcY*Hq}u zds*`JPS9E&XW%SFsk9XL(Df9rE$cLO@eHi)I>%DfpO`ANNcKMRPDqI z`7~RDtV*xGb`{ZjlZ~Xf-3H?>Cy*^J@h-vJ>KryzB!t6NBo)yx97()0RXR2{t_qY$ zJDg*iDjEZo6lZ39fArf7GIGug0hsw8oE8+ntCdCl=Kgp*_I-kMUuRw?Ay`*eA1%;| z9v$=lQk;iizT1m^KMgadlxXqX|ND5_@@~Uojf6{87fQ>@veceoyT4ku(-WIt(v(I( zUI8)+5)egQTz*p_?az#dt4}-%jWM@c`+OG8p;z}w%cojfvZ7;cD2-kH6LEoma5T-+ z&Q{(g*t$FOMa-LKHAmd_Ro60b|UfDCC6DimEv7geXkdYMM-qMQjUS5$F z&}o*hm7&Kvg>lAFS1<+tu8)p-w9(mdY#ZTGel$DH%7C6cE4ej1&8q^2Dxr%zIZn>x zd1SDE2eh?-Y2}w8(rnf>l9tcVkFOCGJo%&A-dfGH^VbUj7LzrzU5i{qnj%{Y^bZX>yTw!}c+`!&*i5sWl8B1RQhU<(|su~K=4K=HM zBu9*u9nI^M9H617r)alX2!$UCg~#Wt=E`(4G*yfmR-IVFjI4arM~4XY!F5?Li3q7I z%dKL@lLj6jk&{zu*IJ{fsNmJ6|a*V8_Xw}k)@AVN= z1?zs@FYMZI-JcPM6YB4lKNJGP;QfUVysFkJ9c4L?8u%=mI_woqT;jTg zmz;*2t^}6t_(gj3j9G=RzGHjt*FRn>*VVtym7^ zN;E<5&` zg_z^{XO-v}qE-{(D8nM3>COS5%H6VU@Mzhu2j#B};xG2-rb84T4RK~EUAZd6I}6k0 z3fEUDd5)x1b^bYVqM`BFCf+%FvKIcEHckS;$CT^b$E{i$XV(wMLs%bbH5aRMd2XPpb zyxfxhYjs0kizPpUym32}^qb@WPvLCl(>I!ycx=v4FsP8=(^2*#O{im^? z%M$Z8vsKB*G->70`6Al9%L}zp)wpS0cd^zo&c*40dGyG14;w4p{LtZ4u7ot%QVj)w zB;&F+ahTQ1c&3@~@NiqZ{gJ~}Y;PYTSzZy+`}@N4;^M;HbE$XBsAXLb;>wtNnKr{% z$Xvg_E7Xy>Qn9icO`qkAom$5rjSV)ew%VvCl))9&sHC)^UW6AY`?B0^wGU9U6p-+1 ziV7rZ&zeG=hRWydbTM{Xso6!(1|&#RwI_4+;ysbEuU$DJw6%b7hDA;t%)(2^sEv{z zr`=U~)1i;R0%8uqO5DxP-~&02ND4UJH!P^=$XV&fqfB<8lYB&EQ|5KQgooTkL{e-Y z4WMmhSMk7uVGX8d-@bp_v9I9O++b}zFomu-ec#}F)vuvHU@;9XS3oXGi0F)akf=Br zmauR!H7;;6igiu@`HOqBy`G#RR6`|n@0@_*`fdE$y7BqNe8pFnt2C{WrErH*X6gkt*c%~M@gjC2O)~GP3C{us~Zka zrE{p_gm>7Cl_`Z|)Ilqzb&!mrV+ZT>A>E4GgqY@>Hh*jt_FWpoQKXjp*$oICKez1P zU~cDrvX!0w$*`G6=zDJ;3D+<-5ig8<9}MlIqlK_t`KK6R#r1ze)6GfTZ|jqXUZr%ZSP5p3-?;Ds|;c)hQhS$Q%7KHgtU zDsO#6Z8&>8(po51uJWSQQyS>4WFueJvWVy8eRXtH$m<3g8VKj{xI|av&*#vaPxprUTGHJL_PMS3sF7sABd13_94 zx?CFMh+)!;;~+F?uPI%0x*o)M=4M=AVx`y52`Z55IWI&(z8~^3Z^wqAJ*iTwEB5FQ zl?A;W9BPr?efeDZ$r4sf-&1o8}{5%XAf1#Jz(Ds<&Pt;SH{C7>Fh!I!mq|hP%vU*Xu|rfo%Kq#MSFQrfwM( zTg>4&Z3h@HkB8vdkAqsRc4~?#w2JTJeYy=74+J>=PFgq}d`Pw0q*NX*m1jJ^`Y5_k zrntAupzW0|^Pq*fZ+!C4Q&Hqy?6sdt>4iBHg`wK{rmU0v+zihQK<%Y&Z>3lL1<$?e!q{wtl6KC-u~zur&5J=DgMe7&)KhrMc(IJy z;UX{bP8__Y^5t=xoR@T6fA%~b!aw~eN$;-9e62gg^0w{f*5VLHekM)YDP#Jgc{@%? zJ+Msys6Cf$sxR`PZOt^nEskj>?;pNi9Es0PJa z+yd<-mh?}V#(B`qp8f5YzpTuiH(|-i_W}OyVTu}~#oLm1EdI~mB}Egd3F|kVz+h6& znmXwLsH5ub?KqA-uSde)qnv2H_tDPy&pl3-JMiy}s1$!UH(hTbMEY`Og{CZRK7NsL zajSVIH=q(!RbJy(%QIQ&lMseK+pKeXv+;&#BwCXrkPJp~qjGy2vAa&!GMf*E9!Qw5Ro%J`?#zCJmF?%ns=NGf;z@em( z>xm$+N3DGieeMp6Ps2@x5&QnW2^&PcZVUVFAeWlJ>j zJ1If#v3ag6?B}p8VvR>*kc9SSeyEG1uxD!ApGu2@qKad`54iPGpU;}7*NG|i~3QJ z4a{pzhQ^z{u)-9b(J`P2;1ukXo)h&EN_}UE<${muq(u@td0cshSjg)&SX8R7l-TI}tqmt-S6w9krA7tu z*pYJa35!ZuLd`78N_44+iXOZ|#=mlKnAjU!XqOQpEk^RtMl9f_3T1cxND=V1zRLyX z9XIa;gQj-aJ4+@eG-H9+Aq&FEcm3xx?nj@c4~EvP^O`FTZC>J~d1z{-K|StLH`^;V zrrr7=sKFqnv&Dlkc|@ zV@uvuNpku99CJP$bycD}W2haEjj$vSPlgq5uGEj^&c*wZh(s<42 zr5Y>Wx@nG#_k(gC;n%fiu`_N@oqY89852D@AA*d>uqo<5NZUL`5m zeABhQ*2L|-teij0Xs4#B3XF`KherHLJDtVJ@%3){1a^ih+QsBuc$0d8oo1qBZq+)! z6#8E8*`I-)`zQEdhZzhOunE=4K?XidD{^fVTBP)C`FM~jQ(oHKwgkBJSGbPLIo_4fzSG?PUbS*ojiGBU}7>8^O1q`ndM@%1sqqRxm7tj%UV6T&}vFjN< zTMYHxPiyHEJmD)t#Kfzup2Ce5+iNaM<698M&+poPY|1J$uQ<`%o^bhI3|!=yzl-%i z+Y3h_4KPGB5ZFn2QBhHHH>06(L+IkER0Z6+A*qRw_5_bh4cSaZ@d_qug~>FVXZOmI z>wHgx{*oMyimhg&@$V)xSYXThDner@TfU4J=QZ2{E5C^L@XR}6U@s$|EE{Fr-rS608z4dATb!&bFoR| zd9*5>6M97**^%PL8RJPcQZ)&T(Y6zyj{GJ0?C*=eC%Df-?hpK~^4670pN)qW7nTKl zK`?WoTyfGO{qf7iDh}%!Ee4}(3yG1M#HPTLv`cA010eXgZ{3-TAhNg3XYsR<+PhNr zseD8-cMn$LA}}uIZn;`FQQiq>UU`A>7teB*xcALV;Y-)rw^C$;n8c|Xwhc}j zNv7D?TzKUAH;vle-Q7^?H_0=NCe!|&r>-?BC*hnEsva`(5yHV6H=l#-FV<7Shl)pW zX2?-972usq9tuy-#=L1)NYOlO`pw>Jw#PRbX|{9DdvkIi4u538h@l8n7WDaOb4#Je zwMbLrKG?5UanL`cp+9YHi}F1gpJmWfz&C7!n%+1OBW;&cOnn>*!;1D}2c}DHbrCG3 z={~EO->CE+cogd7++Hp=j2MLzd9>>1``>QIQVW;384u_Isv5}kEJ_V#TiuT2L~c@& zph#%VPKrRKCh+JF6&*Hql1%u^Fshj%L~ht{05Zv~sjR%ZlCRZy>)Z(dxIag)1|}&R zHaD63hdsSi(3+ZQx`_-8O{wtyo~{{Rk=*l z)O%ciZ5SUvdTMTI_y*NnWwi6|CU|2i9S~8n=$T8))#!nK&W2qTY>PV@ap|&jNk=-? zR$a+6TMO;0z!e&@EmGMt%*)SiQgqwUQ1H~Jh!VL6W=x@+(Ct%;+ZQK=J^XtpVng+% zl{Fiy+hZQ8ixi7w1REiUYAA%p0F;sWmZ^1l*_N=1gMY-QMpo*ow_0C@zf>z)d%otZ zA@pRz8v;Pv*F3#9mwZlDsU$p+m--_dwraS2>lZCbtih%+arQ!1*0vA}h~vrm;*Ctn zY?k$0vxZ(FpW%4pX+rKc!q$^Bb@q04-#h$e=$Pb4N%ADPNmgp5QfB=W@03KwmHkQ+ zy4H1->+0&tMQwnthjw*Av}=nEX$$ikRt_IyV|#Wmg^y6r2gS01zT3-5*hOsPX8k@4 zF*T$y)E60lF62LC(9zZ6i)4m!lz}1e8+p42Esi z;IiGDqLTn#Xl%)~&Gh2Um22r|q!&>wFETnBz-KdG?R$5dqCbUTWq}{4kAcgbkWQGD zhXCYcY_VRg=fVC-VK(Gje--q;STDX&%;andffOL}H#bY>8}08-LkoF%tK&Efa|?2^ z8l8~pRJMJv{JDDLll5j#w-RuJ%>_JWpmWVKRv~Vu#GqW0;_BwZ+8U&GcfQs4pkzdA zGySrvdz_dJ8rQl~;5;`I^_*xjwrHW=f=lm6M5s21=2^hadG%BUpz&-EUF&ux2%;he zLQ`@E?q9?0rQH5p!+lqdvGGqVRDgrRf?g zsOrQJyj>d*TUwHy{`1v&%&V*eeQd24P?o9@;(Po-3~($WHY!E}=m2HFa^GcQnOq~`h}Kru zk~~tI7@bm&($@SW(G@(Ut`)6cXE|o9tIJSj%HYns(RC<4vqHnba|5=@3RMS%@ToV6 zSfc2Y7z6kWK}vW#2K2$F{)uqm8hJtTew;&i|D2%SrVd+%h@Z%YiiQ*z&$Az!T;{Wy zhJuDJSedNrtr9UNnS`y-I{hYa`^0)?g#r*m)ae}4wcmXCj!(5Is9*lj5|=@RK{Gl| zTTM+PGLG^Y&|ONZs-)j3xI9KY;FB&ch0-;JrOxX);(Py&j!`Y*XJTfPAALa9BOoyr z=C2fvy!B?drkb3TzKo29k~^kd3eL)kb9iW}hzm7y86CSL&Y>v&Awr`4`SrZxGSu^~ zj7L|l3B3816|%LN&%z=bR)P>b6(ZeKHIaF;N2CP6NN0hewz$APvS!P+N7WoM+z~1#>iY4V=>_FUZ7bkW)w--3M@A*3)p10jVg5fv6JLM_lKhjQURVckQ1Vt)laPF^PSqs?8-d;AKc zf-NgJ78dCO$q({<_?)dh^<~%%dD1Gjb@_8NoOp)VpfsQb(31UWjy5M~TP>0nxchk_ zl6!ZmyrW`xbL@ew$*WhsH z*``-S*w^BqbIj(9QyE(ISIFtXXt%LRE8sRsT$6V8lg-Ye9<&cnQb9Z`hu3VeS%UIe{Zo@OXTKQukHh)keSUWs z>jCqXk>P$JyZbT?#lBT0T`R1-D7mTW(dn~&`=kdORAM^vAL|BZrs@YP=B`pLI5=W^Umo_`wMr+Cu0ssDik z{%(4JdHL_!2kTgY7XQh<=j!eKPyYw;*rvn(ss1M~`G5245C5n6|C`SJ;s0O{U)@vu zuk;1{750y&_$M7b`v0Qj{|$X+Vs4&`Kp@J>%Fgw_{dc^Bw$;__prD}K+}y~>$o|?# z|K(`$dvC9-+OAa1lznrd>qNSx15PZ(Y1(Z3Rj!uQ`{=Gct z@zx$5T%}^%LI8EL+I!*BKVI6dd}|%-c`BS#nk|lsRwE>UJ>SMrM`es+?_Py~=kD$r zWcs*tdke)B(^5G#aO7S#61%{>=b48g3C{a@!5i^4(#2%NpCqj6yfG;USl8mRnHYIW z3+j3j{JZMz*W<cmHgq+Z(+4t_uMpe zdlq-$SID*vGPA6pN~u(5 z+G^|AnaB7S1vJW0cZny5QFQY_0B>vZ$U4yojLzT9m0B4>L1p$5A2(D{c|;!D>mk?7 zX0(D{Qq=)O$u&<{*uBzQZ|({;^z=JeEgn33GPFGV#l83W;|-dR)-8kqTHXh{x+>~p zuY$)kBMo)YS3peB$KQXxd4^PNc(x;&vo-{2{{!^>BLds#3cZK*9?H*|dmLU@;Y$k8 zJev@G25Yd~lg9;~xCzsnhGB}%`-0e@E92njcv<`c+%qFw>2*+9gWoUs1P+oW#(}9z z8ylo)^KUtcLMQZ+8a)~zPU4xp9VR9xp~Q3(w04H9a0}bz+~m{4qV}gn0%2kw;-kKv z9UZBZMuTVgMrUWn#U>4+H#cbJWP3_P3kO1vj_~t0$zwwPb}OoMqbM$M?Td{b&ti(K zW_GH0B2>hk@erFnBJX@NSp$Ad@vt^Og1k@4j1;D^1K0NVB1_Z14O8uKLE7hBbDz#r z2zknQP>glLoW}Hvy`%i;A0--DK@3$u$Om)TT;$t`uxE!y_#xY00=W_iL#j2kcytFB z&R^Yq4Xjxjp(wXhy12Cjs4G-_2c^Dw-STS0JR$5%Iq^?_PP5^pMhe+iS1p)0TAwt? zDL^miW0h{3zmle05PfRKf}pZhiPc`4{M_h6vMsA#84V`lR^mJ+=I2YdKA%6>-b6Pb zNS>a}8z@`=8q`5}i-&QiO;huF8fd2Gx30!z%~cPDjv2n;8=gl=3l@%T5tAqJoO(#X ziuONNK_4#RJ|2HNY~tGUGh^===K&=#rU#LcKG>F0N|ZzyU@96hu# zy0U=FS890G*_M}W7N~w~ePCjuiA&S#u+Zup7y6x4UiDJubkR+=lND3x!r$Q>w@-$3 z?yjf5FbdS5i!LvhYU!r3b_7&9oZvYC_&+)yN%1JWC2$c%HE7*s6sFb2t!Uh&FyT_f z>u|Kvc3%u`4Y-0I?sE;{+39%?M4!9TlS2ZLtqyk}TgA!(pWF>DwA&fJQ-zPm`eE}f z-mbKO2e9aN>u5cU`ZJiz-az<>n|uH&p(E`48B-qgceNsjiB-<+{X+E>;=6Ww+Q9&w z=cynAzmaoxjEJb)VM}>R=?2>oH}jfR;V-=-QsAY z`QGx@z9miK6g{Q=N2pO~8xI9G|Hz@MeEwc&Kn9dKu(jc4wp;;!Aq8}EW5AjA(UMGU zFfILuJ_=l86JF40FNa?#GQ4*PJkxc_eW@inA#~I`_?mRp40hz#ra()QCDV^@C+LD2 zUYwYiKD^y}%s<2|{Mt8r`1le)h>cGwb5&+zgZ+UH><+Z54dTMRsX5fAN2ku)b<~~V7Jis* z3W(OuKffx($IrM=;b!Ww-3@K`%#s;Y$xBc@8iL;d zBd5Z~o{D_0y!fso?CH2B2ld7v3G)cH)x_3^q_v+=fExFL*3(RV&68TPvU6DeoVE~S zD>5XoPf8wyX=l`Fz*X3qn!GPg@|FR-AMS&q%|6?e9bB2C={O57nm67>j#-kG+KD)m zOE_+w%<&9Ja3;6T1~f1ta1T(Hq_r8Uhp2E0{j8G=^ZFv)`ckha`hd?C%a{%eJqszN z^4x%fkMjJ^RolCKpas&E1l7N}0>Nfp8$UEi=03r14}sD~fMxO2o17c2KGY+vm|INL zDqkPpa|irzFzhF(n*xBaxrCz0>cKT-A>;b)QgBSixNYx=cjlRJypWKc^VU}l+9|;w zimth-VkO!_oaCi#8L;lxL3%;vwYHB&(-oO+fY{*oT^hAaA1MVa!XxFX#%4X0Y^*%e=sRlGB z&Ud{$SYB3PWSu*W(TI(ttqPZ#c+6D-{yVrGP4ag4XB5P&m@vnX?#V3b1KdW^L@-s) zyZ61S6NzJEr1D;?L4YfE*72^ckX)rb9R|7QsZ$BA+Nu{)?px-Lute#Q~FU&7I6|C|_*WsadUXBm`V-T&w($f|_vLgJ33yhDiV+S%Ri+(=e+8p@TgS>;bnf9$ehLAqeu! zPEA8|ELLM&w^e?n`$LYI0&lCg@Jc1?zAbu>JRvnTQc`&&FT_YFtC<-&Fx$7de{qXT z!IhAm9+|$8mokx!`9x3d-0U1b$}JMT1>63{YaAp^Q7XSomi71aCsNv#6hOtpkB1|B)PRaG|ndYmb|?k6saiNI^&oz;lWO7Z!Af({{mlOnD|SusFPH_m{B;AGB8)(c+kDm&Lzfu+3pRai`n2x?u`|# zk$z+2t4%p#4tlA4PHZwjkfm!VMjlQ;$*|G+{74zY$k*ku@Zr-#pTX5=@TES#Btf#h z2rX|=?#?icuR0rw|2jS33}mc#u8~5b9kwk7Wwwg(ssGo$d(aX@h8|t~omc>G*=jLT zwxw~EP?ZtOixQZZ*f5>Ob4df zh5pmNWW3=A5Lc(4VzMimRVuF#j5C#f-?}4;b5q)=l9$HF7+t5s%WB+{Rr#j;P}{V- z*-rBMJ#;&HjAf#qeQw@l7!e@pY>UyaM_xg3Ifwzaas`QkQ+B7oRwa??V2ZTVN&5(M z_Q6l?n_WlKv{5fCi!cUa0c_@`ns1D~PJzQo3U7Oo?P-GTHt@_pE|ecfi&kGB!L%GK zj(+Yn4!grkizIZY1UxplF1jp^UxruH3yL(Y_?>=k+UUUk#t``${%D`VL%wj=ij#z& zGW(%~ajwwK;$BjUy?@fMVy(0J>->(5?pcj#a9w?4i`T_?Ul+&w;>3~tvO3qkh47hC zo=$7!2Dcr)SnEzqk+c`Z*gR%8wxF`gTy)X#XleElBhx8{>@J%>Nnq<@4aUff!&eWR z=WVY0Ch}q1&T&8#tE+%7U)-7Uii=PO+;U z8XDf5eJ^Mc$iff$F7k5!MOw)VwX7iGETQCv(4(H7E?i4cC>?&sW<(6(4ISmm%s1m2 z2fyKCC8Mh2@Z^decVK4&neZz#H(8uKK+cG<){*I_0Lg33tHIZ;I8PHM-A3bL7kE#Z ztHf%3uM_n1M6G6oBFvLJ^AS|D5Y%`3l#rmUv(hwcOY#;{`LiM8H<3RB;weR@hxMO# zaQR)L`WY*5un!`nX~`MY)~5E^mS^Lwi@vNpwIeR;&Dk~qg&vM2Hj zv+uJ0SBYuz^#Nw|ZMu%S&Zh5Od5?BarJES}lSZxg^LyVMzkJJ9H7-gmyJC;U{dKF@ zGlX4gTyORMF7~#|90PBuuY289Nztubx}tkEgq?RNExC5m|&ykB*fwZJTJwT;Szq~)2OEP_7z^7RI->)-r7lb?9!k;d4S?b8OJd7(Lj{w>mNeD-1Y{m z8_L}b7UI{>+dHKi&bswhsFU40Up@D-OD+GEjYs4R|IWuHcDHySlCKST(Dc0%PWCBHJstMd-ct`TvX`yVG!kqpv+fRI?o3BGjgNLhiI>&WYk0y zzYs~W_&^pgX#A1mS36G)b3+(oL*M+8N$fet zU2`cV*xHj??RhNiZX(JIe|<%%8#f6&oAt9Asf=Vu!I|zB?^hS+f^O@lOAE zJc!ZQ&$ve<$8Ag%3EjSIv}Kw6vU9mdD$@MO__?Uta4Jl$lT#1!j@%Ho%xoKHG?g+g z_Df3QVW5}o2o@1Mmwe^SZgC}I>H{*#dudXRg67e~1L)S~IH3pE*rpm+>5gY$l9FU* zvbMH;OQ&APFUh35jX^^+9ewwnVvE!MF)4Ks4aD(}%8*2h%Z(69ujS=-RIy=B z^f5-DnTs>E-hPFU`1P^o-DqMKY2)Z{GS&OW25s~?5QyI>hPFMEpd%Xbh-4oTsfy%F z4yjIVtzjyV=`}&Vp%l98y#%t0PGZ)YQy^2FS}jx~=k5==lv7#*!ozT?_`#)(eT-N+ zUzIyRp5umhTku zi7*t){Oe6t65a~E`dKJOy|I()yM4@N%)m-%uhdxP8CM`IpHuw?ld2G?i@l4myp=XcUzYKI-t~1?@6;D@|}Kg|X#5wCQFEb5px_vtzZ(m${R} zX1B@Zh~PgM-ZJUNTYO%=G^J7^1`X;;9N+ZEb|Z^!RUQLRmo|l1Qdu z^)SEP@wBmc@{d__?wQ6C%%x|vYojvOETbE5xjRa4lo@f1HxGp45f)eJIiI{N#m+hYIJw>5N^tcO%JgK@#B-vGiN`C|fRsS^|Y4s3+EB;n&MpCFwi@sZ!1sNXH^&m#hYSMXnt zJel}zMpjQ}4_XLxiD3{B5|XiqKB?j*)ikLELNzyPkB^Bvu?2)0b7K@LpEcIzmLb&i zeAmL(i7iatxmc&uSAJ#S%$YQmqBj}Yr?BgDb9Tj}T|0B((~9{L4mhx4XR(U_7fIW* zaN2s^{JyzF`02s3^~K*Sv#|DBv_MCwD@!>WD?m=2{#has4@*bqq;q0Jhm6f8Bskjk zhxb1_Qi-5q))?5?8G@yS21aFdp%N2=r$umU-o?&OpwCh%u(ybW$`|t7S3PA%pL+M- zoeMVBJ)Kf*5IGqpz-c|!H=XFp{$gQKo4kFRdkJswanb2vC z?am?&9xBdtsnXPR^)W) zca6k)rJ2vAbZ%XjsY% zQ#_i3Zd}~xDO>1ShOth|R^3e91OwIWw9>TfcyRC~H00%L3^P7B$x3z7U>WZ>wz?fw zCF2f{Qxe5wsQb>xX7^_>ZOwkA8pWgIB5y&g{!4nHlY=8H?5G2s8_enRgI14M8sF@9 z1dk}9(R`HF?SU6ApToCg6#)APwjuu&feSvHVceL$%=n@RLT;7|IWjZ_;%XE@!t7-7 ztZf)LD=6k>n$XI1YqF2=5e>hOK5kCXNZbCfE$({Znq;bsJ=gF=m2|*?xFUac8SA$LEu!I_ zgC9xRmzS4^`!VtA-8r*oNl}M^5)u+e8}kqZ4lHq#X7Kq| zvae(4uI9&(9iPLR!$Dc;lVZP;{&#$bm@ZTms2T`luZ!;EoY{>N6e_o}PYOnn%mGEyl|xA_XdW$X$K z77dwx}^N6?s+MZCaPp1@ZMz(|i!b|ZY7osOLQQ4iajaP)GOxF6B z2rWWa{?xI*05vcd-f^abjQ3M)Bhlndtut@isV8fTgR?USD=Vwlf1b{?#Y#fMJ~%u* zJpD-4bOOge|1#5ub4dKDNnKq{jmI_V-eb!rnBR7_IL)7XSVI>1Z=g=M-S@x9)cng3mBJuUE@qP0`{4Dpk zHJQI2`mWuNtH0)Ode(n&u{ZHsWbJofLAWc9BA~=m`?{_)ELGL6B#woCp}S!kjczS+ z2$LYow7|tR)ITWOuQwC=OAG3`fwA7ft%NuYDLoP_&{mjGHx6PD|Ga^<`?sq6in<)x z*p~i-^fCgzxNRQWPfsf=+$NfY)}cHy$2hu?(soU}fJ`2iu`@GE1F0`U-9>UeB;?vd zr6EP8^yxY=9YLkJNkT^1)u%}1mC7Kx0n1E z>;=zDt!x_@GqG_}Rs&#nw3};ZOva;}H91`LY#y@FvdYVN&WCo6$=NHG2V8Htrjp9F zI^1XK3SU*em}baD$Q0Hw9`a}UcPa}lI-EzfQFg%y)V&!I>bV1Vo8`nZe~B1`XO z;_FM$f;D%%B6%u_Rylr~^Zi*K95up1D4m^ahC>*_qBk1^m7>Ii_?R*$B%!|?(-ptsG4ABSt^x;!$+3bKTXIGV#1dMt#yU_e`Jl<#^`|HJ*hj__;r+2&aB#f6l#{5#XZ_NO6>;4t3?-_yGf#E>8z=Qh_$j3D{l_pM z>)w7&+l$*Qt-+dSikQX?eCpkZV8@NyWGlOWHUIC=sSg@|Iy}}NJEBtG2CD8A&~Ild z)aRVr{~5Pm_lAg<;XG-no9Em6=RmU~f|M!EL_?dU&bgJl=b;r#Kf!s`g*B#2M~}-+ zUP|}Ijt{cI9(RkZ*@f&=w?nu4h-d3Cf5^c0P8C4m>=a}y=Y>(~*xMo&=e9Pja$Z&| z?5zf2{tobHLH^g}_0`gvmie1A93BQDdwXL$OYfqn^p%niF~L~)7N|ONAQTashSuZl zOlXeG7j#b}UiV3`st8 z`0Jz~1V>&Eg2gk|!A8aH77A5v4w%$>+!#{qEg-r*IzlV*-P>0;1Y5W zd+M_8CV@n1j?evat+*ysv7q0M-{FJ}yqKoMb^f6qbhPgtK8J5D24WN6ZKMQN#250(XY~!tI46#()|IqAZ zw6L!GZ2yT5tI4-5B^{-6FasI3$b zwB%e~_(CwMP{0%kTyc5ka#wkXG~WimkRpik+Q6M3h)Ss^uYp;LN78ZNVw2H|#AhtU zZaH7MNe+{$s5J@%O-dBq0KBq?PV4ULC%K!4l~`o~kS4S*K2D&F006(RYw z0A6zF9s=_x0-w6kvB>Q(JfgZ%a`?cxYFT$jogsXtFq1gfc|FZ8g&z4fvjHWmg^|TO z7mlhwrOiaf)z8dDPpBrZ$|TGUc!oE}{1N!lqxkVn3eGvvMiOTo+M~_*^Cb3FufVB; z^u={!wjEJEZbM$vZ$?r(n)$B7zee+#bw0y4VKL%|ikzb~8)n>bE`)mn*J1w|DGyn% z1D8*)JZ&TyS?k8>-datxbeGxz0phgAn&O7gm5n8NCwrue9lf?UWlJ<{JiyBbCF1?I^NphJk$LJE|(_ z3o|%CE|Qhf74L`aeOtsCPJ`Vaq<`)a*9ry&F`M9@N`JV<0Y5qy8{G|F`};tU;n#hd zqY;lls*vpC1#kAsbMJH3@;>=`cV{g+TuCcK4I>u%C+C-KnK)mbF?M^KJe~6pn_&i` z`f^yJ>Jg*XuXiuYm9`q3j>jd4AY+2hUszptRB#0U?T!2Uzk1_oOES!LpIX^nuwCm^ zA^vQgb3^7jzr7{`YLQ<2-5@F$U_yB$LSQ1riZ&Y-K}Gmr8#YS93WH0UapdFT!HRgq zXwnVzZ9ZqyV3!4i9wkhb3=mES!&Xi8%9;oXPBrW8u*8~J1Kv4$nhbez>$g!f~T%pnm_I(z)EYRhYx5s3yvn)&lnksyA?_tk&jx@m78 zW_;MY&3;*P2z(Uq^ji*6bNqNYH3jChvvTzUk~U!@6phP_Q%Z$}NgK$>V346a3-){w z4|usDL`5M&^P8YIKejG{8wf&)vnxWYSuFjhkMCNIWG+jo`N$irZ&yI2A zW|mR$4rEC8Nqh4qaiDg=xshkZ$zK!%9gPeH2$7`wQ%57OV1ubGN`@S+5om`bV0sFs zMYeF9|9R>K;zsGM6yq$e_*ahEUH8U^J#hA zMGCxIQlHjG7>J7?B594~(v+yvDI+~EJv2{h+gbm%6Ts2nl8CxZfS($ZL4by-Aji?2 znMEcNkZXjVxKJw{EHrwDuSgP9Zwv6Qr6%RH`Xv(qe-kbyAx=|jYB7iq6-rM{eVQLx zeb7eskxRa-D*!^=!ugj~=wb=c3uNueg;ZW7C8#(dZDtFF~RT{;3uI zPP9<}R$Fe%FBqfY@-!o%8c(8=$?-_DF{R(i&ZYAj*dSHhzQS zzuY}WhW|k!{D0U2dEpDZ-h7GUqlvz2x9+B5H}L1XOgCmo!^hLBB;V&GB6QX_^yeCT z>JR&4yO?9J^QOoAEsBeq`?l?r`LDNLTD^GXGrDZP z;dwUU{Bp$6jFddx{`Q;wC^39=AZu>JrK)NV%jp>B);_Pz+WZR#mkWd*=Cf4a*w%9Y z0K5_VhXJ#6kqLH0;|CLUApbytUf z?2RWjg6VKkL;9gci8^2-U~HKi-FDxC_O0&^7SG0Dov6e2F>>|z}P&=V|xt5YkN9`;Up;ExDjA4;Jt5&V32`m^A&WW!q*FV(8itjih@&u??Ex%QhE z=vuhi@mg&$kY$M*mU!wi%fIL$ce&8 z>m9^X$KFPUCs&~C*Z7aj%muzBkIbXqxBMLoYc<~Ii5PDrB=$2L^AF32Af0E=g)BkU zQmDn+$DIA}XrL%O@-)oI5Fp3z2&}jw zdfV5bnII>Bq*J>{dV3nnpcq`#A1jEPD{JGC^uT4&O(+CQlArKf|Rqr*ol5-paiR1Tp) z9mPL+R$mfEb=E=$CTC^YpYLSN5p)J>)Y7Ix_+R#B%7P|H*`n@%t&bO29T%m^$O!uk zF)>plv$wf8LxayFInb$-x?|R_b>{(@hjSgThnX5tno?G{#qeIVB-i}w%CVBz53f;9 zL(fNXyYEW}^uoG>N*Ja<=}+uVjeQ1P~Gzlh^*dfP6AP4OqzQiksu#d zW>=&I&hG80A`ZuLhY77->Q`d1;YrF$P(oqF|5GhBt2`FXyw!siThP4We0&jTYy( zqL?CCCnHIf6A~yWKjXbI2)!8!&Z`P+vyWau)Aty~+`)K@v{?8mnjmRax8wuc5yxes zN{NaP#EoMm_x6;DfrPEKL_>1@=9JN5dT~$`B54ynqlN?8SS+|1jdUWEd;Iem575zw zBAmUeT0b!FO?-Vx?d+WDJvjIic!!h(_Wnv@&yw9vF(xFkCwn)v=6iX@SIz9rr%Qo8 z288}eutrO9Juruv@9afIVt~Iuk8G11{td~mjoEuiE=ssb?Wrtu+hx8^=T=psCA`4c zMI6Xu^lEJ@a_%xY=h&fBS*-lk5KI5^gsf@kHq>`Cv!PxFuCWZ|EjEVBI(5ra_LYO1 zLr%8@zKwx|Bz3h9Euy}Ozo}!_0JLGr-kbQh8})+S)8aKySaJWk- ze;u8_w#%uhsojT<%#LoSOJ3+L0LZU^3E^c$Wf~%KtnTL{y>HaKpjO{F$hu zxy3l4)c5MMH+Upa<40LSZiE@pi(?jX$_!PQ;gr$}Mp=~6>wSaWGPn0z!swgE!>@1Y zbSn^&DX}Z0Y8#wzWZQE!{Cw&SSyUBojUGjxBof^8>a>O?vKJwAD#y3Q}HJZ>lFLsll_GsrH`e$XT$ihdwUmpI9auGwpT1M5WWC;=xf zF}xp-MXz8(iLxF}8XrSx(3RcRh1a}ixCMLpL|62M@|n%_=RL2yJ07k-d%upIqc7l7 z=qJ^PJj&zQ*cwI@woktm`fmT8byl!6EN-_HCY1ix3^zecN*m%YJ-Jngh}j2Jq| zf6L(5ROdmC9$ytGZQf?bu=K2Ct@3R1A>LK<0Wtex3%+2`nl~ZW# z=TVB8a70ulW?EKKN=iyVS#?7jD>r=twO7BMpo)}@oSc{$jFSn)6AY&XzJ~&ru~RWA z6?sWE2F87S9%{`1TT@{t2=NaT7EaW{%$R4s-(#d2O&(FTiJQ2Jg~NGu>|m2b3QVMNPU5m z)t9iFqh+B=M8*Xz&CCdehFSjBZ3$n>2vcFl##*2N+^$HV=}%KnLIm87DD^)D%qQUn zC87$6QMvHc{6k8$qQ4B^(7-+ql03?15iKIHg7~HF-08**R^dDFWw`3mtFp*W zbml)htLG$;Any($nr-7FN_(v;YodS8LUn+qx~G)BnWe4U7y7!I)NX9NNF*m%aasZ# zi-C{OSV{|f{UUh~jnKr+(=?JJSh0Ebvw%F|81424EfNG_Lj@~wPg@0jpplk*e3{mF zdj>~L^9ba4GUyn%6}TN8u7@}Y$-#9ncyD=i^Y=mG9U-Q1GX9C`Dx+pJeum~x`2;+p za~!@&oqen0SXFJzo#PDkWz}Tt8`w;Cfn!+ME2ghH1;R}$tvL^o7uObx~KFu@j3(MpWA-3|4eEr!vQ+o*JM#K!bPS;9qK z+}MzKFoX65qIZb9P6q`2{C{QNq!+&U@}#@F1ww&+d2(w1EuZ2?un#uw21(eN$XOgh>wHbqM?}2O6ZKbtw*fht zW_%mcMBnKD9M|1iT_O^yC@^F8G|+t228G)1@H9|adepE-ob-*+xJmD;}J;Y z80fj8$e}d2*?xj4ORGg0+p4d@cW>sV2HD~93en*t1>&qs!Zf@e73i_Vn z8b|Xte)Ue5Fm)#9hl^rPQ?FdbuV0lm`qz`#HB1Ww6r8-Yq*N7lzgqy@l$7ye*)>h0 z^&Z}t2lRJJt}3;%zjR!r`Zs59zH5m9^*ZFfOMlB}5zekBw$od?;LM>X{`!@av%1>2 zvVn_&q(ZQnH0E~`V^d>!M>}U#qp1`r_Q=GD`LT%@DfAN>s+)-0$V_aC$&4RC6KCdT zV<9q<2eakx0IA_r?BF%pb*T7WCio9{jTXsz~ z(>#;lR-6pZyD!ilO5@%HKG3{`PM<+ytRsIUM8Fas2vdln7;s+9VXB0K&!ytFZ3{#` z9ZG-ftz3+CrWNkozkH~vSp_Ya!~N}N-(CM_yL$bpq5UfrJeF@*Mg6s5?&j~Wkc99^B|RIus`mt$SsNKQ&uR#}lgw3Z5`NNkWJoq=mKFj~sR zR&cwgbawJ6tgfczVEa~5i(yWeiaRPzUO+*y1yPdS*{*uvn|j@%b5L=1->(&8Ns{$r%-;MiazDP>(I2Fn6~Aep z(#${+l{qKa3f_m?BXDwdb<;!fW8>oC5;6)Omy*3hk{^z>n^8oC#icYL(Na59JHSuH zHxvIx!RBzomI%q1EFjKM&1S84&)&o~&p)nW^9y*`OX8)nh?`PJL`7NWMouugjfC1W zU#E85$U_{HE?|pI6}YQZU%7PBf8|>`jZ2;0vr`Eoxp|FrvvZny7stXbmzfcxy0Dx; z5QY>+cXXCDw@>=XA9`1*t}0*7?)T)+^EW($3rsy@Pg`|yJa_%(3f`d!j@q1xifYEZ z>ZX=&6yG@GCnqJ+lToFZO=-#7S{Z9ftKiDrK5Vw6O7fL@7h z5VeDiM3<7UYz3}07PSzaE)AsQ|(r3#UxtT3ge9+8P88;GuGqkd|x76^|Gc$8jF|xOm7on#5D;*yG{?Xv|$<=6I?WB7Th72Zy${;2wMu;+p`<$s5cX=-GHttKp`1hH5D&6 z0STa_+lDZ?7;l4)0r{JrGG38X0%*Cn|@19QOVLkdSdzWb;-q+UxrNI5a6O#olA) zNiDu&9+4=1IU(Hnqq9tR{F4A7a2e&@{4g`}a`JNO-&{2GcDI#>NVG~r7EQ7- zn1D^~&@}<-B|i4~qSzvQ_?0^SpFu&N02cfdpYr+P^WFz+LT#QXY97+Pa{>03>E~?A`GB>Jg-bXi@rOMz zH?bZe1UO(fh|>5@z)CT5_tSb;hQ5FtgtEyA=y0m60WcN7V>qeososWHu8h3A_>sVD z$%o*KnqDq`P{*XoNu5uPiv=)`S<{n0JU$^SjP&=LQZfB#)YSxpXDf@RK$SlZ z4Z}+{x7&siyueW|Lqod>AH3Mq)ig6bMlMUhCiF$3;D{1H8=inKsA_XXZ-*R@^D7hX zwb#a-$O)+re=0>H_%L9#!ZQUDZ#)Z)QDul`EGVL1lg7U=f9TyvNZS+4p`Wr^68i=Oz4y@6$QqD|c~=0ZAu=VV?fQ zk0C$bfBu&b138uG|4kGFfuU}09R5KJ_!S);9oyR4rkl_I<{P>25=w{vok;DRKunM@ zVg~(l?VkYU|DtE`KY;+w`7`9XHCloOa{2zb>)jp@f=n;OlE?-XPA0K6T! zoLvcCEiYz;%Q(dg~%7jvUACpIMx2Uh>bE!@W^{k0RQxUgacL8zQC zQ4tZd6ujbV)R&N^HYjD3#>M{n$e$ZY@=cC&T!wafj*2iL@mgx>7)J-vrBoy<>dlyQ zNkGt<(l1=@Ld?5)i$N0 zA`!=0j}_G!M{o#nf*8iTyqlWV-RBpSFmW*zlok?kPj`-p2#K(c{$Ocn#G?sN3kiOv zo>qh%u^-A!%&L0M9Xy#X-i6-&-MBY=L|N%vDIFYjZSN{ve%KQ#v~vjl9jXm5{>sBz z`en{OPSDrvDL+VqX4~LPdAS$cT6$4q@G?w{NhujKHHeK}J|+PlW%m>hq!pd{o&NND z%|XeyIMq<_wZml}1#-{x%l0(2J@Md!5=zHsBJ3{IkRukG!#rh}b$WmvOqGlG#^P-8 z>Y)D#A*-c?g_7jk_xInb9ln@HLh+|iMH=Aq1^Kes>wCWJ01fvTMdg;R)3?>^52N45 zOf7R{Xg@q$remj6M`W!96Bg_1hT-8PyATR`M>BI%qt7WbS^G~BMPobWOe1+YZ7i03 zd3>qt>U1kr2CuoaHjh*7HG~?^($9PHzIZ{8wZyYLWwJXsdE}QOL9E55aWFqyEC?Mf zJj^OPJO^6Dnj!Mbr6i5jo@B|s@A`bb3^lHQAB(yyQEv?qVJ43@C?OoKKW0RIL&I!a z!M-{>2$<`s!?=!@`IC$8^!;YXEdKV=D0E#^;A`;DF`OTqcH~^-)JjUSZeq(WfEi%g_?o(wsd8gp{i>H>V;qeRShp^&?aJVx>);-6^D zj_Wz*fBLw8ExePft7&TmLrckn1hF%L>EQ#Af(r1Bh51|d@Aek=}$v`-sQ~zB%?b=x1kgrON?uwb%hv+eYZj1PY)gR)^`3$L0ZoIMHgise-z%E%ArZ zqoY|9p`5G66>b$VB9|~wskDzhJfzlF-Fp4#30xY{lAf`{+v9d?XeLEkGcRZd{=1?= z3eVK}R6EZcbVXwrehbW^13zcnx}XwBSlG1U6e%~Exagp2hyhVby$*u}IkMyI_fj=L z<0HH!dEp$y00V=?CA!h?=COT8KhQ?6h$ol#sz4upI6ox|!sa9sm;FS?l9QfRgOVDT z#AmB9&M(S1)#xoYzItluKT*VXtzAMnGJJo>L6MDQW7eEcbNCas)Jm5tm(d)D#S<#7 z4NU-G&Rz78PUPo26H}+pHTJuUnI0SimVy34>4&V{Vk&krmTw`%&&EGjM?%h3$mpNX&K`|NwRp=RnN&$fOVVcS{V@QU<0`80F)HdDzYw+}}1&qfAV)0xOuaugLVYE$4v>1uW*l=(EZvMkhUFLV)$9pE5u= zL95IXWy{A!fRm{tkbi_qG8~b#cLz#4FCIw>o$k?>;_{gF{=ys2tQ!Rj}M(+b<#%Y1wXc zIYqY?D9*_*w7CmxkyEmnY%n>j^7(wkl=Odg#1jlmh5a-%AK_ZK#6K$aG{(%T*UPW! zDzEg;RK7Ou713kzci0?Qt;(65E()^J^h=4M&(XRQ7espv#c6Z;f8>Ifm0M*-iDA;5 zXIYtH_Lz6?WKOwD8ztPoR-86{{Ndnd*gtqoL)UB`DBA~5mK3p^SA}h$xCaf(UGsz& zXxnt+tKV!oYa-9!>|r=MnKaGVKi_cTP-eI!eDjoKKTM6SqL%Y9fkgW-r&nn?tamCK zaAvasPLKAvagupUc6cQtyZNnta>=FF+qKI+PY@*25*m`2FF(_`wVEhi0`2C4IL59g z)th-6nzJ<%R8AgoQyZ=x9SE1YBqClr$ckHTSKOfwIbti%-ej4>s?Y%TKX$YrSoYAQ zoN}V%6c6{TP5F*~8ziSBW=v16CdXke ztc%i!hfx=nSBwTDe8cQP`EWgb!WaRdYTK2R>daI8+_WJWn|$0CA>gxl3j6!r!vunC z_e4P#Ik+2t9VUY0^s#yYZf7DgB69L^*+9_dBcFvh$VIE&YF&q`dqMV7yRk=qqrsJ~ z%22e%mW$dJW0pQEy-{u$`!TwxWSOpiuDEwbR=WdO1rsjf6?;R6)Qj9i0hg@Fl$zOm z@@s@R!H$dneNyN|z&5;@!m))k6G@KfAdx;didv>O6h}|ksPQrdqR6~7<{o^8B)0Hp ze&S~S)*sIa?~lllz^W3NoXe^_tuvY1u|qbJ#E;dF=gIt`BDdpcKx*PIe38w z0;xTt_}7?S4}K%Db;MW-=Jy-TSO!D+nATpPvZwV!wiNkGd(*4&wY$~DduMwR3NjSb zxF%zfl%6yhb=eI+PoPM+Xj|%X0OTz{c*SPrMe48MNhrvnAE4(s8c0#EcpZUf?JB!&VdVLXBy;9llKWVuDqjby-dGs_@*mz2cnrVu1 z@ygM^)*Kln85m?uOH04hUW=1bJO+R%_Av^`=k@H94`ii^9#rlT-d%X6no>iGc(FRH zmbO$1MEi`Dyoiu+(#&~NDS#k8s@}p2Mh`c6JddU;#Q`E57P4uz85Ralo+y8W8ZLZZ z+d@BXb2Qp zp;rTUq+I7cG2*U*E7?*{RoV09D+&uQS{`?}+@QX$xMgjGEty?qUHT=Z&(I&(55!M? zG+ds7nlW$|1Cwlq*_7k*7zmu<%Q zanZvk`uKFsG`6d_l(6l17H0~<8x}HUh_`lkp)nJFp2mQ8+t=BdsZx7V%fv$I4}OP< zZmRBM#Ir`|>f~LCqWVqqxTOg6h}RZ@mT+VwUEO|aI`K!acjNBBI|+R@%5t^=+DlkT zlcd~YRS7A z8A;peJKRHiH+Mi2p)Jf!;|q%&ruQ=ZNvZEp z?N>qp3K!q8ITGwfZnA7HOYkI;Wsx*;ythf;Ic(@YyyTm1Nk2Xk$;Qj$;J@HR^RewQ z$phnO$bLAb_p!?4@VV=Ap}FSvGLid=d!nm>URf~EcqeoO)&1Lk33@prp0!!4FW$!Y z318OI-@WktJAQEipsci%*mp5GO``!yHy#Um;*V}0^LJS%#H?pAoRoLLZXcm{NMP|a zBw|Mb8(C&kc+--Qm}+c%`P4-sy8t9~%eaMp?cg~BAl7FyHB#>L8&!Z>gxnrJ5=ih^8d_Fl1B z;`-uS*P)T)=&Mt!v5lbsHhpMs@~(6g5-IAGHWH0_PR&zEO-U87sy?OJX?Ryo!&Oeq zM##g$%%#^0YRl z?qy;0mbU+><0X~!P8ju&10xNmYd3YD5SE|8TaXgH{b39Grh}?{^OQe#Xkq92VX?Nt zm^1)G##=i$kqo4y@am{@lEs#WY4ad3lpHG=&t)=Y-;xHjQ)gs*QeIfqXAu(2^L+R2 zB90<09kkajWANqZY1=(5nqwq=&(2tfe-vfQwuyyzh*aS0=4O=kP0~8-d1>kJkYiy0 zrg!JUU!V&<1x<4aJa%b3dG`Fwj8OYTMiBcF?sOm|>uD&~1s>JtP$vEEmk)7A))&Ba zz~(`44%+v}uE2bs9Vo94{xe#Z1ZdV9{&(&FQk6GQjT<|1f1f^;mVUU{`1t=Zb@UJF z_;!ng)l zx@i5n+>qdUy}Z2aES|?E9{%O9c0!H=jbO!EPFbFdgw1Kf$!N3&ntAA(scQ~r zVjI{4KNd<-LZlo81M~|G5?O|}uH;3H)ui6h8+&~6(jojO$pYXQaOtO!iHPV7BHL%r z${31S|0(c0iNF1~Jyz} z7K*>9NYP7$M|?y~*>462AsUoDwSwz9MES z@-2ceP_!cJa{l?s?_4Y)jAlCi?$LQVu7DH6o#>6Fbb^oyoZfQP-Kt_+pIn$j&M79- zvO&fBQ)k z$-?x;NHU|Pt@^3+e75Oo7i7tv3Op$sE$(XnAbWq|#I4c%?_1tMYFqGCG>ozC8j(tk zTg!^A09Ao%Pv3e;Q5+)%Xy7(b3T%QD*Yd z;aM7HFmTb&(;-o8u&jjA;sg(60_7J2-u^|?G}@U)%I*b4`?=`EmjE>US9r}_2=L1f z{YvWYA#x=IVGo1VQg?EGyaN+nJj@Zq@u5}ZU?-_A_vy*Pp$?1UEo}hqE8Wx{U*qH1 zWsofIu4V1$`Ex=E)VY{wsdg?EOBTN+pyha=xEpe}#$zY|<^kkdg*JAHntYfFo#ptC zN6`bR(sX)`-|-mVz4I{VRdEyGq^HfGfBm{SiQ6q8aFtpZ>q8v#Ykff$Cj-^FdIqMd z%wfnNy9+5Ca_adM+f8ITzqmCXc8VyGe@(a(K0PT_gY+^(%Bk70(F7z__0q(pyt9qu z3e<2F`%>O4+Pv%wx;(=z)$&o$kzf9fl4N_e-E9lrm3Qgo1jqb`!klqfRFha16+1xc ziIB%ikh31hG&Rdg)RvSTKg-Lg#lgxmhQ{1)%wxh*7|qA6xWvLY*hidb6R0}Va|qNU zIzpo@^)L~kM7<&jnZ?2}kdEkav#QP3J4~f9u;C>RIz(pEO$#AM&fP_5!K~iKrBM5z z=fpe~-5Xkwdf-AZ5tt(41TAOtkdxG1=t#Q`9W;R!3eDRE{aNGetDnZwMEWKSr)F2F z9B0p#d{ASZ-!x@#*;Z$GBm1{(cmsoMt1Z@wX5(h>la@M|50G>>TuTQT@94x~pCwcS z{8{h!-)o)}46;x!pZg${Vp}yr)uV|tlRUu@#M`X1N^{PW@>tfskb+=7W}h}e*=hGFu%89^&zyB&&%v}#%Q$Bf zv?Cml>qPv7Bywacye7G-U-S&y6+t>%mP5wg(a7<5AL$RKen+Q}x%oi~dI%63N?Cbs z@xEMOeG$8*tg6^Nnhd9`puV{s3T`)T%J#B@L=itDcp?>O`>{J@xp??aJKsepTvz{h zadox*yAt+MDXB;##gdZaAe}ezis+gBhv%w3NhH4@5vqtqrS2~3m8AEUYo|U8<;U8M z8?02@GsS!v{C8JQZC+!=GQ4DYw9C^hIW>$A%T;^>Yhs1Dpk2M2(dDJlUhYD4Kz&!# z2Z;T>wBfvKJQLlzLA+6!NUeuCZaU^)^tqoz)2)ciu{x8d+bnH!D?50Oj3zPA?<=FRXN)jj<> z5GHh*hQZ`6dbwnfzD8R!`J=@_g~9%cEJKAKpm#cFi7eTHKPhUlhk#^Tx_y91>gKX! zD7|yABi5`%USjOOgD1)+ZJ6uWg=Guzv0MP6k{4$6xb!bgZOS0T`k}%G(&wS;1LDgI zH3ePdZ#7uQySGbP?rH=0CBd~F-Yc6vZL%8ff}@fKG(2z=_fntoj{3VKKP57ZXEcE} zR+aI$-Df7d`G_-lrm^(RjrVmed?l^QX)Zn7CWgn`YhSL90Lfv2tPD@O-sa}AkEJI0 zaTWxG5wP|lQ;m!G`}W6>vy_yV2S`8iHF-@OjQbUI<;8N+rC5+?aaX-GSsI$lS~jLv z)kT0>tiR=bGkpU|0{4()GTqgsiOy-d)cDxh*d3%~>EIC@j{jVVVX9i>qmeg2emp8P2?v_mu9BEoYwM3g`f z1kF$(H7ieubwa33w>uGji>cGlU_pRZ_h)-dpk(rEbxnq|3|1%zdLRi@77i*331w|C ze=lw#_ezu6xEdKVuZczz3m(yb*Xy5F|LC@?p;LFg82=a;X*#rUeU1Ssf7-#xw3Eya zD3EWXZt6Le+K=xl+}&cQo`?_|D>ZgU4eD#4fL$pT9T!5%p|41O-K0M$i;b6vD8X(Z zQSij&@`(8w%89%f=!usS^CQGO{j^XIQY|QqW|1ToxLcKteO4;^;e|XydzE8F8_>Fv zq`t_l7l9{sv@IPzfnG12A_R|&n+FpyH@vzz?aty4OyM3*OLHPt;C9KL(k2IlX)W|t zc1E!>`)8{~x_-?I z>d?u?1({uB2Am^7Zl925ikI>1i6LzBob3MR&Xuf>+ga8FHH0*L`@Y4RBsAVb7+4>> zRG!M!@{My>0UkbSF>d#zbJ1e6D0)XI>Db1{&sP{BWXN?CAi^1r@llCZo4s!tVwDZ; zNh%BoNV?@N=t27`1d6`2Iy(o;RPx@jY9`RsK_YcrJNG@Tn_v^d0D7W z30)DwN-9pcyCVuFMGqwzhV+dywKZ;Qc^3}#6F2a7c77j)dS}4T|6e;e| z;$FOXaff0F?v`LJh2q5>f&_QBK%lq;_u%dl+*x|g|2MNcv$HchJNsg1_U)5r?mTkc z_j6zN`EKz{I*cKkY!zbDw{EElhzVk&74%PLuY{kK4#J~drXYu|6ByRQyCn)Wjn3OE zuF#++9t&Z#bi6?~bpX0d_HbVLiJz$0`#_9!O?O|4x(@L_Uow>JEFbvdC|l3vAtvbe zwXu@;%2&>~3#MPvg>T({nSK6SQHFKZ>W!S$-=yLc#(!CVlanJ0vRV(x1%0=a7@U!S z;NFciYlBpxZ5BjrBd!)SW+$ z#FpEhFPO^KR^1P%>n& z_@j;iarhmtJ?BL?95hNguDS@^E#Y>xSH`N<2^#!-2SmWG6Lu| zN)_Gr>F^lU+)b54HKOn|YC&O{UrJT3V6Ob_PR%9mRPjhtA8zy0;I!)K_JXA z0iR)bS~tf^6fwoK7AX*SxM#IRjh-pv26A+ z5snXVsvqz0_biU5VU0~a#{nNm=rgN*yt3&hMTaNXe#xl*zBn?!7@DxDpQTO-iar<| zT!?SdLst&jC1HJas5?DtDCj-I?rT<#c!WZ)R@N%9SLsC{3>5ZQZ!1Y?)GDox(9a1? zr}yW!2`|!bmL0NJ?7*&j{9~WFs^<=A8Ox~H5i=bfWPy)4${|eR2H-Dpx$UHa7jPd0 zhd5>O02U6)Rh&MsJLB?=gquw1a>-YT;|z>MAJ@Pkh8a)FMV*lyquiYQTA5#*RoB z?+XK>^GcYj*13YG-0@{r3%ughH(s!nQrhqriW5<`oXRE}`bG?j@>KLcThY&cU>b|7tc@Va-#;l~tD!y8(M?RW1 z2zEJRglAesJ$;&`)TeIPa!Ppgf`_-pEp=`%s%gxrtA1@K7{J5h<9VoVG9XF2TC&A8 zz-*U7GZ8k0ZM+B@P#UD;Rf@fErq8{E+Soard5}LViHH;s;_O`=3k2pqqq^s^{}!-8 zxwn%m%nX0NW+IU^d3lY~0jpJ4cvwWzthhO(jAtilo%_(-c z2^wF()ibh}a0@rS6a}h;W{_D{kZ9)?)R-dvc}>ILWC44Hc7yn^6ukQw-?>|xK zfefpoKl%+!NgR6FLl%+LExW+!Xv}~4?MHVvLns9X{6Pd_ z5Ye{Va&QJO&3N|jkBDdbbN?xz{$Bu-5S(7d-A4!-WiEl=yT%ArovJa>Q!)qf^Jy06 z9Sr@#FMJ;b1bNWh9}ALOwO$Wmt6AXbfB(}O;qypg`A(5QS+(*|=f1e?s2+%HO&Hem zll|sDH>@YVl>d=_ z92V_+Z>H$<`rioi@@~*2c7l9;k5W0EHxPTpBM3ntK$BP{FKBmaEA1>w3AI3V#iB)) z$f~fdr4dmSpt%{=(!U^@8Im7WS5n*p92Mcp49izJ4Yu)LNS(Eo^Gtc$xniCiI3Easmy!2!^-l!m5CAsBJs7loH=JhYa5l};54Zm z_sC5Q6WTM!)njry_Vtoh`D9~k zG5xx>`(sG9Qjl<{jtjCJ-|(RRT$PbGO9nco2hcig_u>?r1_NsLi_E@%Db)dJo+`3H zM@$|?HwN?brQ)oLM(h%pS=R~zCoE#D_N1Yml|Ca1SHDOFO1;+r%pdfR%dC0;pBXHC}^V(VL~orKhLX9i&<19tzR}>Vtm!qCfhkOZJy3!?!|xj17GE$ zdWXZH^#gIzg!rPkrFxZBa*h&1O!k!A552Vz=BaiBU5b8jXh{O*Kzy6m!3?I(mmhxC zl=xMB7ttP1T;;GqpBurL;-Jo|@QRq?mohKUr23 zDl*IG*)!qfx6L0vRCpivw8uj;DXQ1PFf(LwJtHj>`UYgJ+e)0?n&H2guup8Nyo+@CoDJgI= zVRSIw26QqJ>0j7z1qmx(T3bt$Pe|sYrfu?|)i3$eIKx5I9s$@;(THMeF{q*(AWH+oNCHU6C*`JbkRbNJL)jqGFfy1XOUSl>l9 zQ`CHHa7+&{^-y=D(sF6gqgJ)VHZ){2Aq9hJ7Bu8w?Z4xaQjj?d1egQYo!m9&7H!AN z`XfoIsH_fwX~x1-E<7GR)$sbjl5j@+H6_v>Rz}*@nOJzazft)XrNVW4=L+O~Cq{6S zAMV*g{d#}%%9_as=Pt?nh-8i43mXlTA}MOfYB(SdMWsjZ`;cMKoTn;MlJXH-SxW9!N>*qI-d9 z#*Cnl@11%Rv*4Dypf@JwmYuz?_RRFsmFzf)SaJL_`dD?|E_!qf;K^x+e$K_LpfVxh zhK=`Bb4KH_(=@L1O%IVHo2xJ<`?FNcM71Q6n4yicGTd9F^QpL#ll6OOhF;^GgGio_ zIBa^=kuJij7!o3a%j|ZrQuCs#qLs38IA#9=qwd?^(!XY5f}!%;uv@2|U@{dV`L{V3 z7yCj9N$Go@mwOHUGc(U-K(7L1;bM-qw(B2iII*~il%(ksJKee0bX+lba_4d@I`izkpqf{c)=tpi zV8JC#L1M9W?pq*dr9xK?!ufm5?y|x3HX+!!6O?SMRwfC$`emE?v$f>|%%{Ad(lW8p z)r}080WSn~IG9&289hh6gmVF+-0ZJ+5}hsjnYdH4u?WL9j^*x;lGBEwY3uS|G%q`3 zmRo*yE0>gGT`K342i?f6zp844n8$R1f@-HHADm{}#u{pD6kkewy7Q&ho=v8XEESb3 z9Zem;cTRH;6I@F^SvRRH=b?w`mmO@y#wtdk5PJ#T=^tOarSTW3CVnW_RHvm})sYRz z@KbyZZU&ZQ!<6B?2I~BI)@i&9@BF3g`xrKJ+#+=bM}!#`JMo>;>V&k<8iQUM>QCvy zPDBtpy2dO1--n5@X-aZmTBU5BvJ~)F1f|rQ)v_14#mV(NOtIr1^?1Zb4$-gb0HPvO zX_8d^dAFs}34XIOwVA!jJpsPz_>xCc93yn`*I)JU>G}nc_u={}Hu-&O%(tV447dxBWlcm1sXttEupMzw!v&`>O4Rnv#(Ge2Z+28Zkv(Ig_efW^+7HN;u#^Qi#%c*kkgwuZ4Z0scxcLbgF7KwucX8g_I)J357_XXR z-c|O7;s)>4oB_HLr^kYSSo=5mwipS`T!^nP>g#>A`QfawrXzWC5IKD2(M87g z{Iiv-Qh={J-K&;Ljxx)zzN`NBGZ4Zm>KqGn{-~D+mps20n}H}mj0(nCwZ1fd&Lv~6 z@)MQo;;dyU86X}yekN~a3dZ%duf0^Qva(a!PiGG)j@d-m3JGNxsTrAs+$K_`GbObu zyu^{c*fW1h9Hk*T!kCCZM_+~r&Gd$?5A(FIm9Ka)6ATS*s-bM^<((=#?-J7P9dO-y!XFZj3i zklK3{70Wp2&V<j@F8Oby%Fuo&pIngv$Oi5l=oJKu(+Mw|+Gtss)_1aZtSdI<1zC=O6tiALs< z=>i^ehuUAi{*FA+5&H;HBm_$ZMs>4JsM=3g#2Bln%$$v7p$eM^J$Rx)4Y@#*YL<~P zVM-<@ON-7=#b+?v*-4girS-JAZLKv*M9qs4W1sG}H%?ROJX0u{!L&Iy5fGyr3{(UpAtg{P!Y!w70OewN2nyQefJ87u)?IGUHqE%HVx&RzE))DeH4nFF$1` z3ea;N9$L`8sL%D*_N8S(DILmbp2qb_0@c=>`};ZKA)8kthR=jaDKJ}02{aNuVqsw> zn!83b4-MY-zlZ!zP@ws6R`E)$?+k`RrkgflMqf;r()BfOfv-%*mpjNd$TTrdZE7PM zQ%!W1!*Sh~!he1c_wCKJ^roQTXKcbL4yIftKy!e;m844!ZSV5yJ_R(J_G~k6*K_ks zN6D{~i8km^SGP`%tuP(wW(|9{ty4|1hWz>WQ#!rDJU?6`ZQoLnlCq5T{}cn(c~w+I znBJaNm<7(4K6cJcDuJ67n??M9b;`vg*YV*Wf6RX^FJ#4Tvr5>>4_CJ=0T&sR)I>A8 zCEB(#OUJj#X@=3kMjJ3<2X*M6ie~|H3orjVTCZfnXKL=eN-(4)fA{uv=_1LpnLb`b z_{;ONGj>cfk^m$q3CYFH$HAjKkIIi>!8tt(A3R~ztWwRTgO!s^fT5bLklkGhd_f9K z9tJ+Ml!{J`A4=T9!@PX$cUgmZrOIw`svhh2-r~&Bkr>?2Sm9w&D)p^YocZYu0O093 zd`dAI=8m#=Cq@qFb|zch^)%6$U0j@nvxgu6KNO^1`6hEQr8%RnRE}?mH<%0bzNnk* zsJ9lX6%d$_-W*>#JS=U+{SfTTHKe^U4o;=EmJ5)UxeqNb;$~WngL3p1YcbV~>k+Rv z1&q9}Jb}+7Enhn0-bE|R@V~RF5pRZvNpT8sv~KJw6c6?cPb&|x^!UoE#`S^jm$mU2 z;fdX$OGSN|xV7AMp;O(cmbd@%#T=SP2Nj$}opa7xG6_%#fT=|y%%gRQ|Kia)y!a1= zjO~&A_fKS^mG(cOj{2wnQ4&pf>@lD6YhNz^=M4Q8o7$mU!j6Z@&0ru;sFmWK=-t<# zcEHCZk-HK4Z^}^*+Ry%el0HQL@K5`=L)tRRLoUZ@b?zeFVFHB!Y}uD?C*8qXHuF~$ z3D(W>^2`Y}Tp1n)%j6SdV_Y@vy245Rjgj0AXmoLoS;!d7_N*-4Ot@6V#-yY!^hY80 z&$*+%^_#p>WQ!Wp$_?ZfPjhnQYRM=!btukb8(5Y6de;#$PiN0KG}LQ)UPXsr`5?0Ixo}H3ZB_`y-5ke>!PHzcGGoB zVpeDI@C8a;3xzP|H$~jS8ZLm@^2oZLukmFp3LP?%u0xni(GoFM(g4q$m=F^6tnE2{ zx|D&EUf}7)1--PiYq{B6MacL#6GYOob`@RjpQlm3pf4pf_M*y^+KE|DCJ+PcIqB-| zigR4!3zLuH9gWnJTCZ@mb~ZpX8dq{G=ug5ZaTVRyb3R@Z#p+&t^07;q$Smsl%95BL zPyH$`&DP-RS)BFL4;q~;DN%1iW**fsCqK(;ODf39I)cGq``J$-P`^XUJ!wl%DIYOM z=oj-`!hg|6^}qBd2Es{RzzVZMSnptU_{ed;rpu0>mcPU^*DCn;l6=61+(tBJG?KhZ zJpQWN z?<6S|)FK`F%=849JkYLY^zStp`48d#mz?lY=p$+GpQB4}{?kaP|5!or&!KPf|A}<| zZ_K{`KiL2NiuFHvX8J_$Gy@c}zU=ZAK3HQHsWNF=y(FFRZOzn+kzbcfF@^e^aXl`} zI~2v8#ymZ=s#V@l%s<0S33qVTOXC;U*85j8W=653&^jjte^7L;JkxpjyD@3X=V;0L zCi-E91)Aiux(r)5?R!LXp>5=ov5TC>)bVYEUr&s(H=XVAreAyaJfsdKL+1|~mkqlR zqG|kpiqw{vA3?IEQ3Z2kTu8+PWVV^kL^_x#{9NgH>AKkW$^05S-1CNARPJ%q!wRD- z^nKp$H@sF4-?-QIDHiT7?LnjyMf5nxi{JEySGD0gzEKoScM;tuy>0sDdxE|mWwsO5 zB4mGVq|`GA=n#(hh%@JLgC;xgRN2IndNNE_ZE$tsw(3-Tcwnnn_f9}Dp@8oUGVUD|9fqt2@;vzj_ehuL^mPcNuunyEIm ztEHg3%_}~l(;^J}N5>eGyH{3ZcCF^d)Tw}@YfIc7`97jt>QzOpw)17=VNb~Es7#C3 zQG+M|U@+b2tz}_|Gh^61yi}8JMG-wMtw}2pfKh9I_qE>++^rxlodHx=^-tGRa5S*9 zabWS*W_)`t46dwi90xv3&L1Qsl*GeNza2*Po{=ga{>sIvRlf#58!YOv+dFd<(|ZJF zwR;0~69%4U%3|>mq^U#_JKn}L%M|6AJzajw7Cck4+Rmzn&4V49zyD{-e=DQ>V=4g5 zizpOJgN#`G1a$+>qU-9D4aua!_aGMWYcKjc2d4h_}ICNFK&uwE6?|#-F^{uq+I8H zI_Z2d@6fGW$KEp){o?|Da-Pz1d;f!1>`00W{!~C z;=j42!y(z<?-sVEH4hl&z^4eI)^D$6~a--kRUDCB$VqTl4Kk!+Z{$k(f z%{v0WL9iR%3`AIRAyLyCxAHKE@BLMJ(<=Mxf!pQnGSP>7smc#^D;&fcnCRNih=gi= zyiSLIX+2(KD9NMFtnbEm8K1`8HS_Os%QwGGt5e`-eb!~dpa)iWA78z#C|^4Z{oeQu9m^XNWh!-IXesV z8KBcEBqgs$ZT!f5wtP@FhiV2cAXfw#<3^Nk6WxX$h;@A35Ol{rXL`IM_unH6i{Ypr zFy9JpQ}d7M3O0H2T0OGwXCV#i%VcYG9uLd$7>i-Fc`nkhd7p0TSI*9Ya79n2Odua94=+ zsjW@7>xM1#+N@a#<*oPFNcI;}Wm&}%t)19yJ+H225AF_X>+UaG=amWSaMET`p)km` zt)WZO!3~| z7NocdP3ST!#qtPsJ2^2n7Qq=lxahSh`8@q-aN0rzRdPV;reC*PhDg&xGXA43-(fpX zm(3A8V3YT%8ZnW3vmERUbxd321VN3LREv6K+uLx-)}_92+|Y{fT@@5vh{C_d-p|b| z;!nPhjj*Ub{1B)WeF1lwy=⪻OuE+i%LKEJj!7lLt}L6y`E_=bX3JVNOr@ypBosO z7fT3LVM-P}*{M6Y9J6F9)**a2-ka+6s1@kEBn&^7-T2l^gFLCaIk;aot{L#Sq($Df z;M5}bN>n`UTUM95W;*AU=N%Sz4Z)%2xjheb$Z*H-G?=f)5LUWAr6-evC**uDg@rRy z*9IjFcg72MTNW>LhW+!IDSCv5mJ$?koi82Q!R~%4rtr)=?6Q`5Y-p4HGOJ4<2d|+X zrd=+E7KNhUfUgCOU}wR3Mji(vo^~Ebn|LNFOX=wuBX&M33GDY<%bqP)(;}t8zRP9o zLJo)S5b#bx`W*;kw+bqG-AhCczuK@DIX!L18MUZxNmU}-W%S%BojvqjyCU+rWe7i) zbTaHR@po!yEt+Ew>yq_X~Q5;0tv^caXzw%*C9;Nm|MQ2*I4kc2ws+W+))}YD8zl$UEr# zM_sfgFcD|bYm9p6e#`S>P8zlj`4;Wy=a3EYh?0ga2S?m;qMZ+0xN~C$^@a=|&be+* z@!B??mBM@)IOU3UK)bWmhb@~j=dlfEDoC8gV%8zhw&0@Yad6;4(;X_SP-QdskB`x+ z_1H+RFP{tPq7q0m)Sg;yS{)LZGLXaLOWHjbJueoSD>2r;;@IFtEI7JP1}`RN5Q=SdX=M_ zPhn%Nw|U&Wsw`WA(F_vk%J!SW8n70lwk5&xK_{-#6O;J#`-jO-daj3Sl~peq1T@?k zWAsCG_L@$jC^x|JSRtgjI%=+Qie5PoPUOV+gfMclkAWpQCWdU+v#4OeG`^;kzwS3p zG9zP89%mn*gGtHA!2A%u#tl|mmec5M5jUH5-a2K+m!hJTG?c%So=He~;b)Rlny54W zp|+Ak$3TPL>3~twm$RYb*#xU@A>f@wz72&ArF_%KWXPZ~ZiM1~x0kdU@6E{rI_aO4 zy&kiJ(?Ns8ax%cQLRL2O;Ls<$cH6@3u9H^K2@vi2zWhFH= z%|-4efKC_TUzj>BeGLVS1?MOC#oT`e)KCAvwq5tyeg_Ec1-RRcFD=FmSk-Fplg2&t zi4Ah<@iP7S>nZlfeFGiK&hOgF!p7_C>*PMj$O!U{wDe}2PGLyloMRLSdJW3Iq-sD` zs$Av0n$ovPOR!ZhO&-Wtl3RBRjjE%$<1$flHxJapu~pYkamwVRE*>sdxe>zW?39wt zdT_iTO=!HuD^et_@%`FVmE{x(QRf4uQ)E<5p4*T+EW5oAvixOr0PHTI9>0o~Yw@Ll;Y2rI%+TB9+&V#3e? zF+LkQ;kXqArh6(+jRv|$tIqb0ZLKS9zq3yi(59o1UquR^*`P4<&=!!6(0HX#L-*#76X|vQKKTYiEK5GcT zOq*FQPprno2FA^4j)?~=OAp?DT7|d|{`#!3`=X?5W99p}99y6wPww@wthUWB{Y}a} z%{0hP-!cbr{sbu>ORa*$zW*z?)itfic}n{YmvnRobzCM! z)`liOGZm{wT}r2XG3|Gg=J2qVj+N(W4Lu#k6=tNy(_OT6PQ~x}xA%@8dkcp{bVA1m z-`91Ed#CaIn8|{a-cJj9KQbcXzoZAz7%rD5&<-kAm6q#xCG`QQTX5D3zZ6f#$ZMDI z1d34uEBMyjEn{#FT^3^|IysXE1kh^eLY2fyrFP~50VxJ$Q7n#{Q!O%36W6Gk><=nc ze_k*=>-EqQQs--KHtktdK+aA_gpvEnkXgxP)!^o z8ce%|ywK*)Tc&zGI-tL`yEzBF`LT+3EfG zc+*%2Wm8AI_NPOMyBzxcw6T1xnCnTj_1td^UuS%lS4CRXXPTL+Ld7(8!#^D*ct9Ab zTBI2|wxUFSamrV5^F_c}iTPdlnb5j7BG8cE`uz!6X9bUu@6iPX`1;zr`r&mrFFz?N6XY%wtkzxLpHY=v%X{`;b z;(Upld0`=?^ay+_8$>o9MVf?c2Q)+{;stW{irY;utQ=IVO`C?_k*R$5WbWo4{27bd!O9FXtX$%d&Ei}kRs*+{ zM}k8{#tpppdU71&qf<2qypm=zUk|O5!xCjQC!jAM!pwrGHBjSNL(@nLnir@yaik3x?R0$7!ogToA>cj>FaU5k?7<6m;6 zQEF8-#laN|h1u=Kn@rBfY+XE&G2m#Z^H?(Hs*q9_zWan3*}^(!1IL={)|XE<+dD4M zZbIKjI>Gg^a#|nnG#4JUIY$L!2uM(~DVZ*s&NeI<)<1D*BRV=VPgZ%cmLt!&93?hx zsBL?MCD`wdowuz$02A^AeaCK|6qh{fssW;RzYt67N?*t?T+k|%!+q>7P1SNG3~@L?#- z&0M(!by4zLXRy%0t+<#0MqdUnjgy6|L`#cO8oDoz$NRe8{)thvYT-X_hy>Fg)%CL0 zrjJM}zv#I|%?PLB*R*I!y^RNF-JR!Xx|J@9PDR5-Yi)(Aw@hM8`{SRteI#<_kWzkK zypW71BSF%g(Eo#-z}>o`{l!58tC`@9Rj8JigoH-6^2E!`6u#HQ??2$h1#Gr6!<_F7 zMah#BlamcKxiyXO9CPazXE<|?M!Um^cS?JZ)6|GxllAkN>gSa2))UZ1IsJGK1><9* zlOc()YU!jA%7c-6x(s;;vua z)V%fNe&<|fuPI~iS>fqD!eFAFWX?PjZnEs^rtp26keUpM=572;E8dowFFO$2km_(g zoVgY)0+!a7s|%y-2#XBW`2dQBP=uNa=Ga(cU5Z_01>U1K{%o%hp04stDWI0JEh zkb5+q7_0rzjBAXTKCQ;ziBTGMep}!=QjzE8DU*|%L!i!`&!X9^1msAjUDeq9MH6X@ zIN2vcV+J>>vgOej9wRr>^_7(NdLslk$)$`5R)!}2sDnJouGo}-jY*ds*a^bYlZ zC9)|t<13UDQTFrZcxQ2a5XubfYdD?jIfgH1B(}b1%_RByF0_;laBZ}MA6W%JZsCH+ zbU?qiCCuc-b~5o_5UbtDM_fI6N~OqR!X}G9L6?6&Xxqxz5zk9#vDCs6zqFWCe);_z z;DX&HvuBx#=NkWEtX=qTPOM2IwcivhH)e~=9UcCS3)}Ixu~2#{JgSJp8Nz0&H1@BA zfoZ2Xyo#p)843~7s#fA-!D@CEVPT#%v-uuX8BmbtGD9Zu6$9m`uaqHGO%kNJGW}{o zgWU;naYM4M^X9(;odi;uGZnba4uu@(gn3PGFv{YT`*vc4aX>~2%Juk($VLP?e2E}Z zLsOHxK4a>6N`I)Tcr#jmN@3glN2KNpKldG{+j34wQs+sY=p`T2+2n4c3*HymY^i9L ziQuiuVrXAQr~n)@yHOGST0H?w566>w&%6OJJ03(gZ)tgPR*7;IJTchwAlp+?Nj4}Q z=w4PR#Q*2pK8yM zhI?>8W*FtOywrdd6EmNuTu=Lm@IRc!O%vprPun~skUH>xzd5}saOTn(PqYY&Oxp$> zJLo)kxQ_cQu2m`+)ty+rJh-H+s_r=)4~{P_jdd17U74?!py{TtunwP?dGxJEqUm9K z%B70+)Yhu%sN!!PlB$m{PQBjWaQ$#IS0D<`4gx0MUrxd*bhZ~Ta1vZuim@Lx_13RI z5X-~u=WdG>Ui=jqaA;^0fluwXJsRFK7yVfUMFh%y4sDbj0|ZfwvyN2}!|;pI1I%vU zQ0>M`_u=e|B&R-tLrFNASd_yA2_!nT?Aq>QQE|O1ZPBj}zio}~6c5Lk4p#q3Tph(d z2Jxo`N$f$OU@(86W_4pnmYsi05Fgb#NrWK1T9Bap@v*#~nbrzMu;^G)LIQ8!=JbBeBJ4piwi^MrJ{K zv-LK`NyH>K<=s1d-${jb3TnYTEiSn-A&wlpFv8&zrrDn~A6e63O<9z)NtZ0O0k`^S zpgcS|Q9%|O0M6)%+%+Bj)JrB!_L`9QkYq}hyBq~+u`7;1FjiKusD_?e{OdRIDt&a% zZ@zjnHsB$<($M^s2-BQE9{JgPE%~7&2~|uDIajBZg@h18wnP#t(mKSKa92M@C$*El z6mv~Kj-!y16FDUMWt;gbSV+y8IT7>{z`EPNZ-pp zx9oPj>Q+HxHba?8Eoei!Zn3sv9v_rSwZ`hOUfFcXFw~#qB9KO#hrXd6YI+uzMpfVe zkd-^*kiLs~yTZ_O+}C$o7;+mOb_=Rd=QH?ZXCU10peU~f?JM%q`GfKN7W&xje~G!| zVxG>w!V7P@=ZPsYS3_*lNp%}y^Y3~3NMFYVvE;_~oV=J0& zzIgI*|1DLX{_ykIO+!xVQRNur?nB|3wWNyVqes>E>zhceb@dHn|t!Y}_^k5{Z{ zydFIY4ORe3YIzwSE@OC6LURN^E&DEFx3vW}<52Y2=r@c!B-T{M`8b(|-jNZ`3Oxvi z)xT*a(8}|0&UTVDHnVRRCBA4iHovZ~zde;9G)(vEp{_@dPBirq6J|7>o@<}R|Ec{U zNsz{o{F~`?rPF`>Z;lfx7gr7hKEuFx_AD4UXZbJjYj$h_BZs=WDIK+{YJe$$x(AMe zmX=mbc5+0zn${N_2>=Tqn^wI$;8=`koeY1zVS8=;76Oe3ebJF#nF9G!dnUk5eaBSD zLlBF4Jq5hSuZl;m}~q@JXE7{@1w(l*GRRJ@}f81L9W zN%d_UKf$UL;y~Y=Zu(0F1s$MPI0C4%Y6;nM_~>RA6t6G6y`KfoImZB>T?SuJwG~zt zRFst!6&2mC4Vj8li^mGACObR`_3YWITpTI{_Yu2GE8i`8Qofx$w-FUb{QYz1f90 z7L3cwP|qL1&oEL#TWRSzIf3}Zewpup1GYiG*3#cej{M2UEH>4t7QTxmDW~l3h_f%s zw9X$&tq8o^XAxn_;t*{c7#u_h!?4^ciDRa4*dyzFzuX^blEnWQp#+t<-H5i*)6@6- zTrCfgH=yrH3e6-UhHq?uYAutale)gSXNU%M!Nm#h&7HJA?(D16&SQ41L;)g*NSq6p z=^keZ>~D^+y3pMT^JGhST>^(Y;qz^It$t6Oag$QA>uak3z{*5r&D^exGU$@`F9dw) zv6CvbYc#a~&I%C9G=S(&yJwKhC~j0^a3NgTKa|vChZU)P+*u?NM_?its85I=dP`h< zBxx{RmTsblx!EHRa!YjyqzgkhE7otkPJ{g z{oYtBBCB~bje+)>4Gj$^k~sy8rm(P-@av!Xu!X| z{_V?)dpuE6#hty-?!FIF3J0fORZ=YqR$9Ab6K@$Xv6k&_=J{Lp7G?Y0?UMD=yte9} zKf(u%4i9$(AjTL*kS|`I5b1t!XuDhxFkAFIUhQy(#twU$Gx%p^EY>UdO|{hT&%O+E zSgyaHn~+Y2R;_Q4(MJQnW_ylaRmeqCi!@oM(@M}xytL$L-(LIE2AQp?2@2%}0PeX| z6kjg;+#6(Rm+88>y1Jg85H8ZIV$$$rU(SLadSS8FkwJpSn?l9!R@f}{&=-$N%=M#@ zRw!8Qqt-!as$+THP&~*GK(rl_EP8RYw33Y1jW176Kf9b(5`ZA48?x2)xf00^G8vB_ z2RJ#k)A;&Hxb=8%nT)o!bLhH+JFm2O9&^Luey{pT11%0)kQ9RDEQNCd$F$zC<3X;w~BsHHQ<-b%RU^KGkGwO$mLczS7nr)D>ih;pc;pwH~D@s zW$x$-$MAxRnbK!*y<5)1d9~)ka6wI}Cf}mB{ytX*D9R-+d3|Tf?PN?p{<)GgVZuF3 zCF<<6?)H_&N1bJ;&KdnS8HWco+=cru@_xnonqmKC^MH?rx|~f^~CV@^3tiA^Ok+fH0XGp zR^^eAj4YZkqBQq{!e09aIDLCZTmL@h6N^ay$%~c)WVeZ5gKYP-2oMKFi0&F4sl*?t#MtY9e%3zE^&i>Y66z)18FosqY2}Y;)HPSZJ zBmWMj1IF;}Sqz8iyMS(~?@6~7g1tg*xv60`p*Mrw-J{a^e&R5_L7_PjHBNeE3)!0R z5RCea{RxQ)VcXj*(J_~=PO$NHWn+@vsq|?A0&;;yl1`6J&*&8BBwZbs zL`Tw3dI~nTjC%*&&#o%WuNz%X<7hw+yTB*9fTD1xl~Z|z?>0g^yS7=PO;Hi)HZ^Z4 z@XDE!c!k=|%6L4*`Jy~(=B{>GOk5BrFDu;(G1*pD?;FQ;@VR1~Z_bzuLYzri(xQNi z-$TIJHrwTQX9$51Zp|HBUjWui{KF&~wU`J^qs4IYZ8bgsfFIEKiH^CP%1G19@0bRE z%V6&>&as|Bjj-2@;NR zX1$hOY&Ad@NnlkjHw8oul=zZ|O&H5HydXlna1c_9Qux@xeaG_csmJ43LJ^<@8Xn)K z*jL!%Db7OpdICuAd9?4VV-j!%oq0l`l|f(pTtli%*IB}6edHTg_TBou7p}r&F6-j# zXV7ev4Obq`@&IB}w+z^DSkRPCO>zrY3ncQkO*004nCIxb9wd7*G&W(pM_ATD==mbF zE=J^Z-sFCy`Sv-N@ZOlm1h(*c4@^$bwTk}OE9MzSlP9&N!nx;r#-_OA3W->31fp`@ zmyVWBac^X{;||RO8ShXI_gG=0wSmRQli4-~2W}Q|%%)#63Jql3?$b1F8f#2DQQzK- z2QGW7aI@2`^;q3W+@lc`FLBky)96JxL^XyrGwXwOE7u5U#l?mlCkVWEMnJWbBee4& z<9U-B)T_db4f}QZ`8{Zc^k+YME~te3k!LbkIQ^wV?B9p`1&`(e&(4{!1|gUpj$1~f z&E6=wLCm-!T&FD}VhPuqrA!C_?`XM?g|_wfB-Sw<8s@MNaIlk8Pj7!gDb%{%xl&P5%zfuB(n(Azl)>ei@iw@q7&+kwwY>XOv-IA_=uLjIak zurW(@Gls6ksul0g_hU>heCtTVi%f_YvTt(N6S7ta|Mt_ZfE9zwdQA@)J-RA>)nWc54SU{Ls38Y(CBqC_(%^DutB9TXm5>o zg6K%3kO9s*&e3x-_oy-RW7Tc^2f1(cK$ zE9`Z#k44!}Kb-YMBckpE@Jk{rkC%o4MIstQ(7Y0c6KNx%wHYMO)oZ-}CUS_K97O znY8$976L6?v{`#?(&r38sSmcs-6q!AXGdXQo@P-c867EOX@G#(#p#{OP41!-LDYcZ zwoEXF7t{&jqkA^i%)nB>6)(Lz&STu>b#!9aE|5@cgUR2!4|S$qqVF2)MQkPW(BO>= zpMpku$HQJ=InGyuZ4y8oU;LtWW`_YzVm<{_r2EZ*2-kQL07^%b!?U;Bnx_5j@7j8L zx5R?P%!1QIO_7ldhwMzFd(-$tH%9l>3;&C6>pWElcZ)@3Oy_N4bM`y9FB!JnKZ7`Q%8l4^Z9X8qy`$VV*<%HATgy6x z>76$n^Ssv%YD0NT&zo=kj7pD5%168T%XC~T2uL=K(K94sa(EoOYCmvArp&S^ z=URPcO7ludb!73H2d}L-yD~V?*~J>{wG0Oi<;lOx?(SxE!=ILcFw_erq^ca)N`V5-DjOx=~P_rD9hma3C z3SZE2a-Ut@W%}Y#&ox+rH9sbdBA#y7KhclqXpRI%_@ES)^~fOpWx9yk{TKADMxxtH zhm*xga*fUl9f9|=dC51m@lM(A%k7CQPQM(#R24tcE<0jmO})#tfET2aJs3ObuIj@a>#Q`T&rYIt)*qN9MSEGUQDH1>-hEh%gU-4pG}gVWzD&sx>X3HmE*~67}+~VyBWMBM;SXu`-YagKPs6a znyoKz7X<&XRg$BqIehD8NQ&7d04i0SD!6sg%26&K7di*II%^eoe!5D!sf1?B=;#># zfCOmylp<@>?L9?9Rpj~jCnF*+BwUVCWF7SVNjE1(-DJmbb!4yZB->q44G-pv1Sz8_ z-M1)Tp8egSVHY#>`4cBT`Lq1KDI&bLX2{Q?aTb|J}P@1a&5Z`_-t3I z=5pdPsCX{aw*EWE_eWz}wVI+Op>}$TNldc!#vmfes=4{hxqWqXG#1TA+MIXBr+*aq2-;C8z|a>%-8^Q5)Z4{=n+Tp}fb(LzIgjoSgd`J;*jM`7W;F-zh?cR`*bYOZq z3Q1*{HmU5uMHKghI!kyxTThc1ey~PGZd%k~e&}+%rsZi5@_7c@yBp-Vm^e&~CATZZ zDwqi~fg zEcWqLxco2S634kZ{ZS6d<0~wk&xC8n?jJ|{W+V?abEJ=%%P^f;I4ZS+-jW+nR92}{ ziu>K{JmxbMH-0QB{y3H;&BHY3sPru%OXYBr##0X`12<_X6m(nC$zJIhKhr|?oQ@l> z>cqtb@fnfPZjOIQ+p*afztcr8XGr18tme5WV%=M1S4(y;tdDi#v~bVLHg-Hhs>)qs zPap9DK(=bBFg`i`3{w+Z#MjqQ&f3#@3Y3l_pSwyITNv-<=&beWrLq)jx$aKPjvrJs zgq>Rl68PlMm=H_WR{w5jY^?S4Xyk|D8?qb`!%O_E5ADt}+Ax7N!YUzMlR3jUvt^?3Lb13M;pm=kcOblcj zW@Aj)GNjP&?LlX(UI@jao_RIlfplfestxPwKmR@{7H zs&-Y=AoEu0n^Ps@?jKLe(yzT5#7DzVMHt%CtdV;Hp4x;k=?3f(OK9VlPPQ4*6ufN~O~VsjrT)wnH)FVWyV6XOdxaT6!B1{A*Iz_K|39 z{oA^?lfJGl*)eO-?5s_E`1V4B2@_A%`_2h<-Q6u|?Y2+OTx|SgX^;h)_NARQvVC(4 zB0{^yz43crc>|FjR;@q1H&o>vh8@F-*sY9(6bSl*(P(s&?lEL7RsWN1zEVWgOlyEu z_n5gFF>$NeRK^Ik9a=86qv>>U^>$Q1^Z<>FGCV3{W)we#^bRu~S-d2ERIqGZez2R8O0-oVPKw(nJ+{aw^07yI{;>Pm=aq_;iquMIJL z!;7L)O}yY``x$|kXJ2e=LYaDnI+rarj{|FwX_CKd6LU3fVvgb^ZaXCQFl1~7jnQxp zC##N+4+b1IMp`crIB3UFsk4C zQP@`2#!SXShGK6INjv(Y^ya9l9ZrU?hwcrhXmM(9P+T(cN6wIC2ljGQN-I_S-+hpc zhZT7EZYG;xy*LR(GHvrynCKqbXTPBFjxUe4)zg11?^hp(aOY3I%}DIHQ#nfHxV#+X zI|l;2f@haQal@LJ8uq|}XzbOMbkp4lk=|hEohxrUaUu)mGMwvZ3@^hBqkFW8gyD4; z?eyWGwoZ+(8`Wj#$*6 z9brFhp@=PiW@7W)W>x%jkVaR2*Gqlc`QdaUQDxNT)B7O)Rqsn`Qy0$`R0L#y)uaX{ z?mo;b!Sqpm@2DE&XOCjFg|y;jF(nBqxLNAU~Q+zle)w{Yide;>8pcU>l^lID1D z#Dd9P&CCM*-_dFAw|&xU2ni$2TD9mJd}fLBn{9Vif`%<{BG+5OuITExnY-bHNTX$4 zSEw2loQ%*jJnXL@ouhP=8?SfqK8@2QY;3h1hNBp+*;4Nf`C;df0Uc7qNECQlu3g7= zDzs&wR%zVw`~JjK%%=qmw=}LqozMGA1AnCJepnF`?$g)ZQR}!qyvm!+ksM+s6?)S? z?gWCk?oQ7xL;YbjGoIm9Fd`#}2M&M*Rk*DC-JD)|X68HVGMzTYsqL@%Af+dKHJb zteg4=^?q1`?GCbT<#=07Nfk4sBB7fh9^(rk^LH+T9PRcP3>hv4cpsUhuicSWmtJ? z53h_a!^Ou}%CNk{8Py~zo&m6I$ig8u0FZENE5Jo*uxK<;8I(qjhy)OhO< zbDN;#-6?;_MFzwL)pdu%;-2BZgcQAS{x{CXltt?As{`?EA#X8GJ@swtom zOMF;Z)4KRZgKVs2WEKSGs~#O-bI1x%KSgSd)Fh#g9roFnFbb_1T8 z)0>F3w^&2l4JUbw#o8HJX%C20G?R@w!mn@ZRKsL%b{AXT8DgxH1nM`3+jrZBtrgqY zb8P=OnA`THxqd#8AAM4x7x-6%eMVnjRUdp*<{KvWrR?eG#@J^3Y}PvNtko3{O_nex z0m)&23k^$Z`Rt1-V>&Z971`mhYV+}^gSb|R8T~f$#)chyLG6p5o}T;V9+!#pU~88P zcAXG($c1uqJH5{_Hv0v>oJ7@w@$kSDxyr}06V<(>Nd zndC%;r_`;3nj;*x4kvCac&&_DW@}Lwd#8?CTFDHz((-M~%mtK83_6YB{&~D5f_JQ0 z&`V(~(h#RK*U9~Ne0k;Xhr_O{`ao!~@()US;F>?~3GKjmEh6QmcUE(gj!R{0K{3Tn z;l)7b(9A_IOSV&e-OCsWH}zf-`sqa`*7|orxr!s>qusu$3OwSBoqs}-NO%1|#>nf4 zE@5&nYWRCrZQR;zvbPH?R*2@dQaa?p_&MJ>m$YE)u`b=fu~lV6d?GtaMl_KhTAo6a zrOpfjNCA~AURFeJc0Yak6?k+~LN=yeNl511yy{s)kE{9N)AH5^ZruPr08^=omd33D z2ZC$x{Ks_~IfdO&sH0xhE_p26snx#h1zAyNH8xl!>Q#65?eS_;@!D%*f-Tu$uAH6h zmI`~QR^rCi29Zpy7*h=tP|eOVnN9u1w(24!eZRO?%@4m<{Kt{&=1rEphgNv$^pKja zs1`~!8qv|}$(7xCJ&1l-gE}4swTi;}D}nHBpZEILSL(~7)Tbv-A3c9fh>bk$cJ))C zUP;h;$LEfBA=q4IO1$L&*^F09+=DZr3Dd1 z5w#KNc{7<)B0A;p6}O}6ypW=@bV$ind{pj}45QX-RfYFW@rb6mG$V1=vEJ@(mUa_W z?d=;67x4h`2^CCt2T?J{I@Kcr7z2$8!TJV4`xm*>neXvkHzwJS%#uB`Tg|r>T-<8> zxsgCc9jB@16Xqxr)}>~~k!}`x`VkIV9~p!G#YO48>C}CI$v~zA{XoCkg9G?mbk{QS zhNBsJs44gxMGNjxkiJM_mAH2qOg`wHr!XZ1N!Q&%og@mKwsvGj4)?a~tUVAtq}-~N zI3i;y@0$oYKD*S!x4CD4eMcGeXZp7riALWB7-z*pnY6RB$>7G#rvoJRc+Q63x9u;z zQ5j9vYSfV0_=?@bc!(ETCaa7cB*Av!X+C@_{}6mP+ZS}88^dsGa-@^I!+~663%i@G zj&Ygg?gO0XYm6f)MVz`DKp}X?i*+uDEgUm?dmzAhS$TxLC17z-vq+6fq{;iXWzT%W+>!02OjfikwsIjFwMYNa>&qnRfK7@N4EfLIo>So6>v*kpq zHI}tIDas+)Wp0vnxh?~ zbO!$AubiE`-?&Y(ibj{nL0Byu;NtQ!y7ufHS^{ zTmWXq+*bEPA1~FpOl_&qciH!ZjaC|Vb1=3XpA1eFsU5Dg==*JKsqFU-@L#mYGH9Q< zA;Q9GMBJ}N1~(Raff&urG5|-3fUEP}jgTH03?S55*!AY*C(`~IMlir}+3jj%SK9Z% zhjsSCan9r5a_|$%Ky{tuaX67!ZRX{^Nh*i^eiU72o~UMPR>t zS-I?Yep!+if^xtoT5U${>`t*XI1+D~Ftj@&nAJ^9PovTWo%A@k+r7vCFtC7W2*?;Q z%}E0g!^t7nNSJS!)oVUPVHAu$=%&?vmWrMo?`U40vvr9%42uJJQIL_vCJuO_=gdD4A>86Eos3gJ+p&W0HF_cv;Z=e>Ita%(;8Ab7+JHR6-HPJV;70Nn8h7l5kd<-}}WZ;|qAcUzWi_bGEL@4)sF(UA(5G7+Z z_v}(nWgNp7qOz+iEndu4tu`` zVSaDJy|eTdz43qpnD*__mr_9fxNMWJ^0z&ymeJm_4&gTo@90T*;~xv*A@(Ozqzi~@ zYqp4eAdZ6>nkgfCJ+VaTwBhhuAc3ov=b6~n-_Jc7CV>?c=-`2oM81xq)MmWnO}^3s z+T3T&VrRu+dHAMI8FOl9FH&cE-Zg8&Q_e=rt*O}&F(y1}lmw?H7y7i@#Pnn2E|UY6 z7#+spO?Ev#DP@ceJqDNEzWbsP55Z-$<*j(>T5%jaFvW_v&I4bk#GUO z+F{^@S=%@zI7=^D^qrXq{0-w!5PUrz*)xxCn!N}uI(bUn@WPGQ{R!HXAuxI_Tg@!K zr!b7o%(K1y8NBUJ6*x0J9+CC4x@4@js@-7Fj~x;EJsr`Fcw$nq#iBvv#x|P)Z(}>d zPfe#Cd#R3^0xA9j(7>2~!5Fwo*uk3m=G(mLC(=|d0xOCz8?TtCr@8YVo?+)YO5HHC z7-Ybes|;04?$7+&-cRJxE>M>zy_#S6H1?rE;{ms!2h_9ZPNE6{Q;B$;{I2`vFQube z+%Z)@CHH`C@%VH+MkB_E)ObLqb@IGKAD=_>ZsJ$B?lfh5A2#SqecCuGnr|WLnja1d zBM$~aum{{stN>8lV*Kp;1BR`$gR%w!Hw=vODSG(#qk9eDj|Z@c{%vm(*5E%ty@w!m zbId>1#zRWN{{NFAzN2XY|9O1lMcMkF+;36J;Qz_}2Tb=!kD8I=U)tAAshWQPe~%vN zasR)P9!-vnDC_F#T3fT6-b)bw7o7Jfuc}H-N5_L>s(}XgzfHcI;o{^hE-o%NYK{Yg z)z;)B|I>)Cf$l^^L~_xT4`%`p!u-FezRr%8)6>(3wG(lATJ1K87h>@r0O0*zsD(Rx zfZ+dYH_fqcd}8PTxhcWLdEMs_BYZIA73# z%Cx?r*|X;!X0>NxW}huYw<;7#`ZL>Z>J1TgF zcQ4GFoji68Rn#L%Kye1IBa@O@)cU5mf0rd!aQ~TKkVpg3a^eavrpf4ne@Co3o7(*H zwXlm$NwZV%K2?NxL~7s1?+nL_a;HN3x&0ljX#4sNboTyq%i%dM1+JwVbXS_By)r>Y z*xmI2^P|Fr#Im)~YP|DiH}I~}YjBom3(u(*Lv?93sN)%(haIzI@c#%_F{mi7cMcc- z^JRGab#)-43147Z#FgfE=qj<(=ZFdtv~1mjT%{4b39Waf-kg?$zC&yR%mK$eGoJp;ElGKvS8TIoX{zsc#MS>U%P6vG>Ar zu{-9U&+~!a_r8#$f3@Uz*c162zD~4UFVoa>swsO$^I9R0)AjPa%k=Rdnq`XL;tR^B zCA|<3e9I0&m~n7G+1Blw0(x}qDrTwuB~4`i7Ib)E^d#+Ps-$I2Resa&`jW}T(Skbv zrW|2Nsc%sA9FVc>$Mc#%JtcKBWgP)NK8b}y`~ypCYqBg!QY@UAUJ{i<@9H~`3*s7V zI`g+#drsRQN{()=lDp|8Nc4%+Jih&&%cH-a;|Eje2y}$3UKv~TRFKvZh>eYH_|%u>qPWW_~g~a6}{OTMXxPr<{h)J6f3UB#Y!+b zEF3@*v8tdG;iCGoF)?#6-6pW8AVu`hqcUJdEdGG~xp`A_Ojr46>5VN%t41TIG z?&opkG!Q}8uuqe&mhmSzr?01O62MZ_#$NWTJ+GoNKR>ngk{O=#yXH;5W=S(R<(0qAQ3>Db1b%JDTz?)Kwaf?wLl;08K>PlHz9N%X!nCN}X-h z5bpkd`$^IkOzP5nP0h%1i$^n1S)~gY(pva=VWE!d#nt$j0{b-KqOVfUF^9||t;e@_ z1qh7=hGd67WIq>{+8H+FPp4u#cnbDK+B#E?INu3OxShVNneh)$>nnD&s}!BsoXi=; z6L8cxqhKb_9amg-WC~Kl+B|4KEWL^r7Z)FQ&hXCPRjY%O^-7^5;U5(Y;9Hrs8#2ZA}cUByj&*TzW_2P`5q% zn0jqqqNkdPBC}^0Z#j$0GJnM%sMb|8%lt!AdJ%UOm^w~(ee8J0r7h8_9_&U!(q)Xg z1_Y&lYA@^<-c(poWi8c&-I)3_|2uv3+6DB(c;gd)J|k1PE;ILiCUE3tY2fc+Qxx;{ z7pre{BPW}FJ(CEvNr$fLZg5;&?oVGh6s7n&vO2nMxQIF*=dD%Q_Y23RHxr%h{14GJ zxn-`9>W_hrQ^FC?X5T-HC^XO=iC+js?yk1cB*$`j?!RS*i?iVzKb$J^-q z{p3m=W&X2P;;J@RQzUtYBe>(s&IhSs2&&weqB1|b1>IzoHIZ%yvA>;px%J(UX!D!y znAnlAQ6!%?qb21~Ml7EJEbyum38T{qtD8&W_Lj-JJC>bDu~BUIJn|tI3E&OCaX(^P zP*uh$UVguyHrB4o|B?9fM&DGlzN|th9f$q|&e85vL>Pmwx9L4mnbxdBgIeYOmF~#- z=CXt*S4D*XhglSlLMk(F(Q5X3O~2eM$otYr2e#+{@E6C)>vS{MB;Tfhg-565YU5^X z=r&`6gdrOX76?r=MT!5$<8UYlwgUX4)4dO9Kdqay@GOW=t1Lq78Y*t5^E2*gOcE?JFK-W{;7-p0hNlHgE)z? z2!DcHGfRPVMzMwU4B4zjC*p0acHRtMpKJ7iaE`f}hX> z*v-~yXfi6{$;-2r_!GIB$^XwZ_{xN?T>1L!v7|bkRRSS_J_GGJmuHz?(gMXt{n@LE zSA1Iq-p9>3&ia~o=9T&vNm5dHvE{8a?8P0;NR1t&#-EJ7*A-fE?I>a3!v?wRlN@dG z-dAabHxxNAttWlfCW7+csP*mJO4}$Wu^0(cq|wwT38W{CvH6L5wFAe&fyIpGZ;s|t zq)a);1hAha1spuF1xhOn6*<^da>HO**cSnJ#?($n)YNx>us|DAbV)okWpkv{b>sX$ zIpLLP61>{D#6Yanm#eBe8ZS%R%8^k3h2d4@eF{9SrlX`2t7izEOnWHdimHyA*lbPX z45gI)0_GcO8N7n*WaS6!fO=nsKngwjZ|rop9lgGS=qolq|5DkZY)~SX-?dO#uz03# z5oIX;Wo4mF@;(@}!dQmxD>hUNkD3wkth8%SEKkc4Z%diHb{yQxA{GPte^9WR{E2H@ zQSuFtzqC@$JEkbNa3Ho?Yj8m4`!tCcyehYumT&r=Zz9XC`S=V+jYa~`6X5B|V`n49 z6I;Axm`JTyG&7wl?n^l%zw#Tw7_ZG`&WW0CAKuCmC&u#(q7kSIu!-hN;6W%#F!wA^ zOH_7n53dzO0eZXs7KJYTYdLk|q445n7Vn&v!mGGko?&ZxvrSd?8<^N=h zX2X8pbfLV!Yu>>A`M40IUO%$()s2eB*~DF8&qA4aSfU-_!x@I5S;1jtQDZmL<_>5q z>E1gn2=RHBYq^?c;{_c1DxmpwtAt-|BovD#-n!~$&e5{;4kSh{qMxcL2Dr7V@j;GU zW)g53ivuuOpIaMLI@}FB!AAD_M)q#Mfynbb!o)U9r zj#~)Ww)xw0vHaa{s!Sz$#Wn#CB%gvj| zeP4917!)=eTSN#&J{YGn;#K&nF(yQc>J<%7U8X92z%XyuJ)Za;>g*AnfjjBtch{=y zr2{aphRSdBB|;|kL4nY34?eC3v)VQ(rTp$26I0p3i|!)4R~@Q4k!Y`EvScT*w|w=# zr@UHy%Yb{d=7n$9CUcfuc_Jf6xe~IL5&`E-@rurcBW?CV2bE6PKkc?7VPTw;r9Ky& zslN;NvrWWLr-hx&%4IhvqU3naxyn_jSLb=?EEPr$ZBKx)U3-rQPN40TBr&5Il>C0Q z=C4mxojad|!-)KK|2fE4u)2*4ggA_m$%w3UAmoRqHB987liYUU)iGqBJa%h-gr&x| zS1wGLUq2ZR3B$-ev;b!(ohX%(J4be$pFgg)XFwmJEQ#lrU-$3P3}i&u8S7D&O|%3e zVq05+b7FtCkMv3xO|1ru*_j5}G5X(Tm4`JaR=2{(YTqWhMPBH|1B#rgMIzo)pcx|3 zm7>9my4mde>8~kl*_XxIk4@(d$MyNR@_i|cn_Z=k3X)R8vRX6hG+)j0)v%7NkGW&1 zm@A1zkxh=fheHO6z%3Eo*-K4mso^g&FT6vl1h1_gCT|2uO5&O;yOR&6p zvznA3_`6PUTBjCEHRIDyNLb+y6(he{w)&COHl6u2*^@lCW~+_pi}?!>g&OX+55`xxQ|?oloPWFlguct0JfJaQPu# zrKrJR`-kuFX?F!q#drQlbamEN^jJ>i6)(F0b6cbsVnklr5xK)z_IqyDXkPH03S;Tk z(9j=+xA7x*_4$^Gae2KsjlfA;zWKy%>9z_S_#+ZAN2H3_LDj*beTCDmIZifURR{W4 z@MP?%fVr3o($N`}nQm)Wd>GI+v$F7nJc^t=euclUvSd)@mwNXeVNLH9TUc|=giJtWu94+boPookvug;+X7xY3kM3q(;o=gm z@13l7U!#sCPP*yzZy)91ys@(@_37JcDSfG1B@xEzJ-%9Yt(i`ZsgL{5OYUK^a&jRdA#wrl8OvzQ0!kZrqh#|YyI_X00a$z%zuN=_BV`LFYuHzA z&G`OdcyvkkfAZq}ZybC7*Cg@s*vf{a+33?$8IRNwCV+@|K{V)61mVVyz&06Q)u&`} z+wMcAH`)rR9Iz*)s`~oJpLB71oEnbSQz&tG^-c4>#-5roIqrdV-Ha?fft=)Vj(ur< zy#w*Ol#|_5t=_+j4MsQ5qh(l`k=N7!eqN=7Ts9OA!PkO(JWOp1LwpPk44(H}&s!G877m53 z1$maP)W{zk-iSb%ggVbiT~29=bp!UDZl(D_y)EQAy`ZUbn5Z{<`}OoagC^VQX)~Ak zgCB@@mhg2pFK;*ZgBjM@LCnZ;`FYDe-fxD{5?(;^bkcs+Y0_%Juw<|AH@36+7_oDe z{HTpp(i=@Afmv(d+N#UmIo+wQcxt&~Ll_Jva3cXxVnx<5W0XF-%;MytQg7PFa>0&Q zWB(@VjTQ!^2?{wEt2pd+_U#ZFRaBMh$Z2k?3QW1ZYaBxvv}Wh2d)>l-%{P{Lecm3M ztLfAyOMhzF6c<~?#fC#o6e@^@wT#I_!uHY z;FwuvcB$lxBUZBB7F5r zO?U16UH1K=-`d}Gf3n=YfX_7-5CwhZf#cM(FjLzQvHR+R4Q-O%7&a; z;+g%=K@jsQ)$kWUve(UALYnXjsEP;q@v8cVn&M`cQF3!)OCJZ@pmj@PoBz>U2yRxJ z8g_J^I%2_o3P~d|v0!Ys!Yk>2W+kz@g6qIb6BUQ)ht){ZXeA&w! z4VSg5{H#WkHeAt67}2J5d9_pOl|Fa{1tzxWNM-JXA8GsT(_Wl(>x7`LAs>W4#sVG> ztAuWH(=~gATM(bXK~d3}vH@FpJ`doJfjF(bQ~vNrbV=R0w5Nfjwe&Y@<)`KigFSPF zwtnI~v-}n4edUx-mx|-!nJFpRlJ2XouS}p30 z&4Z!MLABblo+=QFB8_XShrYyiYA%`P7gNz}fp}ER2@vglbZ=SA;aM0QoC18;+knz(hbm}!L7eY(%;dJ9L zx6+egV6^RAx*k6-IGgl~o+&Tia_Y+Gw0h;a*o?IX-pth7jjR$ezf-BbE$P&toWVbP zDajgY$AfPKaMUb&TU!5m)A`;vxcSX=-6+?zVPKgCw&xKa?GNM26b@1_J-BFQm4BK!zqFccCt3K5XVB9@jjnk&|_l^MCiLQvr&A3?P?nGc_4DM zbZ2bLm`WBkGwR3+G;&MRwu+Q%iA;D7wAiP(Sj9yX#lI^ zIQ%+zxy7KzOQ|a|5x0_Ga3F?Jt}=Db%KY5(=KGMygj{S&!Y0&sH60+lbZA>liARpe zvsP6HKb#F9w!0kcPzrBG%LGm$Y6(b-1iy_sBGOIOrF7(>vjl|sa2Z%vmqbd@I7e(+ zW`)%ORI+eP{Y>vG?$Ydh;=x5zuB)qmn>#4OzF26;p1uBb0bWRhScsl?FWH|u>B~Uu=h~dpbawKS zsAV8F{Az=?s1J3~q@om^UK!1c)Ugey^nC|}Hk|1t#mCsFpUW8dDvOWp(@n>ccuD0c}Qza%E6JmpT{j_i5P9y@+K%>0}) zq1q99Lbdu+#9`*$!F=aOVT3 z(CCl6jY<*Caq)Wzu4K|;A=azRoMC1sq06CO+`5(^o$b{&zL;?}FFB`NeKp9}$5**bQu9)Y zA9Y!$TC3|y&0SXeuz571%!CjVB}NyFsoIFm14#@FV09IOZq?W+snA}C3m$^qHRcT;zqrfUtq{{+3{uAcAm?sr(Zh$5n-TKr97ZY?ywg&h|ZPXsXY>RLc z_LkvN)Q^{jHR4W8JN=%6YGA^W!Scfpf4ehgm&vzUA4T2N;7kz6JFwXgjN)h@#ML}z zES`6ES3ndV`UG^F<=%3TQ z*0#D0*mw;mVsfo|o*Ssmq;?vDVg;&ph8nrVr6GFQ##P=4v_z#8<6iEvfO1CnDY*myB?dD`|^ zSz1~Vr{qg^YZal7Z3i`#MFaSQHt{GqTLR>!o^}ee+IZt?kB6b4&hzoPv|$=16j*Vh zu%z?D3$D{1eMMX`LtE^v`kkX*N{RnUXiMkd@#?4%3$F=%Gnq~XuOrb;>XU`LHKv4} z>_cdnzQ9kJwn76dFsbgp8&)p7x}D(rcHW^`n+k_||KmSeOtZqp3%o1RCr)sMbU%r?x)O@;fheNdkp7wz@y!(=o-&VX^hQR$n~{?fUg7z%JA4bJDFBmQ{d7AEgstMiwLim(`(q>l3&NuSa1?%aO+p{VWXwYVU>cYxZ z-EuKL;q`vosWjn6y8ijK=F`+?nvWUgmn~lgvhaPiD3^pj`dV!rR9y__mkN>zRHk5D z6t9D@p=E{Ecj(<^IL%Ims7X_M-{sYAK+N$sa#2{`@5IyJ@1_6LihApeH%1{CmoFue zM~LUC4HcSpiVQpAs&pwW8Ez|sPW2gb1)w%);dA5Z@C8V^u2VBI-4IZ#o~^fhHBJAR zL7acVtbVJ{>`>T{OTN^^{2E_PN5mJ5D(NvxG7dt__W|9=4Gt3Rh$0 z6R(@OZa3a9#L@lw9pbet#M}3))L6zW^g_t}up?tk>zuA}iChtJ8KF=KL^wpPi>SJs@2gUH2qn{p?G~v%;>96L6?!HK_r4m z;euR}Wnk^sFpMe{c4%rwf91H4t89s54%lPaKC`kkMbO~qk>IAif+hiVfJ8xF@C>m9 zu|#*Ubt{ML(7<~;;++9ZkjExi4X?OVVJZ%Qb%s}^?B<{n`htIPC7o5S5w7wgH{hiqIW_i=Y@Ju-ncjMvJxS9ilq*RD(6 z#H1g)&+CS#zS{A6?P{yi?!%Y8@6$k^;g#Xq>UKcb87@O+J+FZ{`SQ`zsWw^SizzE9 zXn3GiLs*b^xVx_@MAx1z#99uRt|DD6oqB$6kAOgKEzg z+gxm5BXfthDVIED7F;kyZZyD@#rg7d6vxS?*Bxg(#Ytm2XyUwXeLoiBq3KLvA#`a*ytNt?aYr zX1hwI3=CxzV ze{GQyr1G@(Y}>t83JF63<@!nv^tFw1+R=*P&3E99!fHp!IL&?Lb4O$i5kWPDP#jMON+uAUE-TUkL<0yVfpJ^VuR zdghsH)J3407w2vl(YVbJ!HvcQ-i7ygL-upc*Z`Pc-~&GdMO?n{TXbEc0l*}Pl!!#i zj0ZOr$G-YaWERXdgMFDWGgY9=Fr14=J^no6EFQ#F7kOE2Za#VLJV9VK^)H4-f;pb6 z5;HaurvTz4D6D$PkrJeD_bF?ryB$_u3J`$?X!W}38o4_PKuSeM7QXlNa5dD&0(8wG zMjBvGX&Xy3MG=2?-PBYbE^ZywmYo2}gcHb5#lxpUKscFTI-!)$fa4p@6+ zXf)<^;$}vKmULd5el*@*CtjQtLSnY|%nm?0x`{e!GIw!+4Rl;h>Nl{^84dXlUZ8Fw zh&^>np7GaYUcy2TjM(i`?%FP;w*y50^8G^@y*JC@jTyCL6Dch3SfsD#ap|brY`?mB z<^elgR->0{2dZ^) zXcM*9NHjzhcq)|KlsF-+%agq{`8$JJuP`jR9Gw9Go7}8+=qNppJgMB1^i`nF{A=<} zO3*0hvhIfpOcF!3pdHR?z{DBYQeuW7B?Rht@8t$8V)N&CS3AsahXC8aYbdxhs z{=ccY&&*q{fy$ba+7$LL2!c7*LJNq(&b0$;(johuss&O~LlfJLOVNEfKQ@m$yYTph zYP}rlyJkPnxNe0GP5WED$Bd=a2QJ^#CRDFJUA_62GA0FfkTHkp2%#d({N9%l-3Z(J z!F|$~NSnyYMr0#tKQyFYFsG(}T@v1)?<>6uF^rp>(T*juGBF_oEpdOl>+6YZo!elPbN46; ziht1t^LmNM?=dvh60`fhGPJW(TTyXb{U)mD?8~zhUk{Mxhqyvr86$Da(2xjST?6H~ zHgjXit%(^Gaj7_503&DQ&IftB{XJVtsC{mIoa-P9_J(_X!1UDC%zQoI0-HKWHKs2m zHMB_ogFBT!{u0H*#zwyFkUrL;H@@sjw0l143!mzGsdryc(XZ59m7}oFXw~-pdk#JS zg72I_wG@VC_Vf&FN_jd3c)2**avZao-g0~)S>GUx(c!P*O(qsU zFBp;M4>C6|;LJe*w|seNP2zZ3#V@@{NS9JICO=P7rDtQ~h4STT4rdo30U=r{QYh~f zChu5v+Pz6g8iw1_ydb{nK(|TA&sh1A@s=n&d2IDd*Cvc!L{8LA?~*O30XbGkdnz+G z{{qd6^~Ne!PY}{-v+ex%>!=y!l;VOQT{uklKd#qbgqw7V8h`FSX_Jxp&!_(X!T^@* z{Wrg=2{)_=dZC`uE4J3cDaEQ^(pLtBx%JcL zlsB+lWf2XVmi+4bQT{ov`nuQNQ;5$J(Y-l@;5=R95<+1H#W&&LJCY_iDPt~`C9hok zc&cXOIJ~^9q;Tq9ar>)kXOz+<*S?#(Sw5oTX=TlNRx7o29Edt4ic zPI8oVAyBds9W}lHUBT<{YQd)`VweX#q|y-)wHE#KbcyN>u!RV_WP}X6#_>_l3Abil z1TiV;8RtmkdpV$h%VJqk%gE&h)2^r!-dza5^p;$&?PmJ%+~Dzi_i@He%Jd8P9^iWp zCL`ND^)cKeXFgkbSbywQ?VsJK8+4u}>7lD-Cpsd>%lu~PKvT59U-?3`_ooa(mp z@v(mp5Z3ZfkJUcs+o&D~bsiH^1d+-QF+Fm6DSqyM7)pxsHw)(&%ue`SC;*)eL#*2pitOj67D|$z z{ngz#uk$p%HYnKcnqW_AOD!=9Qw_-)cqTRcQVD4bh@fPT{%EvKo3N|_0H6x0h{71)UVngsHn#e+4S34`; zgYNrUAB&|xuAvRo6ZEFpaz1q^ zDxqZ(&_2&Mv9L<1X;zR?k7@4sAg7VL1&2gcd*?uFPjqY-A>P{B+O@EhP20CDjl*2z zma3zCe9*{gOz>Ag2Lj%7y&*9xBcg7v^xQe#$8t_sP(rogBLx^pXm>QW2!Atx$WGH2 z6AQnV58G=LtFk`nqzWJ9=#w9QLk-WI@(OquG_e2loT6T8u$acUM>J*8j*mAESAb|R z+js3({ib%zzSElKcy|3e)p9rk7YjvSu`R+1v>N!RRPXvjbf^gsY^y76~ zn@?@%uprwR$E6*g&n?e~R&o-?Py_orIi7sx(K|f!Zo5k|BbJ9cz^h~gVO`0cD|Y1L z?dcZn(vtL*Z`%rNYfs`l)}QI|)YbPI38%k5z@;b)zp$vn?NIZ?IlTK>#`j=;-mo*J zgSh|lc<-B8^6ItQWrLRT3o#=c`Q)+Ut*N^$!dD_ZK&uah1yq3m2`EEi&LWimw z3iLBUS3BpvB$7ii;OVZ{_I&CRx6$50IjByk!o0M~RAH!2oW|^vVQ3AKM1b6n>+i2j z06bH`1Yplj*JJ`AZnBP~f=NIV5fM?nv^nlL2sOlV(m#B5=;&xbb@O9DSMk3nDB{D_ zR>qCgy_(BC>|DYyh+#F9k>&g1tmtxMvz?KBQD4XR?{hTade<^7Ezs6zYdu|Q8!`5V zklG&$u(=EgbYc)Q5XF1E8tr5VZlvJxhzW7Y zqHSuVX!*z2!BG}(P5g`R>aVLwRPf>E-sefOwlSqcBd3m+cMr?dcYU0DERJ{Rge8`7 zqv_OFzGPdNcc94P2de40ZXIlJ)#*c2t^J*kq7+Z`SM%Wcu;J2&LCRVY3feDPkj8SVh<8Exh(?q?fkRYyJZg19e4vCA9ME z%36lAVqt`#{gKXNu4j02uFTglD?>)7f}m~finZ>9K}tC!rQ(_rSBqvs$RCw`PJ0Efbi|l z$C4&faPofl{q5t;&n-c*U2eW$3G!Rc;2A6-;}#(X?zW9zD)Ju(KQ&+PK3>^X*bH<& zQd7)w^;*a;9Fayo-luhQ_t*`GKH~9haRb!6l=kY{?!$GzKK6?|SOz*Ph}Vz$U`N*E zSA_=|G8^wkuE^q)k ze;qyqf8ErsQn>dh|UBdidV2BPXpE^&M$sT;LXlF8}U z$dIimqEk;W3UJjSrXNri8DwRwZ%^MjN|#2~Zd}Pctr9zfb6%u((yAtoJvbwnYraP&!Wm_V>mlsJ@W8O>kLJ3=Gw)29x1JlI$b^idmsxH9dUZTR{bGY1j4b@Er zN~`-%ETL0zq1b}sd)i+Ac(7ymtoGKr-@rpdh~JB_B4Pi4>;g*ORl(mAaa&m`jk0NTzVNlEnapQ}4e z*8U7j?e@LSi&O*g|LKzhvQOvIsAyAXtgmA+#0QOx&MZO`OAI7z&Ejg(b=Abw9BkdS zH9kt2irZG(8QV%K7^;wS203d6rIIwRubT?YX?5fmN_*Uz#sP+750SQBFbC(<{KP_} zxjynl;bSb{XpT=zG@&4DSffRv7@@#A6nf(P;wuzMxw6|Q+l3dpH#S`d;S8~^OL&SiG-q2RpP*t60`*0USd8l}Hnn$A<^9t+9lU8xp4-<|daGp|d4Cl#y zrrwQ6GHyEyi>Y{casi%W@Mq{T3l4gj?ZqGTKsz&yc7%l6EUzcJ+PxPF74W8zh-xwL zAwxgA{gwM9IcApvX6F<$S85Wwzz?btr@RXK(ca0?SQ6m$6cMRX_PBU#6;senlUmM? zr+0#{9d!t`;HXbNw{ebUIQVpHfQOS#a_|rso|M`WH3@|tl4cx4j_kt1e9YoVJwg)J zxEdP^AVzrewx}+h`MD;H9bZUjLp>V=j}opK?32OFm884g^*+acgxE-Xde)uzph243 zmnYk-Q(Art%DWvVd@Cjji_JyZXC7oOSsXZKkiiufQj8c}^oMku?VVjcb1XkcKtn7y z$;1~+nA2OC{Dm5W@TOpwH%h zW#~&7VZJVM+oNWB0dPcTc27;RnzH)sArTivlJu^KllS_XYpqjb;ti|>_q(9?XsTG` z&;-xOMVa1E;f|`wv{l#pZS38wZBOZ1(r0FKJz(GoG!6bjuWn!O-f;Nz)Ds}aM4GFp zWS~yE$0%IuS*EGa18Ee$AE?DjR445oAtXgshVq-gcjZo8te_h0ek8g&HIyz8pB9VO z?U_EAmuXExY@wB}S=&*M=!2&akq}ek@ld1k0v-9cnoeuZZ5jy)fF$*mE%@i8K z9V|!%yYIn%NKW8Ue+}=eHOOkZRxbVh9Wo~TZS?oLadaAh zM9!!v(hjoLeg?ahRB^p+YD@)dRd#8u;kw2j=RN=Zt3L}YI-Z%s+8xs{v^`;OJ?=hPYnX?d=#HM`st@H&N#Ow`s z&){tQ97mspGPeLTbZS96^;?=iug>qzJ^4P2hFqpa*=wUHv;tf<8$Yhh*;(e+c`nZu zRg$F3>tgGvvcT<-*w!K=MBd$cB+x5pC?5;mZfA32OK_%Edo>?Pued!(?i|438Am)c z;wXWqv!+aW4cuXxX~b_BO2)hOh5lBA`nw{D$`~#j%VCEGFYR=Ct7SoB0?kCj2hskf zIQFE5Sb3SznZ4dlAso!bY7>@ZI@}OT(TkaoUj$N`c^7`EbGbl&%jgeQI7;Nr=4xrH z4*Dk>Y}PHmi+>`*i5%sBBy|>AOeJjO>qLB4Cb=N08)vpQI`#qWgP#0G;n6Yjx;(q? z-5cvBT-7{Gi$Yd-%k75M@|64vC7E`Z>U>^`qiXvrHm2xy_X4*EM1(YRnT?N?4R96) zfNyAv$M0%BXNKj|!lBtiu#?cPiw9JfP9El=;qdUtN(>PVX&aXh2-gT3HuZ1OqryEb z?l8S=c;HD~y0k^5~#DbpHc z5YOAb7IRqFxsW&Z+_0d72T?c$6$2um_WFWXmjORGPbC;WO;ZiX5S~7V_hG1UIWhEO ze)~2iWheT(eOC?INS-HyvZL!Mc5dLaUlY(evZg*Qu`=nTk5_YpQwhn;Q7s8r>uls}&R{ zJ?3ZB=np6k{G#7F(OGZpZ5~5IO6f^Dho_lJ%B$-5`bRt7u?agSB{wjR|4@6GBCm!* z2Btq4x@bpi+%HbH<7K|l@tQZ3|EOZIyZup;c5&Qa?D*5$C7YozZXU;@a~CHp1uNLV zq{sO}e8TLAirA@rZV=r?`495nV~>32FOYGh*0;+5dfP~_vBCu&+B0eePNIC-_TIpa ziho$_XKf^QQua$uUOvyzCwl38O23^9d5<0NY(#F?LGR;Tms#OY@BpL_4NZ>9TfEXC z*FOyr;vA2_R?_FwW@oV-wL6f->$;LCm@WwBN6)VwROWWOQVBa<6>LE)ipOF~d47Z2 z`6&6>i9V}1Fa1K_RjYOe|>p*+?A zLvOZ+q%s=;(7*X4r2w7ewb&Q67;&#X`m>3NxPhF?l)D~LtAkV%5ZM-Gx@s!^R;)U| zQgN~z7I_+^8nkhBbCtlO9&|fa83XjPgm$Fi##{bVF$+Mj7u$);g*-1V+AX~CoWP1< zf-@_*ULKbm>Kr&4{AuzN`HHx$VgkmPFZ=2DYpb}pF=M)^)?z|>V!1%Q_n2#;{3(55 zYPkN*D7gIm0t^=#e1QGg7hHq}R$@*>LKWq8tjj;&I)$@m{#r}Z<{8x_N05G7)XUu6 zk{=xEvEC-Jg-4#{<+U`t)gam+&(KMyKv1NM3?w0P)DY)`im0>6KEiRuW8sFbkA1bZ zpA5Roi}DOv1){e1=Bl3`CcQImcWYFZ+|_!z=tlya7#mAUOh>G&WXyk!{xi>?{3hX%@s zbg9K=wah)21tIq3O^$93MlLyR@YLq032oh! zoTJ*wu^GBQS=b2rPSxOzU2?cN<6(2N&LVo^aq~j6n!Otloe>7UO|ze@li{&I6)|q> zg_!m^K{~p^qGp|UVdgUkwZR(m(qZaTq-|kyJ5s8M9 zHAcl&S-az0cjxvVygWhC8yWD38UgEel1&7+6WK*!=hn6PJpbL(hX&zVaPkDdQeBo*S9We~q_f$Hb;;^@>*Wk_KKXKKSRJOGpcVq1Uq5 z8%?XVGkf!E)*Bv(X@lkgE^yIhQ->B=#72e`s4CYdFI&pw11aCu-C56@)A@Pxn=xR_ zDZJ@xZz(K%ePESgb+Om);b3zwF1$jwj6_<0mZO?5SUW&DbeFmI_+#`A{jter7?$EH|ww8WcI!bwwUIwX53 z_~5@@tHh+|yZ?n;TI(EQLWWZAhc%=h6u2sNUul7FuO(jZbUaU*4fI;0xgn z-jYTw$T1!o+E^IbnmObw4|mc*z4G`cWc0!FGd+xDre5}JTVpM^9%!`q;4(Yy!OLq) zYY--8cT>_RFa_i11j>mHag`!#ns+}8gR9!K#HQpV_2zCbQ-WYR2@Y;7EM|0lthF?e zv;#tGLNg+gvrP@{KSU76Yh32?Y6C_$z`H7=i^-GI;54^X?*Z=DHTk$WHzB3>uYia)r`v&_{eLWwbaay9hk4E&Qlx~FI-iGhwk?PF8 z-q?8s;u=dpFdIcnuqaoH6K)kGgYPTT@vu;GbC@H($QKZY4|NYusF8l{k=oYK^iKLo z!tBsWCpugdoMeHMVER)>27&O-b zdC!3m^qjcutdccNxhYPf3WA_yto5X#@CPzSn++MOq6ZA+O@UZj4z`GaNF_8#>I2T>Fs; z*xJ$KaPwZPO$jZMdEVzZZ9S!8?;Ecw7jB>7W-F=STH07K4Iz{&fQG!_cF^$0lv0)) ztCGG{2N~=jM(2ajzU&QD8^{PW6ebdM$jb?;fIzji&nePV3!B`e2(hA^%@&({sNP3; z75m!TGme3EK_Eq0C4sVnwlW%Vjhlp=J*w{Q;>c!t8b0D{x?!6ZwOJf7=E%lAea}0w z^M1Sb43Evlq8Hj1|Fu5Mn_^glT;OgBZ@2qSrY?FOs&pFtu^04oW=Pp znqZ|-q@|-XGpb8mVs3GwKF(W_*CA_QpnZ_+Yr&AA?ssWiP79U?JxrcTYuJwB0wKa0 zWz;67AWUW*sTpLVn!W2m^hy{E?Um7o+AbZ%dvX?jSDJND#GM+G{7-#GVH)9lOVf0G zBeW@#%9OfOXPjR8BX)pW_T7RAYaQ2u;xRM@3I$5u8rl|DRb*7=*o%_x9)CbiVlA}a z%dQ!15S`g3ad;px+O_!=wD=^!LEHq_3eLmP(m(_#5g(rbRNgI; zzQfGGxZ}ojt$^j47>|dK7gz0y6B)&RI<@ykRki=_?vf_~mvU%oX|w@xT=C+>+|tXz z!T4iQX?<3G!nxk6F~r^e!w2o<9uqrH&{^Z!l}h;&{e@BE&$_n0x0 zt9LWoJp+R9+{eA`qwTXZ30L#239`lq+YAt@-Y|g1$hcL{}zkXeFgD^ws8@zple4BEHDvdl(UT)?0FB88D@n+2#`*n^G8@ zu^ge+At@^tJ6Cyen-4F#ewaYKEq!d=FMDJ_ALMlOJD;7(YdFR?&cG3{yYREKv(H(dgM2pY?J$`AhT>qQ$4jLYIf9%M83}RU3})q;$F&lo zlcGiV`;&WMYICmpa2*zL4OhBqS;qfSWDJ_Z7Km=gzh<4bX#U`U+BhY=8b*axd6i zi6JL|-W|&E1^JUPF@M~uu$-TF+xE~&#q|FGHI8t#FRCbk-C&PgizVwiP61MlzIh4e1f z#JzeiB_>1`1MemZhpvm3b)5W@W0eK%m}h$Pj=f`2Ag{Eh25wi>mOnGuZ=RGK71U(C zm9d#M&lKnzYhVg`py8duDSSb6bX1sBK`gwnmm$GZxMu^L`b zWKguLx_kShyf9j#Sju2WY@mQkjG|S6Vc}DiPIk&=-$(L>j){$DLso(eDWgOU?3AtC zbmir>)F)=%<+ic#(6sr~w+tW?xJ`F=bH1r}jN{Yq6f-9if|b??a|;&uI`H!h4G(n& zX6P-&Id*e5- z>zBrjtpAAC#`H&;R>+HTAtnaj$jHUY%QyxfxM^0<-A!k(jH#1EMwyxNz~4SFtfU;S z%yuZ+!Yv}e&Uat(%G}4r$|1!)b5}q?F?@I^HdQArm6$R!DcRe+GYsPt7>f(!-0N#d z?hOf%HGY^SHnuC&ivLsB6UsTY*uP896EDL55-t1xQGf0Kq2*ReLksV$Sjmn)?v->o z7ErvXGbKz=u9O!6hJ|5Zge`miM&}_f`I-O|fRGv)<>rQ@{W+HH9wkK6Cvg_qjs$?Y zteC@Ss93mKV!%irv!StYmK$}J30Kw`#1lWFV_LC1(%8w#$Q}%3fZ-Ihea&)8$lXfB1akQu^UM=*kz0hk_WG=K- zbS6or~%N}mOex140jnmvxY5M8_}?bk6pG){2~+z$_oPjDc>C7p z!B2YwmEA9{@vW4nk&28M6{I$qM09Xau9~|R>jg5^OGGC{rWy+j~4Hg&KA(Ar4BV1fVVEa^? zmNL247Q~4-%nB3vv*=Q;c!m7+Xn326Q|cPssHkY>c$0vdNW}`uw!WxOxt(8HiO$q80jN@mfy!+8nJ=IAsx4m4HcjHQGf z-z4DXG{}J#x?050Db!$J8#l7_%H>evO7vUt!+*pkedOfp&1={|(Xn_6xrOT*!>{s} zy0**z)loOreEcM>XnOiD-@m`kL_IZ>*hjxo(T2i%(bZGJ#!*my%FPFD(%!tz72jSN zts$oxm}K`zVcgM`-ZJ;-m)|ib4l4nfrlV9b$7`>wWWONpy#Fa4u@S#G9(KCs?HoZa z?hOu6J?ptzucYPpF-d6FK~v!7Ss&*#7;&jC89eeMcf3)miv-?xLq|-N4gy4=ggJ`i z=Yz&ErOa)V=pzVHbp(02wZQs(72lI~Y@jx~<^$n*G!h!M(RFRVetxLD+4`#!dBwn7 z!}DvnUBbZHNMGN_D!xN9dT&!P(D zik#Xn`c)U3(CA+C_;>AJFu%KTe!MWFIf*Ch0~A7ThLb1k1xpMyU%v=-i?$5qd#l;L zHRdv%yTKy|FtC{Z2C$oIIGete)o_=9!QS^5-tr3Y^Gi~j;o;*Gvg5CB5#r(D5fC6% z5%3BArO8oHh($H7{FYW$U!5b^p*r3%Rh5;O#@CG#^e2dQ1iV4Y>U!xR0i-c-J;)*g z$Z;lEFw9n)Di2-N>@&GpwKd~aU>_-oca5z~8yE9?xYQqY(5q|l$}cz@ z-E>TdP^xVI7w(IXwAylc#UPE6DQJ3|2L1A@QQy!p4}hH@+_po|ae%k-9Cr=PYEVL@ z>#Ov`SDlVGEna(h;QfTpww?8@=7?D4Mcl-6lCJUAipjc#~tJrIY11wz0;83`F`!x92oB&&WyNY|r+)W~O%2sAdYcy4}u! z=06ubS))54NeDCr{WVKPe38Mc?7J(Ie3fhK^SNDFalb(E!fI>bijP=~JJ-sACn&N% zdHm<>HltFnx$NmD1T-TS3TmYR;l&y-`{GoumC^D}IP06jH4~>c)sI^*`qHl2<7;Au9;`6CT;lbj?9zT1R@^wIsVSw_o>iS)(^^_vOg#=ZxZN1viekyo9C2|R zRiBtTFJq7$WlI18HGCONRTn20=h6y2ZuSD3IIOI!QignN`D0$zoBsx(A4QA)nGm#a zxyVA0?qX9$x3dAx9u_@9*L=yufSXqQP~Iw|m3YPlZcxoFsZse_#-i6K9D17r-6?=Eh9-uy9EKWDy1E)?`4!rBa+ z-D-&pbOs$HUvuG_!sO)SAVvDty%mz>gn%h^t%o1WZrui^zLN7{G%%TtMGT={bkIg$lnA0 zcV(nzvM?Ss-1o1r@qe11%p6NLHV~X^B2qiO#_{Tuc1jhA>@qPmeZ{bm8=IaU@pn~> z)wZg%>Q#Ih-kWBW=+k`N+g081!_wu2Pj9F|p&QnYdjzSQqHt}Z{-XOK_LM3Y7grqe z@(qxam#3qn)0X~oyr7&LiMP9dA1Pe=Ty!jQXN)?QM zYbz)=_bG~hjx~BAL7`_~KWT_|6Dd|8rJ< za`zOeCW$qs`wYo4G_(?<6p&l2|SR*{yHP8Zc4QR1Kj`HtuUXFqc-G5%@ZIrFz@^8zq`!L;14)Ziu<%G00L^L;4IMf>3UY+Hf~)Ru}5*p>jQ@CyFN z&q)bOVmP{Oo9u#?f2k>LWXLMeQsrVCn6$>dLE6yk!E{BMR{f!e(PZ55SoaWhbLGQ< zzR2Tjjm9>3qMeNPR?j;~Dc9SXNgm$!g3YDg&F@*E1=ca_lj-qbes-Q@3Sy#YaIem9 z4>IxvX8k@URsOd(pAY};qEDXuxA`LfW1`7__aBji(M3nAGtZBVmL4O;V!mPsaS0Bz z9{uS-xykRaJR#xM=H`mQKlaOzjLzv%0?L!gP?I7zlV-ivsn=dz0ZY17p7*o*l0`WIhTex>1p2BIX14AtQHef6$+=DIpieb^ndV)E6ASqGtU-z_j!q}lgP3+Bz%~0 zI5PLDs}^g3jmZ0Lh95Ew+K+$RzE&z3cg3uaRIk7HWj(yHl(NZ7l(xc!6b*IKHCJ%W z&Wr)tvXHr4`Ty7Sv`(JwwmX$j66#i2)nZoKzu643Eb_zWkH94sX>0V`UI|Z&x?*l{ z19-2>yLa!TWfb2hY}D~l|5@4c#LR%ZTX^x?h5N2di#!%k+T>qg7I-ys_T#rst6!~M zy7QOtNv-+MM8ka4Rxdg-Vat;<3ier-zc|J6*edLwdNKa#JNekySsA&{r^bf_#f9Du zpZ5Nhu-7*Ql}VAs6X(xPPyAbM_Zm`&eDL46<@uUr?LkS0ieB%!adf}&wVMy#COvoM z=33SovinD)+n`$xIxR+hKY;pUn>&a-#z7OtIJE6n}-c9+fEx6CU-?w^=) z@SoYN?e&MBIOXct8tiYq82^iE24ac%hj6K~F(xsi|` zo11%I!*a^eGd~=>-T4g-O|QfTUpFw?dm=%nuea~4o>7|m@#D*%O8}3EOMar(vDNg- zRkN+%{m!53>Gc)(?A!az?8=og-nzS-g5ad_AU$d2$*v6s=GL~>r}ZGIFVdQ&MBb@02oNRr~m)} diff --git a/bcs/support/images/pc_customer_subscriptions.PNG b/bcs/support/images/pc_customer_subscriptions.PNG deleted file mode 100644 index 77fba8ef8b208f29eda3055b6450732f7abc4e25..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 58677 zcmd42cT`i|_AU$}pj1&HbVO7XkS+uWMMbcJl_I?>(n5qJ^d=o5AUy;X6@5jj0)bFM zfB=C+<&_!&AwX102vI@^<>Q?5{_eSdd}G{k|GR69ovfX`_bPMGHP@Wae3E|4)<#rF zPKbwxNA&6yt2;bA2OsnB@CF?c*#D*O3SDjgix+ao<|0oGQQ_zQ$wB`MH!tw;)FXtq zJ^A;~4~JfHg7EMhee$n^m*S@kfW+_kL3jkiObKP-Fw}(U!0nv*uzHtlq`__E%OVmf3|L0@*@rvUGLMZHn&=q|K39+oIsc;&VV~^ncY){NLAIQh)z`a`N=)6Dlga!Oc^) zQvdYIp#?kErC@~wv}^cNSxScI&aIT`#F`FBV+cKX`Y+w%hF@^q-PM*h zVPOsDgLk(%)G+k3=g)ta(fp)c{Ir((b5(D5#>V&%3Pm4}R$mAVTxMul;6;UmE>bY? zkIZfyPU7g%0~Qt*`%-b_bYnJ~bw&7?OlE)HDdDjB{sg2kMC}4*^;~q<;UeH$EHBpw{{gd(3uzj7z_qN z7Deo9-Lj)r(Rd*@pNQz+?}MhAWPqW^)g5XA`5k4FJxr30IyL%zPTfAgD8>4TrlWAV zsy0VtWFGQ=_%WbX(X-$9#}{LN1Oi`GR#F*^5dOs7VDh31!?xVS^UI41_LCeI{bMw3 z!#rw3GvNDQzWm_e*TMiT#}R+?f8Ol&U2>hXte2Npbqcu5FsQoCwkG-K%~FH<)xXj* zG8(>xEet-j&X%L5tD)*vKW(acSf=n6BngT?fcC73$qEEeBA3oZuMeo%yKPGgXpeq$ zPW|ithX>F_NlnKiE0dpb{uMDPecAHPPz6_Ufq=d&S#SQQu&R-nbl%qI&n2UGIdm8; z+vrPc_+v@+dxt(h9<$!p&|9ysNIYRsc8vI3;tuki$LA6v6vvWok@F+NVdvqp}=2t5Zi^T6+9Oe;hp5lkRSIptpeTYJ`-w z!06)!ju2Bze*R{Q1+SSVow`Av(cssR(WDw6J@o{NT9A|-V^J*&V_Fz|bGihOWT((4 zi-?O8W^8!GCn^h68wO1#E5~k9i?+d`PMEP&eq33j0x=q0otv9GO1o^k8!E%_Y_A$% z*4+D|Cx+YJC|SdDiS*pBbyF0TGpIY@A~FhYmnG9&9jk218wL}SSYdAozWuOCRN zshZPW3c!zk023eWk%0eF$T-O*b%y|)?(idv-3eetR#1Is=?KwZ{&Og`do-KBlYREq zi}*j!`zu^S+B^{#ruS8{g}d5z`<2zBP{%Hj~E#<_CSD!YoNL|vqG zs{{}Nc;+_n!~Jf>!c>iJq}1K!>QV>Tuqk9s>-T4y(``gu}xJ$h`uj3b~z zx*pvN^k|ObH$HKYhtx#@&ElCG^tN<8Vi9L;rFrH7r-#}O-W5SUStUK zVfdhW5A1;(WroA0;zci^49ckDO-=Dezv1pIS^er4CHgUi>H96c+BX!ApC0B)U7!=dy);$QF=9P}>&sdk2ICc>v+Zn3<3{t$lm)sxQ~F$hqFSn`yx&d6 z1NNgikfU3Rh=?`BMWClV^F(JVix#!VQ=`NCGo&=CW%#FFcS8QmveS> z&F1<7;bV#kW5}cOIW6Mnx849yBNcBA6rSqM1bk$_Tzk_gG8vl0D%XjYe7HDNG8*l; z=_u=p4tsN7rkFTO@&SB~S5IV89#u=~5xKwTuUcEgJ6}VljoUdlr zB&R!c?5+NhKUhI!$Av&TvE05Z3oBcrLEvqkz`$A6KlS2!o)9bGU6x<=t^3DW04op6 zE5MS$cpHbk-DBdFoi8Zcmie;x9szfp95-Zne9+z=Ndywe%bXS8{m0uQLz&Kl3mSY9 z+Y&2sBy6fN8b}M3$-yxwf~R9i#YE3?DrXG4f~P7FL+5X#3Pu$IRx8N#md;SumI`wC zn5%tqDTmR%O~F)Mr4SZ|XaO{n79=u-U7wEpJ(M_A%2l`HA;)1{AGwxq`%i`hY13&U zQExC_a$HkfD9j&qgGDs;pWJU;Gm`~QVWTJv>b9Piv)`0;k2jw()5loJC>R;OI!mi_ zu{HbwzcCMut@*TT>()rtcO0UfN-Chhm*?pP>lH8;AIl0t7mJ_q4QcQwFMRhms+Qei zYhnRf)CZE79B|=4lnWyW%ecX^Wus8+Enj;VTO}j7L?T^x5y1XD-3E2uX>oHAXGD9O z&qOYL9EE>1j*VndY;Bc*w4&6O73uMf|RWr&oPPI zI6#vy$J4aXNOR2#I28n9u(oGo%-78kJ~!y_>^~t*Rd8FMR!Gg<B`--v_+fqM-q|_Z( zg8dcuZWt{SO9hpqzx>tzDRAPOkouY!z<%42>BCn6jj8+UQsZL$A$Pd#-1w~Dse%F_ zfz#t_iv=$#;&x>#Vzdv{DYdR$^0BLHksaF{HNJFn)5OHxmAa8WLl5|~EC?ZP#R7Zu)d z9;&c~gQFJ3`O3*-!EGysA5M^X&aw)*hvkv`)~i|UZ;_Tro1d9d8h%0Yg*UyN=wWNY z>Whkm)2VdOIMCNfSH@bQkTbO4fu65(F*ke|f?kk*JQY^f;9{}6N$bQ2W)Mh^OfI-; zA=n1!;6QSi;wCke*brtx)m8J3&!(;6FdiilZ%GDXBugbizCNilzwsj+Gq0P;6$9@S z12ByU0%@hYb32sdWQ%r%u@y&J+8t9$jL6C@C}ax6pNB2w?|ck#2`SKgm|)f{-^`Eq zMti$K6gIr&2;xbBLzk4wjJ0z}pv7nz1%IA0y!`52A~T&6_j&eQ5f+{Q%=anHr!UBg z428L=D7B%>TLOmwi+t>}iz-Fsc%#Kk*0^>mZ42z~<+M;=LI((Rqj$<123Bx?7CTnT z_sAXd2Oq<3c+{2QFDlvCAe4gm^IAe69Y{c}i>?Lw22zbx@>Ar7{uPqt`6~LnMOE(# zbs4cu?9{Z|CdO-kr;CYy=&+JU^1eL_i>ZKfFihmH_f@e2{%(?Uy3aU6+kO*^bs(*J zj9vxjogS%3bB1g?WRpXpX|SG7r7R?J`SAX5xZo?zC9vNy*wkY;T3UYPD z;k)!E>Mrd$e_`3TH`kq6^Lk-zK)i$3E`(bj+a1=^Do~_KLpxbn?V^z$q9jgqWFmf7 zOwq(K{4wPX0djyevrS+fUJ?Z%fb_GYcHmo#Xso-!a#?`55>&*@^xF0Ck_f#k@{Bl*h|zhlB|pU15ib`|FK7edu#G!Mfow>~(PBlW}&uqvh@eU!A9M<%4H+9kChWTrjHo48&Xi7Vd`MskEm_1(Jq7 zvM)SSSh#Dt%C&Pa;uCaMb+v7YUhiKnV3!T=m!2>E>JkxR;7Qv{DN6(nP+9t3>}EO5 zMO0Y7iuB@e-2IG#%Whw30(4hpq&X|?Df#^mFy7N`9jw~%tb{;ZSPaFyA_yt55?Kq| z=s;u+yP@ug-T}g+FxaAU6*lAH2m6oJE4^)L9lKkPAH!SB_V?%x+ZU-%IoDY24}71| z!Z-s_T;KV?C<=d%hvXQ7wYWXLcHG~@rQ-0h(~bqs#EPjj!6Sy7vXDWSoW8L?*^+XITjmX&LOy8 z8%gGm6=5=(-V5cqkAtDB;+h{Y$KpA|rupM7G;BIe0`IN!6!DsAIZuAtGkZi?74m9! zC`6!D=8!indnz4qKCHt3OFZ;z-Piu$!Vsld+2q*>>OeeKmcZ7i#dw_qFka8CLnbvX zdV+d)x7SRIatT=LW6e}Miya^S^D_Ok*ungfg3vvGk77hsXa&8YVOb|0KdUS6ULrM? zzfe3?gwR^Axj=F1?Ni_j2b~U!V%i!np0{fe@z9qc29b^%H0!c;%^L{LZGWbF*#C;)^wJ=b`6=q+yO~M-~$+rZ-mZ=+l z=(+mxDfYFNY#3;Tj&Ebl0A+W-$yBAM1 zJNfl)Q-xP$U(?HPfcjXDJ+vd*%Q_)WybH|d_zw0=+)QM0F^6E|ZLEp7TYUslaS~;U zCe@?58VIdo8nt9M%_Zb%(iGVSR^z#=-wAYG%_K`>WU%YqF{#`$q*SsXJP?xj1GF1f zvGDYu{ZXge{>F29VUc7l%%Pr`a{8fFsKZ|mGt&Aklu7QOQPy@BB#PJ4ds3E|gm zQ&)I9t|f-wZu$r(&P6-T_)O=9i=pJ5*q*KlbTxrEN5GTGRZRXV{qOR{wOQVEK{(+8 zS&KkC5MZ_^WVAgYW_ZvkftE7I^>M_~2E&rp6%7J4-9zL(J_v=vFMM*m0$V6zjCiV!mxvo@i`$R3#M!X{$H$C9#5 z8K5~#OJ!Jl%g2`K$c^Pk_jx!nQWj)h^j(O#!tP#)_E^HmVkjm1Sr$@2j!)dhVjq_4 zX!v@GXh{7e<1x2&WQ6010&{ATNBnW99jE&J4Up#`9V_(t?)!z`PLH5(D<=*_>=bspI|ajIZjHN8AP3t~vHv%gJYH3WjvLn~P%ZEZ+ZpiZ`K zu{?q-xF5PcUeIqAX1widJZ0W2o;|*HWXU8ZN$sF=%W{vZ+P*eGY zeou7F#5-TNMwd`W%GWMy^&-ap3U=Ie^z^7KS}4G=WJr3w`96N#;R{S;fudm{8fk0n z+Yx5wWGj2bC$?^xNi;O1$o@?Qr(-Xn#AP-&`dGa3>mo-(<=1sx7hg7JW5CKDZn|fN zX+XYevTby#EPWW{Q$lrhaxo9SE3gQ2@$g98|0tRJjV>P_W*M<Y za$c1hRYu^vq5liDMkUkqrM{qEk5jA+_>gm5i4jO(eUoGw#d&vjMD`@@GS8^LjDa`D zuVW2-N8kiJ$Gc?SRkQk;UWIYaUE6Y@GlWM5&-e8vj9YonTBIaJ!MYQ&ls zulAKX+x|$UrBqO7U2s23e(6MY(i*52+#E6!?D}KgI2jPRNf-tJ>P4|zd?Xu@@ilUH ztH2Z|u(4rxz~nrM6KE6KQ4QHYl*)@2jg z-j?_Wiu-S`Aqj@V?h7e`kBg}y$)UK$MEu|h`McHQkV~!~b#De~?NraG_3`Td@U=WV)^vunkh9M8pqOye~hcMaS$F(fjrv$cIR;xdmVxSdOp-Y7!_HSF1_3N;fVuX|I zmsxnl#q$Jx!g+!QpW)C<7MFiS-M;#vVhB8N)>R3^%HqoLMS*7Oh9Dri3^7B1ZBfXl z)-tz@AREbkTBsv(QhfUlPp$`B6DONn;M>T-0NLjgv+3KG?#zz5( zGdJ;;`gl(zW4zsBK19nm7F?z;GdO!fqju;n9T|B_0Y4BI93@a&(rN3OBIQ#k6-(zo zsgw^Fo1eZ-9s_DJ0#t329CKP`Lfc!aU2Of8|FeiH9igGWh66QpuHa@xwJ}GyOk$wh zAsRY|E;zaXR9ecZCV)YxRG6EW3E#2mvO3C7;mQ!j_wo7cHMw_0&$X~BA- z;GUcB{C6KDum zx!UN)+-?CeVZEfoLv{>b8qlG%wy|bU+;CZj$78-ATg-4ADLz(KaKYcdbuzjg90}qH zovPPdL-%A!IclkjizpO|idu(H{9vMt=mb6i`Gb4f{;^1Nd27%Wo%N_UKlMq-@U8Z6 zZd<6bXD^C@^2C)RZt3jFQ2pl196Tlto%HAG&mi>(f4o{p5Yx6DCQCzu<|D8VC;2Qv zmbx_hT+~dx+o!kTZ^HHuzKinM zq#B?**XFytMQT&@c?M%P0)S!!KE8gCjQ*i6?|k;UulV;A9i7b~ zdY@yT4{ORDIRe#D)(`H?DhBL>`C8txU|<4Y;RPjpzbvUlz>Y#@J4wrQ`RgDY?#3=z z;hBzN@MZ7bM8t<@jS3})S@{W~t3}&&%lNz*?Cum=;$nH zb=|iv4F}tfNZN1s?%W0)oKSGawuq~f^bquxwc#JEmdbuo^SqYW0K|p5h~YnYf_Cc~ zx_5Fe$h~#Hjvf?&ReM>MK?NIJ)`8s~(n)rjBwHojBg8-Rx&_#y0ujbqgs48248dF@ zRG|>S2UGHGPX^xfIyKHM?t28p>rti`vmfn8?t_Dx;HWj=uc4_Dt+o;dWr|f%r)Xt0 z-#5!aB}9$#!gBmv6O>11%1u<3Tria>&?gNwMB!Q@Ix+lE7?DdvXT+5=K&cX>Tw-Vs zgSah_Qb?urTN}}t>LW!QXrtt(K~5* z)1bgH7>WDlfBGt8-t z+nAjUC@T~stw0|%m2U|AR5ypamIL`-q-}6Q41cBa*hx=5)X1#679ixDpX8UrTP}x% zbu2^-z+{Vzr62b&;~t(bsRmA-KAry-1`RBD?yhfi?D=oS0fL=tj@7p6&9r30XK5@{U=O5|R^aOI zxR{g=SYF)Nhuy2TSEsweb{jB__4qb9WZz+B!Pz>>2&*q99V^amZd6{RlX+_(lr2wE= zp@!i%Si#n{rQcB6R%4(ZVw2k1Kqa=tZ(?eXSuHj|%Hh4qBmq|8y}1ZTQwc6A%3U;- z9!f!iH;Z=A?dZ<++ecTcTns5Ud#8MzJVO_0&xMts@Hv_u>r@TM7BU?xjHiE+`Aq|# zr0Mxe4~Z8(S~YTUuevxFx;}(uXhxCUL{iqZ#Da}hy~!2rBrw?q9R!c{K9WXPBdXHi zUnWiy!3iUD^Dfh=7HxfT*=4Gp2_4{H(t;tvpDkq3d^L@Fyw#fDupWvwn`-!A%2a74 zettuIqt_ifXB+>3D%KUS(X$crt;5B-xYjgW=2;gz%Jcw;3ROC0EE=n()HyyJlgq2v zak5m(&dpK9K7*5XhVgnK!gIHAnH4>_(krCHC|&^P?Vv@F(u9M27MN@#uTded|0KpV z^AR~%A&0gPmpu=;{se{8$M$a+@*Tz`l^~2*CoD*2J&|&ZZwr@o zD7UaCNf6zxHsajhGmd~+u9IUGoj=;VhVY2B>PjpE7;Fk1v`xC8;$|?9&O;dM9_eXP zfR7n(Qqe^to^7QodQCxawOz*dsl96;8wecMK~D{m86`Q|g^niSe5x~doPr%!G76;Z z4f>rV+`iK?w>HT|cVDVjHPAdx*M;gFb5vR2N^S;%7;+xH&-fFc=14{Odxvd_*=F+R zNh!HG`ST?*B0Ojb{6&cLHRcgw1%E-dNCz&-;Wd0pkB(cQ1q~=5aO>)3oe+uw%0YZ$ zbH3rI#zo@R(V_&=du|_Tk&W2s&+*w%H`l|^<2BlRhh3!2t@|?Ml#OSJ{X(yC1EwJg z6`ZaQ^%zA|GqLevga-J`_28&`=omnr<69TBL?alw17~EnNWxh59e*?8A_^T?>^L5l(A$O2{^ zdo~AM6it#11g=>QS|2BXGm^3^6D&9*Faw&t(wkAvHe(S0h}YN8G^wjvKDvyV+z&8ZS$c= znYU#rDFZP{7v#nEqJTkF7#~9yL$}Lx)ntr!`a%I-H&}R8o}9Bygi7mHz&|rtMx57n<^y8 zzO!mUn|=%;!RW#o9{b?-U*ReVTp@Jo`3_?_JNjD zsK=YDYLwnVhybG_JobJrqs0@xXpExk+ebJR&35$cAn*pG7A=bKReEL5kg#p4l#9}J zxI_k=t}x>$00Sp;_X9+(9;RUn#YN-`>wpwncf)_TQ8ToY z&V06?AO^C1B_ufPP$B{IZjc3FMEge-($&oe2@VfI|4IP2W6@J6y2j`VT#V|v0J39} z8Gkd8tmeCM-f~kn6$CS^#;AHqZuuSq58Wo;W<3=E{4lD`4N_D5OZ(2pmQJ*~c-pF#4%dW`@`F1bk}>9rm4{ z8dG7@qH_3vwcN~Y>@{Wl!n)s(sh0^W>-J5=-OaOfuEvb0+5&3u0d3 z{pTl!Gmei{AjEa|fW(4DuJgDDHPykZgzXX%q5s!lh6Npq318m_I9Xn*sZzGYOimYA zriB{eYc=+MQ?GpCDFH_Uoovi>wPPO;fqoabMThRMF~?y3#@A+B+X(w zm((o8v(Tuv5+wEFV%sJRw$XBzhqtH}5HRMLot>>`ZVwAQioR4}0M(gx&h zkpv!^5-#@)DPBc_>+ZXL3!#NYEP5#Nw7gtT*nX@=jMK_IW;JV4U&cMOXTp0Z7FhoH zY<@}k2oGdEo_lBq#c-~fCb zx05{LZHd4^4dldOuL znz*6si@75eQ^`|l(?oM@u$pptG*qY4Skyo27;8qJ3qcJzgxsKkkl^x#`3(;v`epKI zV#jdM4+X%cihrC>T%n3>Dp#(poMzC5uHC!42E#|w+_g+uNpU4=`;e3wI%ivF1}MTx zFSa8x2Tk{YVytXDMkB~HmVWsliUcEutryTjDI(G4`>7oJQ^f@?wyCVSO{8?QVk&gK zj4N4G@W^&IO53haPvyjky=ag&Ym)@wC7FU8){s54j=O^3Ux;dblkkgkoMgIG4$T!0 zAu8HVPrh%KpkrCbNuEd)grZjE_S4K=j6{_gpEb@Hfe>v#jK~W8bb4E7qZoF97N)<} zW2jS<%fT9Ic*|lQB>+CjybjYUWg>^R-g}V5I{4i`iu&i-hu;k!)g&wgC7pjQ7 zc(wC$#|?TbP-;4>#xU4gAw^1GOOQV7I}2riYo9}Vs6egM@KI&}POtnCabvc{);zEA zqn_c98iS8B-5`Goq(p(7;-by?38P!kSLQpDmU<0hF~$Xs{$@anw@mGkeS$~4i)9vpLlrm2r0Ar5Gz1Q*>|2ldFF%aKI5wYk9XNKWk!VhRMPez zTZ%Ek6g*)+&mYsLGER9ii4W8^3F^1Ni3BSqOO79ilJ%EBp^q_&*ibHhQ za?DZAo{PvnnJ(9Yh)!d87%`5|jhu|GF0r`SW56f_{2+<^{p>#^z&Htkz?yqhZ#jmh z?=$O!ecoSgCxAqVE={iJT#|_W--v&?Lwh5l|4{2r?5X_Uv;F@6nSwQXzJoFw(0`bJ z5}Y!$Qq;2U|JLu}BF~1-%zqy4pSi)P{-1jXtR(**uDhfR>}vgwyd3IdxDkQlb-ep5 z!BDhI#INiskL>@M69dMchU$8DAJn)-i)fSjUvuKLX*x9=6gS^Ie(}cj5o`vwQOFBg=(X1Bccj&b(!hU;cMK6YfyGU}Uv5Vr3+ ztw#ZT*bq2z_B;L>>#gZyE4_rIyA_vLv>21F{}IKy9WMU5RhG72uuwv0ZGzUhN^nS} z<2(r^2K`I;)cV_(dy2PzjGaBoHb_gY6;CoWZ~2yV+X(3B?SUX|YpXLh<4-rsX|i`rMvCTkMwPpUh1+d&*R&!SHI-%61|ye(hG8>rE7kToQJ$KJ4!C8=Kvw5wyr9FL&4J7M9c;D)J%R;XmlllxG5e)s$dfo=; ztR0>8Kdv<)DBQ&FtSz}%dx5hlW8dPp@zx_6sH!oSAARIU$Xi#HTbGP99rat_N+P|} zX&K}cV)(V=HZYm)?uO%<&PsnjhRc`Q_j`-OY2`Dzq8egv#$8KB*zO&f-$-J;_;Zc4 z@6An9@5fI6`68g{7$@Si96X>PAS#n#+W8>If9k%~tg@NMLvsyi;Nn4K^CWDI&~Wfy&kKZA-b`HBGr^Io{8)CtWmchK^V==4c8v&fV5~8 z-OVi;wiq3HD(CIIb-_{evI>z#bFjcJ`(Cg6b4w)A3*o^@$$$5t`NV-`m3YT2W#-wp zB$wp#@*9e|r#zJgh1Hbyq_I*6R_4nsCw^_NxZ7|~|<(t+k z>ZexB$4&^XOm=3e@VE*u>2$12(s zEIqmm%z6Ih;gI_$LEjJeFOTxrS!?frCHriPQ_i>9s)h{Y^-C;=ydhLD2)wnGFhs(` zyIa3JKdF9r>-j6z{hkJD#Fhzc@H096@v3F^I_KkR=2Tp_e;ICVa%UJE%XJY^)Rn$I zwrmy3R6kSvog}xIXEju=b9AO`A$$pYM)K_aqn-&xfM1pJeqO(em391?*N}FHFEjHv z*u44}Y_p@RgUrJE0abI@vBw*NFCxC50G4_h+XW(%-$%K;djK-Z`M7oXQm1UH)Z%Xb zhiK9HCe_=yQGnT`+>!bxUqQ&LhM`_lM-?*9CJ*{TPJs7rL^lJEejfz1ZgU9ZF*3}b zMaAfchYgoI(;j>$V50`IdydJRhsphARGraN`9U{u+{m#dQtjdp?NUNr7UxKUvQ5m> z!y|s)V?R$m*L0Fo-~E@dS+C7~o)KWyOd})(4^1d#YdcuIa$yFZ`CaAOYxLzEDdO*k z#q#i#jYVaN`cnsLQ38?oTXk#UYv3x+m9P886}gbXhyX8_MIH(glZAZ}apys%gmb@z zHljs5W8A3AF`QHKz< zf+9WRS7%;a`WUe3IsHgs%3QqN`8n>RHu1N}tgZDutAk#z@}5an#AgDuPpGRC$(l+_ zeVsXpRQ|OMXyy@FxWr>WF`JULWmv>-^{7MnTu`Ke=2KHQ*=)$-rbd+rjxT15_Dwz_ zk9ipp*?)W2aJyyknQ?ig413kP|G|sXvE+(Can{sPzs}^5H?6OLkoz`LM~@ads(sq?X-TZ+iK76KxN3{y_#HrOj51;3Zu+9ZTs`%ZvGNFY3oiJ$ezEi(qm0|qUIP>{7bes?%; z00wN=bVENcD}`y_ZHFYpzak9D}$V5pwV%Z)m=sUm>ha& zBDQ6FojPq3XLxb=w;g-(@LP(M=fU{^Pfas#wJ+)E0?!C*N--;HqFHl@?1nbb9cZ?G zSn&uKHqCF^s~RwJ3nz%qW^&2)Z0aLB`Tntqt<@{(ogS~>Ms;W_kja)P)2yVks9=27 z?w{=VJ0G(TwQ+xu`}F@LWgAu~d}Z)g`wb{Z!%9A6+BL5>Lr+QG;Ja-bnM69TyKcVSJ{>+V z1SpfASZWV}%JyN;+BuD&*-1|$GVo}A#)F@x%c~P?2b~Nv;Kb^BT1M9APT9U$=S>Y_x7ct$b608cv~gayqSFFF|m2BJt^y;U7jyh zV=>loUZstoV;)$Df5#=BZX>AbsZ(}O|JxL6KSO%`z5020Tp|eS{4GmdkYS)6d(1cd zoJ=F>%+9nE4k+oHyfNd6;S9@qZ%&@6WC^!r(*dWPa6QYw$C5FRYIVcHKQSkN?^rV( z5RN}rh5fVZD5lx;PV<21&!;CHeZ(AE*jkl))xv$4n1NB9oFEN^OtXlISC->3-`~6Q zExAYX{mA5~%=+a|X7LkxV!!I9$9)DAVeg?yAf!Ljx+J(Q z`;xu>DJ*RBX^eHPEIq5%-bPk*YemmbiD_WD`m3||q3Q2ux&b${m}_4Y`&N#DR$iYP z5tlt@VeB7`Hu?6$Vm?{I`|Y1!%$D14Z^%|&D^Ty`ymy&kJ-Su(>UPIPsmhDJ*B>nm ztuBhH%Y7`nr=xD)y1q%oAJ*Ri|2&+QaX|e!Sn1|gkiJ0pr5j_^A7iuYRM*RsUUapf zwQKBzPM2)E9KHvlN*UJhm4oUqK+abUPdi(zH?Po>e?%6?;d(celK}Q^uBGt6>8X9hrUTm4nWK(MRu$ zGkx`darTFN?15U*X`iY!>}8K1* z6_RuOg+-rGcZ>nd$!ZoXa-IKVH(&>KHgnk-LG9_dLT<+cOxx%eB1`3s$roTh5->1K z1TYr%;YbH3Cn)VC*elmaTzKQ$chhUsg+TC+CXiCiEsKLTaz9wNBtUo6G)nCc zUAo#hJyi)8`*bGeXYUDvumFSLrF)Wy(Zl#JRYEGjOnIloooaWz^|cE*Iu@H{D-WAJ zkDocNvGs(QZZqubG-DySb;C4R>{yZ=d&}$L6!OPJ-5K+s3gLP|yO&c!7S%C-9a5?( z;u}%Ycx0$UzG6@{LM4)6-7bsWDzS&enL}s#U8-Nl^I)cQm6ZYu<^53u*=-b~DV8zr zOWSMh!RMlvn(2Z@*WHdL>aNz48ChRK=^M+@DYoLesaILbcJ+@3~vc29P1YJjoZ;6S?B z#Os3boNMnK)~-!RW<}f=33OslX$!lZ-!(h=d^x9U#HP-h8?ii&7F0{R{?aE>q@$z` zr!=T)%-_^)%*+-d$hWX`$6%&@|!&dWtv)!sl$jHCLK^6d(@aPofxthytR;PG1=-P+E5tF)4RN? zaaCW~X~J}A%GIH$v^1qVJGh}uYwUHX?6MPjWVKZ~weCxQ(xUGWU$2zGBl-CA&Sp#g z#0i(G?lU1!W08X=$eN+9dqOts2Tsge z?K<4)>JG=zb4Eg)PvmeFT7m6ldBf>}{M)y>euZ2UznHEAh**hGRRQa&@az%)4i%nxTK0SnKz5`71}tp8&==6`Zy>%c{n8jiQRptxC(bVJ;O`8a!pXK zXnkvVqT2kB&J-{=)OqJy%KDGrTs|Zl6&LrFj@78Fd2Qy<8F>J+3iXbT0emUHs&9 z=P9XNzsgaIS#@^YL6#VA?P68Q*%WqRJrg=;W)T@4UhhW~j0{F_r1s*E)Sg30F?K)k z5p4e8C+$`*QeISV6448%5*P){OI`QF&H{(<4+=kI;!-aa@(ALOyC=-OyNA|Ozpt6v z?OW;vxdTecM*4`;v6qF~B}=yzRb<*sWi7;i=2TP!B+pid>(E}rlDUj0tZBw^U*`4V z@n+K|JnWl@wAbnz+0D&;_#`pTbx`|i+SQ~uCAEi6M})QdJeDEDOmLOlns%(IA@UDs z8KygTATJ5Su;HAyMmIinQ##dow6K>@w3avix8%Xa?YP+IrhT9z0^`sRI}a?c)EQg& z+pN#`)Ut4Ek$c%^U&}?PRp6ejzFE6hd9D8eUEg z3wYyLibU!+-hZ%N09@Ofqt8|*E?v0}b`Ian>?EI`ZAi41hLk>{K##p{r5;=L-svLdBZ_+J ztJZ0A-|}0cY)^DwiW%PMDwtGs2+q_2N>a^&Ak$f2EPYbNzYSYw5lka}YAU8kPorO& z1Iw5HB+BTQhqQVU27<(bUr*7BUGTqOsr&dO&8-@?t6=` z_e<^eDpEUQ_WyxkmZ_Yx<2T;R)W6 zvCS77!}ph0-7{T&%P!hT;?6dH(fRRYLe0~xyRb9iscgeg%u}b5q_U+Y$kVxBnWv#< z2^_p=HQdN3SbOSFk%i2Oxbrio5yg9}_!Iho0M zTkU=oH>P3uVo>qVa?8l)D*-whz0s2=fw<43`p&j5xH*=~QH?<9o5tz<5|+1K z2&d+p^y(L|cm3@I4Pw1=Ip zMHDs1L`~Qqw)$Wi_A2a&+{SAzm6?|y(>lyLHqCtO75aA|WvxksQdSSYU|?9@9O=3C z-205{Ifa@}C#%g162Bbql$kKlkY3Hc{KtNx-lNY`p`jvlBCb0yX|uKZc)>`Z=Tesw z@kpHVvSW-0-i#sD2e^CU>+1yi#ju*=77FIRY@Ii6(Ydo5xVun#-v=C`o1@EQS}57{ zo}Q@Q2oICvyVp6?U#ea9NNuBRNnSG9mYuBn+fiMsG(X%Jw{to8N}a$&>s%S-{?|8w zPB$o=rIfQYdvH4HM%&8I3qbvKbIk#u1Dy2G;e41IayK!{c6WzU=moZY2LkWO3I+l-(33ED`7lHVdc^|v* zrE=v>S)ZQV&camxH>VyWFVFx4*RO=nXqtXDD2lTJ)s@E5Q&O z5fT24=#1J3*In35$D6NeW#Oy403f3 z-p!J9`RwMVZbyiyMwf8Fu^oF|5U$IBw(^Qq}yDndbZR-zgszP}Z_RfdU$oi|R#V>YjY zlN(s}*gr;FQBlaQx{qz_m=EU}S7Lv>Vu=Ezv*pb7_d`@`F%%<_yZUX23Q(Z=>cg)9 zd{F*F9~TnA&)fa6Wi^*{Z2Q8;L3M1u_?jJ0e+!8j^8eHyk7YX}mjP4DIP1JMhd&z{p3bKNn{?TtmtHF&P6s&C!2TDWi{v&v?0EsH)e zYQDn}0kHfrq%3U`eB};wAixq42?=g;Hgb|5kH?U{K%pIJIzI-RjPix1@_~Itf_2P* zvp`xr=QXC_fTv1ITo`i`=Gv~KBnip2o}iGB1-(^WBYtAUp7f6nsywCR{vpLshxH$x z9{E0w)&pPGU3y2c6(wM@S>mv-SPoXB?*Nc%t?grOLNeLfhLGIyCOt;cCvJVqxN#-O zeo{YDcI@ko7Q3w57CpUZB&WI4V1JM-?Rqc2i%%}GmP^O6JBAma6&?H97p*~qJw}pj zZ)+4=HXoMr>+Wz-X08zfr9rCSUL9gn5vn?JhA7i^4Ik6+CejCVR(DUk%ECbyVKmaK z<8ct&uPUNUnxse>xjEfneEedg(J(Vh`CcH@ro7eT`yXv*uYp)Q+1dWt>&>H- za!-25q>TWFMlWaX5*_%(06l&mL;S*#Wj|#is(y7v55oeI6-|0_lQGTSeo1}t^C~C_ zw-v43@1w|Ylx1qG6O1_(?|zY>bdhMu{zmOa6{xDvQXO^u0|#PYKRZaUL}@eF3lmDW z(ZtJI#b3vNday>iIA$-|@pP8|xJL$Y9Y36N$(w&IIo7P4W0oH3;GS$Y;N->?qQD=u z$<-nI2oS$3ux10O1BL3_r@BekASNAN`@nJ(i2j#Xj|PWtsXydKvmi05k7Z>-xv z<2KYW{kmps9R^Th@d>MVc(iW2p3}YCO}ED(x|tt=^{r@|IBw?N`i2-4fCu~N;z)dO z&6P5x%ZFGwTziuY;CVEjyU;j{>+`)9JQeP}`0MEsdTLh>l98&9;_c~61#?;s8VLzO?tY13L5X_Zy)nr%?+{;?-{FFNQzBWgU@1p$F3J2!YaE-r zUt3*6abor9R3w|4eIif}6T0MJWqq2u2B!8=@u7RP>$y-ZM;0RB0bHZ|l*?6{0QTHy zT9{m9jL~+k3zF578e6G@?B=vADFT}6E^m~~@2@^M_9XiLq(c#BH*Zp4KwTDcKJt>W zFr>0Zp}qY=#`)u^3kH#-sN1WD`xL z%aGJVD<@@Se)LPT5$G53O=0qR&0+T9Ij5wi=bfMOW$XHr{&6~@-Pb9pyk6CXAZMO? z49l|}GvV`O*nWygfrKLW#e^4KtDCfc&?`+J`1I9+F48izd!Db#M< zgw}p#&BM_Pis;}3rtqABujZg6qDG`YG2D5Qd7#NJtr$em2d1F%XW#{fD}NFfnuCgL zS2a5sA6{iUIA>{%r19fM#vpC}NL5Ck`DY#QO%xoBj?C(pe415@pT>>bxPD6QPH0E7f5(aKUySurVd7!mZz(=>)3%{l=!1L# zeIYf?DhjlEr4y#~g#F_5!A7r~71h|t&ujr6x^q_M`w!vZg89Dy^uyAN>p+#|G`*Cx zbk`nw$Afo1;|t*2QN3|Ox?c~2%XkAT$o$XHe);((cI>TD;||V9I46lM1}vVi{bc|^ znGeSP$EZlk{r{C0(SO?HKR?s|3m>DuXa3)u%LX#_C62Sk$=>QKIN?OS(JbYv3Fm4U z1@Y7@{);(3E4;MXL-uQ_f}AU^7Qa%UTZAcT+;5IPjT*tfZZ}VVN#E}t|h6}ZldEcCZPFKBg_v-O07%8Y$S5djf z7Bl%e+uuK`-X2t(l$S)thDrT-6t=yD6$AHRpK4nEsqDX8=tJNO{YD!yThn;X2z0l!9~uuCPc8J9rzx5cL~S8mCyK)+VkavWyk|mc zWf6Z2?g*%`$6?|-iz@5|R{^s9 zR~&V#n3x2Y=9vNzIE{+G@bbA;=tK!!ryI|1bn$OwQ?Q=-pb|PYIhd{`TR6>Q?B5-} zooR0(Y}WYPcafQEp~aQW6MBch3^^Gm`?2MgFWJ$~I3xw8Az~GcVM5A3AFah={CY{` zVx`tgO4+9k5Ooq7>upp$I%Sy5@#|pt_H=zUmZtDu+De?S|51BQAG@qvf})O}wE0U> z@IJL}e*$LPGJL!yj7Q<^P5EUgjgCNB7)r0^tSL4f(O#^+<3=vW>74;XBRqS4)oaZy z7S~v|kYrKVOVKGj%iPr}SZ@nQOs_NR1UprCAwDf)9bdV!RrbMSERYc#@uh#F~8+EHi7J|0Nli@}S0K=WUJ+Z*LV7 zu-HAB^Myi#oy5;Y^KExcNSetz@R%+NIP#bJM7cKWOk*8(->M_&c#M|)4Tco_kWuHO zdyY=@ACJ93eG(Xyo9ppyq0N=#nG&mmGq@kJB1tD;9d{IOmm(MnZJKJcdvDk2L&4YO zsHX%D*{n{R27fSMUhBDij`_=`xu9~9T+_za-y_oFATvHfneQ6))FW|5bU;drziGSJ zj#pQkJWa}QBmTkX3oO;Hdm~cjD|Y*cu;H}Rr91sP#bW5G37hE6>Fd~DDzb2b2CGxo`_yMcp<%oK*#GR%j^+fZx#YM z3ZuI^=XPDT+n{A4?S$`f0C841yW0thSrow%{)DM}%BPCKQO2&cV1=T75tVski+H(9l?lu>Tcv7zri zx0lzwYv4J};cycaM`v4Qznw=#6i1`^cM2!kxCWUw;yX-FVRCoZFI-8xJ@-tuJ^bvj zn!WrJwvC0P>4Ei-vr#$eKXJ#FTuVX~M`*HlO^g|kciKu+0{(fPP&P8Ysp-*JhQ*8` zvXJ4L*A3Scp$h{Djo=xW#nXZfv*Pyr$cH3jAk((Qmf$ZHnwb^sa)RPd&IrG1jE;o` z;y~Ylx0LTVDbCi^U$L8Bevf;2PMt;{-HLtx4I?i|pp1;B7p0ah`aJ7&t1x|GB+RpImU)tf?a}Z^&Q8#{ zYnObTpq6A>nW&8@fE>t%FgTbTz;jwl@UFZ^j z+=vEzaeEl}q%5vx{1eK`*X}`2K1=n`J&h3F_}sR$|9s9mce}m4ZLl;d}>{)%XSo)JQc52w02b3>vargg|~>C>8yk@*KLX1f;&ya?u0HPxQGaI9bWKMVK+ zNYA~JzCaAWb&?lu_Gm`-@nf_@{UpH%@P@udnZ&HOyw{rNPrlu!$r6pvCk za)Z&+?QO32(NeMgFP@}~aPb;=v)C&i3-y|Ep3L)PGjLP2*bOo}c%?d|Sf_;TaLy)p z2Sx9ET=#Vu**7n4rdAI{?uxGq_mt@+@a^f3VFJ-Q#j7`1Q6GV%*JUJe7*w{4LH0VU zL8r8Q-4&lGYHf`lckvHf8!_{(?Ip{au~bTQYyqAdj5(JB$I?fj zU%5M=hCPq2lf~lSX0#X4i)7qxFyH=+TNV?mHxyExiXK|el6XuCR*g_4M5dZrDRyy} zBMFQ!S?p9xndC+JaV(RTdP+v*=L2Fgew^-gu=@07n}=bi=K~Ao3?j_vsx!Uvw=X9- zsSd9Fo}z^R>32gROC<*C)rY&SNd3ff^?92xWhdG-@{_jm-l|puM?H=r;Z#AHpZ)*= z=gk#{9S+!m8ixogved6MK{wPS5np^FkuT&heU?ZRCgjbhd1mT^-+2pAFF7Ht_hd<} z25*$-(csWSz*qfzMmOq6RU6@33lK}BC|fdgQ>@b#*bNGtI{L}R6Zh7L57^_Tqqbl5R8+_xc`^=vtqC1Qt zs~LV0is+jj{f3SAr*J=gCSg@SNp#+#0kgBZ8rTyh_g94XIT(5~l=-7>Be#adQ6|6u zrVaC?lL8m+BRv8PXS(j|F|-^HqU~^b35)p;{0TcWdLXv6%iI1Rl;2g(yU|?IvcrP- z`f8G% zlBvKMkf@@1TowyF8M2a0*v+^9U-aRBwR55tTdak1_|DGSIiNx^_3{O-%!KW zIQ(*$8=R-a$Td^ofcEZ_=UeP3&5QiaOTj9dJ}lE=EO4gK!0iL&OiLY3AeDq;P$q@oqreId(Vh3S*66C)X{r$Fhk&-rh3WVp&0=jRGBi)nnYf4FP$UxECO@1~1%d$o9 zlagH5F>9QdoAcfDAc+s0g*GdR2qp{U+ZXEHpQ-C*MdfN(+cpUZ{9bs>#-nSSyF*eL zy-d!Y_d)k>XUVS~LOg6Dc{KS~IxF+dvJzh8JT3oPsXie*xpt+AGb@1;Lz00X^tSEe z&2ki)I0(>PbIl|3wC&?{fT zljR>uM|)XslklrhoNHsLqF-LpCBk-^1Vn#eX7~hpb1dWbFFhC z*IUI$ft=D#6~1p7Y16tfE@{6nIDS{`>s7xga3`5*7r^rAt7FBsMMr4Gz{CT{oi9{Q>O1~&$fiWg?ODXH8+W8HVQ3_V}W z1|JWS(NOZfGRasYW0r{)PgD`%lmIiuKq2-iMR;TatU6fQwiKn8F~u<9=?U?Qy?UaM0STX(Ew5_n_?8>V#a?? z;nEcEUz9TVZTh)67URz=WzYyyz~9;nlxdE8c5%~akE9NrS~)>aHR zibMqy+bmZ0*^@Kun^~kytI@u$>iv6*6tD7^suC{d#zkr%$-#KJ6sC53N-3J`ZsuZ=!$4u^j^n`I}RZhz*r!H7l{F zlrm)#Ipz3ykLdx6ZH!Z*tU)o7F&hKYd`?04G!+6-&JO5Uob$q3xMcrCIncAa`8LBB zrnH+PJ4wA8b25VkNYXQCWt*!2qrWdg?2sl&<3y`1js#i(jdVO5 zBEGpxj(g))O@%;u5VEIAhs^YnqBpYQs}CL~4YwRwJ@N-*{A2xc&V5zL<3IY&H09kzvfzZ)-@Iy02_iPr z?;JC|bhsF>-^AP-SYZ7palc^yk9Og~5wp7IoykI8B)=(=^|8x8 zcgKZ-W@_=`jzE5jIq?6QO!GygY5uQ-KkTpSUE9ZBp{)lz^Y(XK>vQ z#{`4iH0nlCe~jJ#mRBCQ-fPib_kaP9bY$8(tTX~yIj4z4fKUu;XYT; zw-sMR*$MsWo(otbaE>6Z^pRyb_1H(7Va^0m?(5JQcU?gleXPj{u;$oL{w)Lz_>Nzr zSWkgDk5fZc+t(4fS&fUnEyO0Tk@*W|L0{Efa8aYR@Y+h+G-F5)&q=hGS}rtPzCusv zK-1QnBjI;Gej9MPExQ6m-DcJxY5&^n-?q$0{gD%kS|Bo4VzAYLnoxJ%Rtgs$_hY>)e=M?>ty=VfLJYJ#tvfV+I5~ zIC@;uze^vi5dl(K$A)%&`WTCC03ec8_bU)~KEL0a{y`_tNW;t4cUm*I|KC1;=J#E~ z2yrGJ3r>i4Y-}{abGx7ELpZS)hwf&cf7&6y%=RI1cP|ZRl~2|IQLYOSPkJ8a>&@XH zBBo`(H7F<}3-oL+n`rP>*C^McIBBkvnc7uNNnAmXbuIN2s z*h%)H6HZ)oWfkjBq?P`+J4DB_U#earKDY->HE)gk;iM>*f~cu{gSx1IVcFO%DhpJM z3$3&PN;X|@oEL1J=kq?7%)Q z_$j^%y2=dZ(?Tr9`Kl~^6NGF3*B!@S?x@{-%WY?=K`PV8{&~hOw&?yw^4UB~{Fzw4 zGq8b(Z%+?C@q*6eadTA5l?H=UbHF%er@oH|(;({)fuEH(mi zdz2kk1c<$o+e_q@TED#lxgB=SQz}Ae{TBjwY3_@0CxieV zOF6c`RT6#!$zG4$lQVA#`>4m*_2)W=&)p`CG8--mX45u$Y7$iUxu;Km7XMt0edxL$ zH46$gjNQBD;je|gx~R4B&sSgTbM)4kMBxQHusC?F6G^3k2!GGR|El@5!H!bcht%v`GWBEb*l2^cNNVt&;Q|;NoR^ujXq(!Bdz7Tmn^iODHe|pKJ*HIn)`)ym zR9>%c7lklvZn)Zft>w!!sswcgT%Vedh?>(=`rf$;?%cA%4iRcu2*doXr%n^a9lgW_BQMp z8MJ;dzn}t6fxYAl(JtABOyl0P?B4hMl4o) z%V56tZVtZJsvt`4F0TAjC;&wGDL#z9Ve?DDbhfI(;`H?ipf zYvNb`(YX%bI0J(8vEDk6w`@7@EG*dU^M^G+4#r{nLl+w>v(nk{U0O)yn*zLvrc=qsIio5*?k^2@7wy)1j$-Hh7lf6#(= z(;uX^vBN%CrL*5@l7(wB)t(@GCS<)~A}MjWLu$hLIT#^w-wKp3?dd zVug)_E@u!zA|E5&xt+T>jK5+*FwYFS_b+GgWl9QJqi@Z~>k463McrRJzQ*2go;Eh+ zT>ETX)qL$p1buw`KsC;gj@#MMm09+bEcelnd%VjC5LJIGWF_P>UM6!J%8)Ls^aiWu zLt94GgF-XU{_(v1t-{$2U+Jll?S=MgVmkMEfnYY?wJsF{#TuPcll2(cz(aH* zWLwZ9O&V|hWSFtkFu*vr`Nxe%$OswaQNTeq2aUcqv-aw)sT0CF+tBIbboO%vXWh8$ zSy_-rw;I;|?lGz%F(_>^j6H#jK4w9X$F32jjrZE@Ts4mb`wrXjlq->CRDMy)lrFZJ ztQE;9jbT8evR~7AB0Ciny=k*I6ZJLO=LKoqD4|%dNPJtXM>*&JctXc4Y`qtIoM0l; zCg$8aH^$DiSCw8WffB?f!w06c2j?2J%tgUs;LEZQ&c?{>*^c35jIvFN zX@j=j&$2OIeT7_(G7=;2!OKRXsXoTh%NM~qkLdOL*5pxPym%us(r4~fQ-5wLY@^Rc z_!{-hO)gVSX-}^7Xfvj{_5>{~YXy2d^W7))<~S-UA~@CXNr)n^6G|okeN!GFevt!# z5>dbqsWt7$_gJA9{mB8E*Oz0yX>yU-VoODQnKBWB)K$*D>1*LjTZeTQTF8S9Eiue{ zFCBJq!SqiEmKsYLhzFhaaH|Mjw{3V55x$V+X3fTa%3YkOQZz3(NymP&QyB>7v6%hC zqtnoa&!yxrfU)3%=%7zEee;V?Wg$bOjCa+LcYAaV(zu^acw*N)cpN4<-b|;GKUtRI z=qGH#;R>S%c8$!RRTVB5cI-J8j>7mG9vhG9Lo8+*-;>Ukg?ooqRNiZk`UGvvVy{aO zUFrrC2~U<=HbPG@V>0AEJZE*UVwL1;wX--t?~N8dzozmFDtaliaN1Q&~ z((g@rTJ27a@6(|>6Eq3TDtHYphbTwxC4g@a^V<(Q4f5-4tJn9a8iT}soyI4S?h^&M zzDZ$*i5w-tlII@c^n9zpBoF&Tr4sL609yxp*0UA-pB*e|2QA>rdL)Rx`?8a8!ubU# zi=!>MF3+rWVYqg3Z{vmka*5o@XCU9YkoA6$zx_4^%1115ER8jai`-%8d#QWRUUFvd zR=!#}a=&)BbE_g4+H}15c?)z)Sv94kv{Qe1S!(M5Y=zKFgCmirGVhQ}5C=-{FJ6B1$+kEG_ z+nXb<2B?Md;XrHpz&nLsIE;FMSC2*vXMLcsP$=GpO95RkO~E8a*y1(Uz0d+BuCAu> z0tSWZS+4*p_GPPopQtQQqf7(tJM(N${3A-vnLIXii*m#@kiyqs-9Uo*z1;g1^NBk~t5Q^Q^(vyLs9uO@y;*5MMGJi4NI%2XE`5{dhI|47gfl*QVWq-N>x@NC~< znSD(xRP)b9MsW%+`zWy=Kydk;reJmX^YokDav3pU4K3v?ber%>ndV^4r*BgZ4ltSH z^)?D!KKt%MFa#C-yawh;y2MIVYWnzC02{qCn`d10rKPZ<)r=NY6+!)^bQyKV`(dqWGaxQ4s&T<%WzC(#taK&P|0UI!X5Z3KLtRQN zF~)KgqQRg%e1^|DTPAb0CY0XOB}5Vq1Yzy>#FI$i2e|w_slV#5*wk03C4nS+xt5!-dI8WV=LIBdLmJo=ZPd`6no1D z5lHwtZ%kkljccsCd>dC|>K0E9qOIpE&W%N`?=@PR@a_J5Mf)`ZL}Ts)FS46&48*PO zPhNVyb3kP90@LwOqpJ=!o!_6IReC<tBq~6d@1953S#-a~Edc z80AkrgRRD-lHHnIVk4a2=)B0G!F|8t2t0{)mTr2Af6H@tis4%?AE8hLXNs1*?rDJd*Hr8ITjos z#)myuue>)S;qU@L(NjJ0+uxew~c;aLu-6@@O z3sHuwg;Y%fH%}FXg#+oS_)b|4JlTiXvjd__i803k<)=FbyA1nrj&l|UH&?B#H}#t4 z+N+jD$&2i-%Pm-z+dz$Vm{B^>x}>b>GrWM*th29RRD)%_hM@s#MTtX#&$d*r_Nk4 zsV2Q|d=3pngn_3iJv@9-5MgG6B>h%9^>MEa-ja@n{7X@e?#IhFqjt6?D|%%KJb*+> za2aqqtNj6~J=(6y;2mK3=<9QAdXV;NlYC;kO=DVHd;R_GAM||F>pq!u-UiYpzyfpjAbF7yQ>kL}^VOl+U*C^}sH?crQf2pQ@&6M5YpnJcbm$_n`)0!trzPRYPpsmGH z4NvR6r#^??rBmQ_4I?mU8{)STf>L%_}KVJ^@g+QG=(@ePcL}La-YZ zne5kC4ktv@frfrz_R7D#J2LztpKQ0UCD8M%McK29xLa1&ujoBxo$ zoGjP>5WY^+sK-Sx?D)%^`d!Uueg{lCGCqmbr8?F0?88LWn|i^Cb~nx*>7pEq$ohR3 zXMs*W=H?quBvyNL8HcP7#riEG$UYz8cPfBitL7eW?ZMf{^eiP^;)Pm!56PK^5{QauqF(W1qIznnKJ7UxV!8J3EhaZ3DdoilOd|L z@D{XV)5JOI_X*R6fgPS>i8-nyDWzaUmAiu5s^hDIF6xo}6RlDldIFJo+Ud)af3&gQ zoi4|AH`Gfk>!wj_=3tY$0!iDJzDjx-@@iBp;@rM|AfFBqvg$bN6Wdw?F?Mh2I(T$u zrUhaA7I3gWs^7gjq?Wa~*n!TK#PQhwQ~nri)r(qKSbt6_sPTXt5IfF$)2h;${MhN1 z5qcgZYQ0+mp9r_>2)m;e5$2=xxe(vxTTW*d^+h17(Uh844CDte5wT`@;FRw;SDsG1 zFW4@RN%q#Vhe-9rosd8urS7^>$|bPQM;=*mJq_tZo*l^|_C9q9By^dq>eBWAt#-E3 zAa@?$#9J4OaCc)UgQk0js4Yh+Yc}x%go4(Xod_IRuyMG8&t@3)|jTA~!cjRLW zczXo*Zo9}8byySe7js>AAccMRxB+(m=_leT{He+I`Af#+TY z%MEB6sWmMqcq!u#P-C&Ab5cZ8d6Ne(TK<_jRtoyI5@Irk-FBCwRz~#IYtEQ2*Q30; zSS`9k86$x;;e{w~?C7>T zNz7S@Bp&4}bvc|1SDn^sY?o@FTwmz4sZdjPE{Q+0J?fzc zQnNLdWgq)&)uH^zxZ5B{ApfV^Zd`Imb7g4O)!FD)P8biPOB5(6o#3f6{%-(o)L~IR= z+}sNk8}HT%fQK*hB(T4G*A6HYDfGGF)xYy-tz&DSGu#y&{C$prb@}iylCBqBtcs6{ z_Y$M^3OSn`PTav$hP!EG_7X6z4-)}!9lNo-5g{3G7r~oj$NbmXYrwb96~$TtgI7GV zRh9#IMhHy$sLZ%EMhT_!h|9u@y>by0+XTn(i6NT`b;XuAwy4Kdh!N@uIikX8JHIt(2MnYOCSMQW2MV+< zJ+`nPZgS`&Xs@5xJ>&6#S2qK3yd0?KC>4XL0zc~&cOz|xR3p3}^S~v3*>RJy-Hpv# zdHiu0kHmq20Zg8qSPeze=#mG8=1NU{9MSWh`S1RvanAuqujgL*d)&2k@k4i(J$$a* zQv|@~BM(5v`&NGV_r*c7x_h0=fgPX+=(^GN0!5ho9tn(NqiUYRXH5??wUY8yXto#K zqPDROjtKaSOH{rZY0R3{If^EKzSOX8bb74qVYz_0a%oD1nC`3)6)UY4aV*U5=#{ z^mx20|L7mkZL7^1G&y=CQrgM`av4W>@T#7pEo$T_r)3-4(2NQ(Y{&mcUz04oGA)%7qY@CM7+^HIS~=HF6E4mf6R*Y*)X_NO&WC?ee2S8ia-mt-U2)nOj}&vpRolvs z+ae2L5zkuCwAmKup?@=w&VxkN3ZXj%Kv-7@NMrY<41&^+luirydkRtB3MGinpUBKC za(#ke%X(D$4=_5fgLqUL6OTpyy$nr<^8W^DY$LZCYW>^fQg#IY z- z-04*qXv;F*k-r=NY9Qlgvni{Bnr8B}_9XolNgrku2xY}uzwRK;*UW-k;Xo1Ql)O;R z+W1gKOIK`*^w{j40XF>UcJ7a&Qh}&U~$^X#jHEW(=6`cEl;v~G5 zY?y*4Ubb0+xUjsF*HGECtFdJd`w5lO6`x6^7r5A3&$p6Z7>#+4Rk~pHATF$|Bnhl= zd{+1FS&4c8j|hDoQ(%LbZ`iMDVBHi-g4GgWt!D=!+)VlJ|zUIs!_o&d<8C)cULsIvy) z+~d&!6ZmXh!wc(wm$?)a4))x{E_SmfPC!G68F_?bF2%2TaDKOSIWN-3ieS)liQtuM zL0QwD1SGJJ(KEX3$PjcAY=;?@uhP*tJpv547GJ`{t9LA!HF&e97Qq>Ac-VGiNu}a( zOAR@Oja0i)kEr;r+dFrf036*n?ytyIbl?^gl ztDXGBq=QS{KX0_qU{d9DAe8YTB3EMa_~z<8R*CODo=FjF*Twfp2cb$1Cc=@JV#Vq6 z-i*kwH36h}GnUSwHcJbY{2+6J+t;n48(gJJt#3k&^KcybNwMr~0}LyW?R)%P7t%CH zMwtnFN|p7yQvstY++?tVtrBcxR4}TCD&w^e=yc$;EeTV=H>XjMj}0rlc1r2xCaUUn2DLf%7-lje3WI z7XZ9CUxta1(@$RnqBvlp(w^4$B`U{r>6>l47vn!XtWa(k2*r9Ov~iPoW>{V=b2zPf zYOp8uKYYX>Gr7nMtHLIW=`|WYKI62vhbPr|AIz0*1`dqFcMzg^^<{{#uPfLD0=>(w zywu|#f>!i2INuna)lYv~s6i7U90Jc&t1bY}Ie>RhDCAt|IZmfscQ)HDB{fCuTafOi5 z^nr}>RAuq-YETDtQH|HQ!xxKO8$#C|F((yfPXHusC-`oi)ET>u4XQm5H4%--)2Vtp za_0iid#o27zFr}onN-K&du740*h<+hO-6Il$=?%12&%2<=<1_2-=wN}(*pk|*Ts#P zMl-fgdGePkr?MZ9!5~2CWFeveen*wj`fYUxqS5p?ZKdI&Oa|siWZLE)ht1umk$X#l zp_M6A!9GB!HW@EyzzN^jT|rhS?hop1WamuWk!raY=Y!D2cZG}w3?OtU50wm=hNh#x zQC|+XuM;Jk_hu=RaxZ#Zf8XBbqdAFSUx#5UWYmqBhyE}u&Z>Y+wy?vzRmdwd(X4=l z^JPzQAKKLu-on=V#!2r10%fm5H}E9PfV)Tv(wB>nW&he;Eu+dTl50M&FaK7^q$hRV z_-i!h$5lv9mB8Zk-VyQX2bl^b?hc9%Sx0UiRUi7|fo@AG;ClUvH>z?kK1*wh*`x^l zj*BaO3wzCEH8-3*V;&7>l6}YOS^g&D>C8!#CV;yY=f17!uRp7Hr<0?Ti&7E#skpNM z`*7eAPw&#Jw)k}(N`Oxq^dtqMSFsn3Fz57(Bs5k!#dn+xf%44$IL0*1Na6U|53;(e zWwNepPs$#%X7Q_+O4NAI{{g=&n`4QD+ajo{e`&=!y21A<0mfC*!3SJ(>iVQ7I^yAb zZ^nFboS_`$7|KSft`F!Bt5?GWuaryonTy(0w-?bDlI(p2nqp>}Cy7p1i)W|(TH@e+ zI&bClI?-mfJ#eQYAsdO)980k{4*xzRVzS>~61@mqqv@(AP^ zGUa=*q#8*#i8kfh0qIkDjxBrBlh{81`Z)63NT-WzszS7H!OMO3jF+t)$Fe4)YaU!X zrI5uv{4$_H$II+q;`h^1nhamY_d6yjB-&`UeWgFT%Vf^uzQ@5kjmC`B{=sF)2LFVQ zUctbajum=nYm)t??4t?bdX2p1ebs`8*@9h3wxDqDJu}UPw_PVj2v#Fj=XZBc=OQ=( z`Q*Mq3Q?ok7!yH&NIblICY`lGa?H!H3H~e@^QTN@w*8Z8ixT0n zU=#LUGP}g*>wZRz;Lk*Zeq&s;cU) z3zIeok(dd=U>)pG1k175$@{7^cD!rg{IaK|)RXf?f^2zP$;s>3ONN^qiz<$zRUY8n zZ^4PuEhs3FC{Tb_b_+Z%(m5GKaumvhPQVg{^ZI844ge4T$Ipy_1dVZTvTq{obAl*8 zf4=0FB3g+k(#}1`^G`klnq@4d=?!%F!x3z^!U5)jvz-fZ)1z2cZ)ex)s~9xFHM!Ya z)9jjWqsRp4pvl19kkF3B5Dsg=Io~q9Wv=2x!;M?(^C^doaBAxM!F!t2!54lQ;31Bg zpU~0Kt)bU1yTa4qLs3>mAA$#D^6Q=DOo<09elSe#M%vg4HDZ=2A}=_S#(m6&Y}^321L#;Urt|21y!ar3**lAR<9D&Lqy}4P?W&uRW^HYEs&SaV<{?wi&e$ zdm~b&8B>U7)2}-_QPMya02F|eFU83H1;Q2SRh{|A3+(uqXlA~xk)}(2_ig@w?ry)z z*7M~$vKP3f%6L>wPXWR+Tu7#CRv}rdomCXI7_7vjr`14>cPnyB^Yi8@%to5YcyHt& zETYx#o44}Y*+jdquY~FNMoTfPf2L4Ugq|GTP~SZ0v*?otllDGrm=tWT9H{TcY{@to zqhAoS$F!B0z5Pf}x}01lt(B$oNm)_M$>|SInMO@O+*onRi#>v`5^#pqmx$K9RMyn= z-3?p1pR^p03UjEoxBTm#avyU?vm=*duA^4-8yhjH-1~i)76T&m&F*5>-r_su%nz(c zgO+wj#s(52Z)ytB8mHsq%x_QWHBzgEFWwv&=+l{F2(i3YoR-P8>cLFH@8lM4+6n_(HPaQ_o|1eVxb>#;+w z!{VXGS-w3^s}BuOgdmzJcpAr*lP@BXDf(r**nA6dWrtu}X;4WUNeUgq>B%MUT5|)b z2o>jUHE~;}fe>83vuHqh!&liXyzf7fNKI}bh&JR8b}0;FIZm7W?I!7&R!hDF3=hJZ zg22edUFoDDX-CJS&w{=A7FkT6V)&ys;Dc3%^g@5qMdqvA;H)uq$qtX;p1`sD`1?BO z*LrOb0v3uy3Zw4PwTBZWw>RS%Rf~(wN$Db}?Rk%uFrB{IMm31O39w=?HylZO$E^4y z2T(14TM1bFz_RX0B;4%EJ$^6jg$u@thq;c1xFR#1Zv!+CNETxCXyfUi?}dKaP*avb;;=9I>0>6hza)jDDGH zCmDFUTIw##V>5?n+224*!$YOBqJ!7oMF+9jvr6G|XH$YD%JwfI;b=9|{~^3>wftkc z`jIh9eOx*6Wkjiu3f|{f&M~s+G-HP5t$bRl!3!)Z>pHm=@@xDi@5m^RAT(3Y6roWX zda)2ZSQ49S+p>$w{aoTJ`)yosy*i=yq|T{}-5g1SX|HcL5RFkA>_)&<;)X=ZBWbaO zMjpdKcJXV7hQ5uFiJ)=H=isO1ote1!JHy3lx&_BMs#{k(3;JEz+vZ%YrURU%y5oq| z;X;$-mXAyGyhrNP-&KnMN~OzAM0NJQfSQAjwV|Iv?Pm}WieRH%#tnU zD`p0ZEM{hgYcVrh%*@Qp%uH9zt2gt_#M^%xvAeOc|2wLytGiB}&XXt8MRIMn9k$0F zt0yOcwYooD?nQ2%e-<0{iGV=>-o)o)Hy1hkG9oKiq11UOgB}O|m&}jz7XhI(I52g# z9s2ZfT?kRopy5Jnt?PaP<+hJAUZ(fH1DnMntXs{a{^`2}-;)`%=jsE)o~t98^&xOE zT|MxyV7K67h-mBwaPVTF0}-CtXTzC~-I;IX_dEXN z7-Mwh#&0Xc#?zvoICj-w0&dv?s@@Akg5R8M4`mIO94*Ki7{dB__1Z$TyBD$(rF$3q z8v!mqqX)N7tG*bT#(1H|0H2 z^S$ke+uHlNaQJ+FOgDzJ0HUlPF67+DLE8<*NG0=OHxDYC9D z6IZ5mpkiKnp@g9a8;CE9QQ_hFxt&Jmec%Dy+uJnu>@5pBpz@|Ii;E8TKTj=|#-q1K z=QFl=^JVlq>D9@DPee?+I|_CoIdaKi$%kg9C63(kU2%x$!flW0c;_2_D++{5i{C5x zDCwGal8ojaH9j8^G#NjE+oyAJv_6qY1~<|seh}(_!I~tO{S}U)Ypbl8bv$)^FKcen zlEa|gjv-%<1GZ2TFQEYU4Jj2hTG8&S0x-aJ5F)WuI16a_F>EJM#I7(7FT<4#3DvigPJWa~zGjY!vypHZ|DwXd< zu||_SN0O|JIvqngxoq~Xg6-t7KMlvYaY)=yavZOxbNuwq{FE`EW)_Y?q z=s7t#&Ldf$uuIH`lD$1kgY`O`kB<-UKV9?hG}P48p+MlrC^(0?xp}dAH7V$D(x&M3 z>3>i3_P*imB9B-jfgB7gm|K^H*iZtGc8p)d)m!M|8HP;=(_TTf z1OlSS1gQM_h#(;bw-zx=ZY^TLEsy#12TNq2^4i^M?bN>wob;IF?Qa=mCz&^QjeJ;lzhLbjZN0p{z-Gh)HZR}Go@2W5o0ui75mt5l~ zkb0dV^Hv(BOG9DrFSrl+86(b zHGhGJxu2;iAz3m@0nr6($#wU{xx!Lg=S3G{YX{4&Z)w94a14yGG;6y$4mj4Q^fMZ{D^R z<_DI)pO!Kow}TA~)gLIY7e#Us9$WKqS~n+n|GqO7E28Xd==gAd%=_fl8`*w{M=_7` z!8hCVGwntn0KbWkT@I>wTHdK0|yC36yq+_h-C>E}RV3n-y2!i(rTO z{IT#oho|VxD96cduo`%#UzHb76+hq0aW%`q+&aT{O-838p;!ODQwtA}G4pJ$O z%pc-kctA@yB{hBhS*F_wX^@k%)JX+X3fcR9jnH1-MUzr4gPiP68^wOXujsD%48SnH+N#F6v<1~*4M2=?C=%>Jk8!i z+C?;yX1HBvUVz0MRd}8_kmPL-{49*xH@&FA;Cx`5O1+A$flfPMNks3{sgrO4u0FU@ zqmp6bTmWH%G$A%MdTvjIR_FbfIdyV9H`d|KxwQ@Tv3eaZQq1v>or#E{#mg@hH{0DG zS=$4LWJozjc;d|a>fmyz`>Ztm7l-ugT{HC4kH4(g3NN3XmU(=>FPv~%SkcWSZ*f$a z=;3#0VMkRTnD!;ATQ-d*yVbgz;twRhiC0E+FWmU-Iqh5@E!jYCEZY?zbX+Uu#W8tU z(hZaW2O2Gnssy)NtflHivUrdd16uz_A?C^ByU~4UC6oJ^dL+BxE``j%q{9K}z*!uj z8xAX_7m(R#U?;6o+;I0=FKc$OC-2DQ>WEqNDn-k5HD;h_NwW zIg97A4N4O1GniA;GdPP+InbpCO}g~zGOazogSkG$smYsNBIDHTvCW{Z!wjbocz1YT zIeZ(^sVC5FYDD!!kBdoUN0^x9Za%FS>6&H_4UOuli5fOr;tE-&sY&&`Vi)9{)D@Yw z=PtJvpE))&9#=pB>*%;*or&ob<-F}Ityy2}Wx|W>Fd(^VY+e7QHMJ%9nt2gC8lnWf zAoGC$(U~5Azg$B+HHpnYJCDD}i2@eckgQ$d34`Q^$)}lR;7XLl7#k}`#w6WzXh+3T zG`SlJPc0z_`gvbPcXjg+u#N5S4Css!3sR@Q5|zj{g}Pv??Z2?^eqEfkVrU(mgf>5L zhuWu#{^FnkF-D)DU4y#e-a-!^`8_{KXQVfKOCIOI-y<<2&c0)KlZFP@3Yt);w&d_U zP+Ij<-Ri(5jk0K#8m5C94@*D^Cv$35@5mM*Smbf%h*osE8s_SDYM0AC$i4sRldkH{ z_06sJ#poC?czp#-@+ULp)c&!UqA--$OLVxX*QY>1QIxw{MRqlM0A#A&`UU&w$s0M)qu{cl0|GP}Sm@PVETA~>%f@fk+e&bHR*QAx;v6!2 z^{VcTBw$zENGp`j^*RHk6A@3NTz;i@KS5sR?RrEg)QG^oK05QZ@f-&72hv-xr1IU8 zr^zH%+cfmc-VqHl8Yn(M^3DH6jW(r+{HTqPuO8QOMvn2R_^eERC(mLRbPmxISo3kg zJ6oy4>_~tkdvg3Pl~fvPG5EL5ar1 zV{Bb?DS))7_6U2Xl&q4M@pDfKq|LMFp4(;9tEtI*>f?0N*KJavwD(;)tP^k0LfqBbwB zbZjD`TEpK+vn9q%7sW{sn;QsgwdoHP-yU}c9Tw(gq&@jI(osJUW4M%gN7rkTeJrY0c9C#KiGTK6c ziM$GB%CB`-d<)`*nmX5%xmU}i?K0XTd(V*B!~8CJN-y_K?dRp6C?oyGyL~cd8MhM) z+MT9AVB%+Ei$hXHvGUg9-FVkj*%0pQC^@h6&UL-I1L^PuOHu7_wu@7HP9Ep8(DQp( z3iCUvx=TlFLZ5p?E>3(pLP78l!-<_^q;os9$;0Z+(|h0HtWMw77Dutoq{26QzsspI zwds;wog;3ux(q|9m8f^1OScXI?{;ej9FBJ9_sEwXz7Gc1Z|xqk^|QW58MW8Tk>k$T zw))4MIPH5>(TpF2M6yd^8bo}7*aCzm(dW!VYxfTutC$&rsU}6*7msbI$<3!Yy2m$E z0xx!H3C;!QyicV7+pAk^zRhZW9>Hr8(sRd_s%u)ui=}Tah_5{-(VJZ0!W|EMvOhLE zUIe0-MR(3tsBzdg9mGfV9hNUnRv<5BHLaXX>)hu&el4Gdzq}v>I>546d>BURIKo&C z@L46EwlW!e2N&TFCEx+?&H{K>>bt!FUXe)4V%s;u&Vr+MZ4U|Xn;k1(bS_>n@+iDQ z3uV)`M!zXlpPhFnodgtCwsb@%VMhrwk;=2vL1T&h5>NEkD5v~()EA4Ie7cEQ>1-a( z&^~sI{|%uwoE8LhUhl@unyYp7=weN-x58_vP>%!-l!-p@;*yGYYfb0$3AFJ!ewy2^ zh9B$s1nw6ZT*#M%Ms&XRDU{06|IX+@V_#(leQ%nLLBX~mSPS2rhH#pc?KX{TG+Iq{ z!{M;!2%qnOH;Hs|b+`pCwK%bU%6njPq_@BR;&jm*`B-U1?xG2QMc&#>(v`>w4E%vc z{1qIQoefnU3^PVoITfauxLpnG=hyrPhV};}smu1oAHMR6Fn+i1paVfIA)#xZjWCzV z)=P1s83QT>YD6omrEN7A zwwpisbL8J47lOxz{=zp!U+Q7bdiI3#xw$5qfDAGi zSIewwxxyJ&CI8}PZ(u-xjp1C|y*7E1<0h-7Y**8_1qC_Pe0#aM>u~3erl~TgJL`Pk zsIF|j7d)DTR<$R?C!|={PS45@WiTnbWXF$+SNRsBFN8~>JJA(M^R(CSyDxH_5!y1? z#tSO0J9Kz9z;0y}(sFfA*u=>aFc{3Q(1bxtOU+Eso)l=XVrBXJ;s^>T9b?uc4bMZL zg6&TLJE6WvLc}*2ly_%SBLmDL)4z5Y`@J6~nSj49U?Q|OJ@|N=4@p`hzg&&AJqMbALJ7$^ni7-bejVKhtw7jYK-?=7dyE1 zxvA+D!K<>MmxCTv@O*0FEdUR=)k>k8xQYG-D(rE0rAkjPXZA6zb0$qpj|RgdV}1#A zUTO5PVUru$rA9?<7oE0b=DZd5RGJr+74XFIj|geh-)%|Y^5Ert1OfXpGa@9lgy%0_ zXjit|Q(QhpG%d=~SH2yCq#0hXfL8>r*lC<)!krewRplEx1fNXr4XV2hHkq}$Z*iKg z*-hfY>^@!}sp^<|(5DL(gVsYXM|ovjckpT zMKe}zV%^MdH;i9Isg^$&^bL&T{0|$*AL{Q@j#j65Z4Pp^@veI$0*s$a{j_b_RuEC} zdzm#ONCrYD1fhp<@S?ONNNIq0VeV)TZoelg8NyT4#e)l5ejAl)57*|k*23hE8r zL!jg`Ll*cF{8|;c9FV3_6f-%g@9wIAKwa@2v}4%gK$pUYVLhSBSdj(7riZ`2%FcxA ztw+%NI;BXCWXB?k%fLZk%4K-u#QPVPD`e` z)|SUMk|yk41A~NwHLQ`B%F@@K<`THDRza$f&g-Em_Yv9jM65a)fz3IQp>)Hr?)jbN zZjJ6(a#D0CAQbxvK(vWzaIHDoRhVuP3dA@}0O`P^9#4|?t-}<=Y_VMv?^Q^Q&;Xfb z*P01PS>i9$LXd%K&@m8Uyh$c*6FL~%F$%dphXO)YtLjofAF7GtI|oiu$?;K*%(7$C zafXXw{_97L`i0A&RrFiwF#Wg6jJOWJU_Kn(EQxb!1h|$|YGQ_$>1k z5e}>Sa0-UM>^%n6?ckZ7F?%IMFg$`VZ>j-bu6dFW5mFsqKIs{ zMbYF$#ZxA=MqW~8b{$6|ca>LH0oltO2{av_CUTD8;dW9|U5pDC@wIuEw4q&OkqT6M znrm26TiZ~W1ZeR6N6?;JlP!)d;Ntsq?$wotJ>2re1p;P2R)_8a-S!|+xVG>`>AHf# zbnZ;!V!xdRX3DeyIKdoNH+kGr3$eOqHGr_ln4j9RCQG}hwjw{Y-@!U`K|EfpTXv@? zt0FwiK8|T1Fl;9v!E2f7`PEiwtSy0VCdxh+wj_7WMXfKuF%O65B2oR7Sh!CQ5uE^w z4+YUX@l=yAs)NWw{Pj6EH#GFfD*4JlfcYRd^G~K=6NB^bmG92)EmCbpae%TW!lH-a zh5|iV1&>=BcPaFSGb07NEw|-6nYPn2+6#+ip131)W#utGJhGYnC*ROc+L3+w@9{Rt zutXSG>kGz+1k^OVTz?tY9`_@9a?fuaG#e^ZxBU$_-$Y_kzfZzuW}zj(Ctz=r%DHM_ zpeNPJB^?7^N)$w^4;q|Bs|zkYaz6%8>R+aVH%PNf?`u%{ZSpK5Qr{Yi*QHw_!v*kq z=P$G@UqW~2>#-BeW<;}#fKB%!g^s@@R1|VN?wxO+pAj)ez6lQsq10BMQ1Y1{iZFNX zoJh;^sM(=LFo=v=5*KXhC`^_%$?FQvun>20F)-RFHa4PX-Jg-2M9%4Y&iqvsMU6?M z5x8%_!t=hoJsf6G_`8H{PdmZ!_SR;=?+jK+jHDm;Xex4Fc}h z7GP5&ugdODtX~RKq1q57yvd{NEMNS8qxYezB27Cy)mux7yo+xaBN1T zmof!JRjM65gk^e#C9+~e6Ye*utA_>e<1gv*EL0NXw5NJU^;&^t1opj)tGlA!9sZ)* z$NBXj!yyeQN*87M5$rAaQ$9kflN`Pp0|=YVT-zZUU;$$I)00KxayySF7$xx?wOl6B z&uW$$zMuOj&h7$q0VgDIJc# zpZ&>BW?9hhqM%OK$N@?w7|fB8=dp0PS)a()4nMDM?PR?H+|3LY(&JxWg+Q%2e=;By z9r%VR8l|2jyElpwT?chWhjZ7?RF+1c`=1fzplCddH?7Z!8xxx5M2IWVRp*>UezZmu zcRX^l81yX;pw{64%Zb!iv0*l@tl5-d=fgorT=1eqd6bi7GDK|tO9KfD7(~Eo_QkVv; zO%KO|3#Xl$dF|~F7Gu;jNra96xQtRba_9;zPzRu{;UV&< z;R2SYGFrrt8(G=Du~*IMW@`zxIg>?+dAAz!IWc}#Iu0|3Fn`95x!X6OD0a%|4c)Vq z3~S!Pt!sV-tsY)uyQ>}Hj4RGJSOv7}7FjknhfpTn_`~U(f|8Wf9dCzGUqgf)fuX3V zU~Qw|$~=yu_(4G$pLc^uxZ{2ITwh&%#HKdcp((wH&VEgXn7^lgNCaP-3zy&hzOV7k zTdaPvGYE8-b+Hp^*biqO&<*C+-k!~euxck)=#n8Z|IGRiw^h2jhN! z;b#LyCziobzW1$`)%pA+5K926sdM!?$|Y<@kc@D)A+z^{s5M*ZkU`z+S>P8itK`1= z4<##9=~>))x|P_7CEXLyITzdWiRSNOalW%gV(ks)7?`m!j-SH#oC z40o#--62Hp<~wvkJiynL<&s0@9G9J|)3cbP=~l{)r)Sgn#}q3O=>+bZpXVM0%K)hQ9d->?%_qJvtgC+*-opr;;>Vw!h3LPZnxFtW49z z0EZ4{>-W-quI$3>S%&T}IRIvpWBS{Zj}D%-%jR~cuL3C-{>gaawr5w=BFJUI-&V%0 zZUrZCO)Rkn(|>x|QVUJGlfdpmMT^uVF@o9>hK5#6f<>S4YDR+|x7KlPZobMqx*<%M zc>7lCEiQP>e6T&~WEit-#SOSs9WFxSG*J_fY3>h1n4am%=YGGZIydZ#GUfJ1X&I9# z=p5Jt<0|I}%#{q4`|0g*K3(7)_Qs9ib1^*SPBIn|7Wv> zn}T{0WzVHhp)LIZO7w3F2{9Q`(!R#eW;9hQv!VxIFpfkh4BHVn?q8@(!*NO4HtE*R zzm~)0VA>PF@^SR5*mk@ZSO>76z7L(C)chW@1eObf|KS^h%tAs;*%9D=gD8 zNZ^WMfzzgs0c1+ZTBZ`+Xu0cO96m9(Cfbh}_=(-|5jVt(AMXOM`h&kW!#E#3L?QR> z?7-+@hjTB^Nw#O#vF;~NVkxEW4}vDw6=nopu2R~0=oQvip}_o*lAoHPv4-3x%nyR4 zo=hrxno)7EBl=f+yr_d&zBMIwUCDN% zpt62;rb}vz3t%vu`+?0C8eFtJsaNSUc;kMG;o47qdd87(sp{M0*(#S6)awX+qUzlsey}vPqCT8f3cL5VY#96ZIxQ@bnt@qw=_^iCKG&=kQ)4 zMlO*lM8U1FKSp|8f43yUN(cOiWkFo`o#bP(vBR056-?@<%sH&VxV1_l8h{R4awbth z^fQKo*cd+re`v90I*;rLzH(&uc?H4Dl^*B33&oNYrLgO9Y39_`qP`H3cil>jE^4T6o1`WlsgDz80X(xC7UOW^!eLvpihH@Z z4@H&DaJ=j7M0B~|08%`LBNJT8m3#U3l%%-K@m(NDTgdn?L z!Yh)Cv-8)oHl|{wZwUC+7;;2TBHff})%!njSx5mnllkb3{_F+dwA*JfZx$}sh3#9; z-Y5s@5pjp=VN27s)F97B6ms3C{{H0DNaMSFvDwOb+EbT|g=9M^d(y~fJnICj@8sN) zi5N$3Rt~ps#oQOvO6ow2%5cU&jWrjn^0L<(>RPJ zK5juZ{9dBGnMHZqV#0OtjC|S+@Lgg(@|wmb8##fHDgs_~mCKWtxgpmJzC-2(dzBmj zaXVr7wal$J+eL8Zz356Q1T0ozX?gCIFGZvy+oBnv3HydRFzYi#VwG|prW!5j%f1O> z5Fx!R(B>rb$h!pa-`p<>w?*cWWksi`yT3 zEhXwou!0e8GSx(N1a?do?Ikv8Gk;qWD|C zC{L%l;S%6hOI=o}W*ZxmoK)wKR7wwmdS|&J1yg+Uwtw`FOxQM#^_4-us@pMx6~64}eir#t+%BPqoOhSFR!R}Z+s2qw zHHc*AL58c@iDgG%#(S{M;-6nRk&8REl74P&5`t<#xkBr($57fX#Wb{OgVDgN(^8u? zYwB;VD7pQ34>jFiX``5ciHrUfE8c3;MUHeIMHDANDlqZJA77t%dW+n}<0W-M6qHmA zZnnRAzU>cQ-Bw1(6&Ow#-75dy^dh|UdW4k1a11O+VD}tV_D^~yF#e-gk5sH)z_Md) z-S_xy^s^|AcJRi5o{9Bi8<+mNV%82Js|iEPSx>a~o_?P@fW86nNNCw$)vZu@S#?9i z$0O9q$jX4>LiCagNc+q9)}mAF=q9q^9nQnPDZE<_Gu1}D zlYyhErs1c4|H+V1Q98tsRo@CM*gj2;L^G6`_A5ij$1(Qr)mOX`m$Ohs>w9~MJF!1X zgl(%Jc#L7Iptek@S&aFqi@cc;89TcdLm90qDD15LffaHxJ+{$51#6TUF_-URuUt;3 z6XM*452=zXyC?Q*+D~4n$|KSQ6Z!^0+K{6qtDabR(C}wEtXMZ{=K~e2+c+L(v^2vp z$YV!-`EbJ1O`1QwB#5aWaRvY>0rRB~`U7E`@(ZF1?mL1W{@f*kU4T6!dtK&zW< z`+}L1wAJ*s((FO#;iDxVaOcbR@aTx>?3l^XLwgaV=7_D{zY|BxZePOdzXeuq(&juc z1E31Faof}W&B{4qM2jLh_sF|j+lP6C26CJeEa7%rCFN-m6G7!PO1te%^*ql{jN40=3m6%#xt4ylU{MO$0Id#!`a&J$AU0^Z;`=9yGVY@8w^4s@?3h~X-9$h;G4Ey1}Lh@Q$dN#O5o3-v6KHaOyk4ww1|5@{+Nmomkh2Pp9 z1eXoPp%nGtRpz~@{McM=##E|-2i;RY1DNu~c`=5p!j{@und~iTo)HN`NrYQ-v!e)l z7|Z(_^P-KWrn+&MT#09ZAHEtdh6Yt5UH$M$F@*r+uox~U=C4x1yv#XjOy;u+Y?m{5 z!qA-EeSZ9?vBnXF=e)$gDClQ|^MC=rpt|e-%;_C!<5Qc=6`Bz1Z$!<4@9c{e@x-N& zaqtWoTAJMVY^_q@T=&)q+~t_^*rqFHhDYNZ=nu9iTw0aK3uGPM8Z3vq^^5bl?RJ;* z_oCJAg#n({Y$$1UEv=t!$iU(6^0f=%RcfGeaD{nx)J61!D!J6Nq_B8wRKkD0x7^N< zMzqhO>;*nr@1#CxZaA643(_#o#^@tKd4B=>yB4;eLv(`?ODq~{>cy8ze4r%QwS-K~ z4*^s5vs^nnKQBXk78V5G?rbPiW$ul{-)P{?4sC~P%gZWW1&P6xD*w<2b33yH3Cd8Z zAF4dnaKvQsq6FHXvrT~vIO~)7Gdt!`6hV<^xyQJy%-lD1+=N{9nXZ>DAk87$&+{CiwurV31 zxO9NK1fmw~THWo~W=$-c zr?2ot@?R^PtA-Pp@A4r{D1am^CdPvR63lIs9r`FMx7yMv&dxMq=$R_8bLqpT^Y1pI zBX&Z9Kp=UD35$>Km`ZE zWKYlZEIhK8@fRK69;hE_)?Gh!1B=>liJO?g zf_=ekZ;L}-PY6BB z(UOo3!F6rf`Gw6~`OX|#d)L`{XFzPP%!;g#XWIPR2gW6b9T%ci19?b2y$?P7%y7s? zGcl93DE1o15R&F$%%Rb;fv}0T&NqP(E6 z@Be{@1hspv%8Bi;1`0|ChXApoou0os9b7*71h7{tpoRiiduCRUtO>2FBmrH!Fd9D2 z%?fktDg*~lv$lQYg(Lt!QrqeX@ju;=*!b{U63Sc_FwMUwXSVhZg4XU&wrFC|B0^2W zm_~#%<1D@RoJVxI3SI%bio^)2wl{QNcq1IwTCt(DLe{8`w!_6Ah`QQCkrjz_yJONM zT{|auhsaA`hTA

      Z?NlIp9nKqNIEbWP_fvL!NEO(Yi!r^p)7&ybkCppw;eW0aWn^ z0?~`udX%G#c7|E>EHWAjg~VmWY;qQi*D?|kkUkhF(F>*T@$v<=*gj~WStF8wlnqxlM)fBs*IT) zyN4(D`Z90Nt#>7>Xa>rD!uG2mxODwO@bi(kB ztj-rho)OctYlN68m*m9z<7{MXM%<)E)te3tFF>J^2xLKLNY+w^Q^8Ok5dP56u(abh z&}9r&ROim~$*%Z0VJd#l@yt*rJ%1>Z$EH1gb{vAd)&nWr#eh5vAie!3z!Z-xJQ zN{Rbd`jx@}b5rOYo?08*W=2ip^*arH#;#JsvbCL$9#MVk5j0t#0g<3}b@3H|(q)U`WC>>vW0Z_m;WJa5CUW)_voC2DswSY&(>Qcl!kBQr%_@exK|sddbvSFOfOTCPVP4L zu4`XpG(7N|H7DjqP+oBE+GUwEc`Sf%`%VfW0cF@pd@KCY6ZZ=zdUq7DL%e2F_Fn|d zSCK9g|MU)oWV`h;##l%GJhkcQZC7`}kDO1uygh3;VdHcx4MmD`*)ADIm({HAH+7=z zj{k$8Zr->T8c2r2^v0LUW*q|3ov3n|yEv+O;)&?y6O2G2C$meB8QXgm)Wjea zx?3=weQwgjm{_FDlNTSxpmXKmjFSg*b9p5X0X!`p@$UCuXFe24`_qLKf6}o+Tp;4% zAH|ovxP{(jdwRuzpIMOKATrSpx64>fvAgGWWZntgp6~)`Tld{bO^6|AWHOC+YNbm& zu0X=R$#$NdcFl}AmaS!nKI2q-I%YF|S7&>V2e1oCLJC;S?d#g=xcTL>z z_;UFD?Oggn;MPe)`AORi8*Z?$Ws>1~W?b?nmqf}~+A+Y6+&U}F1iF%Vpn(`1ewkQ! z;saRMiPt46ViD4#-Cq}!TWSzw-`(sl4jYdLp zW4Y%bOILjj45Nk$zvt{YOE9{XI;{3pjGw;@Q)9_WWqDttH9=|5jgu$BOHF6kWvedV zdN&k$eo*5y(qlF_tFHW|)x;Z|JnIG3hfEdziH!*pcggG;Q7vsszfyC{~ZQVe8RIelhx*AuOHe z`@xG-{fhCI%{&S;G2+E#@7OFZ0Nb4FtX91G^R3jiDAzkAxBwG{F#HyQ+zwR~0g7v7 zzdOkiskGfF(ph423PxZ<_v-dGFbQCQpt6I?@mz6n9zqjT*Ck!yJ7TMt$8K)%Bj;go zgG#jnt6^}jXOL(isIkVE!cW94Ik`=r9sJBM4H|1Z53a+ud079SKZbk}21bn8APkyZ(Bp)zyP^z;1-hQfxJ z2@9!c)Nr49r4*+LsX|&lN3^m0r^;EVlq=1L`%YYH!JMb)-N}kQUn^#?j7i=fI4s)8 zSBoUNnwsDCQq-_^R5$CBmGi6Nc`+xp|4PJfANuqWr#t(w>k}TO6uCEYa<@22UxDObN*CCh%6z}MnI6n^$bh{;9@mLWgcdlRT2A3g5Z z6-rZdLv^vEp&&vK-d@xEV{|m|!hMi}RNcWDDCzOrymz7gM30=Q`aKto`2% zBxB&VAz{B}qZ@noSI>rmDFfjh=2MA`%41sxMpxIR0N+8SrhdX2bI8yT}Tz{ic^fiO!v%up4eAB z^QuJ`f`l?E6~9)ljg%G0(D%g|2*q~5)yb!%$H}wcZ|#=4=W)|zb z6Fv6O=(MH{CY#TJ3&z%bE1pZ(z1D26Pq-8N*E{mj`$TfyB0BI2>JMwYTnXY4=%Ql# z+phLOqb!4vd7U;SAE`|3YK-Y^1b&VfKbW!ib6256!!hSCM%?V-$UUWdiX^Dd>&L8kPr>z)7hZw?>y&6oEHT`EizU&D3NAT}a0oH7#>N-r7xystYrRf2%OC0`K*sGQ^~WR{q{$ttd0t%B`UhG? zrsvrm`(<#{tKlzq(-l19&$&M=mS7h-Weww-54K>!RkHblfGY&ShzLituBpLIZkihe6I@~ zUCObV@3e&W{My;YLZvW-TuL}x(zGzxB=y74Le==d$r(wGtHFBA@=mod5XAH^C0Eop ztKkS#(r0X|6ak6&kv!eWQldpgr@r7g;9ZB1i`4$$8&>jkJRL4qiN&g zf~1$XR9Td&M+7Zz5e#0tPqQj({|W5f+{MY8su@Ina74*^eOnpeA!SvsP3K7Eo54$c zBVZp6Ekf)b1Rt5n3WqspAEe9LGAw4G$`D73S?;QlU!x4MTs zk#wjII!_olhsGQ62-^j<&}_Z;;Q=ygg}ZmbMP6SU#r&N0YIJEGnEeu8*?ojLRTi){ z5*2s{$-`6d62bC7)Tqo>Uf7=UclU2=jZGU>@qI0t(gCBZLM3Jz5(@Rm(6y;(6#jmI zmRt3GHcRHO>nX;X&Asn}n-wk8A|qJ*I+DhnMznHlRON`Q)*t98ax)u336s)eT6Ihw z9kLzR<|{CNjcPmPHSN`2sBHpT9xPqzS8G?~V{(uk?60Si8uH*|Jt8chwFY|bfwLfK z&OhW+p8Exeizdfjc1MRvjS%%4H5C6gZ}E|a+9z`J2Z$Vyl0hQp#%(JRS7xF{J?O04 zav>eH?r=~v+|S+|3(_L}gi_NU+7IiEF(@wSsQI@9=h5V@k-W$O#Wk1!{1~)pqd%4U z5V{-`z5K3bF8MQyypfoUeA=C4q-gF&$G?xm>D4Y?%h0hXX2P_@v91gp-uetJcxia! z9!NdM6JMbb+NdF!e4}#!`ZZS;w7^RZL|c>fztdm(|Bbp{G5;41`M-qB{(l2$#559? zg|&JjsAZZSQRjXL6=L8obzs2zXhgD~avHsz?5o%56LRQ+?B(U6j5N zYLD80w|XI$H($6cz?9NQYGeDk3H~{haJBWL_@+H4W0qKa2l|HI9X&`HC*K+Uf0C0o zR2z2nI9Crwir;)-$l{j#hgpBFFz^lm-IKeN`ZJH!I7}u98@s?(4|nDUeD}Xaq3@(n z@LbJ%q9jCm_?dT@2U)TqEma{3x zeS?C6o}VlWjND%?ZI_E3)22FQ@%UVY32^AVZ3w1`400AWI}ZzGcr8l>`58?-rAvLb zd5>Mx)t(8}T#&m3Q+JYWPPbD#(A_z4!q89MOV|G$`untacjcO!33eCPL>^Ef{^;q} zzOyRkJ!D^IA77b+2%wOTfE^G}dF#*xcO5?3uLYJc(seURB0i`A^fdEjz!oQqT(Rb! z;;Wxzb0v!~M2{9C<^WiPv^CE?*>#nKFWBs6a3Q-wFEjV5aVfVKhxYOxA!l~ z`l=nxaaKwpG>7(yxE$Iui<(=FsBk$g!fgf^W*jg8Oxe=3Y*uS9wfEExz=1lAQxq=` z$`wwFPzoit-TK$Or!YjxpF0N0<4;y~Hv%gPlxw zt8Wg)%$AzyRWlV;Lt$yf0e#D5PGpdbS%E1sMz+kS4Igl39PGsNEzT+!<~jbD@!3yZ;~UT~$;RT)X}h z0V(N_?oKHIX$BC6l9rMdkj?>SPziw{1cvTGy1Tm@1RT0M2I(9)eE-e4I(KKSb945^ zzTRuEwc~x>Cm{Qz=lc^RqbWkLg$2PR3qH%S+q1WgHG<-oAERr|38TTCC?M@K5XQvRjv^Q{G@*>E^jmGm%pF?H0%8tQ{Ce(i5jPzEUSHc&uyZy zMc}E1yDy=*sPQ}YWX-6@mZraG3BR0{oJsK&5pjP2pCa$IF7vVk>utbQ{O;tVl7P(+ zXAI{LEJ<$zTq*%gV2aRtTnc{0G^jw~2Cd0yHARzERFbf3>~)*Bcjfl1aOH90pv9s_ zjzZ$MjcHd>yK(h!Lhv2*y`@t4GbVBahPbC;j!NOFEHV)GO1gHv zSD4K2)^t^)OMDRJ-lL@Vb@us{{|lP);-~6}l&cvl@F{Vqr>5GqN+S%DMv!WN4S$z*;L z60cK&zoTi|Z%&MBN=!9m3?q1n{alWvray4s=kq)dFkDARa z8Fp+7o&de51Z%-u!);nyfC+u*G?-(1TG^28j|EE7alB~lnZRQYajoCzPjA59*x3v+ zPP?7NQ=CV$IU4u?^btwU_Y!rhCQp@z1>S z={z5%Pq=tr4F``2ak7lBMII=N`C5nS=HwR*Gr_%IF09vDM-lMg$O9WntvJW9GmUit z5yn+~#U$ja&PBD1A8+J=*ndI>VsE$&MvPi@j$TQ>lW)+O+!yq*_7)2;a#b{BaIIHh z5qk`*a(Bj-N7AcTY9h zVNpObmUpS2Jx{Q;ug%vi@dXb1wY%7-5M&Sz6+No_OX%W~*_WmqkJr7wZZqI#86=Gn zYyhnMQ+u%-`SK?&4c%~=A6!cYuM(-Aa{s)MsR+i!uE$BW++E68AE4{XEywFKWOC9* z7i7lfC^10BOL?tFz~wwtDz%np5TKL1%%N5ANv+XT2p{21jK1=^%qzO!fV)N7o?ULU z%p6;qvj{fE2Z_TWtM*p7Y;!*^Xt)9zrl8em>FDqk?b(WqmW@f2zZu(i)^7RgB1P{Q{BGAT8^*@ASP}YZPXf>IVvE4}mIR z6qUOEm!mJ{NVy>UbJ}T$@e#|6-l71$$2XcIOS#spQc|qG-gFGp2N-*He{Cio7Ap6{ zZuYji0jbNywX|BDaP5O8iz##-kc$((fM2`Y8)}}A%R?So`?>Y)J^_oKTZgVBUsDgK zNx8!*z9ilez?Jz}+UaqI^PC<7H)GfbPkf!PfVKL0DG78Od_Lk7C|raehSz z|Bw;RSgb>L?Hfug##oqWQ%f{+cLXyLRUizIc9o5eTmCq2N^;yHryAN1_iv-mKJ<-C zeGv+wl2`a>k*2JHP0aJ|OAry|++R z4E}A)@EuOt(D~lyo4L&do>1R#GkFVuoN)`kA`N*wc7oPbJ7v^OPZR-YGLz*bfgOuW zxZsy>l}<-_j89|VI$&v?r6)PjQaMGmEC&f*Z z+3X~9b1%ZfY>ce;=t{`deP!5gwtd%(a^s$^3qudQmn3{5^}nd#FW$}gnqC96Chdn( z>k5SkQC6+#45JW6yl zN194-iCMas7y$}CNy?g0Q-pUxsoCeM3&tB3ycX?5VLHhQK;x8`D-ZGPbN;FKv9nyK z+b9|4eK4v1b`80%1RqIqpA})I1yQpSm~lT!jN^}2F-KGBn7BR8$!8^Lt-K2o$y~uD z(&Ovfut;xrSci`a$<>`fsafv^4=Tv)Xwv?wH7#OT#by&Vs> z1-sLo97(Y#B=YS2aeG$W=c|&e8?bhD;#TXYhKhwFzgQp41eGC~?@HV znH;=UfDFRg{wnpdpAzMb6Z1Ef{XzB4D!X+q%^l&3{UwhXd4L ze-^L-^uUaiQti3O@v8t0>wQ^iL&cAad|9eNv!z9isa-_F2~)X5A?1e8bHPF6(HaBo z80>f=OJhO@ zT+iU@oUNtMIf*=DH!@ZACFS|nuhC5y@W|h_f%~@67oCj9Fof%hn9yw>n<(xZu>Nu^BDGo2PFcocIr${^swhy#Sp&4m2sG?m5Y-$ppUF-ca}JAw}-#exah#Yf@Q# z@xh~cGxa_R*)2Vr)yFk_^XUKfqjt-pB8A^=-Jzb=B}=xP}Mu?4cpVN=0_a0#m%?9r;CABuUEQLI9CRPDI(WC zt3bSMlk97(G968#WXA zzylX~!#~}hysSNr1XpWbO_A-2et8L*1JNoPQ8A~_VUC~1&pdEC_%)h-$p)Tkouj20 zNYbD%@f5F|y4N)8G3^Iu{9KmCDNdi9s%eD&F$%N}4hK>==!8UypvM>MzRR#3GEGFl z*Vt+WvQ`Kp?zfn!fp%ZrX}%cDQX}1{N>68=ghjorciGBq;D1oJxE)`YO)60D>2F1_ zdgfHM3bZP-M6?FGc%=``Ou|CovlUh3HVO5?CNpIXxxk6v&&h_AsN_l$OUm&q^Q1X% z?N$h}mGsGjLNK~>AA%0SJBjI48sd2wP}zkmQwU5%9#Re~dg3mdCd8O4Y*EhLeQmwx z6;!l~F5^fos#>wpRv|}iqfTNL>3D!HRmGfFFCznOwMbO7$jWfN#y>~D;>94j@nB?} z7D@gWC)jOY%EbL+kfkzwEKrhxNt@C#S*7bx1mPp;MeXc}Y(QzdH}|Aa<)b;k#Qj&#FCJu(M`=>da+w? zJ*$@yJx>wB60{xdOA`|mu$SR$7-I0}tnV4r{MJxN%Wl@zoE9O-EhuOTqhhswZ7L1R zwUtu3D(%Ti5QF1aa_*RfgrGa~Tdls2wE0z0p`dWfzfDvGlQ;s^ zpx4HUhAUoa5$_M`Ejl;DD3*~Xjib!nm2!CRUXBsc`}<=Kx>nko+>)>dNBgODohMgs zz8UR2*Fsz6E8Yq$XSF!#0$p40Vb}25G3?l36*J|#Q6KzvVVxvDZeoF}x0+Mb-u<&Z zo*CMRCIzqvuOn?)X}}@csuP~D7Ph}!_{K?!rj_*t2bduupN=R=-q7loCdUTNt)AB& ziWp`riGTf(P%gT4V3>>Zst3#XUWDdYmy*-{bafKNHZUL0jZ5ZMJ#i`FFl_YJUE)so z3u1gxCcaA6{t61V^#?~RKE5bbdAr(BRk)o61lZy1sg;zLy4?N+OQOFplZsxCA1++# zyH+qP7rO*|s%_n&P?H6R(Q^y6@0}7^!RPB2cdH@XJ6$S%gx7Q2JaPXXw1;BU;HOB| ziuZgZ(X$~SBX<#t8%!~ntOMwx`pcP}qgiODT8ElNC)=qGZ|ou!n}*)n-|ylNbQMi0K6KF#8d2ukgL{C?O&L zYwZ|V8u+yXP*v6~g@}TmfkOcO&*{3u-StdEVp_!JfNcd9dvq+{ib5c5oP@dZMM7vo zVz)WMX?3?ZwE%Hq^ls@54TD=C#NVHcH4`@^GF=i$JsX^3dt6BF!#XaukA{louFemY%|4^E;`GMyZ^6xt z_7Ac1J1+9(=H6exK(0jm$fqv#KA^ARUBO>Vwo~@^ctwohl%0J!atk51*c>CL$;5i} zb{H()(P3tNvMqfg6b?30Q<4jD*oV#BWzeg&JFpH@A+(C9`{qg4CM5`xSzR1-pB|gq zukpbmGa`;F-6IUdlUbIc!bhf05pGBgnfg)h7*@pAl3BlnZNvNldZVw)X_Q+gZiR!t ze41LA-U_|dh~apwfUXnH-aJdwUkr*CO8I1a7|>okmUP!o4Varg85tK#Cg((KXYVY7>^Sk(KE5zoE; zxQviSE$wW?Je-q#tWCw`qQdN9G45|7wVm!Tgx6vY!8o5slSvXZ`~L%3rip<4QZRm7 zfjb1f7r!`;a?DBHsNwdK+a>fc@%V?foVM6<+JRHp6rMdgbH}s65V=pMi=|lwbvY9lW~9LRkbyrP|93A z%`sr^`SA&HNkyP1=VWH6MsDjUJuhO-)}8~Qx#o$I@_F@6IymnsqO@EWuh#6fnKQK{ z$P`t_PcgM6j>r>$tmc;=MN40mb8smko!z7i7b-afO=u-HXT$mh0#?L+y+&V;#F#Fp zeesJn$o9x96ylEiAKvf-j==-{-co?dWY*PBH=EabW~2qCeM;jfOaB!R-QA{SIaLb0#4*tTz&3^h?=7^dYbX( zv%c#~ZMxU@jp3#KrJoPl_ml!4gW{4JFX=NRAzwX>#s2hVyHIMOSvH`snwEH7=9A_8;+)k}W8%PJ~)Bboi4U9%lV|fzG^% znvuamN2xOXbMWZ^^vbwEr}TMAceMHR^v$g2x|AZ%Txe|hJBc0R2612iq>wVS{I%7a z)R#W(SpKRyGTM*)xOc8nw2gWl6(V?=4ITvHl*mt)BR2;1Aewz#$**;!HT_AHh|-{7 z=~0Rd7hI=_y;dHdh=&~N}@VN6fbkn$@D}94vwPT+ML{E zaVy+i03btC{qdpQsU9parg|r`l}!s7h{3MSeC#lsp)G?_uaFderJd-cq!`ISF*S{e zglw&@eGV3BZCXQsq%Cez@LUQ-p2s!oX!mn`K;h_&gE4aQ%X*?(MJMiy`7{T53HuWx zJBOAQPK@sJXGL?xK8?W02SHkmAHZoqI3v^WD|BwESpMK2M5!jQXcfa2 z5uVN;l|Zd10)t#J`y?;(`w=|lL~GjL6KKIIIsjS;G&gdtTq(urGDozAB0*P$R41^D zh4GWmL^D-;NPPFI4WBf|mR2^FN*}Us)^2$9*xKYLn;XIgeNFuGPkDhqSt8mz8qE z&eEOh+1-^pD$I&ww9)sCIN9Ot=ptij-{TiVJ9Tc@fR5!s*{7=q&mvu2M%YX4J;~)P zIad!fR6B}f(ESZ(2y+4`qSNuyD_ssxjl#>-&ECgRK}lGT3m<+HOzE|YdKCI zhL{QWE~9T$eBR>qNN<0V^fYJtXVsUic2T^83yR?F2kY9F@H-!?z4+4JU>BAQLc9Ex*{nju3sQb^cFq}* z+rx_!K(l+TSlfzj1Uh|?v%!d+Qgbsfx{y;(w)vQc^~dY7Vo1C&9?HGhy9@o5mM@!` z_y#Sv6k5Wjub|i@-o|gxxvbah^MRJM(&ywe6w8jouBsjV@X)mVGYjKwH{Lc6<9A2oauv(sKWta;o=#zi$;ACcX}Y?Y7DBlvfOT;7m41AZi?aFp@24kpIi#Mt zWODa}AO9_K0J|`N+#pKDJZ*+|Tlj+f9AnZSc~xQsHi9Jsd(` zhSwbGs_P@o@^9O%)g<8kf0Mf(gq?H0ng53c_B8oQ{NJ=H|F|nEz29^uMz? cbN@Wx+dZ0PXM!XK{&^bj0qP26a-Y8c7wHO?`2YX_ diff --git a/bcs/support/images/pc_customer_subscriptions_1.png b/bcs/support/images/pc_customer_subscriptions_1.png deleted file mode 100644 index fc27c2c26cfd2bbbb8fdac0cdab197b1bde7aaea..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 43712 zcmb5VcT`hd(>H8KL_n$11q7rKhR-lR)!CO|?B5FjYM_s~PH zp-C^Hym;Nu{e0ga??3OXm38Lqb+Y%&KKsm`ncwWNk81M7k7ys=x^;_KQQ^JDty}k8 zZ{500`|!?93r(QW%bUw>cMbWsx8VKs8#g!itYuYYZ`~@7A-XWVe{)ahqM+}7>lT^E z-{0+7D<ys9bez4mGef(MnxSza$+{ZY&D;Osf6ZJ{ z2qb1^B9Tc+$mmQn`u};vpJz4&dUyl^jebuQ1|1zzvc2^4^K(=MQEC(WUCO1wx?!|a z3So=YUMlLE%Ff%X4E0DygTkUB{E-pc+~evq0Q9FV+Hz-j1QL2%RbA5<^m~hnNAG7& z0e+XBurusG!(3D~a%yhiY)WTbR?m;Nm8oo-lHOGb3ybcE`>rgS5^u}N!|AZnb=vZV zhI>;I1<*pz1R>p8@X}9xiM{=h;zd7-sphd(jhLNX1jyVs{SEyAn` z1RaTq7?ThQ$nYT(c_iy!Gc^dC7>>NAy-+{VV52Yhn0k=?YYeX9Ulk~ z_*_^OU5C9P8QlzhD)w;qFzLCsVW)EzvcJX}at2t{U3>WV9nLo2P1lEnExzh74-Cte4P(+MU{U8u^FNkCiUV~NFygqIVA991p9GEf)GgW2{5s)a|X zHa0d{Wo*b_gZ#b<*B@_T8{P3R%ZQ_7KFm07t1|DQcu+dhaT?`%($!O!nj#@D3K!C=^Vl116Zf$fahk5TUb~T7NC*@w zH8iXRta9kvk%D+Rm=u>n14m^jE1hS{&3oG0Dmi7DS?1-rNv~+ZI zK55F21=EudgNVNh)17Q#>%rTPREZDAQh!$zbV_a_w`M9Kp@Hb=kPzfmJa)&wPIlEx z1g;-U&jj+AtJ%iZL$>$ZXcf3dl?f#D2KCs%g)%`W&79&U3rivC(-w6k2u#hBE<9i zos*c+w*i`0g0Tlbq0$gGfEM@?Eri;$gJ#*>`^y8imXiJZa z_%g0}UDobfABb!<(k3c=dqf-_-tjD;&i}x;xV5A=woEU8gIvmSTa&be{9(}Zfa}wH z4NaGga3H1QRD}pE%?hKpqI> zzLPXI<`2eHYm1@zRtaiwHa5%>5mvBJKrZxxYYr)<^e-~|tl5IeKj7$_0`dym_bjj}ad zayy8)>T=%2RWW4~@QgaOhEm8JhW71S>%uRV^gY5r{fsJ&%`nf^SydszugZ z(`v%Ns;zBaIbA97rVXq8hX-+G;mdZ$jzVo+yIX!yJH;|@pNIPJ1$3NJb)v?$Bwem% zOf5ESr1aIPp)XnSEI?E=tw2d`$QE(DBxY0#6YGlz+~O7wHd~6*_lT?dMg_ICv$gw~ z*CET8QymK=KQqb37v$u?U@&;_?D%_Yo$FOW|4x!d)ZVw9sS`;AU;}3d&__-WZUvV% zHcqzm5UBkCJGc>Gjm{qAt&xbGPSGAnpSes6kF39>^K%3(U#bGtbv4mzX;b?bL0b*K z(+)zcke;3*>bnjmg~7ew&?SX%ZW+r?IIotDlCMY+;c)atw_ge;tZfL}w}(VD;6QId}f*XXoq1U(wZEFoi^I6L3nY*+y>5 zLDQ*k3q#G;=K*1+fWu%|8tQoQ$=lowj3bl304X%kcd3OM%79K|fQqnyNQH@2^D`^| z9H>)oOVYf1I8&ivNCd6v%|M1%1V(vjFp9Ldv|w9W+^GcS$)D-OlY4>c;oZ}oLw^!$ zI<+L!@NBKKuRN80dzTJt4Gn+9O#5<@P@CGB($HBKU!)!juJwMK?hx`oE(%nXz;`t> zMb(X+yEGh+N(WfwQ4#%)!{>(y>Y^Eb-!ZRFHWof5;i% z7~B06o~G2)Ox|cRaKGv}NCJNjzq8A9)&bOFl8PvoY+4&>x;Ae~mDj&t zds!@WeRZNfkb2L`)MOpn7s2BQATA%ukWp79s&hg+8JLqgT2y(JzR8nJeuw$HFB~ zSLP*QTksgw2Wz#AiCQJ1Nx~PZ&q}am?j0YNA3IH;t(OEE+w4V*(f*e+dwvS2j}9;2 z2JGPydq6_fv8OrE;u_z!@B;VqufIiYxCUe_7GqO)3J|3s%WqUO$4H`n+$7NT*D~ke?D`TVCcCk?r|}5)MG7LGW-^|q+mB>SZ;NalShp(k*Tok z>u==X1HP_%bf&F4G+TB#5tT05G*hpr|IWGvjxFj3O4V6kE?RQ)88`W_c6zGzjg#eN z&JM2>6DO_PZnm<%hOu(1n4 zxUob7r~rkkm`%%|9>@@OC2cj&82p-DTwFKtd3U2{9Bwp=_IXNnm)aJ_H{(yMJLh2Q zJHT4{&>3ub7QfPIVk8cBDK9)eFO@(`f>wJIHxn~j?*$})dUSRrUFNqibk-yeVdv|^FZQJ;dzKj1gEpfnQR3WVjx%V>71+_{ z34@r=S$h;YM3;GY*sx|t${)9NWS=auu?d6y1OOXPrlQiRqjxoR$Mwp=o5>t%S>ge_ zm34x`?cnYBaaz8+H}M z%*c>_qd&I>rv$`oj^$FAW5Br9(kdZ|uG$fE(x(N3+0Qhvs(3Nf*{-hdu0^qP0h|K> z$(jV?^#ph+$+9g!OIU1ge(5Ii!HawuiRz7(7-|#uZ&6iswFfZQw_onYLo;9JKQNXq zTS2*-rBoiT0kZ>6F&J%4ld^G7mrUy88JDg!pxY=CN$t?1}X7B;}WZx=KGx^L?UY zJ#Qb0IW4)}#J*weOa!=tB}6Y{VRw@}JtgglL#1O~bO$zz0-l}+M-3dTMox9evDpdbn&R2%r-bSGKuu}ci)dWK)akP zvAGJ#G#~xyKgt@=t+z{ma=bhom%fTUk}J|>3j6ipb;rD>1B36^gs@V%aW(puBvD-p zd`F^o!5J-%PfJr*-(_%+U98JB=iF?wlc!i>oMCCWJR0C+A_0w%hzQ@XFEvBqbL!;~KOHdtQ+eW~jSZNwu$N*?O&#u;uHdCxbyok$7=lkR!1+Cd2xR<`PH--=wbQxJKJ1X2 z1a~Ylz=37oO17N)L>pZ{hh?@)^gdTO)fyRfR~;boal?%aXzP|5*Z6F(VEce5^Z3Th z>CY~4YpV2I26#7Y7Tg3{-0<;e!g4(KPH#eoX!KTXDn){?!DWQzz>hNY8bbUYF>zAe zIhc}S!HIDuhIh+J=`mrXYTq9(y(Vvk5Jp=bu~_+5chi4wfq=>6sP)Mmhv**yM~9x_s$6b9ZofMT)1yEQ z0ej0iJ^iJZ*sDNS?IYnD5}MOOZBMFp)cdDy{7&`B+cE6lvzgHPoTLbbS-<{Xx{Su& zA&+Dz@IpbkV6q^cN{z7VnYzqdZFkGwkd?GK3C&W^(_SfM>KB?|<_5nzzB7D3 zW;STHAOY9ICyCIvl^QiPKbd^iX~$oT4)5H;M9G*_)mikf*HJf=G#xM?W9m;@REO`&_^QE#)ln!k}5nf}C7fAt6NXFMO+o6~SHo(Gy7_B^)s-j|?{b zel)u8zXHN9DHMGS>|he=2Kj|S4SybUI`_M|?f-G{c5Rc+{OrH9MVUZR(nl?>Oa`-e zW-=)W=tc2J+u@soySa!+XbhHIJr72y^n(iZv9-rMl7d~cX7yC(7ZnsMe?Sf661lToqH(fb5b8gxHrs#f z743`}y29bkq^pFr$D9Na#rEy@?@vle2aGgJi;bPbAupwy_W@amhmiwquknTX=YUiE zuGeg(;_rH%__>l1{fhI&YJ%0BAz?Whyoa#x&9>qsMWsDCzv2)&(C6oR{AZsSvYV3f zel6*K{ajVM6<>>X^#IsZ7mAj$Y5(_&(b*CstqG<$2UvW%;zgiU*j*CRPLDN`eK(x z1pE5Au2&A;L7|)`{LHlv$Ik+;uxWzPUCgtEzoB8CURTFOO;a3JdUToR>qOdM?vH=- zd)b33pyfx*qIT1E3@hNQQpkGZGhD^g=e|Dq55H@-MziY+tro--k0E2w64Zvi{5QS* z@qyA7%`YZfgeqNCjWye(Of;=*93d8Rt)aP0X!`+iYk6-+K|S}o8B&0@>)wd$Z#HY( zM7s37rM(kBFLPGm5gWn$hI7CDU>Lqk(}Cz8exFxp*LOFg?!jWqQvUq1Upw}`ch)ec zQtefG{PvQ8xqRZub*$dCbz0Vixr~97A2*=q|;2mQ*uYJ z>(v_2#@5za;t;IYO$e07DRGXgyvSSJmaK8F-b|8Iqx}?5pZ{n($l5vS4938=Y8sc|(PSG}L zqQ1$AHdGv`%wJIItHTg&L%ts8!e1Ihp>3D}MO6@o#Tf@$hv&6}o z<5UVR5AXM{E?&i4iSNQ4J$es_n658(52*QmoJ~LcqHpqS_2q+{nvg;F1aep7I&Xl=!$ym$i#vyh`|f1&QxZt97H;RZk`G5bl>n zNrbW%NUb~Lz&e^irfl;Y7;L-M<#>P*8j_FIO4=qWUGL?%Ct0}%W5884G;IGgcRN3* zuVF-Y-fX@jf(kHLt*>`qMW0pOQ(1{vWm(HBxV$ISTX*G5*-yaEXkh2UBJiB1M;Hx5idO%P^Pktw(g#KZ0e-RR(AJ9~e>RxPLAum$fok1$D z*&F}a`0IN~x-ShU8)7h{bA6L?f{D1oyCQWt{+lva>n-ZiXtSN9z-q|+(@4VVi}|m@ z(wT${PFJa7aRymeE0LCOT$76Ue1`1(ZRrvg)?D#n)^f5_vy&>-+ZHNvr5TfXl>}Zk zxM%m)EE>Fh21GdlgGYr7BG`?M0@9|B>O9>LUsDXqo~jN!bRaY4zkg@V+=)B^xMb?L zb{J+p?YUjS@!cGrrKJm&AK&5j@qytC+MiB}F?)&!;G1N4rk4`ZPFpdRg)BP@!Gc9< z^hT8%JnV?`vj<=A(@sTD12nXCjO#W$+|)v*57xr?6+5bAq&J@=(Yov)4L{m_za+Rm z?c@^g-`!v}vdTOImj*}l=d-uUAc?xvNQN)guRUk}C_M6nQ2e03URio8|AQafa{JKHV;(l1##&WEY9dSzV3%6SC$ zQ$y8FwARx|ubil!;VkQ9cqHal`ghbZH7}kn(tl+Yh#w@K+ZL75X#T?T_3O+^<%u8!8*_auPqF!zcJ)v6H*3RTFqPIW12=@{NwnLy;&BV6An*8T_xqE{E+0xD^3@6dhLl3kPy6@*8Yt(Tz9S_5Anp7#-K`?~q0yXo?b z)Gw#S&wtL90_qzY-r#xttql|-_K?HTas9g0b}7lC=zB7h7yts2$Tq?I=@Vot;~VL# z>1xoyP98N+R=VTxNc~o(hy;F<Xqq6j|0!hwD&@L`;g_gVWIF5r}*OS|w+uzxXOIBn26Q)FZ=<4O|c`y&R z*PndaQNxv&Y8SWD4EE_S2Tum-Y>H+TJ3;Fk-tQ{oy&KL-c_GfrV@Z-|A5M1O?TZ}D z14AYb0&hpn8!SU-WY*(RvT-IwpfkKwsLtaUXKr8f@U2F6pU$@Pp=O}}Npf1+xx|({ zW0#hMlO(4-4>8H1m!JPqAf{5wH$LL)WnzmVTC!3NSl;y$WB027AiaIJ^R>KPsEc4v^-oe=Ygq70p_? z>9`J&FM1@k@j%;y;gWoj_0A7^-WW%d3w7f5!$Gw-RkN1VBvWa2bjN9V9r|*Xf%_Lk zg`R{9Nj3D1Ef<;ohkLXD=O23uORMEH(DIzHf>IiOs?I~09ZsHUdaY>w4*zLI?*zk? zLZOBx)_)kl=`^Bo1Xu+O>Q(hi2ylxJ0=S!+58CcW{JCeCaKPkO=zvr2{Efl}{E-ZN z@^il~x*XK7RyVT7cy49&KwMm$9t-+otDrMcy@Z49ifc00Lkp@sFz7eFR!ZL4x*ja; zEjKwI29w&u*P_%#)F(Gk&@l^7-pgjoC0Z#;%hJXUr+P7of+BN7ri2sO_mnuQXoO>! z>uc|!{(!PdcKWYf&3J~JkC&6$XbpDR7yhP;WbRJk>>fbWEl0;cJixcMamdxqX=nnkB%i2%J5*38 z4s&k=U!kDIhVR`ih|@VwRBg4;n%Z{*IHUS^?1`Qz|1S8C#brn z9O>`rakMWNkzA_RB=(4I@6Ru?6|XGl4RSuV>u+)CdjMlINW&?M&?ANX%GA`2jg1|9 z!jxC7#)ZCv223DM7b{MnmHQE63{?jtB&5W|M0<5*kd^bw8YZdQ{G6PyQ95DF=-9US zHYF`3Eg3E2vfswwIruFGl2nJ7Z&m?;Rvu zTE>?51^Uil$~DrikH5V?c`?!b=L@=U6}>q?QOT{tQq=SidIT`3IjMtu6cPaGd8aht z&n}C#ziTHUWVUFZh44HVnwb03EKQ7&t9i`p6i`P3jkSdpGrWdio7a^cF=yPKS^Hs; zNA5xf`A{_YI`Njr+`BKAGklB_KjBboi@npWK(^~q=NbBqjSXIXl&`QG&vJ&%rj0${ zTy{W)`-aW3Tx#3vFel&uhLHLBoUahC z5(A_M2A8O8;^}t-ema)Xmp=}B*GWbNFsQOPg9&&3L|)xwU%edkYV1~E1~Ry2$O;)1tzfVS$y011MaaBgPejww8a^_MJk;Rug=Jze!10lc!9FVAb{Nv z?R6daj^L!!uv~BN$bL6D^U7@bqC2KCb5`T)N++ig(yXmJ@c{~T&aDgAFDx#ob2viZ zCAdl5H_g16O-5zH;mG4c;~UYijZR08{4D6=#Hazrbv_ugv#vqRhyLy~KLV1i8Kmu* z!14^-z^RPlQmuxq*z*PrHeCr%EY`to@Cm%psrQIOMPH2>6Ob^7*V^`ReWfhc;WPZg zSnfr<9ju|L{ci5_?#;ZAZW-3R2O4T?2dtp{LP;2=YDV4wl>;Wbv3O5jAX355&}${F z?`F=X>cFLGsI>n5YRC!01k#pQpgsqvVrTYiwa-xWnGMhAOtQY#*0IBGA@6it&l7O+ zh<+8Vn6rdPsfOnG8-M=Tyq}@|)ie7U^h`P?t+pxrQ6zT!D4qOjC@#{0@rT~X@ zYuYh8%Co8jk89CYJzCi^jJ10vu-8rbz-KBA7m>8{{?Sc2LSXNOUvZ>3tXnw~)i$m} zQIuaGkCHJI*iCrn<#^Dobnr+S=Jsk$#IE=XuWr@AshPv@YV&6?443QoA+LtS3L^48 zWC(HoX=G4-KmNhg&DZf|RA(@g6r-iBUF~sr6CRIZgyZ%n?=#D*$lX^|TrZ{#&&-J1 z&>nKt232v(oKe5?6DB@C`RtL{IW_c1bZWa22@4mf7*4*t>g)e<58z?De}_WgTPtjG zC3``g_%iylBeAfs>Y;MhAmJcl_-&0A(YC3+qvz67@hMuEox&ZX$XRAtqzc;BZr?u_ zm~}}vsKyv)*{2rez%{iiQt=Z(65K$yDMyRzWX#EsV?pHlX|VoQ^S>8+E2QL(esqJi zy9J2{m8zpf!XQWXa)+&_)b2lw=ePQF%S{NNZ|v;sm=&4CD)z5>W3_XD|AZ{x2D85@ ziVN6FZMf@UF+9l$GC^o}7mdn|P*$vUa>af+WXxrp(v>(*YnT?bfFsb^#FuvFXU)rV zwLEhnUi-D9({JA1LrHre;u;4N5cHF39;7R6ov%=zY}EJm{gQWKzRAG;n60P#0d1e& z6phM8)4B}~f~%X-h{WtW-IgQXj|oW};7_Jp#}amfFYNPHjKAZuJDzQCKf#`iqi1Qw z9#$HjVWe}{{$SWyq4vihFyNrmcOA~WDI4=#03Nj?Z4gaQEY()-2YxuWw~Z8|kWUu^VX0~eS@n?}#ga@gaO zm)-l+!e(RMdVNAaTK@UmQf3Bv?`Adoa}6pzKL&y&zGC#~>!C1{u{8AgA3re(jl4HF#!6wDDkO8(tGR@ zKNjM|L20mxvG{`%Vp0boz1olWd1d2s%;Ez`Zvu;70HUea`_)Zv{2c#^e5>iD59$V0 zsB~;alXhzTZMmUWUjO%+IoZPhsjB;@PBUJnl=weS-}=n=ef00(f2lW7gY`e$t$*q? z;{V&6!u|i!`B#;{^@V@QognpZf#P3UB@wvM`CsZ~_%}rQ%cn^EZ^zHmGcyY{pcIep zpPkIz`S1V!D0h5*^_ZA=ytDLD^nVq&$W?qn=I(xQcCcn|V`FoP|KG|$|DjXgs~v1T z27{sQBmD0;zW`Iq%gb=%dLbbp3g(Tud;i;gM2H0pTkrMm|C<_b^TOc~!~Ei+XIIw$ zJC98^&YfC55lK8_hRA!WI&+WytIRz0Hqe?&)$!7pt~$#|%edlndROQFC#Roo;qcgy zE@trBVS%htnM)X*#bXF7DnaWh%U{!pmduK4Dza&OH`}5M>P6$u3pv{+YRE9uh2zH+ zmIAWMww#G43`FNKWaZ}qg8MWh;X_PcVzmu5ddRriuO_`1_X5IX?TT$!S?{)1{1_fv zm~6hz7Tpdm%R^fH0n!K8yqfxyq&;;mLSSFjcqdgO_t{^E@WyZ(3Sb;;#LEp2Hslfs zibiSgNHcQye)iBg!acpgCWVp#cmtS^d!ZT9a#r$mrP|QTX{Oe{V=%c@_j^9v)Q&Uq59nJsXSJovQ^cjh+#JOFiT^MEM=yyAc;jd4HU36i@tcvZwvUb{{&k zUlpyy72hOqn}t8|03Q6S@U6YlR3&-c>t8zCZU}XYx&XNVw=0o^qnfLAQq_JapMJ@S z&(9l$aeXc*|FOu{RsQz&_7wV|8jN8o=u=HpuYP!Wfa0*V`?-hdwM38B(NKHM)>}%} zhn#($weq`qCupEoHRWpod5psZ_{}P<5_iyB1im_y~n76P@#s!ih;9kNwSMfTp$5l27M)KSef@E|roxc{gE> z2>;c>AB-;E&PofpYR8~>Wtn=yuUWXy?KS5+Iy`M{2XeM=BFp-Xy8{T(Z|NIQ?uW-G zq~WSXJ#-iRc6pEc92LJyJESxPymWFgV*GS3GHLb0{&Rj2$tsXVLsKy-p*>lVAWlVl zFlJWZnH^Uz6!-Q)tE8Q*TUAq2fX{vL@bz80ooDpWp0;y>)@XCBD#D_phk}&yxlMWK)S&mA$oej@ zFKZniL8ya@$>p!D;?6ERUiRl~gy18<04iJHE;qpT4T+1Fwd24a7iPZ5j}pIf4xiVD ztH`pC9e;Y}CtTNQQ9I*v_;@d*{P-q1#NwL)wPydcG40qoe6kqj^r7aXuX}TcD4oDs z*_-vUn%4sN8N0;^0aYLA-a7M@GDs-%$ueOv2ky^Q3Cplf$ zRh*j{8@ClB8ru9|JT=zsx5J-`S$QQE)xEPIo9$aX7Vdcie=jnbyLW(;@*2f{9Bp56xivI(tfCLzV!8eY4=kF6&iy;ID4&_ z_x<^$W+!0nlN81GN@nx}2r)N?WQsL=NAHWRcZTw!qPz3ALPO;d>4(oZA*$v-QlY?H zvwOmp_$?C)ULW;be$2^Y0bZ7W581A}JJm+WCcs=U)Q6E45+54qU+?x?TY#n>HxH6a z=wf{r3^nEkb_b;0P6TMeBzgJek?=~Fhs~c~eOM!z^9hvW8jkPs-<;;yNs%zmYbnXh zG(p*b_|NQ9?P@vaeowKHWPRho2ipI52%TH2V=_QaPjNpWrv@LKGQVr`wRrF}@2qQu zoZT~X&-Ayt6O&2Pp4*x(4FMS3xwr)_xe9>SMJVTP^_%!UqlhBjtB~@#^6?=;#oR6U zM6GV@N)#DQbcAx<`vLqQq49D+>z>6e{6#(+^0pYe2uC!1qt#RT5JFFpDc3_C;rrN} zMTN}->z#Y8X73tHJZ<r$W5cKRq%ag&4SXVY2vJK%akM;q@P{@vf48^0AoD)!z5q1+h%+YF)B;SB zj9Asyl0mr$6q1GMA>ve$gC!eX2dHUUrDa@~67 zn)R$U#xTi%c}`jnchaIl_cBH_825&PmD$4Oy-$%|0|kx8v6xZs(4j6VMTXAVZ+=W! z${Vt~EvhG08T@sjJbo~SddI$g4I%GNi#$1N^&dM=x^cOx11Z7%nfgNtS78~`L?LMZ zEL?#r%fkHGG}dfV4?5RwStPMcYO^;@uEx-)nxN!v{t-9N(__Un8W;f8^}r^d7;iuFDYbNAnM ztUf&pW-Vy+r{?d*4BnXzDYedwgInvbVP2PLFU&~*ux4t5td&Al;JviAlJ~(`U# z6;~GsRbTl+gOVnjIjZfph$Agws$%<%ENoG^eO~l2{f;K_Di|o{i6}!tQ56+Q3U5V} zdYRjN>czyS)6noV+*f;Sk4*)Qfkth8 z#@7R)rS#1j2Za|bl$Wl$EeU)3@@a+m3Tr`11pjJMmwVfi=$+xaOYQ}cia$0c2OD&m zW4AnxXGAj}kq>_Ry~C##O`^Wb2t;kF#psC`%v)ak(tLV11yopr@N%m&8Fwb5HIbfb z*?uMFIC?nM0@N_*+a@nGMsVoXT}94odbOBnud(INRH{cprnv^Pkg^h|>1_0<>veBt z?XlE_{Ua6O4euizw>-0gHbzqVyGo%wF4nt2=&8Uvz#_;_aCn@T@-Kx$$N10>exyz_y7|Z`e(=A@5JJbBT;AGTuJ5O_h z`k}H(-;~ypLF&w)%JZGBetuKUf%m>N5^=Bb4})LU$8Q70XM2*n-wRS^G#sM#J~nr< zg#K=pZIcS3fxpWC9=uKA(jKfTl>bqQg(&4q*RS=3!C}{H0Y14P6*fNm`BU9}Jq3zX z3c2L6x6>RnCD3jiKD6Z*g;cXgR-O4>%~TfWdvS_;pL-@AM4;!@q*KM^$XSHfQ^!T~ z;Gv-i%Z{ptv8bF_DN4QG_7lS3J6D;`_W01j;j!_!(3et;ayO@l8r}(SmQGzs@gIVD zrBvQG)tW6+jEg8F_r*R2q)-gTsZc^jmd}c(d838~R3!fhFz)R&as!rHidEz)Wy*Ia z;)vSS!Ybu`a+^-O3yNLOFo$6@8ksR&ex&(NmaJ@|<(h9j+VyCQ`^e4o!=uT1D-#P~ z(y_U58IQwtBeQFDVs=?D>#4JmOX)H9Tg~%WTUc3G%e(H6Dw>9mS5B|`6JuG;XgUst zQctb&8Dp%t9Ec3`18(YPgv&q9u%yyASo@+Q`BOi;i8Rb>H!WLC3tB%i8PF2+U}}j- z3WQ==9cYR+R;BW&nA4ytyO3Vb?=K6+pUpK+23x@FMKx)Gj9gCmmXVMsgp4|y>4b^c zvu~|U2)bSpDTu_Ob|D$5g|WAT_@K7?#$m*`0A~IxL5FfXnpe}fPWh+i*2g%!RM9U1 zH{0gA`UM14%9pT~+@ zf~4uEZ;9{$C;Ix0H<{18M5P(052qNUmcuKgmh?-!PjU9CT-CP7CyH`vHEJ(F>OCKn z)H09^-*-z{G{Y3yId-aUApI1p54x@yZ$BvZrs5aEfv#2~c?qO+D`ClkgY(vq>v^`3 zn-mS6;P0A!9^OJqpmo6YAeesaJFgRku3C+%m9|J(Ol=&QeXV+PC+FptFK*ol6jmBy zn_!UyHQKo)$tMOfarz3=IAwT(JX`8}3L1GN=Yme8T8(HVwnv@|vX~MShbkvb|L69B zucsE(wjyJFN#@@3z@%}hwp5Dy^YYkky*T2n;pVu!*%rA*-_41fAd^hD>MGS zdont6?UEZJ-{r_!TZ!8|_ldZgrXD{CtH;*OHANo1w0K>bu@*+>30=|Fl+(O$4#>pO zp=Sl#bY}}=9*Hj1I{}Zf`Dlcs$|RgA7?zO>o;=bTGqSI z#zU?4!qZ&iTPz_BEShy#VK=;0p#Wt41{vV$jdW@gQtf0H&zwc+?{UGik8DHsRs>Cn zZ8G$P3>vI^LQZuoYP^rVNIPnBPMC@ym1=Zz8GTwev80I=EU^AVQN+gZd8hnZW>9b8 zOC{9_Bxo}ntt66z6^kRAsJ;3%iMKp4zH(=)$m3)|H)`F z1BBupu+Fq4t~>2vbn@0p>LW3aeU%lLGZC~-`MY2zukFk5BAX*>k{{d!-Cj0n``+V7 z2`9Pz@j05S*9k4UtqExgBkstYPRn`s>s-023+ec8ZjfE7%2N`HPF#<+ZpQEmd3QG} zFCWeQ152~thg+)5@P)vojqRC5ml1dM7K*?RlB`MJu#ReVlw5ovX)peI1VVVXam&!j z>8?@Ow}hgs*jRALqZo$j6ynzEIKFnO*A`h{AFJ!V*XruAFeg?_hD+1`i2tpGW#Ip_&S8kwX3w+Zf%gZ*=zS>Pydrwf5f7jZ}Hi zb1JG8jcR~zmyb$UZ6y6-P=?Z`2(^4_7C()YO)^i*4bxQ?#;}rRGz+>u>(UC`Yr(8f zM6x;M2eyLRKE*wvX9fp->=RMDn6jEtdSm~q)y~dnP!1?{EbUb3ZKa;*cP53f-u>E`J58#xB|m5 zCleB+r^%JRrhpk%5dsHJ|0tql;0coC=OVF;88=sB$`N~lb1xm=PUO>DZ7Obp6e_TAm0e5Xt5Oue*8 z7d^w#-}%AK7|0;bS^7wf_Q)tT#lYHa@9--J37oGVzzCeJIkKAG^a6g2-`6YBEb5o? zvD)6TbG}$NaUq#{T*1lvXL!;cVAQZxnmH?2;aHgK_|CR(!>d0dz;1hS=QHR!+Eqso zg-O&)7aX$*g%Eb;D8ISW8`L*hTx-`xvLc2p^XPwzd?`A7K2c}LXOg+oucPb5AbQA| zl`(Hj18p%udC$(wV#a!x7gyx(Z?7xTK%-?Uum7owfMgeSKrbPEWa4qkzn9v_002o( zcQ+3|C!dXQQ%*9c{2wm?_U7EW9Gli519ufVogW4ab}jE$6Aa84J8n0+O6GK8amq!K zZEYWq+>$Ge0Ziha*sj^%Ju7FJgXE>|;P9Bp0Xcxx4 z-O6*8&+}w=wk0uF^SFqBvGHmCw~vt_67suVuTI5=jz6qM!$p!#vcyD3mIMBCn)+0Z zyp5f>rqA;WZyeQkje&F0)+!=s>z?7Wsqb28Y09eb6}`5E1O>ri&K%avso{1snP|8c zMBjL;@-^o=TB3X!Q-;zkJ zv%`b?VO$ItAr&@piSjsCL4OAu1MiE@r#Iz{ati07jbfUFdM%fYEx>?ii^2jS@~j_% z&9odR36moNd-pPglomeXhvVbjx~D0~)!p$Bly^ASPmh%M^sCPa-Yc+>P2K@(Ek91w zu4X|fw}%Q4p8l{~d~F>$6XPi>%d|t6&z)&(9$O#stkQTXEEIwd)dxZ*Y`#cOh+g<8 z*KPd1Vw~!!jy@8a-&2H&tsD}{DSA2HmgX#t5tkMjmJl&~Nek#v;Iw@aCf5MJGO-|U zBd^N5l5Kmu2%Yt3A#!vMbFv|<$k||XFv;pmRc^~4pSsF9tv=&CJ!CmQeI52bEw(f0 zM;w9#E3{jj$FC^I{$g3HjQy;o@hd>|*uJp+!T#``qPMRph=|(pK{zc(P2qe(d}WUq zqK}1rPXOgnFN60Noav9X4Wa0}B%2uwz)IwenYK_m4 z7eP1i5~qq5eL2AF(l?0%gbCGuZhip7$1yL5YZyIlNUo3cLhZ!qOizCdQW;ab!jU`= zD3K5rtIH5!wun9^MPH13`$s2;arw|GZSiR*CspEv1mxi6Fd+N+H^0u*H4UGNhu(+1 z{@cU<+Vs=5w64w^qws9$UxH;TkLy`PqPQQbSg#6|A@0XBc4#o=3($}eng^NFi=5w5 zR^KKMf0i&N7U^oC7Whlt^L2&oG5>Q{r~57UlnJ@AEZp8_)(+u0g}8h52J)Y0zH*ZZ z^x+NB5D*s>d1V?@AgyE_TbBz&HID2l(UCVr1Vu(-3VCEx6hX*wsK**)FT<~pLD`hu8t664KhzpB&zZ;hM-ufWRxbSmxE~+9>rR}T8skaF#f1}?1aJ}51#sw#6nE30JU^t_f49pruvSRzV_Ou)Ce8yZ-d z96lb2o7@q=DP@>UubR~e`THDwh|qm`pi{q1%&&c;hrsdW4J}Wah0nY^gw`G&DG$~^ zL02Eq83Fa*8vb$fQyk0cl+yAO{=%0_;Qbj+lf*CT>o0$w8w_Wk(pq!=*R#0eD%#}} zIk!{bef@ah5#O)5f8Yq1trZ4EiJXuhv!F4qZ5^%Jk@N1 zfiXIE3HIG=_R>m3iS<_QIt|E8A{4|mzqs7}wD7Zi^v%Ehc8YKo03z38TW&O2;iOL1 zAH!aXn)r#k5E~|YY?6PnUkc}L^4zxk2$d2)u2KUiL4ZJDXwhDjM7DqM8`<=v-GthN zsWo1Fj|o619t~Gw)d-zMex84IxG{}pmkqyJncnVpM?-wi0Lc#!o0>1P=l#$OsiPoC z))czlJE1f_S4>q-vNV)k5!d8oPF5sYni{xA^l$%CZLMEkDK&+D7k!`VjADcSueuZl z+#2__w&34p9%|w$&eFI0p$P{`noa3E5p7-A^NE`S3#OZjy!8SU*XxdsSK3Fc0iPin zqAJMjh6~Hr`zDect(${C8?KoGjnm**y9GX{bBQW`C`?V`wXm?P0=OmV&L-{c;-syr z9bR2ta^8g4{VwmXd<6Zx;vEbaX@MKBt>TB}*Lcy%6{K+Y)JG%Xy8kn6{UkuabeGrh z`ZxEnBnPLpJ4EN@$G-&UbN?cbEP2TY#N%=*GqZSkm9)fJlEP%Lvu6vfsKa6tEh?c` zvZ=$CTG@3@Gq*;BOe5-L@{u9JLp0YvRGnFyB1@?b_e1pz`K{YWlAIVv=sF+H73VRr zAI&^C0Wyi^;b7-y&U_wS#mLUa=d*_9C$SgVfBQ_#SSUudZ#A0MdWxfuur&zFkMu&L zh~xOnQ?&_KB-eH3s$6K*I(;BeI@r7H&)rhZ!{V;;ql4$#+|B3E5^v7%$6mkNda2f2 zDaNEp9SjnC-o0;ZC$-2=Qp@+=5BE|p_aFbIH*YDe%^rGj@~wy~=I~RdWA?U|Ot@=f z&r9fZ6@fRuTLyg45{RymukO{84F(@vht_+P(xplghve|k9_Ch7o-@)kgv4UP1fUlA zV>P&M9yLsd%~ZDT+4qDt8c$wk$IC* z4ZvBX-4od_3*uwJwsaljt`IJlUdvnK2FA(vQd*J90>xf-%O8~$Gbf5w$OpZWXKWpl z8FD@zNzQ5@>K8=ibedcW=8C-?ZFXXLi-Q)2xV^rs*BC8PYy0sfN;Q4rN~JrTBKr$; zNVui#;r#gn5z2VZvZ?ABN%0L{B-TKl0H*#zHUE$Eg7;@HoJhwAU!UHnj~^a}Y?DUG z@}2Qp^Ze&FlULXK;eoGKEY&s4{lVeVhsnNB)Yi}RTnogA_2B1Ng zwwQ;hik?kwlf6;Hv)ULSI{E~xCo#3Q(y--3?YaV(y!r%6|S2MY|6~pY}uZu3(6s4z`^Lh_vQG|Z+Hdyie z`ooPk?a|-h1U~&)7mCX7M3i!}lA7)slUz@-dMMA@%O}0d2abvN3)i8P zbH2SMF0gR?a)%vnhs1q8Z}G?7^MUxEdeq1JoXzrO1xcg+yR6Zrrtic zvrvQwh+YzW@uoO(m#j~S7L}R3kkUw`L{%%G59>s^L?m(7UGq7gY$<|nJ{wNaQcq2C zhV3w~SD(H~=8Dk1KCN!(kLQ~?%PzlUn>jN9{NOPRz|)8w>57jizRnZx3ix_oya#; z6Ou;J%Zh=4)+!OJK?F(-Q}Hs%lS zr8etB@pA3WL5tv4)d$rE<&!3PW~*o({K2^%r)mz=o1g!c zbhIVEu0to?wP2d8h}L^KL3mSd*STDWN>5YRVbZ`t9N}>5-8xmfO&aXh>iv3!KDbiw z$1kobegc=SGzJ?qh|>jr+flNr-ZSobkq5f05!PE)pUIEbgX}v!#SWSHG$;^k@zOKFr5SO?0xW7yQ z-J81`(^;aShOu)>ZSS(f=Of^qsyweC)~!4EN2!V*BF~>Hvvdy-_VX($+dz`NRCnP$ z)aVs%72v_3=m1xV_bbu-I%oceD*t~vmj88iTnV)vRq7i(2sU(baazOctjt=y`okWe z8{WeASO|MJTW3%7qo%W!2u?&7qvhV!)4>V*?&j+M)yT<^(n|r6(4~~uIJdzn)l2RF zeM7wpgqpDU8$eew|Lrpjp|?4WM<$xwo$2GF#caHgH{FE)l+RyZ#Yjz9#Y!0^=B*_U zJ|(@Qd%XoGN{{*apa0Q0MgGrq<8e4t@~{2e^!&KMAs7K&WVNuhxS|+Rg8i>N%11Zg zHGPYklC^{KZ9-HU3K4G9n8*%^q5e8q=x_`PV~9v!t4aS*m>g9irbOiWe!nedU?6h8 z(Hvd8To`h{@LP%)`oy#-$Uj9NOxtMJt3HgB7DYCGHG_mTSByM1qH>?pPmK;)QDr(R zIerR26K#86fq)Qtj%vw zWs!vp19KPEUp`pP1fjBcyJ>G)eakXL1# z0w-~PS=6|e-{l)P4a&klEV(rctEhi~UWfcWsJDt2oPTGH)zJWRJ86the$YXZDxZjPR|rru`jg z2J^`A*L*gpW*k3GdXV&EJ_xYsE-$@5dyrgrUhYhPvG0^48=oMLk!3GTulpQ4ah(SZ z8TXbRE7#t>8I*;k6fb-vTHd4J!lT)}i@2ZvkTWkp9rS(#WPjB?8!E0gw(k$9Bb8k z^lBTIsPSlp@YXn8O^{2CxbA*M+vEjpqpcR=Z;diIsl?wMztq~)ciT_C8WFSs@F~#) zK?O6k2@Kk1WgC}3>k<>UE$(Y zG_<62|Iwd*zLdz5bQQi?n^xCvyo#+otr}x; z=G`igmQ?NypIS9#N5h z3di8QX!Xg`N#EBO(o3%2P9{kf57s2Qn|^t01=iA~FLC5&UvlTAw3P2C#e8%w#b14X zSbe^Ef>}~7=6~E@jIUgebyQT}3Y3(@8|7ze^?a0Vy`R?86v<7(8F{``l^iH)VevGY zXW_U6Up&4{^8O^NA0useVfEgHF}OV(czN(fm{H?WBb<7CNJokgyVsr9c?&u6}C2L!8jFB+v1tiy3{cZQUd2 zXXvn=zFm_|-{<&{XY5X-e1CH1>S!>Q+Z=NLwTtAN^R?UC?yUTAg{us$T%J$ z6W;2EKqG`@NU75O$!fv=ANt4Mlb5=4Ijy?hz}CA}n@ms-jl!Mp1oSi{)5kq&Abro0 z7pk#x=xX&;6#U{mz25ZpF@Qf4zj85@AcERce=LH*&Scp-7MYVgUhfET=BSp5UFqS$ zo4_k7p1|WpGvQ(v<00JI;&J+9<|gCfy5w2OG*BIriz-IKpEM%jhSoc?;;O4Sq~uLe zGw#KVj^F?qL&;O+h#qQ;gYfR>55^>s(ZoX{Is9gRIlD_*SoGE4+H}{WlA0^kE2RQy#)4a%?w#GZh}P+*mQ&>gHR~ro?GaO3N03Y z>J~Tn2uM=U{*H^qyf?62tbTS+c73B@r?*Y1;huI=jea=$nu0acc!CXVyRZ4+|IaYy zeO;(m5{`$AB_+LqpNB0iEDrH9Kd#8XgpYIw+=HiIR2FPH-&6lK{e98Upd+zQqzWpw zJW3UuC@QqM_ExxeM3<){H7tCT*%!89wa+FU7_}-I(e=)AySu|W(kjmel2Ir_{Rx{rMMPe{dG%-wzL;k7d}3cVPlm5I#+(!A*1 zpDM!j%h4Oso|*Rt?Vs0fULN>gE;PGZ%+uZ&B|jH>dnr+rTmqG!H%p^Brav1bk|OOo z(?2}$^F5w+%1UQyhz`EvyI*bXatZ+pafb3g3=YE_`bu+oKdp7PdSpM*)dX`c*;wr= z+;ycdT@}gw7G;<{zD?(wR5K`BdwJTK4TUU1n0f@$k8dZ_Uz$7)*oqnX8ouM$c!sXj zGVBVN_=a)Yco$#4&L6GX6{eN<#xKrGeAZ6Tj^|558t=!oPH&IwW|Efb($KZD`IpC0 zex(Epo!^|+o85Xdr`^&QtW_%Xi7&glFRi1zr_xBUi>ojDj6`0i>{p)7-1{*EI1v{w zXWU@+TAiwquOS8?T3-yiIVTCPZw{ph|Ng;-x|4y^TU5-%6f|r+Gz`QBL7^(}FY{!@+&>}*9=uq& zGJFP;Z%gLbI`N3GygcuC)#2plr9+}{bl~62iacnvzF*@v7v&HjARr(lq=@M^pj#nJ z5Xh)BieV4r`iVZ_dhT^(^csGNSV`fxu`lt5N`#3tF4*6J#ve$%Hb&iNPCAva%oyZS zi3Y6KHQ%M!0#MVHe2?bj;ps@%4ishr@C>2J*sCke+>(XLJY8>x4JMEZ*XrqObQ#KH zYl+PIP2jw7L{AMEkk?Wj8b`qmrA*qIh$M&#Qg`4=;O+)1h>DKOjCQ|82C%xiBwn1? z`gML|PwQWol|2)sb|9|M1>mF)|B5K@ejG{tt&p!hT#M!Y9^szVGvAC^=^-A#B_9`ozoZ z<%bWY|H53e#kRnNiWE>&5hTYWIivRo3$LT1g(g3IG`D+v>|iR_3w8}BU7n7I5Peu5 z5ZxEz43@X`(@JWBhi`+#{&JlDD2e;S!_+Q5fsGkz{d*uNNZL38 z0bD_BVFOYGqTr>AZ=Z38+Q{$6Jx%ZHM9uSH!l9whaJETy`8mnuHP9$_MBB}wg=iwd zJcUtzA92WTV~q!N#2nPI#fy=FZU)-FPa7+w5(vyfO4{#_4aY$_&g5u88KM(%KOORG9pA$w6m-uti z-RqAv75}AUQ^UQ%Hi}qTn&5ri+UZbXNpw~I&Bj%TAJhVP!8nNfm05uTjB0TpAA|0P6ap)D9?0*~egQ7AR;+Cn`Nmw&)0#a5uWK zLG(3QGBc*(gV(T?gjK z-ghjxBg)97+3vJx+rHs$a_Q#gu0s|<)2yaI*1tzP42;X@3W?&Ai#SC?(m|oQq%AW_ zIIr%B+CR5749qi{mj*Osb#_HgS$UcBQd`&HKfe}#e!9|snSzLL{>!HH-&mr5A%M1} z|ML9!)c?;g!vE}lYJ73YjSlJ7FSwj86DEPK%gT(18%h0p@@ry8(oo5PS3288@D)E2 zz%jJh&N+$v^_AN*lGPVkQWQ`|-K-?4=t+=V8l=8vEJE^CC0=<3Z5s<+l4Jvj+a4%(&<@}SleqFQ zHer06_g@bUz&^ke1^@EZ?k?~Pv4UC{)s8_jCiJ9qySq^`ka&~MRX7a$M5pz5}h8{dn5WaId1L-9JD@K1$YHXLZJlG zG~B~|Y;3)@<`N=2nsPGk(yHcA7EV^`6qL~*KSbODp2}S3U*2{aZ0&?cl=4xPY%;G& z-QhB)E?J~PPs^T7`=-dgTue+I+j6v_c3ck+V$_KJms{VAxuLAoF_JDr<1KHvQmkNL zZa>G2ILvHgqQ}S0DrIjgBQZxx{%|mIlO#*Qr?`s3)+%rb=*2xE!cG2;xU-`YEk^y$ zGy8txcTbBR@_nrmiZ0V##XZal{l1N}qlTA+=I7w0c{L4<-kq}kcgu*#*1s|;Dl)=5 zF(ktz0n{mm+`+(D?}kIosEEmOHN8}S)sj%Q))ZxtP`=(h*=Zb|xFa&e zWV_&;t@w$)<>zBIxcX|5_c*q2bsK*$UALkna+V5zhNZA*xd>v~TX4)R!o@^lZs2J# z3+G+O8jzp?;cN-L^vEKb_~>vt#MTxbxTBdQ(Ai3<$k}L6(o=MoCs)%_evXc`#j#vo zP3P3rzb8XsdKJGDD;UF5P|)V(L-;tyroqEXj-GAHyfQLgN1(-%gex$e-^y~yg$D#`w=}?zvun?0I;z6vj1vc4V)3#p{sU;=VuPl7y zne}mz)7e2N@?1q9M8!q+;fND|rq!HxZQYUyY6wWE_{eGriCHVkI|^2*>dV-QSmMP< zn;z}CUL4UgQCi?~^4I=O?I0+WL_n6tCb=;r|IlrefVrW+p#VqTO>k(t{@q-}URyvI z4BFk}woZU;8(n%udEl_{CkI78J`|nXnFn`G4CQa>Cw=2tO5EBZ(9~4j-$heX)5h@) zPLJ>JW34BKgZd7s7T1$iwU;bZ;J-xfrKPR(<$uavkSZFK>7$aA3{McNhI`9)yzN;y z51LL3>tvsvMg`D}3qrqAF3_T@YH22JVL;^+W3kg0LSl0_^bZ!26w9KfmxTZ*A2$yI zWTLUr36nLWV^9(_nJIk4uMEhr^JbKHcM=S1AxsjU^z%8&tgfj5oYwrzx{Sh_x|Ze) zK#{2fDzt*QG=P&&$c)a)q-5j-JOJBi$O)A`BEY9;&Y>f1tw4tcP0J^xMlJ9#0s2iw z53tj;UnfSN7eo}w+OOt5uTKGh*Dwc8eiC^ngtoP_k?W*ysppjK?I7=ECH2CTJ|4Fy zrz?$*5e8AhdPU@vWkR~MM;e+kGj(=~YS!15HzA4$G(~@CgR;})2_Y#75m&(@CR9hi z%BhC^k+KZ5^j%lls0z4R>ue+6kA8GvmbAFo=oTpY0he^shQ~D|)%#7Lo7bgRCeNF}o6E&5NPq=Bu-xuA}U#dnaKyt}*D%cpQP z!i2<0|5!{iN~bXCP)ZY5>hZgIk-5_~#4YK@EYHMGr5Y~{^d;M9}0=tEC zFxeqvZa{sKpV10<4G#kww&Ue<=Q9xj9kE@p6&cJ5GJ-6`jb$Y@34>@64s6$sv#=r} zV!hsMvs{C7nOITsEFW-b!8)RDL-4VoA@xH-R{eCOXa^bz@Zb21Acyc1Xnk$nk$ zqKyX=(QxIq)Vy?;D$^X*bmoSUG@cmO)ZMSLk-Q9N@azUMN@c&@krRb4i9+q`AMx?ht};BL=#Ub=qjO{~pvG^i2AaB*;SZNVFjEwC-feR<8+mysR| zkN_t&>1BdCvLinRiq?4$Cx{SW2x3T8#hHH~g=bL~ShwRr%0Vw7=vuU*P?H?a2Q5 zpI6uY!viG+1$y-y=YQlD|2uy2MrUY&-{xh+@tX{N#DAKC@p^vUy>$sH2*FVRXz&yG zhES;BTL;mdP5iiuvG1bvt7es}AXK9NetYe~RVX*QqCwE3^CKlW+HdBbuIxnV0ZGsh zl|@RlWM457=lncpef_YnL0@cVb81(~N<<4Wm_osxlL1q8ULfwA^ZmYr1SbYvl!Ma` z17G@X&iUJ^-z6jM(U*RYNqk%HMO6uq@zOQNnMqUkOG~L~`Xt3ia0wHFDEHpuxZv{{ zN0P?(3tQ%JO7y?Z-_w^8^XT?pd8yg*GPUV2Zfat8z((M$xEr)&#pu&wUkk8E?8<$Y zU){j9-aKM$P6-)5ke0JHgnLB%>Xl&rw1n%M+`diL<7vfRwtAx*)p%=HLh? zeqJR30~abl_$R!V%;~BIZG$Nxu3p7}sRA)G8;c@UOdPqWN=;>N!+|2|W;2g3-h-PxQ(X-; z)NefLTi-6z9yyd+{s&+AejMj~-5;;Z9R+Q9H$6k6{7NwoJ3AL~8z*T)D?y8sy0D4F zZ+!;|!Tl0*T?>EST8k0AeM9sGRcBl-1s}582mU?N5qplQVJIWWEZ;)E7TA+#hh$K& zj1~f;tS(v0koE->q>*p$4G#fwJX0ktaPUCoJ8;sGjseg};C7U7J)uxPk*M$3-q#c6 zh#=3D~pS!x_Y_?BY zv}g(%Ata0+_|f4Q59fh`7qvWZ#-mY~GzagQe?=#y(uFa{J%!lnsM58>c4mL^I2?Kl zjCy+}?7cVnah4Hxw~F|RTS?l@N`%+7jQA-d*b|60KUomXF{@c?UEdS;sjD&u=G3dX z;D{(;VNwd^Q|`doc)z+~fh{w+v~LzmfLzyL$fv<$5e7|lWBJTfUrjXaE~5NTG6P3N zLx>TB84(i&zMj zJ?9M*)3tC_MO!8D{Cx%XrNW>V<;S2tJnaWqKtWYinqdSU?H*dJbA)>iaL{BD9WaY8 z=B>lV5INAL^+T6yx!U9H9o_Na_hj-3ZF3ir0xFsak5@uEN@)4}inTg3vwNy7Wo{2; zx2Lp23_6=G$2Jty{|6%sM51m*LFdMiDIt#56!r?L5nFeKbC8ombh{=3a2}%x`4r}6 zJ4tQHhEUQBQ3-^$6!RY`3T^y4IA^}WvWu^JP~6GnpR?K-=WsiHYLZ;?)+)k&T~12 zoFHZ!9jun3*1;re>{#v}uDx`IqpnNIZfT=IktnmD=!1X-b866&E$63z(muMtThz!7 zoM2=#&MunUi?Y3ey)Sh6J-)<~MC?t9XK7hrl|7I>=^rJtvtvZ=i>4si>|5{eY*8*u zQzScxjBw_5-I3!`xg9>PmfCU;aQbF5_82YXY*}F}G z?yuV*RAO1#q5&szLw=5Z;s+uO(p-{)79zixSXrshu!@S6`S6{FnkXHxkqQ zgwg`1Je5Y_ec;}^L=qL(XexJkP;GS}3t#t_r9;691UeSosDX`4k|Dfaec@ zD{rVu7&0&D3+vUhp?<%`tYNRd{p%YSkZ);hN#yuMrbDEga!pF34{!!HQ~@w>l9JHX zxeALP6bC^+VRQNUu_?G80u_`sI2q!l zk*jAN!-MM4-!jyg!g%h$KekalS$xFrr}iH~?GL(AnzR9AM6ZqyxF(Gpni?f%GZi*a zaNoN^1V0RiP>6SK=9YJ=FDusZm`EH1Pnt{Y9IvgCQ0~7Pe8i!v(-+A0R!T6_TYl5tz%o@$(!AV z{uPGn7+5z${#6=NmI|LgX(P!fGOl0pqc~Y&NSuT)mP;ZPr-$591lqIZ0S|tzbL|J} zhbwGO-{7o|!^vKY;HQ}Lg4-Y_NPdtLF82yIQ+-;f5*oh8?}>&nx8lTcee+Pmfz_{r z?>q=RLh#^8EVX@U4qZ^F+% zgchf9s7}T4JD+vvlUfWRN@;S>J=U|3+=`$Ye&jSn365f8OyaEQuh}ymcgbd%p~cpf z4D)iEpe`}X=6qS-G&XcZdP8^}HNRY0x$TzD?bKUf?c;Y=6(mkAb92!yYRI9c!@HX# zhrfA#N?lXWHb1jc+CZ~*ay5Z0aF z43w=X!rk!XAq`CmZB9$$+SJg(x4)U`Op~}nw_}CtVc1vh^HCDNaK0+U7kt5`-IH$l zgW;*WY=Un;w87F%r(Ajv?k z`jfclyQSGAgy6cWAH?^K&488MqgBXHlV~AA{5@+bNDxIEDJ8$Wc-tuh7#ug5RoH`e zj^jT}=YdmN>1&?O9v>$~zn9!xLyl?NxvfRrYV9#=h~1Njo7OywZ=b@6;b_)Lk_xcRF`G0+GvON019P?UDT0SbKgGs zYN=7MHaJ`sKJ;C%^lYEX3$6-F5I@50?bKnh&Yj{N z|4?Q4Y$UM$N#;=y4v7B&<3q$w4CH1WAMNBNuO&e*_|1MAsZo`hr|!nCK`9D|OZD8a zK&V{E5Bg5@lbwRc`8tEftv~l&Z<>12YO4(i4RCOAtd!7om%{iV;4bo^5&wi2Uc&5% z`ijS6BQmG{t~*9_KD@b}IX<^$gcq?6;moOy9!o~MYbV|*oGNuQQ`NtY3o*EQOQI z;H~zVlg_%H%z^AmC6l+^MZBJbNKQhvHy1Hq8zuhcLA>&K{~lvay*)Qgvu%yPoV$Y3 zFDW>{*Q3Gk_7A8YKlRbLzGw)ANB~;Wpw=J*>DYp&s3WX3@0Qs zW%EF&3QQY2k7cQh9o*b;mjf?OjG1b6JcH!H^~>GIBP+qd!F&v9-Cgq^71|gRh37Pq z2$MBNVss_+S8Uw0z#l~FsueY^a-1NhMmMA z7*ED5{r5pyHd9`4R^X{`h=*VwLAmMLg{w!Nnwk3NMM9~QJhciB9*hqb1h3`>clqBs42H#2*d_{Pe-@qx4?ZzNCL|)8;$jSycE^s7di3a42 zTjCt+^K?&gh8Wl0UJGfWE~#}6tNs1s z{pZi+y=l#sBBC+^Pw$Fz6OJir?L$0E9}H`vLTuTQQt!pY&ejRrCFm=GI{`Yi(#25{ zt_+v~?ZFsb$1S#RCim-=P3XmXtU{fxL4#o)7C2)|0%YT_cB=r${?1}M!EebtUSmR5 zM9}ajiVxffbd0O{1R@8OVF9rp*$Hcr!!f%*27==-T)5x+%?yAoO1~BXx(%GE9CG^O z`o0CEtLiszykXK1nv&@KzGV*tPR-Dl)HT!XL(O4*r*;m*1>6;cf<(hC35`DYiwq>P%9g;*XyuzA)9t7Lw&Q zdjU%#VT!ToMR(=8&ml`^7(;o%?FT4eDUP&K=}3LbS`cUN{Up?wJd|%t@;*8QzNeYV zOfC5v73MukegJlo^+h(%`LBirwORdwfU~Nt64P?f&(Vxk%CI}b@_Y4;->3o1@oDqy ztaF@c%e^Ou+vq4FeF59kwta6Uq%TDfR zL?j|tKa6aQ9dx9iyUQ_3NMy7bAYCJvy~)_Z0*9$he@8UisoXHSJielEY2lHD)W9Hp zE`|D8Nj>v3AXwRk#ITBe4H}gZCx-Uk6Y)(`aQ0W${1C2(e#-Vh(Hi7&MNc}U@HDqu zgT;c4;Nu}~Szb5Jm^hBvhk$@lX3nMgR)qoZQBIU85^o<&X;Ihtv8RE-LDF&5&%>~Z zH!T*?TCwqz=rUiHeiP#0HR{tu_752Nq78@xti&Q!Im9T;B|iZGUg(iJByudH=_SLb zO;2rOOYEK=8VfP0T54QhW2AR5$#19#(FBNTrL76k$24>}{N;6Y__P#6zKJs5%X7@{ zK3%RHaa+Bb2?6a$F_YZfKR`o0xjn4oT@^U;PJWbj)NZ2LXL)O#XhW#AafY{dA5>9S z2eGCF|792Xxl+4vf^lAz7uLO!b_n=>VuEd&(K0~wlOk`ae`&`xF|qRVOp zgc(}aG^7!gm6Gt>4b!(c&L+`twRN@{eNaZqZo2q#*?-`}s!Zz*$WW1%E1zy+kGBCjrD zuc<7rLB^Lw!cWRjWEZ;->oc4j-Jf(}OFn$Lq^6plIFyoI*B6%g98X87nV#g8q(A;mH{lVcf#i{WFE}PA^?Zm8|9`h_nknY-RHVXa9+}!SNIDxzHOCCXS z5k^_I`Gmwo+00pykL18sRk43maIZuz>3IOC`?#QeS7ikGM%CCb-pP>-(?8&SPj(#B zeAQt#)641J#?Bk~0!|X1uQa%-E37opr-NtX0^<_p@+i`tOMe6ffvyTYl)F31;Ry3M z<$Ba{UGwi>fw8|{ZL-UFfH+~AlZ1_&`I8P*>9f3CWA`_)pKd+MJy3&9%4 zkiAV+8!D)p3BH%_7Grh0 zX)7x2MC(FYb4Eb2k%2fQcihL~=9cmj2#--$AIVXWoSh@WJO{Co&#|+#+9BH(L9mI$i0w{*LfWH3tttf zwj9}NB5ZPVI?fsfI;t+i4x4_mp<+B2!ma!Thz9~$sY8Y{G{8Wub2V8s)9ucVA8+F2 zzmPYk9}of$<$Lh((U333*u@tT%Z$YPP>7?%mN+=3d*z!FB)cbS*djEK=Y~xrS?vQx zw|aLV?^PmZ<&6U*&;rUyk-IlVd^_gx1oSCx)Thc6F*o7jlVsB{WrFjJBFV)$Jj#VB za)5r-LW0+^E@9*wG7=P&#`n}6DoG@e@G<{5aK;y$Xvqe#+@t~%0-yer5Q=r5=K>R36z2 z6-Lei+r6&Jmw`O>`dCTrX#HJ>>q!HJ$9gsTgis}_tuRD~8$_l^p2=0E*(Fv#k3=|1 zS0UeJ>0(QsJLq-<@>DE4Q=U<-E6;csh^2ko#%05lIlVg_1+GC8H)%nuq{U9mIQxq#`~$+B?;` z{RvVO96qFhaoK&<@)OA@({H+B`ciwpSek+t^CmMxsVF@Hp3DG@$$7#QTi_vzZQlmF9VO0d3KZsj`Tol_Rw%o zG_N_mO7Q(V#GFWyOeEP`BZ#^Yb6M(A07bks32CNnh5PpoYX2P-wv|Ds_A^NDO|hwi zC=c^?tc=ueFn>6~Suw8lpLIWQ*nAEIBNFyb*?>KhYIMVN6o_3Cd>ObOMi}5D$D{(< zFj8g;d-Rcm7Pj&B6 zqUtW$G7|qBgQJ%NYXq=~Ol|CBG6!g9!wdSE=Ngz5idPXxC$ZxDmAi6NTxxe~2(9W~ z`F?EU#l>7qQ3}yB*J6U4`q5!Jo-BJPotcxxmc8ajRSPFoRkWV&bN^~x%NOhhj#JEg zsg5)bcUM?ZBwOK>lFPP31*ioHFEckO@Amj}oEV{t)6JErYcf9@Gr$SHkQ6d#oJ1|_ z)NH>g12Q8mry*^dSsACuZYif^o?5?Gyf7AZ_CP!6?fDS%l!~9uZNSw1z98{u35tSV zcJ;@a);vaPVp39?iS`Z(mKv99hUg%%a0IurzT0ud(6$CX4I#Urv+BIu(J&pC?($qC zykC8Fmp|&hqUkzZWTWj(0|+s|2MLn_h}B!`9$B=x;Es|3B_ZolofVLmnT3m0vJWTr z-Z@L4c$_qnzdI}|kb*K_$m@sE@q6uak%8OGogkmKHvyReFkb3iF}}RKmuIT=Iz3r2 z4-KEs(rLqcF$vyimIW5wbHx#|cJAlYqvu4K>Vd5gcm=A9pr82S0kdE(k@H4ar144sS}A2UjpT zh2z<2Tugy0;%vnkA7GZsp(={9gF>;4V2=RsIy$LQudtSCdjW}^iIJy%3S0{2pF`|I zO}~>c_Ma${L;7g}%8A(gt6&QS7w`uSRSNdq)mFzzT8i|jaO!6- zJ{;z=h@Br~*Hd!z$1~xJ%)xUXZ_++|XY!H>fScyEF@AZ~8QgNZv0S6VwWo0+bsmn8 zQF<`gIq3`8yh`)l%d^dgKXu_ZrF!E6EVcD5OoTI<=v$b0Uw58}0#th3i7OTGAqX{0 z<<%GVPE~fphdYk(?waq(gzL4Ntf49RSGOC@ksM*FulAGNQ6YnurlwfGpF>k$oULou ze%N*&bv-NmtdwR^!1x-s)`5n0)>0xfvhP7SK6qw|1m)&NswfuWpj{n8y*mX-N&M8b zQQ%jlLYdHSehQT^5z+st@G!LM?K9j-7AQQ0I7l{>&5^tn&nM}sV4{`wSQz=;;E3k} z16l}};ALtyb;5q!5Qj}=^_SQuSGqeIgVV64ATE#KIJa8m{dc~cqzM$jkjOzb6?!*V zA2}^W1d%Z~H=Ha`kL~$Uup!wXw2~-BLGNs$K@%6n#lhbBfA#iOQE@e0w{Q|d2oeY$ zJb?y6;}#r(gdhzBcXxNU1b4TF27=Q-}l!*aX`egYjhy zTw(?+bU~5NUVKQtU;`6Q_YUkKYp!y0y+Sav_tY-NAl6PEqX61H!uWKqiM9A4Wz+939Fj)<5_)KW^jymwy>5Bpm2C#<5`4UR%j~OJgtGRh6Zu6UI zU6iGhs0#!qSU@p@bk~9?CF<16#6^gWDEoElqQaVzH_*qHvYYtBPjO9qQ5kC~L6_e@ zglO_=KD!B>QJ>YB^U-b$hHbs0G;FG)Xv!h7GPwCgHPjTiQ=#2E)3Y-!&C|)hO~y{8`($jKi1N&FG?{~h7HdsWRE+Ao zSUA12@sJ>Agy|T#{v@q9DQQ^ojD;A+J-`fby+CpDDIV(@uSsPD$zdG#S)}KmKlj!o zY`DyqfFrqcVb9~WK7xXhwe9FR04uKie5iGO#LxV4x_;G{_=w4S>f4*!$r!2L4$z-1 zQT*L6(jeuo@g((;RRIHhhy+VjE?j>I8Th9dhpHqc49umf`028QqQd@>z2bN#J2PpE zuSmibdUu@9BCPv|U_8nK*bouSVBR5>o1z%JFA<{(91;kn)MFnVgJbubd*+Y(FgBf- zSDSEx%4yBIDniy0MOoisgu@2S`;3MA@^BKjBqA!mgRPT63U;QFMeIQSZW^UG6y#jW zeCp1m88aJDW5a0tp|kBA#ixY{D_@J$&q3=v&O`X`!+oE54zz+-sl5~%RzsBR@dt!s znIX756H(wbl9i#vw!Q5nu@e2$=NbLp5Si>WBGi0k^nFM%NQ*W&TT{wEewZVc488a@ zfjV0rDSa=&H*;WH2CH0O&Ikz|mSWI*jqc!j+c+q=<7*|bcG4A*7-WK`C-im@~ED2szg2~asUc$!w z%I+x^pQwgT<;#;X3=v|Jgi6Q`9bKXlI38(WO%73hXP^G$4=qFN>$R1{IPu)5S0Bu@ zcs&TzQv~Mto})G{H5uxS$d|~vv7i2`pGpFS&e-0)bMHiA18E*qo9RgreLzeeXK1LldJ9 zrV8{%dngz!@$Y0z1N==^t(iN1uqLQTl=a2F?3r+V)e(D%^@vI|+N{^>T+W@lp3x^g zB@*MghRsq;i6bQAI^TleL>IXY831kx%6d;H(ED|Vpzv2ZI=28>YuI|-)cr(yZ=1ba z#R`ST*C2uwS9yE9EF5e&$E5(kmj}5!o0;IbbQkmM38_kvf}<){xH-%`Yz&Qrcq$a$ z9}Z%CySVMyV3ee5%57)&JPe?AB#9?hL|Bt%6xIX-$~7KEXqMxgc~Aw|41cV;th$t&F7Qb#$mb#eSJ5a5_{uLg55NsT^#Bt1oGl_o~>P z{6Eut0G2doL@|96wd#UP7A8+|zR9BvdIQp9M#Gz&f2|N7$`8Jq<$Om;?KV2I@bl&u zGHEab`y}W~|7INLsmy0yBRzdx9UB`(0k7J10G5@ACzfq9LzWRy5uJn~rUNel6k9)&Qei_v;K%g>FI3J3RO_@K6k?hm3k7n4e(R7Ljo>3imEB}a1R$(%!;j7V& zZFl~!%Rnq?w%qpC+sKE>Z1SR8t9c8M#c#Afoc~`PkpE*r{*hi7+(`Hz;^T=3D(6E- z+bwo%iOdz6AF9N2QI(+Sy7FfcyDjz1%{$H3PhE5c$^)pSaN@+oyrd5EiO0M-5`*HF zyfeWdj_pK~G4E_pb`rR$!<$~zeVMtsW}yG()-UVMakyy{;(d_mzi|r@;2AjUxE>|p zAY358#KcrqR!;oq?G5$e;po9)RX5CP^#9E|X#TJJ#>nEO39w0wU6`GZk2|=7>YnOc zG!mXLiSw_*%Wm+}q-1^F6s#jp%XoLc^-zrC<>+X69{3L@^_48p{Ndj(bP4^BgT!}% z|4R54|Kq>%WDEO0)lojW|Nq}l@gGX?>%o8i#FPJ#N41a*sVLI~;!|H+tye%zPy+0J z{zy}5n>$ih;RtuptkL>6@8Zg_F$cswIi8lKEci}S2lh|^2j`UKr*%zOlR%++ zk^=~Z5}6o~0Lzr$2VJ8p##eqQ;9FUNigV zYb~iH4~5D1Guh$EUBE*_*lHr?)0;@bqe{W+_>unZH2?PCx5%M4N3usg_sFzJM_~?l zx_7d~+&P{9wqsF|nm8C__Up%;RrJK58RxhcVZO!JWNnoJ<~|vziVSrNDJMbZ2zKCj z?Rt?OY&VyGib!v*vN5VRY>H1#)=R@fvB;^6nTg?1CG+7eph|nB^Cc!DBM=i)0iu?O zvQWy7UQmPQC4%`6a(+)83xQ>XIpYWjv$Q+O-fSI?;<>nA#)AAV3BJo@Wxvr~5~|VC zP8&2Uj4hU)HL$gk7m{YFn?%yn5xk1Lee@m+M`#CH>>@DXy zG`{6gU^{(u0%aecd_#nn{>TF>YmIRWcK4gnnI#qWJpWWQ`KYUSj6#XIX%sYpo})Rl z=K)nQCzZWvC;b?bl1npE`c5FRSe?b>3`j5K+aiHqtJU4X0c9SNpO_n9?jXJ{%Ql5}fA?4^j?tbHSh@8o<7B=JKYV?n z&K2in@G5w;{jreg&zEiNw4{f&7Ka5Gmh>|D;9;yfBY_1;O_waU`7XH*b&Ji zbGWrHO7J1KjGIO6iDmd-xr9 z={cF%!*!zj;f+^POv;10xL+-CO%~8(*53~?wFswqC?EVMDemFX1kj!ZE+&F~>P)4?E??uA78HD8hQzR!@K3k! zBl_h>Ojvnn!HUTgHRhfC_q~Tk2_}uS%)xyICa$r=u2Y+Yj$6U5+(|?#N1NUeSa9o=Iw%Woig0+Kbz9B*sJ381hR8&f#YT$y^r-FB_W($thdDm$iqh`fxMlNEW6s zBZjv34yUor8Kj(QtA4vHyzW|~%CFJ#+LaX-H|inY;`1)SD3(@|-ARQ;IF)dPQmU%Q zLG;ExM(387<#9x68EHK=$Hn~{zJ3#Z1)=g_(yw9~4J2+e-m0j>4rW@{WEKrt|6n%Q zx7#C>1|2ea+w(+cPTjjxBv)(cv1t}Yh6 zFZMi;qnPOaRiXsnJN)lAbZ;*ocCub|r57zjsS-JKu=hQ8`g;7G4%-lvW(^IRR6bUV z8)#W`_d%u}=T8LA>vm7minyh{WwX64)|#U)g)SGy$)+n>-VA7gm6!DIkIP$lM2^N6 z1@tjlfA4fi+xQM7Tk$-sp|~G#k&>6+z&FlC{B4&bTMlW$xb}Ga7+G+avAIMa%^*paS2+zdvx7f3|nteF%nDTL`+>;KNIp1wi3!!?& zI#|uuY)DaMc3-Fuam3~nsol;Jf>EoA&IF_J*yhkR*^UdLkyi{~rYcogPggAaU91S8 z8?CLM42L|=*mp1Y-s>yM@_)=z8#4Gi|BpJw3Ij5Nmx|`9>5D>_>`3}6=N+c+)q&cu zsiG|6-tWGX>iWw*Hd^-FAISB{mvv6-@Ov|?^|9);O#z;VJ&B#< znywod6(#4u=Ft0QyaU>>idNYPt2!y(Ov49Z(FNxMCncDoCe>qUUQbM`E5y|6TabE) zh~urX{t#2|tL4VEoJ+w8Qn`>J^9*-E#KE@D1LbOyv*HARBvqL1gODqX>k$5`ORolb zJzKxLB;IO}sj_uN;@ESKhL}yMN0c-Da|P%Yra%!ts`{SJ~I=-?l-2&Ox6@ zEKU5be;zh0)=iGk-c8KAi=1F*LI*E|E7wqEfdoQrDZF^14|jcQk=gk3BI$J8v{l2m zdR|`hfe8MVj0I;h$8WRJh+NIy>N#1#D~w1#FUQ#(ufm(tl?I`s?X!fj-{;&o{&=7| zlUeealOK`Ef)@h~`1UjA%FImJ_IBD27Gi!EtUS1d47LD1_ai8`!VY~LQc33P@h;-P z>*^E`Egfd#r;aOzMV!(AAfy2|4*l$%**y_cM;lh zuX7%CMwaX=ZqYK&?frX^`6|cLM0?X@WSh@r;bO^wzG~1g}O5OuR7Vqr>Jnov*m#-%ApNm4!VR~TY8ATW5P{ZY+uPJ5~ocjGD zB8(rNlDaf|+3RJrJ5G%DLY9gqOd#9icqlcyE%R;r*`SS->+jeIEd6&s?4`ox;W~?y#H-CTCp_cjN@fRtY?fH(F2YsInHJra^}x%ST^a4WHkQP zw$y&d*n`Hy$wz5ha`IoR3(n5!ZozCt-1MNnAtE#6k6 zBmi(buo{hp6$Ju~m!h6|7%CLEF}PO!q=f}?L*0bqJDo~YRntiw_-b7WE0EymU2JU+ zi_oGG_dwEj#jZ6REd;6KU(&Y^NVsHJRTK6$rR1C#(%uzXtqS{lw*;g(TDd}>%Hyia z$!)VwkVdoW0g+?s|J2hI;WYs^s)8Ias8@|nPMu@h+cRhWD6O;IJ4I5xLKU$V5QRkK zXW#!Fz*o|~|(8a;A{Y0zZmN40!xxD3B)Lh>xXM90NHdFp+|KN6Xqk$F^Sc!9-b$glowfh)t#_1%DEXt zGr`pClFW=$*z$C;sNR4f`g*n*w(SI@{ElsIyIPbn^+((Buqiu;S3dCAs@9|Kq9Iv7 z`eNWv6Lu#qtGqu5v4UIKPIh@5hM9mNhYHdx8TW_1MUUNivMlIxbhaFVPHDDOh%q4~{~dhoF`Ie)`#>1s!0c4rNDdIm;mTbd6^K$<82WqLLR~ zvQ0`m)+dzEW(?fL&$2b|SF8D8i^eLNbjb=aFL_&uO0sSIbVTi^EC9yJPPSXx2?GFX z+C@1*anlCcKHktF(k#vI2Ovz>@&krueCW2l;c4>??Obh1{IJ8!o+2*yvg^S8pB^TR zSs3KSH#b%b&&JG7OQdzG6t??^Dqf$P!qTpDa<_+|B)iGpVgUq0IA-KI?wISGjYurq z7Pp@mskBlZqN5i#G?46B_0-HTSO+^aM)C}eM-t{>AtRq$gbK59%llH*$i>6>+T}uF zP$~&iHZt~x1j+i+70#s0%k;OkObH_|h^ z+nS?ES$Yu>Y`clarwNbh?}dTn>m8eIHV*W8cq?>Y^64b5yUgC-HAN<8(y&uXW|L~B zXYuXfs%K>VCQuTVV`-S5MUC#;?ix?dAX(G@MCfG9qE_ohJEy^WbFEfCbWuli&F`Hl zV6Q^`X8SkWnOxZd`KvSR+bCJO)4)s}AKwK?Vo0zPI-$PVMrulErtr1c@~`o`J?TrE z7>Nb^gY^v?7yd1)SJ}z_(#s3;0;XP$^;}#d@XqmWzH)1uYPy?#K1>15#ENKEw9)t& z0Ga>>tH#bPYR^kAfj9ALC*;$#$|(0!W3?Wiz+7; z3ZBZU>i5>xm%=VvjmjQsUcK;{vTx0`zG$(0-h2?wO0!AT?CaHN_w#4obNz@Gz|ioy zF1xV#&Tj)V<5|9ULl``FXRSG~KZ=o+c)}e!xdq?!4e|}vhyRA;1=7cj1|9J7F;Qei zDVW1v0P*&NbcBx}bH6plVkgU~)%gD2kX4I%L$cJhR9vj*J(F(IIYIU-L@vhUH)-0Y zG7o#I=`g(Tkfa7x{&}MKbV^S8+jsodSbW#?D#>&d&Y1Llw6f!QO`Rt8;0Dw@!PApe zFZrr%X*+*@Pg;TT`L|_pS*i69q%SZpaH&uFap$B!3F0ghgMWS`M4VFw^A1a{?|!M4Xsu7WaPh*|Ulu3?7R-sJIt3q287O#{BFy z&>1gFE-al4-vWD0K7NWh8iQ0fabwwcTHG`%{i0woCt$OQ#>1QiI0|G)hQmF=hL}WZ5iyL<*xz*;JAa|6C%jz zvt_9hAlt=G4gB$wAAOArW6t>JDPhxgD^jTNO&{lCvGPE&8iO?c6smRqQN|4Y40Cho z0-A5%+M?YC;{x@?Oi7ekxxgxsHoi7M$-bDACj-c8okP}W!BuCc6YE_snNwf6H)nLQ zQ%;Z`9%$x7gO6!gC-f|r12Il{mKU^o;lTP>8!&Rb{^u;8C*h==iV2x*ACEgb0y>E4 z%0ZUXzRIJ=Ep28=uNlF4X^=D?`)rJEwrEkP_$#-L&X2Q3qKq|XTH5*LlS+Nl*fjlh zBfAyiBpxAM|CO$9VYPz+cL@ig`^GLi;OB_AtuE^Wv+nq5t6zcl3F)-?X;izo9E{n6 zVK^>MZAw4&eZN#PM&goa$PrR6wnNi%)dZ4|Mz|zz$iO?q3F-Uxz6*?u0?4w!i|VTw z^8la~p2*#Xk(Qd9sN-mFL&vSsIiJ5Nh?ZDscEfVu{qQS{u*haN_(^VJM|yK|*)tsc z9!PDm{cxtS8Il00?lMt0(V3oAd zva)@zWM`QA&=@?dVopxdG%H+KRWOmW(hO+0l95bM{z&NRPTz?LkyCzJ-!e5Z#ou12 z4S?v53D^BKX*~)Q|BIJj2xg9yrJ`I6MRdUgNUX{8RP{~okQP@Lhd|%ESGFLGEAhGZ z0dDA1GzExzCAJ+2MXOPn`G%F>!B;&u%g>^cNgbuZk?uc#KUv;8N*&}E{RFw~Q%-SH zdjVB#g$_fMMX{8)?GJ5r*~RKpQ8fyxBt1S6gJ924P#B*pM}HEflO~)~9(k^6*`u(- z=fz7QH8zrt?zhTJ+h%ItTeC<0*6amhxN?yxC5kVo zoT}8jVG}aW?WX0p_C#Hv*D}OpwcNg!#wOb2MBy;b12GGsP{_sJsGh}_px2C3H5Ms{ z+X&PCSe)sjXN%wydoT)XUI4#Vcb3Hw!B?&cvT^Go?2yO`gB*rA;=E1-@XXyOIUmV< zjHw8u2w~%D9JG;2JIU-{*64&?+%whY#KcX()5V$2g(H_x0HD3@t`W^9pp&ZOo{+@@Fs0OLs) zgEu$K2?vn5Vq7!@2;RBQ($do1OafLQZB0VQ)rHX95X^cnJ$2BsNaf3;%{h*BY#e?d z#YFMNsOR-`otBgYn`*cN%<)rUQ@|fGpLCk%o9M{!a z!ab&wu4mZc#M^nN_{Mkz7lI|%k{?QAZWnI}xlSBQ%(V~Gl&SzkL$X8@`Cf`l`3*Z( zt8Iai0_x4MH;4A-+$Yf6`o_2Wg+vQoMf$UEGd1~ACCCn5q?0jLi^2BaOiZ$b)6KZL z?xie=cxMF4@Nv>u*c&ulSo3(KTXSHt(EzK zZP-$CD72wkR4qh~;GT=-vF(r8M+5jDuulwx{i+W--*cIIH;RgiHuIO;+5b!x<~*RE tS&=+8``tnQ|K{56e{(Gm0eGO|rpb}h#eVvz<$dzxv6iJoxtKw~{{o)^#~c6v diff --git a/bcs/support/images/pc_customer_userslicenses_m365b_validate.png b/bcs/support/images/pc_customer_userslicenses_m365b_validate.png deleted file mode 100644 index 1af38b82af9d9b314ae8917953d019a3cd93888c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 58685 zcmce-WmH>T)Gpe$EfpvZrD%}iR@_6OxVr_{LU4DATY+Llf)t7r_ux<xWDciWACgzv-i@u=bG!8&yG}4lEy?QL4Wq_8K$g^gxa%bFCCsedrtr6 z`IDq*Z$0zr=N}g}Y4K;}BV@Zz7cZ^E6vduBtBS+8H$i*4e(NZs>+AA}+kdO=wd5IPpA}L_;pYYpNH+Ui`H8tWBJ5kEFh(8~!uw)e!6lA`|LBfp` zZ0nw36JfXGaD<=D;o%eF5Ww56#^PW2%tS{;-G5T8@(A|mc3En9?vUCbA(`?iJre!+ zq*Q+{IJx8+O>%ilfs*RqaeC%EXZTce2pZo}6AP7-t=vJZ(?*9q~qgg@gE65uQcAgh~xLd(muva+BX z-8Agzq;HxPtD6;_4}Rg*l#=eeXK}$PH%P9C;lbm22sL zaR2KxkfB0J{kibqm66OL$)%sS_a+l?L_u{ed5Jo#gRpM5U{L$5Ofd*7pMkTnO;3S~ z`yS7nhBN3-M8qdCnH{et9NNOS;^ORhFRNbqIGJMk%!n5PoqNRH@pU>{2S>Q{HqW8$ z_Xmjv2;~hx#ySGwN3k!_p!EhggUJ*NZT8uoc|n+%hZHtQt9jnyo12>p!*8F%iZ7Rl zw4!!bl8MO9cDR^<3+kP|o^?7wkNj~bb07CmD&9$ru}JHP6;eaWu0?Ozl9UvJ=A~T` zV7rxxvsLl?TtZDwZ}9KN+JTwxeGog=PaS^~t87u+Momt!$VkUBJwJ6d>06{21)HIB z`nLaZ{6Bh%u@LY zx2PMH|MGOMsVOYLJe&_$g}E3@Cggv9+`+m(8&L+Lr-Ql=mcNk3Iy9)!OHD}$I4ghX zjRT0b1Qb?21H@;CprJ|3+5?@Db8EpqyrqORN}TN3t5A{Gkrr5o^K^Zq%pVzAc2gxj z+cuqsCJI6Ank{w}ozz!aUG54lFbq%<4ch1;6X&^Kjr38w^w|No-LnZ{jc=hs-C8Fn zZ%bFI_ZfVI#Dkv0bd8$*yV9q@9!LR4UpDw%Pl5nO+5QEZ=&rN{Z_B5 zxC{q~pj%YdxBOJQGzt+bDf{Idc4(XIVC0sNzyk1n#FVTT{)v zo;fbpuZxO~j)tVfd9oo~kIzmV=Ad_TC+j}-4tT5dkU`#3Bk9r_vz0Y7X>2)6LBC6RgM-7A5J6VH5^%kMc$if}iS<=gB58!#T#aICb_xXIP&bzz1K}+*pt)?@U_`uogMNIB zQ}sxGA@^X1yRBM9?RlHxIaYEVc!p|<2+in7_R zkGl^JHXuh9QLWu_(rcHk3RZ035aJykAdO9P%@C{Vx>*2(9j*UHDH4DCYg9d?q~y2! zXYOg#brz3A#+>776NqwpaGvTD%LH;hGmZ)0I| zDJWx7az;h+#>+F#zs6O%8osYe(2^?Zq(csoGs%HdyEj|QnjXg zWQvfGQ#gBzBOi5)f9B=+v>Zj;bUwd_h5V_+0i=D9^lI?DH1f`4@NynSz0hVOGpMsH zk=94nIY9j`yPd_TI2{u&j7_KzX_2zj1$dEq5)nfV$e9)Zj@L=|3#VeDGkEtXWfpjG z4S%*giw>$Z^FvZHf{D|K1zCo1hBvv?0vpFkOH4@#Pm#I2hgBuWJGy7-NQU%9Zm<~s zBleF!@Km_6tA_H#suPHQ+Hn0ehMw0i`=JWX7Hxo)L20tF=pL!lG5<|BKP3r?uLrlk z}5s|VOL*ZTQ4K)W6g-TFV0=vF0$mZb?f!M@o&R`2|hGUyUk#a z*r>>3{0e1fUBsr`Vd9U<%5UGEIfcN$pFjU-;1u`8m~~p~X8)WN!Q4l~AijLgz#?HE z6P^N}Q_|O?$V%2LlIu?*e2>To z*8C@PKD1peaJ%g!*!_yj%P{%S?Hv8Ao>DY!XBpD=&mnrT4X{m6-{=h^v1IegU96F3 zz-Nu`VX#^K!IZPeaszr;y%GF(4cq1(MaQVIQzB1s zuQbj#BjvT3{m4>lIe9ysOYZ>w*y~LWXA)YjQFkaUTo3_fM^?3yBVWwC}~=3ren=kGJy>jlaCJpE#b65W-av< zTW!BcrwwtPZSjv%jLM#TtkFgIdFmW}0IK;Z?-ShpB=LOe73f|5=^Xr z#^1-a-yj_V))t(2_<6Usu&Rz+sUxT3>=C-MP}?6NFTLE!wPi0o_*rU$9`h?YC0|}^ z9o?}}GD>YdIVTUB6+Ug6a*=M!v<&9r{mc>2MW#x`0)}7X`CdiGk4N zjS&jEf4ZKU_ss$N=6;hs+bG#1BIj$=DchAyg@VV-d)=xG?H``q_X~Pt@qtP!oXn$G z-XAYM($O3&Uvz;zvJ-ybJYMctimlb%#bq_Qu4OcYnJK!(bcC)$+$s2-_F5WXWx>t$ zj%A32>g~#qJXrr1&~+#;*~2Yz7&MD@usFibP`%zaegK+@v|o0*pIhU}ExDo)slHlm zvjf-f@rO?(No4R}DjM5V|J+L)BpN+hrj{Xl8BfD&yW(~|W{*HW6!f&c@*d||yj)87 z(cpaurq*_JPojic?r+6(J`a*O#=*gbH&{&K_R_foEmez}UdxG~?<+JBS z5g38sV~@a9rmkL}Q0y1t8+FiOuJ+$Y)oimFw7Q$DjMEg37$i5iSuX;1yXpSwA0NY@+t#avEuN!)BMYxe=ayK6uiP z2H&k;-~P($s%p5xd&)>>&@p~k%Xs<%2)1JZ`T_O z7pk{~H||5YR+b5fL|X&60DzPoXcu3(VLYG9n@hfr%0Uqkf73C0+2MHYe*3F4(-P10 zS^w7Tt>%C0RO1oQJ&Q;(u3IFXwf`84*a}SqzYK9d6g@xa9!znNH=osbz0iN8(|&Or ziLZSqV+gF$*7yN2G9C?iV3q|Plv!%4X56NnE?!n5Iq*ItB;jnVC4Y1Y^G z9&&m3czK^6Jq!CS5AJM@fmZkxK{%f_MAFI;DL!Xui$%!-OmVPHZr4e!^&|2*7E0)Y zplW0bsw_2vawYvB#a?zv*ylW?)WXKIFVQ7sBvYh1Dxl6op)@$HGnskz$r^7Ww){@k z21f^*?YrzR_pBsCL+cNhlr;v*GakL`=Aanb6)T!Eu@P6om7B8#j1*aR1zLyb(jzjA zq;vCn@wx*O10xgHi2h7VB`CIXsnIR>CYd6<-K^cuIB%j`B;e6CxuGpC{4%D?W8?XY zi%9PLKY&BeeHifVZ%S>N9QJnVb|fM0+NPeDey_k>x60R>Q$l75!gqfN@(1;qwW7-3 zuY)e8RRx#Q7B(Z3^|eO3nlX)nf1a2*)y*k_oCrF{A`xAhvM-jLGU z6Ni(EEc@znQd8Xy1RC67kuSBmRj8|cA5IKju|Z=iMIk0|>vlxwUDpkemlb-nf77IK zHrKZvv^v>>ZMfsUA(KWqtE(g>vvS0zQkJ5yCaG}_! zQ$Rq&KCYR~v5elN%;=mjUH@IrObN%0-8hQ3_&uy=qgs}R|#U6OO44blraUG<#gr2cZ!8IIbQFC zUdE=3EBcrjU}>#Yn&}{=6f#T`ui4_e#Hn|2! z%dSVs#L#k^o^crrE=&pNcDZd!&w$-bn=j5*(Ee>bg?&-9`4yi^iOpUy=3ztkk3Fx} zAw`%T0yF}w^%#S`Rdktd@KYZD{X0iS^CZ&R(#^}}mz%41M%QGFzHm?rb7%$A`?{IX z8{Lf!0*S``Uh@KwXbaS`(A-xoJuTkQwe*qCDh>?O=HBvLX?36Jo9`HqSrP5KIypFK z@r7lh$x7%rPPSoqH#y(Umg6nl*JTwPpG%e2{3nJ`&N!#20x7kQvw|C6(@`E0WFBz?1F8*z76p`p-g4N(9 zIcT=*{rp`SG3}I^0R(T=NzqWWq=jP{IX^Q@tzY8V)@+fGAff8ZM@X zBdGU9k*BDISDYr&bKfsr-f%)PK<9jHTK>qx4GcWr69(Ubz-;(C; zxrHu|8MUG=UTNt;nPPjl7Ox0SkIl|Fn`VO(8-*_a4IalX(p=n^`aq&8cxiKKM zU`B-NjZ1t}-{^4HV3*Hcfmmtq(oD%jRX1%cl=sp$>k!H}YTJ-Etov}sP1{$0^B11< zvV9WN*wAkujv?XIaKkR+`LmE-AXRT}esNJyuvrLlxLiH@cV-27_>VnMY*};AfoU(a zLB8xdLqUB3Q3$*%Ip%tRCHyfa#Q^*G2>Dof2)V@6?ep@Zc`+^P*F*_h$$yhkU(ugt z9l)HNb^adb4D^sWUyTGgpWYT(>)M0^Bw=(ifa`nZ#UlyH5b{UnQJUWyA4GOC+1IH6s5DuQYBeD|D%LDF%0; z>r5#ZU&9Aj&?D9(-j&T>WM?^lDA}IH!CPJS|D6Bp7x&+B)vH||M$J|g04p(9im^xC zz9t*no((Kcmveti+9yY@=85gX6jk@lCwK7Jz{lP<&=(Nk@j_|jR$KVT6 zsBA(BeaO7QjH~MvXH%=qWdAkt4_rKeh~JrpbKd6>uU65H2kNLP=&~6Y78#rwLx`K7 zVbBUEgH=#)dDQxATkl=F=V+RSXZYP`9%T3-lU@Sv7WvG(&%G9>4)B{Dc6x3WZFO$Y z?tbF=mnSo~kJozC&2DTVwsia1^LHssy|TAU*wJ31Y5P{)7negS4%D+M+HUuvN81sL zzwk3G?<7v!3hGl9VhD}=X&D%fr&IK??R*XD*aN7Y&n43Z%S|jyC{fes<=dLz5kGa* z?X0I3%Qg{ZZyP@0CcdEu4=>B!?Lu`GdCzll1d7K-}s&uvPWY2UThXh;@yb>kuif=_G-;K4M4ATebvHf1(Ec1VuY`?eYF4i1;vbdA%KhL6U z9kEZm+`$hM`HWeKvzQo@&k4=#$ybKkEwg=ne>|=)VpAthPQ?nNM@RX2dUh9AY^vj# zD&1#Z#jC1?>`InTgUH1nVq!#G);sem3{Zzlku+8soRfZRWI7$ppO-l3{uNVivk(QfA^H+?tndsbHt(8V z)rcU|=*Ga>sMe_gucI>N<(*W-&??RHwlJ8cxV zKiKYD<*cnDmy?}ypO3LZzIatuB>OAwBDk=?Br=vs&c>dDq8>=356(z(a6TE^E33!v zG8na8qn=2bvrE2i7&FL)xZ%6Rw8Puw`+0}DPa`E6ru9%2k7u*ZuL7~cNN%b6rHHW0 z;a=_heA1eyGdIyGSb#a2`{1<;2~V$3CBvUBHwXSe!?yg!Ci8T}yo0vhGdOKwL$J@JGs)4n{V)v$Rr7o{kO)xmnSPtca>V>mr6rivk7gksOA^au{)vWY9HB-o!H00S7@rL6hJY7t2urvgEi5| zE5IzE1`At_yQ**S)X($bwEK*{{-9A@woh}V&V;soES;z1360}DY9t^bvM4U6*id{> z+L>g&EnmCTK1ve|^Vxg2aLE4Zd9wiYA;Zc1<*ev9y*IcP=&$USY4(L24R~|(C1Fd0 zezI37$3Gpr{nj>F(Kjk3Risu!TS#@_I;LtaI&-?cEeR7cuvf;Us*NX-d)gCT0_i6|r*+j3^?nyg^~_T|yC&*fg(5tglR&borr?6zJvD|H_|^oWI)t>d^q zv$fg7&qJD(cj0JnyiQ1Yhwksk|P3G04BAqBslB8T8BBWktAd;f=>y*5Z*Mn=W;ZtYjdC$tl@Twft>1%w~KaFd1_ zz&Bct_meoV3Eb$Ft%ruT$PAcozuKAKx7i!;k&tvqlVmAHo#x{swhcU1eI1>#x-~9_ z_`Q=u1h4s*XLpeeF{g#h9c&4cSdO zq_)iL)%O+5TFwr_v=k)xV7twXB+^Io6_J%+#%aIr2WJ7Nk+L3IzNLSN5G6iY+P07{ zmA%6l^ra#+l7JC%p zZez>r=fC3_`c_U6o137{@wG^9HyJgK-~90Yju8oi)4(t_&rj1jMn{*seu!6wRe`*R zs`ELP&dyQp8oi`O=;hOIm1o)=Wo#FR9Yq%tAq`%Q4X|?Nkg)4Ryv00(A*04pAb<Zh>4yrBE-f)PYUyi_VY;d}gN-+B?w-)fdR;xVzD!^t0-x}39WTj{VzW$+WwdM1 zPz6_jKd;019RnCy3OB8sE+(eKdB?}GUcI`tip%ibB3ozjkBze`nj~;a z4GP+a`X1nrk#B7o?-ELI%q}$C{jm6)S5Z`zv-MC%Ity-+%5NY&TBaKqruDpU_9>7G zi;qWnlxHP+yo-u*#28^en-TT;GFzTcHyR@z`4%d|*fh%5NXNb)`cZJf@PGpQio;6I z^hdp)PQ+lh!<8ZQw|B`v>9uQPQj@Yx&||0{_!=#RZt=ylXZKidPEPFk{W*$1t#tJ- z%*O56yQic${BHW<7!mGeERj_aImPo94PX6A1&|0Lk-{B;f<$l5i}EwqCcAq4WocD& z{MVe?7L;e40WKT9*MbH&he^3^#te<#IrVG07A_zwv;I-7h^3mha+oe>-v@?e9p`UK zd~Tgw9C&K-cMMXJCOJ9ACub(q1e@K~_nz>;gQfl5Bh)cWuRLEtUHtjIP#kbZZKc_w z?ANoE1%twA0t)04M6$jP_dpdyRr8Cc^btC_H9EwdI+f|SuIH5}Cqkm5OKL7IenUJA z8?UZA6#f1G$?akIJJ`J5M=MXHOk_pGCtU(5bZ0Z_sJTLlNMkE&^LePd?JAlE=`Z=- zDMtx4Bn~#rrR($8211^Kvt5C`#eyq`bAQ?YvO{lv#KsgB#>_;vcHVE4(dFK^P;Wah zG011(;9jGCMH(!-APO=I>mi8;_{7#}(s6ta1VaAXY4^it)K5|STx#DSQz8pDUteK! zrK~pRgZXubIP?XpA=6^bqyxl42vC-&(kdjgIoTE(FiYZ6vWWvW#x; z4(v{*&F6AX{nOperH-rla#+ir?J!128N%OyN9yQQ?c@3Y_RpI302D3XxxZE=#9v(( zagr3j=&u(SX67Yt{d%xw20k{gd$zLdV858ydx$g#d#}Unf&Yxt7b{m}=-ef8ti6}j z&~QCyig}77c2JOjbYzUz4`0wL`_}}_&eWOiKOwJ8{;UF9i#-R;ab)xDUXwprNoSvs zxW#HajH*9#w+Hk}S%O~oV?QtUp|dGTiO#Ukc9)2B;j?U$-!7|{z4!ZSPwioG`AU+3b>7PU(R%(V8i{3T|C9;(|i^&B{$R)Xu(;mbOGW(-l z<#MF`oL+iczx`@8KCw_KlfTKT?$hJpmtN&epr7Nc9z9xP* z23y(bDO=<%1J&r+!e>|^vr)J{>`mVAurg46MA>^9iiHOEn7J^;MW`*_#wMuQ3A<|8 z05tOyr*T+-`b{>~b#7qC*a@SCBh~5Km#eHXx3{O3SyiieU>6qIR;uG}Pu)v#d?-+a z@Hyb%;x4v$EqddM1zv#KfljBZZJDHemC`aqgipcB1(%KM$aQHCTlhyQBu&*;x*Me4 zUbn051GP9zbN=!o5qw)d78h8hW69?0ye79;A(E0>4wPB$a2udW z)q}KBhM=4CD3q0y*KWSWpVh19Cy793-ZSj>xv+Kmr_ngMh^;df7Zx^!c=-D5O%+vO zJK*3GfZA_%W~F({jaWZ^toB-5Rxea0UvAD!iPQF6zg#!U=C8C8s=B2C9UW8NwfbBg zE&OelTixGD(ooM|_qinhXcz`-&N$vHgSiRST4AsQL{GxSG9*<`3lY2&KyTOCt$?BY zr)}2tXBYV#qW(kzh(M|iYkW(6zk`AIv3yiguc(!9nBS~uh_19q^tDq zx@3iPOGxnAF0@#$r(=>rpPoF2%}VpVi4SIoZn-|*-1KU@1?G}Sv9x$izEY+7r)_#4 z3!e-704`B_4=(xMDXb69PP^T-$`6y2@J?kcGeFHV5@&{dKM&cc&EOxHhKmb31OR$U zCJ6*et3Ls-dsr21o&;KWBSk@&odO#S$Ly3@UHu2&wlP=O=LUh(XPMrq^uhO$|_50gwRWT?6F z?4`*Q^k+zYS4IVrj1Vz9B4PJA-%inf#C6`0G6iAC<2TF27AV^8-Klp_WO(z40-Pi^ zaDKpkZ^%qaLEM^-nVkl7csxj&tPL=#drV{e3_E=c{b5e`y)*S=8f(AL- z%a@U^${D(sIu!nP^OqXh7kMcxR{QI(uNw9D_5rwP`MB~ZNSuVB&*>n zNo0YUzTZXiNULV9MC+tbG8{f;$Q32aqppOd_ZM^#*Pnp^uPK;nM0Iw?obu_L`I<;; z=fb{|mHFNgpvEPY=#y$uBaB9LDN_jOMo63{`rJa>jG`NCVD58}k6G3xn;u8`XDkCi z^h@l|HLocM=|(vO5~#e8><=nDPI&JxPw&h=R;)!E(4Ee7t|P0~BQN^C&}4-R2TSNi z2>Ut%op>b#wl8lOeZ#|92PjT5KDW*FwbP93Cwj^uiXs_JJ=)q|nvbMS+EJ5Fy5zb(lPMhw5Ov*&C=K*eQ!;F5pWIaM#R3TVJFb*>W70mPbE7>w zZWeFj3lOCiy(!sy{KJp^v}rg(qaHrN_w;IbIcwPbxC1-HEYWgGbcs;t)7?0DqPzX= z4ML*dOw=ohGCbY=S6WgdBn1M_F`BCgd@AtYRQW+h{lCn!=>LnT>bsvd@BjSWl4;@l zKe^+}pM+1I!c%&p+4cO#YkT&sKK%bvf&Z5}{$E6Zy7~F}CyLwQp*`Yp1^s^!`FvYm zy?R9<;$0hKcLx$r|E~ex;s}B}R8&=Ut4z^EMcY>wzx*G0jFgb~IRgN&vL`9_zlBp9 z8yoR7($_aP0w+7HRR6;Z{3{(Lqb?msA^AUdJ@XW5Pko{ZYDY&n7X+YN|4V&*nsc@G z9|aQH6$UgU+ECm-eE@oSvOOus~g<6M%^&gD7jj*D&?lBJHe`S(2}1eZ^nt>591!6N5tUE!#ww zSEs9GzQly8M&7_AJQQ^e-LN@S4SpIprE)8qBBqvveCEB@eR*wOUdTBOM2o}8$>Xhi1HHt>R|V^3L=rm)a7hqA-^L+WQjfp`JOeKy~9PJpH-@1kVRZCWqoRYLgPzP4vcVfX6+;pg+g`2H)aot1*2tMW&L^QBv;Y>b*jykvC+DJLL(<- z$-toc`EUm^Ik9m!;coKVDU$*p+-H2)RcRMs+kzOs38xLt!0Xj0++7Fb$rbF<#sqf- zC!-b3CzoY}FDp>}y`H_3b^A5=Bf?vldQ_GPV{isI(s07l|nM z*MzA-v~AVX^%ywrHb*n7lpop%*=7{(+Pu&?Omh6jS@JDR=>DDGzoXuo%A$t;RdA5x z0GX&oK8l@rQ<)Yk+uuV%Wv9&hmZvA3QMmHj z9)l`(cW3*D^*7RylSf5MZ)sWWV0}w%Szti}0-BUJ;{Zi)Cr?SZ8-tl;V+V_9>2}sd zWOEGN-QDAL&Ev;3Kzh>?x;RG;R!55N*yf6~YVZTH7Vurbl2|EBc{4tezVNg0Wlxw! zj$a_?(}EsyI18dKe`!b4BBOqw*{Del+l5q&um%ac>cs=UqTk}1 znj)BPvvV0I?LQx%g*x)7`ymsSpr5v1Tif`599apSyXoA*&7Cqxh8Qlj9LxAfN-5dR zc5(*_r21SS%7!RThbHa@vkgQYH|ApAxl2H-qnaEwi`|1H_sbdCN~yMBX`;&N-m`X- zHYJl^BD>y=meOtEEHKqDFY?p-{mHMbjPmVSUdX)-gWflMmh&9Aq9^)SAArv*LMVj|vbj}sX#@)DXAf3zB9ti+tz)cLdHqY|vBc@$Y9 z@SQ^^kuY#p>CmUxbPKr-E@Je#jWz9l6U?LKdvvZfZ}mR5{BXL=uVByWd_D5kHGC#t zUcj$3vT1IxaMaW42jTn@j=G=xow3oZ&uoQ|M53mlLoj%8MCPT6pIt3QX7i~^@87AZ zfquisHQl#2-iRARHDpPtF)57kM}b?CxyWh1do{ulLdtg}2ag}W$TX?6Y>HM? zJlAgtvUST|YIB(45HU(aI-`!?Gb%!AJL&Y)k;G}B1Bp4tGhj_XcySv|sJNH&#kqlE z0QKT0I!NtdW{MWa>6P=er@J+LudL`mR7RbgHu6@lr>#Q_1_h*EkKlSyb|9y2f9w5R zCNRP-aw(*kr^90&!c1aX7G$pguWj$;c^;jQ!0T-c+bXQe6)y(5Qwy@g7`@XA50go; z$y@I;S>4JF6C+q?;;IDTXFc7E1z3h{Y(EqD$`_F`+itp`+(hE5=AmzP*5pppk$ zK*?sN{Ls0&XvJ2Fq5=-OFhIUq=ygGwOcv0wcWz=tRM0M?;fdJ)M3x@Ep68|=P*NvB zEOjgxk*_f4IfV-??$vZPhoFVR_~nJKnz*Oq_pUE){o=BLKDQcTT_U%e6$kW9oNO6M zLmw=Mr(Yec)G`-GPCnl#@>GYj#&v&fY4OUGRHOHynAF(M^^$vCCGr6Bz^ir!7`3lv z4qKP58V_0WizX)3QPDk2k7ld78l{#!z_Zkyfyn;1$)H(VH6q?VRmJJ0`m5{7!YJi= z0zz}>0gzmuYmltM-}k{%Z>3X>n>?)qmmRLaBcgY)(aB*$=)~;`Db()T>!*vI4@(_9 zt%l7MGCyG33S}rsVZAS5-W<4**W@aF&K^2Az=k36d|MEI6aY+}x;*HU#pUugf)t^n?&naO`UO2cLKZgf)k>>f9DpRSZQ57BQtf}sHkAnU|n_n*GtLxh!%VoC6 zURc5fyId8KtDa9i>7RU0ae)rk&D|CZ7R_zp;jt)-HXB;Qs}69vNYFTY$J`^KFPchL z8uZtG@tlrMP2uQ(zx2EX6aPQEMEzu!z%Z?VR^_k5B&rlBo+m^^yKPIf8liOO&M%A_5jpMjaoU0!4;ZDSo*tO0f#HGtkou(bHEjFrRMKkp}YAxM0T9d-$4d zZG4q>tQ2)|Zq}7z2e+l{Sr(KyIe{CHp*0Ds__1|67N+J61@sIaxvL^E;Ws->Nfzw`n_ z>2-U@^H3i=9y7C_cxqIVqYfOTB?;~4c^mnVmef|Ss}bfYR9=a$deWpM@hs79%s5Ga zq-uE%_1yxko%3-U8kgM_AY1;>WLkpw@spw=$x6q$1o3j|k&ru}D1RK1=YnV?@k zQa=d+BcD(u0+dt9RFKimZsB#`ZT`}ywS2F;$Q%brc>uWWV%+T}4@j+eBhz2f{?(N6 zQZ0cG+cHL5G`aObnEz?{ZuQ=7M;#8i33UAm1^uE+S94ftS%;)9@^P%B8@H;E7Ni2z zPUuaaG0q)B#rnkMJM+>?Gjwh7ebRr!lqE+d;?yZ)tc8&xRN=%vy>NH&xH>(NXD_Bv-cg9#+qBysDZX@ESTp3D zEI5}~7>BD$8U*}Ux=@{beHvR1^&n&=Qd%3$V;mlQZ#_CXrZM?qUVgr7=tGT=cTPqQ z7W4Bd0CDwV!H~rTOP|TJf4|ULH9Je^zNiMoik!60#)+FS(VN{qH0*qTABr!HKll5^ zcg>e%dM<)yNj%#44Gw3Asow6QMK^5uq$&DpO}e#ejXr$Yaj!c*O*eg&DkyS?@7JG# zno6Hm`w0xXV%R}{m^6Ttg@xdk*J*7nF^3q3*B_*I^{2$*0QtB{cJPG8R^)EnWYX!E zb-;J=ocoP(kN%h7+`V~&qEaHU&{ALQK6n#SPXbCf?3PclSU*^i!C&emk~Zm2h?I&C zOOrbJfU zwvaFFyqkoSZx=DvrZYbL{91S}(;MLKKXH8NVYxOMekkMI#9AcMX`USNVQI>&kP$Ie zHJOAe^Xa(Bcp=A|JYJ)idC1!0kFfE^zWZj`oJ}D>X(!hcM>~~d?4vn=yo2?B{n_A4 z)s_fU-*Qn_3gu_rUG{b^P|c8zjF3SAXkgb>Z60zV7hSKn;*s<0W<8Mp0|KExyK>7Y zi9Rfi`4+F3HX(Yn_zF$k(~Csoa$2wyMQqs+luKFQfvbc@p1U0Sgv zNw)s=R-oH+yIiHs!|CSHbJkMDL%1*{o0%-jfi-2>YU@~Y+-8NJB(rhOrLYNu*UG28 z*CG#5ErfX&1_Ef$YqZx;cC*5qQAsetDdW3%k*xBH=l$8#Fk(~GDg}5 zb0-gh$-iOfRqkEwX1(v&s4(Op{! z-Z>`ozP0c( zswe+-)Gb|)RJyW*U#n3uBLA*n?n4?djELRPuQboXGMD~JXNEEM$=}0Ub3BV`D5%QM z>fxHF7tBXOAl` zf^zcGRo|s42-mhXd(X~IbPma^kHovgm9{_f6y|@jyI5VcN&?(3Bv+jB=t742ZA2sQ z&^Pu?bLTb0^tX!A^V6!Jf&Sj>GSUT$jr-2zu=tpy=xh;uogvw8?C%QFSdH2e)P{F~ z0;-BP=b|^Qr~H_|Ho%$#5vdV8T8W%;AL&Y`<0zUxT3CGjT3qORwgqRnyh*cR|8aYH zE@JV8ncgaG@O8JMZ)94eRDw;|inP$bN_6e1psbuN;1ZUSl7b(%Jh4A9HKii0{-qcD z$Rv$jJ`M{jW}l42&cOzdWid{FtJmBl?M*`SXR2WceWbI-O!1;_G+f%uy;jTPJ5KUy z+RWbG8Y5@;nDhdt^FU-T@o&3vst%{d>EARD2Z|e%_>G})9A~98n5v3AHN$*oBgW; zHrv{JSmkP8Qrr0W%*@Q&S76J$vpaP@A=JZsDw68`yU0P3^gK82+I!?1=gEiRxA7fQ ztE(GJ)m6kwwxo9K*cb(2J(jU8wdj7etXUbPv%EvQq)vxnSp~xpKKD>&>Nr*+mt@#T$fS%eH0MATtx4k*%A3X>MM+CmNfMXBi%TS7sR| zxw*^%^6L&MY01d<->;;(&jTI@axSLB!(Y-9&BS4P)Vn8CWTz-&{5#9O8mS5eSy>d= z*w_F-_TR;)FXMvH&KuK+XbyNJQZt&079U+0cY-^9jSc}tfAxp?q$qibwpaZJ>aCh_ z2@5N{ET(x1s_;9mu0DZ^w-)P)x;8e&-aT7Q#iuFdGSbPdi7QPHy=lbQZffciV>O?q zliU1cyE*p4hvWWjz%xMR$;rw1_;^))2=~RSoym)C;*O{BjetR`R=%8nI4q5edsCnm z>{9H1-DULO6URM2{$+kVrS~uX7rbc9@&A`-ooJFE@$5*RF5D+w$eTZOHdpy-Mq_Gn zOQ1W2V_V9mxVYEK-}3Gm%dHM455w=gWcB-;$Z}^sqTWAKf=a~ywtBVxc#oS$6t4dR zad3EuAX)};4yX0csD0RcpV7zILg7-~{M+gzis#9bMG0Yayj_~g@NtWc}?Yho((kYTpV=V!ooR@AwV4al1qi&vfReD zf@1ry?!EFs%;U4j2=-L->Q@l?Nj$uuprBK*5ApZLsPFuuk2_&&j3dB~*VK!b8`T!s zXd3ZE<;zzm)fSKDKLivMM#t#r>F5dyh&Z`}Gw5CrMRN#=@Q4hW4=F1va?Hh5ZQZsG zEBs;9RJdK*AUNSPQB+hKshr)HnR>Xg7^Dy+9H}C*7{Y<1>3F{Rx96*X-Dx}Z?BM*kq@h5FtrK`s$^?%p1kq8qCmNGRcpaF;VvR6^_03+M1xOf5?fd!!@`hs&Fa zWoR5!RkS>`vWEpwTprA{a(fhQcM-+NRKW;}QLr!w6A&f59X*JOX3q<=ov?kUb~`J2 z-(7B;$EjlI*3 z|Kxx)S>#lZi|i#DTDklZYA@hX+IaS10-6gpdKj&KJPSZQU}yJ*Yx90=u;0F`5JjED z34=!pr!T8#|D|s}yMBEWdRIWg%r+^sG8fb`^ zOK9qR=h6P7csXn7!^%=vC@_#)G|K1UQ#6m^-Zr^5C`A@?gmN2d5!OSX@m^YruD;R| z6m%c#Jb~Y3HW(Rh=`%=;z^jQ+vm}bo8It7MD8pX4bV z%FKT@^pU8csxqQax!e6<6`f{H>u>Zm&4=M@9vvDc~5E)SQXP(eP2lz}XPEt$Y@d2>IrtkxKi z%cF{Oh=-gcSpMxa^B-f|hJoI$_Uh`T;rWuH|A)J`4vH)KwgyQ^AOuT-TOc^Wr6G6- z0fIE{8nmIY;0_@qxCDo8TpEYqF2P+J*Wm6h;k)GbX6j9Sucm6MX8xJ3>ZaMc>e3n*d)VKlCkE=JKZ==INIXjaYm)D!NRCE!*%EU#uXpYff1?)F z7NJ@%db{Cs&7AF=!8GY~gZ4+Qk1wxYU~X}+eAnPU1a9y(V2Am4U$3t}?%x#y(F;p$ zO}I4`{9eJQ#w=zy?(?bb{S`w1DWN6TpFW?f>YMPeezw%++dqq;|rFrfp_+@@7`&8dyEUf%%wE$hwiPSc46?Ikn@R2b3*ZUY$ z$#GV|MG_kS+~1ACj7OcFc|GpWeKb;3$-16JK1`fL+*3^9ySVoEUZEk7xgqRmoMw%a zv!kl|$->L!5cZEa1~R+E5Kh509Lz6vc9_M&Gzuqe7F-;B2MtJhU}vxA@B~z<@Owl;Hm5jy`j#YO87~89t%I;P^tevb~;y@J*`e z23_p+e(4Xjf3h5ZIsd-2fVx*SBC4?eYc=#%05<(6@3wS-{{P7m>HP)_#&%JU)!?bZ z9p>lu4wX)&pdeepCoCussm^VPSGg>W%qT1zG?X_KbFovmSHjC_F$xb08*GB!KlC38 z%0k#=cHTm;BcDcU;L@+*;RJ-Qv_P_0zsZYxjvgPW0RK)4l{@g&xx9^@ad~@TVo>Do zKX&$D!f1X`sqabrXd(QvWQj>;Lnb2-`T&2T3?e@fL16)r-wU*s-p=l3&M7@c{X_C$ zSP|^BnOAv7>2Ij%M<9rtX@_n|)<8dZV!!|8=Y!3L$dM5(v=Ff!Cx@zmygiz@gzPY! zu+V`wTK_t?rT(Iqrz6Sy+{vE#AQ=+B9w6A4kx>@duNqAOHyG28CS2PhNz&4fP2Ikc z6Qe7wD9WsD9~c;!9T2RlaB{C(=$e`6>S}8frV?Oj@95;uF*Smg3DQq>EiMXX))X{@ zx<=Zm8JQq4$>sT6)T7UJWXJ9(bUlT1DL!z&MRSLKX!P?GUCF$hQ5~*!Q1)J{V;l!*9$R z1~D4Gk$s7{4n}<(Wu{qp95Y-I)%zV~@-oSpT6f@V(*5c8K@Q2*IiZl7EtZKdn(x23 zd8LGe-M8Ob#e_(Bt{o~$gxZ=rd&{Lcd{OpN^KZ0Pg`$sLK_x97zESuQ5 zVXt24@DGb+<^6J-c>lB9WrzIeQdbDXQ6dzvO#o!s#{3$dYn%DQqFTR=Dz`B@>%ZCB zvf!tSb^0;li)bOE+U4C`a-eg@@RuClzi2&{ZxG-{0;4m&rG%UMPmH-4Lm6S<%&>R*xd)bR6@6r z93GJ7%l6gwn9%cyx@QXUhY37Hn3>;4i{pBiPgkjAJ}YauR982u>03i=?01=R zy0#O9m6>_uB8UAa;#!leM1x)A-JEmleZUZ@m{b*4N14F*Mky;BFUbl8U5rvAWyb7$ zFKVWCUs8?Hi3#1G@V%`+`oluMe*MQw{OYpdl&Sclj*Pk7;Ur(%J#g!&xN~m#cw*3I z=F~(=&&@_`Yl(K68ab(}F(&hb*v!Gy+s1ByHu{+np76Y%BcVf93B)RxQ;KYRk47qI z)1t6{V6fzXJOM_sw?jsUUj7+QyiZ1&9fo~|qtIVYTrS=wPUDxHeZ@~O&}d@Ny1zhT zlztUCQ+9m%Y%wh+KW`+x$*^qP$|Nm95;73(tgZoaadE+4+dx*~mhoZy8!3l2cOPKx z2E$UA%EmO*e!`7RVe?5ZAOD-bDBj|fpI}CVIOmR4RaMyXKL=F*?Ss->i%a`ovPKP% z|1oy>yagCIlbjrSx@=x&=MD*feCOeJxD6)uH4xA14u$YXC@rrNbIx#a2O5caFLDyf z@8;Xsz28%!pm<|vF=@Kjid>Y)^pTOma^f82<>mYPxi_)aH$SsSrkK&A3kuxOTSVi> z$`XoQjh*b`deTSte8#zO!Im#Wx5^q55ES(9>ZYX4@$Mek>&IFe0TSr@s z$yOp=hYH{D!F?us7=Kp+<^CRNGR=Cp(?wVmE?(bIxU=KwQXdB(&hSa)*J&9lerEp7 zbhLQq;JU;am_EPEB{jbT@avhG^UVd3u9-DOJ~ zYzz6v4F2XVQ;>uqd`nR*&vtOLvWuk?XSRA4n~FbEa7m=H9@@otRuAgf&JqAUI*Q@J}Y4#>c?-R3BARexqANgdPx(I*lBq! z`fdd=LMRAo>x0+D+VH@^&zB=8yXWFm9V?JcZdYh@^=@X4-CzS9t*aml&56~J#U*r< z%fL6_-=lpewf6(H1!ZO1TOFpb3GGDFwdWD9vvJDmRC0&1i|yjQ(kuPFWra z$@XNnmAEBQ6)@Duh56lWa4;=``DYE3lVm{}+?9u?r4Fiyhe8cvFW`Rfg z4=>EVA-fLE%d^?YzcvMnW9k5{3g2fD58i0q%U3I9!1quXA_ z@!Ng+Oe+#$|LBT^kVdnIhM%ryrmuB+VHfsISqnU3jCqo-6_*-;5dXtiz_gp7XOG%pjRrq7NRMm}+X*3{*Ne3FdzO7=4zTiILt?fXdjO6@M1TbRPS z5$|-mv}xwtkkAs*RO%Fb2}u)SfCW2$We*JpcO6r;X6y?1u7-lrOvDN?M*Z)j{$^cH%s#NbKvq+-WA5~eoU7u` z=8^&pb2962kp1h5GQ+mlHO436VqyFuL*{JK&UOyiq3p!)*Rsz~ zj?*qDoxxZTU3@qQTJ#mLSpO^8|z=UyLRbwKkv|0{~n=XB5A6Y5)mThcGIuvqv54iTpi*A^``F-tto6O zF7UA`%p4sVaIi`Nan8+ZYOMcRjauZCESyt;Lw95>3I|;rolA=HoX$?kP0QSS@!D2S z%J5L{s2%c8R?fm$VE%*vN9<s6$Lj zDkCS?{}|;f-_OX%NEl3jyWB)PW_^7fk)3T(K+WEK;lgBgn; z6E%-e#;@?(fz$Bdxuu_hQSQe?8ai*e+CKP=9b0xuc0r+*TOU24j5wGWLj_Qe1(uHm z{nFv#p#w}baU^-gMaiaR^yo8Wf&p45#)%k8r9mXw!g_mqjo5A*04MSGRmQTm zlG1M`7Jv)OQfhFY@dV{Em&FZ6{Wnzw4dv@3)Y@7C_U!@_Af>kGJg{9ai>ScAJsv{m zCEycaK-GUDmKsk&ETGQzzieGC_N&oQE-5a-qsY%X)?F=Am!F2(k*6(+i|s6riBUX5 z|NT3d2Sl;54x4`em(J^gSOU9#vt;q+dryFrbR~^ zbkR1}7yhcUgz?X%#Hj?>N<9KH!N5rz9U68~bx1?T@y*LjPl^HHho@^lvC&omveL5o zy}D9W&ak#N*}pcYIy%HduyjsS!NFLt)W}5&Jk+ge>|mGW^GQr?sC5GHH31hHXug9* zaN?TfdMwN&JAIL7U|YU=`0(8Nt&B3aOW5;Y+=saRVMi*}XU~33a-1-~hdurpF(A0V z#kX5XYk=f@v1Z|RkOx(Dl8W-H^>MdO%8v1|#~#1(w$f@$93`e72Ah49u3U&#S(ag2!@k3u1@20+7;u*chqCgv>ZFt-xS-lh^bvYvQvS~=&K@)U zL5m{V&rc*4p7qhmjPH;cj}pjR5$ys3`6Zg;;sbba_KZ&b5C5x~taf^L9RcE67=Ad{ zXkoVB*v_}4{Vx1CGOYso$S?&wXL$wG+(^|6j*Oo#3`uoV4NcOMhJPNThgi^uyP!L zM82YzlXukHuG8hh=%)H>eI}MxA*gQ}&$e>JzxuH<^wx@wCgiPStgQ!O_<-ZuPC_EV z8oj2D;J~01r8+Hkds2xRaf5n$ z*YKy->CvUSj>2zmE~0rlo}D1Ei#2l@v1Z}3=!#Z)Mz1>2X0c;B2=MW9dlK#R_rtZE zSW6#C%I7(r+XLyC2$y7p<`@{a*k?yYNK#IqN80=*<`tgBJ`Cdr>yfW}q7$n~_}dFg zp$3<|Vp}uH5Ki;#w{M&@uJYp4y~WGPIs_UC79Ae798B2$M0AoWpVEfjboW?@>P#Lc z*$_s9L_sst&>Dtq{#dhwqwj%~TMdz&jq1A5EVR>Qk%0oIwQ_kE462 z*m=pkf^*-?4fOYymIxZ!>~FO319xvqP(j7^s|Yv0ys^(*)Q{RyJ5mTK%96_-pR`Jk z`!f4zjE9k$RAD46wBk6^qk7zHCC3brQ5b6aS~$AtA{lHVZ!2Avl+lnCDg(9lyZTX7 zk81$7PAcp^^FIElrL|aS`Z=nxM+qW2ggke1ha@)J>8e;Ra9?@IpbgHCMQcT}joQlu zpYIFP%=1DwY!^W?EFHf-09Q`-17PFpZ+Sh`6j0_YQh~!J7s|_qf znC!LcXcazc43PZ&h__B%zumawk&M5u^l9WmR09?_0smNTT$Kq;K$={qYw~V2-?vfw zB(=c;G=eC&AvTGimK5I*_ssKo)x4gOCS3e^AdJ}D8(E&Ddo@~KNnlH+vI53ur>n>y znnFkUZ&uIS4+zXsiUG2Ed{UO6rY1wB<5T8>PL2Lo5(*Teq6`G$_lnD<6Pn^uKKHJR zU&v(ZAub2g^c9m5<^lohrIPsvdrhC$msWR|VXBS8!#q}2kZ8%(@%P zo3qZ*Zle5pp_a*ZIgS0IUnHwJ^Ez?YOP0ZfKM&8}rpXKjleGCuDx=U(t>cbKVJlrg z$m8Uu%}gSAtRCi{!8=^oktacy5*E8_gzs2PQF?Z%zc&O$zJ+w3*+SG(NI zr;w_NGb?9*zYFq6M1Da5KT!Q~Nq2R1C7XaKD=+`gR|*P>`$HaygzfO`>zk{9s!%S? z!s)LJLxsCucYYc5Qx}Ed6$IBeO67gbk``kscc9;o{&H@02#Y(g5VA6fH08VagQj1< zTsk1apX5Gj*mzyU?Z2Ixpf|C|IkKqsXJaE(Y3^fx%6`!^TEb8n(v+kv^8%8!EOytD zmoG&@ph_|TOntARp#kWaO%d}iEtE)Q<$eGDB*VVtKkKEpx3>io|L9f*>s#<$OH9c( zN&Ajg*HcGfr{_a{`n46n67QfrMbbWo@+WKK|0x+AE&!0a>L-!e<|JW=7 z=CsH(9xErN{7>PE2ph2JKM>2qYWE+<_WzA^Y#cp!V60QX<9dUi?%z?rE;a)$C%r>W zwvZ496^B5!k5M@H3Bl%y*BU5nENRpO+ECO~XC0{W)rV^Rw*PR7F}a87@3UyJ)Ew@2 z54Q^)mY77GGr&QNC9pzpFalur+JJg<8@33}eh2G(rP??J%}Qb7pVm|4+%e&DWP12{ z+48sBjOFumjEr}qlk?;Ai-Pauwr-(4}cX0-jbM=ECPf>n3Cco zQb=BiM>qiHtB(SLA|%gow6#9lzTXW7@=y>G%Uys(%Q7o|DLFUc}9t*#N5nyNDM zPEh#ufk}qhpZN)eeeMR8HrA*5HUKI#n64H3F_K@G@&y^coNj&USQ16X=FfJf25twh zMsDNiq{n~-B=(}_o*3$wPW%9VeV-kuni?CYs!C+NLl`sHpV$FQ+}ej^RAZpDz}=i+ zusz(93&0CZ%)VnMT{f5XGV#J>Qd^)77e z9U2qmXX9_q6%gfQ<6`CGq^Cus+58!3csJNHHOeR43UD!4nVEX0C+f}2>uPEF%BlLs zI&u&N+{n&$ep=p%$pz6S_uP8cOe#U%z*hmx42N$tUVDkM*z&J=lki`5c9puvWT^6DG+NB_w zz*8rj(W!dW1I4&5Jqr+?fq{XZ1c}Pz)YVmO8TF9(r)HZFEj09& z?W+W(#kLc#ZMLg?#LA93%4OqD&$wNg4LM?9REvgADZZ&TKmYFZdH_B{*bdKf{bG9W zXc-w>nSSi06<>3l^#_AW*dRukx z8pvnYvgQB}cWD(VjiD#jv=e>Y=|K&T@>t#s&$S9PCrermIAKc{%3+*`_U844L-ISF&H@{E239w@=e>xA#tS`7B}S*IaI?uV-C>o^2k= zKdXU9@;dRwi`Q`mYDpi@g8Tbru$~Q>n{Xm>Q^J{Qr}6nFzs;F^q6~Dmk+V)nr zd`-uJ2p1XO+@MfY*4$j)S6Lig80X^=QQY2J9uw>$Ws=3{W7+u>av02Pc!1fU!~ZDw zQ7tBAe>5+CKuh;~JjmE+(lc!A+KPO6!UB!^);4M`Dn9f1N@=;nMq3gE2-uY2dp+?d z;qyQ?EYL-N?!Yrn2L*@}7a?;GSX-DQzJpXnb%LGDgeRWiX>Fpg_uKeb!u(7NNtVxa zch<*L1;TQDy?k#Lv;id%vi#I7U!CL1mDTP3D~oF$fJ7qcGd=*Im(64}rlYS6LKb~Y zw&UlOi0?j4M7t6p8;?1PBGjaul=y&@BE!jY>+b1VDonELsUTc}s38Ush&zixA1#rZ z&^k*87)VzqSjHLMkEiZ6wKq@Oow38u2y<%c+-|;qbiu|V?37rmh<5rDc`d}C(X20E zSyuENmH?)t48}aHs6LTnx82KUJvwy0z`!cnT0Jew?+KS<-AsfRV&clcjYcq+X=DoA zl{0Ude4E%(kTc;`{ecNEjP<$C#@g=QriM*K9c^8+%q->3W`)fCvtxo(Q$4?nvz!{5 z7-#zCX*hWDJghi`-_}?pjO)FO{y8p_Y7_B1j4W$lmG<&gh!ib87FKn;zXa}JdFS?V zR0tWweS2OvIRwu6qC+r#@1Ez|Jny&;aYn(`f-1Zan)R^(#~)fArnWD!ih$26u_RMv zs0XFj88}BR8i#C7xmtS3Xa=tNF|b8O-xaa(nwedn7Y(8FN}qe1f1v-viH-?X&4p)Y zO7o0M>?bPAYybKYbcPkOmF~{$@_n2*!;BK25>iB6U_nF%{|VEPZ960cfZwfNp3^gZ z^T2~X9G`Q>pRUy)B0d(<1g4X-in53Z>|?&_%xg_%W}S{srDVBG%nU5n`3wMf0kSf) zZh8u$^j>ki{QUQ~J9)K-n?O+IsB{QwE|gw zD^l7{_^pz5O)r?RO7hc*3P%L9S*c{QRi3m`N^e98F%+7+X-;I~uLGY2mlNy5qTIv_ zJ2|XxzE-5HE2{wvRRkiEUoGhjfRA6(tVQgndSqqgL-w>2@Jlk~OiSqtv%)aZ5q+p$ z52FhV%`bE`vEIv`J+GNC-8GR=rkZ&gF&yg0ILpU$L zB=58WD27Obr$S+L9Z1VDARswi4D>m6I!q`nMxH>_;%&PwC=|mA)92T{sww!9PfvH< zF?IdVi9BG)Vsc&Npts=hl=?@EI1tTZ`j30r0RR>MK51e-r0ux5xp{!36l!#Ibb0w| zi6C3-)s>qOJgKPdCagxe{cKs6pO-$GA5iRbBVG_~AAeK)as&G47m!(cwX?Gm5*`kC zVuO!Rz8XZu#uAW`$*PXLJ4kQFQ5uq!mhS29Ub3QCux*c}E}rbGJh{GhUp{O3-;QHx zZC#X`y9DHQmf~NiRYbl#<~#BcM)QkIOzdH53HVy0->$ZTuUS}DRu+zPydl1H_fa?b z_}E_l(N};05~r!7L-qh^?=zkj&$1GvR+Q7Z7j2%2DBS5My6n<1); z+d-1^T}s1qT&(aipBt#r7jvU;NwC+X#H2~Ikl%ub6BfY}vMi~|vC~{~$f{2ibdeEs zuT83bL|eVBJ>}kSMu`5{2(ZjV%_L*y&h<^VGVy-o$t9y+loxxyC2n3 zvYD57T;%KOGC_+oWU zWkz^(l20*_NE}0UkBs7As|fq#NG5+9fz9*e$#)G9p%Ut=K$p$Y_OBJA3!1hn&B*JN zZ8`MC+?13LxaiOeB(8S`j(5B_a3>TTg#}!@8EZomY~(mxtyVtCapV9_NI($A_33GA zg!QmFcYAYaDXFz}$K&P5EB~E<^PAX_K%&ead7hH9@2u_XhGl>E3WDf9X^HaGmejk% zHBu+bd*gGGIHFB+#`5!VbMgosEjQw#EP0*pkKuD`pKQ65M9dQlqyzFfC0-8y++j^QW_F8umLOW$f$=t&I?!f+*8cnhwK@7ydX=wlZ0 zE=)UC)nP5p58xNwGpEm#?@7)WlS03_M(=4!+S^RCB%Ym}<^Emlz!{{l^e6HtNP330 zh`CQ%Z|r-`dBxF@8@**lbB<3!a%rMtCwWmxs;BR;|8(rg=T_uDxJZb zC&vcsx5Mv;S`JTJlWKd?Qx<-2MBs(UJGxv96M9F$dNLHkE^t^Hsz|V|Pv0Lm*<-#Kq}HZejdg$9cp`kuBzpf$2k$ZRdT|;kDa? z;{$27DI4wmgn`}twm%}Yo9g-aRys-cy!4-xr`9Sg+72&3d6muGL&E-d44BOhqHqLh zxhFF8jAuZYA!x`?)dA%4+&XI!5DAzzuKjvDdW*ska@gwcs=-?S@tkaeyrZ9m$NF<2 z!&z@+G+Q2lF)P1-wtTi$DSkXM z$=+2t#ld&pNuX)LFS~{r0tyda-^kOLIal?)SKzGl`qM@kw*b${s~sVfwYH8Qeujz) zcH)m{|ER#t00q0nT_#fG?0YyP@wY8|q~{xmlxOtF_MQJE^`lB?F`9g}8fLgZFcWI`6PS@*Z(Tw-Et7-;DJew-X!P23HW>hxN1 z_)AaJPTBpSfGxz!J@T8j!SO3d4I+-s!rDKfre5Q8XQ->PsOXS)YfPdgeRY|yZ^W>{ zAiz@5PASrGuh~`|!b?e}d-md_QUWZ*o?4DbhFWCPHepB048X{1RQ@p$FvFsM-SF3)&g3W ziTwSWsgVj08fod8=A|y;Xdj~!sIJLvC}t6z7>SM2&{xwkpb$Sh4I3(E>N&-g-6ywt z=6J@!n0H>vDaZIa5VK67gv>Z>^5(k38Aq*7r!LO1>9`N&a{e-rr-R&am@_vyA*@m@ z!qyObU3=&HhF;*U^w#xSR!ypVuKMESo^je2g~__Ah!Z^xhGn;st>xvIY&T{2&KPYeJ_Yk& zSSFZ(aW(Kw(WflCwL0Rz3oLpOzAt=bQ36?~NWa)sw&#l;k1b|5)=?oj+1yPLw0|9z z=}2h&E9)Kml$_ckZ$6dkeWJzT?U&M3mv~FF^|lJy+{A$qTy8(MU0<}q-OtB5Xte1;NrOMkU&sE_bJ!Kkeo}j+tQ1% z9`gug-m0E3mzeRgl++#1FMmH?FX{TP=yfH0L!qRoza-E1bN8euy}tdT)?Xb3^u6&>!rnbWaChYwA=m1IIE?8ez(p92Q5botMkCNO><{(z z+jH0z1BEQI^$g`vkC6j_AVsj~QE(bm^ew5@lvt;b-^(1^B@#t(eC-S%G&5|HLF*w< zDJ(ULet+L@?xD9xHR0GCl;}toruHeeTA};-IbRt@m{Vy?k)hA+7+hsP*MmFoHq+vx zG>tMr!SDz@W4?{euilRu`|Ne3sb`GUUuFO6YPHL6? zx9kc&f7&v8BMme9F7TFVT7r;>AkGYZ(JO!Bpg3o3PbZ$JBrBWZ)hq4sxhTs0yxr|R z%QVQI#_2814;#A=yI&jdIAd4rlW&H{NT}PSY7@5oH-7BQTtTwj`;u$_w$D#1YL8Tv zHutR^d5H^p)b1?uOYoVXF>MBzvRXYwS-QIbGQZ}gxmn+w^|kB_mGXYvhn8V^sMfSW;EbwlI0n7?oX0Ha4e<$uympVd#^ftG0++ zhSG$lZI%a(&v(#bRH4gI9gk?s%p41H@V$0dyV6x2tTrbzF1S=&PAs=L5%SopM)x3y z=V-1}lJ8Ch%BarAL||NaBm;6X5O5f5Tkfo0e$6sblYC^X2B*>y-(v9PcT?pK>dKeL zK_X2IXcTVpzfDPvR_o~|sZ}J|&$@e3zWulwQR;tk>ghQ~Qy8Pypjq)697fi$Qb0=VLQ@32W3XyGMWH1Qf`P zRN5#G7JNSSYjB-fQzV8Rs^AtT!*fsS>8{@Km2`JXgPQX-?~k0YWr-p-=lZ|Q{`e6a z=0|!>)?dOj!L6ByfXSzHRHTrH?YNgHsFZx;c`EvY=c(*2gGKQ4jAm<7b_`NqOUJ-q z3<+)uQiB92GR7nw!)D56!tDqx%lJxat~#V-T#VJg%vZ6Kt{UQ|U}jD+vP~_m9DJod#z^{GP>Gb)Pfed8DpXxhMF$h(iO z|J-Flod;RThdorDkO}r}!k5w1)zcHVz; zlywT+0~kDJ3c7t+Ht_(3@bqhGK4*xQP$r@{~t6 z(WaG+;|C=P2V={tCrX>lH2RZvrX~mZq=T*PTn?-RXFT+lSw(r}9!VnHGpf^NHM5T* z0XO_7;&ag51J}4^r{P42amnjU-6Gi9`@6N#wZx?BWxxm6w^ZOw_kUzNMYL^G5lei) z*MH*#>%X$GUKKwPBJVz_9I61U!FFvO9ZP8U8!rGN0ORB1hla8Y%%^;86cQAKt9-?M zWY_2&gQ%wH1}L(aE?)xJhSA>Mo}HatC6EC_gF>MhnVDT(@#`0RiE{KuIC9AI zcRB$VWOmtsI}*B}!87C1-oC!E(b0FfZ4W@f=2uivVC>3TIXhS7<>dkChK2V45l2U7 zw(o4qATK8;r?@!0+{v~1rABa#eiCyR0KZ8$(Eiun?Vx2{Ruta<5p($;V3_|$n_Nv{ zMjXTr4kw44RBSxSgG;*qlyp#Bxl80!cu0#f%L@wX(eLl}?`hahH#dnlTK`emTHs;| zqOJzRIRS7>I3h7=`Bf&jJN>$k+w4i`byK39K+Y+RoPe>pr}w!VxBlX=+)g_);e+_! z*9d@b%hGrrToZgQCjSSU$Bb~?S+1OZmTP59(wixTW5b-Af_0_RI&_+UurPjLP%1XU z@n^)aO0d*h^dOXuTqyBSH%V0JmY(LS6e(FJv@3-nEAc93<|rlAswT&>unPVgmdJCu zvy-&ZUud1!y$4?d(4JBen4MLL*#hG$Lf|4=q#grMkA7Wzp@!r@E006QkL|7X{phmc z*k8>8ZNSqzGn;(!n>*VEScTHfpoLoY_k8hdyD$%Q54d}vsXvrE$h5VLG;r%2fhasB zcClRymp;G#s0$r3uk=*SDG*pd{!TpO>THlT_i)AZ1MzuG*GLN31_v6z(vy|k#9hP% zXk?|n?LY#vC9iYl>;p1qA?x%xbk^JKQdm_AWvJuinckn{ejD*t%h#+$@Ppz(=eiv z`LT2!bp|pS?F!!bT*goQZb~tgXTT$F_f&0D+|9Pru9lk2h)MjORs2miFL@2cx3-5G zc1GZDob9ZIUATmsKj9&RggahDkhEh}@!7V*KW@digM_wbCYWe-SYgRX|($= zo~gxUlN;SBui{rBD3&}8qB#~z9vP3eUfJc5fOBG)$6=A@Qs<*=<04Z4Xs796Kb(XCM{qeTn z7QrGcph6Bz(zMRCBFoKVK+02t_^ud01?NY{!T) z&6PdlUZz#F=d#x-WSw3r?yIftYkA2ecc=R>Lusf&4@Z5ErK7fBUP+yw*^7B*f*Cln z&!T+WnzU(eF&Zhboyvg}?%K8?uVSWtj(zubb{!s3)E%Z0b$=L8SuT2T1E zQ&#<-RZnHDjEtxOSOE~|TzD@gCT3@MbbA|OfQgRs6&Hy9SV{p|htSYafPd|Z3M^U} z7#NwEnMoIl06QcNm};*8;wg~Nd8njVieFt@dk`S?OnX?kUs~j6WPAfySpc37hle~6 zl6?RBVhsdiy0$S0fLa21z7+q!6a~~y03026l0BQLQ&r4Na;)V^&Ly5-SoR-e+ERCW z+#iy`LdwkXST%*uzcL~^mq(E-*7ixfeN4AP^nSlr_;^boESuJMgKw-vEhp-q}1}`!?%YWd~ihxUtH> znj6WqDa}c)v=6a}=J(U0A(^0loAfhK#Tk}^+1<0Ekxl`l zO*du>AL}?cT<5b1Fr|^|qC(XiH?`9vW!E-?JOD=WP?fsWcGk-yk(y0F`y(J5KNLJ9 zKVlwjRk20Fb;^=JiF@YEzMZs;Pl9R~(}G57nZ?8{M4w5^Im1nxo>82aN!RzGj|!1h zTf#QfF-9ZIIzYowSY94$WVlI?vTqGpet}Q4cCZ3ehJq#tNj?npbYo_Bf>a3;wn#eG z)$wzlc(`@N#7stvL?T460MRrri4-Di^69V`2j7Wh4D9wDi`>epthC(31Q0ifpGyEg z-%d$+u*NdRH5MFa0*S3=r!APyPbyqaddI4_jUosRQ)Sp@7CpxT9>g7JWj)wTZ#Vd^ z!YEG6mVKy)Etgt9Qg18#W>C1_ih_y|0I~*IZ5cF-SFA!Gf=rcE;b` z3axUWXFe8(Lp1Ryo{j`v6;)p0U!+A{zag}w>gWFD1B+ES14C&=S+~nFR9Tk)8Kf zxp{VdAJgLPoElqBRnOs{-vKi2${Hm%gnTAX>&>s|>SZWJoX_>0Pc&sh8~uH=Q+(x} zX5U*>^ccH2`9aF~C={Z>!%Y`Hq8)tc8J5i1WMs6QlpE?0zGW#&nr>?0)$1xC%+x?~N5Q9GeP}!9ex-&ZwJ`Ra&nF`YdWw%> z>rYuR49T@Z#5y8anYu0NqzkcOhRAuwLuw5*JHI(NOLTBcZ_+PyTfI{rGxkHZ zj%@l1YU@A$#!;QdVzgjx3+nitQF3@8fajM)3m-hyR6(u*`MW0E8r@Xma9s5O(2LGl@QJ#M&ePZZpI;&bb#45|~ zyyr`@_xD|9L#N`^hkZuN3YNn>H51*mMtv(Cg}Ou?*GHBOGRG}0gJN&|BL) zcWBf}*_4%?4b0)xZy5&oReN^05HW@P6EVKY&hG4-4hRnJ(XQLlB;UK!&ts^WpV2Jk zRP39>9ex&!h}+REn)}e{c{DpyXQHCqW)3_hS!lkVq8e`dATgBhe2Tuf{a;oE$o5)E zyUTshUz44`@&0UM#KGG#&@(pQ6)}Spolt&pu(S$P`jf<~FDNH&Z0r#d$ML=sh$Grs zA&3^_pCDWZ2o+ldFnumCSs->8G}Wxaq+LqGvD6>_jas>LL+YdzRal70kV%3j8H5a6 z#ULzb&ZBA>3wcF8a@MQFwsd!#&jXq#_gM*I670hgG%o-`(L|C(RtiX%TF%TnT1m8- zEeSr}?*)Qr8^1cYO(N#M;0A?;D6lfiYQ*x=l`Cs(Co?$T?Z#7EyTfh+K$dAN1Ukw^ zmU%GY)_mCtp0h8QPKw^pRiPPmPaWp3gXFvoK5|3Cw7hIh75=+t@sw7GjLh-S_fJup zeM$07t#WQ$R|Fqw?3;K`I>V zH2KprHy=_=0R`#@XvKNPe#<^FVtHFcnL^)o?<(bFeS=c^8_iz) zN8^eLDwx3S>PMq_!sD+OSPyCHfSs^W{1!MMJOmVQq(0=6FTecv%rn4x(XAi8c~0yi5# ztg8SH!>X!08*q^M*IrqmU%c_6U*cPuO1P1bkhp;g5HAHF=d~7n#ZwN8de8Uf+fm;^ zDmF$XmqXaLKiQ`y3<}3m+&&-pnn;)WM#Ah>MKF7+6voHp*r2TVsqIWFwNs*j9O3pP z16A01ii_!A@c_!;6c2_oArIDB#R()c0o@SHdBF=FAnxnC1c6UD2CR79=GQ|ZwO_Geg*m#2B1GB=Fdc8s=zHQAzT| zPPDW8aRX?0qa}}q#c9VwQ>U$}RPox&C}QaiHg&I~AabRk83;g{o;!ByQ&1D*?xeHfg zhN{p1a?LN+1F>|$(O}n~#jW!E!VDyAV!Arq1oDx7^%zf zMo~X&LJ!Ncb|U#1n6}rye32v|OsTsgykvt|5KvL8Pb(rX?+a>nhHqnYhN*@ZU8&2W zZQxT*tPkSU&=!-8{4tk1=wSE*hm4jMk?)kP-mjerum#aznW%Ct% z+moT!kmE9)<=mE6VHi}g^!Fnj(x?>DZ%6PP%!)bY)Ev_Tof0UF)!PSpMV@pp za=TQ(%i2P38lCjoQwhv5!#NoA2Ilf)^WMgLxPDwSP$US<3d-BhZ!^4ucCs&V`CFy+`XAO|UNF`ORK$!OQ~jY`!rn)dtbA z5k{6Rm4V3yprCKHrS*Zig{6)8U%oB~3rVT)+Vz0JMsoJY?CZ|@UfK(rzueuJ4()@3 zDO>^d4hT&UP#m`d`G0An@&D}X{hvP(nGeA33JMD1j(b3V;eo!m+>UWNb ziIMpR27{NA7nH+>Vob&JseG_f_QEm^F%Jjlt0JnZ8(p9orJRHIRM|_(w-DFjhn4Lq};(aqdn^w?~f$pIdPbqOqc31cA_zmue0y49`nM zo7PVn^d>rG_3rZ@HN=Do=d8+g3K&^@1Hr zl4889l{f+m(>09WTz}_z5S6V`KQ$%L=S1$@A2TsEb*9E{J67!3WoeqJTEBOLz40fi z)*#DAS9TJ`KIQDAH}z*QNHGyo6|3ocOym^uV^l|ZK)~<7pUo(;xjjQYBv4mRd*N}C z@b1pH%E}dllGW*?jFW>C_8MQ!y8IDASSv^6X+>C%;ow%4C!48h+M=`NT>nFS%dLtl z&2@|$Qeu(5@5$9coO877ciC56Jpu>vZ(kd{`2O(~&p(guZ*slNeF!R!$^iK?ZDe}E zgf|dL+UhXjlfjc!m@vra$=de!z`(}9qtbc{z4Pmk?OJ2xWcf(Fpbv5yQr6=NwpUb! zv5RXqHL^*7bDwZ^cp{|1`ua@9890gBQ6&)*d6!c)tI3HIh?4m?;kA`ni~EIz1<7X> zn&FiRJ*%rHmtGvDc0OnPf*YyzG5C>{Iv2?maS){IuyS;PuD?!vcCwE2c)}`m8;>xH z2U^9Ukqp}yCrP_(*t%;b`MJoOZG_P6RB5FdBQkk;e0*$dY`otUm_D?Ac6KI@yp!3l zT3P1x>p_My7hB+4kjG+?dQZ<;yEH>dpK=AInL}l4Y35u-)Wuch$5h@1uT}*wpo>gn zC0$$u8?9$qQSrL(89v$Uv9hvNr=ZsKx!(NEwSMF$Mx1+YBp_FznWR+{{Wq@Tob|R& zmSZO;GAE+dwX;xyl)SbVm36^o&Xrxsz|B&uPEn514gmp;=k!G=*w~N& zvPFfehCU59%i|G$Ia^(P>(o$l5v1+tY-~9oK*k$WW%hmatI3=hRbcR0{CF~-6<{o*1NSmzd{F)fQ<}G)V++0H zI;^fnB3dVfcr;QdIg3~Y!EZ$MFO6L+UWQnSQU+)rk(wWViHT|TK%v+BY^02=RSY}& zSNmf~B&=Rau&#e{Glk?rHqsadg{BtR@vFG@RqQ23G&y<#6K8zsVLem40s0qv2i2-u z(#LzD0mo|2&KFJ)JC(7F{gg)SC_}pX)8MvKUEPe`s0Qza?9r{3O~z@wM6YyB$%`}7 zGE~RKCkR#6guGnQ#<_jW)IeqXJH6gbvRf&O0g=|KrypL3h=^ogG<*SmYil;3&aI%l z5w0o&_9Pb{+i()R!~#{$^$Gf7deR1BhEM#eF4Q?DPanLo>2botr(x5gwz0#`g#S*c zTU_1dt~O}louWKbyV@VM{o{0aQV1_;tP!T~%jsv|-u9`i=KT|&E&Qv^Z5?#v7*^Vw zT{!*ptJtq530h5)CyoK(beUVRVP@ABGP)U~wk454fz}SP6=xVeM0Ewe%G7see%{s9H3T!u zQgJok&ny{=xlUl&z{v{lct%1*M4~&G=;RlOl9E7o=6YQJV`T~p%O=8O`A=9FZi_(phF7jsXTqT>sghkm z-DZ*Kk@N@YF5V-%C!E)xj2jqyGgiF|93~4=l7C@cU^A>Gr&S(Nh3U{cWZN@8esbtW zo!g+uwk zgn=Ab)X`^D-$WhBv@*q_ymof1O)($qK}OQ8KP3SqBu!*_(w%|Qu71t&@o|-+9iJfe z7%8`)b5oLo&I-n`?ho3x7T3Z1|I})V{l~akeDv?E>>c(0xW9ftZV@;b@Q4Zj6N}Hj zbn-RRU}>3QPgQg!~N&oBovA`4+Dqq9_kgpP00r}{=In7A$Nw@qnrDl_=k#rYZtUwR@ba#E|bA3`0(4`1y>zSPJPIV9RrKrVz zMGYeSd<3F$Lj75SdB)JkbL!~iV+qiv6+t6Xme{L8h#v^IGGf9wwK+BccWfir7|FT-z78@@OY6Hh&jOqP7;iT0$`r z4vl=sr^HT5AW^|N6XhzT50IdMK1(5tJcc*XFg}`#GSOiH)U^|SEgU*ASp9XHU}5$` zTn#&5Ah8!1cz{ymRmibEae+wZe=@Ee>$c!0oSobxp4|9L>{s8CyI`AaeV$T?ec?B)Lg^^P1|Ye+VRFgo$$odwatdx5@V4T@aHr^j(e zF|PI|lIGN~Xtje!5ACTkRHB*)%_Z!=!%42U)%};3&gupWgpkljqFU!dDIXMZRbBP^ zpOdvix+8iQn#n?yp7R&;j-sW`mybF5MYiVaAfa!KP|+^vS6y;5fx=j9DhcPUVvNK7@F5#wqx8N_FwGkJ~| z+t<1n72t#mwI8r?Xm97|?K-}E_wIl{Hnq8<8t7$!FVs*A%Cai=Tmr0Q z>@Rw@wWOu@n_o{P5tt$B_)Ljcs78HjG%z6Zjz%xfcyIA&m{4h4n*=nJAb15RfX`Ov z?*Rg^J}$Q9!iBA%bUsS#;B(Qiz%=pjc8|FMk-o$2C;6hR?lcUl`k8fy1ta?*(V2ON8GudDNNX7JU?J@jYBm zD=~z_$I*(Po6+*-wO{jCrjeRx!Sv0fG51DA(#MQZIzp?vAj0CW>~tyYhT6@<{sg~n zOMBkozvIKwS2%AkvQd{eiq1jp<}`&Rk8f&p^vm_ADA15)(DsjOgGm|a9YoCw!#ffi zhce3_a%|c=b2*9Sk(8(Q26~l^4X|FvQi0}(`BzU|v&L|b^Q=Bpp`7MN;mbey3X@FF z_(P| zDw%ylQa@v($7knGMLUi~JJwEq(x68yU)c9vMNXcJ33g|=9JUej2z6993hEKfc)Ba7 zcVyMJiFq!Fdi%OmR`7w|IznDuRc172;lA_n$u* zG2MTRwh+@^iPi?+%R%tOP6-&0f)Q#t%rRGLCOe}lvsqohL)DL_9nD=UiaPODzt^ml z2S`7Ex4aMEo8#@uD~D3NHr7ols~5Dik`1V-Vt?hO=4jQ>mN5PMTVs2Q(l~3=_3U`a z%Y-cB)|Iw4uwO?+LzN2hCcQ0&-h5#@x4s$uA@fYLM`wVdFV>wuHRV-JK#*^Zqyd=h ztK4+d25!{x8qGS{tJ`TF2PDCojE+c%_9v_x4cKj=lZPbt8~WE(332$5p`d^40%=(o zIRRLsrTW{+qYZmyy|EBJ`0GjH7*``jPbZ6(R(5d#PS-3OT9?R%n$?TwiYgdhcxKy3 z$6`Qn&JgoH^Wf*Gp>6PUUg3y$;F8H5@Pj8$KBmno&qAeZQ$>}H^GNpM#)gIR=HODP z8Z~tz!-DY-4lj4d(!F@;JF^tkOIMWqaaVpSiI%Q%7p4ER1hWnbGEuV_C;Qa+XZmT{ zQ^^J&2d_24ByVRQZ5yUX^S%MzD*iUJcUH7~`<@$0u5kOVlW=9m{66jLqKS~R>F(x> zq1KT7P@hO88~iQtP3d;Lgin`XqFe|DL22<4)X117901+@7V2Ui;Qy+{H>3qlK}xeA z67(&Vnz*N%VbYs*sHMKszv}%&?G#V`GC_ZawQojh+jOJ5ip!0qOSn&nfoVJujd@V+ zt07Q|weB#j%I!=KdU`A86I&?e8?%FvZ<)LIN@@ISNkPAHnUh-lLoFm}%)HKcBZntx zc4G5&^hYn?>ex-fkg|hoev5`dVX-9({5lq8Zyr&AtQ* z=mA9}duxe(?0h@2#OEfm|hhh$3#HGA|++Lk}|g_`xR z*OV3l{Y*Hrte6HlkjUVDIdWCy#IcpF)YQ~)s+aXT9sxB%!U$mzh+bsN?97w!2~X16 zg9}e9kJdt$ck)90|MbWxE6+BAapcCv_by*v;UqC2jIuVjDM{H@dGA#o8`GAhM|Y2> zEAoTd>I-eM@)=#grLlT5yQy;JB)C*~GV*afi$w^|1Tr4LO#iU_TGKF;4@m2oo{6SUfV+XF=A+5)@ z{)#XP(3|s=nX1JMXO+?fGg>Spm(;0?39Ayj!dYP%+W-t zVf_R-)r?x=daK}@M*1p_C|););YTH8E^<;Hw(bYBZZfGU*1_l5=J=Hog0=BRuO{Q4 z%?&WBWEey*yP4yE@N<-j7w68HD1oP)K+ zrPQAb*j%l%D<~w2n`nR=xfSEi6~XXj4duUca_x3%KO|0XX=%9)RIIJ70UXqz&dvsn z6zbFwXZJx08BZxEzayT3B7^cLiUY5b=sT@Qy4&Z(Lr1i{tu)>WRSc*MQsshSf~)mI z!*$_IBltR*eLaIEoD?je0+wnvRYh$G_8HZd;+mecrjN0!*<0_}P8&DBiG!98b^X_owg1#al-gFf7`>K5XqdbB+ibb( z+8DKaAyu*V=X+u3a$Q9xE~w=UtGBjz%JzNJz?ti zZeVR{aM8G1P{T=otg)`79f>doL9j07+t9wV z6AZbw8^7jbA|uQ4E5G1>>Q{CuA@Q1GTEdhKUz5acPW zp9i{i%Yk4j->uilovwmHq1xKofJi@UiV{5m5E0=Q6wJxVff~1dGNmPY_)BT}ZK?{b z)+Qx{MUcYB^8IVMCTiIlHU`h$OjV|*4^Lqt<=vLGNxm6Fjy@HR^#(KuX=bHRQ3v-O zY5Kr;#A9+te9sivC}JBCZN*SlKeuc&t(ivx-_=V}p(RqJay#R7wEide_olroNOH%9 zfqH*#c_wSFI$Nqdcl%L!;Q8%f4+sDiUH-YxIyO35BRx_{4;L5LXzwRzU)-rbyX#5B z>Z14^BI)U60&(r_M>5s+H?(8AF_%VN zpP@G|zy4V1-BbAJ zVLNm6=f0$p_g6e-A%4NTA@KD+gQ*${kX*^bLg460Ne z{ppWILw-*cbrtOMWBfR_JO{-AOKn3P89zTMHvKL)7FBz&L^0T1|H_i~C+^I(QF)C6 zTV_-i8j-lqAi^ObP;HgE^yhQZVckv#YM1Lm&shP#Xe`m|E35pPw~LgYfq|tgwiN$j zCB1Bf{I88Y7DcU4J+QHmNSi?#d4`b*SAAlEu8BEVZcnVZYFH)l!G2BoVXPHdvs8Ir z>`SrST?HkM+d#y-H~`S$$L-yl)q%prw1tES-WZ2olwu^okt`?4`l0Jqn0>EMl;FZi z-wx-O8(l7-Z_RRA$BEkRQs*vd$j}bba`V2^QB=qJ=}yko$}kE}r#Uv-SUlQs-A@e(gp(pU+kfq6YSy_ep zn47c^3~*1<&=b+ngEnV@TBM-F`e~o!<=6sx%S|gI#_emVI!dB`inQZqO|a`&HZ4Q) zqE@{L0CrE-rB~f7935S?4P#Ez+CxBJoILmb=2<1cfa2)h#6k58-=uYXZC@Rw#f|M^*cg~LyhaE(=W_J(F>SK!G)4^+jJWsJa23!sgOg(g}R&a-Itx7 zCHo46Sv`f2)vgdj0#JiAD$12<_o^j#)^yuxy<89}MbcnjU$At@7HMdQmBYG|B=R)v z?hq`zVT-_=l^=Dv5PD4`fdRx5Iw66$kqq71=tvThN^FJPTy>!2J9Z(v>;tHMGvBJ0Q9U#l&Gm)8xiHu`oPJfGX+~%$7@ULNW@<(68kMHd z5S!rlgw>P;O^Zr>JvLtzx!mXfnwueF2nz!rAxLCZ9T*?SNq@cN; zgM7s9m=&UDUD9wAHg{}4A19QyQaZ&4LJ@l9)=;y$WSD@|Dhg2Dx>}7`YKgsXmM^R>G=Z*q` zPW%4;sIeEul6sySq^;;V2xCWn}JqN9jH$^mxFd@!&`#x5g~m8JA1o$ zi9|PhfJoK@Or!=o&~fURQMb^e4fJB5)J}#MBp5B(Om5DFoZn`@*)0yi#D$!9ge((= zj@G_(|LWoOygh1lcSI`*|*xEjJy0Z~yWxms=LY*4l zmKg_=4bgl0@-5}%Wi3ppC3|0GMPur9N+TP*?Z>`65D^hnOV+{3KqA2lB7Y32b4exz z>T*~(CL$l?LJt>3-uShSD^MAz?sdhERBQg7cn{xzKcq$Mx{HiTGK-2{L(MNH<5254 z!_CqJxBGwK0!9}X9wF%PN*}#j3&efW+An*4HTRhQ)wu^B{+C9%|M#v(?z+sEX@P-( zo?+dlAvEQhZamNpfS2)Zd5Q)&+kK7CflsM)=Ixa69=>CAK>j4R6>s|EfTUX3kfp#* z=^4)@w#f(J@Y}qC<98NEUcwJQ|A_*cdQM=DR2jE1=#O$%p6Iv*OZujry-F`9SP`eM zbpDjmu;96`PL&)0rju=0iX7ZrmXgQuEMhDlDr4dcNRsvNXb@~0k<=X4F{mT2giE`! zH~6?5`^ZK4S@}1)B^c?KGdRbl{7$OB%nrEPzhd;k64>GU_`apesHCv!g)QGx*iMCJ z{-`FuK)zWyNN3Z>=w8(ipz%2Xq|p!iBHr@rTgzSX@RUioVYP!S%7s5n>fMrHMN&X*Pq{Y0H;bYyOKZl(9^Ob2yYYRilEZvH&ZNWy!6 z_q|J$oeqJhS^9oio?DeVk9w-rO`DffM8s9uy?fGIqSwKO4(Gv;HIT}9Wc~*_N58Rw zseSPmzABcybQ^vq%?#Q(tao10WKops(=&1_JgT0uj+V2A^WuGWAWIwkrk?)hK!Kf z6s~CMJUq40(jU>&5*5kHBj`=<0KZO~o{x?J2#eT;)Jv_YbI$Z_8yf2L@Zuo8t7d`M zw$du@Aue_vntey%L}A)@4mAJ1q4b6E*+wt+h6E9#$rs8MnUH}fHN~MpM;hww*vM$r zM;-cO8fNk2k*s!PjrxtVDBz5Ig(B-z@%?pXm>NwB8tam3wXvg~`*R^Vs}?O+v# z`lmIMcx_x!EF5vb9MZS9$iXhIWsp{{l`M*92@EkdjdV#oV+0xfqKpoNbu&#n5@=Pz z$BxQO2H9pz!;<}S3>l?o=FD@H72G1u4*=+LqU^l5pnb5nMbYA&}5`s5B zYd5ySG|v}c`x(=cew?_#TzLp&ogP39%f0Y;;1izp-D)#j zuZyj@G?W>XvXt!V4SXD*c?G*TTqioR3;i)OfiGp|u(Ma-Og_Km)#m&Ep0iuT5)u&s z>PKg9mE|2jfOB&iSnDdL?5?9I0Y!lY@TA_C+WfmS8&BVD+%>eJ!;0mi5FXJ)1agf!bqA|fTdzPL~*)B*v>V80(#OWq_AAsbgz5vkw}!Cx}i zpZoyMONEn}(q;CAA3tXAHWw?+aaT%g>Mhn&BzRGV`+<1YV=6sR7u6(XYLkTWt_*#_C|UZYGkF&8)2G)B!@UJ;JZVnC}q|`w9^sgm% zAim`+Hza)Q?&gM+F7ej)|HUck%3mqp!tYmqJH>xL5XngaycmG3}PqUM~tNbRX zxOHQ6auNN8V6)r4KS9)}J^cymhY?XxT}Ej)0pWG_k8$K82fYJtz(_Xe7os5Ld7R1XwYiBp$j#+waSla-Pd4f8pC*9*3ODy} zpYY%Xz!DrjZ4P|~@Q!T;LTvqdO?Teb3g;&%svDS+^|_7`{QBu!7}#&?35Q2vJAL=Y>{t2M?|73F!@wFPkl2Jb3Hn$Xtm>9uT<()L<)s} z6ND~<=e~`TN5c%UMRUiYc8Xe%N%BEG!rU=?Dvpw$e8Li6D9}ZVK1i zRO&g^h}{s~aX&3l*B*C8I{rqD*4+oMSpLbO*42rpgpbG%AscLo3m7Akbu~y?_G|;q zbez2v*NY-poeM5xzt6X^0y7Rst^bv#OJnMZ>aHd)NuS=}-uF~kPgg8|nSxts?&wSx z;XSK=kO&+$qMZ|HKJnd<_H!#X21gImSkOq@JE!+wRI$2|t(UfQM6+eq^eOn;(fwPA z6BP6F%`PkDQR45L#;Y9bjpe^~@KO1YqCIp{IX5#PZ4Jxv^r5N%4C_ z22sK<%`cBb_y4pS?3D+toS_2eS+0Y!-ZnEHOzr)Nyc@&&gT3KXOjb+JxK80vN+4-P zP3FfRCGQ&N+m-D~AD&q{EBp|3`&4z1a!sfz_>=Y@*N$`zQMVd`aw>QuGJvV>1jb(< zGsGXN`T%3 zKC#)(-`Z((vnA4hnE8IMq@%Ig^E#-Kw$^9DRfBjQ4Rz~|Gh)vh92C0Zc6ueq_(I6< z>h&&y`i_YrtF6lJPB~8EV#TldxH1SAZhwX3MpoKK*<^kFPxQ8soZ~Amf+Vl<6>S1+ zK`wz7WxD(*PtPRJ7CoBiCZKfS)4$))UPD^LITv(Y9@?dB6xcsjM%;hgb<{JNK83t^ z5LMsP|9vw;I5iqnUE7fS)T1`gLA)CoNGLYsK9hl#^(L+rrI&c)*Y3eqWf7duL|Y#I z-GFbbc4D<8xr)Cs&_2>K%UOh``bo|8@K-PF&bDg%UO>SmU&_ol0`uoyUYce{yy4I}q2 z0~husbYDT0thDSIvz$W%p{2~stzI70+)L(T4+dw(zdC*4EkF5~td!nYG0FNVX@zaO zG1_x}9%iH&QY8G zuVaPjATI>YH1fXgmY1_ZT=q@Vvhn9Qx4xya6Y=AFbDpT{6c*TYcwM{9jM*AiFTBr2 zY~!(+2{B^Tj>?v1uHa$n&d})Aj~2ZOX<^F+uf%y;174$F+(}mz*@COs2OVBn4##9N zmPJewC+SFgaft6#DXC?+53$ASmlMjXor&PqlvCMU23Z()8)*B=Wg|I3;eV_ z=66&x30dxfsYxsKwZGSKi>piH=Ypv97Td{PwmqAyZJ01kM+8bIUcIl_ZHS%uM&5h8 zmb}$^(o@uYT0Od(%+~>O)r~%!8R8{x7*evMR;H1MmY&}v~b3W8@@Q~S>sMa=D^p0o)zp*MMr zZrA$7Tifmfla)3Hnbh4cSy@?FqZZw;X#*C$Yqt)sU@2Rs=cYl4LQnd`!ypSDzDHk%o%EXy=ZC6=Yf^O2R&bL zF{HxM^Ul$1$fV%;7#QcKw(P<)#9u{2%1663G-v@ar6C{ePG`t+Iq( zSdz2ew}5e4u)->&L0GcDAx-4t)UVYwRQK16a~yESCq2EZBwk}yU^(XQHl^G0$n6f> zY3pnD2^PK1s9mY_mk3Fbp57C^xx6@{O;0F^Igj~W1uTuqZdt;at|7eLhkW4!Qf~5w zEp%Iz0@vssnvR~vgormY=D}CBC}*ltLavxt-JWiIFWss*y$TNTV~<<7#I zLS`4=Hh4=a@c>)=a_@_oV@f+-Z@Y<#<5piPogtabwN7mjb??Kth&C^87>E-TU(*QJ z+Av5^?Fg)6(quh9i(9oFqu(&C`Dk?L;U(+uh5X$fA77*H3uoPaYHq&&-Rx0QNq~EWq7&`T1L39Q%n1|8CmXmvsv8TW#`C->jL_o|h2#L!5>)$Vu-KHp)PELT<E=)W=ccXj|+ExY~vbc?&Kqz{Gs z8w3~zYR1HZkvrp70h&qI3xCT4vTv&cu0}FKtKI)5DYNl!x6wIm{*`*=I;^?}&SGMi z{o978KjiTzXLZUaeW7!6cY_50t+o~TCj*p5^9FU!k)UAx-ya#L!3ZiS_Pewc!+O4{Io|ID^_p1Med{uApz|MN?S1t`cNTk#^~kZ5 zdild?6UowPhZYm%&UCogHthQQ?$tsMUjAqC4pkThxj)+WG7Q*?FOn||Is0n4HT3B+M*Obk z-)g4Mm946sHMCqw_|@!RJ5*9j8L7h4%c&4H-?d1_@Bs8MDEszZ9e)$-=o$^gq7DeB z^bc#()cUs_;PNY^cWsC=GGUuOQ5pON(Ui6SxSc|_qMUeHWwI?$rW zTXCo0d*Iv;OBOovODXX#T@vob7hkrX7UT6_Jg}1-v{iPpSa1f6r9&K2Z`xEbs5*n? zR*n2GG~P|oy`P7v7v@p$PSe(F(;D3D_HRi!Ld+SY?eEHgIt8&{>XUUU2iDDzXE|Ne z={NXjWin)-%|-`h;Ef-6>@&>wiO~K(ijl+V?73iJLB$MFAAQtC!L`+STW|zuSWT7( zL`)o_gJ|F1ABCGvKQl;nE)%Nvl^&vTgPomu$EkG$YRAMkk512uzp5_*>5FyFdv8pj zq4MYnf8euRTq`7Swqq&;L266qv7Ou;^4bQuSa-B8tq{`p0IhRY%_23>?rNcFP;2|j zNvFAz;Hq_X$Y|+zF5~x1V+2?Kw}A%z`+`RI%PDFig)5!vzc?)Ig={s$s;m{w2R87j z9K+azQ_9D713H_-iFgZHy!vsAT3z0V*RnfO=&z6X?clI}f^!M}T3}wmr+L~bOG+gV z8#8 z9?KH^Tb6SUtcyR`E=H&dZ=Pccbw+%?q0P{T!`)&pRk^_gm~FR?>QY~lIz)y!N=2c! zs_)zQCY9tz$9dtf&WYz7jCh?EIVFPySxgW|=ByA-HKd!H`X0Rk2mKxV|lN%f2U^Maf*zpA34iVz9yf8P0Sat=#*boF4o7I%qBKv#t8#zrF=<^8(j1vba#;Ajj^adj?xx_0W5(2^tW@teL`MvCWp~BI z`3t5!bD=JGYyKr?GOU`VmZ2q`cj@_Y4bgcN6UaIx_-M)Bp))!!58xDJF*hezg9&qb zqr#SLxD|h&2v;IzeCBxDJ2xNwTNNM`wC{cj)%cC3=~Hp+8Ne(GD&5b*28VJ8owW@6 zEoX(;)j47^kVJ9ZKrt)2W!gNr&>!htT`pp^sx$bl*Zla&qbJnn24DP9E(?R196cd= zyF;Hpzv?KN@uJSrOWPsLGU0BAv{-+JclA9h( zaFQp9vYI}AGdaZek3<_A3vEqni*1n{?CrGL@bu-B*GE&DnhP>R+KMxmg?)^}9EMZ*T5&Rj6bIbZWVu3mdJL;Ih)KXV$9B6uytn^?&O*1?{a>3OHEuayf;^9}qK`9`!u)_z}-n{)u!? zMSE);#>Y=jCOOi`#Yzz9SC8AWfmtN_zjRyw#v<3YY}<9@LX5~wigd_y?m986(j`>@ z78SZbX>20IEf^GRs1;DJ!CA%1S>Z5%G_V=0OR=jP<`cAeLMasTT(uQ%LElP9XJxw; zQAS*53oS2kdHaorMG)#Rs*qUQolE@FP6y>|>Wu8U9CMZ*YENH{o9A!??f&dzl~g-A z$5Y_?v!-}WAdQquQ-3@aK~K+HzkZBb`_gdq?O;&*93RpQKcB~k_%9qj%Cb3(Z7COd zAW*`mJE`@mUMxMy9ppY+4O!YXo;zk5B7-Dzu_;U*wXLo%t^XE8@$~i@n+G%1iv7)DrHT3D0}ZKhuRZ^Y2mo400DyiZBtVmg)D=H26mYZ>R zFw?IWZ%%{dlSSMSN9T7P9E&UKLLHsFnizgd)&-m_zO8QYwQy_5=gIe=hwyoh31?an zyULn#r6#Nf`8xWqJkj++WN6QIsLZ6ybvKU|qAKBc_l|?gLh9)ntk&Ee3##m8Eo>S( zv}e{07CN`d{VctS3etS=(scMnWp%iDW}q8CfFLsjHr-va$bghx4xmB;d4A-!% zRO{!oA8#)wB~aAL#s{1QNFlNs!Y8Yjzhw*C+J%G86JjTLy^eYuCeIh1D7ZQycel*) z1Of!+GW;Z+FAc1ccyX5rk}^_5E4Ylrg#N;M^gqKB=b64Hb#z>Vuz-l@t${a>Lg@T{ zNnC=iGCUaWE{<(1gi?RI`o=eDgb;4E)2;}@9fZ*SR{+xUB`yhhy|8EC#fXRmEL(VK0L zn4m5wIyZZjYDH(s>gd>W7KasGf7IV!^7;GP+{#%*O~v=$6-VJTJ5UmQnB=XEo?=<^ z$2`*f0N{aA&%ti<2Z24?#^d@m-{a5A9(Fn?L6TV~MS4Z4A9B|ZeoOfMs7>!BF*DV@ zu3`$Wm85bdX{PmN8k&(K5P%?xlZ~~j$8TKkWwI-P>ANd&3Iga6A)Jk;4O*a6`0VxhJ~gpOf6Qu!k(H;II%XasH7!abz`sdY~?h( zG@PnhPPU{F=;n8#%ji=g!lGZu&uU{**r_!0m^LBNk+ltxcUBY9rFX!^*xM^;=(){X z2~$^5a})FH?*6m}tf#k*5&pl;`jG6xaPu!9Zrus`6zIfu!JU~qu=JzjW=EuE% z8|HQ_L+!z|3n2-}A6D8q%t1PNycmPHC&2}`=GCp-{vMbsh_PI{xpj-gXl_sZKfNu! zJ7g75opcL8S|p_bl;`d;&>1EnwBh76Nf6CT)4ygi0Y zX2PWkdHV2t$81yj2T2K%Uc1pLLJgdgx2RlV9`I&V?$|sHN{R6(%4%|#ukj)ot*sJf zDiN~XI667*y{|4`MjtWH!GTMLcW3e0?aehDlvq=MIK|TOB@K@%oSmdLe4EX0&{cpu zBoFVVV3(v8?)b(I>yE@@W01Dx3bj;XMC1=qT*~r%wIbzBlD){sx~M#tFX;mPg{EM| zwuW%VQfi`A2tffneyU$`RA{E=YaY_3hWFD)jLC0Bif0R)E3pqbDzsBT`QQ9h$a!Aa zDAs{$VYEysqVh6l@0vW!z=F)A&nb6+S}}kE<~ES>rP~s;#4SdRJmjQ3}NEL>}sE%$PG&}-nps!UZ->6!&~~+djEF|x4*0J1k369 zfZ=Ox#ceP243}0f#S3Xy{PcC&KNQFW7(zT{$>$>PiCcUt)v3(!pJ~d#>R~c ze&uan@;I1>Nx1FS^1PwHGhvQn8}Be`TFYZ7?`Af97i%l(2KMOAqS9^nqBD%oCLT97 zHjW=AYP?JGvwKuRzqHYi!&aX0WsFgbbSaNvrER{Zvb~DHm?JHbXE;E5+G(rBLQLL9 z7ylK{sM*Bf+dt8Btc%qKwDoc@Q8Bx%XjsT2MaMNtVTX~9?^7g72BvG+uG-V65Qvjt>2Pxp&<0?Q zKp+iL`=^8ozAI4MSIxp|4j+6_C~e^#lV+&uSZIc*+v%fj zI?BY>&!`0T z7~IyHRd^#sg&cg%IdqhfTBiecv=-uw%X-t*Y2z0fME(jitTq!#~~(m z*;&B!Cd+EQpjJc`J)r~As`$4l(M2in7@Lh!xCwnSx$1*2GG!WyL?6w{<0Drc(@iQo zu<)X?K`b>|UliCAh2=j+v$95)BojO`FL*V(OU|t?B?R71{zuq?z79to^fPZ=ff#m5 zmFdu5k`UG8DNY&>AfCg;_uqOu?{K#JcaN)9 z`?RW0QL406D~RR`JCH>%caQ-9~TvtV+(uzS^z98bBU9iN=m&-?J~b4W_<4EQ?b-l zJ%^HQ1(*x|E!vC-%kiLZL*`04Fg$%Hb&>@b0gJ}P^jvwP>rVZ?oeR*{WrXwb2Ks6? zpJV1nFgRYVyYBJD+V2`!1V^!mLVxMO1U>8kddvPErg#35gx+`e_nkBZFF`%#4mn{AgA*eP4Li%EMb0mlWY`5UZrb0#rPDs#R62d4zA$rr~;4HL3H|w<#NNZX%pN z)}zzFe&Pk-s|h&wd*UAO9O(op0Hl?}T9=0f@XjEMCCcuQes1lAu=B^1Xwb)!c38g7 zK52 z|F&}gwaWk2C4MTM|HrCyFL2n;)sA2^o>!m<9?l30h!R56A=7&{^!}VKI?0SLKTiW7 z9)Qt0FAw77eO*kXY@gOffktj{G|S3*Mx9TQ7XlcOZheNHGB1G|YFWP+BpA z&}G5MmYS?m+*(fnDm!KxB)x^mw^*4f=cO;!TxAz*gGrue#EgB(^SEx-TWa8Qbt|Gv zKk~vWO;CU8d6sllGgT#!3VW-&Kq;oTRGqohD2v&$zQq)G-(UmZ!GpHs=Jq!kk~ z>7|6t6*ISNkiMgxeRABLp5D!kcXo-*_lvprakuo3D*YB)+#E0G%b+wHL8A5F0#1bI z(^eE07ZlKn0*7z3LTrea+V|}$k3?U7gF#Au<>2wY`KS)G7-w8pXdSdh`&wTpdstHq zX;S{nRXbDVwLZZroOnnqq>H&D)DA-8AmVB2VHNizNZJ4p{2kPn0TVSUHUj7~7e@P} zjc>7L(rK^w?OKdF5#7)G%G45=XsPafSP3l)sra?=p(y$RiVje8z97L4v%O#^_fSE5 zogz4YynR~_EoZql#61&CNhEkic2!?o1083mw^65q(m?|gD;;Y}xb~%tyb8uM1WME+5?D2v|~1zECp# zQhssrI-_yR;>`z1rnklW(>`~~&}=R~Jp6G1c(96s%pp6*@fqO1#`d6}nf9d1%Azk< zq-(8TelAy6Rb;uUv|=wXwn*zY>jN`-q;!8dq~!@@S;%Y9S%PvordQ3dLp7N?XH;|X zkI3O-sU@7Psv?fErUX4m@$S@>Mhb;`EO3~tuoN-BfAeSmE{KSdMyeUKV6u$bejdHV zjkAGDwD{?ND2dr$Jl*f5zKE?qd=PHn6Hrp;PII(F6s>f>X-i z(|gjdNg;c`cY|I1EY4ENw}lNHK8u$clR(77O6W{ir_i13YE z+9v%LjT^Ce{Wh1hWacZhyh&|F4_eIY3Q^;SciZQ~yK1z)HWMt;Bg}hUC9!kEPU-?s zZcaA4tNgU>)>}56UvL3VS_DzPH*1XV-{HlktLHrSRtT_BD9^h_E8E0ThVi~M7^yHo zk4Eb&o>Mr#NY7Z8Tq)QPb4!wc(vaDvPo|M>Ju5uF|1v)4RWN;C^ABol&`E;(y=&J+ zz+mFW8kWGCM4N&{I;l4Q15EjNxzLw=a=E`~87iMk)GENj|Gg=B-M2#|Kde*cMqy0! zqX;3s<#?R)c_0~Nzy?8Bb$+q{&$t8!?8fkR?~oqVXr6wPw_LT|v!9k541xo!4zG*2 zby?$mz*iwv3(f*+!vm&jy)#FTv>)p{RHuvffTWq}`n9A4Y_2)DO&^s{M#~$}Co`J4 zy&SNl=jpyspzCz;Wh}o|yvggW0jlH7;2CoqCEZf4pcEIV-ODF=DG054KJpmQUX1r` zy_iiHvS**h&MuQZyAC&cD)EPH`PJ~{Ak7#^b$Qw| zCZ&c2itl=_L%8(M>6*!(-F5+WQZi?o^`9Ujch9NWvpBf~U%MJ3zzVGJWBui|xp!tR zZ@&~><4!J+3bU2WQ*g?rOaBQdb8JF9p5!xD;A!kGbgxw6sNRe&R*C&<4?l)Ux%y%< zu3bDtIY*~p_|hBCm;i(wl%kRs7V*$ys9{0WMiE-DJyJMuV@I;JhBZXPakl9D%x^SW zhFas9P)Vp=oQFg>WND$Iq4a_ANTsYw^AgvYG!XKJgzlxB}tk1 zCeIx;wLolITlE*OD7GkKN+jkx@;w}$ex`84|4HSHv(Ic^kBYlW&W89e;(S<0q#RfI88vh(jnU5L*wYXkEIO!U zD<9G%1LjkwZrU-PA5nU+h2fvKS=xz1K4(_ZZ66P&kCUaXGji=R5(;}W`W;slV;rLKyo#t>Cu>`l z={EZ=NIqD72vW?g`E5cpOFM_pv(GKEcenPv``AN!2)`M8Er`vM<)AANWI33tSXvd+ z6VZSPxfpLB4xf}3Cf}`>{aDh{3R68tA|=F#X}YJ%G=!4J1*DVFWMnG}qck0_j-!OT zmPk~jdgdrBn(?yC7;cGql1sfP_Zdexwj8eOx!9##_TEgI9mVG94}*1+$9XrFn9JXr zH{X#vEx)6*=DCr><#m^W@^H%j$=RzPieI|Hc}w}jGmTNI+*htdweB)UzH^e4p*^0D ze&3#y^zEfW^`^6YiO16j?roX@R6RMVJ3iOXsB5>JZY*UUq7UiLToH& zba^%@gyvB*ceVZ%M+Nj~%lA4a3G9D+OtrgYRW(}1F1v446Q86y6V;1Ep{fFMUpv&2 z>NP+bI%hHM;`rlzByUEo+H&)~R%|+e0jgz?eeT@VY#xnA$#Ki^@=D75RkYlqv|;Pf zebDhREwhd++ApZDZIhYgjSrk$*M56E44#vlc;K*c?{$jG5Mvpmrh+{f*jFq4|fjb;oY6Q z(s!fjJ9~Mt@TDkz_KdYhLfsQ)>V=TR>rCx&7l(4z+6!zN55JY=^Qf4aBR69VYDr#Pwy(IQkEWNpPeDjO z+$%`ur4lZz-&+ar{O4$#Z72aiKVoAmc!>RIm{43XA-7jB{)Z-a(bNVZ#_!3(R>Y;x~GeB2f)oJr`Hb>llk)+2lxNpR@=euZH`I4{pVLdqf)6>yG^? z-56IplFo7i6VLXLiTu_$?TV;i}2ZqT9IXU7T)Ztx^6T+3<@x7XSBTwkm(6zGkKW|Qso*X}Z z#Gd$?TUJ&awYA^W|40F54@-{GyPuu|uvbp@kpTkX@8^e3&&|r3p1}KZ#!{AePc8?R z08j$#xu8$)8yg#UxdCq~;BN7PIwMX_FM%Z|c;}PX|A{+Ao2dtGdvc0AqMAyL?X(6Y z*CbBB-F5$J@QJ=lHDxsT6!I_F3PJz>230uu?*I5juki^dp0xyeH8Gl~r-g(qU$RHSF_d8&;bC(i(q&u0Gca%S<^6T4&Yt9SH z{`+&V**kgsk!n&^eS0md;qvvOM|&oW*d^`qH!nJEBiuleY!?yYIWOk8AXk_&`&f5-MdDV*3mCw8187FG%gq{x(KOv7Muvf zYVhqU-a}OyI1c%WtDTd4Ha0DMo%udgKF0zBzv>@s~oj;@=3hz!Ko7pqz*9pG0RW5{~Pn zr_o1qq+N^g7yTm%o%dHVBFgj1xg}OaR)5wPh`frBTA#<(hi0{O)vPa+YL&WOs*l-# zUO5|C!>Za}xDSB zwPdYzWF>{pN3qOn73h~t&!I``qx3ZrAAMme{`{tS<2b}CY24>N zPf6}RzVzGKVz>St2 z-7hO;e*c=Ps%l9|37be(Rh7i6JO6!$EzsFIqV0~)taJBcKcpwASw2$whEig~4tqZ$h#TPZwF8M3HKOAQ_| zo6Xu;wc<1@`l^t=A`h^I)9s5pk6LA8v(o~EuL`g?3f%(kDtm6xb=uQET65ty1^kzo z-W5hE3CSSU3U4aUqg8XRDX;ojWVCtDW*D#fp)&NfNm~SC!dyzta*=vYdM0?4IZdHF z4}@T|Zy!HWc*rHR=53#CP-C*Cw;IHD2*?Z4ifEsTQ@Fs?JfJSjD=M>sfnH-3JQeVy t?e`rmyx~8|bdTO{IbydNq8xX8-QzlI_Qy#QpgB@esVP5F!YV#~^[1](#footnote1), Microsoft Listings[1](#footnote1), Microsoft Connections[1](#footnote1), Microsoft Invoicing[1](#footnote1)) - -**Enterprise-grade device management and security capabilities** -* App protection for Office mobile apps -* Device management for Windows 10 PCs -* Consistent security configuration across devices -* Protection of company data across devices -* Windows Defender, always-on and up-to-date - -**Simplified device deployment and user setup** -* Single admin console to setup and manage users and devices -* Auto-installation of Office apps on Windows 10 PCs -* Always up-to-date Office + Windows 10 -* Streamlined deployment of PCs with Windows AutoPilot - -### Who should consider adopting Microsoft 365 Business? -Microsoft 365 Business was built for small and medium-sized customers that have little to no IT resources on staff and want best-in-class productivity and collaboration capabilities of Office 365 together with device management and security solutions that safeguard business data. The Microsoft 365 Business customer is ready to move their IT operations to the cloud and is interested in maintaining a proactive stance to help protect data on both company and employee-owned devices. - -### How can I get Microsoft 365 Business for my business? -Microsoft 365 Business may be purchased through a Microsoft Partner or directly from Microsoft. In choosing whether to purchase directly from Microsoft or via a Microsoft Partner, you should consider your on-staff capability and desire to maintain an IT infrastructure. A Microsoft Partner can help you deploy and manage your IT infrastructure including Microsoft solutions. - -### How much does Microsoft 365 Business cost? -Microsoft 365 Business is offered at USD$20.00 user/month based on an _annual contract_ if purchased directly from Microsoft. When purchased through a Microsoft Partner, pricing can vary based on the services the partner provides and their pricing model for Microsoft 365 Business. There are no planned pricing discounts for government, education or non-profit organizations. - -### Is there a cap to how many Microsoft 365 Business seats a customer can have? -Microsoft 365 Business was designed for small to medium sized businesses with low to medium IT complexity requirements. Customers may purchase up to 300 Microsoft 365 Business licenses for their organization. Customers can mix and match cloud subscriptions; as a result, depending on their organization’s IT requirements, customers may add Microsoft 365 Enterprise licenses to the same account. - -When considering an environment consisting of multiple subscription types, customers should work with their trusted IT advisors to determine how best to manage and secure the various subscriptions as Microsoft 365 Business and Microsoft 365 Enterprise use different capabilities to secure and manage applications and data. - -### Can I combine Microsoft 365 Business with other Microsoft subscription offerings? -Yes, customers can combine their Microsoft 365 Business subscriptions with plans and add-ons from Azure, Dynamics 365, Enterprise Mobility + Security, and Office 365. - -### Is everyone in my business required to have a Microsoft 365 Business subscription? -No, not everyone needs a Microsoft 365 Business subscription, although the security and management benefits are available only to those users with devices managed with a Microsoft 365 Business subscription. - -Standardizing an IT environment serves to help reduce maintenance and security costs over time and is a state that businesses should strive to attain. However, we recognize that some small and medium size customers update their software primarily when they upgrade their hardware, over an extended period. Businesses can deploy Microsoft 365 Business to part of their organization, but for best protection of sensitive business data and consistent collaboration experiences, deployment to all users is recommended. - -### How can I know if the hardware and software I run today is compatible with Microsoft 365 Business? -If the hardware you run today runs Windows 7 Pro or later, it likely meets the minimum requirements for Microsoft 365 Business. Certain Windows 10 features such as Cortana, Windows Hello and multitouch require specific hardware that is only available on newer PCs. See the Windows 10 Pro system requirements for additional details. - -Existing desktop (Win32) application compatibility is strong in Windows 10, with most existing applications working without any changes. Customers and their trusted IT advisors should read the recommended application testing process for Windows 10 compatibility and review the Office system requirements to ensure a smooth transition to Microsoft 365 Business. - -### What is Windows 10 Business? -Windows 10 Business is a set of cloud-services and device management capabilities that complement Windows 10 Pro and enable the centralized management and security controls of Microsoft 365 Business. Windows 10 Business also comes with Windows AutoPilot, a service that streamlines the deployment of new Windows 10 PCs. If you have devices that are licensed for Windows 7, 8 and 8.1 Professional, Microsoft 365 Business provides an upgrade to Windows 10 Pro which is the prerequisite for deploying Windows 10 Business. - -### How does Microsoft 365 Business help support our Bring Your Own Device (BYOD) policy? -Many employees prefer to use their own mobile phones or tablets to access personal and work information rather than carrying multiple devices for each purpose. The use of personal devices for work, while commonplace, increases the risk that business information could end up in the wrong hands. Many competing mobile data protection solutions require users to switch to a specific mode on their device or use another complex mechanism that users may find intrusive and therefore avoid using. - -Microsoft 365 Business offers customers a simple but powerful means of enabling employees to use their personal devices for work while providing the business with the ability to prevent those devices from accessing, retaining and/or sharing business information. More specifically: -* **App Protection for Office mobile apps** helps protect Office data, including email, calendar, contacts, and documents on iOS and Android mobile devices, by enforcing policies such as automatically deleting business data after a prescribed amount of time of not connecting to the service, requiring that information is stored only to OneDrive for Business, requiring a PIN/fingerprint verification to access Office apps, and preventing company data from being copied from an Office app into personal apps. -* **Device Management for Windows 10 PCs** allows businesses to choose to set and enforce capabilities such as Windows Defender protection for malware, automatic updates, and turning off screens after a prescribed amount of time. In addition, lost or stolen Windows 10 devices can be completely wiped of business applications and data through the Admin center. - -### How does Microsoft 365 Business help protect PCs in my organization from malicious attacks? -PCs managed with Microsoft 365 Business are protected with Windows Defender, which is the No. 1 antivirus feature on Windows 10, protecting more computers against viruses, malware, spyware, and other threats than any other solution. With Microsoft 365 Business, businesses can ensure Windows Defender protection is running and always up to date on all their Windows 10 devices - -### What's the difference between Office 365 Business Premium, Microsoft 365 Business and Microsoft 365 Enterprise? -Microsoft has a variety of productivity and security management offerings that small to medium-sized customers may consider when upgrading their desktop and device infrastructure, each bringing increasingly powerful features and functionality. - -**Office 365 Business Premium** delivers best-in-class productivity with Office 365 apps and services but does not include the application protection and device management capabilities of Microsoft 365 Business. - -**Microsoft 365 Business** combines Office 365 apps and services with mobile application management and Windows 10 Pro to enable remote management and help protect devices against viruses and malware. It includes a simplified management console through which device and data policies may be administered. Many small to medium-sized businesses can be best served with Microsoft 365 Business, although those in highly regulated industries may require more advanced functionality provided by Microsoft 365 Enterprise plans (E3 and E5). - -**Microsoft 365 Enterprise** is a set of licensing plans that offer increased levels of mobility and security management over Microsoft 365 Business and are designed for enterprise customers and those customers that are required or regulated to provide the highest level of protection for their data. In addition, Microsoft 365 Business plans provide additional functionality including business intelligence and analytics tools. - -### Can I switch my Office 365 plan to Microsoft 365 Business? -Yes, customers may switch their plans from a qualifying Office 365 plan to Microsoft 365 Business. Depending on the customer’s current plan there may be a decrease or increase in monthly charges. - -### In what regions is Microsoft 365 Business available? -The Microsoft 365 Business will be available to all partners and customers where Office 365 is available. See the list of Office 365 international availability for languages, countries and regions. - -### Is there a Microsoft 365 Business trial I may use to evaluate the offer? -A Microsoft 365 Business trial will be available later this year both for direct customers and for CSPs. - -### What should customers and partners know before running Microsoft 365 Business within their organization? -Customers that wish to experience the complete capabilities of Microsoft 365 Business must be running Windows 7, 8.1 or 10 Pro[2](#footnote2) on their existing desktops. Customers who use on-premises Active Directory to enable login to PCs will switch devices over cloud identity and management as part of their deployment. Existing Windows 10 Pro PCs should be running Creators Update if they have not already done so. - -## Deployment - -### What should customers consider when planning a Microsoft 365 Business deployment? -The most direct path to a successful Microsoft 365 Business deployment is to engage with a Microsoft Partner. They have extensive training and experience with a wide variety of customer scenarios and are best equipped to understand your environment and needs. Customers that have experienced IT on staff can use the Microsoft 365 Business Getting Started to assist them in their Microsoft 365 Business deployment. - -### Does Microsoft 365 Business include the full capabilities of Microsoft Intune? -Microsoft 365 Business includes a robust set of mobile app management capabilities powered by Microsoft’s MDM solution (Microsoft Intune). These are a subset of features, specifically chosen to meet the needs of SMBs and organized to be easily managed via a simplified administration experience. If a company requires the full capabilities of Intune, they can purchase a qualifying plan separately. - -### Does Azure Active Directory P1 come with Microsoft 365 Business? -Microsoft 365 Business is built on technology from across Microsoft and while it shares some features with Azure Active Directory, it is not a full version. The security and management policies created in Microsoft 365 Business rely on some Azure functionality but does not include all features (e.g. selfservice features, conditional access features, and reporting). Customers may choose to purchase Azure Active Directory Premium as an add-on to Microsoft 365 Business. - -### Does Microsoft 365 Business allow customers to manage Macs? -The security and management capabilities of Microsoft 365 Business pertain to iOS and Android mobile and tablet devices, and Windows PCs. - -### What is Windows AutoPilot? -Windows AutoPilot is a service that streamlines the deployment of new Windows 10 PCs. This process can be done when the end-user logs on to Microsoft 365 Business for the first time—without IT ever touching the device—by leveraging centralized management controls of Microsoft 365 Business. You can also use Windows AutoPilot for existing PCs that are running Windows 10 Professional Creators Update (or later) and have been factory reset. Details about Windows AutoPilot can be found in this June blog post. - -## Compatibility - -### Can I add Office 365 add-ons to Microsoft 365 Business? -All the add-ons that can be added to Office 365 Business Premium can be added to Microsoft 365 Business. This means that you can purchase Advanced Threat Protection, Office 365 Cloud App Security, Advanced Compliance, Threat Intelligence, MyAnalytics, PowerBI Pro, and Audio Conferencing. - -### Can I add Phone System and Calling Plans to Microsoft 365 Business? -No, Phone System and Calling Plan are reserved for customers who have more advanced needs. Customers who require these capabilities should look at Microsoft 365 Enterprise offerings. - -### Can Microsoft 365 Business customers use Windows Defender Advanced Threat Protection? -No, customers that require Windows Defender Advanced Threat Protection need either Windows 10 Enterprise E5 or Microsoft 365 Enterprise E5. - -### Can I use Windows Information Protection with Microsoft 365 Business? -Yes, Windows Information Protection (WIP) is a feature of Windows 10 Pro and helps businesses prevent accidental leaks by restricting user and app access to business files based on policies you define. Your business data is protected no matter where it lives on your devices—without affecting your user experience. Microsoft 365 Business includes controls to ensure Windows Information Protection is properly configured and automatically deployed to end-user devices. - -### Can customers use Microsoft 365 Business with on-premises Active Directory? -To realize the full value of Windows 10, Windows 10 PCs need to be joined to Azure Active Directory. You may use Microsoft 365 Business with Windows 10 devices joined to on-premises Active Directory but it is not recommended because you won’t be able to enforce policies from the Microsoft 365 Business Admin console. - -### Can customers create hosted Windows 10 VMs with a Microsoft 365 Business subscription? -No, customers that require virtualization should purchase Windows 10 Enterprise or a Microsoft 365 Enterprise subscription. - -## Partner opportunity - -### Where can I learn more about the opportunities and benefits in becoming a Microsoft Partner? -IT service providers that are not already Microsoft partners can learn more about the Microsoft Cloud Solution Provider program at -[https://partners.office.com/microsoft365business](https://partners.office.com/microsoft365business). - -### Where can I learn how to sell Microsoft 365 Business? -Partners now selling Office 365 can use the same consultative selling methods to sell Microsoft 365 Business. In addition, we are introducing more resources and training for your sales team to understand the customers’ existing desktop environment, Active Directory reliance, mobility and security needs to effectively communicate the full value of Microsoft 365 Business in a way that is relevant to the customer. Find these resources on the Office Partner portal at [http://partners.office.com/microsoft365business](http://partners.office.com/microsoft365business). - -### How can Microsoft 365 Business help partners increase the profitability? -Microsoft 365 Business will help partners reduce costs through greater operational efficiencies and enhance revenue through the sale of additional services. The Forrester Research, Microsoft 365 Business Total Economic Impact (TEI) Study, June 2017 (https://partners.office.com/TEIBusiness), demonstrates that Microsoft 365 Business will have positive impact on partner profitability. - -In the TEI study partners reported that with Microsoft 365 Business they expect: - -- 20%-point increase in \[one-time\] deployment and advisory services revenue -- 10%-point increase in attach rate of managed services -- 8%-point increase in consulting and \[ongoing\] managed services profit margins (from lower costs) - -### What resources are available to partners to sell, deploy and support Microsoft 365 Business? -Microsoft provides a wide selection of resources for CSP partners to market, sell, and support Microsoft 365 Business. They can be found at -[https://partners.office.com/microsoft365business](https://partners.office.com/microsoft365business). - -### What up-sell opportunities does Microsoft 365 Business give partners? -Microsoft 365 Business allows partners to maintain their trusted advisor position with customers, by creating a solid and secure platform upon which to sell additional services and to upgrade existing products and services. Microsoft 365 Business provides an opportunity to have an upgrade discussion with customers now using Exchange Server, Exchange Online or Office 365 Business Essentials. Partners may also gain additional revenue from increased managed services and/or peruser support fees. - -With the new Windows AutoPilot feature included in Microsoft 365 Business, partners who have been reluctant to sell new Windows devices due to deployment logistics and costs will find this opportunity much more attractive. Customers who are confident in the security of their on-premise and mobile devices are also more likely to invest in additional services, such as Dynamics 365. - -### Should partners sell Microsoft 365 Business over other plans from Microsoft? -A Microsoft Cloud Solution Provider should always sell the plan that best suits its customer business needs and budget. For example, if a customer must comply with privacy and security regulations, a CSP may sell Microsoft 365 Business plus any add-ons that help the customer meet its requirements or may suggest the advanced security and management provided by Microsoft 365 Business E SKUs. - -### Some of my customers have devices that are not genuine; will Microsoft 365 Business make these devices genuine? -Microsoft 365 Business does not make an otherwise non-genuine version of Windows, genuine. Microsoft 365 Business does provide an upgrade benefit allowing those customers running genuine Windows 7, 8 or 8.1 Pro to upgrade to the most recent, genuine version of Windows 10 Pro. - -### What support is available to CSP partners for the Microsoft 365 Business Preview? -The same support channels available to CSP partners today (premier support and advanced support program) have been trained on Microsoft 365 Business and are ready to provide partners with support. - -### What is the GDPR and how does Microsoft 365 Business help customers with their compliance obligations? -The General Data Protection Regulation (GDPR) is a comprehensive new privacy law that gives residents of the European Union (EU) greater control over their “personal data” and requires organizations to maintain the integrity of that personal data. The GDPR requires organizations that control, or process personal data tied to EU residents to only use third-party data processors that meet the GDPR’s requirements for personal data processing. In March 2017, Microsoft made available contractual guarantees that provide these assurances. Customers that have questions about how Microsoft can help them meet their additional GDPR obligations should learn about the advanced compliance and security capabilities available as add-ons (e.g. Azure Information Protection) and in other Suites (e.g. Microsoft 365 Enterprise E5). To learn more, visit [www.microsoft.com/gdpr](https://www.microsoft.com/gdpr). - - - - -## Footnotes -**1** Available in US, UK, and Canada.
      -**2** Devices running Windows 7 or 8.1 Pro are eligible for an upgrade to Windows 10 Pro within the Microsoft 365 Business preview. - - - - diff --git a/bcs/support/transition-csp-subscription.md b/bcs/support/transition-csp-subscription.md deleted file mode 100644 index 7c15aa33b6..0000000000 --- a/bcs/support/transition-csp-subscription.md +++ /dev/null @@ -1,103 +0,0 @@ ---- -title: Transition a Microsoft 365 Business CSP subscription  -description: Find out how you can transition a Microsoft 365 Business CSP subscription from preview to GA.  -author: CelesteDG  -ms.author: celested  -ms.topic: article  -ms.prod: microsoft-365-business -ms.localizationpriority: high -audience: microsoft-business  -keywords: Microsoft 365 Business, Microsoft 365, SMB, transition CSP subscription -ms.date: 11/01/2017 ---- - -# Transition a Microsoft 365 Business CSP subscription - -If you have a Microsoft 365 Business Preview CSP subscription, follow this guide to find out how you can transition your existing preview subscription to Microsoft 365 Business GA (general availability). - -**How to transition a preview subscription to GA** - -1. Log in to Partner Center. -2. From the dashboard, select **Customers**, and then find and select the company name. - - The subscriptions for the company will be listed. - - ![Customer's subscriptions in Partner Center](images/pc_customer_subscriptions_1.png) - -3. In the company's **Subscriptions** page, select **Add subscription**. -4. In the **New subscription** page, select **Small business** and then select **Microsoft 365 Business** from the list. -5. Add the number of licenses and then select **Next: Review** to review the subscription and then select **Submit**. - - ![Review the new subscription to Microsoft 365 Business](images/pc_customer_reviewnewsubscription.png) - - The **License-based subscriptions** will show **Microsoft 365 Business Preview** and **Microsoft 365 Business**. You'll need to suspend the Preview subscription next. - -6. Select **Microsoft 365 Business Preview**. -7. In the **Microsoft 365 Business Preview** page, select **Suspended** to suspend the Preview subscription. - - ![Suspend the Microsoft 365 Business Preview subscription](images/pc_customer_m365bpreview_suspend.png) - -8. Select **Submit** to confirm. - - In the **Subscriptions** page, confirm that the **Microsoft 365 Business Preview** status shows **Suspended**. - - ![Confirm the Preview subscription status is suspended](images/pc_customer_m365bpreview_suspend_confirm.png) - -9. Optionally, you can also validate the license agreement. To do this, follow these steps: - 1. Select **Users and licenses** from the company's **Subscriptions** page. - 2. From the **Users and licenses** page, select a user. - 3. In the user's page, check the **Assign licenses** section and confirm that it shows **Microsoft 365 Business**. - - ![Confirm the Microsoft 365 Business license is assigned to the user](images/pc_customer_userslicenses_m365b_validate.png) - -## Impact to customers and users during and after transition - -There is no impact to customers and users during transition and post transition. - -## Impact to customers who don't transition - -The following table summarizes the impact to customers who don't transition from a Microsoft 365 Business Preview subscription to a Microsoft 365 Business subscription. - -| | T-0 to T+30 | T+30 to T+60 | T+60 to T+120 | Beyond T+120 | -|-------|-----------------|--------------|---------------|---------------| -| **State** | In grace period | Expired | Disabled | Deprovisioned | -| **Service impacts** | -| **Microsoft 365 Business admin portal** | No impact to functionality | No impact to functionality | Can add/delete users, purchase subscriptions.
      Cannot assign/revoke licenses. | Customer's subscription and all data is deleted. Admin can manage other paid subscriptions. | -| **Office apps** | No end user impact | No end user impact | Office enters reduced functionality mode.
      Users can view files only. | Office enters reduced functionality mode.
      Users can view files only. | -| **Cloud services (SharePoint Online, Exchange Online, Skype, Teams, and more)** | No end user impact | No end user impact | End users and admins have no access to data in the cloud. | Customer's subscription and all data are deleted. | -| **EM+S components** | No admin impact
      No end user impact | No admin impact
      No end user impact | Capability will cease to be enforced.
      See [Mobile device impacts upon subscription expiration](#mobile-device-impacts-upon-subscription-expiration) and [Windows 10 PC impacts upon subscription expiration](#windows-10-pc-impacts-upon-subscription-expiration) for more info. | Capability will cease to be enforced.
      See [Mobile device impacts upon subscription expiration](#mobile-device-impacts-upon-subscription-expiration) and [Windows 10 PC impacts upon subscription expiration](#windows-10-pc-impacts-upon-subscription-expiration) for more info. | -| **Windows 10 Business** | No admin impact
      No end user impact | No admin impact
      No end user impact | Capability will cease to be enforced.
      See [Mobile device impacts upon subscription expiration](#mobile-device-impacts-upon-subscription-expiration) and [Windows 10 PC impacts upon subscription expiration](#windows-10-pc-impacts-upon-subscription-expiration) for more info. | Capability will cease to be enforced.
      See [Mobile device impacts upon subscription expiration](#mobile-device-impacts-upon-subscription-expiration) and [Windows 10 PC impacts upon subscription expiration](#windows-10-pc-impacts-upon-subscription-expiration) for more info. | -| **Azure AD login to a Windows 10 PC** | No admin impact
      No end user impact | No admin impact
      No end user impact | No admin impact
      No end user impact | Once the tenant is deleted, a user can log in with local credentials only. Re-image the device if there are no local credentials. | - -## Mobile device impacts upon subscription expiration - -The followint table summarizes the impact to the app management policies on mobile devices. - -| | Fully licensed experience | T+60 days post expiration | -|----------------------------|------------------------------------------------|------------------------------------| -| **Delete work files from an inactive device** | Work files are removed after selected days | Work files remain on the user's personal devices | -| **Force users to save all work files to OneDrive for Business** | Work files can only be saved to OneDrive for Business | Work files can be saved anywhere | -| **Encrypt work files** | Work files are encrypted | Work files are no longer encrypted.
      Security policies are removed and Office data on apps is removed. | -| **Require PIN or fingerprint to access Office apps** | Restricted access to apps | No app-level access restriction | -| **Reset PIN when login fails** | Restricted access to apps | No app-level access restriction | -| **Require users to sign in again after Office apps have been idle** | Sign-in required | No sign-in required to access apps | -| **Deny access to work files on jailbroken or rooted devices** | Work files cannot be accessed on jailbroken/rooted devices | Work files can be accessed on jailbroken/rooted devices | -| **Allow users to copy content from Office apps to Personal apps** | Copy/paste restricted to apps available as part of Microsoft 365 Business subscription | Copy/paste available to all apps | - -## Windows 10 PC impacts upon subscription expiration - -The following table summarizes the impact to the Windows 10 device configuration policies. - -| | Fully licensed experience | T+60 days post expiration | -|----------------------------|------------------------------------------------|------------------------------------| -| **Help protect PCs from threats using Windows Defender** | Turn on/off is outside of user control | User may turn on/off Windows Defender on the Windows 10 PC | -| **Help protect PCs from web-based threats in Microsoft Edge** | PC protection in Microsoft Edge | User may turn on/off PC protection in Microsoft Edge | -| **Turn off device screen when idle** | Admin defines screen timeout interval policy | Screen timeout can be configured by end user | -| **Allow users to download apps from Microsoft Store** | Admin defines if a user can download apps from Microsoft Store | User can download apps from Microsoft Store anytime | -| **Allow users to access Cortana** | Admin defines policy on user access to Cortana | User devices to turn on/off Cortana | -| **Allow users to receive tips and advertisements from Microsoft** | Admin defines policy on user receive tips and advertisements from Microsoft | User may turn on/off tips and advertisements from Microsoft | -| **Allow users to copy content from Office apps into personal apps** | Admin defines policy to keep Windows 10 devices up-to-date | Users can decide when to update Windows | - - - - diff --git a/microsoft-365/TOC.md b/microsoft-365/TOC.md deleted file mode 100644 index 06913f7aef..0000000000 --- a/microsoft-365/TOC.md +++ /dev/null @@ -1 +0,0 @@ -# [Index](index.md) \ No newline at end of file diff --git a/microsoft-365/images/M365-education.svg b/microsoft-365/images/M365-education.svg deleted file mode 100644 index 7f83629296..0000000000 --- a/microsoft-365/images/M365-education.svg +++ /dev/null @@ -1,171 +0,0 @@ - - - - - M365-education - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/microsoft-365/index.md b/microsoft-365/index.md deleted file mode 100644 index 9249c650ec..0000000000 --- a/microsoft-365/index.md +++ /dev/null @@ -1,90 +0,0 @@ ---- -layout: HubPage -hide_bc: true -author: CelesteDG -ms.author: celested -ms.topic: hub-page -keywords: Microsoft 365, Microsoft 365 documentation, Microsoft 365 for business, Microsoft 365 for enterprise, Microsoft 365 for education, enterprise, business, education, docs, documentation -title: Microsoft 365 Documentation -description: Find documentation and resources for Microsoft 365--a complete, intelligent solution, including Office 365, Windows 10, and Enterprise Mobility + Security, that empowers everyone to be creative and work together, securely. -ms.date: 09/25/2017 ---- -

      \ No newline at end of file From a49ba96f14336222ec24366afea87b03f71827f0 Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Tue, 30 Jan 2018 17:31:28 +0000 Subject: [PATCH 043/109] Remove bcs-VSTS in .openpublishing.publish.config.json under master branch. --- .openpublishing.publish.config.json | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index 430506237d..7215ed2787 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -1,23 +1,6 @@ { "build_entry_point": "", "docsets_to_publish": [ - { - "docset_name": "bcs-VSTS", - "build_source_folder": "bcs", - "build_output_subfolder": "bcs-VSTS", - "locale": "en-us", - "monikers": [], - "open_to_public_contributors": false, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes", - "moniker_groups": [], - "version": 0 - }, { "docset_name": "education-VSTS", "build_source_folder": "education", From 18c7fcd5a8aa2ded1caea2948e68b7f2f669afc1 Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Tue, 30 Jan 2018 09:46:22 -0800 Subject: [PATCH 044/109] removing old files --- bcs/docfx.json | 47 ----------------------------------------------- 1 file changed, 47 deletions(-) delete mode 100644 bcs/docfx.json diff --git a/bcs/docfx.json b/bcs/docfx.json deleted file mode 100644 index aa19bbfd9b..0000000000 --- a/bcs/docfx.json +++ /dev/null @@ -1,47 +0,0 @@ -{ - "build": { - "content": [ - { - "files": [ - "**/*.md", - "**/**.yml" - ], - "exclude": [ - "**/obj/**", - "**/includes/**", - "README.md", - "LICENSE", - "LICENSE-CODE", - "ThirdPartyNotices" - ] - } - ], - "resource": [ - { - "files": [ - "**/*.png", - "**/*.svg", - "**/*.jpg", - "**/*.json" - ], - "exclude": [ - "**/obj/**", - "**/includes/**" - ] - } - ], - "overwrite": [], - "externalReference": [], - "globalMetadata": { - "breadcrumb_path": "/microsoft-365-business/breadcrumb/toc.json", - "_op_documentIdPathDepotMapping": { - "./": { - "depot_name": "TechNet.bcs" - } - } - }, - "fileMetadata": {}, - "template": [], - "dest": "bcs" - } -} \ No newline at end of file From 6b69ab689cd55ce95f2f8a894c9992c1121c0b0b Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 30 Jan 2018 10:10:42 -0800 Subject: [PATCH 045/109] comment out azure intune --- ...dpoints-mdm-windows-defender-advanced-threat-protection.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md index ad0296fcc4..79c6f6ae48 100644 --- a/windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md @@ -117,7 +117,7 @@ Configuration for onboarded machines: telemetry reporting frequency | ./Device/V >[!TIP] > After onboarding the endpoint, you can choose to run a detection test to verify that an endpoint is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md). - + ### Offboard and monitor endpoints For security reasons, the package used to offboard endpoints will expire 30 days after the date it was downloaded. Expired offboarding packages sent to an endpoint will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name. From 9c5f29dd739a0dc28d4e56c4af578347a0b55d51 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 30 Jan 2018 10:37:10 -0800 Subject: [PATCH 046/109] remove azure intune section --- ...ows-defender-advanced-threat-protection.md | 62 ------------------- 1 file changed, 62 deletions(-) diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md index 79c6f6ae48..78c2d9f2be 100644 --- a/windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md @@ -117,70 +117,8 @@ Configuration for onboarded machines: telemetry reporting frequency | ./Device/V >[!TIP] > After onboarding the endpoint, you can choose to run a detection test to verify that an endpoint is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md). - ### Offboard and monitor endpoints For security reasons, the package used to offboard endpoints will expire 30 days after the date it was downloaded. Expired offboarding packages sent to an endpoint will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name. From 2d2709379647cf5b6c746ae92a7117323f1f08ec Mon Sep 17 00:00:00 2001 From: Nicholas Brower Date: Tue, 30 Jan 2018 18:45:02 +0000 Subject: [PATCH 047/109] Merged PR 5589: changing policy tags used by automation to reduce footprint --- .../mdm/policy-csp-abovelock.md | 18 +- ...csp-accountpoliciesaccountlockoutpolicy.md | 18 +- .../mdm/policy-csp-accounts.md | 22 +- .../mdm/policy-csp-activexcontrols.md | 10 +- .../mdm/policy-csp-applicationdefaults.md | 10 +- .../mdm/policy-csp-applicationmanagement.md | 50 +- .../mdm/policy-csp-appvirtualization.md | 118 +-- .../mdm/policy-csp-attachmentmanager.md | 18 +- .../mdm/policy-csp-authentication.md | 26 +- .../mdm/policy-csp-autoplay.md | 18 +- .../mdm/policy-csp-bitlocker.md | 10 +- .../mdm/policy-csp-bluetooth.md | 26 +- .../mdm/policy-csp-browser.md | 158 +-- .../mdm/policy-csp-camera.md | 10 +- .../mdm/policy-csp-cellular.md | 26 +- .../mdm/policy-csp-connectivity.md | 62 +- .../mdm/policy-csp-controlpolicyconflict.md | 10 +- .../mdm/policy-csp-credentialproviders.md | 18 +- .../mdm/policy-csp-credentialsui.md | 14 +- .../mdm/policy-csp-cryptography.md | 14 +- .../mdm/policy-csp-dataprotection.md | 14 +- .../mdm/policy-csp-datausage.md | 14 +- .../mdm/policy-csp-defender.md | 146 +-- .../mdm/policy-csp-deliveryoptimization.md | 102 +- .../mdm/policy-csp-desktop.md | 10 +- .../mdm/policy-csp-deviceguard.md | 18 +- .../mdm/policy-csp-deviceinstallation.md | 14 +- .../mdm/policy-csp-devicelock.md | 74 +- .../mdm/policy-csp-display.md | 14 +- .../mdm/policy-csp-education.md | 18 +- .../mdm/policy-csp-enterprisecloudprint.md | 30 +- .../mdm/policy-csp-errorreporting.md | 26 +- .../mdm/policy-csp-eventlogservice.md | 22 +- .../mdm/policy-csp-experience.md | 90 +- .../mdm/policy-csp-exploitguard.md | 10 +- .../client-management/mdm/policy-csp-games.md | 10 +- .../mdm/policy-csp-handwriting.md | 10 +- .../mdm/policy-csp-internetexplorer.md | 978 +++++++++--------- .../mdm/policy-csp-kerberos.md | 26 +- .../mdm/policy-csp-kioskbrowser.md | 30 +- .../mdm/policy-csp-licensing.md | 14 +- ...policy-csp-localpoliciessecurityoptions.md | 226 ++-- .../mdm/policy-csp-location.md | 10 +- .../mdm/policy-csp-lockdown.md | 10 +- .../client-management/mdm/policy-csp-maps.md | 14 +- .../mdm/policy-csp-messaging.md | 18 +- .../mdm/policy-csp-networkisolation.md | 38 +- .../mdm/policy-csp-notifications.md | 10 +- .../client-management/mdm/policy-csp-power.md | 42 +- .../mdm/policy-csp-printers.md | 18 +- .../mdm/policy-csp-privacy.md | 314 +++--- .../mdm/policy-csp-remoteassistance.md | 22 +- .../mdm/policy-csp-remotedesktopservices.md | 30 +- .../mdm/policy-csp-remotemanagement.md | 66 +- .../mdm/policy-csp-remoteprocedurecall.md | 14 +- .../mdm/policy-csp-remoteshell.md | 34 +- .../mdm/policy-csp-search.md | 62 +- .../mdm/policy-csp-security.md | 50 +- .../mdm/policy-csp-settings.md | 62 +- .../mdm/policy-csp-smartscreen.md | 18 +- .../mdm/policy-csp-speech.md | 10 +- .../client-management/mdm/policy-csp-start.md | 122 +-- .../mdm/policy-csp-storage.md | 14 +- .../mdm/policy-csp-system.md | 66 +- .../mdm/policy-csp-systemservices.md | 30 +- .../mdm/policy-csp-taskscheduler.md | 10 +- .../mdm/policy-csp-textinput.md | 62 +- .../mdm/policy-csp-timelanguagesettings.md | 10 +- .../mdm/policy-csp-update.md | 198 ++-- .../mdm/policy-csp-userrights.md | 122 +-- .../client-management/mdm/policy-csp-wifi.md | 34 +- ...olicy-csp-windowsdefendersecuritycenter.md | 82 +- .../mdm/policy-csp-windowsinkworkspace.md | 14 +- .../mdm/policy-csp-windowslogon.md | 18 +- .../mdm/policy-csp-wirelessdisplay.md | 38 +- 75 files changed, 2107 insertions(+), 2107 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-abovelock.md b/windows/client-management/mdm/policy-csp-abovelock.md index 09bab6143a..bdcbc5f8c4 100644 --- a/windows/client-management/mdm/policy-csp-abovelock.md +++ b/windows/client-management/mdm/policy-csp-abovelock.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - AboveLock @@ -15,7 +15,7 @@ ms.date: 01/29/2018
      - + ## AboveLock policies
      @@ -33,7 +33,7 @@ ms.date: 01/29/2018
      - + **AboveLock/AllowActionCenterNotifications** @@ -84,11 +84,11 @@ The following list shows the supported values: - 1 (default) - Allowed. - +
      - + **AboveLock/AllowCortanaAboveLock** @@ -134,11 +134,11 @@ The following list shows the supported values: - 1 (default) - Allowed. - +
      - + **AboveLock/AllowToasts** @@ -186,7 +186,7 @@ The following list shows the supported values: - 1 (default) - Allowed. - +
      Footnote: @@ -195,5 +195,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-accountpoliciesaccountlockoutpolicy.md b/windows/client-management/mdm/policy-csp-accountpoliciesaccountlockoutpolicy.md index e74c715473..2d0549e77b 100644 --- a/windows/client-management/mdm/policy-csp-accountpoliciesaccountlockoutpolicy.md +++ b/windows/client-management/mdm/policy-csp-accountpoliciesaccountlockoutpolicy.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - AccountPoliciesAccountLockoutPolicy @@ -17,7 +17,7 @@ ms.date: 01/29/2018
      - + ## AccountPoliciesAccountLockoutPolicy policies
      @@ -35,7 +35,7 @@ ms.date: 01/29/2018
      - + **AccountPoliciesAccountLockoutPolicy/AccountLockoutDuration** @@ -78,11 +78,11 @@ If an account lockout threshold is defined, the account lockout duration must be Default: None, because this policy setting only has meaning when an Account lockout threshold is specified. - +
      - + **AccountPoliciesAccountLockoutPolicy/AccountLockoutThreshold** @@ -125,11 +125,11 @@ Failed password attempts against workstations or member servers that have been l Default: 0. - +
      - + **AccountPoliciesAccountLockoutPolicy/ResetAccountLockoutCounterAfter** @@ -172,7 +172,7 @@ If an account lockout threshold is defined, this reset time must be less than or Default: None, because this policy setting only has meaning when an Account lockout threshold is specified. - +
      Footnote: @@ -181,5 +181,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md index 14b5d262f0..0fb29f4870 100644 --- a/windows/client-management/mdm/policy-csp-accounts.md +++ b/windows/client-management/mdm/policy-csp-accounts.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Accounts @@ -15,7 +15,7 @@ ms.date: 01/29/2018
      - + ## Accounts policies
      @@ -36,7 +36,7 @@ ms.date: 01/29/2018
      - + **Accounts/AllowAddingNonMicrosoftAccountsManually** @@ -87,11 +87,11 @@ The following list shows the supported values: - 1 (default) - Allowed. - +
      - + **Accounts/AllowMicrosoftAccountConnection** @@ -139,11 +139,11 @@ The following list shows the supported values: - 1 (default) - Allowed. - +
      - + **Accounts/AllowMicrosoftAccountSignInAssistant** @@ -189,11 +189,11 @@ The following list shows the supported values: - 1 (default) - Manual start. - +
      - + **Accounts/DomainNamesForEmailSync** @@ -236,7 +236,7 @@ The data type is a string. The default value is an empty string, which allows all email accounts on the device to sync email. Otherwise, the string should contain a pipe-separated list of domains that are allowed to sync email on the device. For example, "contoso.com|fabrikam.net|woodgrove.gov". - +
      Footnote: @@ -245,7 +245,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + ## Accounts policies supported by Windows Holographic for Business diff --git a/windows/client-management/mdm/policy-csp-activexcontrols.md b/windows/client-management/mdm/policy-csp-activexcontrols.md index 6b16327ccb..4bea893b54 100644 --- a/windows/client-management/mdm/policy-csp-activexcontrols.md +++ b/windows/client-management/mdm/policy-csp-activexcontrols.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - ActiveXControls @@ -15,7 +15,7 @@ ms.date: 01/29/2018
      - + ## ActiveXControls policies
      @@ -27,7 +27,7 @@ ms.date: 01/29/2018
      - + **ActiveXControls/ApprovedInstallationSites** @@ -87,7 +87,7 @@ ADMX Info: - GP ADMX file name: *ActiveXInstallService.admx* - +
      Footnote: @@ -96,5 +96,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md index 2889bb4f2a..0e45ce047c 100644 --- a/windows/client-management/mdm/policy-csp-applicationdefaults.md +++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - ApplicationDefaults @@ -15,7 +15,7 @@ ms.date: 01/29/2018
      - + ## ApplicationDefaults policies
      @@ -27,7 +27,7 @@ ms.date: 01/29/2018
      - + **ApplicationDefaults/DefaultAssociationsConfiguration** @@ -122,7 +122,7 @@ Here is the SyncMl example: ``` - +
      Footnote: @@ -131,5 +131,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md index 1ca01c5a3f..9ee5181bd2 100644 --- a/windows/client-management/mdm/policy-csp-applicationmanagement.md +++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - ApplicationManagement @@ -15,7 +15,7 @@ ms.date: 01/29/2018
      - + ## ApplicationManagement policies
      @@ -57,7 +57,7 @@ ms.date: 01/29/2018
      - + **ApplicationManagement/AllowAllTrustedApps** @@ -106,11 +106,11 @@ The following list shows the supported values: - 65535 (default) - Not configured. - +
      - + **ApplicationManagement/AllowAppStoreAutoUpdate** @@ -159,11 +159,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
      - + **ApplicationManagement/AllowDeveloperUnlock** @@ -212,11 +212,11 @@ The following list shows the supported values: - 65535 (default) - Not configured. - +
      - + **ApplicationManagement/AllowGameDVR** @@ -267,11 +267,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
      - + **ApplicationManagement/AllowSharedUserAppData** @@ -319,11 +319,11 @@ The following list shows the supported values: - 1 – Allowed. - +
      - + **ApplicationManagement/AllowStore** @@ -371,11 +371,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
      - + **ApplicationManagement/ApplicationRestrictions** @@ -436,11 +436,11 @@ Value type is chr. Value evaluation rule - The information for PolicyManager is opaque. There is no most restricted value evaluation. Whenever there is a change to the value, the device parses the node value and enforces specified policies. - +
      - + **ApplicationManagement/DisableStoreOriginatedApps** @@ -486,11 +486,11 @@ The following list shows the supported values: - 1 – Disable launch of apps. - +
      - + **ApplicationManagement/RequirePrivateStoreOnly** @@ -539,11 +539,11 @@ The following list shows the supported values: - 1 – Only Private store is enabled. - +
      - + **ApplicationManagement/RestrictAppDataToSystemVolume** @@ -591,11 +591,11 @@ The following list shows the supported values: - 1 – Restricted. - +
      - + **ApplicationManagement/RestrictAppToSystemVolume** @@ -643,7 +643,7 @@ The following list shows the supported values: - 1 – Restricted. - +
      Footnote: @@ -652,7 +652,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + ## ApplicationManagement policies supported by Windows Holographic for Business diff --git a/windows/client-management/mdm/policy-csp-appvirtualization.md b/windows/client-management/mdm/policy-csp-appvirtualization.md index f1bfd67657..5ec36f8881 100644 --- a/windows/client-management/mdm/policy-csp-appvirtualization.md +++ b/windows/client-management/mdm/policy-csp-appvirtualization.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - AppVirtualization @@ -15,7 +15,7 @@ ms.date: 01/29/2018
      - + ## AppVirtualization policies
      @@ -108,7 +108,7 @@ ms.date: 01/29/2018
      - + **AppVirtualization/AllowAppVClient** @@ -162,11 +162,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
      - + **AppVirtualization/AllowDynamicVirtualization** @@ -220,11 +220,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
      - + **AppVirtualization/AllowPackageCleanup** @@ -278,11 +278,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
      - + **AppVirtualization/AllowPackageScripts** @@ -336,11 +336,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
      - + **AppVirtualization/AllowPublishingRefreshUX** @@ -394,11 +394,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
      - + **AppVirtualization/AllowReportingServer** @@ -462,11 +462,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
      - + **AppVirtualization/AllowRoamingFileExclusions** @@ -520,11 +520,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
      - + **AppVirtualization/AllowRoamingRegistryExclusions** @@ -578,11 +578,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
      - + **AppVirtualization/AllowStreamingAutoload** @@ -636,11 +636,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
      - + **AppVirtualization/ClientCoexistenceAllowMigrationmode** @@ -694,11 +694,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
      - + **AppVirtualization/IntegrationAllowRootGlobal** @@ -752,11 +752,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
      - + **AppVirtualization/IntegrationAllowRootUser** @@ -810,11 +810,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
      - + **AppVirtualization/PublishingAllowServer1** @@ -886,11 +886,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
      - + **AppVirtualization/PublishingAllowServer2** @@ -962,11 +962,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
      - + **AppVirtualization/PublishingAllowServer3** @@ -1038,11 +1038,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
      - + **AppVirtualization/PublishingAllowServer4** @@ -1114,11 +1114,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
      - + **AppVirtualization/PublishingAllowServer5** @@ -1190,11 +1190,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
      - + **AppVirtualization/StreamingAllowCertificateFilterForClient_SSL** @@ -1248,11 +1248,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
      - + **AppVirtualization/StreamingAllowHighCostLaunch** @@ -1306,11 +1306,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
      - + **AppVirtualization/StreamingAllowLocationProvider** @@ -1364,11 +1364,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
      - + **AppVirtualization/StreamingAllowPackageInstallationRoot** @@ -1422,11 +1422,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
      - + **AppVirtualization/StreamingAllowPackageSourceRoot** @@ -1480,11 +1480,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
      - + **AppVirtualization/StreamingAllowReestablishmentInterval** @@ -1538,11 +1538,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
      - + **AppVirtualization/StreamingAllowReestablishmentRetries** @@ -1596,11 +1596,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
      - + **AppVirtualization/StreamingSharedContentStoreMode** @@ -1654,11 +1654,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
      - + **AppVirtualization/StreamingSupportBranchCache** @@ -1712,11 +1712,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
      - + **AppVirtualization/StreamingVerifyCertificateRevocationList** @@ -1770,11 +1770,11 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
      - + **AppVirtualization/VirtualComponentsAllowList** @@ -1828,7 +1828,7 @@ ADMX Info: - GP ADMX file name: *appv.admx* - +
      Footnote: @@ -1837,5 +1837,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-attachmentmanager.md b/windows/client-management/mdm/policy-csp-attachmentmanager.md index b23d0fec1c..3cd9a8202d 100644 --- a/windows/client-management/mdm/policy-csp-attachmentmanager.md +++ b/windows/client-management/mdm/policy-csp-attachmentmanager.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - AttachmentManager @@ -15,7 +15,7 @@ ms.date: 01/29/2018
      - + ## AttachmentManager policies
      @@ -33,7 +33,7 @@ ms.date: 01/29/2018
      - + **AttachmentManager/DoNotPreserveZoneInformation** @@ -93,11 +93,11 @@ ADMX Info: - GP ADMX file name: *AttachmentManager.admx* - +
      - + **AttachmentManager/HideZoneInfoMechanism** @@ -157,11 +157,11 @@ ADMX Info: - GP ADMX file name: *AttachmentManager.admx* - +
      - + **AttachmentManager/NotifyAntivirusPrograms** @@ -221,7 +221,7 @@ ADMX Info: - GP ADMX file name: *AttachmentManager.admx* - +
      Footnote: @@ -230,5 +230,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md index 6755d07861..881ae7ff19 100644 --- a/windows/client-management/mdm/policy-csp-authentication.md +++ b/windows/client-management/mdm/policy-csp-authentication.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Authentication @@ -15,7 +15,7 @@ ms.date: 01/29/2018
      - + ## Authentication policies
      @@ -39,7 +39,7 @@ ms.date: 01/29/2018
      - + **Authentication/AllowAadPasswordReset** @@ -85,11 +85,11 @@ The following list shows the supported values: - 1 – Allowed. - +
      - + **Authentication/AllowEAPCertSSO** @@ -135,11 +135,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
      - + **Authentication/AllowFastReconnect** @@ -187,11 +187,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
      - + **Authentication/AllowFidoDeviceSignon** @@ -241,11 +241,11 @@ The following list shows the supported values: - 1 - Allow. The FIDO device credential provider is enabled and allows usage of FIDO devices to sign into an Windows. - +
      - + **Authentication/AllowSecondaryAuthenticationDevice** @@ -293,7 +293,7 @@ The following list shows the supported values: - 1 – Allowed. - +
      Footnote: @@ -302,7 +302,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + ## Authentication policies supported by Windows Holographic for Business diff --git a/windows/client-management/mdm/policy-csp-autoplay.md b/windows/client-management/mdm/policy-csp-autoplay.md index 1691a0fce0..ea02a39c19 100644 --- a/windows/client-management/mdm/policy-csp-autoplay.md +++ b/windows/client-management/mdm/policy-csp-autoplay.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Autoplay @@ -15,7 +15,7 @@ ms.date: 01/29/2018
      - + ## Autoplay policies
      @@ -33,7 +33,7 @@ ms.date: 01/29/2018
      - + **Autoplay/DisallowAutoplayForNonVolumeDevices** @@ -92,11 +92,11 @@ ADMX Info: - GP ADMX file name: *AutoPlay.admx* - +
      - + **Autoplay/SetDefaultAutoRunBehavior** @@ -164,11 +164,11 @@ ADMX Info: - GP ADMX file name: *AutoPlay.admx* - +
      - + **Autoplay/TurnOffAutoPlay** @@ -237,7 +237,7 @@ ADMX Info: - GP ADMX file name: *AutoPlay.admx* - +
      Footnote: @@ -246,5 +246,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-bitlocker.md b/windows/client-management/mdm/policy-csp-bitlocker.md index 35eb61f9df..852a915bac 100644 --- a/windows/client-management/mdm/policy-csp-bitlocker.md +++ b/windows/client-management/mdm/policy-csp-bitlocker.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Bitlocker @@ -15,7 +15,7 @@ ms.date: 01/29/2018
      - + ## Bitlocker policies
      @@ -27,7 +27,7 @@ ms.date: 01/29/2018
      - + **Bitlocker/EncryptionMethod** @@ -106,7 +106,7 @@ The following list shows the supported values: - 7 - XTS-AES 256-bit (Desktop only) - +
      Footnote: @@ -115,5 +115,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md index dc992781e7..3a6b797bf3 100644 --- a/windows/client-management/mdm/policy-csp-bluetooth.md +++ b/windows/client-management/mdm/policy-csp-bluetooth.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Bluetooth @@ -15,7 +15,7 @@ ms.date: 01/29/2018
      - + ## Bluetooth policies
      @@ -39,7 +39,7 @@ ms.date: 01/29/2018
      - + **Bluetooth/AllowAdvertising** @@ -89,11 +89,11 @@ The following list shows the supported values: - 1 (default) – Allowed. When set to 1, the device will send out advertisements. To verify, use any Bluetooth LE app and enable it to do advertising. Then, verify that the advertisement is received by the peripheral. - +
      - + **Bluetooth/AllowDiscoverableMode** @@ -143,11 +143,11 @@ The following list shows the supported values: - 1 (default) – Allowed. When set to 1, other devices will be able to detect the device. To verify, open the Bluetooth control panel on the device. Then, go to another Bluetooth-enabled device, open the Bluetooth control panel and verify that you can discover it. - +
      - + **Bluetooth/AllowPrepairing** @@ -193,11 +193,11 @@ The following list shows the supported values: - 1 (default)– Allowed. - +
      - + **Bluetooth/LocalDeviceName** @@ -240,11 +240,11 @@ If this is set, the value that it is set to will be used as the Bluetooth device If this policy is not set or it is deleted, the default local radio name is used. - +
      - + **Bluetooth/ServicesAllowedList** @@ -285,7 +285,7 @@ Set a list of allowable services and profiles. String hex formatted array of Blu The default value is an empty string. - +
      Footnote: @@ -294,7 +294,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + ## Bluetooth policies supported by Windows Holographic for Business diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md index 51ca199a31..0e9aaf6db6 100644 --- a/windows/client-management/mdm/policy-csp-browser.md +++ b/windows/client-management/mdm/policy-csp-browser.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Browser @@ -17,7 +17,7 @@ ms.date: 01/29/2018
      - + ## Browser policies
      @@ -140,7 +140,7 @@ ms.date: 01/29/2018
      - + **Browser/AllowAddressBarDropdown** @@ -192,11 +192,11 @@ The following list shows the supported values: - 1 (default) – Allowed. Address bar drop-down is enabled. - +
      - + **Browser/AllowAutofill** @@ -254,11 +254,11 @@ To verify AllowAutofill is set to 0 (not allowed): 4. Verify the setting **Save form entries** is greyed out. - +
      - + **Browser/AllowBrowser** @@ -313,11 +313,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
      - + **Browser/AllowCookies** @@ -376,11 +376,11 @@ To verify AllowCookies is set to 0 (not allowed): 4. Verify the setting **Cookies** is greyed out. - +
      - + **Browser/AllowDeveloperTools** @@ -433,11 +433,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
      - + **Browser/AllowDoNotTrack** @@ -495,11 +495,11 @@ To verify AllowDoNotTrack is set to 0 (not allowed): 4. Verify the setting **Send Do Not Track requests** is greyed out. - +
      - + **Browser/AllowExtensions** @@ -546,11 +546,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
      - + **Browser/AllowFlash** @@ -597,11 +597,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
      - + **Browser/AllowFlashClickToRun** @@ -648,11 +648,11 @@ The following list shows the supported values: - 1 (default) – Users must click the content, click a Click-to-Run button, or have the site appear on an auto-allow list before Microsoft Edge loads and runs Adobe Flash content. - +
      - + **Browser/AllowInPrivate** @@ -701,11 +701,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
      - + **Browser/AllowMicrosoftCompatibilityList** @@ -757,11 +757,11 @@ The following list shows the supported values: - 1 (default) – Enabled. - +
      - + **Browser/AllowPasswordManager** @@ -819,11 +819,11 @@ To verify AllowPasswordManager is set to 0 (not allowed): 4. Verify the settings **Offer to save password** and **Manage my saved passwords** are greyed out. - +
      - + **Browser/AllowPopups** @@ -881,11 +881,11 @@ To verify AllowPopups is set to 0 (not allowed): 4. Verify the setting **Block pop-ups** is greyed out. - +
      - + **Browser/AllowSearchEngineCustomization** @@ -936,11 +936,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
      - + **Browser/AllowSearchSuggestionsinAddressBar** @@ -989,11 +989,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
      - + **Browser/AllowSmartScreen** @@ -1051,11 +1051,11 @@ To verify AllowSmartScreen is set to 0 (not allowed): 4. Verify the setting **Help protect me from malicious sites and download with SmartScreen Filter** is greyed out. - +
      - + **Browser/AlwaysEnableBooksLibrary** @@ -1102,11 +1102,11 @@ The following list shows the supported values: - 1 - Enable. Always show the Books Library, regardless of countries or region of activation. - +
      - + **Browser/ClearBrowsingDataOnExit** @@ -1163,11 +1163,11 @@ To verify that browsing data is cleared on exit (ClearBrowsingDataOnExit is set 3. Open Microsoft Edge and start typing the same URL in address bar. Verify that it does not auto-complete from history. - +
      - + **Browser/ConfigureAdditionalSearchEngines** @@ -1225,11 +1225,11 @@ The following list shows the supported values: - 1 – Additional search engines are allowed. - +
      - + **Browser/DisableLockdownOfStartPages** @@ -1284,11 +1284,11 @@ The following list shows the supported values: - 1 – Disable lockdown of the Start pages and allow users to modify them. - +
      - + **Browser/EnableExtendedBooksTelemetry** @@ -1337,11 +1337,11 @@ The following list shows the supported values: - 1 - Enable. Additional telemetry for schools. - +
      - + **Browser/EnterpriseModeSiteList** @@ -1392,11 +1392,11 @@ The following list shows the supported values: - Set to a URL location of the enterprise site list. - +
      - + **Browser/EnterpriseSiteListServiceUrl** @@ -1437,11 +1437,11 @@ The following list shows the supported values: > This policy (introduced in Windows 10, version 1507) was deprecated in Windows 10, version 1511 by [Browser/EnterpriseModeSiteList](#browser-enterprisemodesitelist). - +
      - + **Browser/FirstRunURL** @@ -1489,11 +1489,11 @@ The data type is a string. The default value is an empty string. Otherwise, the string should contain the URL of the webpage users will see the first time Microsoft Edge is run. For example, “contoso.com”. - +
      - + **Browser/HomePages** @@ -1543,11 +1543,11 @@ Starting in Windows 10, version 1703, if you don’t want to send traffic to Mi > Turning this setting off, or not configuring it, sets your default Start pages to the webpages specified in App settings. - +
      - + **Browser/LockdownFavorites** @@ -1603,11 +1603,11 @@ The following list shows the supported values: - 1 - Enabled. Lockdown Favorites. - +
      - + **Browser/PreventAccessToAboutFlagsInMicrosoftEdge** @@ -1654,11 +1654,11 @@ The following list shows the supported values: - 1 – Users can't access the about:flags page in Microsoft Edge. - +
      - + **Browser/PreventFirstRunPage** @@ -1707,11 +1707,11 @@ The following list shows the supported values: - 1 – Employees don't see the First Run webpage. - +
      - + **Browser/PreventLiveTileDataCollection** @@ -1760,11 +1760,11 @@ The following list shows the supported values: - 1 – Microsoft servers will not be contacted if a site is pinned to Start from Microsoft Edge. - +
      - + **Browser/PreventSmartScreenPromptOverride** @@ -1813,11 +1813,11 @@ The following list shows the supported values: - 1 – On. - +
      - + **Browser/PreventSmartScreenPromptOverrideForFiles** @@ -1864,11 +1864,11 @@ The following list shows the supported values: - 1 – On. - +
      - + **Browser/PreventUsingLocalHostIPAddressForWebRTC** @@ -1919,11 +1919,11 @@ The following list shows the supported values: - 1 – The localhost IP address is hidden. - +
      - + **Browser/ProvisionFavorites** @@ -1976,11 +1976,11 @@ If you disable or don't configure this setting, employees will see the favorites Data type is string. - +
      - + **Browser/SendIntranetTraffictoInternetExplorer** @@ -2033,11 +2033,11 @@ The following list shows the supported values: - 1 – Intranet traffic is sent to Microsoft Edge. - +
      - + **Browser/SetDefaultSearchEngine** @@ -2094,11 +2094,11 @@ The following list shows the supported values: - 1 - Allows you to configure the default search engine for your employees. - +
      - + **Browser/ShowMessageWhenOpeningSitesInInternetExplorer** @@ -2151,11 +2151,11 @@ The following list shows the supported values: - 1 – Interstitial pages are shown. - +
      - + **Browser/SyncFavoritesBetweenIEAndMicrosoftEdge** @@ -2217,11 +2217,11 @@ To verify that favorites are in synchronized between Internet Explorer and Micro
    - +
    - + **Browser/UseSharedFolderForBooks** @@ -2268,7 +2268,7 @@ The following list shows the supported values: - 1 - Use a shared folder. - +
    Footnote: @@ -2277,7 +2277,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + ## Browser policies that can be set using Exchange Active Sync (EAS) diff --git a/windows/client-management/mdm/policy-csp-camera.md b/windows/client-management/mdm/policy-csp-camera.md index fc227b1f17..635f9d4118 100644 --- a/windows/client-management/mdm/policy-csp-camera.md +++ b/windows/client-management/mdm/policy-csp-camera.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Camera @@ -15,7 +15,7 @@ ms.date: 01/29/2018
    - + ## Camera policies
    @@ -27,7 +27,7 @@ ms.date: 01/29/2018
    - + **Camera/AllowCamera** @@ -75,7 +75,7 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    Footnote: @@ -84,7 +84,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + ## Camera policies that can be set using Exchange Active Sync (EAS) diff --git a/windows/client-management/mdm/policy-csp-cellular.md b/windows/client-management/mdm/policy-csp-cellular.md index db8f20499e..33931f6aa7 100644 --- a/windows/client-management/mdm/policy-csp-cellular.md +++ b/windows/client-management/mdm/policy-csp-cellular.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Cellular @@ -15,7 +15,7 @@ ms.date: 01/29/2018
    - + ## Cellular policies
    @@ -39,7 +39,7 @@ ms.date: 01/29/2018
    - + **Cellular/LetAppsAccessCellularData** @@ -98,11 +98,11 @@ The following list shows the supported values: - 2 - Force Deny - +
    - + **Cellular/LetAppsAccessCellularData_ForceAllowTheseApps** @@ -141,11 +141,11 @@ The following list shows the supported values: Added in Windows 10, version 1709. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. Value type is string. - +
    - + **Cellular/LetAppsAccessCellularData_ForceDenyTheseApps** @@ -184,11 +184,11 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N Added in Windows 10, version 1709. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. Value type is string. - +
    - + **Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps** @@ -227,11 +227,11 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N Added in Windows 10, version 1709. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the cellular data access setting for the listed apps. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. Value type is string. - +
    - + **Cellular/ShowAppCellularAccessUI** @@ -294,7 +294,7 @@ ADMX Info: - GP ADMX file name: *wwansvc.admx* - +
    Footnote: @@ -303,7 +303,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + ## Cellular policies that can be set using Exchange Active Sync (EAS) diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md index c4e91457b4..df9e662f31 100644 --- a/windows/client-management/mdm/policy-csp-connectivity.md +++ b/windows/client-management/mdm/policy-csp-connectivity.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Connectivity @@ -15,7 +15,7 @@ ms.date: 01/29/2018
    - + ## Connectivity policies
    @@ -66,7 +66,7 @@ ms.date: 01/29/2018
    - + **Connectivity/AllowBluetooth** @@ -120,11 +120,11 @@ The following list shows the supported values: - 2 (default) – Allow Bluetooth. If this is set to 2, the radio in the Bluetooth control panel will be functional and the user will be able to turn Bluetooth on. - +
    - + **Connectivity/AllowCellularData** @@ -171,11 +171,11 @@ The following list shows the supported values: - 2 - Allow the cellular data channel. The user cannot turn it off. - +
    - + **Connectivity/AllowCellularDataRoaming** @@ -234,11 +234,11 @@ To validate on mobile devices, do the following: 3. On the Properties page, select **Data roaming options**. - +
    - + **Connectivity/AllowConnectedDevices** @@ -287,11 +287,11 @@ The following list shows the supported values: - 0 - Disable (CDP service not available). - +
    - + **Connectivity/AllowNFC** @@ -343,11 +343,11 @@ The following list shows the supported values: - 1 (default) – Allow NFC capabilities. - +
    - + **Connectivity/AllowUSBConnection** @@ -401,11 +401,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **Connectivity/AllowVPNOverCellular** @@ -453,11 +453,11 @@ The following list shows the supported values: - 1 (default) – VPN can use any connection, including cellular. - +
    - + **Connectivity/AllowVPNRoamingOverCellular** @@ -505,11 +505,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **Connectivity/DiablePrintingOverHTTP** @@ -562,11 +562,11 @@ ADMX Info: - GP ADMX file name: *ICM.admx* - +
    - + **Connectivity/DisableDownloadingOfPrintDriversOverHTTP** @@ -619,11 +619,11 @@ ADMX Info: - GP ADMX file name: *ICM.admx* - +
    - + **Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards** @@ -676,11 +676,11 @@ ADMX Info: - GP ADMX file name: *ICM.admx* - +
    - + **Connectivity/DisallowNetworkConnectivityActiveTests** @@ -721,11 +721,11 @@ Added in Windows 10, version 1703. Network Connection Status Indicator (NCSI) de Value type is integer. - +
    - + **Connectivity/HardenedUNCPaths** @@ -781,11 +781,11 @@ ADMX Info: - GP ADMX file name: *networkprovider.admx* - +
    - + **Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge** @@ -838,7 +838,7 @@ ADMX Info: - GP ADMX file name: *NetworkConnections.admx* - +
    Footnote: @@ -847,7 +847,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + ## Connectivity policies that can be set using Exchange Active Sync (EAS) diff --git a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md index 421980c7b1..d4124e950a 100644 --- a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md +++ b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - ControlPolicyConflict @@ -17,7 +17,7 @@ ms.date: 01/29/2018
    - + ## ControlPolicyConflict policies
    @@ -29,7 +29,7 @@ ms.date: 01/29/2018
    - + **ControlPolicyConflict/MDMWinsOverGP** @@ -83,7 +83,7 @@ The following list shows the supported values: - 1 - The MDM policy is used and the GP policy is blocked. - +
    Footnote: @@ -92,5 +92,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-credentialproviders.md b/windows/client-management/mdm/policy-csp-credentialproviders.md index 20a5e4fc8d..8994842055 100644 --- a/windows/client-management/mdm/policy-csp-credentialproviders.md +++ b/windows/client-management/mdm/policy-csp-credentialproviders.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - CredentialProviders @@ -15,7 +15,7 @@ ms.date: 01/29/2018
    - + ## CredentialProviders policies
    @@ -33,7 +33,7 @@ ms.date: 01/29/2018
    - + **CredentialProviders/AllowPINLogon** @@ -95,11 +95,11 @@ ADMX Info: - GP ADMX file name: *credentialproviders.admx* - +
    - + **CredentialProviders/BlockPicturePassword** @@ -159,11 +159,11 @@ ADMX Info: - GP ADMX file name: *credentialproviders.admx* - +
    - + **CredentialProviders/DisableAutomaticReDeploymentCredentials** @@ -211,7 +211,7 @@ The following list shows the supported values: - 1 - Disable visibility of the credentials for Windows 10 Automatic ReDeployment - +
    Footnote: @@ -220,7 +220,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + ## CredentialProviders policies supported by IoT Core diff --git a/windows/client-management/mdm/policy-csp-credentialsui.md b/windows/client-management/mdm/policy-csp-credentialsui.md index 29395b9209..869f016e13 100644 --- a/windows/client-management/mdm/policy-csp-credentialsui.md +++ b/windows/client-management/mdm/policy-csp-credentialsui.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - CredentialsUI @@ -15,7 +15,7 @@ ms.date: 01/29/2018
    - + ## CredentialsUI policies
    @@ -30,7 +30,7 @@ ms.date: 01/29/2018
    - + **CredentialsUI/DisablePasswordReveal** @@ -93,11 +93,11 @@ ADMX Info: - GP ADMX file name: *credui.admx* - +
    - + **CredentialsUI/EnumerateAdministrators** @@ -155,7 +155,7 @@ ADMX Info: - GP ADMX file name: *credui.admx* - +
    Footnote: @@ -164,5 +164,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-cryptography.md b/windows/client-management/mdm/policy-csp-cryptography.md index 2957dd9d77..81023d5fdd 100644 --- a/windows/client-management/mdm/policy-csp-cryptography.md +++ b/windows/client-management/mdm/policy-csp-cryptography.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Cryptography @@ -15,7 +15,7 @@ ms.date: 01/29/2018
    - + ## Cryptography policies
    @@ -30,7 +30,7 @@ ms.date: 01/29/2018
    - + **Cryptography/AllowFipsAlgorithmPolicy** @@ -76,11 +76,11 @@ The following list shows the supported values: - 1– Allowed. - +
    - + **Cryptography/TLSCipherSuites** @@ -119,7 +119,7 @@ The following list shows the supported values: Lists the Cryptographic Cipher Algorithms allowed for SSL connections. Format is a semicolon delimited list. Last write win. - +
    Footnote: @@ -128,7 +128,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + ## Cryptography policies supported by Microsoft Surface Hub diff --git a/windows/client-management/mdm/policy-csp-dataprotection.md b/windows/client-management/mdm/policy-csp-dataprotection.md index 0a497016a1..1563402e93 100644 --- a/windows/client-management/mdm/policy-csp-dataprotection.md +++ b/windows/client-management/mdm/policy-csp-dataprotection.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - DataProtection @@ -15,7 +15,7 @@ ms.date: 01/29/2018
    - + ## DataProtection policies
    @@ -30,7 +30,7 @@ ms.date: 01/29/2018
    - + **DataProtection/AllowDirectMemoryAccess** @@ -78,11 +78,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **DataProtection/LegacySelectiveWipeID** @@ -128,7 +128,7 @@ Setting used by Windows 8.1 Selective Wipe. > This policy is not recommended for use in Windows 10. - +
    Footnote: @@ -137,7 +137,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + ## DataProtection policies supported by IoT Core diff --git a/windows/client-management/mdm/policy-csp-datausage.md b/windows/client-management/mdm/policy-csp-datausage.md index 736ad17532..9d64360b36 100644 --- a/windows/client-management/mdm/policy-csp-datausage.md +++ b/windows/client-management/mdm/policy-csp-datausage.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - DataUsage @@ -15,7 +15,7 @@ ms.date: 01/29/2018
    - + ## DataUsage policies
    @@ -30,7 +30,7 @@ ms.date: 01/29/2018
    - + **DataUsage/SetCost3G** @@ -94,11 +94,11 @@ ADMX Info: - GP ADMX file name: *wwansvc.admx* - +
    - + **DataUsage/SetCost4G** @@ -162,7 +162,7 @@ ADMX Info: - GP ADMX file name: *wwansvc.admx* - +
    Footnote: @@ -171,5 +171,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index bcd17f7911..6dcfb31902 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Defender @@ -15,7 +15,7 @@ ms.date: 01/29/2018
    - + ## Defender policies
    @@ -129,7 +129,7 @@ ms.date: 01/29/2018
    - + **Defender/AllowArchiveScanning** @@ -179,11 +179,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **Defender/AllowBehaviorMonitoring** @@ -233,11 +233,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **Defender/AllowCloudProtection** @@ -287,11 +287,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **Defender/AllowEmailScanning** @@ -341,11 +341,11 @@ The following list shows the supported values: - 1 – Allowed. - +
    - + **Defender/AllowFullScanOnMappedNetworkDrives** @@ -395,11 +395,11 @@ The following list shows the supported values: - 1 – Allowed. - +
    - + **Defender/AllowFullScanRemovableDriveScanning** @@ -449,11 +449,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **Defender/AllowIOAVProtection** @@ -503,11 +503,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **Defender/AllowIntrusionPreventionSystem** @@ -557,11 +557,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **Defender/AllowOnAccessProtection** @@ -611,11 +611,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **Defender/AllowRealtimeMonitoring** @@ -665,11 +665,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **Defender/AllowScanningNetworkFiles** @@ -719,11 +719,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **Defender/AllowScriptScanning** @@ -773,11 +773,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **Defender/AllowUserUIAccess** @@ -827,11 +827,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **Defender/AttackSurfaceReductionOnlyExclusions** @@ -876,11 +876,11 @@ Added in Windows 10, version 1709. This policy setting allows you to prevent Att Value type is string. - +
    - + **Defender/AttackSurfaceReductionRules** @@ -927,11 +927,11 @@ For more information about ASR rule ID and status ID, see [Enable Attack Surface Value type is string. - +
    - + **Defender/AvgCPULoadFactor** @@ -981,11 +981,11 @@ The default value is 50. Valid values: 0–100 - +
    - + **Defender/CloudBlockLevel** @@ -1044,11 +1044,11 @@ The following list shows the supported values: - 0x6 - Zero tolerance blocking level – block all unknown executables - +
    - + **Defender/CloudExtendedTimeout** @@ -1097,11 +1097,11 @@ For example, if the desired timeout is 60 seconds, specify 50 seconds in this se > This feature depends on three other MAPS settings the must all be enabled- "Configure the 'Block at First Sight' feature; "Join Microsoft MAPS"; "Send file samples when further analysis is required". - +
    - + **Defender/ControlledFolderAccessAllowedApplications** @@ -1143,11 +1143,11 @@ For example, if the desired timeout is 60 seconds, specify 50 seconds in this se Added in Windows 10, version 1709. This policy setting allows user-specified applications to the guard my folders feature. Adding an allowed application means the guard my folders feature will allow the application to modify or delete content in certain folders such as My Documents. In most cases it will not be necessary to add entries. Windows Defender Antivirus will automatically detect and dynamically add applications that are friendly. Value type is string. Use the | as the substring separator. - +
    - + **Defender/ControlledFolderAccessProtectedFolders** @@ -1189,11 +1189,11 @@ Added in Windows 10, version 1709. This policy setting allows user-specified app Added in Windows 10, version 1709. This policy settings allows adding user-specified folder locations to the guard my folders feature. These folders will complement the system defined folders such as My Documents and My Pictures. The list of system folders will be displayed in the user interface and can not be changed. Value type is string. Use the | as the substring separator. - +
    - + **Defender/DaysToRetainCleanedMalware** @@ -1243,11 +1243,11 @@ The default value is 0, which keeps items in quarantine, and does not automatica Valid values: 0–90 - +
    - + **Defender/EnableControlledFolderAccess** @@ -1297,11 +1297,11 @@ The following list shows the supported values: - 2 - Audit Mode - +
    - + **Defender/EnableNetworkProtection** @@ -1357,11 +1357,11 @@ The following list shows the supported values: - 2 - Enabled (audit mode) - +
    - + **Defender/ExcludedExtensions** @@ -1404,11 +1404,11 @@ The following list shows the supported values: Allows an administrator to specify a list of file type extensions to ignore during a scan. Each file type in the list must be separated by a **|**. For example, "lib|obj". - +
    - + **Defender/ExcludedPaths** @@ -1451,11 +1451,11 @@ Allows an administrator to specify a list of file type extensions to ignore duri Allows an administrator to specify a list of directory paths to ignore during a scan. Each path in the list must be separated by a **|**. For example, "C:\\Example|C:\\Example1". - +
    - + **Defender/ExcludedProcesses** @@ -1504,11 +1504,11 @@ Allows an administrator to specify a list of files opened by processes to ignore Each file type must be separated by a **|**. For example, "C:\\Example.exe|C:\\Example1.exe". - +
    - + **Defender/PUAProtection** @@ -1559,11 +1559,11 @@ The following list shows the supported values: - 2 – Audit mode. Windows Defender will detect potentially unwanted applications, but take no action. You can review information about the applications Windows Defender would have taken action against by searching for events created by Windows Defender in the Event Viewer. - +
    - + **Defender/RealTimeScanDirection** @@ -1617,11 +1617,11 @@ The following list shows the supported values: - 2 – Monitor outgoing files. - +
    - + **Defender/ScanParameter** @@ -1671,11 +1671,11 @@ The following list shows the supported values: - 2 – Full scan - +
    - + **Defender/ScheduleQuickScanTime** @@ -1731,11 +1731,11 @@ The default value is 120 Valid values: 0–1380 - +
    - + **Defender/ScheduleScanDay** @@ -1795,11 +1795,11 @@ The following list shows the supported values: - 8 – No scheduled scan - +
    - + **Defender/ScheduleScanTime** @@ -1855,11 +1855,11 @@ The default value is 120. Valid values: 0–1380. - +
    - + **Defender/SignatureUpdateInterval** @@ -1911,11 +1911,11 @@ The default value is 8. Valid values: 0–24. - +
    - + **Defender/SubmitSamplesConsent** @@ -1967,11 +1967,11 @@ The following list shows the supported values: - 3 – Send all samples automatically. - +
    - + **Defender/ThreatSeverityDefaultAction** @@ -2032,7 +2032,7 @@ The following list shows the supported values for possible actions: - 10 – Block - +
    Footnote: @@ -2041,7 +2041,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + ## Defender policies supported by Microsoft Surface Hub diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md index 066c6de874..d05d2cedb0 100644 --- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md +++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - DeliveryOptimization @@ -17,7 +17,7 @@ ms.date: 01/29/2018
    - + ## DeliveryOptimization policies
    @@ -98,7 +98,7 @@ ms.date: 01/29/2018
    - + **DeliveryOptimization/DOAbsoluteMaxCacheSize** @@ -143,11 +143,11 @@ Added in Windows 10, version 1607. Specifies the maximum size in GB of Delivery The default value is 10. - +
    - + **DeliveryOptimization/DOAllowVPNPeerCaching** @@ -197,11 +197,11 @@ The following list shows the supported values: - 1 - Allowed. - +
    - + **DeliveryOptimization/DODelayBackgroundDownloadFromHttp** @@ -242,11 +242,11 @@ Added in Windows 10, next major update. This policy allows you to delay the use After the max delay is reached, the download will resume using HTTP, either downloading the entire payload or complementing the bytes that could not be downloaded from peers. Note that a download that is waiting for peer sources, will appear to be stuck for the end user. The recommended value is 1 hour (3600). - +
    - + **DeliveryOptimization/DODelayForegroundDownloadFromHttp** @@ -299,11 +299,11 @@ The following list shows the supported values as number of seconds: - Default is not configured. - +
    - + **DeliveryOptimization/DODownloadMode** @@ -357,11 +357,11 @@ The following list shows the supported values: - 100 - Bypass mode. Do not use Delivery Optimization and use BITS instead. Added in Windows 10, version 1607. - +
    - + **DeliveryOptimization/DOGroupId** @@ -407,11 +407,11 @@ This Policy specifies an arbitrary group ID that the device belongs to. Use this > You must use a GUID as the group ID. - +
    - + **DeliveryOptimization/DOGroupIdSource** @@ -467,11 +467,11 @@ The following list shows the supported values: - 4 - DNS suffix - +
    - + **DeliveryOptimization/DOMaxCacheAge** @@ -516,11 +516,11 @@ Specifies the maximum time in seconds that each file is held in the Delivery Opt The default value is 259200 seconds (3 days). - +
    - + **DeliveryOptimization/DOMaxCacheSize** @@ -565,11 +565,11 @@ Specifies the maximum cache size that Delivery Optimization can utilize, as a pe The default value is 20. - +
    - + **DeliveryOptimization/DOMaxDownloadBandwidth** @@ -614,11 +614,11 @@ Added in Windows 10, version 1607. Specifies the maximum download bandwidth in The default value 0 (zero) means that Delivery Optimization dynamically adjusts to use the available bandwidth for downloads. - +
    - + **DeliveryOptimization/DOMaxUploadBandwidth** @@ -663,11 +663,11 @@ Specifies the maximum upload bandwidth in KiloBytes/second that a device will us The default value is 0, which permits unlimited possible bandwidth (optimized for minimal usage of upload bandwidth). - +
    - + **DeliveryOptimization/DOMinBackgroundQos** @@ -712,11 +712,11 @@ Added in Windows 10, version 1607. Specifies the minimum download QoS (Quality The default value is 500. - +
    - + **DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload** @@ -760,11 +760,11 @@ Added in Windows 10, version 1703. Specifies any value between 1 and 100 (in pe The default value is 0. The value 0 (zero) means "not limited" and the cloud service default value will be used. - +
    - + **DeliveryOptimization/DOMinDiskSizeAllowedToPeer** @@ -812,11 +812,11 @@ Added in Windows 10, version 1703. Specifies the required minimum disk size (cap The default value is 32 GB. - +
    - + **DeliveryOptimization/DOMinFileSizeToCache** @@ -861,11 +861,11 @@ Added in Windows 10, version 1703. Specifies the minimum content file size in MB The default value is 100 MB. - +
    - + **DeliveryOptimization/DOMinRAMAllowedToPeer** @@ -910,11 +910,11 @@ Added in Windows 10, version 1703. Specifies the minimum RAM size in GB required The default value is 4 GB. - +
    - + **DeliveryOptimization/DOModifyCacheDrive** @@ -959,11 +959,11 @@ Added in Windows 10, version 1607. Specifies the drive that Delivery Optimizati By default, %SystemDrive% is used to store the cache. - +
    - + **DeliveryOptimization/DOMonthlyUploadDataCap** @@ -1010,11 +1010,11 @@ The value 0 (zero) means "unlimited"; No monthly upload limit is applied if 0 is The default value is 20. - +
    - + **DeliveryOptimization/DOPercentageMaxBackDownloadBandwidth** @@ -1055,22 +1055,22 @@ Added in Windows 10, next major update. Specifies the maximum background downloa Note that downloads from LAN peers will not be throttled even when this policy is set. - +
    - + **DeliveryOptimization/DOPercentageMaxDownloadBandwidth** This policy is deprecated. Use [DOPercentageMaxForeDownloadBandwidth](#deliveryoptimization-dopercentagemaxforedownloadbandwidth) and [DOPercentageMaxBackDownloadBandwidth](#deliveryoptimization-dopercentagemaxbackdownloadbandwidth) policies instead. - +
    - + **DeliveryOptimization/DOPercentageMaxForeDownloadBandwidth** @@ -1111,11 +1111,11 @@ Added in Windows 10, next major update. Specifies the maximum foreground downloa Note that downloads from LAN peers will not be throttled even when this policy is set. - +
    - + **DeliveryOptimization/DORestrictPeerSelectionBy** @@ -1163,11 +1163,11 @@ The following list shows the supported values: - 1 - Subnet mask. - +
    - + **DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth** @@ -1216,11 +1216,11 @@ This policy allows an IT Admin to define the following: - % of throttle for foreground traffic outside of business hours - +
    - + **DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth** @@ -1269,7 +1269,7 @@ This policy allows an IT Admin to define the following: - % of throttle for foreground traffic outside of business hours - +
    Footnote: @@ -1278,7 +1278,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + ## DeliveryOptimization policies supported by Microsoft Surface Hub diff --git a/windows/client-management/mdm/policy-csp-desktop.md b/windows/client-management/mdm/policy-csp-desktop.md index 009265655e..56fcae51f5 100644 --- a/windows/client-management/mdm/policy-csp-desktop.md +++ b/windows/client-management/mdm/policy-csp-desktop.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Desktop @@ -15,7 +15,7 @@ ms.date: 01/29/2018
    - + ## Desktop policies
    @@ -27,7 +27,7 @@ ms.date: 01/29/2018
    - + **Desktop/PreventUserRedirectionOfProfileFolders** @@ -85,7 +85,7 @@ ADMX Info: - GP ADMX file name: *desktop.admx* - +
    Footnote: @@ -94,7 +94,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + ## Desktop policies supported by Microsoft Surface Hub diff --git a/windows/client-management/mdm/policy-csp-deviceguard.md b/windows/client-management/mdm/policy-csp-deviceguard.md index d2cc249634..bde8f4dc65 100644 --- a/windows/client-management/mdm/policy-csp-deviceguard.md +++ b/windows/client-management/mdm/policy-csp-deviceguard.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - DeviceGuard @@ -15,7 +15,7 @@ ms.date: 01/29/2018
    - + ## DeviceGuard policies
    @@ -33,7 +33,7 @@ ms.date: 01/29/2018
    - + **DeviceGuard/EnableVirtualizationBasedSecurity** @@ -79,11 +79,11 @@ The following list shows the supported values: - 1 - enable virtualization based security. - +
    - + **DeviceGuard/LsaCfgFlags** @@ -130,11 +130,11 @@ The following list shows the supported values: - 2 - (Enabled without lock) Turns on Credential Guard without UEFI lock. - +
    - + **DeviceGuard/RequirePlatformSecurityFeatures** @@ -180,7 +180,7 @@ The following list shows the supported values: - 3 - Turns on VBS with Secure Boot and direct memory access (DMA). DMA requires hardware support. - +
    Footnote: @@ -189,5 +189,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md index d104e70a92..5813ea9ecb 100644 --- a/windows/client-management/mdm/policy-csp-deviceinstallation.md +++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - DeviceInstallation @@ -15,7 +15,7 @@ ms.date: 01/29/2018
    - + ## DeviceInstallation policies
    @@ -30,7 +30,7 @@ ms.date: 01/29/2018
    - + **DeviceInstallation/PreventInstallationOfMatchingDeviceIDs** @@ -88,11 +88,11 @@ ADMX Info: - GP ADMX file name: *deviceinstallation.admx* - +
    - + **DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses** @@ -150,7 +150,7 @@ ADMX Info: - GP ADMX file name: *deviceinstallation.admx* - +
    Footnote: @@ -159,5 +159,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md index 3b169444ca..2555067447 100644 --- a/windows/client-management/mdm/policy-csp-devicelock.md +++ b/windows/client-management/mdm/policy-csp-devicelock.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - DeviceLock @@ -17,7 +17,7 @@ ms.date: 01/29/2018
    - + ## DeviceLock policies
    @@ -77,7 +77,7 @@ ms.date: 01/29/2018
    - + **DeviceLock/AllowIdleReturnWithoutPassword** @@ -130,11 +130,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **DeviceLock/AllowScreenTimeoutWhileLockedUserConfig** @@ -192,11 +192,11 @@ The following list shows the supported values: - 1 – Allowed. - +
    - + **DeviceLock/AllowSimpleDevicePassword** @@ -249,11 +249,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **DeviceLock/AlphanumericDevicePasswordRequired** @@ -312,11 +312,11 @@ The following list shows the supported values: - 2 (default) – Users can choose: Numeric PIN or password, or Alphanumeric PIN or password. - +
    - + **DeviceLock/DevicePasswordEnabled** @@ -403,11 +403,11 @@ The following list shows the supported values: - 1 – Disabled - +
    - + **DeviceLock/DevicePasswordExpiration** @@ -462,11 +462,11 @@ The following list shows the supported values: - 0 (default) - Passwords do not expire. - +
    - + **DeviceLock/DevicePasswordHistory** @@ -523,11 +523,11 @@ The following list shows the supported values: - 0 (default) - +
    - + **DeviceLock/EnforceLockScreenAndLogonImage** @@ -572,11 +572,11 @@ Added in Windows 10, version 1607. Specifies the default lock screen and logon Value type is a string, which is the full image filepath and filename. - +
    - + **DeviceLock/EnforceLockScreenProvider** @@ -621,11 +621,11 @@ Added in Windows 10, version 1607. Restricts lock screen image to a specific lo Value type is a string, which is the AppID. - +
    - + **DeviceLock/MaxDevicePasswordFailedAttempts** @@ -687,11 +687,11 @@ The following list shows the supported values: - 0 (default) - The device is never wiped after an incorrect PIN or password is entered. - +
    - + **DeviceLock/MaxInactivityTimeDeviceLock** @@ -744,11 +744,11 @@ The following list shows the supported values: - 0 (default) - No timeout is defined. The default of "0" is Windows Phone 7.5 parity and is interpreted by as "No timeout is defined." - +
    - + **DeviceLock/MaxInactivityTimeDeviceLockWithExternalDisplay** @@ -797,11 +797,11 @@ The following list shows the supported values: - 0 (default) - No timeout is defined. The default of "0" is Windows Phone 7.5 parity and is interpreted by as "No timeout is defined." - +
    - + **DeviceLock/MinDevicePasswordComplexCharacters** @@ -911,11 +911,11 @@ The enforcement of policies for Microsoft accounts happen on the server, and the For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx) and [KB article](https://support.office.com/article/This-device-doesn-t-meet-the-security-requirements-set-by-your-email-administrator-87132fc7-2c7f-4a71-9de0-779ff81c86ca). - +
    - + **DeviceLock/MinDevicePasswordLength** @@ -973,11 +973,11 @@ The following list shows the supported values: - The default value is 4 for mobile devices and desktop devices. - +
    - + **DeviceLock/MinimumPasswordAge** @@ -1020,11 +1020,11 @@ The minimum password age must be less than the Maximum password age, unless the Configure the minimum password age to be more than 0 if you want Enforce password history to be effective. Without a minimum password age, users can cycle through passwords repeatedly until they get to an old favorite. The default setting does not follow this recommendation, so that an administrator can specify a password for a user and then require the user to change the administrator-defined password when the user logs on. If the password history is set to 0, the user does not have to choose a new password. For this reason, Enforce password history is set to 1 by default. - +
    - + **DeviceLock/PreventLockScreenSlideShow** @@ -1082,11 +1082,11 @@ ADMX Info: - GP ADMX file name: *ControlPanelDisplay.admx* - +
    - + **DeviceLock/ScreenTimeoutWhileLocked** @@ -1136,7 +1136,7 @@ The default value is 10. Most restricted value is 0. - +
    Footnote: @@ -1145,7 +1145,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + ## DeviceLock policies that can be set using Exchange Active Sync (EAS) diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md index e2302d2679..fbfc7878d5 100644 --- a/windows/client-management/mdm/policy-csp-display.md +++ b/windows/client-management/mdm/policy-csp-display.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Display @@ -15,7 +15,7 @@ ms.date: 01/29/2018
    - + ## Display policies
    @@ -30,7 +30,7 @@ ms.date: 01/29/2018
    - + **Display/TurnOffGdiDPIScalingForApps** @@ -84,11 +84,11 @@ To validate on Desktop, do the following: 2. Run the app and observe blurry text. - +
    - + **Display/TurnOnGdiDPIScalingForApps** @@ -142,7 +142,7 @@ To validate on Desktop, do the following: 2. Run the app and observe crisp text. - +
    Footnote: @@ -151,5 +151,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-education.md b/windows/client-management/mdm/policy-csp-education.md index 70e051604f..3583549ed4 100644 --- a/windows/client-management/mdm/policy-csp-education.md +++ b/windows/client-management/mdm/policy-csp-education.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Education @@ -15,7 +15,7 @@ ms.date: 01/29/2018
    - + ## Education policies
    @@ -33,7 +33,7 @@ ms.date: 01/29/2018
    - + **Education/DefaultPrinterName** @@ -74,11 +74,11 @@ Added in Windows 10, version 1709. This policy allows IT Admins to set the user The policy value is expected to be the name (network host name) of an installed printer. - +
    - + **Education/PreventAddingNewPrinters** @@ -124,11 +124,11 @@ The following list shows the supported values: - 1 – Prevent user installation. - +
    - + **Education/PrinterNames** @@ -169,7 +169,7 @@ Added in Windows 10, version 1709. Allows IT Admins to automatically provision The policy value is expected to be a `````` seperated list of printer names. The OS will attempt to search and install the matching printer driver for each listed printer. - +
    Footnote: @@ -178,5 +178,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md index 635152c9cc..63d4b5f3b2 100644 --- a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md +++ b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - EnterpriseCloudPrint @@ -15,7 +15,7 @@ ms.date: 01/29/2018
    - + ## EnterpriseCloudPrint policies
    @@ -42,7 +42,7 @@ ms.date: 01/29/2018
    - + **EnterpriseCloudPrint/CloudPrintOAuthAuthority** @@ -85,11 +85,11 @@ The datatype is a string. The default value is an empty string. Otherwise, the value should contain the URL of an endpoint. For example, "https://azuretenant.contoso.com/adfs". - +
    - + **EnterpriseCloudPrint/CloudPrintOAuthClientId** @@ -132,11 +132,11 @@ The datatype is a string. The default value is an empty string. Otherwise, the value should contain a GUID. For example, "E1CF1107-FF90-4228-93BF-26052DD2C714". - +
    - + **EnterpriseCloudPrint/CloudPrintResourceId** @@ -179,11 +179,11 @@ The datatype is a string. The default value is an empty string. Otherwise, the value should contain a URL. For example, "http://MicrosoftEnterpriseCloudPrint/CloudPrint". - +
    - + **EnterpriseCloudPrint/CloudPrinterDiscoveryEndPoint** @@ -226,11 +226,11 @@ The datatype is a string. The default value is an empty string. Otherwise, the value should contain the URL of an endpoint. For example, "https://cloudprinterdiscovery.contoso.com". - +
    - + **EnterpriseCloudPrint/DiscoveryMaxPrinterLimit** @@ -273,11 +273,11 @@ The datatype is an integer. For Windows Mobile, the default value is 20. - +
    - + **EnterpriseCloudPrint/MopriaDiscoveryResourceId** @@ -320,7 +320,7 @@ The datatype is a string. The default value is an empty string. Otherwise, the value should contain a URL. For example, "http://MopriaDiscoveryService/CloudPrint". - +
    Footnote: @@ -329,5 +329,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-errorreporting.md b/windows/client-management/mdm/policy-csp-errorreporting.md index 8b4deb16d5..e33bbb0431 100644 --- a/windows/client-management/mdm/policy-csp-errorreporting.md +++ b/windows/client-management/mdm/policy-csp-errorreporting.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - ErrorReporting @@ -15,7 +15,7 @@ ms.date: 01/29/2018
    - + ## ErrorReporting policies
    @@ -39,7 +39,7 @@ ms.date: 01/29/2018
    - + **ErrorReporting/CustomizeConsentSettings** @@ -107,11 +107,11 @@ ADMX Info: - GP ADMX file name: *ErrorReporting.admx* - +
    - + **ErrorReporting/DisableWindowsErrorReporting** @@ -169,11 +169,11 @@ ADMX Info: - GP ADMX file name: *ErrorReporting.admx* - +
    - + **ErrorReporting/DisplayErrorNotification** @@ -235,11 +235,11 @@ ADMX Info: - GP ADMX file name: *ErrorReporting.admx* - +
    - + **ErrorReporting/DoNotSendAdditionalData** @@ -297,11 +297,11 @@ ADMX Info: - GP ADMX file name: *ErrorReporting.admx* - +
    - + **ErrorReporting/PreventCriticalErrorDisplay** @@ -359,7 +359,7 @@ ADMX Info: - GP ADMX file name: *ErrorReporting.admx* - +
    Footnote: @@ -368,5 +368,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-eventlogservice.md b/windows/client-management/mdm/policy-csp-eventlogservice.md index b531654651..10a8c1e6f4 100644 --- a/windows/client-management/mdm/policy-csp-eventlogservice.md +++ b/windows/client-management/mdm/policy-csp-eventlogservice.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - EventLogService @@ -15,7 +15,7 @@ ms.date: 01/29/2018
    - + ## EventLogService policies
    @@ -36,7 +36,7 @@ ms.date: 01/29/2018
    - + **EventLogService/ControlEventLogBehavior** @@ -96,11 +96,11 @@ ADMX Info: - GP ADMX file name: *eventlog.admx* - +
    - + **EventLogService/SpecifyMaximumFileSizeApplicationLog** @@ -158,11 +158,11 @@ ADMX Info: - GP ADMX file name: *eventlog.admx* - +
    - + **EventLogService/SpecifyMaximumFileSizeSecurityLog** @@ -220,11 +220,11 @@ ADMX Info: - GP ADMX file name: *eventlog.admx* - +
    - + **EventLogService/SpecifyMaximumFileSizeSystemLog** @@ -282,7 +282,7 @@ ADMX Info: - GP ADMX file name: *eventlog.admx* - +
    Footnote: @@ -291,5 +291,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md index 9c346946d7..162e0d9065 100644 --- a/windows/client-management/mdm/policy-csp-experience.md +++ b/windows/client-management/mdm/policy-csp-experience.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Experience @@ -17,7 +17,7 @@ ms.date: 01/29/2018
    - + ## Experience policies
    @@ -89,7 +89,7 @@ ms.date: 01/29/2018
    - + **Experience/AllowCopyPaste** @@ -140,11 +140,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **Experience/AllowCortana** @@ -192,11 +192,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **Experience/AllowDeviceDiscovery** @@ -246,11 +246,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **Experience/AllowFindMyDevice** @@ -300,11 +300,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **Experience/AllowManualMDMUnenrollment** @@ -356,11 +356,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **Experience/AllowSIMErrorDialogPromptWhenNoSIM** @@ -410,22 +410,22 @@ The following list shows the supported values: - 1 (default) – SIM card dialog prompt is displayed. - +
    - + **Experience/AllowSaveAsOfOfficeFiles** This policy is deprecated. - +
    - + **Experience/AllowScreenCapture** @@ -477,22 +477,22 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **Experience/AllowSharingOfOfficeFiles** This policy is deprecated. - +
    - + **Experience/AllowSyncMySettings** @@ -538,11 +538,11 @@ The following list shows the supported values: - 1 (default) – Sync settings allowed. - +
    - + **Experience/AllowTailoredExperiencesWithDiagnosticData** @@ -597,11 +597,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **Experience/AllowTaskSwitcher** @@ -651,11 +651,11 @@ The following list shows the supported values: - 1 (default) – Task switching allowed. - +
    - + **Experience/AllowThirdPartySuggestionsInWindowsSpotlight** @@ -705,11 +705,11 @@ The following list shows the supported values: - 1 (default) – Third-party suggestions allowed. - +
    - + **Experience/AllowVoiceRecording** @@ -761,11 +761,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **Experience/AllowWindowsConsumerFeatures** @@ -817,11 +817,11 @@ The following list shows the supported values: - 1 – Allowed. - +
    - + **Experience/AllowWindowsSpotlight** @@ -873,11 +873,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **Experience/AllowWindowsSpotlightOnActionCenter** @@ -928,11 +928,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **Experience/AllowWindowsSpotlightWindowsWelcomeExperience** @@ -984,11 +984,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **Experience/AllowWindowsTips** @@ -1034,11 +1034,11 @@ The following list shows the supported values: - 1 (default) – Enabled. - +
    - + **Experience/ConfigureWindowsSpotlightOnLockScreen** @@ -1089,11 +1089,11 @@ The following list shows the supported values: - 2 – placeholder only for future extension. Using this value has no effect. - +
    - + **Experience/DoNotShowFeedbackNotifications** @@ -1143,7 +1143,7 @@ The following list shows the supported values: - 1 – Feedback notifications are disabled. - +
    Footnote: @@ -1152,7 +1152,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + ## Experience policies supported by Windows Holographic for Business diff --git a/windows/client-management/mdm/policy-csp-exploitguard.md b/windows/client-management/mdm/policy-csp-exploitguard.md index 9f742bb32f..f52eb4c227 100644 --- a/windows/client-management/mdm/policy-csp-exploitguard.md +++ b/windows/client-management/mdm/policy-csp-exploitguard.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - ExploitGuard @@ -15,7 +15,7 @@ ms.date: 01/29/2018
    - + ## ExploitGuard policies
    @@ -27,7 +27,7 @@ ms.date: 01/29/2018
    - + **ExploitGuard/ExploitProtectionSettings** @@ -95,7 +95,7 @@ Here is an example: ``` - +
    Footnote: @@ -104,5 +104,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-games.md b/windows/client-management/mdm/policy-csp-games.md index 233f091ce6..2a651204e1 100644 --- a/windows/client-management/mdm/policy-csp-games.md +++ b/windows/client-management/mdm/policy-csp-games.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Games @@ -15,7 +15,7 @@ ms.date: 01/29/2018
    - + ## Games policies
    @@ -27,7 +27,7 @@ ms.date: 01/29/2018
    - + **Games/AllowAdvancedGamingServices** @@ -73,7 +73,7 @@ The following list shows the supported values: - 1 (default) - Allowed - +
    Footnote: @@ -82,5 +82,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-handwriting.md b/windows/client-management/mdm/policy-csp-handwriting.md index ac276081cf..c03012e8f2 100644 --- a/windows/client-management/mdm/policy-csp-handwriting.md +++ b/windows/client-management/mdm/policy-csp-handwriting.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Handwriting @@ -15,7 +15,7 @@ ms.date: 01/29/2018
    - + ## Handwriting policies
    @@ -27,7 +27,7 @@ ms.date: 01/29/2018
    - + **Handwriting/PanelDefaultModeDocked** @@ -79,7 +79,7 @@ The following list shows the supported values: - 1 - Enabled. - +
    Footnote: @@ -88,5 +88,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md index ba26acd4fc..4e2042350f 100644 --- a/windows/client-management/mdm/policy-csp-internetexplorer.md +++ b/windows/client-management/mdm/policy-csp-internetexplorer.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - InternetExplorer @@ -15,7 +15,7 @@ ms.date: 01/29/2018
    - + ## InternetExplorer policies
    @@ -753,7 +753,7 @@ ms.date: 01/29/2018
    - + **InternetExplorer/AddSearchProvider** @@ -812,11 +812,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/AllowActiveXFiltering** @@ -875,11 +875,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/AllowAddOnList** @@ -944,11 +944,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/AllowAutoComplete** @@ -1001,11 +1001,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/AllowCertificateAddressMismatchWarning** @@ -1059,11 +1059,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/AllowDeletingBrowsingHistoryOnExit** @@ -1117,11 +1117,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/AllowEnhancedProtectedMode** @@ -1182,11 +1182,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/AllowEnterpriseModeFromToolsMenu** @@ -1245,11 +1245,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/AllowEnterpriseModeSiteList** @@ -1308,11 +1308,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/AllowFallbackToSSL3** @@ -1365,11 +1365,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/AllowInternetExplorer7PolicyList** @@ -1428,11 +1428,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/AllowInternetExplorerStandardsMode** @@ -1493,11 +1493,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/AllowInternetZoneTemplate** @@ -1562,11 +1562,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/AllowIntranetZoneTemplate** @@ -1631,11 +1631,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/AllowLocalMachineZoneTemplate** @@ -1700,11 +1700,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/AllowLockedDownInternetZoneTemplate** @@ -1769,11 +1769,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/AllowLockedDownIntranetZoneTemplate** @@ -1838,11 +1838,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/AllowLockedDownLocalMachineZoneTemplate** @@ -1907,11 +1907,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/AllowLockedDownRestrictedSitesZoneTemplate** @@ -1976,11 +1976,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/AllowOneWordEntry** @@ -2039,11 +2039,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/AllowSiteToZoneAssignmentList** @@ -2108,11 +2108,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/AllowSoftwareWhenSignatureIsInvalid** @@ -2166,11 +2166,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/AllowSuggestedSites** @@ -2231,11 +2231,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/AllowTrustedSitesZoneTemplate** @@ -2300,11 +2300,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/AllowsLockedDownTrustedSitesZoneTemplate** @@ -2369,11 +2369,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/AllowsRestrictedSitesZoneTemplate** @@ -2438,11 +2438,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/CheckServerCertificateRevocation** @@ -2496,11 +2496,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/CheckSignaturesOnDownloadedPrograms** @@ -2554,11 +2554,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/ConsistentMimeHandlingInternetExplorerProcesses** @@ -2612,11 +2612,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/DisableAdobeFlash** @@ -2677,11 +2677,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/DisableBypassOfSmartScreenWarnings** @@ -2740,11 +2740,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/DisableBypassOfSmartScreenWarningsAboutUncommonFiles** @@ -2803,11 +2803,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/DisableConfiguringHistory** @@ -2861,11 +2861,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/DisableCrashDetection** @@ -2919,11 +2919,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/DisableCustomerExperienceImprovementProgramParticipation** @@ -2984,11 +2984,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/DisableDeletingUserVisitedWebsites** @@ -3042,11 +3042,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/DisableEnclosureDownloading** @@ -3105,11 +3105,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/DisableEncryptionSupport** @@ -3170,11 +3170,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/DisableFirstRunWizard** @@ -3237,11 +3237,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/DisableFlipAheadFeature** @@ -3304,11 +3304,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/DisableHomePageChange** @@ -3366,11 +3366,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/DisableIgnoringCertificateErrors** @@ -3424,11 +3424,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/DisableInPrivateBrowsing** @@ -3482,11 +3482,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/DisableProcessesInEnhancedProtectedMode** @@ -3540,11 +3540,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/DisableProxyChange** @@ -3603,11 +3603,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/DisableSearchProviderChange** @@ -3666,11 +3666,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/DisableSecondaryHomePageChange** @@ -3731,11 +3731,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/DisableSecuritySettingsCheck** @@ -3789,11 +3789,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/DisableUpdateCheck** @@ -3853,11 +3853,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/DoNotAllowActiveXControlsInProtectedMode** @@ -3911,11 +3911,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/DoNotAllowUsersToAddSites** @@ -3979,11 +3979,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/DoNotAllowUsersToChangePolicies** @@ -4047,11 +4047,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/DoNotBlockOutdatedActiveXControls** @@ -4112,11 +4112,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/DoNotBlockOutdatedActiveXControlsOnSpecificDomains** @@ -4181,11 +4181,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/IncludeAllLocalSites** @@ -4246,11 +4246,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/IncludeAllNetworkPaths** @@ -4311,11 +4311,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/InternetZoneAllowAccessToDataSources** @@ -4376,11 +4376,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/InternetZoneAllowAutomaticPromptingForActiveXControls** @@ -4441,11 +4441,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/InternetZoneAllowAutomaticPromptingForFileDownloads** @@ -4504,11 +4504,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/InternetZoneAllowCopyPasteViaScript** @@ -4562,11 +4562,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/InternetZoneAllowDragAndDropCopyAndPasteFiles** @@ -4620,11 +4620,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/InternetZoneAllowFontDownloads** @@ -4685,11 +4685,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/InternetZoneAllowLessPrivilegedSites** @@ -4750,11 +4750,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/InternetZoneAllowLoadingOfXAMLFiles** @@ -4808,11 +4808,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/InternetZoneAllowNETFrameworkReliantComponents** @@ -4873,11 +4873,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls** @@ -4931,11 +4931,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl** @@ -4989,11 +4989,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/InternetZoneAllowScriptInitiatedWindows** @@ -5047,11 +5047,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls** @@ -5105,11 +5105,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/InternetZoneAllowScriptlets** @@ -5170,11 +5170,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/InternetZoneAllowSmartScreenIE** @@ -5237,11 +5237,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/InternetZoneAllowUpdatesToStatusBarViaScript** @@ -5295,11 +5295,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/InternetZoneAllowUserDataPersistence** @@ -5360,11 +5360,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControls** @@ -5418,11 +5418,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/InternetZoneDownloadSignedActiveXControls** @@ -5476,11 +5476,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/InternetZoneDownloadUnsignedActiveXControls** @@ -5534,11 +5534,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/InternetZoneEnableCrossSiteScriptingFilter** @@ -5592,11 +5592,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows** @@ -5650,11 +5650,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows** @@ -5708,11 +5708,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/InternetZoneEnableMIMESniffing** @@ -5766,11 +5766,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/InternetZoneEnableProtectedMode** @@ -5824,11 +5824,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/InternetZoneIncludeLocalPathWhenUploadingFilesToServer** @@ -5882,11 +5882,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/InternetZoneInitializeAndScriptActiveXControls** @@ -5949,11 +5949,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/InternetZoneInitializeAndScriptActiveXControlsNotMarkedSafe** @@ -5982,11 +5982,11 @@ ADMX Info: - +
    - + **InternetExplorer/InternetZoneJavaPermissions** @@ -6040,11 +6040,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/InternetZoneLaunchingApplicationsAndFilesInIFRAME** @@ -6098,11 +6098,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/InternetZoneLogonOptions** @@ -6156,11 +6156,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/InternetZoneNavigateWindowsAndFrames** @@ -6221,11 +6221,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode** @@ -6279,11 +6279,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles** @@ -6337,11 +6337,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/InternetZoneUsePopupBlocker** @@ -6395,11 +6395,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/IntranetZoneAllowAccessToDataSources** @@ -6460,11 +6460,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/IntranetZoneAllowAutomaticPromptingForActiveXControls** @@ -6525,11 +6525,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/IntranetZoneAllowAutomaticPromptingForFileDownloads** @@ -6588,11 +6588,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/IntranetZoneAllowFontDownloads** @@ -6653,11 +6653,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/IntranetZoneAllowLessPrivilegedSites** @@ -6718,11 +6718,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/IntranetZoneAllowNETFrameworkReliantComponents** @@ -6783,11 +6783,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/IntranetZoneAllowScriptlets** @@ -6848,11 +6848,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/IntranetZoneAllowSmartScreenIE** @@ -6915,11 +6915,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/IntranetZoneAllowUserDataPersistence** @@ -6980,11 +6980,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/IntranetZoneDoNotRunAntimalwareAgainstActiveXControls** @@ -7038,11 +7038,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/IntranetZoneInitializeAndScriptActiveXControls** @@ -7105,11 +7105,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/IntranetZoneJavaPermissions** @@ -7163,11 +7163,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/IntranetZoneNavigateWindowsAndFrames** @@ -7228,11 +7228,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LocalMachineZoneAllowAccessToDataSources** @@ -7293,11 +7293,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForActiveXControls** @@ -7358,11 +7358,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForFileDownloads** @@ -7421,11 +7421,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LocalMachineZoneAllowFontDownloads** @@ -7486,11 +7486,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LocalMachineZoneAllowLessPrivilegedSites** @@ -7551,11 +7551,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LocalMachineZoneAllowNETFrameworkReliantComponents** @@ -7616,11 +7616,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LocalMachineZoneAllowScriptlets** @@ -7681,11 +7681,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LocalMachineZoneAllowSmartScreenIE** @@ -7748,11 +7748,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LocalMachineZoneAllowUserDataPersistence** @@ -7813,11 +7813,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls** @@ -7871,11 +7871,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LocalMachineZoneInitializeAndScriptActiveXControls** @@ -7938,11 +7938,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LocalMachineZoneJavaPermissions** @@ -7996,11 +7996,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LocalMachineZoneNavigateWindowsAndFrames** @@ -8061,11 +8061,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownInternetZoneAllowAccessToDataSources** @@ -8126,11 +8126,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls** @@ -8191,11 +8191,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForFileDownloads** @@ -8254,11 +8254,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownInternetZoneAllowFontDownloads** @@ -8319,11 +8319,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownInternetZoneAllowLessPrivilegedSites** @@ -8384,11 +8384,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownInternetZoneAllowNETFrameworkReliantComponents** @@ -8449,11 +8449,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownInternetZoneAllowScriptlets** @@ -8514,11 +8514,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownInternetZoneAllowSmartScreenIE** @@ -8581,11 +8581,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownInternetZoneAllowUserDataPersistence** @@ -8646,11 +8646,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownInternetZoneInitializeAndScriptActiveXControls** @@ -8713,11 +8713,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownInternetZoneJavaPermissions** @@ -8771,11 +8771,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownInternetZoneNavigateWindowsAndFrames** @@ -8836,11 +8836,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownIntranetZoneAllowAccessToDataSources** @@ -8901,11 +8901,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls** @@ -8966,11 +8966,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads** @@ -9029,11 +9029,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownIntranetZoneAllowFontDownloads** @@ -9094,11 +9094,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownIntranetZoneAllowLessPrivilegedSites** @@ -9159,11 +9159,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownIntranetZoneAllowNETFrameworkReliantComponents** @@ -9224,11 +9224,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownIntranetZoneAllowScriptlets** @@ -9289,11 +9289,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownIntranetZoneAllowSmartScreenIE** @@ -9356,11 +9356,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownIntranetZoneAllowUserDataPersistence** @@ -9421,11 +9421,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownIntranetZoneInitializeAndScriptActiveXControls** @@ -9488,11 +9488,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownIntranetZoneNavigateWindowsAndFrames** @@ -9553,11 +9553,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownLocalMachineZoneAllowAccessToDataSources** @@ -9618,11 +9618,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForActiveXControls** @@ -9683,11 +9683,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForFileDownloads** @@ -9746,11 +9746,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownLocalMachineZoneAllowFontDownloads** @@ -9811,11 +9811,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownLocalMachineZoneAllowLessPrivilegedSites** @@ -9876,11 +9876,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownLocalMachineZoneAllowNETFrameworkReliantComponents** @@ -9941,11 +9941,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownLocalMachineZoneAllowScriptlets** @@ -10006,11 +10006,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownLocalMachineZoneAllowSmartScreenIE** @@ -10073,11 +10073,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownLocalMachineZoneAllowUserDataPersistence** @@ -10138,11 +10138,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownLocalMachineZoneInitializeAndScriptActiveXControls** @@ -10205,11 +10205,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownLocalMachineZoneJavaPermissions** @@ -10263,11 +10263,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownLocalMachineZoneNavigateWindowsAndFrames** @@ -10328,11 +10328,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownRestrictedSitesZoneAllowAccessToDataSources** @@ -10393,11 +10393,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls** @@ -10458,11 +10458,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForFileDownloads** @@ -10521,11 +10521,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownRestrictedSitesZoneAllowFontDownloads** @@ -10586,11 +10586,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownRestrictedSitesZoneAllowLessPrivilegedSites** @@ -10651,11 +10651,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownRestrictedSitesZoneAllowNETFrameworkReliantComponents** @@ -10716,11 +10716,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownRestrictedSitesZoneAllowScriptlets** @@ -10781,11 +10781,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownRestrictedSitesZoneAllowSmartScreenIE** @@ -10848,11 +10848,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownRestrictedSitesZoneAllowUserDataPersistence** @@ -10913,11 +10913,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls** @@ -10980,11 +10980,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownRestrictedSitesZoneJavaPermissions** @@ -11038,11 +11038,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownRestrictedSitesZoneNavigateWindowsAndFrames** @@ -11103,11 +11103,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownTrustedSitesZoneAllowAccessToDataSources** @@ -11168,11 +11168,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls** @@ -11233,11 +11233,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForFileDownloads** @@ -11296,11 +11296,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownTrustedSitesZoneAllowFontDownloads** @@ -11361,11 +11361,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownTrustedSitesZoneAllowLessPrivilegedSites** @@ -11426,11 +11426,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownTrustedSitesZoneAllowNETFrameworkReliantComponents** @@ -11491,11 +11491,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownTrustedSitesZoneAllowScriptlets** @@ -11556,11 +11556,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownTrustedSitesZoneAllowSmartScreenIE** @@ -11623,11 +11623,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownTrustedSitesZoneAllowUserDataPersistence** @@ -11688,11 +11688,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls** @@ -11755,11 +11755,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownTrustedSitesZoneJavaPermissions** @@ -11813,11 +11813,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/LockedDownTrustedSitesZoneNavigateWindowsAndFrames** @@ -11878,11 +11878,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/MKProtocolSecurityRestrictionInternetExplorerProcesses** @@ -11936,11 +11936,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/MimeSniffingSafetyFeatureInternetExplorerProcesses** @@ -11994,11 +11994,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/NotificationBarInternetExplorerProcesses** @@ -12052,11 +12052,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/PreventManagingSmartScreenFilter** @@ -12110,11 +12110,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/PreventPerUserInstallationOfActiveXControls** @@ -12168,11 +12168,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/ProtectionFromZoneElevationInternetExplorerProcesses** @@ -12226,11 +12226,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/RemoveRunThisTimeButtonForOutdatedActiveXControls** @@ -12284,11 +12284,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/RestrictActiveXInstallInternetExplorerProcesses** @@ -12342,11 +12342,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/RestrictFileDownloadInternetExplorerProcesses** @@ -12400,11 +12400,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/RestrictedSitesZoneAllowAccessToDataSources** @@ -12465,11 +12465,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/RestrictedSitesZoneAllowActiveScripting** @@ -12523,11 +12523,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls** @@ -12588,11 +12588,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads** @@ -12651,11 +12651,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/RestrictedSitesZoneAllowBinaryAndScriptBehaviors** @@ -12709,11 +12709,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/RestrictedSitesZoneAllowCopyPasteViaScript** @@ -12767,11 +12767,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles** @@ -12825,11 +12825,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/RestrictedSitesZoneAllowFileDownloads** @@ -12883,11 +12883,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/RestrictedSitesZoneAllowFontDownloads** @@ -12948,11 +12948,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/RestrictedSitesZoneAllowLessPrivilegedSites** @@ -13013,11 +13013,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/RestrictedSitesZoneAllowLoadingOfXAMLFiles** @@ -13071,11 +13071,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/RestrictedSitesZoneAllowMETAREFRESH** @@ -13129,11 +13129,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/RestrictedSitesZoneAllowNETFrameworkReliantComponents** @@ -13194,11 +13194,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls** @@ -13252,11 +13252,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl** @@ -13310,11 +13310,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/RestrictedSitesZoneAllowScriptInitiatedWindows** @@ -13368,11 +13368,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls** @@ -13426,11 +13426,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/RestrictedSitesZoneAllowScriptlets** @@ -13491,11 +13491,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/RestrictedSitesZoneAllowSmartScreenIE** @@ -13558,11 +13558,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/RestrictedSitesZoneAllowUpdatesToStatusBarViaScript** @@ -13616,11 +13616,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/RestrictedSitesZoneAllowUserDataPersistence** @@ -13681,11 +13681,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls** @@ -13739,11 +13739,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/RestrictedSitesZoneDownloadSignedActiveXControls** @@ -13797,11 +13797,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/RestrictedSitesZoneDownloadUnsignedActiveXControls** @@ -13855,11 +13855,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/RestrictedSitesZoneEnableCrossSiteScriptingFilter** @@ -13913,11 +13913,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows** @@ -13971,11 +13971,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows** @@ -14029,11 +14029,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/RestrictedSitesZoneEnableMIMESniffing** @@ -14087,11 +14087,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer** @@ -14145,11 +14145,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/RestrictedSitesZoneInitializeAndScriptActiveXControls** @@ -14212,11 +14212,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/RestrictedSitesZoneJavaPermissions** @@ -14270,11 +14270,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME** @@ -14328,11 +14328,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/RestrictedSitesZoneLogonOptions** @@ -14386,11 +14386,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFrames** @@ -14451,11 +14451,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/RestrictedSitesZoneRunActiveXControlsAndPlugins** @@ -14509,11 +14509,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode** @@ -14567,11 +14567,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting** @@ -14625,11 +14625,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/RestrictedSitesZoneScriptingOfJavaApplets** @@ -14683,11 +14683,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles** @@ -14741,11 +14741,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/RestrictedSitesZoneTurnOnProtectedMode** @@ -14799,11 +14799,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/RestrictedSitesZoneUsePopupBlocker** @@ -14857,11 +14857,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/ScriptedWindowSecurityRestrictionsInternetExplorerProcesses** @@ -14915,11 +14915,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/SearchProviderList** @@ -14978,11 +14978,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/SecurityZonesUseOnlyMachineSettings** @@ -15035,11 +15035,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/SpecifyUseOfActiveXInstallerService** @@ -15093,11 +15093,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/TrustedSitesZoneAllowAccessToDataSources** @@ -15158,11 +15158,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForActiveXControls** @@ -15223,11 +15223,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForFileDownloads** @@ -15286,11 +15286,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/TrustedSitesZoneAllowFontDownloads** @@ -15351,11 +15351,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/TrustedSitesZoneAllowLessPrivilegedSites** @@ -15416,11 +15416,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/TrustedSitesZoneAllowNETFrameworkReliantComponents** @@ -15481,11 +15481,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/TrustedSitesZoneAllowScriptlets** @@ -15546,11 +15546,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/TrustedSitesZoneAllowSmartScreenIE** @@ -15613,11 +15613,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/TrustedSitesZoneAllowUserDataPersistence** @@ -15678,11 +15678,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls** @@ -15736,11 +15736,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControls** @@ -15803,11 +15803,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/TrustedSitesZoneJavaPermissions** @@ -15861,11 +15861,11 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    - + **InternetExplorer/TrustedSitesZoneNavigateWindowsAndFrames** @@ -15926,7 +15926,7 @@ ADMX Info: - GP ADMX file name: *inetres.admx* - +
    Footnote: @@ -15935,5 +15935,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-kerberos.md b/windows/client-management/mdm/policy-csp-kerberos.md index 7a2e9f901b..361a19a81c 100644 --- a/windows/client-management/mdm/policy-csp-kerberos.md +++ b/windows/client-management/mdm/policy-csp-kerberos.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Kerberos @@ -15,7 +15,7 @@ ms.date: 01/29/2018
    - + ## Kerberos policies
    @@ -39,7 +39,7 @@ ms.date: 01/29/2018
    - + **Kerberos/AllowForestSearchOrder** @@ -97,11 +97,11 @@ ADMX Info: - GP ADMX file name: *Kerberos.admx* - +
    - + **Kerberos/KerberosClientSupportsClaimsCompoundArmor** @@ -158,11 +158,11 @@ ADMX Info: - GP ADMX file name: *Kerberos.admx* - +
    - + **Kerberos/RequireKerberosArmoring** @@ -224,11 +224,11 @@ ADMX Info: - GP ADMX file name: *Kerberos.admx* - +
    - + **Kerberos/RequireStrictKDCValidation** @@ -286,11 +286,11 @@ ADMX Info: - GP ADMX file name: *Kerberos.admx* - +
    - + **Kerberos/SetMaximumContextTokenSize** @@ -352,7 +352,7 @@ ADMX Info: - GP ADMX file name: *Kerberos.admx* - +
    Footnote: @@ -361,5 +361,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-kioskbrowser.md b/windows/client-management/mdm/policy-csp-kioskbrowser.md index 769c55b3dd..6606c038b3 100644 --- a/windows/client-management/mdm/policy-csp-kioskbrowser.md +++ b/windows/client-management/mdm/policy-csp-kioskbrowser.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - KioskBrowser @@ -17,7 +17,7 @@ ms.date: 01/29/2018
    - + ## KioskBrowser policies
    @@ -44,7 +44,7 @@ ms.date: 01/29/2018
    - + **KioskBrowser/BlockedUrlExceptions** @@ -84,11 +84,11 @@ ms.date: 01/29/2018 Added in Windows 10, next major update. List of exceptions to the blocked website URLs (with wildcard support). This is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs. - +
    - + **KioskBrowser/BlockedUrls** @@ -128,11 +128,11 @@ Added in Windows 10, next major update. List of exceptions to the blocked websit Added in Windows 10, next major update. List of blocked website URLs (with wildcard support). This is used to configure blocked URLs kiosk browsers cannot navigate to. - +
    - + **KioskBrowser/DefaultURL** @@ -172,11 +172,11 @@ Added in Windows 10, next major update. List of blocked website URLs (with wildc Added in Windows 10, next major update. Configures the default URL kiosk browsers to navigate on launch and restart. - +
    - + **KioskBrowser/EnableHomeButton** @@ -216,11 +216,11 @@ Added in Windows 10, next major update. Configures the default URL kiosk browser Added in Windows 10, next major update. Enable/disable kiosk browser's home button. - +
    - + **KioskBrowser/EnableNavigationButtons** @@ -260,11 +260,11 @@ Added in Windows 10, next major update. Enable/disable kiosk browser's home butt Added in Windows 10, next major update. Enable/disable kiosk browser's navigation buttons (forward/back). - +
    - + **KioskBrowser/RestartOnIdleTime** @@ -306,7 +306,7 @@ Added in Windows 10, next major update. Amount of time in minutes the session is The value is an int 1-1440 that specifies the amount of minutes the session is idle until the kiosk browser restarts in a fresh state. The default value is empty which means there is no idle timeout within the kiosk browser. - +
    Footnote: @@ -315,5 +315,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-licensing.md b/windows/client-management/mdm/policy-csp-licensing.md index 28751d2800..66109605f7 100644 --- a/windows/client-management/mdm/policy-csp-licensing.md +++ b/windows/client-management/mdm/policy-csp-licensing.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Licensing @@ -15,7 +15,7 @@ ms.date: 01/29/2018
    - + ## Licensing policies
    @@ -30,7 +30,7 @@ ms.date: 01/29/2018
    - + **Licensing/AllowWindowsEntitlementReactivation** @@ -76,11 +76,11 @@ The following list shows the supported values: - 1 (default) – Enable Windows license reactivation on managed devices. - +
    - + **Licensing/DisallowKMSClientOnlineAVSValidation** @@ -126,7 +126,7 @@ The following list shows the supported values: - 1 – Enabled. - +
    Footnote: @@ -135,5 +135,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md index 1207e03022..f67234078a 100644 --- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md +++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - LocalPoliciesSecurityOptions @@ -17,7 +17,7 @@ ms.date: 01/29/2018
    - + ## LocalPoliciesSecurityOptions policies
    @@ -191,7 +191,7 @@ ms.date: 01/29/2018
    - + **LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts** @@ -245,11 +245,11 @@ The following list shows the supported values: - 1 - enabled (users cannot add Microsoft accounts). - +
    - + **LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus** @@ -303,11 +303,11 @@ Valid values: - 1 - local Administrator account is enabled - +
    - + **LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus** @@ -358,11 +358,11 @@ Valid values: - 1 - local Guest account is enabled - +
    - + **LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly** @@ -421,11 +421,11 @@ Valid values: - 1 - enabled - local accounts that are not password protected will only be able to log on at the computer's keyboard - +
    - + **LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount** @@ -470,11 +470,11 @@ Default: Administrator. Value type is string. Supported operations are Add, Get, Replace, and Delete. - +
    - + **LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount** @@ -519,11 +519,11 @@ Default: Guest. Value type is string. Supported operations are Add, Get, Replace, and Delete. - +
    - + **LocalPoliciesSecurityOptions/Devices_AllowUndockWithoutHavingToLogon** @@ -569,11 +569,11 @@ Caution: Disabling this policy may tempt users to try and physically remove the laptop from its docking station using methods other than the external hardware eject button. Since this may cause damage to the hardware, this setting, in general, should only be disabled on laptop configurations that are physically securable. - +
    - + **LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia** @@ -619,11 +619,11 @@ This security setting determines who is allowed to format and eject removable NT Default: This policy is not defined and only Administrators have this ability. - +
    - + **LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters** @@ -671,11 +671,11 @@ Note This setting does not affect the ability to add a local printer. This setting does not affect Administrators. - +
    - + **LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly** @@ -720,11 +720,11 @@ If this policy is enabled, it allows only the interactively logged-on user to ac Default: This policy is not defined and CD-ROM access is not restricted to the locally logged-on user. - +
    - + **LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways** @@ -780,11 +780,11 @@ If this policy is enabled, the policy Domain member: Digitally sign secure chann Logon information transmitted over the secure channel is always encrypted regardless of whether encryption of ALL other secure channel traffic is negotiated or not. - +
    - + **LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptSecureChannelDataWhenPossible** @@ -837,11 +837,11 @@ There is no known reason for disabling this setting. Besides unnecessarily reduc Note: Domain controllers are also domain members and establish secure channels with other domain controllers in the same domain as well as domain controllers in trusted domains. - +
    - + **LocalPoliciesSecurityOptions/DomainMember_DigitallySignSecureChannelDataWhenPossible** @@ -888,11 +888,11 @@ This setting determines whether or not the domain member attempts to negotiate s Default: Enabled. - +
    - + **LocalPoliciesSecurityOptions/DomainMember_DisableMachineAccountPasswordChanges** @@ -940,11 +940,11 @@ This security setting should not be enabled. Computer account passwords are used This setting should not be used in an attempt to support dual-boot scenarios that use the same computer account. If you want to dual-boot two installations that are joined to the same domain, give the two installations different computer names. - +
    - + **LocalPoliciesSecurityOptions/DomainMember_MaximumMachineAccountPasswordAge** @@ -991,11 +991,11 @@ Important This setting applies to Windows 2000 computers, but it is not available through the Security Configuration Manager tools on these computers. - +
    - + **LocalPoliciesSecurityOptions/DomainMember_RequireStrongSessionKey** @@ -1053,11 +1053,11 @@ In order to take advantage of this policy on member workstations and servers, al In order to take advantage of this policy on domain controllers, all domain controllers in the same domain as well as all trusted domains must run Windows 2000 or later. - +
    - + **LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked** @@ -1106,11 +1106,11 @@ Valid values: - 3 - Do not display user information - +
    - + **LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayLastSignedIn** @@ -1164,11 +1164,11 @@ Valid values: - 1 - enabled (username will not be shown) - +
    - + **LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayUsernameAtSignIn** @@ -1223,11 +1223,11 @@ Valid values: - 1 - enabled (username will not be shown) - +
    - + **LocalPoliciesSecurityOptions/InteractiveLogon_DoNotRequireCTRLALTDEL** @@ -1283,11 +1283,11 @@ Valid values: - 1 - enabled (a user is not required to press CTRL+ALT+DEL to log on) - +
    - + **LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit** @@ -1338,11 +1338,11 @@ Valid values: - 1 - enabled (session will lock after amount of inactive time exceeds the inactivity limit) - +
    - + **LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn** @@ -1389,11 +1389,11 @@ Default: No message. Value type is string. Supported operations are Add, Get, Replace, and Delete. - +
    - + **LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn** @@ -1438,11 +1438,11 @@ Default: No message. Value type is string. Supported operations are Add, Get, Replace, and Delete. - +
    - + **LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior** @@ -1502,11 +1502,11 @@ Default: This policy is not defined, which means that the system treats it as No On Windows Vista and above: For this setting to work, the Smart Card Removal Policy service must be started. - +
    - + **LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsAlways** @@ -1567,11 +1567,11 @@ SMB packet signing can significantly degrade SMB performance, depending on diale For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136. - +
    - + **LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees** @@ -1629,11 +1629,11 @@ SMB packet signing can significantly degrade SMB performance, depending on diale For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136. - +
    - + **LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers** @@ -1678,11 +1678,11 @@ Sending unencrypted passwords is a security risk. Default: Disabled. - +
    - + **LocalPoliciesSecurityOptions/MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession** @@ -1729,11 +1729,11 @@ For this policy setting, a value of 0 means to disconnect an idle session as qui Default:This policy is not defined, which means that the system treats it as 15 minutes for servers and undefined for workstations. - +
    - + **LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways** @@ -1803,11 +1803,11 @@ HKLM\System\CurrentControlSet\Services\lanmanserver\parameters\enableW9xsecurity For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136. - +
    - + **LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees** @@ -1869,11 +1869,11 @@ SMB packet signing can significantly degrade SMB performance, depending on diale For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136. - +
    - + **LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts** @@ -1928,11 +1928,11 @@ Important This policy has no impact on domain controllers. - +
    - + **LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares** @@ -1977,11 +1977,11 @@ Windows allows anonymous users to perform certain activities, such as enumeratin Default: Disabled. - +
    - + **LocalPoliciesSecurityOptions/NetworkAccess_LetEveryonePermissionsApplyToAnonymousUsers** @@ -2028,11 +2028,11 @@ If this policy is enabled, the Everyone SID is added to the token that is create Default: Disabled. - +
    - + **LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares** @@ -2077,11 +2077,11 @@ Network access: Shares that can be accessed anonymously Default: Enabled. - +
    - + **LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM** @@ -2126,11 +2126,11 @@ If not selected, the default security descriptor will be used. This policy is supported on at least Windows Server 2016. - +
    - + **LocalPoliciesSecurityOptions/NetworkSecurity_AllowLocalSystemToUseComputerIdentityForNTLM** @@ -2183,11 +2183,11 @@ This policy is supported on at least Windows Vista or Windows Server 2008. Note: Windows Vista or Windows Server 2008 do not expose this setting in Group Policy. - +
    - + **LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests** @@ -2237,11 +2237,11 @@ Valid values: - 1 - enabled (allow PKU2U authentication requests to this computer to use online identities.) - +
    - + **LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange** @@ -2291,11 +2291,11 @@ Windows 2000 Service Pack 2 (SP2) and above offer compatibility with authenticat This setting can affect the ability of computers running Windows 2000 Server, Windows 2000 Professional, Windows XP, and the Windows Server 2003 family to communicate with computers running Windows 95 and Windows 98. - +
    - + **LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel** @@ -2360,11 +2360,11 @@ Windows Server 2003: Send NTLM response only Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: Send NTLMv2 response only - +
    - + **LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients** @@ -2414,11 +2414,11 @@ Windows XP, Windows Vista, Windows 2000 Server, Windows Server 2003, and Windows Windows 7 and Windows Server 2008 R2: Require 128-bit encryption - +
    - + **LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers** @@ -2468,11 +2468,11 @@ Windows XP, Windows Vista, Windows 2000 Server, Windows Server 2003, and Windows Windows 7 and Windows Server 2008 R2: Require 128-bit encryption - +
    - + **LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon** @@ -2514,11 +2514,11 @@ Valid values: - 1 - enabled (allow automatic administrative logon) - +
    - + **LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn** @@ -2574,11 +2574,11 @@ Valid values: - 1 - enabled (allow system to be shut down without having to log on) - +
    - + **LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile** @@ -2625,11 +2625,11 @@ When this policy is enabled, it causes the system pagefile to be cleared upon cl Default: Disabled. - +
    - + **LocalPoliciesSecurityOptions/SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems** @@ -2674,11 +2674,11 @@ If this setting is enabled, case insensitivity is enforced for all directory obj Default: Enabled. - +
    - + **LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation** @@ -2733,11 +2733,11 @@ Valid values: - 1 - enabled (allow UIAccess applications to prompt for elevation without using the secure desktop) - +
    - + **LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators** @@ -2794,11 +2794,11 @@ The options are: Value type is integer. Supported operations are Add, Get, Replace, and Delete. - +
    - + **LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers** @@ -2848,11 +2848,11 @@ The following list shows the supported values: - 3 (Default) - Prompt for credentials: When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege. - +
    - + **LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation** @@ -2899,11 +2899,11 @@ Enabled: (Default) When an application installation package is detected that req Disabled: Application installation packages are not detected and prompted for elevation. Enterprises that are running standard user desktops and use delegated installation technologies such as Group Policy Software Installation or Systems Management Server (SMS) should disable this policy setting. In this case, installer detection is unnecessary. - +
    - + **LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated** @@ -2950,11 +2950,11 @@ The options are: Value type is integer. Supported operations are Add, Get, Replace, and Delete. - +
    - + **LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations** @@ -3007,11 +3007,11 @@ The options are: Value type is integer. Supported operations are Add, Get, Replace, and Delete. - +
    - + **LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode** @@ -3059,11 +3059,11 @@ The options are: Value type is integer. Supported operations are Add, Get, Replace, and Delete. - +
    - + **LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation** @@ -3110,11 +3110,11 @@ The options are: Value type is integer. Supported operations are Add, Get, Replace, and Delete. - +
    - + **LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode** @@ -3161,11 +3161,11 @@ The options are: • Disabled: (Default) The built-in Administrator account runs all applications with full administrative privilege. - +
    - + **LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations** @@ -3215,7 +3215,7 @@ The following list shows the supported values: - 1 - Enabled: (Default) Application write failures are redirected at run time to defined user locations for both the file system and registry. - +
    Footnote: @@ -3224,5 +3224,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-location.md b/windows/client-management/mdm/policy-csp-location.md index 3d2a9f5773..ac9c25abfa 100644 --- a/windows/client-management/mdm/policy-csp-location.md +++ b/windows/client-management/mdm/policy-csp-location.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Location @@ -15,7 +15,7 @@ ms.date: 01/29/2018
    - + ## Location policies
    @@ -27,7 +27,7 @@ ms.date: 01/29/2018
    - + **Location/EnableLocation** @@ -83,7 +83,7 @@ To validate on Desktop, do the following: 2. Use Windows Maps Application (or similar) to see if a location can or cannot be obtained. - +
    Footnote: @@ -92,5 +92,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-lockdown.md b/windows/client-management/mdm/policy-csp-lockdown.md index 38165bb182..a63d073566 100644 --- a/windows/client-management/mdm/policy-csp-lockdown.md +++ b/windows/client-management/mdm/policy-csp-lockdown.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - LockDown @@ -15,7 +15,7 @@ ms.date: 01/29/2018
    - + ## LockDown policies
    @@ -27,7 +27,7 @@ ms.date: 01/29/2018
    - + **LockDown/AllowEdgeSwipe** @@ -75,7 +75,7 @@ The following list shows the supported values: - 1 (default, not configured) - allow edge swipe. - +
    Footnote: @@ -84,5 +84,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-maps.md b/windows/client-management/mdm/policy-csp-maps.md index d4c5ac8af2..4d5a5f55ec 100644 --- a/windows/client-management/mdm/policy-csp-maps.md +++ b/windows/client-management/mdm/policy-csp-maps.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Maps @@ -15,7 +15,7 @@ ms.date: 01/29/2018
    - + ## Maps policies
    @@ -30,7 +30,7 @@ ms.date: 01/29/2018
    - + **Maps/AllowOfflineMapsDownloadOverMeteredConnection** @@ -79,11 +79,11 @@ The following list shows the supported values: - 65535 (default) – Not configured. User's choice. - +
    - + **Maps/EnableOfflineMapsAutoUpdate** @@ -132,7 +132,7 @@ The following list shows the supported values: - 65535 (default) – Not configured. User's choice. - +
    Footnote: @@ -141,5 +141,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-messaging.md b/windows/client-management/mdm/policy-csp-messaging.md index 743c206a04..abd33e0f71 100644 --- a/windows/client-management/mdm/policy-csp-messaging.md +++ b/windows/client-management/mdm/policy-csp-messaging.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Messaging @@ -15,7 +15,7 @@ ms.date: 01/29/2018
    - + ## Messaging policies
    @@ -33,7 +33,7 @@ ms.date: 01/29/2018
    - + **Messaging/AllowMMS** @@ -82,11 +82,11 @@ The following list shows the supported values: - 1 (default) - Enabled. - +
    - + **Messaging/AllowMessageSync** @@ -132,11 +132,11 @@ The following list shows the supported values: - 1 - message sync is allowed. The user can change this setting. - +
    - + **Messaging/AllowRCS** @@ -185,7 +185,7 @@ The following list shows the supported values: - 1 (default) - Enabled. - +
    Footnote: @@ -194,5 +194,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-networkisolation.md b/windows/client-management/mdm/policy-csp-networkisolation.md index 1e104d4c8a..445d9a8d6d 100644 --- a/windows/client-management/mdm/policy-csp-networkisolation.md +++ b/windows/client-management/mdm/policy-csp-networkisolation.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - NetworkIsolation @@ -15,7 +15,7 @@ ms.date: 01/29/2018
    - + ## NetworkIsolation policies
    @@ -48,7 +48,7 @@ ms.date: 01/29/2018
    - + **NetworkIsolation/EnterpriseCloudResources** @@ -87,11 +87,11 @@ ms.date: 01/29/2018 Contains a list of Enterprise resource domains hosted in the cloud that need to be protected. Connections to these resources are considered enterprise data. If a proxy is paired with a cloud resource, traffic to the cloud resource will be routed through the enterprise network via the denoted proxy server (on Port 80). A proxy server used for this purpose must also be configured using the **EnterpriseInternalProxyServers** policy. This domain list is a pipe-separated list of cloud resources. Each cloud resource can also be paired optionally with an internal proxy server by using a trailing comma followed by the proxy address. For example, **<*cloudresource*>|<*cloudresource*>|<*cloudresource*>,<*proxy*>|<*cloudresource*>|<*cloudresource*>,<*proxy*>|**. - +
    - + **NetworkIsolation/EnterpriseIPRange** @@ -143,11 +143,11 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff ``` - +
    - + **NetworkIsolation/EnterpriseIPRangesAreAuthoritative** @@ -186,11 +186,11 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff Boolean value that tells the client to accept the configured list and not to use heuristics to attempt to find other subnets. - +
    - + **NetworkIsolation/EnterpriseInternalProxyServers** @@ -229,11 +229,11 @@ Boolean value that tells the client to accept the configured list and not to use This is the comma-separated list of internal proxy servers. For example "157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59". These proxies have been configured by the admin to connect to specific resources on the Internet. They are considered to be enterprise network locations. The proxies are only leveraged in configuring the **EnterpriseCloudResources** policy to force traffic to the matched cloud resources through these proxies. - +
    - + **NetworkIsolation/EnterpriseNetworkDomainNames** @@ -282,11 +282,11 @@ Here are the steps to create canonical domain names: 3. Call [IdnToUnicode](https://msdn.microsoft.com/library/windows/desktop/dd318151.aspx) with no flags set (dwFlags = 0). - +
    - + **NetworkIsolation/EnterpriseProxyServers** @@ -325,11 +325,11 @@ Here are the steps to create canonical domain names: This is a comma-separated list of proxy servers. Any server on this list is considered non-enterprise. For example "157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59". - +
    - + **NetworkIsolation/EnterpriseProxyServersAreAuthoritative** @@ -368,11 +368,11 @@ This is a comma-separated list of proxy servers. Any server on this list is cons Boolean value that tells the client to accept the configured list of proxies and not try to detect other work proxies. - +
    - + **NetworkIsolation/NeutralResources** @@ -411,7 +411,7 @@ Boolean value that tells the client to accept the configured list of proxies and List of domain names that can used for work or personal resource. - +
    Footnote: @@ -420,5 +420,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md index d9bb95050c..2f8a4559f5 100644 --- a/windows/client-management/mdm/policy-csp-notifications.md +++ b/windows/client-management/mdm/policy-csp-notifications.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Notifications @@ -15,7 +15,7 @@ ms.date: 01/29/2018
    - + ## Notifications policies
    @@ -27,7 +27,7 @@ ms.date: 01/29/2018
    - + **Notifications/DisallowNotificationMirroring** @@ -77,7 +77,7 @@ The following list shows the supported values: - 1 - disable notification mirroring. - +
    Footnote: @@ -86,5 +86,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md index 7ea180fcf7..5bc495e5d8 100644 --- a/windows/client-management/mdm/policy-csp-power.md +++ b/windows/client-management/mdm/policy-csp-power.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Power @@ -15,7 +15,7 @@ ms.date: 01/29/2018
    - + ## Power policies
    @@ -51,7 +51,7 @@ ms.date: 01/29/2018
    - + **Power/AllowStandbyWhenSleepingPluggedIn** @@ -109,11 +109,11 @@ ADMX Info: - GP ADMX file name: *power.admx* - +
    - + **Power/DisplayOffTimeoutOnBattery** @@ -173,11 +173,11 @@ ADMX Info: - GP ADMX file name: *power.admx* - +
    - + **Power/DisplayOffTimeoutPluggedIn** @@ -237,11 +237,11 @@ ADMX Info: - GP ADMX file name: *power.admx* - +
    - + **Power/HibernateTimeoutOnBattery** @@ -302,11 +302,11 @@ ADMX Info: - GP ADMX file name: *power.admx* - +
    - + **Power/HibernateTimeoutPluggedIn** @@ -366,11 +366,11 @@ ADMX Info: - GP ADMX file name: *power.admx* - +
    - + **Power/RequirePasswordWhenComputerWakesOnBattery** @@ -428,11 +428,11 @@ ADMX Info: - GP ADMX file name: *power.admx* - +
    - + **Power/RequirePasswordWhenComputerWakesPluggedIn** @@ -490,11 +490,11 @@ ADMX Info: - GP ADMX file name: *power.admx* - +
    - + **Power/StandbyTimeoutOnBattery** @@ -554,11 +554,11 @@ ADMX Info: - GP ADMX file name: *power.admx* - +
    - + **Power/StandbyTimeoutPluggedIn** @@ -618,7 +618,7 @@ ADMX Info: - GP ADMX file name: *power.admx* - +
    Footnote: @@ -627,5 +627,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-printers.md b/windows/client-management/mdm/policy-csp-printers.md index 709afa0ddb..2e10fa65e7 100644 --- a/windows/client-management/mdm/policy-csp-printers.md +++ b/windows/client-management/mdm/policy-csp-printers.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Printers @@ -15,7 +15,7 @@ ms.date: 01/29/2018
    - + ## Printers policies
    @@ -33,7 +33,7 @@ ms.date: 01/29/2018
    - + **Printers/PointAndPrintRestrictions** @@ -104,11 +104,11 @@ ADMX Info: - GP ADMX file name: *Printing.admx* - +
    - + **Printers/PointAndPrintRestrictions_User** @@ -179,11 +179,11 @@ ADMX Info: - GP ADMX file name: *Printing.admx* - +
    - + **Printers/PublishPrinters** @@ -243,7 +243,7 @@ ADMX Info: - GP ADMX file name: *Printing2.admx* - +
    Footnote: @@ -252,5 +252,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md index 5422f5440f..c42149d2f1 100644 --- a/windows/client-management/mdm/policy-csp-privacy.md +++ b/windows/client-management/mdm/policy-csp-privacy.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Privacy @@ -15,7 +15,7 @@ ms.date: 01/29/2018
    - + ## Privacy policies
    @@ -255,7 +255,7 @@ ms.date: 01/29/2018
    - + **Privacy/AllowAutoAcceptPairingAndPrivacyConsentPrompts** @@ -307,11 +307,11 @@ The following list shows the supported values: - 1 – Allowed. - +
    - + **Privacy/AllowInputPersonalization** @@ -359,11 +359,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **Privacy/DisableAdvertisingId** @@ -412,11 +412,11 @@ The following list shows the supported values: - 65535 (default)- Not configured. - +
    - + **Privacy/EnableActivityFeed** @@ -462,11 +462,11 @@ The following list shows the supported values: - 1 – (default) Enabled. Apps/OS can publish the activities and will be roamed across device graph. - +
    - + **Privacy/LetAppsAccessAccountInfo** @@ -516,11 +516,11 @@ The following list shows the supported values: - 2 - Force deny. - +
    - + **Privacy/LetAppsAccessAccountInfo_ForceAllowTheseApps** @@ -559,11 +559,11 @@ The following list shows the supported values: Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps. - +
    - + **Privacy/LetAppsAccessAccountInfo_ForceDenyTheseApps** @@ -602,11 +602,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps. - +
    - + **Privacy/LetAppsAccessAccountInfo_UserInControlOfTheseApps** @@ -645,11 +645,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the account information privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps. - +
    - + **Privacy/LetAppsAccessCalendar** @@ -699,11 +699,11 @@ The following list shows the supported values: - 2 - Force deny. - +
    - + **Privacy/LetAppsAccessCalendar_ForceAllowTheseApps** @@ -742,11 +742,11 @@ The following list shows the supported values: Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps. - +
    - + **Privacy/LetAppsAccessCalendar_ForceDenyTheseApps** @@ -785,11 +785,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps. - +
    - + **Privacy/LetAppsAccessCalendar_UserInControlOfTheseApps** @@ -828,11 +828,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the calendar privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps. - +
    - + **Privacy/LetAppsAccessCallHistory** @@ -882,11 +882,11 @@ The following list shows the supported values: - 2 - Force deny. - +
    - + **Privacy/LetAppsAccessCallHistory_ForceAllowTheseApps** @@ -925,11 +925,11 @@ The following list shows the supported values: Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps. - +
    - + **Privacy/LetAppsAccessCallHistory_ForceDenyTheseApps** @@ -968,11 +968,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps. - +
    - + **Privacy/LetAppsAccessCallHistory_UserInControlOfTheseApps** @@ -1011,11 +1011,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the call history privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps. - +
    - + **Privacy/LetAppsAccessCamera** @@ -1065,11 +1065,11 @@ The following list shows the supported values: - 2 - Force deny. - +
    - + **Privacy/LetAppsAccessCamera_ForceAllowTheseApps** @@ -1108,11 +1108,11 @@ The following list shows the supported values: Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps. - +
    - + **Privacy/LetAppsAccessCamera_ForceDenyTheseApps** @@ -1151,11 +1151,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps. - +
    - + **Privacy/LetAppsAccessCamera_UserInControlOfTheseApps** @@ -1194,11 +1194,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the camera privacy setting for the listed apps. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps. - +
    - + **Privacy/LetAppsAccessContacts** @@ -1248,11 +1248,11 @@ The following list shows the supported values: - 2 - Force deny. - +
    - + **Privacy/LetAppsAccessContacts_ForceAllowTheseApps** @@ -1291,11 +1291,11 @@ The following list shows the supported values: Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps. - +
    - + **Privacy/LetAppsAccessContacts_ForceDenyTheseApps** @@ -1334,11 +1334,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps. - +
    - + **Privacy/LetAppsAccessContacts_UserInControlOfTheseApps** @@ -1377,11 +1377,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the contacts privacy setting for the listed apps. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps. - +
    - + **Privacy/LetAppsAccessEmail** @@ -1431,11 +1431,11 @@ The following list shows the supported values: - 2 - Force deny. - +
    - + **Privacy/LetAppsAccessEmail_ForceAllowTheseApps** @@ -1474,11 +1474,11 @@ The following list shows the supported values: Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps. - +
    - + **Privacy/LetAppsAccessEmail_ForceDenyTheseApps** @@ -1517,11 +1517,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps. - +
    - + **Privacy/LetAppsAccessEmail_UserInControlOfTheseApps** @@ -1560,11 +1560,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the email privacy setting for the listed apps. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps. - +
    - + **Privacy/LetAppsAccessLocation** @@ -1614,11 +1614,11 @@ The following list shows the supported values: - 2 - Force deny. - +
    - + **Privacy/LetAppsAccessLocation_ForceAllowTheseApps** @@ -1657,11 +1657,11 @@ The following list shows the supported values: Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps. - +
    - + **Privacy/LetAppsAccessLocation_ForceDenyTheseApps** @@ -1700,11 +1700,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps. - +
    - + **Privacy/LetAppsAccessLocation_UserInControlOfTheseApps** @@ -1743,11 +1743,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the location privacy setting for the listed apps. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps. - +
    - + **Privacy/LetAppsAccessMessaging** @@ -1797,11 +1797,11 @@ The following list shows the supported values: - 2 - Force deny. - +
    - + **Privacy/LetAppsAccessMessaging_ForceAllowTheseApps** @@ -1840,11 +1840,11 @@ The following list shows the supported values: Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps. - +
    - + **Privacy/LetAppsAccessMessaging_ForceDenyTheseApps** @@ -1883,11 +1883,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are not allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps. - +
    - + **Privacy/LetAppsAccessMessaging_UserInControlOfTheseApps** @@ -1926,11 +1926,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the messaging privacy setting for the listed apps. This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps. - +
    - + **Privacy/LetAppsAccessMicrophone** @@ -1980,11 +1980,11 @@ The following list shows the supported values: - 2 - Force deny. - +
    - + **Privacy/LetAppsAccessMicrophone_ForceAllowTheseApps** @@ -2023,11 +2023,11 @@ The following list shows the supported values: Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps. - +
    - + **Privacy/LetAppsAccessMicrophone_ForceDenyTheseApps** @@ -2066,11 +2066,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps. - +
    - + **Privacy/LetAppsAccessMicrophone_UserInControlOfTheseApps** @@ -2109,11 +2109,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the microphone privacy setting for the listed apps. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps. - +
    - + **Privacy/LetAppsAccessMotion** @@ -2163,11 +2163,11 @@ The following list shows the supported values: - 2 - Force deny. - +
    - + **Privacy/LetAppsAccessMotion_ForceAllowTheseApps** @@ -2206,11 +2206,11 @@ The following list shows the supported values: Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps. - +
    - + **Privacy/LetAppsAccessMotion_ForceDenyTheseApps** @@ -2249,11 +2249,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps. - +
    - + **Privacy/LetAppsAccessMotion_UserInControlOfTheseApps** @@ -2292,11 +2292,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the motion privacy setting for the listed apps. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps. - +
    - + **Privacy/LetAppsAccessNotifications** @@ -2346,11 +2346,11 @@ The following list shows the supported values: - 2 - Force deny. - +
    - + **Privacy/LetAppsAccessNotifications_ForceAllowTheseApps** @@ -2389,11 +2389,11 @@ The following list shows the supported values: Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps. - +
    - + **Privacy/LetAppsAccessNotifications_ForceDenyTheseApps** @@ -2432,11 +2432,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps. - +
    - + **Privacy/LetAppsAccessNotifications_UserInControlOfTheseApps** @@ -2475,11 +2475,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the notifications privacy setting for the listed apps. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps. - +
    - + **Privacy/LetAppsAccessPhone** @@ -2529,11 +2529,11 @@ The following list shows the supported values: - 2 - Force deny. - +
    - + **Privacy/LetAppsAccessPhone_ForceAllowTheseApps** @@ -2572,11 +2572,11 @@ The following list shows the supported values: Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps. - +
    - + **Privacy/LetAppsAccessPhone_ForceDenyTheseApps** @@ -2615,11 +2615,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are not allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps. - +
    - + **Privacy/LetAppsAccessPhone_UserInControlOfTheseApps** @@ -2658,11 +2658,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the phone call privacy setting for the listed apps. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps. - +
    - + **Privacy/LetAppsAccessRadios** @@ -2712,11 +2712,11 @@ The following list shows the supported values: - 2 - Force deny. - +
    - + **Privacy/LetAppsAccessRadios_ForceAllowTheseApps** @@ -2755,11 +2755,11 @@ The following list shows the supported values: Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps. - +
    - + **Privacy/LetAppsAccessRadios_ForceDenyTheseApps** @@ -2798,11 +2798,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps. - +
    - + **Privacy/LetAppsAccessRadios_UserInControlOfTheseApps** @@ -2841,11 +2841,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the radios privacy setting for the listed apps. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps. - +
    - + **Privacy/LetAppsAccessTasks** @@ -2884,11 +2884,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1703. Specifies whether Windows apps can access tasks. - +
    - + **Privacy/LetAppsAccessTasks_ForceAllowTheseApps** @@ -2927,11 +2927,11 @@ Added in Windows 10, version 1703. Specifies whether Windows apps can access tas Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps. - +
    - + **Privacy/LetAppsAccessTasks_ForceDenyTheseApps** @@ -2970,11 +2970,11 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family N Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps. - +
    - + **Privacy/LetAppsAccessTasks_UserInControlOfTheseApps** @@ -3013,11 +3013,11 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family N Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the tasks privacy setting for the listed apps. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps. - +
    - + **Privacy/LetAppsAccessTrustedDevices** @@ -3067,11 +3067,11 @@ The following list shows the supported values: - 2 - Force deny. - +
    - + **Privacy/LetAppsAccessTrustedDevices_ForceAllowTheseApps** @@ -3110,11 +3110,11 @@ The following list shows the supported values: Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps. - +
    - + **Privacy/LetAppsAccessTrustedDevices_ForceDenyTheseApps** @@ -3153,11 +3153,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps. - +
    - + **Privacy/LetAppsAccessTrustedDevices_UserInControlOfTheseApps** @@ -3196,11 +3196,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'trusted devices' privacy setting for the listed apps. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps. - +
    - + **Privacy/LetAppsGetDiagnosticInfo** @@ -3250,11 +3250,11 @@ The following list shows the supported values: - 2 - Force deny. - +
    - + **Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps** @@ -3293,11 +3293,11 @@ The following list shows the supported values: Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to diagnostic information about other running apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps. - +
    - + **Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps** @@ -3336,11 +3336,11 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to diagnostic information about other running apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps. - +
    - + **Privacy/LetAppsGetDiagnosticInfo_UserInControlOfTheseApps** @@ -3379,11 +3379,11 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'get diagnostic info' privacy setting for the listed apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps. - +
    - + **Privacy/LetAppsRunInBackground** @@ -3435,11 +3435,11 @@ The following list shows the supported values: - 2 - Force deny. - +
    - + **Privacy/LetAppsRunInBackground_ForceAllowTheseApps** @@ -3478,11 +3478,11 @@ The following list shows the supported values: Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are able to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps. - +
    - + **Privacy/LetAppsRunInBackground_ForceDenyTheseApps** @@ -3521,11 +3521,11 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied the ability to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps. - +
    - + **Privacy/LetAppsRunInBackground_UserInControlOfTheseApps** @@ -3564,11 +3564,11 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the background apps privacy setting for the listed apps. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps. - +
    - + **Privacy/LetAppsSyncWithDevices** @@ -3618,11 +3618,11 @@ The following list shows the supported values: - 2 - Force deny. - +
    - + **Privacy/LetAppsSyncWithDevices_ForceAllowTheseApps** @@ -3661,11 +3661,11 @@ The following list shows the supported values: Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to sync with devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps. - +
    - + **Privacy/LetAppsSyncWithDevices_ForceDenyTheseApps** @@ -3704,11 +3704,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to sync with devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps. - +
    - + **Privacy/LetAppsSyncWithDevices_UserInControlOfTheseApps** @@ -3747,11 +3747,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'sync with devices' privacy setting for the listed apps. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps. - +
    - + **Privacy/PublishUserActivities** @@ -3797,7 +3797,7 @@ The following list shows the supported values: - 1 – (default) Enabled. Apps/OS can publish the *user activities*. - +
    Footnote: @@ -3806,7 +3806,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + ## Privacy policies supported by Windows Holographic for Business diff --git a/windows/client-management/mdm/policy-csp-remoteassistance.md b/windows/client-management/mdm/policy-csp-remoteassistance.md index 1cf07a4456..79ab76a706 100644 --- a/windows/client-management/mdm/policy-csp-remoteassistance.md +++ b/windows/client-management/mdm/policy-csp-remoteassistance.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - RemoteAssistance @@ -15,7 +15,7 @@ ms.date: 01/29/2018
    - + ## RemoteAssistance policies
    @@ -36,7 +36,7 @@ ms.date: 01/29/2018
    - + **RemoteAssistance/CustomizeWarningMessages** @@ -100,11 +100,11 @@ ADMX Info: - GP ADMX file name: *remoteassistance.admx* - +
    - + **RemoteAssistance/SessionLogging** @@ -164,11 +164,11 @@ ADMX Info: - GP ADMX file name: *remoteassistance.admx* - +
    - + **RemoteAssistance/SolicitedRemoteAssistance** @@ -236,11 +236,11 @@ ADMX Info: - GP ADMX file name: *remoteassistance.admx* - +
    - + **RemoteAssistance/UnsolicitedRemoteAssistance** @@ -331,7 +331,7 @@ ADMX Info: - GP ADMX file name: *remoteassistance.admx* - +
    Footnote: @@ -340,5 +340,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md index 2c808afadf..79615e7c27 100644 --- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md +++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - RemoteDesktopServices @@ -15,7 +15,7 @@ ms.date: 01/29/2018
    - + ## RemoteDesktopServices policies
    @@ -42,7 +42,7 @@ ms.date: 01/29/2018
    - + **RemoteDesktopServices/AllowUsersToConnectRemotely** @@ -106,11 +106,11 @@ ADMX Info: - GP ADMX file name: *terminalserver.admx* - +
    - + **RemoteDesktopServices/ClientConnectionEncryptionLevel** @@ -178,11 +178,11 @@ ADMX Info: - GP ADMX file name: *terminalserver.admx* - +
    - + **RemoteDesktopServices/DoNotAllowDriveRedirection** @@ -244,11 +244,11 @@ ADMX Info: - GP ADMX file name: *terminalserver.admx* - +
    - + **RemoteDesktopServices/DoNotAllowPasswordSaving** @@ -306,11 +306,11 @@ ADMX Info: - GP ADMX file name: *terminalserver.admx* - +
    - + **RemoteDesktopServices/PromptForPasswordUponConnection** @@ -374,11 +374,11 @@ ADMX Info: - GP ADMX file name: *terminalserver.admx* - +
    - + **RemoteDesktopServices/RequireSecureRPCCommunication** @@ -442,7 +442,7 @@ ADMX Info: - GP ADMX file name: *terminalserver.admx* - +
    Footnote: @@ -451,5 +451,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-remotemanagement.md b/windows/client-management/mdm/policy-csp-remotemanagement.md index 141fbaed7e..609bfc4763 100644 --- a/windows/client-management/mdm/policy-csp-remotemanagement.md +++ b/windows/client-management/mdm/policy-csp-remotemanagement.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - RemoteManagement @@ -15,7 +15,7 @@ ms.date: 01/29/2018
    - + ## RemoteManagement policies
    @@ -69,7 +69,7 @@ ms.date: 01/29/2018
    - + **RemoteManagement/AllowBasicAuthentication_Client** @@ -122,11 +122,11 @@ ADMX Info: - GP ADMX file name: *WindowsRemoteManagement.admx* - +
    - + **RemoteManagement/AllowBasicAuthentication_Service** @@ -179,11 +179,11 @@ ADMX Info: - GP ADMX file name: *WindowsRemoteManagement.admx* - +
    - + **RemoteManagement/AllowCredSSPAuthenticationClient** @@ -236,11 +236,11 @@ ADMX Info: - GP ADMX file name: *WindowsRemoteManagement.admx* - +
    - + **RemoteManagement/AllowCredSSPAuthenticationService** @@ -293,11 +293,11 @@ ADMX Info: - GP ADMX file name: *WindowsRemoteManagement.admx* - +
    - + **RemoteManagement/AllowRemoteServerManagement** @@ -350,11 +350,11 @@ ADMX Info: - GP ADMX file name: *WindowsRemoteManagement.admx* - +
    - + **RemoteManagement/AllowUnencryptedTraffic_Client** @@ -407,11 +407,11 @@ ADMX Info: - GP ADMX file name: *WindowsRemoteManagement.admx* - +
    - + **RemoteManagement/AllowUnencryptedTraffic_Service** @@ -464,11 +464,11 @@ ADMX Info: - GP ADMX file name: *WindowsRemoteManagement.admx* - +
    - + **RemoteManagement/DisallowDigestAuthentication** @@ -521,11 +521,11 @@ ADMX Info: - GP ADMX file name: *WindowsRemoteManagement.admx* - +
    - + **RemoteManagement/DisallowNegotiateAuthenticationClient** @@ -578,11 +578,11 @@ ADMX Info: - GP ADMX file name: *WindowsRemoteManagement.admx* - +
    - + **RemoteManagement/DisallowNegotiateAuthenticationService** @@ -635,11 +635,11 @@ ADMX Info: - GP ADMX file name: *WindowsRemoteManagement.admx* - +
    - + **RemoteManagement/DisallowStoringOfRunAsCredentials** @@ -692,11 +692,11 @@ ADMX Info: - GP ADMX file name: *WindowsRemoteManagement.admx* - +
    - + **RemoteManagement/SpecifyChannelBindingTokenHardeningLevel** @@ -749,11 +749,11 @@ ADMX Info: - GP ADMX file name: *WindowsRemoteManagement.admx* - +
    - + **RemoteManagement/TrustedHosts** @@ -806,11 +806,11 @@ ADMX Info: - GP ADMX file name: *WindowsRemoteManagement.admx* - +
    - + **RemoteManagement/TurnOnCompatibilityHTTPListener** @@ -863,11 +863,11 @@ ADMX Info: - GP ADMX file name: *WindowsRemoteManagement.admx* - +
    - + **RemoteManagement/TurnOnCompatibilityHTTPSListener** @@ -920,7 +920,7 @@ ADMX Info: - GP ADMX file name: *WindowsRemoteManagement.admx* - +
    Footnote: @@ -929,5 +929,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md index 6038112891..16adbb0e97 100644 --- a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md +++ b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - RemoteProcedureCall @@ -15,7 +15,7 @@ ms.date: 01/29/2018
    - + ## RemoteProcedureCall policies
    @@ -30,7 +30,7 @@ ms.date: 01/29/2018
    - + **RemoteProcedureCall/RPCEndpointMapperClientAuthentication** @@ -92,11 +92,11 @@ ADMX Info: - GP ADMX file name: *rpc.admx* - +
    - + **RemoteProcedureCall/RestrictUnauthenticatedRPCClients** @@ -166,7 +166,7 @@ ADMX Info: - GP ADMX file name: *rpc.admx* - +
    Footnote: @@ -175,5 +175,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-remoteshell.md b/windows/client-management/mdm/policy-csp-remoteshell.md index d1a746424c..5f9c72ad15 100644 --- a/windows/client-management/mdm/policy-csp-remoteshell.md +++ b/windows/client-management/mdm/policy-csp-remoteshell.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - RemoteShell @@ -15,7 +15,7 @@ ms.date: 01/29/2018
    - + ## RemoteShell policies
    @@ -45,7 +45,7 @@ ms.date: 01/29/2018
    - + **RemoteShell/AllowRemoteShellAccess** @@ -98,11 +98,11 @@ ADMX Info: - GP ADMX file name: *WindowsRemoteShell.admx* - +
    - + **RemoteShell/MaxConcurrentUsers** @@ -155,11 +155,11 @@ ADMX Info: - GP ADMX file name: *WindowsRemoteShell.admx* - +
    - + **RemoteShell/SpecifyIdleTimeout** @@ -212,11 +212,11 @@ ADMX Info: - GP ADMX file name: *WindowsRemoteShell.admx* - +
    - + **RemoteShell/SpecifyMaxMemory** @@ -269,11 +269,11 @@ ADMX Info: - GP ADMX file name: *WindowsRemoteShell.admx* - +
    - + **RemoteShell/SpecifyMaxProcesses** @@ -326,11 +326,11 @@ ADMX Info: - GP ADMX file name: *WindowsRemoteShell.admx* - +
    - + **RemoteShell/SpecifyMaxRemoteShells** @@ -383,11 +383,11 @@ ADMX Info: - GP ADMX file name: *WindowsRemoteShell.admx* - +
    - + **RemoteShell/SpecifyShellTimeout** @@ -440,7 +440,7 @@ ADMX Info: - GP ADMX file name: *WindowsRemoteShell.admx* - +
    Footnote: @@ -449,5 +449,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md index 743ea8568e..616c8eb992 100644 --- a/windows/client-management/mdm/policy-csp-search.md +++ b/windows/client-management/mdm/policy-csp-search.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Search @@ -17,7 +17,7 @@ ms.date: 01/29/2018
    - + ## Search policies
    @@ -68,7 +68,7 @@ ms.date: 01/29/2018
    - + **Search/AllowCloudSearch** @@ -114,11 +114,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **Search/AllowCortanaInAAD** @@ -164,11 +164,11 @@ The following list shows the supported values: - 1 - Allowed. The Cortana consent page will appear in Azure AAD OOBE during setup. - +
    - + **Search/AllowIndexingEncryptedStoresOrItems** @@ -220,11 +220,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **Search/AllowSearchToUseLocation** @@ -272,11 +272,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **Search/AllowStoringImagesFromVisionSearch** @@ -292,11 +292,11 @@ The following list shows the supported values: This policy has been deprecated. - +
    - + **Search/AllowUsingDiacritics** @@ -345,11 +345,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **Search/AllowWindowsIndexer** @@ -388,11 +388,11 @@ The following list shows the supported values: Allow Windows indexer. Value type is integer. - +
    - + **Search/AlwaysUseAutoLangDetection** @@ -441,11 +441,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **Search/DisableBackoff** @@ -491,11 +491,11 @@ The following list shows the supported values: - 1 – Enable. - +
    - + **Search/DisableRemovableDriveIndexing** @@ -545,11 +545,11 @@ The following list shows the supported values: - 1 – Enable. - +
    - + **Search/DoNotUseWebResults** @@ -600,11 +600,11 @@ The following list shows the supported values: - 1 (default) - Allowed. Queries will be performed on the web and web results will be displayed when a user performs a query in Search. - +
    - + **Search/PreventIndexingLowDiskSpaceMB** @@ -654,11 +654,11 @@ The following list shows the supported values: - 1 (default) – Enable. - +
    - + **Search/PreventRemoteQueries** @@ -704,11 +704,11 @@ The following list shows the supported values: - 1 (default) – Enable. - +
    - + **Search/SafeSearchPermissions** @@ -761,7 +761,7 @@ The following list shows the supported values: - 1 (default) – Moderate filtering against adult content (valid search results will not be filtered). - +
    Footnote: @@ -770,7 +770,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + ## Search policies that can be set using Exchange Active Sync (EAS) diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md index 8d7edec458..fa48adfe0d 100644 --- a/windows/client-management/mdm/policy-csp-security.md +++ b/windows/client-management/mdm/policy-csp-security.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Security @@ -17,7 +17,7 @@ ms.date: 01/29/2018
    - + ## Security policies
    @@ -59,7 +59,7 @@ ms.date: 01/29/2018
    - + **Security/AllowAddProvisioningPackage** @@ -105,11 +105,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **Security/AllowAutomaticDeviceEncryptionForAzureADJoinedDevices** @@ -155,11 +155,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **Security/AllowManualRootCertificateInstallation** @@ -211,11 +211,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **Security/AllowRemoveProvisioningPackage** @@ -261,11 +261,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **Security/AntiTheftMode** @@ -315,11 +315,11 @@ The following list shows the supported values: - 1 (default) – Anti Theft Mode will follow the default device configuration (region-dependent). - +
    - + **Security/ClearTPMIfNotReady** @@ -368,11 +368,11 @@ The following list shows the supported values: - 1 – Will prompt to clear the TPM if the TPM is in a non-ready state (or reduced functionality) which can be remediated with a TPM Clear. - +
    - + **Security/ConfigureWindowsPasswords** @@ -422,11 +422,11 @@ The following list shows the supported values: - 2- Default (Feature defaults as per SKU and device capabilities. Windows 10 S devices will exhibit "Disallow passwords" default, and all other devices will default to "Allow passwords") - +
    - + **Security/PreventAutomaticDeviceEncryptionForAzureADJoinedDevices** @@ -478,11 +478,11 @@ The following list shows the supported values: - 1 – Encryption disabled. - +
    - + **Security/RequireDeviceEncryption** @@ -534,11 +534,11 @@ The following list shows the supported values: - 1 – Encryption is required. - +
    - + **Security/RequireProvisioningPackageSignature** @@ -584,11 +584,11 @@ The following list shows the supported values: - 1 – Required. - +
    - + **Security/RequireRetrieveHealthCertificateOnBoot** @@ -646,7 +646,7 @@ The following list shows the supported values: - 1 – Required. - +
    Footnote: @@ -655,7 +655,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + ## Security policies that can be set using Exchange Active Sync (EAS) diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md index 1ba96f10d0..bd6a64ba12 100644 --- a/windows/client-management/mdm/policy-csp-settings.md +++ b/windows/client-management/mdm/policy-csp-settings.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Settings @@ -17,7 +17,7 @@ ms.date: 01/29/2018
    - + ## Settings policies
    @@ -68,7 +68,7 @@ ms.date: 01/29/2018
    - + **Settings/AllowAutoPlay** @@ -121,11 +121,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **Settings/AllowDataSense** @@ -171,11 +171,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **Settings/AllowDateTime** @@ -221,11 +221,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **Settings/AllowEditDeviceName** @@ -271,11 +271,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **Settings/AllowLanguage** @@ -325,11 +325,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **Settings/AllowOnlineTips** @@ -370,11 +370,11 @@ Enables or disables the retrieval of online tips and help for the Settings app. If disabled, Settings will not contact Microsoft content services to retrieve tips and help content. - +
    - + **Settings/AllowPowerSleep** @@ -424,11 +424,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **Settings/AllowRegion** @@ -478,11 +478,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **Settings/AllowSignInOptions** @@ -532,11 +532,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **Settings/AllowVPN** @@ -582,11 +582,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **Settings/AllowWorkplace** @@ -636,11 +636,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **Settings/AllowYourAccount** @@ -686,11 +686,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **Settings/ConfigureTaskbarCalendar** @@ -738,11 +738,11 @@ The following list shows the supported values: - 3 - Traditional Chinese (Lunar). - +
    - + **Settings/PageVisibilityList** @@ -813,7 +813,7 @@ To validate on Desktop, do the following: 3. Open System Settings again and verify that the About page is no longer accessible. - +
    Footnote: @@ -822,7 +822,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + ## Settings policies supported by Windows Holographic for Business diff --git a/windows/client-management/mdm/policy-csp-smartscreen.md b/windows/client-management/mdm/policy-csp-smartscreen.md index 27398259c1..f52bfb67a6 100644 --- a/windows/client-management/mdm/policy-csp-smartscreen.md +++ b/windows/client-management/mdm/policy-csp-smartscreen.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - SmartScreen @@ -15,7 +15,7 @@ ms.date: 01/29/2018
    - + ## SmartScreen policies
    @@ -33,7 +33,7 @@ ms.date: 01/29/2018
    - + **SmartScreen/EnableAppInstallControl** @@ -79,11 +79,11 @@ The following list shows the supported values: - 1 – Turns on Application Installation Control, allowing users to only install apps from the Store. - +
    - + **SmartScreen/EnableSmartScreenInShell** @@ -129,11 +129,11 @@ The following list shows the supported values: - 1 – Turns on SmartScreen in Windows. - +
    - + **SmartScreen/PreventOverrideForFilesInShell** @@ -179,7 +179,7 @@ The following list shows the supported values: - 1 – Employees cannot ignore SmartScreen warnings and run malicious files. - +
    Footnote: @@ -188,5 +188,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-speech.md b/windows/client-management/mdm/policy-csp-speech.md index 2c38f752bb..e5c27c3200 100644 --- a/windows/client-management/mdm/policy-csp-speech.md +++ b/windows/client-management/mdm/policy-csp-speech.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Speech @@ -15,7 +15,7 @@ ms.date: 01/29/2018
    - + ## Speech policies
    @@ -27,7 +27,7 @@ ms.date: 01/29/2018
    - + **Speech/AllowSpeechModelUpdate** @@ -73,7 +73,7 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    Footnote: @@ -82,5 +82,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md index eabc6aabe7..e8122802b3 100644 --- a/windows/client-management/mdm/policy-csp-start.md +++ b/windows/client-management/mdm/policy-csp-start.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Start @@ -15,7 +15,7 @@ ms.date: 01/29/2018
    - + ## Start policies
    @@ -111,7 +111,7 @@ ms.date: 01/29/2018
    - + **Start/AllowPinnedFolderDocuments** @@ -158,11 +158,11 @@ The following list shows the supported values: - 65535 (default) - There is no enforced configuration and the setting can be changed by the user. - +
    - + **Start/AllowPinnedFolderDownloads** @@ -209,11 +209,11 @@ The following list shows the supported values: - 65535 (default) - There is no enforced configuration and the setting can be changed by the user. - +
    - + **Start/AllowPinnedFolderFileExplorer** @@ -260,11 +260,11 @@ The following list shows the supported values: - 65535 (default) - There is no enforced configuration and the setting can be changed by the user. - +
    - + **Start/AllowPinnedFolderHomeGroup** @@ -311,11 +311,11 @@ The following list shows the supported values: - 65535 (default) - There is no enforced configuration and the setting can be changed by the user. - +
    - + **Start/AllowPinnedFolderMusic** @@ -362,11 +362,11 @@ The following list shows the supported values: - 65535 (default) - There is no enforced configuration and the setting can be changed by the user. - +
    - + **Start/AllowPinnedFolderNetwork** @@ -413,11 +413,11 @@ The following list shows the supported values: - 65535 (default) - There is no enforced configuration and the setting can be changed by the user. - +
    - + **Start/AllowPinnedFolderPersonalFolder** @@ -464,11 +464,11 @@ The following list shows the supported values: - 65535 (default) - There is no enforced configuration and the setting can be changed by the user. - +
    - + **Start/AllowPinnedFolderPictures** @@ -515,11 +515,11 @@ The following list shows the supported values: - 65535 (default) - There is no enforced configuration and the setting can be changed by the user. - +
    - + **Start/AllowPinnedFolderSettings** @@ -566,11 +566,11 @@ The following list shows the supported values: - 65535 (default) - There is no enforced configuration and the setting can be changed by the user. - +
    - + **Start/AllowPinnedFolderVideos** @@ -617,11 +617,11 @@ The following list shows the supported values: - 65535 (default) - There is no enforced configuration and the setting can be changed by the user. - +
    - + **Start/ForceStartSize** @@ -675,11 +675,11 @@ The following list shows the supported values: - 2 - Force a fullscreen size of Start. - +
    - + **Start/HideAppList** @@ -741,11 +741,11 @@ The following list shows the supported values: - 3 - Hide all apps list, remove all apps button, and Disable "Show app list in Start menu" in Settings app. - +
    - + **Start/HideChangeAccountSettings** @@ -798,11 +798,11 @@ To validate on Desktop, do the following: 2. Open Start, click on the user tile, and verify that "Change account settings" is not available. - +
    - + **Start/HideFrequentlyUsedApps** @@ -862,11 +862,11 @@ To validate on Desktop, do the following: 6. Check that most used apps do not appear in Start. - +
    - + **Start/HideHibernate** @@ -923,11 +923,11 @@ To validate on Laptop, do the following: 2. Open Start, click on the Power button, and verify "Hibernate" is not available. - +
    - + **Start/HideLock** @@ -980,11 +980,11 @@ To validate on Desktop, do the following: 2. Open Start, click on the user tile, and verify "Lock" is not available. - +
    - + **Start/HidePeopleBar** @@ -1025,11 +1025,11 @@ Added in Windows 10, version 1709. Enabling this policy removes the people icon Value type is integer. - +
    - + **Start/HidePowerButton** @@ -1085,11 +1085,11 @@ To validate on Desktop, do the following: 2. Open Start, and verify the power button is not available. - +
    - + **Start/HideRecentJumplists** @@ -1152,11 +1152,11 @@ To validate on Desktop, do the following: 9. Right Click pinned photos app and verify that there is no jumplist of recent items. - +
    - + **Start/HideRecentlyAddedApps** @@ -1216,11 +1216,11 @@ To validate on Desktop, do the following: 6. Check that recently added apps do not appear in Start. - +
    - + **Start/HideRestart** @@ -1273,11 +1273,11 @@ To validate on Desktop, do the following: 2. Open Start, click on the Power button, and verify "Restart" and "Update and restart" are not available. - +
    - + **Start/HideShutDown** @@ -1330,11 +1330,11 @@ To validate on Desktop, do the following: 2. Open Start, click on the Power button, and verify "Shut down" and "Update and shut down" are not available. - +
    - + **Start/HideSignOut** @@ -1387,11 +1387,11 @@ To validate on Desktop, do the following: 2. Open Start, click on the user tile, and verify "Sign out" is not available. - +
    - + **Start/HideSleep** @@ -1444,11 +1444,11 @@ To validate on Desktop, do the following: 2. Open Start, click on the Power button, and verify that "Sleep" is not available. - +
    - + **Start/HideSwitchAccount** @@ -1501,11 +1501,11 @@ To validate on Desktop, do the following: 2. Open Start, click on the user tile, and verify that "Switch account" is not available. - +
    - + **Start/HideUserTile** @@ -1562,11 +1562,11 @@ To validate on Desktop, do the following: 3. Log in, and verify that the user tile is gone from Start. - +
    - + **Start/ImportEdgeAssets** @@ -1622,11 +1622,11 @@ To validate on Desktop, do the following: 4. Verify that all Edge assets defined in XML show up in %LOCALAPPDATA%\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState path. - +
    - + **Start/NoPinningToTaskbar** @@ -1682,11 +1682,11 @@ To validate on Desktop, do the following: 5. Verify that More->Pin to taskbar menu does not show. - +
    - + **Start/StartLayout** @@ -1731,7 +1731,7 @@ Allows you to override the default Start layout and prevents the user from chang For further details on how to customize the Start layout, please see [Customize and export Start layout](https://docs.microsoft.com/en-us/windows/configuration/customize-and-export-start-layout) and [Configure Windows 10 taskbar](https://docs.microsoft.com/en-us/windows/configuration/configure-windows-10-taskbar). - +
    Footnote: @@ -1740,5 +1740,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md index b7bc8809d4..dbcdfe8bd5 100644 --- a/windows/client-management/mdm/policy-csp-storage.md +++ b/windows/client-management/mdm/policy-csp-storage.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Storage @@ -15,7 +15,7 @@ ms.date: 01/29/2018
    - + ## Storage policies
    @@ -30,7 +30,7 @@ ms.date: 01/29/2018
    - + **Storage/AllowDiskHealthModelUpdates** @@ -80,11 +80,11 @@ The following list shows the supported values: - 1 (default) - Allow - +
    - + **Storage/EnhancedStorageDevices** @@ -142,7 +142,7 @@ ADMX Info: - GP ADMX file name: *enhancedstorage.admx* - +
    Footnote: @@ -151,5 +151,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index f7c6e8a3f8..f45d4b3ddc 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - System @@ -17,7 +17,7 @@ ms.date: 01/29/2018
    - + ## System policies
    @@ -71,7 +71,7 @@ ms.date: 01/29/2018
    - + **System/AllowBuildPreview** @@ -124,11 +124,11 @@ The following list shows the supported values: - 2 (default) – Not configured. Users can make their devices available for downloading and installing preview software. - +
    - + **System/AllowEmbeddedMode** @@ -176,11 +176,11 @@ The following list shows the supported values: - 1 – Allowed. - +
    - + **System/AllowExperimentation** @@ -233,11 +233,11 @@ The following list shows the supported values: - 2 – Allows Microsoft to conduct full experimentations. - +
    - + **System/AllowFontProviders** @@ -296,11 +296,11 @@ To verify if System/AllowFontProviders is set to true: - After a client machine is rebooted, check whether there is any network traffic from client machine to fs.microsoft.com. - +
    - + **System/AllowLocation** @@ -356,11 +356,11 @@ The following list shows the supported values: - 2 – Force Location On. All Location Privacy settings are toggled on and greyed out. Users cannot change the settings and all consent permissions will be automatically suppressed. - +
    - + **System/AllowStorageCard** @@ -408,11 +408,11 @@ The following list shows the supported values: - 1 (default) – Allow a storage card. - +
    - + **System/AllowTelemetry** @@ -527,11 +527,11 @@ Windows 10 Values: Most restricted value is 0. - +
    - + **System/AllowUserToResetPhone** @@ -580,11 +580,11 @@ orted values: - 1 (default) – Allowed to reset to factory default settings. - +
    - + **System/BootStartDriverInitialization** @@ -636,11 +636,11 @@ ADMX Info: - GP ADMX file name: *earlylauncham.admx* - +
    - + **System/DisableEnterpriseAuthProxy** @@ -679,11 +679,11 @@ ADMX Info: This policy setting blocks the Connected User Experience and Telemetry service from automatically using an authenticated proxy to send data back to Microsoft on Windows 10. If you disable or do not configure this policy setting, the Connected User Experience and Telemetry service will automatically use an authenticated proxy to send data back to Microsoft. Enabling this policy will block the Connected User Experience and Telemetry service from automatically using an authenticated proxy. - +
    - + **System/DisableOneDriveFileSync** @@ -745,11 +745,11 @@ To validate on Desktop, do the following: 3. Verify that OneDrive.exe is not running in Task Manager. - +
    - + **System/DisableSystemRestore** @@ -813,11 +813,11 @@ ADMX Info: - GP ADMX file name: *systemrestore.admx* - +
    - + **System/FeedbackHubAlwaysSaveDiagnosticsLocally** @@ -863,11 +863,11 @@ The following list shows the supported values: - 1 - True. The Feedback Hub should always save a local copy of diagnostics that may be created when a feedback is submitted. - +
    - + **System/LimitEnhancedDiagnosticDataWindowsAnalytics** @@ -919,11 +919,11 @@ Enabling enhanced diagnostic data in the System/AllowTelemetry policy in combina If you disable or do not configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy. - +
    - + **System/TelemetryProxy** @@ -964,7 +964,7 @@ Allows you to specify the fully qualified domain name (FQDN) or IP address of a If you disable or do not configure this policy setting, Connected User Experiences and Telemetry will go to Microsoft using the default proxy configuration. - +
    Footnote: @@ -973,7 +973,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + ## System policies that can be set using Exchange Active Sync (EAS) diff --git a/windows/client-management/mdm/policy-csp-systemservices.md b/windows/client-management/mdm/policy-csp-systemservices.md index e717d43451..7071a57f68 100644 --- a/windows/client-management/mdm/policy-csp-systemservices.md +++ b/windows/client-management/mdm/policy-csp-systemservices.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - SystemServices @@ -17,7 +17,7 @@ ms.date: 01/29/2018
    - + ## SystemServices policies
    @@ -44,7 +44,7 @@ ms.date: 01/29/2018
    - + **SystemServices/ConfigureHomeGroupListenerServiceStartupMode** @@ -83,11 +83,11 @@ ms.date: 01/29/2018 Added in Windows 10, next major update. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual. - +
    - + **SystemServices/ConfigureHomeGroupProviderServiceStartupMode** @@ -126,11 +126,11 @@ Added in Windows 10, next major update. This setting determines whether the serv Added in Windows 10, next major update. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual. - +
    - + **SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode** @@ -169,11 +169,11 @@ Added in Windows 10, next major update. This setting determines whether the serv Added in Windows 10, next major update. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual. - +
    - + **SystemServices/ConfigureXboxLiveAuthManagerServiceStartupMode** @@ -212,11 +212,11 @@ Added in Windows 10, next major update. This setting determines whether the serv Added in Windows 10, next major update. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual. - +
    - + **SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode** @@ -255,11 +255,11 @@ Added in Windows 10, next major update. This setting determines whether the serv Added in Windows 10, next major update. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual. - +
    - + **SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode** @@ -298,7 +298,7 @@ Added in Windows 10, next major update. This setting determines whether the serv Added in Windows 10, next major update. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual. - +
    Footnote: @@ -307,5 +307,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-taskscheduler.md b/windows/client-management/mdm/policy-csp-taskscheduler.md index 0da5ed456d..e55edde857 100644 --- a/windows/client-management/mdm/policy-csp-taskscheduler.md +++ b/windows/client-management/mdm/policy-csp-taskscheduler.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - TaskScheduler @@ -17,7 +17,7 @@ ms.date: 01/29/2018
    - + ## TaskScheduler policies
    @@ -29,7 +29,7 @@ ms.date: 01/29/2018
    - + **TaskScheduler/EnableXboxGameSaveTask** @@ -68,7 +68,7 @@ ms.date: 01/29/2018 Added in Windows 10, next major update. This setting determines whether the specific task is enabled (1) or disabled (0). Default: Enabled. - +
    Footnote: @@ -77,5 +77,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md index e712a54e76..ef51165474 100644 --- a/windows/client-management/mdm/policy-csp-textinput.md +++ b/windows/client-management/mdm/policy-csp-textinput.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - TextInput @@ -17,7 +17,7 @@ ms.date: 01/29/2018
    - + ## TextInput policies
    @@ -68,7 +68,7 @@ ms.date: 01/29/2018
    - + **TextInput/AllowIMELogging** @@ -120,11 +120,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **TextInput/AllowIMENetworkAccess** @@ -176,11 +176,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **TextInput/AllowInputPanel** @@ -232,11 +232,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **TextInput/AllowJapaneseIMESurrogatePairCharacters** @@ -289,11 +289,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **TextInput/AllowJapaneseIVSCharacters** @@ -345,11 +345,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **TextInput/AllowJapaneseNonPublishingStandardGlyph** @@ -401,11 +401,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **TextInput/AllowJapaneseUserDictionary** @@ -457,11 +457,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **TextInput/AllowKeyboardTextSuggestions** @@ -520,22 +520,22 @@ To validate that text prediction is disabled on Windows 10 for desktop, do the f 3. Launch the handwriting tool from the touch keyboard. Verify that text prediction is disabled when you write using the tool. - +
    - + **TextInput/AllowKoreanExtendedHanja** This policy has been deprecated. - +
    - + **TextInput/AllowLanguageFeaturesUninstall** @@ -587,11 +587,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode** @@ -643,11 +643,11 @@ The following list shows the supported values: - 1 - Enabled. - +
    - + **TextInput/ExcludeJapaneseIMEExceptJIS0208** @@ -697,11 +697,11 @@ The following list shows the supported values: - 1 – All characters except JIS0208 are filtered. - +
    - + **TextInput/ExcludeJapaneseIMEExceptJIS0208andEUDC** @@ -751,11 +751,11 @@ The following list shows the supported values: - 1 – All characters except JIS0208 and EUDC are filtered. - +
    - + **TextInput/ExcludeJapaneseIMEExceptShiftJIS** @@ -805,7 +805,7 @@ The following list shows the supported values: - 1 – All characters except ShiftJIS are filtered. - +
    Footnote: @@ -814,7 +814,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + ## TextInput policies supported by Microsoft Surface Hub diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md index ddda234337..c926c03e45 100644 --- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md +++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - TimeLanguageSettings @@ -15,7 +15,7 @@ ms.date: 01/29/2018
    - + ## TimeLanguageSettings policies
    @@ -27,7 +27,7 @@ ms.date: 01/29/2018
    - + **TimeLanguageSettings/AllowSet24HourClock** @@ -73,7 +73,7 @@ The following list shows the supported values: - 1 (default) – Set 24 hour clock. - +
    Footnote: @@ -82,5 +82,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index 3eac735f1d..47a34b96dd 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Update @@ -17,7 +17,7 @@ ms.date: 01/29/2018
    - + ## Update policies
    @@ -170,7 +170,7 @@ ms.date: 01/29/2018
    - + **Update/ActiveHoursEnd** @@ -216,11 +216,11 @@ Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, etc. The default is 17 (5 PM). - +
    - + **Update/ActiveHoursMaxRange** @@ -263,11 +263,11 @@ Supported values are 8-18. The default value is 18 (hours). - +
    - + **Update/ActiveHoursStart** @@ -313,11 +313,11 @@ Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, etc. The default value is 8 (8 AM). - +
    - + **Update/AllowAutoUpdate** @@ -376,11 +376,11 @@ The following list shows the supported values: - 5 – Turn off automatic updates. - +
    - + **Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork** @@ -430,11 +430,11 @@ The following list shows the supported values: - 1 - Allowed - +
    - + **Update/AllowMUUpdateService** @@ -480,11 +480,11 @@ The following list shows the supported values: - 1 – Allowed. Accepts updates received through Microsoft Update. - +
    - + **Update/AllowNonMicrosoftSignedUpdate** @@ -534,11 +534,11 @@ The following list shows the supported values: - 1 – Allowed. Accepts updates received through an intranet Microsoft update service location, if they are signed by a certificate found in the "Trusted Publishers" certificate store of the local computer. - +
    - + **Update/AllowUpdateService** @@ -591,11 +591,11 @@ The following list shows the supported values: - 1 (default) – Update service is allowed. - +
    - + **Update/AutoRestartDeadlinePeriodInDays** @@ -638,11 +638,11 @@ Supported values are 2-30 days. The default value is 7 days. - +
    - + **Update/AutoRestartNotificationSchedule** @@ -687,11 +687,11 @@ The default value is 15 (minutes). Supported values are 15, 30, 60, 120, and 240 (minutes). - +
    - + **Update/AutoRestartRequiredNotificationDismissal** @@ -737,11 +737,11 @@ The following list shows the supported values: - 2 – User Dismissal. - +
    - + **Update/BranchReadinessLevel** @@ -790,11 +790,11 @@ The following list shows the supported values: - 32 {0x20} - Semi-annual Channel. Device gets feature updates from Semi-annual Channel. - +
    - + **Update/ConfigureFeatureUpdateUninstallPeriod** @@ -824,11 +824,11 @@ The following list shows the supported values: Added in Windows 10, next major update. Enable IT admin to configure feature update uninstall period. Values range 2 - 60 days. Default is 10 days. - +
    - + **Update/DeferFeatureUpdatesPeriodInDays** @@ -874,11 +874,11 @@ Supported values are 0-365 days. > The default maximum number of days to defer an update has been increased from 180 (Windows 10, version 1607) to 365 in Windows 10, version 1703. - +
    - + **Update/DeferQualityUpdatesPeriodInDays** @@ -919,11 +919,11 @@ Added in Windows 10, version 1607. Defers Quality Updates for the specified num Supported values are 0-30. - +
    - + **Update/DeferUpdatePeriod** @@ -1055,11 +1055,11 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego --> - +
    - + **Update/DeferUpgradePeriod** @@ -1110,11 +1110,11 @@ If the "Specify intranet Microsoft update service location" policy is enabled, t If the "Allow Telemetry" policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. - +
    - + **Update/DetectionFrequency** @@ -1153,11 +1153,11 @@ If the "Allow Telemetry" policy is enabled and the Options value is set to 0, th Added in Windows 10, version 1703. Specifies the scan frequency from every 1 - 22 hours. Default is 22 hours. - +
    - + **Update/DisableDualScan** @@ -1209,11 +1209,11 @@ The following list shows the supported values: - 1 - do not allow update deferral policies to cause scans against Windows Update - +
    - + **Update/EngagedRestartDeadline** @@ -1256,11 +1256,11 @@ Supported values are 2-30 days. The default value is 0 days (not specified). - +
    - + **Update/EngagedRestartSnoozeSchedule** @@ -1303,11 +1303,11 @@ Supported values are 1-3 days. The default value is 3 days. - +
    - + **Update/EngagedRestartTransitionSchedule** @@ -1350,11 +1350,11 @@ Supported values are 2-30 days. The default value is 7 days. - +
    - + **Update/ExcludeWUDriversInQualityUpdate** @@ -1403,11 +1403,11 @@ The following list shows the supported values: - 1 – Exclude Windows Update drivers. - +
    - + **Update/FillEmptyContentUrls** @@ -1456,11 +1456,11 @@ The following list shows the supported values: - 1 – Enabled. - +
    - + **Update/IgnoreMOAppDownloadLimit** @@ -1521,11 +1521,11 @@ To validate this policy: 3. Verify that any downloads that are above the download size limit will complete without being paused. - +
    - + **Update/IgnoreMOUpdateDownloadLimit** @@ -1586,11 +1586,11 @@ To validate this policy: 2. Run the scheduled task on phone to check for OS updates in the background. For example, on a mobile device, run the following commands in TShell: - +
    - + **Update/ManagePreviewBuilds** @@ -1637,11 +1637,11 @@ The following list shows the supported values: - 2 - Enable Preview builds - +
    - + **Update/PauseDeferrals** @@ -1696,11 +1696,11 @@ The following list shows the supported values: - 1 – Deferrals are paused. - +
    - + **Update/PauseFeatureUpdates** @@ -1749,11 +1749,11 @@ The following list shows the supported values: - 1 – Feature Updates are paused for 60 days or until value set to back to 0, whichever is sooner. - +
    - + **Update/PauseFeatureUpdatesStartTime** @@ -1794,11 +1794,11 @@ Added in Windows 10, version 1703. Specifies the date and time when the IT admi Value type is string. Supported operations are Add, Get, Delete, and Replace. - +
    - + **Update/PauseQualityUpdates** @@ -1844,11 +1844,11 @@ The following list shows the supported values: - 1 – Quality Updates are paused for 35 days or until value set back to 0, whichever is sooner. - +
    - + **Update/PauseQualityUpdatesStartTime** @@ -1889,22 +1889,22 @@ Added in Windows 10, version 1703. Specifies the date and time when the IT admi Value type is string. Supported operations are Add, Get, Delete, and Replace. - +
    - + **Update/PhoneUpdateRestrictions** This policy is deprecated. Use [Update/RequireUpdateApproval](#update-requireupdateapproval) instead. - +
    - + **Update/RequireDeferUpgrade** @@ -1954,11 +1954,11 @@ The following list shows the supported values: - 1 – User gets upgrades from Semi-Annual Channel. - +
    - + **Update/RequireUpdateApproval** @@ -2010,11 +2010,11 @@ The following list shows the supported values: - 1 – The device only installs updates that are both applicable and on the Approved Updates list. Set this policy to 1 if IT wants to control the deployment of updates on devices, such as when testing is required prior to deployment. - +
    - + **Update/ScheduleImminentRestartWarning** @@ -2059,11 +2059,11 @@ The default value is 15 (minutes). Supported values are 15, 30, or 60 (minutes). - +
    - + **Update/ScheduleRestartWarning** @@ -2112,11 +2112,11 @@ The default value is 4 (hours). Supported values are 2, 4, 8, 12, or 24 (hours). - +
    - + **Update/ScheduledInstallDay** @@ -2172,11 +2172,11 @@ The following list shows the supported values: - 7 – Saturday - +
    - + **Update/ScheduledInstallEveryWeek** @@ -2219,11 +2219,11 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i - +
    - + **Update/ScheduledInstallFirstWeek** @@ -2266,11 +2266,11 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i - +
    - + **Update/ScheduledInstallFourthWeek** @@ -2313,11 +2313,11 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i - +
    - + **Update/ScheduledInstallSecondWeek** @@ -2360,11 +2360,11 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i - +
    - + **Update/ScheduledInstallThirdWeek** @@ -2407,11 +2407,11 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i - +
    - + **Update/ScheduledInstallTime** @@ -2462,11 +2462,11 @@ Supported values are 0-23, where 0 = 12 AM and 23 = 11 PM. The default value is 3. - +
    - + **Update/SetAutoRestartNotificationDisable** @@ -2512,11 +2512,11 @@ The following list shows the supported values: - 1 – Disabled - +
    - + **Update/SetEDURestart** @@ -2562,11 +2562,11 @@ The following list shows the supported values: - 1 - configured - +
    - + **Update/UpdateServiceUrl** @@ -2637,11 +2637,11 @@ Example ``` - +
    - + **Update/UpdateServiceUrlAlternate** @@ -2691,7 +2691,7 @@ Value type is string and the default value is an empty string, "". If the settin > This policy is not supported on Windows RT. Setting this policy will not have any effect on Windows RT PCs. - +
    Footnote: @@ -2700,7 +2700,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + ## Update policies supported by Windows Holographic for Business diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md index 53cf96c3f3..b091456af0 100644 --- a/windows/client-management/mdm/policy-csp-userrights.md +++ b/windows/client-management/mdm/policy-csp-userrights.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - UserRights @@ -17,7 +17,7 @@ ms.date: 01/29/2018
    - + ## UserRights policies
    @@ -113,7 +113,7 @@ ms.date: 01/29/2018
    - + **UserRights/AccessCredentialManagerAsTrustedCaller** @@ -152,11 +152,11 @@ ms.date: 01/29/2018 This user right is used by Credential Manager during Backup/Restore. No accounts should have this privilege, as it is only assigned to Winlogon. Users' saved credentials might be compromised if this privilege is given to other entities. - +
    - + **UserRights/AccessFromNetwork** @@ -195,11 +195,11 @@ This user right is used by Credential Manager during Backup/Restore. No accounts This user right determines which users and groups are allowed to connect to the computer over the network. Remote Desktop Services are not affected by this user right.Note: Remote Desktop Services was called Terminal Services in previous versions of Windows Server. - +
    - + **UserRights/ActAsPartOfTheOperatingSystem** @@ -238,11 +238,11 @@ This user right determines which users and groups are allowed to connect to the This user right allows a process to impersonate any user without authentication. The process can therefore gain access to the same local resources as that user. Processes that require this privilege should use the LocalSystem account, which already includes this privilege, rather than using a separate user account with this privilege specially assigned. Caution:Assigning this user right can be a security risk. Only assign this user right to trusted users. - +
    - + **UserRights/AllowLocalLogOn** @@ -281,11 +281,11 @@ This user right allows a process to impersonate any user without authentication. This user right determines which users can log on to the computer. Note: Modifying this setting may affect compatibility with clients, services, and applications. For compatibility information about this setting, see Allow log on locally (https://go.microsoft.com/fwlink/?LinkId=24268 ) at the Microsoft website. - +
    - + **UserRights/BackupFilesAndDirectories** @@ -324,11 +324,11 @@ This user right determines which users can log on to the computer. Note: Modifyi This user right determines which users can bypass file, directory, registry, and other persistent objects permissions when backing up files and directories.Specifically, this user right is similar to granting the following permissions to the user or group in question on all files and folders on the system:Traverse Folder/Execute File, Read. Caution: Assigning this user right can be a security risk. Since users with this user right can read any registry settings and files, only assign this user right to trusted users - +
    - + **UserRights/ChangeSystemTime** @@ -367,11 +367,11 @@ This user right determines which users can bypass file, directory, registry, and This user right determines which users and groups can change the time and date on the internal clock of the computer. Users that are assigned this user right can affect the appearance of event logs. If the system time is changed, events that are logged will reflect this new time, not the actual time that the events occurred. - +
    - + **UserRights/CreateGlobalObjects** @@ -410,11 +410,11 @@ This user right determines which users and groups can change the time and date o This security setting determines whether users can create global objects that are available to all sessions. Users can still create objects that are specific to their own session if they do not have this user right. Users who can create global objects could affect processes that run under other users' sessions, which could lead to application failure or data corruption. Caution: Assigning this user right can be a security risk. Assign this user right only to trusted users. - +
    - + **UserRights/CreatePageFile** @@ -453,11 +453,11 @@ This security setting determines whether users can create global objects that ar This user right determines which users and groups can call an internal application programming interface (API) to create and change the size of a page file. This user right is used internally by the operating system and usually does not need to be assigned to any users - +
    - + **UserRights/CreatePermanentSharedObjects** @@ -496,11 +496,11 @@ This user right determines which users and groups can call an internal applicati This user right determines which accounts can be used by processes to create a directory object using the object manager. This user right is used internally by the operating system and is useful to kernel-mode components that extend the object namespace. Because components that are running in kernel mode already have this user right assigned to them, it is not necessary to specifically assign it. - +
    - + **UserRights/CreateSymbolicLinks** @@ -539,11 +539,11 @@ This user right determines which accounts can be used by processes to create a d This user right determines if the user can create a symbolic link from the computer he is logged on to. Caution: This privilege should only be given to trusted users. Symbolic links can expose security vulnerabilities in applications that aren't designed to handle them. Note: This setting can be used in conjunction a symlink filesystem setting that can be manipulated with the command line utility to control the kinds of symlinks that are allowed on the machine. Type 'fsutil behavior set symlinkevaluation /?' at the command line to get more information about fsutil and symbolic links. - +
    - + **UserRights/CreateToken** @@ -582,11 +582,11 @@ This user right determines if the user can create a symbolic link from the compu This user right determines which accounts can be used by processes to create a token that can then be used to get access to any local resources when the process uses an internal application programming interface (API) to create an access token. This user right is used internally by the operating system. Unless it is necessary, do not assign this user right to a user, group, or process other than Local System. Caution: Assigning this user right can be a security risk. Do not assign this user right to any user, group, or process that you do not want to take over the system. - +
    - + **UserRights/DebugPrograms** @@ -625,11 +625,11 @@ This user right determines which accounts can be used by processes to create a t This user right determines which users can attach a debugger to any process or to the kernel. Developers who are debugging their own applications do not need to be assigned this user right. Developers who are debugging new system components will need this user right to be able to do so. This user right provides complete access to sensitive and critical operating system components. Caution:Assigning this user right can be a security risk. Only assign this user right to trusted users. - +
    - + **UserRights/DenyAccessFromNetwork** @@ -668,11 +668,11 @@ This user right determines which users can attach a debugger to any process or t This user right determines which users are prevented from accessing a computer over the network. This policy setting supersedes the Access this computer from the network policy setting if a user account is subject to both policies. - +
    - + **UserRights/DenyLocalLogOn** @@ -711,11 +711,11 @@ This user right determines which users are prevented from accessing a computer o This security setting determines which service accounts are prevented from registering a process as a service. Note: This security setting does not apply to the System, Local Service, or Network Service accounts. - +
    - + **UserRights/DenyRemoteDesktopServicesLogOn** @@ -754,11 +754,11 @@ This security setting determines which service accounts are prevented from regis This user right determines which users and groups are prohibited from logging on as a Remote Desktop Services client. - +
    - + **UserRights/EnableDelegation** @@ -797,11 +797,11 @@ This user right determines which users and groups are prohibited from logging on This user right determines which users can set the Trusted for Delegation setting on a user or computer object. The user or object that is granted this privilege must have write access to the account control flags on the user or computer object. A server process running on a computer (or under a user context) that is trusted for delegation can access resources on another computer using delegated credentials of a client, as long as the client account does not have the Account cannot be delegated account control flag set. Caution: Misuse of this user right, or of the Trusted for Delegation setting, could make the network vulnerable to sophisticated attacks using Trojan horse programs that impersonate incoming clients and use their credentials to gain access to network resources. - +
    - + **UserRights/GenerateSecurityAudits** @@ -840,11 +840,11 @@ This user right determines which users can set the Trusted for Delegation settin This user right determines which accounts can be used by a process to add entries to the security log. The security log is used to trace unauthorized system access. Misuse of this user right can result in the generation of many auditing events, potentially hiding evidence of an attack or causing a denial of service. Shut down system immediately if unable to log security audits security policy setting is enabled. - +
    - + **UserRights/ImpersonateClient** @@ -887,11 +887,11 @@ Assigning this user right to a user allows programs running on behalf of that us Because of these factors, users do not usually need this user right. Warning: If you enable this setting, programs that previously had the Impersonate privilege may lose it, and they may not run. - +
    - + **UserRights/IncreaseSchedulingPriority** @@ -930,11 +930,11 @@ Because of these factors, users do not usually need this user right. Warning: If This user right determines which accounts can use a process with Write Property access to another process to increase the execution priority assigned to the other process. A user with this privilege can change the scheduling priority of a process through the Task Manager user interface. - +
    - + **UserRights/LoadUnloadDeviceDrivers** @@ -973,11 +973,11 @@ This user right determines which accounts can use a process with Write Property This user right determines which users can dynamically load and unload device drivers or other code in to kernel mode. This user right does not apply to Plug and Play device drivers. It is recommended that you do not assign this privilege to other users. Caution: Assigning this user right can be a security risk. Do not assign this user right to any user, group, or process that you do not want to take over the system. - +
    - + **UserRights/LockMemory** @@ -1016,11 +1016,11 @@ This user right determines which users can dynamically load and unload device dr This user right determines which accounts can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Exercising this privilege could significantly affect system performance by decreasing the amount of available random access memory (RAM). - +
    - + **UserRights/ManageAuditingAndSecurityLog** @@ -1059,11 +1059,11 @@ This user right determines which accounts can use a process to keep data in phys This user right determines which users can specify object access auditing options for individual resources, such as files, Active Directory objects, and registry keys. This security setting does not allow a user to enable file and object access auditing in general. You can view audited events in the security log of the Event Viewer. A user with this privilege can also view and clear the security log. - +
    - + **UserRights/ManageVolume** @@ -1102,11 +1102,11 @@ This user right determines which users can specify object access auditing option This user right determines which users and groups can run maintenance tasks on a volume, such as remote defragmentation. Use caution when assigning this user right. Users with this user right can explore disks and extend files in to memory that contains other data. When the extended files are opened, the user might be able to read and modify the acquired data. - +
    - + **UserRights/ModifyFirmwareEnvironment** @@ -1145,11 +1145,11 @@ This user right determines which users and groups can run maintenance tasks on a This user right determines who can modify firmware environment values. Firmware environment variables are settings stored in the nonvolatile RAM of non-x86-based computers. The effect of the setting depends on the processor.On x86-based computers, the only firmware environment value that can be modified by assigning this user right is the Last Known Good Configuration setting, which should only be modified by the system. On Itanium-based computers, boot information is stored in nonvolatile RAM. Users must be assigned this user right to run bootcfg.exe and to change the Default Operating System setting on Startup and Recovery in System Properties. On all computers, this user right is required to install or upgrade Windows.Note: This security setting does not affect who can modify the system environment variables and user environment variables that are displayed on the Advanced tab of System Properties. - +
    - + **UserRights/ModifyObjectLabel** @@ -1188,11 +1188,11 @@ This user right determines who can modify firmware environment values. Firmware This user right determines which user accounts can modify the integrity label of objects, such as files, registry keys, or processes owned by other users. Processes running under a user account can modify the label of an object owned by that user to a lower level without this privilege. - +
    - + **UserRights/ProfileSingleProcess** @@ -1231,11 +1231,11 @@ This user right determines which user accounts can modify the integrity label of This user right determines which users can use performance monitoring tools to monitor the performance of system processes. - +
    - + **UserRights/RemoteShutdown** @@ -1274,11 +1274,11 @@ This user right determines which users can use performance monitoring tools to m This user right determines which users are allowed to shut down a computer from a remote location on the network. Misuse of this user right can result in a denial of service. - +
    - + **UserRights/RestoreFilesAndDirectories** @@ -1317,11 +1317,11 @@ This user right determines which users are allowed to shut down a computer from This user right determines which users can bypass file, directory, registry, and other persistent objects permissions when restoring backed up files and directories, and determines which users can set any valid security principal as the owner of an object. Specifically, this user right is similar to granting the following permissions to the user or group in question on all files and folders on the system:Traverse Folder/Execute File, Write. Caution: Assigning this user right can be a security risk. Since users with this user right can overwrite registry settings, hide data, and gain ownership of system objects, only assign this user right to trusted users. - +
    - + **UserRights/TakeOwnership** @@ -1360,7 +1360,7 @@ This user right determines which users can bypass file, directory, registry, and This user right determines which users can take ownership of any securable object in the system, including Active Directory objects, files and folders, printers, registry keys, processes, and threads. Caution: Assigning this user right can be a security risk. Since owners of objects have full control of them, only assign this user right to trusted users. - +
    Footnote: @@ -1369,5 +1369,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-wifi.md b/windows/client-management/mdm/policy-csp-wifi.md index 5d27b9d4f0..8fa7a54082 100644 --- a/windows/client-management/mdm/policy-csp-wifi.md +++ b/windows/client-management/mdm/policy-csp-wifi.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - Wifi @@ -15,7 +15,7 @@ ms.date: 01/29/2018
    - + ## Wifi policies
    @@ -45,18 +45,18 @@ ms.date: 01/29/2018
    - + **WiFi/AllowWiFiHotSpotReporting** This policy has been deprecated. - +
    - + **Wifi/AllowAutoConnectToWiFiSenseHotspots** @@ -104,11 +104,11 @@ The following list shows the supported values: - 1 (default) – Allowed. - +
    - + **Wifi/AllowInternetSharing** @@ -156,11 +156,11 @@ The following list shows the supported values: - 1 (default) – Allow the use of Internet Sharing. - +
    - + **Wifi/AllowManualWiFiConfiguration** @@ -211,11 +211,11 @@ The following list shows the supported values: - 1 (default) – Adding new network SSIDs beyond the already MDM provisioned ones is allowed. - +
    - + **Wifi/AllowWiFi** @@ -263,11 +263,11 @@ The following list shows the supported values: - 1 (default) – WiFi connection is allowed. - +
    - + **Wifi/AllowWiFiDirect** @@ -313,11 +313,11 @@ The following list shows the supported values: - 1 - WiFi Direct connection is allowed. - +
    - + **Wifi/WLANScanMode** @@ -362,7 +362,7 @@ The default value is 0. Supported operations are Add, Delete, Get, and Replace. - +
    Footnote: @@ -371,7 +371,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + ## Wifi policies that can be set using Exchange Active Sync (EAS) diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md index a7f22fe4fc..65c25b116e 100644 --- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md +++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - WindowsDefenderSecurityCenter @@ -17,7 +17,7 @@ ms.date: 01/29/2018
    - + ## WindowsDefenderSecurityCenter policies
    @@ -83,7 +83,7 @@ ms.date: 01/29/2018
    - + **WindowsDefenderSecurityCenter/CompanyName** @@ -124,11 +124,11 @@ Added in Windows 10, version 1709. The company name that is displayed to the use Value type is string. Supported operations are Add, Get, Replace and Delete. - +
    - + **WindowsDefenderSecurityCenter/DisableAccountProtectionUI** @@ -174,11 +174,11 @@ Valid values: - 1 - (Enable) The users cannot see the display of the Account protection area in Windows Defender Security Center. - +
    - + **WindowsDefenderSecurityCenter/DisableAppBrowserUI** @@ -226,11 +226,11 @@ The following list shows the supported values: - 1 - (Enable) The users cannot see the display of the app and browser protection area in Windows Defender Security Center. - +
    - + **WindowsDefenderSecurityCenter/DisableDeviceSecurityUI** @@ -276,11 +276,11 @@ Valid values: - 1 - (Enable) The users cannot see the display of the Device secuirty area in Windows Defender Security Center. - +
    - + **WindowsDefenderSecurityCenter/DisableEnhancedNotifications** @@ -331,11 +331,11 @@ The following list shows the supported values: - 1 - (Enable) Windows Defender Security Center only display notifications which are considered critical on clients. - +
    - + **WindowsDefenderSecurityCenter/DisableFamilyUI** @@ -383,11 +383,11 @@ The following list shows the supported values: - 1 - (Enable) The users cannot see the display of the family options area in Windows Defender Security Center. - +
    - + **WindowsDefenderSecurityCenter/DisableHealthUI** @@ -435,11 +435,11 @@ The following list shows the supported values: - 1 - (Enable) The users cannot see the display of the device performance and health area in Windows Defender Security Center. - +
    - + **WindowsDefenderSecurityCenter/DisableNetworkUI** @@ -487,11 +487,11 @@ The following list shows the supported values: - 1 - (Enable) The users cannot see the display of the firewall and network protection area in Windows Defender Security Center. - +
    - + **WindowsDefenderSecurityCenter/DisableNotifications** @@ -539,11 +539,11 @@ The following list shows the supported values: - 1 - (Enable) The users cannot see the display of Windows Defender Security Center notifications. - +
    - + **WindowsDefenderSecurityCenter/DisableVirusUI** @@ -591,11 +591,11 @@ The following list shows the supported values: - 1 - (Enable) The users cannot see the display of the virus and threat protection area in Windows Defender Security Center. - +
    - + **WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride** @@ -643,11 +643,11 @@ The following list shows the supported values: - 1 - (Enable) Local users cannot make changes in the exploit protection settings area. - +
    - + **WindowsDefenderSecurityCenter/Email** @@ -688,11 +688,11 @@ Added in Windows 10, version 1709. The email address that is displayed to users. Value type is string. Supported operations are Add, Get, Replace and Delete. - +
    - + **WindowsDefenderSecurityCenter/EnableCustomizedToasts** @@ -740,11 +740,11 @@ The following list shows the supported values: - 1 - (Enable) Notifications contain the company name and contact options. - +
    - + **WindowsDefenderSecurityCenter/EnableInAppCustomization** @@ -792,11 +792,11 @@ The following list shows the supported values: - 1 - (Enable) Display the company name and contact options in the card fly out notification. - +
    - + **WindowsDefenderSecurityCenter/HideRansomwareDataRecovery** @@ -842,11 +842,11 @@ Valid values: - 1 - (Enable) The Ransomware data recovery area is hidden. - +
    - + **WindowsDefenderSecurityCenter/HideSecureBoot** @@ -892,11 +892,11 @@ Valid values: - 1 - (Enable) The Secure boot area is hidden. - +
    - + **WindowsDefenderSecurityCenter/HideTPMTroubleshooting** @@ -942,11 +942,11 @@ Valid values: - 1 - (Enable) The Security processor (TPM) troubleshooting area is hidden. - +
    - + **WindowsDefenderSecurityCenter/Phone** @@ -987,11 +987,11 @@ Added in Windows 10, version 1709. The phone number or Skype ID that is displaye Value type is string. Supported operations are Add, Get, Replace, and Delete. - +
    - + **WindowsDefenderSecurityCenter/URL** @@ -1032,7 +1032,7 @@ Added in Windows 10, version 1709. The help portal URL this is displayed to user Value type is Value type is string. Supported operations are Add, Get, Replace, and Delete. - +
    Footnote: @@ -1041,5 +1041,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md index 69290e276b..0b0a6104d4 100644 --- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md +++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - WindowsInkWorkspace @@ -15,7 +15,7 @@ ms.date: 01/29/2018
    - + ## WindowsInkWorkspace policies
    @@ -30,7 +30,7 @@ ms.date: 01/29/2018
    - + **WindowsInkWorkspace/AllowSuggestedAppsInWindowsInkWorkspace** @@ -76,11 +76,11 @@ The following list shows the supported values: - 1 (default) -allow app suggestions. - +
    - + **WindowsInkWorkspace/AllowWindowsInkWorkspace** @@ -127,7 +127,7 @@ Value type is int. The following list shows the supported values: - 2 (default) - ink workspace is enabled (feature is turned on), and the user is allowed to use it above the lock screen. - +
    Footnote: @@ -136,5 +136,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md index 9679d7b3a3..513b783cee 100644 --- a/windows/client-management/mdm/policy-csp-windowslogon.md +++ b/windows/client-management/mdm/policy-csp-windowslogon.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - WindowsLogon @@ -15,7 +15,7 @@ ms.date: 01/29/2018
    - + ## WindowsLogon policies
    @@ -33,7 +33,7 @@ ms.date: 01/29/2018
    - + **WindowsLogon/DisableLockScreenAppNotifications** @@ -91,11 +91,11 @@ ADMX Info: - GP ADMX file name: *logon.admx* - +
    - + **WindowsLogon/DontDisplayNetworkSelectionUI** @@ -153,11 +153,11 @@ ADMX Info: - GP ADMX file name: *logon.admx* - +
    - + **WindowsLogon/HideFastUserSwitching** @@ -210,7 +210,7 @@ To validate on Desktop, do the following: 2. Verify that the Switch account button in Start is hidden. - +
    Footnote: @@ -219,5 +219,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md index e7c65f476a..5830a05aa4 100644 --- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md +++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/29/2018 +ms.date: 01/30/2018 --- # Policy CSP - WirelessDisplay @@ -15,7 +15,7 @@ ms.date: 01/29/2018
    - + ## WirelessDisplay policies
    @@ -48,7 +48,7 @@ ms.date: 01/29/2018
    - + **WirelessDisplay/AllowMdnsAdvertisement** @@ -94,11 +94,11 @@ The following list shows the supported values: - 1 - Allow - +
    - + **WirelessDisplay/AllowMdnsDiscovery** @@ -144,11 +144,11 @@ The following list shows the supported values: - 1 - Allow - +
    - + **WirelessDisplay/AllowProjectionFromPC** @@ -194,11 +194,11 @@ The following list shows the supported values: - 1 - your PC can discover and project to other devices - +
    - + **WirelessDisplay/AllowProjectionFromPCOverInfrastructure** @@ -244,11 +244,11 @@ The following list shows the supported values: - 1 - your PC can discover and project to other devices over infrastructure. - +
    - + **WirelessDisplay/AllowProjectionToPC** @@ -298,11 +298,11 @@ The following list shows the supported values: - 1 (default) - projection to PC is allowed. Enabled only above the lock screen. - +
    - + **WirelessDisplay/AllowProjectionToPCOverInfrastructure** @@ -348,11 +348,11 @@ The following list shows the supported values: - 1 - your PC is discoverable and other devices can project to it over infrastructure. - +
    - + **WirelessDisplay/AllowUserInputFromWirelessDisplayReceiver** @@ -375,11 +375,11 @@ The following list shows the supported values: - 1 (default) - Wireless display input enabled. - +
    - + **WirelessDisplay/RequirePinForPairing** @@ -429,7 +429,7 @@ The following list shows the supported values: - 1 - PIN is required. - +
    Footnote: @@ -438,5 +438,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - + From daf1692292b557ffc2ec668f870a0e95e819275e Mon Sep 17 00:00:00 2001 From: Jason Conradt Date: Tue, 30 Jan 2018 19:08:05 +0000 Subject: [PATCH 048/109] Updated deployment-vdi-windows-defender-antivirus.md Updated to reflect new "sealing" guidance --- .../deployment-vdi-windows-defender-antivirus.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/windows/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md index 0ba067be64..5d079ac93e 100644 --- a/windows/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md @@ -86,7 +86,11 @@ First, you should create your base image according to your business needs, apply After creating the image, you should ensure it is fully updated. See [Configure Windows Defender in Windows 10]( https://technet.microsoft.com/en-us/itpro/windows/keep-secure/configure-windows-defender-in-windows-10) for instructions on how to update Windows Defender AV protection via WSUS, Microsoft Update, the MMPC site, or UNC file shares. You should ensure that your initial base image is also fully patched with Microsoft and Windows updates and patches. ### Seal the base image -When the base image is fully updated, you should run a quick scan on the image. This “sealing” or “locking” of the image helps Windows Defender AV build a cache of known-good files and avoid scanning them again on your VMs. In turn, this can help ensure performance on the VM is not impacted. +When the base image is fully updated, you should run a quick scan on the image. + + + +This “sealing” or “locking” of the image helps Windows Defender AV build a cache of known-good files and avoid scanning them again on your VMs. In turn, this can help ensure performance on the VM is not impacted. You can run a quick scan [from the command line](command-line-arguments-windows-defender-antivirus.md) or via [System Center Configuration Manager](run-scan-windows-defender-antivirus.md). From f77ba3b1d7e3e0aaecc7ea14a6aded6626b5abc9 Mon Sep 17 00:00:00 2001 From: Celeste de Guzman Date: Tue, 30 Jan 2018 12:15:39 -0800 Subject: [PATCH 049/109] changed drastically to significantly --- education/trial-in-a-box/educator-tib-get-started.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/education/trial-in-a-box/educator-tib-get-started.md b/education/trial-in-a-box/educator-tib-get-started.md index f448a10be8..1f647b7dbb 100644 --- a/education/trial-in-a-box/educator-tib-get-started.md +++ b/education/trial-in-a-box/educator-tib-get-started.md @@ -23,7 +23,7 @@ ms.date: 01/12/2017 | | | | :---: |:--- | | [![Connect the device to Wi-Fi](images/edu-TIB-setp-1-v3.png)](#edu-task1) | [Log in](#edu-task1) to **Device A** with your Teacher credentials and connect to the school network. | -| [![Try Learning Tools Immersive Reader](images/edu-TIB-setp-2-v3.png)](#edu-task2) | **Interested in drastically improving your students' reading speed and comprehension?[1](#footnote1)**
    Try the [Learning Tools Immersive Reader](#edu-task2) to see how kids can learn to read faster, using text read aloud, and highlighting words for syntax. | +| [![Try Learning Tools Immersive Reader](images/edu-TIB-setp-2-v3.png)](#edu-task2) | **Interested in significantly improving your students' reading speed and comprehension?[1](#footnote1)**
    Try the [Learning Tools Immersive Reader](#edu-task2) to see how kids can learn to read faster, using text read aloud, and highlighting words for syntax. | | [![Launch Microsoft Teams](images/edu-TIB-setp-3-v3.png)](#edu-task3) | **Looking to foster collaboration, communication, and critical thinking in the classroom?**
    Launch [Microsoft Teams](#edu-task3) and learn how to set up digital classroom discussions, respond to student questions, and organize class content. | | [![Open OneNote](images/edu-TIB-setp-4-v3.png)](#edu-task4) | **Trying to expand classroom creativity and interaction between students?**
    Open [OneNote](#edu-task4) and create an example group project for your class. | | [![Play with Minecraft: Education Edition](images/edu-TIB-setp-5-v3.png)](#edu-task5) | **Want to teach kids to further collaborate and problem solve?**
    Play with [Minecraft: Education Edition](#edu-task5) to see how it can be used as a collaborative and versatile platform across subjects to encourage 21st century skills. | @@ -46,7 +46,7 @@ To try out the educator tasks, start by logging in as a teacher.
    ![Improve student reading speed and comprehension](images/edu-TIB-setp-2-jump.png) -## 2. Drastically improve student reading speed and comprehension +## 2. Significantly improve student reading speed and comprehension -### Telemetry +### Diagnostic data -The Surface Hub OS uses the Windows 10 Connected User Experience and Telemetry component to gather and transmit telemetry data. For more information, see [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization). +The Surface Hub OS uses the Windows 10 Connected User Experience and Telemetry component to gather and transmit diagnostic data. For more information, see [Configure Windows diagnostic data in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-diagnostic-data-in-your-organization). -*Organization policies that this may affect:*
    Configure telemetry levels for Surface Hub in the same way as you do for Windows 10 Enterprise. +*Organization policies that this may affect:*
    Configure diagnostic data levels for Surface Hub in the same way as you do for Windows 10 Enterprise. diff --git a/devices/surface-hub/monitor-surface-hub.md b/devices/surface-hub/monitor-surface-hub.md index d8ddba730e..7fe0d6aeff 100644 --- a/devices/surface-hub/monitor-surface-hub.md +++ b/devices/surface-hub/monitor-surface-hub.md @@ -86,7 +86,7 @@ This table describes the sample queries in the Surface Hub solution: | Alert type | Impact | Recommended remediation | Details | | ---------- | ------ | ----------------------- | ------- | -| Software | Error | **Reboot the device**.
    Reboot manually, or using the [Reboot configuration service provider](https://msdn.microsoft.com/en-us/library/windows/hardware/mt720802(v=vs.85).aspx).
    Suggest doing this between meetings to minimize impact to your people in your organization. | Trigger conditions:
    - A critical process in the Surface Hub operating system, such as the shell, projection, or Skype, crashes or becomes non-responsive.
    - The device hasn't reported a heartbeat in the past 24 hours. This may be due to network connectivity issue or network-related hardware failure, or an error with the telemetry reporting system. | +| Software | Error | **Reboot the device**.
    Reboot manually, or using the [Reboot configuration service provider](https://msdn.microsoft.com/en-us/library/windows/hardware/mt720802(v=vs.85).aspx).
    Suggest doing this between meetings to minimize impact to your people in your organization. | Trigger conditions:
    - A critical process in the Surface Hub operating system, such as the shell, projection, or Skype, crashes or becomes non-responsive.
    - The device hasn't reported a heartbeat in the past 24 hours. This may be due to network connectivity issue or network-related hardware failure, or an error with the diagnostic data reporting system. | | Software | Error | **Check your Exchange service**.
    Verify:
    - The service is available.
    - The device account password is up to date – see [Password management](password-management-for-surface-hub-device-accounts.md) for details.| Triggers when there's an error syncing the device calendar with Exchange. | | Software | Error | **Check your Skype for Business service**.
    Verify:
    - The service is available.
    - The device account password is up to date – see [Password management](password-management-for-surface-hub-device-accounts.md) for details.
    - The domain name for Skype for Business is properly configured - see [Configure a domain name](use-fully-qualified-domain-name-surface-hub.md). | Triggers when Skype fails to sign in. | | Software | Error | **Reset the device**.
    This takes some time, so you should take the device offline.
    For more information, see [Device reset](device-reset-surface-hub.md).| Triggers when there is an error cleaning up user and app data at the end of a session. When this operation repeatedly fails, the device is locked to protect user data. You must reset the device to continue. | diff --git a/devices/surface-hub/prepare-your-environment-for-surface-hub.md b/devices/surface-hub/prepare-your-environment-for-surface-hub.md index d649dc5dda..077e16a6a5 100644 --- a/devices/surface-hub/prepare-your-environment-for-surface-hub.md +++ b/devices/surface-hub/prepare-your-environment-for-surface-hub.md @@ -40,9 +40,9 @@ Depending on your environment, access to additional ports may be needed: - For online environments, see [Office 365 IP URLs and IP address ranges](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US). - For on-premises installations, see [Skype for Business Server: Ports and protocols for internal servers](https://technet.microsoft.com/library/gg398833.aspx). -Microsoft collects telemetry to help improve your Surface Hub experience. Add these sites to your allow list: -- Telemetry client endpoint: `https://vortex.data.microsoft.com/` -- Telemetry settings endpoint: `https://settings.data.microsoft.com/` +Microsoft collects diagnostic data to help improve your Surface Hub experience. Add these sites to your allow list: +- Diagnostic data client endpoint: `https://vortex.data.microsoft.com/` +- Diagnostic data settings endpoint: `https://settings.data.microsoft.com/` ### Proxy configuration diff --git a/devices/surface-hub/troubleshoot-surface-hub.md b/devices/surface-hub/troubleshoot-surface-hub.md index df8612a26a..9b2ef8764a 100644 --- a/devices/surface-hub/troubleshoot-surface-hub.md +++ b/devices/surface-hub/troubleshoot-surface-hub.md @@ -524,7 +524,7 @@ This section lists status codes, mapping, user messages, and actions an admin ca

    0x85002004

    E_FAIL_ABORT

    -

    This error is used to interrupt the hanging sync, and will not be exposed to users. It will be shown in the telemetry if you force an interactive sync, delete the account, or update its settings.

    +

    This error is used to interrupt the hanging sync, and will not be exposed to users. It will be shown in the diagnostic data if you force an interactive sync, delete the account, or update its settings.

    Nothing.

    diff --git a/windows/application-management/svchost-service-refactoring.md b/windows/application-management/svchost-service-refactoring.md index db2b1f18c8..ca43f5a4ed 100644 --- a/windows/application-management/svchost-service-refactoring.md +++ b/windows/application-management/svchost-service-refactoring.md @@ -33,7 +33,7 @@ Benefits of this design change include: * Reduced support costs by eliminating the troubleshooting overhead associated with isolating misbehaving services in the shared host. * Increased security by providing additional inter-service isolation * Increased scalability by allowing per-service settings and privileges -* Improved resource management through per-service CPU, I/O and memory management and increase clear telemetry (report CPU, I/O and network usage per service). +* Improved resource management through per-service CPU, I/O and memory management and increase clear diagnostic data (report CPU, I/O and network usage per service). >**Try This** > diff --git a/windows/client-management/mdm/dmclient-csp.md b/windows/client-management/mdm/dmclient-csp.md index 2e48728ffc..c48d6ddd3b 100644 --- a/windows/client-management/mdm/dmclient-csp.md +++ b/windows/client-management/mdm/dmclient-csp.md @@ -216,7 +216,7 @@ Added in Windows 10, version 1607. Returns the hardware device ID. Supported operation is Get. **Provider/*ProviderID*/CommercialID** -Added in Windows 10, version 1607. Configures the identifier used to uniquely associate this telemetry data of this device as belonging to a given organization. If your organization is participating in a program that requires this device to be identified as belonging to your organization then use this setting to provide that identification. The value for this setting will be provided by Microsoft as part of the onboarding process for the program. If you disable or do not configure this policy setting, then Microsoft will not be able to use this identifier to associate this machine and its telemetry data with your organization.. +Added in Windows 10, version 1607. Configures the identifier used to uniquely associate this diagnostic data of this device as belonging to a given organization. If your organization is participating in a program that requires this device to be identified as belonging to your organization then use this setting to provide that identification. The value for this setting will be provided by Microsoft as part of the onboarding process for the program. If you disable or do not configure this policy setting, then Microsoft will not be able to use this identifier to associate this machine and its diagnostic data with your organization.. Supported operations are Add, Get, Replace, and Delete. diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md index 0e9aaf6db6..9ffaf7854f 100644 --- a/windows/client-management/mdm/policy-csp-browser.md +++ b/windows/client-management/mdm/policy-csp-browser.md @@ -1327,14 +1327,14 @@ The following list shows the supported values: This policy setting lets you decide how much data to send to Microsoft about the book you're reading from the Books tab in Microsoft Edge. -If you enable this setting, Microsoft Edge sends additional telemetry data, on top of the basic telemetry data, from the Books tab. If you disable or don't configure this setting, Microsoft Edge only sends basic telemetry data, depending on your device configuration. +If you enable this setting, Microsoft Edge sends additional diagnostic data, on top of the basic diagnostic data, from the Books tab. If you disable or don't configure this setting, Microsoft Edge only sends basic diagnostic data, depending on your device configuration. The following list shows the supported values: -- 0 (default) - Disable. No additional telemetry. -- 1 - Enable. Additional telemetry for schools. +- 0 (default) - Disable. No additional diagnostic data. +- 1 - Enable. Additional diagnostic data for schools. diff --git a/windows/client-management/mdm/tpmpolicy-csp.md b/windows/client-management/mdm/tpmpolicy-csp.md index a86a8fef94..5fa0f29fa7 100644 --- a/windows/client-management/mdm/tpmpolicy-csp.md +++ b/windows/client-management/mdm/tpmpolicy-csp.md @@ -12,7 +12,7 @@ ms.date: 11/01/2017 # TPMPolicy CSP -The TPMPolicy configuration service provider (CSP) provides a mechanism to enable zero exhaust configuration on a Windows device for TPM software components. Zero exhaust is defined as no network traffic (telemetry or otherwise, such as downloading background images, Windows Updates, etc.) from Windows and inbox applications to public IP addresses unless directly intended by the user. This allows the enterprise admin to configure devices where no network communication is initiated by the system without explicit approval. +The TPMPolicy configuration service provider (CSP) provides a mechanism to enable zero exhaust configuration on a Windows device for TPM software components. Zero exhaust is defined as no network traffic (diagnostic data or otherwise, such as downloading background images, Windows Updates, etc.) from Windows and inbox applications to public IP addresses unless directly intended by the user. This allows the enterprise admin to configure devices where no network communication is initiated by the system without explicit approval. The TPMPolicy CSP was added in Windows 10, version 1703. @@ -30,7 +30,7 @@ The following diagram shows the TPMPolicy configuration service provider in tree
  • There should be no traffic when machine is on idle. When the user is not interacting with the system/device, no traffic is expected.
  • There should be no traffic during installation of Windows and first logon when local ID is used.
  • Launching and using a local app (Notepad, Paint, etc.) should not send any traffic. Similarly, performing common tasks (clicking on start menu, browsing folders, etc.) should not send any traffic.
  • -
  • Launching and using Internet enabled apps should not send any unexpected traffic (for maintenance, diagnostic, telemetry, etc.) to Microsoft.
  • +
  • Launching and using Internet enabled apps should not send any unexpected traffic (for maintenance, diagnostic data, etc.) to Microsoft.
  • Here is an example: diff --git a/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md b/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md index 5999ebee5e..4e19920eef 100644 --- a/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md +++ b/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md @@ -77,7 +77,7 @@ The following list describes the characteristics and parameters.

    Supported operations are Get and Replace. **Configuration/TelemetryReportingFrequency** -

    Added in Windows 10, version 1703. Returns or sets the Windows Defender Advanced Threat Protection telemetry reporting frequency. +

    Added in Windows 10, version 1703. Returns or sets the Windows Defender Advanced Threat Protection diagnostic data reporting frequency.

    The following list shows the supported values: diff --git a/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md b/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md index a47fcba793..d475e14ee4 100644 --- a/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md +++ b/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md @@ -227,7 +227,7 @@ The XML below is the current version for this CSP. 1 - Return or set Windows Defender Advanced Threat Protection telemetry reporting frequency. Allowed values are: 1 - Normal, 2 - Expedite + Return or set Windows Defender Advanced Threat Protection diagnostic data reporting frequency. Allowed values are: 1 - Normal, 2 - Expedite diff --git a/windows/client-management/windows-10-mobile-and-mdm.md b/windows/client-management/windows-10-mobile-and-mdm.md index f0535dc3e4..a330013d0d 100644 --- a/windows/client-management/windows-10-mobile-and-mdm.md +++ b/windows/client-management/windows-10-mobile-and-mdm.md @@ -2,7 +2,7 @@ title: Windows 10 Mobile deployment and management guide (Windows 10) description: This guide helps IT professionals plan for and deploy Windows 10 Mobile devices. ms.assetid: 6CAA1004-CB65-4FEC-9B84-61AAD2125E5E -keywords: Mobile, telemetry, BYOD, MDM +keywords: Mobile, diagnostic data, BYOD, MDM ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library @@ -14,7 +14,8 @@ ms.date: 09/21/2017 # Windows 10 Mobile deployment and management guide -*Applies to: Windows 10 Mobile, version 1511 and Windows 10 Mobile, version 1607* +**Applies to:** +- Windows 10 Mobile, version 1511 and Windows 10 Mobile, version 1607 This guide helps IT professionals plan for and deploy Windows 10 Mobile devices. @@ -189,7 +190,7 @@ Multiple MDM systems support Windows 10 and most support personal and corporate In addition, Microsoft recently added MDM capabilities powered by Intune to Office 365. MDM for Office 365 supports mobile devices only, such as those running Windows 10 Mobile, iOS, and Android. MDM for Office 365 offers a subset of the management capabilities found in Intune, including the ability to remotely wipe a device, block a device from accessing Exchange Server email, and configure device policies (e.g., passcode requirements). For more information about MDM for Office 365 capabilities, see [Overview of Mobile Device Management for Office 365](http://technet.microsoft.com/en-us/library/ms.o365.cc.devicepolicy.aspx). **Cloud services** -On mobile devices that run Windows 10 Mobile, users can easily connect to cloud services that provide user notifications and collect telemetry (usage data). Windows 10 Mobile enables organizations to manage how devices consume these cloud services. +On mobile devices that run Windows 10 Mobile, users can easily connect to cloud services that provide user notifications and collect diagnostic and usage data. Windows 10 Mobile enables organizations to manage how devices consume these cloud services. **Windows Push Notification Services** The Windows Push Notification Services enable software developers to send toast, tile, badge, and raw updates from their cloud services. It provides a mechanism to deliver updates to users in a power-efficient and dependable way. @@ -795,9 +796,9 @@ While Windows 10 Mobile provides updates directly to user devices from Windows U Upgrading to Windows 10 Mobile Enterprise edition provides additional device and app management capabilities for organizations that want to: - **Defer, approve and deploy feature and quality updates:** Windows 10 Mobile devices get updates directly from Windows Update. If you want to curate updates prior to deploying them, an upgrade to Windows 10 Mobile Enterprise edition is required. Once Enterprise edition is enabled, the phone can be set to the Current Branch for Business servicing option, giving IT additional time to test updates before they are released. - **Deploy an unlimited number of self-signed LOB apps to a single device:** To use an MDM system to deploy LOB apps directly to devices, you must cryptographically sign the software packages with a code signing certificate that your organization’s certificate authority (CA) generates. You can deploy a maximum of 20 self-signed LOB apps to a Windows 10 Mobile device. To deploy more than 20 self-signed LOB apps, Windows 10 Mobile Enterprise is required. -- **Set the telemetry level:** Microsoft collects telemetry data to help keep Windows devices secure and to help Microsoft improve the quality of Windows and Microsoft services. An upgrade to Windows 10 Mobile Enterprise edition is required to set the telemetry level so that only telemetry information required to keep devices secured is gathered. +- **Set the diagnostic data level:** Microsoft collects diagnostic data to help keep Windows devices secure and to help Microsoft improve the quality of Windows and Microsoft services. An upgrade to Windows 10 Mobile Enterprise edition is required to set the diagnostic data level so that only diagnostic information required to keep devices secured is gathered. -To learn more about telemetry, visit [Configure Windows telemetry in your organization](/windows/configuration/configure-windows-telemetry-in-your-organization). +To learn more about diagnostic, see [Configure Windows diagnostic data in your organization](/windows/configuration/configure-windows-diagnostic-data-in-your-organization). To activate Windows 10 Mobile Enterprise, use your MDM system or a provisioning package to inject the Windows 10 Enterprise license on a Windows 10 Mobile device. Licenses can be obtained from the Volume Licensing portal. For testing purposes, you can obtain a licensing file from the MSDN download center. A valid MSDN subscription is required. @@ -1007,17 +1008,17 @@ The following list shows examples of the Windows 10 Mobile software and hardware - **Secure Boot state** Indicates whether Secure Boot is enabled - **Enterprise encryption policy compliance** Indicates whether the device is encrypted -### Manage telemetry +### Manage diagnostic data *Applies to: Corporate devices with Windows 10 Mobile Enterprise edition* -Microsoft uses telemetry (diagnostics, performance, and usage data) from Windows devices to help inform decisions and focus efforts to provide the most robust and valuable platform for your business and the people who count on Windows to enable them to be as productive as possible. Telemetry helps keep Windows devices healthy, improve the operating system, and personalize features and services. +Microsoft uses diagnostics, performance, and usage data from Windows devices to help inform decisions and focus efforts to provide the most robust and valuable platform for your business and the people who count on Windows to enable them to be as productive as possible. Diagnostic data helps keep Windows devices healthy, improve the operating system, and personalize features and services. -You can control the level of data that telemetry systems collect. To configure devices, specify one of these levels in the Allow Telemetry setting with your MDM system. +You can control the level of data that diagnostic data systems collect. To configure devices, specify one of these levels in the Allow Telemetry setting with your MDM system. -For more information, see [Configure Windows telemetry in Your organization](/windows/configuration/configure-windows-telemetry-in-your-organization). +For more information, see [Configure Windows diagnostic data in Your organization](/windows/configuration/configure-windows-diagnostic-data-in-your-organization). ->**Note:** Telemetry can only be managed when the device is upgraded to Windows 10 Mobile Enterprise edition. +>**Note:** Diagnostic data can only be managed when the device is upgraded to Windows 10 Mobile Enterprise edition. ### Remote assistance diff --git a/windows/configuration/TOC.md b/windows/configuration/TOC.md index 24d1e1b2eb..2542a03b63 100644 --- a/windows/configuration/TOC.md +++ b/windows/configuration/TOC.md @@ -1,10 +1,10 @@ # [Configure Windows 10](index.md) -## [Configure Windows telemetry in your organization](configure-windows-telemetry-in-your-organization.md) +## [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) ## [Diagnostic Data Viewer Overview](diagnostic-data-viewer-overview.md) ## [Windows 10, version 1709 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md) -## [Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics](enhanced-telemetry-windows-analytics-events-and-fields.md) +## [Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics](enhanced-diagnostic-data-windows-analytics-events-and-fields.md) ## [Windows 10, version 1703 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md) -## [Windows 10 diagnostic data for the Full telemetry level](windows-diagnostic-data-1703.md) +## [Windows 10 diagnostic data for the Full diagnostic data level](windows-diagnostic-data-1703.md) ## [Beginning your General Data Protection Regulation (GDPR) journey for Windows 10](gdpr-win10-whitepaper.md) ## [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) ## [Manage Windows 10 connection endpoints](manage-windows-endpoints-version-1709.md) diff --git a/windows/configuration/basic-level-windows-diagnostic-events-and-fields-1703.md b/windows/configuration/basic-level-windows-diagnostic-events-and-fields-1703.md index cf42ebfdaf..d6c2534f87 100644 --- a/windows/configuration/basic-level-windows-diagnostic-events-and-fields-1703.md +++ b/windows/configuration/basic-level-windows-diagnostic-events-and-fields-1703.md @@ -1,7 +1,7 @@ --- description: Use this article to learn more about what Windows diagnostic data is gathered at the basic level. title: Windows 10, version 1703 basic diagnostic events and fields (Windows 10) -keywords: privacy, telemetry +keywords: privacy, diagnostic data ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library @@ -24,7 +24,7 @@ The Basic level gathers a limited set of information that is critical for unders Use this article to learn about diagnostic events, grouped by event area, and the fields within each event. A brief description is provided for each field. Every event generated includes common data, which collects device data. You can learn more about Windows functional and diagnostic data through these articles: - [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) -- [Configure Windows telemetry in your organization](configure-windows-telemetry-in-your-organization.md) +- [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) >[!Note] >Updated November 2017 to document new and modified events. We’ve added some new events and also added new fields to existing events to prepare for upgrades to the next release of Windows. @@ -88,12 +88,12 @@ The following fields are available: - **epoch** Represents the epoch and seqNum fields, which help track how many events were fired and how many events were uploaded, and enables identification of data lost during upload and de-duplication of events on the ingress server. - **seqNum** Represents the sequence field used to track absolute order of uploaded events. It is an incrementing identifier for each event added to the upload queue.  The Sequence helps track how many events were fired and how many events were uploaded and enables identification of data lost during upload and de-duplication of events on the ingress server. - **iKey** Represents an ID for applications or other logical groupings of events. -- **flags** Represents a collection of bits that describe how the event should be processed by the Connected User Experience and Telemetry component pipeline. The lowest-order byte is the event persistence. The next byte is the event latency. +- **flags** Represents a collection of bits that describe how the event should be processed by the Connected User Experiences and Telemetry component pipeline. The lowest-order byte is the event persistence. The next byte is the event latency. - **os** Represents the operating system name. - **osVer** Represents the OS version, and its format is OS dependent. - **appId** Represents a unique identifier of the client application currently loaded in the process producing the event; and is used to group events together and understand usage pattern, errors by application. - **appVer** Represents the version number of the application. Used to understand errors by Version, Usage by Version across an app. -- **cV** Represents the Correlation Vector: A single field for tracking partial order of related telemetry events across component boundaries. +- **cV** Represents the Correlation Vector: A single field for tracking partial order of related diagnostic data events across component boundaries. ### Common Data Extensions.OS @@ -135,7 +135,7 @@ The following fields are available: ### Common Data Extensions.Consent UI Event -This User Account Control (UAC) telemetry point collects information on elevations that originate from low integrity levels. This occurs when a process running at low integrity level (IL) requires higher (administrator) privileges, and therefore requests for elevation via UAC (consent.exe). By better understanding the processes requesting these elevations, Microsoft can in turn improve the detection and handling of potentially malicious behavior in this path. +This User Account Control (UAC) diagnostic data point collects information on elevations that originate from low integrity levels. This occurs when a process running at low integrity level (IL) requires higher (administrator) privileges, and therefore requests for elevation via UAC (consent.exe). By better understanding the processes requesting these elevations, Microsoft can in turn improve the detection and handling of potentially malicious behavior in this path. The following fields are available: @@ -198,7 +198,7 @@ The following fields are available: - **HKCU_FlipAhead.HRESULT** The error code returned when trying to query Flip Ahead for the current user. - **HKLM_TailoredExperiences.TailoredExperiencesWithDiagnosticDataEnabled** Is Tailored Experiences with Diagnostics Data enabled for the current user after the feature update had completed? - **HKCU_TailoredExperiences.HRESULT** The error code returned when trying to query Tailored Experiences with Diagnostics Data for the current user. -- **HKLM_AdvertisingID.Enabled** Is the adveristing ID enabled for the device? +- **HKLM_AdvertisingID.Enabled** Is the adverising ID enabled for the device? - **HKLM_AdvertisingID.HRESULT** The error code returned when trying to query the state of the advertising ID for the device. - **HKCU_AdvertisingID.Enabled** Is the adveristing ID enabled for the current user? - **HKCU_AdvertisingID.HRESULT** The error code returned when trying to query the state of the advertising ID for the user. @@ -332,7 +332,7 @@ The following fields are available: - **HasCitData** Is the file present in CIT data? - **HasUpgradeExe** Does the anti-virus app have an upgrade.exe file? - **IsAv** Is the file an anti-virus reporting EXE? -- **ResolveAttempted** This will always be an empty string when sending telemetry. +- **ResolveAttempted** This will always be an empty string when sending diagnostic data. - **SdbEntries** An array of fields that indicates the SDB entries that apply to this file. @@ -1032,7 +1032,7 @@ The following fields are available: - **AppraiserBranch** The source branch in which the currently running version of Appraiser was built. - **AppraiserVersion** The version of the Appraiser file generating the events. -- **Context** Indicates what mode Appraiser is running in. Example: Setup or Telemetry. +- **Context** Indicates what mode Appraiser is running in. Example: Setup or Diagnostic Data. - **Time** The client time of the event. - **AppraiserProcess** The name of the process that launched Appraiser. - **PCFP** An ID for the system calculated by hashing hardware identifiers. @@ -1354,35 +1354,35 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.TelemetryRunHealth -A summary event indicating the parameters and result of a telemetry run. This allows the rest of the data sent over the course of the run to be properly contextualized and understood, which is then used to keep Windows up-to-date. +A summary event indicating the parameters and result of a diagnostic data run. This allows the rest of the data sent over the course of the run to be properly contextualized and understood, which is then used to keep Windows up-to-date. The following fields are available: - **PerfBackoff** Indicates if the run was invoked with logic to stop running when a user is present. Helps to understand why a run may have a longer elapsed time than normal. - **RunAppraiser** Indicates if Appraiser was set to run at all. If this if false, it is understood that data events will not be received from this device. -- **ThrottlingUtc** Indicates if the Appraiser client is throttling its output of CUET events to avoid being disabled. This increases runtime but also telemetry reliability. +- **ThrottlingUtc** Indicates if the Appraiser client is throttling its output of CUET events to avoid being disabled. This increases runtime but also diagnostic data reliability. - **AuxInitial** Obsolete, indicates if Appraiser is writing data files to be read by the Get Windows 10 app. - **Time** The client time of the event. -- **RunDate** The date that the telemetry run was stated, expressed as a filetime. +- **RunDate** The date that the diagnostic data run was stated, expressed as a filetime. - **AppraiserProcess** The name of the process that launched Appraiser. - **AppraiserVersion** The file version (major, minor and build) of the Appraiser DLL, concatenated without dots. -- **SendingUtc** Indicates if the Appraiser client is sending events during the current telemetry run. +- **SendingUtc** Indicates if the Appraiser client is sending events during the current diagnostic data run. - **DeadlineDate** A timestamp representing the deadline date, which is the time until which appraiser will wait to do a full scan. - **AppraiserBranch** The source branch in which the version of Appraiser that is running was built. -- **EnterpriseRun** Indicates if the telemetry run is an enterprise run, which means appraiser was run from the command line with an extra enterprise parameter. -- **RunGeneralTel** Indicates if the generaltel.dll component was run. Generaltel collects additional telemetry on an infrequent schedule and only from machines at telemetry levels higher than Basic. +- **EnterpriseRun** Indicates if the diagnostic data run is an enterprise run, which means appraiser was run from the command line with an extra enterprise parameter. +- **RunGeneralTel** Indicates if the generaltel.dll component was run. Generaltel collects additional diagnostic data on an infrequent schedule and only from machines at diagnostic data levels higher than Basic. - **PerfBackoffInsurance** Indicates if appraiser is running without performance backoff because it has run with perf backoff and failed to complete several times in a row. - **AuxFinal** Obsolete, always set to false - **StoreHandleIsNotNull** Obsolete, always set to false - **VerboseMode** Indicates if appraiser ran in Verbose mode, which is a test-only mode with extra logging. -- **AppraiserDataVersion** The version of the data files being used by the Appraiser telemetry run. +- **AppraiserDataVersion** The version of the data files being used by the Appraiser diagnostic data run. - **FullSync** Indicates if Appraiser is performing a full sync, which means that full set of events representing the state of the machine are sent. Otherwise, only the changes from the previous run are sent. - **InventoryFullSync** Indicates if inventory is performing a full sync, which means that the full set of events representing the inventory of machine are sent. - **PCFP** An ID for the system calculated by hashing hardware identifiers. - **RunOnline** Indicates if appraiser was able to connect to Windows Update and theefore is making decisions using up-to-date driver coverage information. -- **TelementrySent** Indicates if telemetry was successfully sent. +- **TelementrySent** Indicates if diagnostic data was successfully sent. - **WhyFullSyncWithoutTablePrefix** Indicates the reason or reasons that a full sync was generated. -- **RunResult** The hresult of the Appraiser telemetry run. +- **RunResult** The hresult of the Appraiser diagnostic data run. ### Microsoft.Windows.Appraiser.General.WmdrmAdd @@ -1502,14 +1502,14 @@ The following fields are available: - **MSA_Accounts** Represents a list of hashed IDs of the Microsoft Accounts that are flighting (pre-release builds) on this device. - **IsFlightsDisabled** Represents if the device is participating in the Windows Insider program. - **FlightingBranchName** The name of the Windows Insider branch currently used by the device. -- **DeviceSampleRate** The telemetry sample rate assigned to the device. +- **DeviceSampleRate** The diagnostic data sample rate assigned to the device. - **EnablePreviewBuilds** Used to enable Windows Insider builds on a device. - **SSRK** Retrieves the mobile targeting settings. ### Census.Hardware -This event sends data about the device, including hardware type, OEM brand, model line, model, telemetry level setting, and TPM support, to help keep Windows up-to-date. +This event sends data about the device, including hardware type, OEM brand, model line, model, diagnostic data level setting, and TPM support, to help keep Windows up-to-date. The following fields are available: @@ -1532,8 +1532,8 @@ The following fields are available: - **PowerPlatformRole** The OEM preferred power management profile. It's used to help to identify the basic form factor of the device. - **TPMVersion** The supported Trusted Platform Module (TPM) on the device. If no TPM is present, the value is 0. - **StudyID** Used to identify retail and non-retail device. -- **TelemetryLevel** The telemetry level the user has opted into, such as Basic or Enhanced. -- **TelemetrySettingAuthority** Determines who set the telemetry level, such as GP, MDM, or the user. +- **TelemetryLevel** The diagnostic data level the user has opted into, such as Basic or Enhanced. +- **TelemetrySettingAuthority** Determines who set the diagnostic data level, such as GP, MDM, or the user. - **DeviceForm** Indicates the form as per the device classification. - **DigitizerSupport** Is a digitizer supported? - **OEMModelBaseBoard** The baseboard model used by the OEM. @@ -1545,7 +1545,7 @@ The following fields are available: - **Gyroscope** Indicates whether the device has a gyroscope. - **Magnetometer** Indicates whether the device has a magnetometer. - **NFCProximity** Indicates whether the device supports NFC. -- **TelemetryLevelLimitEnhanced** The telemetry level for Windows Analytics-based solutions. +- **TelemetryLevelLimitEnhanced** The diagnostic data level for Windows Analytics-based solutions. ### Census.Memory @@ -1784,45 +1784,45 @@ This event provides information on about security settings used to help keep Win ### TelClientSynthetic.AuthorizationInfo_RuntimeTransition -This event sends data indicating that a device has undergone a change of telemetry opt-in level during the runtime of the device (not at UTC boot or offline), to help keep Windows up to date. +This event sends data indicating that a device has undergone a change of diagnostic data opt-in level during the runtime of the device (not at UTC boot or offline), to help keep Windows up to date. The following fields are available: -- **CanAddMsaToMsTelemetry** True if UTC is allowed to add MSA user identity onto telemetry from the OS provider groups. -- **CanCollectAnyTelemetry** True if UTC is allowed to collect non-OS telemetry. Non-OS telemetry is responsible for providing its own opt-in mechanism. +- **CanAddMsaToMsTelemetry** True if UTC is allowed to add MSA user identity onto diagnostic data from the OS provider groups. +- **CanCollectAnyTelemetry** True if UTC is allowed to collect non-OS diagnostic data. Non-OS diagnostic data is responsible for providing its own opt-in mechanism. - **CanCollectCoreTelemetry** True if UTC is allowed to collect data which is tagged with both MICROSOFT_KEYWORD_CRITICAL_DATA and MICROSOFT_EVENTTAG_CORE_DATA. - **CanCollectHeartbeats** True if UTC is allowed to collect heartbeats. -- **CanCollectOsTelemetry** True if UTC is allowed to collect telemetry from the OS provider groups (often called Microsoft Telemetry). +- **CanCollectOsTelemetry** True if UTC is allowed to collect diagnostic data from the OS provider groups. - **CanPerformDiagnosticEscalations** True if UTC is allowed to perform all scenario escalations. - **CanPerformScripting** True if UTC is allowed to perform scripting. - **CanPerformTraceEscalations** True if UTC is allowed to perform scenario escalations with tracing actions. - **CanReportScenarios** True if UTC is allowed to load and report scenario completion, failure, and cancellation events. -- **TransitionFromEverythingOff** True if this transition is moving from not allowing core telemetry to allowing core telemetry. -- **PreviousPermissions** Bitmask representing the previously configured permissions since the telemetry opt-in level was last changed. +- **TransitionFromEverythingOff** True if this transition is moving from not allowing core diagnostic data to allowing core diagnostic data. +- **PreviousPermissions** Bitmask representing the previously configured permissions since the diagnostic data opt-in level was last changed. ### TelClientSynthetic.AuthorizationInfo_Startup -This event sends data indicating that a device has undergone a change of telemetry opt-in level detected at UTC startup, to help keep Windows up to date. +This event sends data indicating that a device has undergone a change of diagnostic data opt-in level detected at UTC startup, to help keep Windows up to date. The following fields are available: -- **TransitionFromEverythingOff** True if this transition is moving from not allowing core telemetry to allowing core telemetry. -- **CanCollectAnyTelemetry** True if UTC is allowed to collect non-OS telemetry. Non-OS telemetry is responsible for providing its own opt-in mechanism. +- **TransitionFromEverythingOff** True if this transition is moving from not allowing core diagnostic data to allowing core diagnostic data. +- **CanCollectAnyTelemetry** True if UTC is allowed to collect non-OS diagnostic data. Non-OS diagnostic data is responsible for providing its own opt-in mechanism. - **CanCollectHeartbeats** True if UTC is allowed to collect heartbeats. - **CanCollectCoreTelemetry** True if UTC is allowed to collect data which is tagged with both MICROSOFT_KEYWORD_CRITICAL_DATA and MICROSOFT_EVENTTAG_CORE_DATA. -- **CanCollectOsTelemetry** True if UTC is allowed to collect telemetry from the OS provider groups (often called Microsoft Telemetry). +- **CanCollectOsTelemetry** True if UTC is allowed to collect diagnostic data from the OS provider groups. - **CanReportScenarios** True if UTC is allowed to load and report scenario completion, failure, and cancellation events. -- **CanAddMsaToMsTelemetry** True if UTC is allowed to add MSA user identity onto telemetry from the OS provider groups. +- **CanAddMsaToMsTelemetry** True if UTC is allowed to add MSA user identity onto diagnostic data from the OS provider groups. - **CanPerformTraceEscalations** True if UTC is allowed to perform scenario escalations with tracing actions. - **CanPerformDiagnosticEscalations** True if UTC is allowed to perform all scenario escalations. - **CanPerformScripting** True if UTC is allowed to perform scripting. -- **PreviousPermissions** Bitmask representing the previously configured permissions since the telemetry client was last started. +- **PreviousPermissions** Bitmask representing the previously configured permissions since the diagnostic data client was last started. ### TelClientSynthetic.ConnectivityHeartBeat_0 -This event sends data about the connectivity status of the Connected User Experience and Telemetry component that uploads telemetry events. If an unrestricted free network (such as Wi-Fi) is available, this event updates the last successful upload time. Otherwise, it checks whether a Connectivity Heartbeat event was fired in the past 24 hours, and if not, it fires an event. A Connectivity Heartbeat event also fires when a device recovers from costed network to free network. +This event sends data about the connectivity status of the Connected User Experiences and Telemetry component that uploads diagnostic data events. If an unrestricted free network (such as Wi-Fi) is available, this event updates the last successful upload time. Otherwise, it checks whether a Connectivity Heartbeat event was fired in the past 24 hours, and if not, it fires an event. A Connectivity Heartbeat event also fires when a device recovers from costed network to free network. The following fields are available: @@ -1838,13 +1838,13 @@ The following fields are available: ### TelClientSynthetic.HeartBeat_5 -This event sends data about the health and quality of the telemetry data from the given device, to help keep Windows up to date. It also enables data analysts to determine how 'trusted' the data is from a given device. +This event sends data about the health and quality of the diagnostic data data from the given device, to help keep Windows up to date. It also enables data analysts to determine how 'trusted' the data is from a given device. The following fields are available: - **PreviousHeartBeatTime** The time of last heartbeat event. This allows chaining of events. -- **EtwDroppedCount** The number of events dropped by the ETW layer of the telemetry client. -- **ConsumerDroppedCount** The number of events dropped by the consumer layer of the telemetry client. +- **EtwDroppedCount** The number of events dropped by the ETW layer of the diagnostic data client. +- **ConsumerDroppedCount** The number of events dropped by the consumer layer of the diagnostic data client. - **DecodingDroppedCount** The number of events dropped because of decoding failures. - **ThrottledDroppedCount** The number of events dropped due to throttling of noisy providers. - **DbDroppedCount** The number of events that were dropped because the database was full. @@ -1852,10 +1852,10 @@ The following fields are available: - **EventSubStoreResetSizeSum** The total size of the event database across all resets reports in this instance. - **CriticalOverflowEntersCounter** The number of times a critical overflow mode was entered into the event database. - **EnteringCriticalOverflowDroppedCounter** The number of events that was dropped because a critical overflow mode was initiated. -- **UploaderDroppedCount** The number of events dropped by the uploader layer of the telemetry client. +- **UploaderDroppedCount** The number of events dropped by the uploader layer of the diagnostic data client. - **InvalidHttpCodeCount** The number of invalid HTTP codes received from Vortex. - **LastInvalidHttpCode** The last invalid HTTP code received from Vortex. -- **MaxInUseScenarioCounter** The soft maximum number of scenarios loaded by the Connected User Experience and Telemetry component. +- **MaxInUseScenarioCounter** The soft maximum number of scenarios loaded by the Connected User Experiences and Telemetry component. - **LastEventSizeOffender** The name of the last event that exceeded the maximum event size. - **SettingsHttpAttempts** The number of attempts to contact the OneSettings service. - **SettingsHttpFailures** The number of failures from contacting the OneSettings service. @@ -1957,7 +1957,7 @@ The following fields are available: - **ProcessArchitecture** Architecture of the crashing process, as one of the PROCESSOR_ARCHITECTURE_* constants: 0: PROCESSOR_ARCHITECTURE_INTEL. 5: PROCESSOR_ARCHITECTURE_ARM. 9: PROCESSOR_ARCHITECTURE_AMD64. 12: PROCESSOR_ARCHITECTURE_ARM64. - **ReportId** A GUID used to identify the report. This can used to track the report across Watson. - **Flags** Flags indicating how reporting is done. For example, queue the report, do not offer JIT debugging, or do not terminate the process after reporting. -- **AppSessionGuid** GUID made up of process ID and is used as a correlation vector for process instances in the telemetry backend. +- **AppSessionGuid** GUID made up of process ID and is used as a correlation vector for process instances in the diagnostic data backend. - **TargetAppId** The kernel reported AppId of the application being reported. - **TargetAppVer** The specific version of the application being reported - **TargetAsId** The sequence number for the hanging process. @@ -1982,7 +1982,7 @@ The following fields are available: - **ProcessArchitecture** Architecture of the hung process, as one of the PROCESSOR_ARCHITECTURE_* constants: 0: PROCESSOR_ARCHITECTURE_INTEL. 5: PROCESSOR_ARCHITECTURE_ARM. 9: PROCESSOR_ARCHITECTURE_AMD64. 12: PROCESSOR_ARCHITECTURE_ARM64. - **WaitingOnPackageRelativeAppId** If this is a cross process hang waiting for a package, this has the relative application id of the package. - **WaitingOnAppVersion** If this is a cross process hang, this has the version of the application for which it is waiting. -- **AppSessionGuid** GUID made up of process id used as a correlation vector for process instances in the telemetry backend. +- **AppSessionGuid** GUID made up of process id used as a correlation vector for process instances in the diagnostic data backend. - **WaitingOnPackageFullName** If this is a cross process hang waiting for a package, this has the full name of the package for which it is waiting. - **PackageFullName** Store application identity. - **AppVersion** The version of the app that has hung. diff --git a/windows/configuration/basic-level-windows-diagnostic-events-and-fields.md b/windows/configuration/basic-level-windows-diagnostic-events-and-fields.md index d4a94c3455..7db5063374 100644 --- a/windows/configuration/basic-level-windows-diagnostic-events-and-fields.md +++ b/windows/configuration/basic-level-windows-diagnostic-events-and-fields.md @@ -1,7 +1,7 @@ --- description: Use this article to learn more about what Windows diagnostic data is gathered at the basic level. title: Windows 10, version 1709 basic diagnostic events and fields (Windows 10) -keywords: privacy, telemetry +keywords: privacy, diagnostic data ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library @@ -32,7 +32,7 @@ You can learn more about Windows functional and diagnostic data through these ar - [Windows 10, version 1703 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md) - [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) -- [Configure Windows telemetry in your organization](configure-windows-telemetry-in-your-organization.md) +- [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) @@ -106,7 +106,7 @@ The following fields are available: - **osVer** Represents the OS version, and its format is OS dependent. - **appId** Represents a unique identifier of the client application currently loaded in the process producing the event; and is used to group events together and understand usage pattern, errors by application. - **appVer** Represents the version number of the application. Used to understand errors by Version, Usage by Version across an app. -- **cV** Represents the Correlation Vector: A single field for tracking partial order of related telemetry events across component boundaries. +- **cV** Represents the Correlation Vector: A single field for tracking partial order of related diagnostic data events across component boundaries. ### Common Data Extensions.OS @@ -148,7 +148,7 @@ The following fields are available: ### Common Data Extensions.Consent UI Event -This User Account Control (UAC) telemetry point collects information on elevations that originate from low integrity levels. This occurs when a process running at low integrity level (IL) requires higher (administrator) privileges, and therefore requests for elevation via UAC (consent.exe). By better understanding the processes requesting these elevations, Microsoft can in turn improve the detection and handling of potentially malicious behavior in this path. +This User Account Control (UAC) diagnostic data point collects information on elevations that originate from low integrity levels. This occurs when a process running at low integrity level (IL) requires higher (administrator) privileges, and therefore requests for elevation via UAC (consent.exe). By better understanding the processes requesting these elevations, Microsoft can in turn improve the detection and handling of potentially malicious behavior in this path. The following fields are available: @@ -262,39 +262,39 @@ The following fields are available: - **AppraiserBranch** The source branch in which the currently running version of Appraiser was built. - **AppraiserProcess** The name of the process that launched Appraiser. - **AppraiserVersion** The version of the Appraiser file generating the events. -- **Context** Indicates what mode Appraiser is running in. Example: Setup or Telemetry. +- **Context** Indicates what mode Appraiser is running in. Example: Setup or Diagnostic Data. - **PCFP** An ID for the system calculated by hashing hardware identifiers. - **Time** The client time of the event. ### Microsoft.Windows.Appraiser.General.TelemetryRunHealth -A summary event indicating the parameters and result of a telemetry run. This allows the rest of the data sent over the course of the run to be properly contextualized and understood, which is then used to keep Windows up-to-date. +A summary event indicating the parameters and result of a diagnostic data run. This allows the rest of the data sent over the course of the run to be properly contextualized and understood, which is then used to keep Windows up-to-date. The following fields are available: - **AppraiserBranch** The source branch in which the version of Appraiser that is running was built. -- **AppraiserDataVersion** The version of the data files being used by the Appraiser telemetry run. +- **AppraiserDataVersion** The version of the data files being used by the Appraiser diagnostic data run. - **AppraiserProcess** The name of the process that launched Appraiser. - **AppraiserVersion** The file version (major, minor and build) of the Appraiser DLL, concatenated without dots. - **AuxFinal** Obsolete, always set to false - **AuxInitial** Obsolete, indicates if Appraiser is writing data files to be read by the Get Windows 10 app. - **DeadlineDate** A timestamp representing the deadline date, which is the time until which appraiser will wait to do a full scan. -- **EnterpriseRun** Indicates if the telemetry run is an enterprise run, which means appraiser was run from the command line with an extra enterprise parameter. +- **EnterpriseRun** Indicates if the diagnostic data run is an enterprise run, which means appraiser was run from the command line with an extra enterprise parameter. - **FullSync** Indicates if Appraiser is performing a full sync, which means that full set of events representing the state of the machine are sent. Otherwise, only the changes from the previous run are sent. - **InventoryFullSync** Indicates if inventory is performing a full sync, which means that the full set of events representing the inventory of machine are sent. - **PCFP** An ID for the system calculated by hashing hardware identifiers. - **PerfBackoff** Indicates if the run was invoked with logic to stop running when a user is present. Helps to understand why a run may have a longer elapsed time than normal. - **PerfBackoffInsurance** Indicates if appraiser is running without performance backoff because it has run with perf backoff and failed to complete several times in a row. - **RunAppraiser** Indicates if Appraiser was set to run at all. If this if false, it is understood that data events will not be received from this device. -- **RunDate** The date that the telemetry run was stated, expressed as a filetime. -- **RunGeneralTel** Indicates if the generaltel.dll component was run. Generaltel collects additional telemetry on an infrequent schedule and only from machines at telemetry levels higher than Basic. +- **RunDate** The date that the diagnostic data run was stated, expressed as a filetime. +- **RunGeneralTel** Indicates if the generaltel.dll component was run. Generaltel collects additional diagnostic data on an infrequent schedule and only from machines at diagnostic data levels higher than Basic. - **RunOnline** Indicates if appraiser was able to connect to Windows Update and theefore is making decisions using up-to-date driver coverage information. -- **RunResult** The hresult of the Appraiser telemetry run. -- **SendingUtc** Indicates if the Appraiser client is sending events during the current telemetry run. +- **RunResult** The hresult of the Appraiser diagnostic data run. +- **SendingUtc** Indicates if the Appraiser client is sending events during the current diagnostic data run. - **StoreHandleIsNotNull** Obsolete, always set to false -- **TelementrySent** Indicates if telemetry was successfully sent. -- **ThrottlingUtc** Indicates if the Appraiser client is throttling its output of CUET events to avoid being disabled. This increases runtime but also telemetry reliability. +- **TelementrySent** Indicates if diagnostic data was successfully sent. +- **ThrottlingUtc** Indicates if the Appraiser client is throttling its output of CUET events to avoid being disabled. This increases runtime but also diagnostic data reliability. - **Time** The client time of the event. - **VerboseMode** Indicates if appraiser ran in Verbose mode, which is a test-only mode with extra logging. - **WhyFullSyncWithoutTablePrefix** Indicates the reason or reasons that a full sync was generated. @@ -1461,7 +1461,7 @@ This event sends Windows Insider data from customers participating in improvemen The following fields are available: -- **DeviceSampleRate** The telemetry sample rate assigned to the device. +- **DeviceSampleRate** The diagnostic data sample rate assigned to the device. - **EnablePreviewBuilds** Used to enable Windows Insider builds on a device. - **FlightIds** A list of the different Windows Insider builds on this device. - **FlightingBranchName** The name of the Windows Insider branch currently used by the device. @@ -1472,7 +1472,7 @@ The following fields are available: ### Census.Hardware -This event sends data about the device, including hardware type, OEM brand, model line, model, telemetry level setting, and TPM support, to help keep Windows up-to-date. +This event sends data about the device, including hardware type, OEM brand, model line, model, diagnostic data level setting, and TPM support, to help keep Windows up-to-date. The following fields are available: @@ -1504,9 +1504,9 @@ The following fields are available: - **PowerPlatformRole** The OEM preferred power management profile. It's used to help to identify the basic form factor of the device. - **SoCName** The firmware manufacturer of the device. - **StudyID** Used to identify retail and non-retail device. -- **TelemetryLevel** The telemetry level the user has opted into, such as Basic or Enhanced. -- **TelemetryLevelLimitEnhanced** The telemetry level for Windows Analytics-based solutions. -- **TelemetrySettingAuthority** Determines who set the telemetry level, such as GP, MDM, or the user. +- **TelemetryLevel** The diagnostic data level the user has opted into, such as Basic or Enhanced. +- **TelemetryLevelLimitEnhanced** The diagnostic data level for Windows Analytics-based solutions. +- **TelemetrySettingAuthority** Determines who set the diagnostic data level, such as GP, MDM, or the user. - **TPMVersion** The supported Trusted Platform Module (TPM) on the device. If no TPM is present, the value is 0. - **VoiceSupported** Does the device have a cellular radio capable of making voice calls? @@ -1729,45 +1729,45 @@ This event provides information on about security settings used to help keep Win ### TelClientSynthetic.AuthorizationInfo_Startup -This event sends data indicating that a device has undergone a change of telemetry opt-in level detected at UTC startup, to help keep Windows up to date. +This event sends data indicating that a device has undergone a change of diagnostic data opt-in level detected at UTC startup, to help keep Windows up to date. The following fields are available: -- **CanAddMsaToMsTelemetry** True if UTC is allowed to add MSA user identity onto telemetry from the OS provider groups. -- **CanCollectAnyTelemetry** True if UTC is allowed to collect non-OS telemetry. Non-OS telemetry is responsible for providing its own opt-in mechanism. +- **CanAddMsaToMsTelemetry** True if UTC is allowed to add MSA user identity onto diagnostic data from the OS provider groups. +- **CanCollectAnyTelemetry** True if UTC is allowed to collect non-OS diagnostic data. Non-OS diagnostic data is responsible for providing its own opt-in mechanism. - **CanCollectCoreTelemetry** True if UTC is allowed to collect data which is tagged with both MICROSOFT_KEYWORD_CRITICAL_DATA and MICROSOFT_EVENTTAG_CORE_DATA. - **CanCollectHeartbeats** True if UTC is allowed to collect heartbeats. -- **CanCollectOsTelemetry** True if UTC is allowed to collect telemetry from the OS provider groups (often called Microsoft Telemetry). +- **CanCollectOsTelemetry** True if UTC is allowed to collect diagnostic data from the OS provider groups. - **CanPerformDiagnosticEscalations** True if UTC is allowed to perform all scenario escalations. - **CanPerformScripting** True if UTC is allowed to perform scripting. - **CanPerformTraceEscalations** True if UTC is allowed to perform scenario escalations with tracing actions. - **CanReportScenarios** True if UTC is allowed to load and report scenario completion, failure, and cancellation events. -- **PreviousPermissions** Bitmask representing the previously configured permissions since the telemetry client was last started. -- **TransitionFromEverythingOff** True if this transition is moving from not allowing core telemetry to allowing core telemetry. +- **PreviousPermissions** Bitmask representing the previously configured permissions since the diagnostic data client was last started. +- **TransitionFromEverythingOff** True if this transition is moving from not allowing core diagnostic data to allowing core diagnostic data. ### TelClientSynthetic.AuthorizationInfo_RuntimeTransition -This event sends data indicating that a device has undergone a change of telemetry opt-in level during the runtime of the device (not at UTC boot or offline), to help keep Windows up to date. +This event sends data indicating that a device has undergone a change of diagnostic data opt-in level during the runtime of the device (not at UTC boot or offline), to help keep Windows up to date. The following fields are available: -- **CanAddMsaToMsTelemetry** True if UTC is allowed to add MSA user identity onto telemetry from the OS provider groups. -- **CanCollectAnyTelemetry** True if UTC is allowed to collect non-OS telemetry. Non-OS telemetry is responsible for providing its own opt-in mechanism. +- **CanAddMsaToMsTelemetry** True if UTC is allowed to add MSA user identity onto diagnostic data from the OS provider groups. +- **CanCollectAnyTelemetry** True if UTC is allowed to collect non-OS diagnostic data. Non-OS diagnostic data is responsible for providing its own opt-in mechanism. - **CanCollectCoreTelemetry** True if UTC is allowed to collect data which is tagged with both MICROSOFT_KEYWORD_CRITICAL_DATA and MICROSOFT_EVENTTAG_CORE_DATA. - **CanCollectHeartbeats** True if UTC is allowed to collect heartbeats. -- **CanCollectOsTelemetry** True if UTC is allowed to collect telemetry from the OS provider groups (often called Microsoft Telemetry). +- **CanCollectOsTelemetry** True if UTC is allowed to collect diagnostic data from the OS provider groups. - **CanPerformDiagnosticEscalations** True if UTC is allowed to perform all scenario escalations. - **CanPerformScripting** True if UTC is allowed to perform scripting. - **CanPerformTraceEscalations** True if UTC is allowed to perform scenario escalations with tracing actions. - **CanReportScenarios** True if UTC is allowed to load and report scenario completion, failure, and cancellation events. -- **PreviousPermissions** Bitmask representing the previously configured permissions since the telemetry opt-in level was last changed. -- **TransitionFromEverythingOff** True if this transition is moving from not allowing core telemetry to allowing core telemetry. +- **PreviousPermissions** Bitmask representing the previously configured permissions since the diagnostic data opt-in level was last changed. +- **TransitionFromEverythingOff** True if this transition is moving from not allowing core diagnostic data to allowing core diagnostic data. ### TelClientSynthetic.ConnectivityHeartBeat_0 -This event sends data about the connectivity status of the Connected User Experience and Telemetry component that uploads telemetry events. If an unrestricted free network (such as Wi-Fi) is available, this event updates the last successful upload time. Otherwise, it checks whether a Connectivity Heartbeat event was fired in the past 24 hours, and if not, it fires an event. A Connectivity Heartbeat event also fires when a device recovers from costed network to free network. +This event sends data about the connectivity status of the Connected User Experience and Telemetry component that uploads diagnostic data events. If an unrestricted free network (such as Wi-Fi) is available, this event updates the last successful upload time. Otherwise, it checks whether a Connectivity Heartbeat event was fired in the past 24 hours, and if not, it fires an event. A Connectivity Heartbeat event also fires when a device recovers from costed network to free network. The following fields are available: @@ -1783,7 +1783,7 @@ The following fields are available: ### TelClientSynthetic.HeartBeat_5 -This event sends data about the health and quality of the telemetry data from the given device, to help keep Windows up to date. It also enables data analysts to determine how 'trusted' the data is from a given device. +This event sends data about the health and quality of the diagnostic data data from the given device, to help keep Windows up to date. It also enables data analysts to determine how 'trusted' the data is from a given device. The following fields are available: @@ -1791,7 +1791,7 @@ The following fields are available: - **CensusExitCode** The last exit code of the Census task. - **CensusStartTime** The time of the last Census run. - **CensusTaskEnabled** Indicates whether Census is enabled. -- **ConsumerDroppedCount** The number of events dropped by the consumer layer of the telemetry client. +- **ConsumerDroppedCount** The number of events dropped by the consumer layer of the diagnostic data client. - **CriticalDataDbDroppedCount** The number of critical data sampled events that were dropped at the database layer. - **CriticalDataThrottleDroppedCount** The number of critical data sampled events that were dropped because of throttling. - **CriticalOverflowEntersCounter** The number of times a critical overflow mode was entered into the event database. @@ -1800,7 +1800,7 @@ The following fields are available: - **DecodingDroppedCount** The number of events dropped because of decoding failures. - **EnteringCriticalOverflowDroppedCounter** The number of events that was dropped because a critical overflow mode was initiated. - **EtwDroppedBufferCount** The number of buffers dropped in the CUET ETW session. -- **EtwDroppedCount** The number of events dropped by the ETW layer of the telemetry client. +- **EtwDroppedCount** The number of events dropped by the ETW layer of the diagnostic data client. - **EventSubStoreResetCounter** The number of times the event database was reset. - **EventSubStoreResetSizeSum** The total size of the event database across all resets reports in this instance. - **EventsUploaded** The number of events that have been uploaded. @@ -1817,7 +1817,7 @@ The following fields are available: - **SettingsHttpAttempts** The number of attempts to contact the OneSettings service. - **SettingsHttpFailures** The number of failures from contacting the OneSettings service. - **ThrottledDroppedCount** The number of events dropped due to throttling of noisy providers. -- **UploaderDroppedCount** The number of events dropped by the uploader layer of the telemetry client. +- **UploaderDroppedCount** The number of events dropped by the uploader layer of the diagnostic data client. - **VortexFailuresTimeout** The number of timeout failures received from Vortex. - **VortexHttpAttempts** The number of attempts to contact the Vortex service. - **VortexHttpFailures4xx** The number of 400-499 error codes received from Vortex. @@ -1888,7 +1888,7 @@ The following fields are available: The following fields are available: - **AppName** The name of the app that has crashed. -- **AppSessionGuid** GUID made up of process ID and is used as a correlation vector for process instances in the telemetry backend. +- **AppSessionGuid** GUID made up of process ID and is used as a correlation vector for process instances in the diagnostic data backend. - **AppTimeStamp** The date/time stamp of the app. - **AppVersion** The version of the app that has crashed. - **ExceptionCode** The exception code returned by the process that has crashed. @@ -1938,7 +1938,7 @@ This event sends data about hangs for both native and managed applications, to h The following fields are available: - **AppName** The name of the app that has hung. -- **AppSessionGuid** GUID made up of process id used as a correlation vector for process instances in the telemetry backend. +- **AppSessionGuid** GUID made up of process id used as a correlation vector for process instances in the diagnostic data backend. - **AppVersion** The version of the app that has hung. - **PackageFullName** Store application identity. - **PackageRelativeAppId** Store application identity. @@ -3185,7 +3185,7 @@ The following fields are available: ### Microsoft.Windows.UpdateNotificationPipeline.JavascriptJavascriptCriticalGenericMessage -This event indicates that Javascript is reporting a schema and a set of values for critical telemetry +This event indicates that Javascript is reporting a schema and a set of values for critical diagnostic data. The following fields are available: diff --git a/windows/configuration/change-history-for-configure-windows-10.md b/windows/configuration/change-history-for-configure-windows-10.md index 38cd69cdf4..ce324c8cf1 100644 --- a/windows/configuration/change-history-for-configure-windows-10.md +++ b/windows/configuration/change-history-for-configure-windows-10.md @@ -48,7 +48,7 @@ The topics in this library have been updated for Windows 10, version 1709 (also - [Create a Windows 10 kiosk that runs multiple apps](lock-down-windows-10-to-specific-apps.md) - [Multi-app kiosk XML reference](multi-app-kiosk-xml.md) - [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md) -- [Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics](enhanced-telemetry-windows-analytics-events-and-fields.md) +- [Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics](enhanced-diagnostic-data-windows-analytics-events-and-fields.md) ## September 2017 diff --git a/windows/configuration/configure-windows-telemetry-in-your-organization.md b/windows/configuration/configure-windows-diagnostic-data-in-your-organization.md similarity index 55% rename from windows/configuration/configure-windows-telemetry-in-your-organization.md rename to windows/configuration/configure-windows-diagnostic-data-in-your-organization.md index 52483ff9cd..6a85eb7c57 100644 --- a/windows/configuration/configure-windows-telemetry-in-your-organization.md +++ b/windows/configuration/configure-windows-diagnostic-data-in-your-organization.md @@ -1,6 +1,6 @@ --- -description: Use this article to make informed decisions about how you can configure telemetry in your organization. -title: Configure Windows telemetry in your organization (Windows 10) +description: Use this article to make informed decisions about how you can configure diagnostic data in your organization. +title: Configure Windows diagnostic data in your organization (Windows 10) keywords: privacy ms.prod: w10 ms.mktglfcycl: manage @@ -11,7 +11,7 @@ author: brianlic-msft ms.date: 10/17/2017 --- -# Configure Windows telemetry in your organization +# Configure Windows diagnostic data in your organization **Applies to** @@ -19,54 +19,54 @@ ms.date: 10/17/2017 - Windows 10 Mobile - Windows Server -At Microsoft, we use Windows telemetry to inform our decisions and focus our efforts in providing the most robust, most valuable platform for your business and the people who count on Windows to enable them to be as productive as possible. Telemetry gives users a voice in the operating system’s development. This guide describes the importance of Windows telemetry and how we protect that data. Additionally, it differentiates between telemetry and functional data. It also describes the telemetry levels that Windows supports. Of course, you can choose how much telemetry is shared with Microsoft, and this guide demonstrates how. +At Microsoft, we use Windows diagnostic data to inform our decisions and focus our efforts in providing the most robust, most valuable platform for your business and the people who count on Windows to enable them to be as productive as possible. Diagnostic data gives users a voice in the operating system’s development. This guide describes the importance of Windows diagnostic data and how we protect that data. Additionally, it differentiates between diagnostic data and functional data. It also describes the diagnostic data levels that Windows supports. Of course, you can choose how much diagnostic data is shared with Microsoft, and this guide demonstrates how. -To frame a discussion about telemetry, it is important to understand Microsoft’s privacy principles. We earn customer trust every day by focusing on six key privacy principles as described at [privacy.microsoft.com](https://privacy.microsoft.com/). These principles guided the implementation of the Windows telemetry system in the following ways: +To frame a discussion about diagnostic data, it is important to understand Microsoft’s privacy principles. We earn customer trust every day by focusing on six key privacy principles as described at [privacy.microsoft.com](https://privacy.microsoft.com/). These principles guided the implementation of the Windows diagnostic data system in the following ways: -- **Control.** We offer customers control of the telemetry they share with us by providing easy-to-use management tools. -- **Transparency.** We provide information about the telemetry that Windows and Windows Server collects so our customers can make informed decisions. -- **Security.** We encrypt telemetry in transit from your device and protect that data at our secure data centers. +- **Control.** We offer customers control of the diagnostic data they share with us by providing easy-to-use management tools. +- **Transparency.** We provide information about the diagnostic data that Windows and Windows Server collects so our customers can make informed decisions. +- **Security.** We encrypt diagnostic data in transit from your device and protect that data at our secure data centers. - **Strong legal protections.** We respect customers’ local privacy laws and fight for legal protection of their privacy as a fundamental human right. -- **No content-based targeting.** We take steps to avoid and minimize the collection of customer content, such as the content of files, chats, or emails, through the Windows telemetry system. Customer content inadvertently collected is kept confidential and not used for user targeting. -- **Benefits to you.** We collect Windows telemetry to help provide you with an up-to-date, more secure, reliable and performant product, and to improve Windows for all our customers. +- **No content-based targeting.** We take steps to avoid and minimize the collection of customer content, such as the content of files, chats, or emails, through the Windows diagnostic data system. Customer content inadvertently collected is kept confidential and not used for user targeting. +- **Benefits to you.** We collect Windows diagnostic data to help provide you with an up-to-date, more secure, reliable and performant product, and to improve Windows for all our customers. -This article applies to Windows and Windows Server telemetry only. Other Microsoft or third-party apps, such as System Center Configuration Manager, System Center Endpoint Protection, or System Center Data Protection Manager, might send data to their cloud services in ways that are inconsistent with this guide. Their publishers are responsible for notifying users of their privacy policies, telemetry controls, and so on. This article describes the types of telemetry we may gather, the ways you might manage it in your organization, and some examples of how telemetry can provide you with valuable insights into your enterprise deployments. Microsoft uses the data to quickly identify and address issues affecting its customers. +This article applies to Windows and Windows Server diagnostic data only. Other Microsoft or third-party apps, such as System Center Configuration Manager, System Center Endpoint Protection, or System Center Data Protection Manager, might send data to their cloud services in ways that are inconsistent with this guide. Their publishers are responsible for notifying users of their privacy policies, diagnostic data controls, and so on. This article describes the types of diagnostic data we may gather, the ways you might manage it in your organization, and some examples of how diagnostic data can provide you with valuable insights into your enterprise deployments. Microsoft uses the data to quickly identify and address issues affecting its customers. -Use this article to make informed decisions about how you might configure telemetry in your organization. Telemetry is a term that means different things to different people and organizations. For this article, we discuss telemetry as system data that is uploaded by the Connected User Experience and Telemetry component. The telemetry data is used to help keep Windows devices secure by identifying malware trends and other threats and to help Microsoft improve the quality of Windows and Microsoft services. +Use this article to make informed decisions about how you might configure diagnostic data in your organization. Diagnostic data is a term that means different things to different people and organizations. For this article, we discuss diagnostic data as system data that is uploaded by the Connected User Experiences and Telemetry component. The diagnostic data data is used to help keep Windows devices secure by identifying malware trends and other threats and to help Microsoft improve the quality of Windows and Microsoft services. We are always striving to improve our documentation and welcome your feedback. You can provide feedback by contacting telmhelp@microsoft.com. ## Overview -In previous versions of Windows and Windows Server, Microsoft used telemetry to check for updated or new Windows Defender signatures, check whether Windows Update installations were successful, gather reliability information through the Reliability Analysis Component (RAC), and gather reliability information through the Windows Customer Experience Improvement Program (CEIP) on Windows. In Windows 10 and Windows Server 2016, you can control telemetry streams by using the Privacy option in Settings, Group Policy, or MDM. +In previous versions of Windows and Windows Server, Microsoft used diagnostic data to check for updated or new Windows Defender signatures, check whether Windows Update installations were successful, gather reliability information through the Reliability Analysis Component (RAC), and gather reliability information through the Windows Customer Experience Improvement Program (CEIP) on Windows. In Windows 10 and Windows Server 2016, you can control diagnostic data streams by using the Privacy option in Settings, Group Policy, or MDM. For Windows 10, we invite IT pros to join the [Windows Insider Program](http://insider.windows.com) to give us feedback on what we can do to make Windows work better for your organization. -## Understanding Windows telemetry +## Understanding Windows diagnostic data Windows as a Service is a fundamental change in how Microsoft plans, builds, and delivers the operating system. Historically, we released a major Windows version every few years. The effort required to deploy large and infrequent Windows versions was substantial. That effort included updating the infrastructure to support the upgrade. Windows as a Service accelerates the cadence to provide rich updates more frequently, and these updates require substantially less effort to roll out than earlier versions of Windows. Since it provides more value to organizations in a shorter timeframe, delivering Windows as a Service is a top priority for us. -The release cadence of Windows may be fast, so feedback is critical to its success. We rely on telemetry at each stage of the process to inform our decisions and prioritize our efforts. +The release cadence of Windows may be fast, so feedback is critical to its success. We rely on diagnostic data at each stage of the process to inform our decisions and prioritize our efforts. -### What is Windows telemetry? -Windows telemetry is vital technical data from Windows devices about the device and how Windows and related software are performing. It's used in the following ways: +### What is Windows diagnostic data? +Windows diagnostic data is vital technical data from Windows devices about the device and how Windows and related software are performing. It's used in the following ways: - Keep Windows up to date - Keep Windows secure, reliable, and performant - Improve Windows – through the aggregate analysis of the use of Windows - Personalize Windows engagement surfaces -Here are some specific examples of Windows telemetry data: +Here are some specific examples of Windows diagnostic data data: - Type of hardware being used - Applications installed and usage details - Reliability information on device drivers -### What is NOT telemetry? +### What is NOT diagnostic data? -Telemetry can sometimes be confused with functional data. Some Windows components and apps connect to Microsoft services directly, but the data they exchange is not telemetry. For example, exchanging a user’s location for local weather or news is not an example of telemetry—it is functional data that the app or service requires to satisfy the user’s request. +Diagnostic data can sometimes be confused with functional data. Some Windows components and apps connect to Microsoft services directly, but the data they exchange is not diagnostic data. For example, exchanging a user’s location for local weather or news is not an example of diagnostic data—it is functional data that the app or service requires to satisfy the user’s request. -There are subtle differences between telemetry and functional data. Windows collects and sends telemetry in the background automatically. You can control how much information is gathered by setting the telemetry level. Microsoft tries to avoid collecting personal information wherever possible (for example, if a crash dump is collected and a document was in memory at the time of the crash). On the other hand, functional data can contain personal information. However, a user action, such as requesting news or asking Cortana a question, usually triggers collection and transmission of functional data. +There are subtle differences between diagnostic data and functional data. Windows collects and sends diagnostic data in the background automatically. You can control how much information is gathered by setting the diagnostic data level. Microsoft tries to avoid collecting personal information wherever possible (for example, if a crash dump is collected and a document was in memory at the time of the crash). On the other hand, functional data can contain personal information. However, a user action, such as requesting news or asking Cortana a question, usually triggers collection and transmission of functional data. If you’re an IT pro that wants to manage Windows functional data sent from your organization to Microsoft, see [Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services). @@ -76,26 +76,26 @@ The following are specific examples of functional data: - Bing searches - Wallpaper and desktop settings synced across multiple devices -### Telemetry gives users a voice +### Diagnostic data gives users a voice -Windows and Windows Server telemetry gives every user a voice in the operating system’s development and ongoing improvement. It helps us understand how Windows 10 and Windows Server 2016 behaves in the real world, focus on user priorities, and make informed decisions that benefit them. For our enterprise customers, representation in the dataset on which we will make future design decisions is a real benefit. The following sections offer real examples of these benefits. +Windows and Windows Server diagnostic data gives every user a voice in the operating system’s development and ongoing improvement. It helps us understand how Windows 10 and Windows Server 2016 behaves in the real world, focus on user priorities, and make informed decisions that benefit them. For our enterprise customers, representation in the dataset on which we will make future design decisions is a real benefit. The following sections offer real examples of these benefits. ### Drive higher app and driver quality -Our ability to collect telemetry that drives improvements to Windows and Windows Server helps raise the bar for app and device driver quality. Telemetry helps us to quickly identify and fix critical reliability and security issues with apps and device drivers on given configurations. For example, we can identify an app that hangs on devices using a specific version of a video driver, allowing us to work with the app and device driver vendor to quickly fix the issue. The result is less downtime and reduced costs and increased productivity associated with troubleshooting these issues. +Our ability to collect diagnostic data that drives improvements to Windows and Windows Server helps raise the bar for app and device driver quality. Diagnostic data helps us to quickly identify and fix critical reliability and security issues with apps and device drivers on given configurations. For example, we can identify an app that hangs on devices using a specific version of a video driver, allowing us to work with the app and device driver vendor to quickly fix the issue. The result is less downtime and reduced costs and increased productivity associated with troubleshooting these issues. -#### Real-world example of how Windows telemetry helps -There was a version of a video driver that was crashing on some devices running Windows 10, causing the device to reboot. We detected the problem in our telemetry, and immediately contacted the third-party developer who builds the video driver. Working with the developer, we provided an updated driver to Windows Insiders within 24 hours. Based on telemetry from the Windows Insiders’ devices, we were able to validate the new version of the video driver, and rolled it out to the broad public as an update the next day. Telemetry helped us find, fix, and resolve this problem in just 48 hours, providing a better user experience and reducing costly support calls. +#### Real-world example of how Windows diagnostic data helps +There was a version of a video driver that was crashing on some devices running Windows 10, causing the device to reboot. We detected the problem in our diagnostic data, and immediately contacted the third-party developer who builds the video driver. Working with the developer, we provided an updated driver to Windows Insiders within 24 hours. Based on diagnostic data from the Windows Insiders’ devices, we were able to validate the new version of the video driver, and rolled it out to the broad public as an update the next day. Diagnostic data helped us find, fix, and resolve this problem in just 48 hours, providing a better user experience and reducing costly support calls. ### Improve end-user productivity -Windows telemetry also helps Microsoft better understand how customers use (or do not use) the operating system’s features and related services. The insights we gain from this data helps us prioritize our engineering effort to directly impact our customers’ experiences. Examples are: +Windows diagnostic data also helps Microsoft better understand how customers use (or do not use) the operating system’s features and related services. The insights we gain from this data helps us prioritize our engineering effort to directly impact our customers’ experiences. Examples are: - **Start menu.** How do people change the Start menu layout? Do they pin other apps to it? Are there any apps that they frequently unpin? We use this dataset to adjust the default Start menu layout to better reflect people’s expectations when they turn on their device for the first time. -- **Cortana.** We use telemetry to monitor the scalability of our cloud service, improving search performance. -- **Application switching.** Research and observations from earlier Windows versions showed that people rarely used Alt+Tab to switch between applications. After discussing this with some users, we learned they loved the feature, saying that it would be highly productive, but they did not know about it previously. Based on this, we created the Task View button in Windows 10 to make this feature more discoverable. Later telemetry showed significantly higher usage of this feature. +- **Cortana.** We use diagnostic data to monitor the scalability of our cloud service, improving search performance. +- **Application switching.** Research and observations from earlier Windows versions showed that people rarely used Alt+Tab to switch between applications. After discussing this with some users, we learned they loved the feature, saying that it would be highly productive, but they did not know about it previously. Based on this, we created the Task View button in Windows 10 to make this feature more discoverable. Later diagnostic data showed significantly higher usage of this feature. -**These examples show how the use of telemetry data enables Microsoft to build or enhance features which can help organizations increase employee productivity while lowering help desk calls.** +**These examples show how the use of diagnostic data data enables Microsoft to build or enhance features which can help organizations increase employee productivity while lowering help desk calls.** ### Insights into your own organization @@ -108,7 +108,7 @@ Upgrading to new operating system versions has traditionally been a challenging, To better help customers through this difficult process, Microsoft developed Upgrade Readiness to give enterprises the tools to plan and manage the upgrade process end to end and allowing them to adopt new Windows releases more quickly and on an ongoing basis. -With Windows telemetry enabled, Microsoft collects computer, application, and driver compatibility-related information for analysis. We then identify compatibility issues that can block your upgrade and suggest fixes when they are known to Microsoft. +With Windows diagnostic data enabled, Microsoft collects computer, application, and driver compatibility-related information for analysis. We then identify compatibility issues that can block your upgrade and suggest fixes when they are known to Microsoft. Use Upgrade Readiness to get: @@ -122,50 +122,50 @@ Use Upgrade Readiness to get: The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded. -## How is telemetry data handled by Microsoft? +## How is diagnostic data data handled by Microsoft? ### Data collection -Windows 10 and Windows Server 2016 includes the Connected User Experience and Telemetry component, which uses Event Tracing for Windows (ETW) tracelogging technology that gathers and stores telemetry events and data. The operating system and some Microsoft management solutions, such as System Center, use the same logging technology. +Windows 10 and Windows Server 2016 includes the Connected User Experiences and Telemetry component, which uses Event Tracing for Windows (ETW) tracelogging technology that gathers and stores diagnostic data events and data. The operating system and some Microsoft management solutions, such as System Center, use the same logging technology. 1. Operating system features and some management applications are instrumented to publish events and data. Examples of management applications include Virtual Machine Manager (VMM), Server Manager, and Storage Spaces. 2. Events are gathered using public operating system event logging and tracing APIs. -3. You can configure the telemetry level by using MDM policy, Group Policy, or registry settings. -4. The Connected User Experience and Telemetry component transmits the telemetry data. +3. You can configure the diagnostic data level by using MDM policy, Group Policy, or registry settings. +4. The Connected User Experiences and Telemetry component transmits the diagnostic data data. -Info collected at the Enhanced and Full levels of telemetry is typically gathered at a fractional sampling rate, which can be as low as 1% of devices reporting data at those levels. +Info collected at the Enhanced and Full levels of diagnostic data is typically gathered at a fractional sampling rate, which can be as low as 1% of devices reporting data at those levels. ### Data transmission -All telemetry data is encrypted using SSL and uses certificate pinning during transfer from the device to the Microsoft Data Management Service. With Windows 10, data is uploaded on a schedule that is sensitive to event priority, battery use, and network cost. Real-time events, such as Windows Defender Advanced Threat Protection, are always sent immediately. Normal events are not uploaded on metered networks, unless you are on a metered server connection. On a free network, normal events can be uploaded every 4 hours if on battery, or every 15 minutes if on A/C power. Diagnostic and crash data are only uploaded on A/C power and free networks. +All diagnostic data data is encrypted using SSL and uses certificate pinning during transfer from the device to the Microsoft Data Management Service. With Windows 10, data is uploaded on a schedule that is sensitive to event priority, battery use, and network cost. Real-time events, such as Windows Defender Advanced Threat Protection, are always sent immediately. Normal events are not uploaded on metered networks, unless you are on a metered server connection. On a free network, normal events can be uploaded every 4 hours if on battery, or every 15 minutes if on A/C power. Diagnostic and crash data are only uploaded on A/C power and free networks. ### Endpoints The Microsoft Data Management Service routes data back to our secure cloud storage. Only Microsoft personnel with a valid business justification are permitted access. -The following table defines the endpoints for telemetry services: +The following table defines the endpoints for diagnostic data services: | Service | Endpoint | | - | - | -| Connected User Experience and Telemetry component | v10.vortex-win.data.microsoft.com
    settings-win.data.microsoft.com | +| Connected User Experiences and Telemetry component | v10.vortex-win.data.microsoft.com
    settings-win.data.microsoft.com | | [Windows Error Reporting](http://msdn.microsoft.com/library/windows/desktop/bb513641.aspx) | watson.telemetry.microsoft.com | | [Online Crash Analysis](http://msdn.microsoft.com/library/windows/desktop/ee416349.aspx) | oca.telemetry.microsoft.com | | OneDrive app for Windows 10 | vortex.data.microsoft.com/collect/v1 | ### Data use and access -The principle of least privileged access guides access to telemetry data. Microsoft does not share personal data of our customers with third parties, except at the customer’s discretion or for the limited purposes described in the [Privacy Statement](https://privacy.microsoft.com/privacystatement). Microsoft may share business reports with OEMs and third-party partners that include aggregated and anonymized telemetry information. Data-sharing decisions are made by an internal team including privacy, legal, and data management. +The principle of least privileged access guides access to diagnostic data data. Microsoft does not share personal data of our customers with third parties, except at the customer’s discretion or for the limited purposes described in the [Privacy Statement](https://privacy.microsoft.com/privacystatement). Microsoft may share business reports with OEMs and third-party partners that include aggregated and anonymized diagnostic data information. Data-sharing decisions are made by an internal team including privacy, legal, and data management. ### Retention Microsoft believes in and practices information minimization. We strive to gather only the info we need and to store it only for as long as it’s needed to provide a service or for analysis. Much of the info about how Windows and apps are functioning is deleted within 30 days. Other info may be retained longer, such as error reporting data or Microsoft Store purchase history. -## Telemetry levels -This section explains the different telemetry levels in Windows 10, Windows Server 2016, and System Center. These levels are available on all desktop and mobile editions of Windows 10, except for the **Security** level, which is limited to Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, Windows 10 IoT Core (IoT Core), and Windows Server 2016. +## Diagnostic data levels +This section explains the different diagnostic data levels in Windows 10, Windows Server 2016, and System Center. These levels are available on all desktop and mobile editions of Windows 10, except for the **Security** level, which is limited to Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, Windows 10 IoT Core (IoT Core), and Windows Server 2016. -The telemetry data is categorized into four levels: +The diagnostic data data is categorized into four levels: -- **Security**. Information that’s required to help keep Windows, Windows Server, and System Center secure, including data about the Connected User Experience and Telemetry component settings, the Malicious Software Removal Tool, and Windows Defender. +- **Security**. Information that’s required to help keep Windows, Windows Server, and System Center secure, including data about the Connected User Experiences and Telemetry component settings, the Malicious Software Removal Tool, and Windows Defender. - **Basic**. Basic device info, including: quality-related data, app compatibility, app usage data, and data from the **Security** level. @@ -175,20 +175,20 @@ The telemetry data is categorized into four levels: The levels are cumulative and are illustrated in the following diagram. Also, these levels apply to all editions of Windows Server 2016. -![breakdown of telemetry levels and types of administrative controls](images/priv-telemetry-levels.png) +![breakdown of diagnostic data levels and types of administrative controls](images/priv-telemetry-levels.png) ### Security level -The Security level gathers only the telemetry info that is required to keep Windows devices, Windows Server, and guests protected with the latest security updates. This level is only available on Windows Server 2016, Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, and Windows IoT Core editions. +The Security level gathers only the diagnostic data info that is required to keep Windows devices, Windows Server, and guests protected with the latest security updates. This level is only available on Windows Server 2016, Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, and Windows IoT Core editions. > [!NOTE] > If your organization relies on Windows Update for updates, you shouldn’t use the **Security** level. Because no Windows Update information is gathered at this level, important information about update failures is not sent. Microsoft uses this information to fix the causes of those failures and improve the quality of our updates. -Windows Server Update Services (WSUS) and System Center Configuration Manager functionality is not affected at this level, nor is telemetry data about Windows Server features or System Center gathered. +Windows Server Update Services (WSUS) and System Center Configuration Manager functionality is not affected at this level, nor is diagnostic data data about Windows Server features or System Center gathered. The data gathered at this level includes: -- **Connected User Experience and Telemetry component settings**. If general telemetry data has been gathered and is queued, it is sent to Microsoft. Along with this telemetry, the Connected User Experience and Telemetry component may download a configuration settings file from Microsoft’s servers. This file is used to configure the Connected User Experience and Telemetry component itself. The data gathered by the client for this request includes OS information, device id (used to identify what specific device is requesting settings) and device class (for example, whether the device is server or desktop). +- **Connected User Experiences and Telemetry component settings**. If general diagnostic data data has been gathered and is queued, it is sent to Microsoft. Along with this diagnostic data, the Connected User Experiences and Telemetry component may download a configuration settings file from Microsoft’s servers. This file is used to configure the Connected User Experiences and Telemetry component itself. The data gathered by the client for this request includes OS information, device id (used to identify what specific device is requesting settings) and device class (for example, whether the device is server or desktop). - **Malicious Software Removal Tool (MSRT)** The MSRT infection report contains information, including device info and IP address. @@ -202,15 +202,15 @@ The data gathered at this level includes: Microsoft recommends that Windows Update, Windows Defender, and MSRT remain enabled unless the enterprise uses alternative solutions such as Windows Server Update Services, System Center Configuration Manager, or a third-party antimalware solution. Windows Update, Windows Defender, and MSRT provide core Windows functionality such as driver and OS updates, including security updates. -For servers with default telemetry settings and no Internet connectivity, you should set the telemetry level to **Security**. This stops data gathering for events that would not be uploaded due to the lack of Internet connectivity. +For servers with default diagnostic data settings and no Internet connectivity, you should set the diagnostic data level to **Security**. This stops data gathering for events that would not be uploaded due to the lack of Internet connectivity. -No user content, such as user files or communications, is gathered at the **Security** telemetry level, and we take steps to avoid gathering any information that directly identifies a company or user, such as name, email address, or account ID. However, in rare circumstances, MSRT information may unintentionally contain personal information. For instance, some malware may create entries in a computer’s registry that include information such as a username, causing it to be gathered. MSRT reporting is optional and can be turned off at any time. +No user content, such as user files or communications, is gathered at the **Security** diagnostic data level, and we take steps to avoid gathering any information that directly identifies a company or user, such as name, email address, or account ID. However, in rare circumstances, MSRT information may unintentionally contain personal information. For instance, some malware may create entries in a computer’s registry that include information such as a username, causing it to be gathered. MSRT reporting is optional and can be turned off at any time. ### Basic level -The Basic level gathers a limited set of data that’s critical for understanding the device and its configuration. This level also includes the **Security** level data. This level helps to identify problems that can occur on a specific hardware or software configuration. For example, it can help determine if crashes are more frequent on devices with a specific amount of memory or that are running a specific driver version. The Connected User Experience and Telemetry component does not gather telemetry data about System Center, but it can transmit telemetry for other non-Windows applications if they have user consent. +The Basic level gathers a limited set of data that’s critical for understanding the device and its configuration. This level also includes the **Security** level data. This level helps to identify problems that can occur on a specific hardware or software configuration. For example, it can help determine if crashes are more frequent on devices with a specific amount of memory or that are running a specific driver version. The Connected User Experiences and Telemetry component does not gather diagnostic data data about System Center, but it can transmit diagnostic data for other non-Windows applications if they have user consent. -The normal upload range for the Basic telemetry level is between 109 KB - 159 KB per day, per device. +The normal upload range for the Basic diagnostic data level is between 109 KB - 159 KB per day, per device. The data gathered at this level includes: @@ -232,7 +232,7 @@ The data gathered at this level includes: - Storage attributes, such as number of drives, type, and size -- **Connected User Experience and Telemetry component quality metrics**. Helps provide an understanding about how the Connected User Experience and Telemetry component is functioning, including % of uploaded events, dropped events, and the last upload time. +- **Connected User Experiences and Telemetry component quality metrics**. Helps provide an understanding about how the Connected User Experiences and Telemetry component is functioning, including % of uploaded events, dropped events, and the last upload time. - **Quality-related information**. Helps Microsoft develop a basic understanding of how a device and its operating system are performing. Some examples are the device characteristics of a Connected Standby device, the number of crashes or hangs, and application state change details, such as how much processor time and memory were used, and the total uptime for an app. @@ -259,7 +259,7 @@ The Enhanced level gathers data about how Windows and apps are used and how they This is the default level for Windows 10 Enterprise and Windows 10 Education editions, and the minimum level needed to quickly identify and address Windows, Windows Server, and System Center quality issues. -The normal upload range for the Enhanced telemetry level is between 239 KB - 348 KB per day, per device. +The normal upload range for the Enhanced diagnostic data level is between 239 KB - 348 KB per day, per device. The data gathered at this level includes: @@ -271,14 +271,14 @@ The data gathered at this level includes: - **Some crash dump types**. All crash dump types, except for heap dumps and full dumps. -If the Connected User Experience and Telemetry component detects a problem on Windows 10 that requires gathering more detailed instrumentation, the Connected User Experience and Telemetry component at the **Enhanced** telemetry level will only gather data about the events associated with the specific issue. +If the Connected User Experiences and Telemetry component detects a problem on Windows 10 that requires gathering more detailed instrumentation, the Connected User Experiences and Telemetry component at the **Enhanced** diagnostic data level will only gather data about the events associated with the specific issue. #### Limit Enhanced diagnostic data to the minimum required by Windows Analytics Windows Analytics Device Health reports are powered by diagnostic data not included in the **Basic** level, such as crash reports and certain operating system events. In the past, organizations sending **Enhanced** or **Full** level diagnostic data were able to participate in Device Health. However, organizations that required detailed event and field level documentation were unable to move from **Basic** to **Enhanced**. In Windows 10, version 1709, we introduce the **Limit Enhanced diagnostic data to the minimum required by Windows Analytics** feature. When enabled, this feature lets you send only the following subset of **Enhanced** level diagnostic data. For more info about Device Health, see the [Monitor the health of devices with Device Health](https://docs.microsoft.com/windows/deployment/update/device-health-monitor) topic. -- **Operating system events.** Limited to a small set required for analytics reports and documented in the [Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics](https://docs.microsoft.com/windows/configuration/eventname) topic. +- **Operating system events.** Limited to a small set required for analytics reports and documented in the [Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics](https://docs.microsoft.com/windows/configuration/eventname) topic. - **Some crash dump types.** All crash dump types, except for heap and full dumps. @@ -308,7 +308,7 @@ The **Full** level gathers data necessary to identify and to help fix problems, Additionally, at this level, devices opted in to the [Windows Insider Program](http://insider.windows.com) will send events, such as reliability and app responsiveness. that can show Microsoft how pre-release binaries and features are performing. These events help us make decisions on which builds are flighted. All devices in the [Windows Insider Program](http://insider.windows.com) are automatically set to this level. -If a device experiences problems that are difficult to identify or repeat using Microsoft’s internal testing, additional data becomes necessary. This data can include any user content that might have triggered the problem and is gathered from a small sample of devices that have both opted into the **Full** telemetry level and have exhibited the problem. +If a device experiences problems that are difficult to identify or repeat using Microsoft’s internal testing, additional data becomes necessary. This data can include any user content that might have triggered the problem and is gathered from a small sample of devices that have both opted into the **Full** diagnostic data level and have exhibited the problem. However, before more data is gathered, Microsoft’s privacy governance team, including privacy and other subject matter experts, must approve the diagnostics request made by a Microsoft engineer. If the request is approved, Microsoft engineers can use the following capabilities to get the information: @@ -320,27 +320,27 @@ However, before more data is gathered, Microsoft’s privacy governance team, in ## Enterprise management -Sharing telemetry data with Microsoft provides many benefits to enterprises, so we do not recommend turning it off. For most enterprise customers, simply adjusting the telemetry level and managing specific components is the best option. +Sharing diagnostic data data with Microsoft provides many benefits to enterprises, so we do not recommend turning it off. For most enterprise customers, simply adjusting the diagnostic data level and managing specific components is the best option. -Customers can set the telemetry level in both the user interface and with existing management tools. Users can change the telemetry level in the **Diagnostic data** setting. In the **Settings** app, it is in **Privacy\Feedback & diagnostics**. They can choose between Basic, Enhanced, and Full. The Security level is not available. +Customers can set the diagnostic data level in both the user interface and with existing management tools. Users can change the diagnostic data level in the **Diagnostic data** setting. In the **Settings** app, it is in **Privacy\Feedback & diagnostics**. They can choose between Basic, Enhanced, and Full. The Security level is not available. -IT pros can use various methods, including Group Policy and Mobile Device Management (MDM), to choose a telemetry level. If you’re using Windows 10 Enterprise, Windows 10 Education, or Windows Server 2016, the Security telemetry level is available when managing the policy. Setting the telemetry level through policy overrides users’ choices. The remainder of this section describes how to do that. +IT pros can use various methods, including Group Policy and Mobile Device Management (MDM), to choose a diagnostic data level. If you’re using Windows 10 Enterprise, Windows 10 Education, or Windows Server 2016, the Security diagnostic data level is available when managing the policy. Setting the diagnostic data level through policy overrides users’ choices. The remainder of this section describes how to do that. -### Manage your telemetry settings +### Manage your diagnostic data settings -We do not recommend that you turn off telemetry in your organization as valuable functionality may be impacted, but we recognize that in some scenarios this may be required. Use the steps in this section to do so for Windows, Windows Server, and System Center. +We do not recommend that you turn off diagnostic data in your organization as valuable functionality may be impacted, but we recognize that in some scenarios this may be required. Use the steps in this section to do so for Windows, Windows Server, and System Center. > [!IMPORTANT] -> These telemetry levels only apply to Windows, Windows Server, and System Center components and apps that use the Connected User Experience and Telemetry component. Non-Windows components, such as Microsoft Office or other 3rd-party apps, may communicate with their cloud services outside of these telemetry levels. You should work with your app vendors to understand their telemetry policy, and how you can to opt in or opt out. For more information on how Microsoft Office uses telemetry, see [Overview of Office Telemetry](http://technet.microsoft.com/library/jj863580.aspx). +> These diagnostic data levels only apply to Windows, Windows Server, and System Center components and apps that use the Connected User Experiences and Telemetry component. Non-Windows components, such as Microsoft Office or other 3rd-party apps, may communicate with their cloud services outside of these diagnostic data levels. You should work with your app vendors to understand their diagnostic data policy, and how you can to opt in or opt out. For more information on how Microsoft Office uses diagnostic data, see [Overview of Office Telemetry](http://technet.microsoft.com/library/jj863580.aspx). -You can turn on or turn off System Center telemetry gathering. The default is on and the data gathered at this level represents what is gathered by default when System Center telemetry is turned on. However, setting the operating system telemetry level to **Basic** will turn off System Center telemetry, even if the System Center telemetry switch is turned on. +You can turn on or turn off System Center diagnostic data gathering. The default is on and the data gathered at this level represents what is gathered by default when System Center diagnostic data is turned on. However, setting the operating system diagnostic data level to **Basic** will turn off System Center diagnostic data, even if the System Center diagnostic data switch is turned on. -The lowest telemetry setting level supported through management policies is **Security**. The lowest telemetry setting supported through the Settings UI is **Basic**. The default telemetry setting for Windows Server 2016 is **Enhanced**. +The lowest diagnostic data setting level supported through management policies is **Security**. The lowest diagnostic data setting supported through the Settings UI is **Basic**. The default diagnostic data setting for Windows Server 2016 is **Enhanced**. -### Configure the operating system telemetry level +### Configure the operating system diagnostic data level -You can configure your operating system telemetry settings using the management tools you’re already using, such as Group Policy, MDM, or Windows Provisioning. You can also manually change your settings using Registry Editor. Setting your telemetry levels through a management policy overrides any device level settings. +You can configure your operating system diagnostic data settings using the management tools you’re already using, such as Group Policy, MDM, or Windows Provisioning. You can also manually change your settings using Registry Editor. Setting your diagnostic data levels through a management policy overrides any device level settings. Use the appropriate value in the table below when you configure the management policy. @@ -352,9 +352,9 @@ Use the appropriate value in the table below when you configure the management p | Full | Security data, basic system and quality data, enhanced insights and advanced reliability data, and full diagnostics data. | **3** | -### Use Group Policy to set the telemetry level +### Use Group Policy to set the diagnostic data level -Use a Group Policy object to set your organization’s telemetry level. +Use a Group Policy object to set your organization’s diagnostic data level. 1. From the Group Policy Management Console, go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Data Collection and Preview Builds**. @@ -362,11 +362,11 @@ Use a Group Policy object to set your organization’s telemetry level. 3. In the **Options** box, select the level that you want to configure, and then click **OK**. -### Use MDM to set the telemetry level +### Use MDM to set the diagnostic data level Use the [Policy Configuration Service Provider (CSP)](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) to apply the System/AllowTelemetry MDM policy. -### Use Registry Editor to set the telemetry level +### Use Registry Editor to set the diagnostic data level Use Registry Editor to manually set the registry level on each device in your organization or you can write a script to edit the registry. If a management policy already exists, such as Group Policy or MDM, it will override this registry setting. @@ -380,25 +380,25 @@ Use Registry Editor to manually set the registry level on each device in your or 5. Click **File** > **Export**, and then save the file as a .reg file, such as **C:\\AllowTelemetry.reg**. You can run this file from a script on each device in your organization. -### Configure System Center 2016 telemetry +### Configure System Center 2016 diagnostic data -For System Center 2016 Technical Preview, you can turn off System Center telemetry by following these steps: +For System Center 2016 Technical Preview, you can turn off System Center diagnostic data by following these steps: -- Turn off telemetry by using the System Center UI Console settings workspace. +- Turn off diagnostic data by using the System Center UI Console settings workspace. -- For information about turning off telemetry for Service Management Automation and Service Provider Foundation, see [How to disable telemetry for Service Management Automation and Service Provider Foundation](https://support.microsoft.com/kb/3096505). +- For information about turning off diagnostic data for Service Management Automation and Service Provider Foundation, see [How to disable telemetry for Service Management Automation and Service Provider Foundation](https://support.microsoft.com/kb/3096505). -### Additional telemetry controls +### Additional diagnostic data controls -There are a few more settings that you can turn off that may send telemetry information: +There are a few more settings that you can turn off that may send diagnostic data information: -- To turn off Windows Update telemetry, you have two choices. Either turn off Windows Update, or set your devices to be managed by an on premises update server, such as [Windows Server Update Services (WSUS)](http://technet.microsoft.com/library/hh852345.aspx) or [System Center Configuration Manager](http://www.microsoft.com/server-cloud/products/system-center-2012-r2-configuration-manager/). +- To turn off Windows Update diagnostic data, you have two choices. Either turn off Windows Update, or set your devices to be managed by an on premises update server, such as [Windows Server Update Services (WSUS)](http://technet.microsoft.com/library/hh852345.aspx) or [System Center Configuration Manager](http://www.microsoft.com/server-cloud/products/system-center-2012-r2-configuration-manager/). - Turn off **Windows Defender Cloud-based Protection** and **Automatic sample submission** in **Settings** > **Update & security** > **Windows Defender**. - Manage the Malicious Software Removal Tool in your organization. For more info, see Microsoft KB article [891716](http://support.microsoft.com/kb/891716). -- Turn off **Linguistic Data Collection** in **Settings** > **Privacy**. At telemetry levels **Enhanced** and **Full**, Microsoft uses Linguistic Data Collection info to improve language model features such as autocomplete, spellcheck, suggestions, input pattern recognition, and dictionary. +- Turn off **Linguistic Data Collection** in **Settings** > **Privacy**. At diagnostic data levels **Enhanced** and **Full**, Microsoft uses Linguistic Data Collection info to improve language model features such as autocomplete, spellcheck, suggestions, input pattern recognition, and dictionary. > [!NOTE] > Microsoft does not intend to gather sensitive information, such as credit card numbers, usernames and passwords, email addresses, or other similarly sensitive information for Linguistic Data Collection. We guard against such events by using technologies to identify and remove sensitive information before linguistic data is sent from the user's device. If we determine that sensitive information has been inadvertently received, we delete the information. diff --git a/windows/configuration/enhanced-telemetry-windows-analytics-events-and-fields.md b/windows/configuration/enhanced-diagnostic-data-windows-analytics-events-and-fields.md similarity index 94% rename from windows/configuration/enhanced-telemetry-windows-analytics-events-and-fields.md rename to windows/configuration/enhanced-diagnostic-data-windows-analytics-events-and-fields.md index 4463ec973b..385988b6d3 100644 --- a/windows/configuration/enhanced-telemetry-windows-analytics-events-and-fields.md +++ b/windows/configuration/enhanced-diagnostic-data-windows-analytics-events-and-fields.md @@ -1,7 +1,7 @@ --- -description: Use this article to learn more about the enhanced telemetry events used by Windows Analytics +description: Use this article to learn more about the enhanced diagnostic data events used by Windows Analytics title: Windows 10, version 1709 enhanced telemtry events and fields used by Windows Analytics (Windows 10) -keywords: privacy, telemetry +keywords: privacy, diagnostic data ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library @@ -13,15 +13,15 @@ ms.author: jaimeo --- -# Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics +# Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics **Applies to** - Windows 10, version 1709 and later -Windows Analytics Device Health reports are powered by diagnostic data not included in the Basic level. This includes crash reports and certain OS telemetry events. Organizations sending Enhanced or Full level diagnostic data were able to participate in Device Health, but some organizations which required detailed event and field level documentation were unable to move from Basic to Enhanced. +Windows Analytics Device Health reports are powered by diagnostic data not included in the Basic level. This includes crash reports and certain OS diagnostic data events. Organizations sending Enhanced or Full level diagnostic data were able to participate in Device Health, but some organizations which required detailed event and field level documentation were unable to move from Basic to Enhanced. -In Windows 10, version 1709, we introduce a new feature: "Limit Enhanced diagnostic data to the minimum required by Windows Analytics". When enabled, this feature limits the operating system telemetry events included in the Enhanced level to only those described below. Note that the Enhanced level also includes limited crash reports, which are not described below. For more information on the Enhanced level, see [Configure Windows telemetry in your organization](configure-windows-telemetry-in-your-organization.md). +In Windows 10, version 1709, we introduce a new feature: "Limit Enhanced diagnostic data to the minimum required by Windows Analytics". When enabled, this feature limits the operating system diagnostic data events included in the Enhanced level to only those described below. Note that the Enhanced level also includes limited crash reports, which are not described below. For more information on the Enhanced level, see [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md). ## KernelProcess.AppStateChangeSummary diff --git a/windows/configuration/gdpr-win10-whitepaper.md b/windows/configuration/gdpr-win10-whitepaper.md index 434bb0239b..c7dd56e8df 100644 --- a/windows/configuration/gdpr-win10-whitepaper.md +++ b/windows/configuration/gdpr-win10-whitepaper.md @@ -179,7 +179,7 @@ The GDPR includes explicit requirements for breach notification where a personal As noted in the Windows Security Center white paper, [Post Breach: Dealing with Advanced Threats](http://wincom.blob.core.windows.net/documents/Post_Breach_Dealing_with_Advanced_Threats_Whitepaper.pdf), “_Unlike pre-breach, post-breach assumes a breach has already occurred – acting as a flight recorder and Crime Scene Investigator (CSI). Post-breach provides security teams the information and toolset needed to identify, investigate, and respond to attacks that otherwise will stay undetected and below the radar._” -#### Insightful security telemetry +#### Insightful security diagnostic data For nearly two decades, Microsoft has been turning threats into useful intelligence that can help fortify our platform and protect customers. Today, with the immense computing advantages afforded by the cloud, we are finding new ways to use our rich analytics engines driven by threat intelligence to protect our customers. By applying a combination of automated and manual processes, machine learning and human experts, we can create an Intelligent Security Graph that learns from itself and evolves in real-time, reducing our collective time to detect and respond to new incidents across our products. diff --git a/windows/configuration/index.md b/windows/configuration/index.md index f41df7288e..c462632c79 100644 --- a/windows/configuration/index.md +++ b/windows/configuration/index.md @@ -19,11 +19,11 @@ Enterprises often need to apply custom configurations to devices for their users | Topic | Description | | --- | --- | -| [Configure Windows telemetry in your organization](configure-windows-telemetry-in-your-organization.md) | Use this article to make informed decisions about how you can configure Windows telemetry in your organization. | +| [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) | Use this article to make informed decisions about how you can configure Windows diagnostic data in your organization. | | [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md) | Learn about diagnostic data that is collected at the basic level in Windows 10, version 1709. | -|[Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics](enhanced-telemetry-windows-analytics-events-and-fields.md)|Learn about diagnostic data that is collected by Windows Analytics.| +|[Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics](enhanced-diagnostic-data-windows-analytics-events-and-fields.md)|Learn about diagnostic data that is collected by Windows Analytics.| | [Windows 10, version 1703 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md) | Learn about diagnostic data that is collected at the basic level in Windows 10, version 1703. | -| [Windows 10 diagnostic data for the Full telemetry level](windows-diagnostic-data-1703.md) | Learn about the types of data that is collected at the full level in Windows 10, version 1703 and later. | +| [Windows 10 diagnostic data for the Full diagnostic data level](windows-diagnostic-data-1703.md) | Learn about the types of data that is collected at the full level in Windows 10, version 1703 and later. | |[Beginning your General Data Protection Regulation (GDPR) journey for Windows 10](gdpr-win10-whitepaper.md)|Learn about Windows 10 and the upcoming GDPR-compliance requirements.| | [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) | Learn about the network connections that Windows components make to Microsoft and also the privacy settings that affect data that is shared with either Microsoft or apps and how they can be managed by an IT Pro. | | [Manage Wi-Fi Sense in your company](manage-wifi-sense-in-enterprise.md) | Wi-Fi Sense automatically connects you to Wi-Fi, so you can get online quickly in more places. It can connect you to open Wi-Fi hotspots it knows about through crowdsourcing, or to Wi-Fi networks your contacts have shared with you by using Wi-Fi Sense. The initial settings for Wi-Fi Sense are determined by the options you chose when you first set up your PC with Windows 10. | diff --git a/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 3bfd1454ec..a34a6aa5a7 100644 --- a/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -19,13 +19,13 @@ ms.date: 01/29/2018 - Windows 10 - Windows Server 2016 -If you're looking for content on what each telemetry level means and how to configure it in your organization, see [Configure Windows telemetry in your organization](configure-windows-telemetry-in-your-organization.md). +If you're looking for content on what each diagnostic data level means and how to configure it in your organization, see [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md). Learn about the network connections that Windows components make to Microsoft and also the privacy settings that affect data that is shared with either Microsoft or apps and how they can be managed by an IT Pro. -If you want to minimize connections from Windows to Microsoft services, or configure particular privacy settings, this article covers the settings that you could consider. You can configure telemetry at the lowest level for your edition of Windows, and also evaluate which other connections Windows makes to Microsoft services you want to turn off in your environment from the list in this article. +If you want to minimize connections from Windows to Microsoft services, or configure particular privacy settings, this article covers the settings that you could consider. You can configure diagnostic data at the lowest level for your edition of Windows, and also evaluate which other connections Windows makes to Microsoft services you want to turn off in your environment from the list in this article. -You can configure telemetry at the Security level, turn off Windows Defender telemetry and MSRT reporting, and turn off all other connections to Microsoft network endpoints as described in this article to help prevent Windows from sending any data to Microsoft. There are many reasons why these communications are enabled by default, such as updating malware definitions and maintain current certificate revocation lists, which is why we strongly recommend against this. This data helps us deliver a secure, reliable, and more delightful personalized experience. +You can configure diagnostic data at the Security level, turn off Windows Defender diagnostic data and MSRT reporting, and turn off all other connections to Microsoft network endpoints as described in this article to help prevent Windows from sending any data to Microsoft. There are many reasons why these communications are enabled by default, such as updating malware definitions and maintain current certificate revocation lists, which is why we strongly recommend against this. This data helps us deliver a secure, reliable, and more delightful personalized experience. To help make it easier to deploy settings to restrict connections from Windows 10 to Microsoft, you can apply the [Windows Restricted Traffic Limited Functionality Baseline](https://go.microsoft.com/fwlink/?linkid=828887). This baseline was created in the same way as the [Windows security baselines](/windows/device-security/windows-security-baselines) that are often used to efficiently configure Windows to a known secure state. Running the Windows Restricted Traffic Limited Functionality Baseline on devices in your organization will allow you to quickly configure all of the settings covered in this document. However, some of the settings reduce the functionality and security configuration of your device and are therefore not recommended. Make sure should you've chosen the right settings configuration for your environment before applying. You should not extract this package to the windows\\system32 folder because it will not apply correctly. Applying this baseline is equivalent to applying the Windows 10 steps covered in this article. @@ -69,7 +69,7 @@ Here's a list of changes that were made to this article for Windows 10, version ## Management options for each setting -The following sections list the components that make network connections to Microsoft services by default. You can configure these settings to control the data that is sent to Microsoft. To prevent Windows from sending any data to Microsoft, configure telemetry at the Security level, turn off Windows Defender telemetry and MSRT reporting, and turn off all of these connections. +The following sections list the components that make network connections to Microsoft services by default. You can configure these settings to control the data that is sent to Microsoft. To prevent Windows from sending any data to Microsoft, configure diagnostic data at the Security level, turn off Windows Defender diagnostic data and MSRT reporting, and turn off all of these connections. If you're running Windows 10, they will be included in the next update for the Long Term Servicing Branch. @@ -362,7 +362,7 @@ Windows Insider Preview builds only apply to Windows 10 and are not available fo > [!NOTE] -> If you upgrade a device that is configured to minimize connections from Windows to Microsoft services (that is, a device configured for zero exhaust) to a Windows Insider Preview build, the Feedback & Diagnostic setting will automatically be set to **Full**. Although the telemetry level may initially appear as **Basic**, a few hours after the UI is refreshed or the machine is rebooted, the setting will become **Full**. +> If you upgrade a device that is configured to minimize connections from Windows to Microsoft services (that is, a device configured for zero exhaust) to a Windows Insider Preview build, the Feedback & Diagnostic setting will automatically be set to **Full**. Although the diagnostic data level may initially appear as **Basic**, a few hours after the UI is refreshed or the machine is rebooted, the setting will become **Full**. To turn off Insider Preview builds for a released version of Windows 10: @@ -886,7 +886,7 @@ To turn off **Turn on SmartScreen Filter to check web content (URLs) that Micros To turn off **Send Microsoft info about how I write to help us improve typing and writing in the future**: > [!NOTE] -> If the telemetry level is set to either **Basic** or **Security**, this is turned off automatically. +> If the diagnostic data level is set to either **Basic** or **Security**, this is turned off automatically. @@ -1725,7 +1725,7 @@ For Windows 10 only, you can stop Enhanced Notifications: - Turn off the feature in the UI. -You can also use the registry to turn off Malicious Software Reporting Tool telemetry by setting the REG\_DWORD value **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\MRT\\DontReportInfectionInformation** to 1. +You can also use the registry to turn off Malicious Software Reporting Tool diagnostic data by setting the REG\_DWORD value **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\MRT\\DontReportInfectionInformation** to 1. ### 24. Windows Media Player diff --git a/windows/configuration/manage-windows-endpoints-version-1709.md b/windows/configuration/manage-windows-endpoints-version-1709.md index dbecf39d02..1c52da910b 100644 --- a/windows/configuration/manage-windows-endpoints-version-1709.md +++ b/windows/configuration/manage-windows-endpoints-version-1709.md @@ -133,7 +133,7 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper |----------------|----------|------------| | backgroundtaskhost | HTTPS | www.bing.com/proactive/v2/spark?cc=US&setlang=en-US | -The following endpoint is used by Cortana to report diagnostic and telemetry information. +The following endpoint is used by Cortana to report diagnostic and diagnostic data information. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), Microsoft won't be aware of issues with Cortana and won't be able to fix them. | Source process | Protocol | Destination | @@ -175,6 +175,30 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper |----------------|----------|------------| | | | dmd.metaservices.microsoft.com.akadns.net | +## Diagnostic Data + +The following endpoint is used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| svchost | | cy2.vortex.data.microsoft.com.akadns.net | + +The following endpoint is used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| svchost | | v10.vortex-win.data.microsoft.com/collect/v1 | + +The following endpoints are used by Windows Error Reporting. +To turn off traffic for these endpoints, enable the following Group Policy: Administrative Templates > Windows Components > Windows Error Reporting > Disable Windows Error Reporting. This means error reporting information will not be sent back to Microsoft. + +| Source process | Protocol | Destination | +|----------------|----------|------------| +| wermgr | | watson.telemetry.microsoft.com/Telemetry.Request | +| |TLS v1.2 |modern.watson.data.microsoft.com.akadns.net| + ## Font streaming The following endpoints are used to download fonts on demand. @@ -340,7 +364,7 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper |----------------|----------|------------| | dmclient | HTTPS | settings.data.microsoft.com | -The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as Windows Connected User Experience and Telemetry component and Windows Insider Program use it. +The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as Windows Connected User Experiences and Telemetry component and Windows Insider Program use it. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), an app that uses this endpoint may stop working. | Source process | Protocol | Destination | @@ -355,29 +379,7 @@ The following endpoint is used to retrieve Skype configuration values. To turn o |----------------|----------|------------| |microsoft.windowscommunicationsapps.exe | HTTPS | config.edge.skype.com | -## Telemetry -The following endpoint is used by the Connected User Experience and Telemetry component and connects to the Microsoft Data Management service. -If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft. - -| Source process | Protocol | Destination | -|----------------|----------|------------| -| svchost | | cy2.vortex.data.microsoft.com.akadns.net | - -The following endpoint is used by the Connected User Experience and Telemetry component and connects to the Microsoft Data Management service. -If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft. - -| Source process | Protocol | Destination | -|----------------|----------|------------| -| svchost | | v10.vortex-win.data.microsoft.com/collect/v1 | - -The following endpoints are used by Windows Error Reporting. -To turn off traffic for these endpoints, enable the following Group Policy: Administrative Templates > Windows Components > Windows Error Reporting > Disable Windows Error Reporting. This means error reporting information will not be sent back to Microsoft. - -| Source process | Protocol | Destination | -|----------------|----------|------------| -| wermgr | | watson.telemetry.microsoft.com/Telemetry.Request | -| |TLS v1.2 |modern.watson.data.microsoft.com.akadns.net| ## Windows Defender diff --git a/windows/configuration/set-up-shared-or-guest-pc.md b/windows/configuration/set-up-shared-or-guest-pc.md index 7db69cb00b..196d95eb81 100644 --- a/windows/configuration/set-up-shared-or-guest-pc.md +++ b/windows/configuration/set-up-shared-or-guest-pc.md @@ -50,7 +50,7 @@ Apps can take advantage of shared PC mode with the following three APIs: - [IsEnabled](https://docs.microsoft.com/uwp/api/windows.system.profile.sharedmodesettings) - This informs apps when the PC has been configured for shared use scenarios. For example, an app might only download content on demand on a device in shared PC mode, or might skip first run experiences. - [ShouldAvoidLocalStorage](https://docs.microsoft.com/uwp/api/windows.system.profile.sharedmodesettings) - This informs apps when the PC has been configured to not allow the user to save to the local storage of the PC. Instead, only cloud save locations should be offered by the app or saved automatically by the app. -- [IsEducationEnvironment](https://docs.microsoft.com/uwp/api/windows.system.profile.educationsettings) - This informs apps when the PC is used in an education environment. Apps may want to handle telemetry differently or hide advertising functionality. +- [IsEducationEnvironment](https://docs.microsoft.com/uwp/api/windows.system.profile.educationsettings) - This informs apps when the PC is used in an education environment. Apps may want to handle diagnostic data differently or hide advertising functionality. ###Customization diff --git a/windows/configuration/wcd/wcd-connectivityprofiles.md b/windows/configuration/wcd/wcd-connectivityprofiles.md index 5c8c80dffc..0073f13e81 100644 --- a/windows/configuration/wcd/wcd-connectivityprofiles.md +++ b/windows/configuration/wcd/wcd-connectivityprofiles.md @@ -166,7 +166,7 @@ The **Config** settings are initial settings that can be overwritten when settin ### SystemCapabilities -You can use these settings to configure system capabilities for Wi-Fi adapters, which is a new functionality in Windows 10. These system capabilities are added at image time to ensure that the information is at its most accurate. The capabilities allow the OS to have a better understanding of the underlying hardware that it's running on. Telemetry data is generated by the system to provide data that can be used to diagnose both software and hardware issues. +You can use these settings to configure system capabilities for Wi-Fi adapters, which is a new functionality in Windows 10. These system capabilities are added at image time to ensure that the information is at its most accurate. The capabilities allow the OS to have a better understanding of the underlying hardware that it's running on. Diagnostic data data is generated by the system to provide data that can be used to diagnose both software and hardware issues. | Setting | Description | | --- | --- | diff --git a/windows/configuration/wcd/wcd-policies.md b/windows/configuration/wcd/wcd-policies.md index d95ae64429..25f5b58fc5 100644 --- a/windows/configuration/wcd/wcd-policies.md +++ b/windows/configuration/wcd/wcd-policies.md @@ -372,10 +372,10 @@ This section describes the **Policies** settings that you can configure in [prov | [AllowExperimentation](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowexperimentation) | Determine the level that Microsoft can experiment with the product to study user preferences or device behavior. | X | X | | | | | [AllowLocation](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowlocation) | Specify whether to allow app access to the Location service. | X | X | X | X | X | | [AllowStorageCard](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowstoragecard) | Specify whether the user is allowed to use the storage card for device storage. | X | X | X | X | X | -| [AllowTelemetry](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowtelemetry) | Allow the device to send diagnostic and useage telemetry data. | X | X | | | | +| [AllowTelemetry](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowtelemetry) | Allow the device to send diagnostic and usage data. | X | X | | | | | [AllowUserToResetPhone](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowusertoresetphone) | Allow the user to factory reset the phone. | X | X | | | | | [DisableOneDriveFileSync](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-disableonedrivefilesync) | Prevent apps and features from working with files on OneDrive. | X | | | | | -| [LimitEnhancedDiagnosticDataWindowsAnalytics](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics) | This policy setting, in combination with the System/AllowTelemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. To enable this behavior you must enable this policy setting, and set Allow Telemetry to level 2 (Enhanced). When you configure these policy settings, a basic level of diagnostic data plus additional events that are required for Windows Analytics are sent to Microsoft. These events are documented in [Windows 10, version 1703 basic level Windows diagnostic events and fields](https://go.microsoft.com/fwlink/?linkid=847594). Enabling enhanced diagnostic data in the System/AllowTelemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus additional enhanced level telemetry data. This setting has no effect on computers configured to send full, basic or security level diagnostic data to Microsoft. If you disable or do not configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy. | X | X | | | | +| [LimitEnhancedDiagnosticDataWindowsAnalytics](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics) | This policy setting, in combination with the System/AllowTelemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. To enable this behavior you must enable this policy setting, and set Allow Telemetry to level 2 (Enhanced). When you configure these policy settings, a basic level of diagnostic data plus additional events that are required for Windows Analytics are sent to Microsoft. These events are documented in [Windows 10, version 1703 basic level Windows diagnostic events and fields](https://go.microsoft.com/fwlink/?linkid=847594). Enabling enhanced diagnostic data in the System/AllowTelemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus additional enhanced level diagnostic data. This setting has no effect on computers configured to send full, basic or security level diagnostic data to Microsoft. If you disable or do not configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy. | X | X | | | | ## TextInput diff --git a/windows/configuration/windows-diagnostic-data-1703.md b/windows/configuration/windows-diagnostic-data-1703.md index bb63c4b710..954a8fc5e0 100644 --- a/windows/configuration/windows-diagnostic-data-1703.md +++ b/windows/configuration/windows-diagnostic-data-1703.md @@ -1,6 +1,6 @@ --- -title: Windows 10 diagnostic data for the Full telemetry level (Windows 10) -description: Use this article to learn about the types of data that is collected the the Full telemetry level. +title: Windows 10 diagnostic data for the Full diagnostic data level (Windows 10) +description: Use this article to learn about the types of data that is collected the the Full diagnostic data level. keywords: privacy,Windows 10 ms.prod: w10 ms.mktglfcycl: manage @@ -11,12 +11,12 @@ ms.author: lizross ms.date: 04/05/2017 --- -# Windows 10 diagnostic data for the Full telemetry level +# Windows 10 diagnostic data for the Full diagnostic data level **Applies to:** - Windows 10, version 1703 and later -Microsoft collects Windows diagnostic data to keep Windows up-to-date, secure, and operating properly. It also helps us improve Windows and, for users who have turned on “tailored experiences”, can be used to provide more relevant tips and recommendations to tailor Microsoft products to the user’s needs. This article describes all types diagnostic data collected by Windows at the Full telemetry level (inclusive of data collected at Basic), with comprehensive examples of data we collect per each type. For additional, detailed technical descriptions of Basic data items, see [Windows 10, version 1709 Basic level diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md) and [Windows 10, version 1703 Basic level diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md). +Microsoft collects Windows diagnostic data to keep Windows up-to-date, secure, and operating properly. It also helps us improve Windows and, for users who have turned on “tailored experiences”, can be used to provide more relevant tips and recommendations to tailor Microsoft products to the user’s needs. This article describes all types diagnostic data collected by Windows at the Full diagnostic data level (inclusive of data collected at Basic), with comprehensive examples of data we collect per each type. For additional, detailed technical descriptions of Basic data items, see [Windows 10, version 1709 Basic level diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md) and [Windows 10, version 1703 Basic level diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md). The data covered in this article is grouped into the following categories: diff --git a/windows/deployment/deploy.md b/windows/deployment/deploy.md index 10dc612bdb..2040ebf2d1 100644 --- a/windows/deployment/deploy.md +++ b/windows/deployment/deploy.md @@ -21,7 +21,7 @@ Windows 10 upgrade options are discussed and information is provided about plann |[Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md) |This topic provides information about support for upgrading directly to Windows 10 from a previous operating system. | |[Windows 10 edition upgrade](upgrade/windows-10-edition-upgrades.md) |This topic provides information about support for upgrading from one edition of Windows 10 to another. | |[Windows 10 volume license media](windows-10-media.md) |This topic provides information about updates to volume licensing media in the current version of Windows 10. | -|[Manage Windows upgrades with Upgrade Readiness](upgrade/manage-windows-upgrades-with-upgrade-readiness.md) |With Upgrade Readiness, enterprises now have the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With Windows telemetry enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded. | +|[Manage Windows upgrades with Upgrade Readiness](upgrade/manage-windows-upgrades-with-upgrade-readiness.md) |With Upgrade Readiness, enterprises now have the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With Windows diagnostic data enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded. | |[Windows 10 deployment test lab](windows-10-poc.md) |This guide contains instructions to configure a proof of concept (PoC) environment requiring a minimum amount of resources. The guide makes extensive use of Windows PowerShell and Hyper-V. Subsequent companion guides contain steps to deploy Windows 10 using the PoC environment. After completing this guide, additional guides are provided to deploy Windows 10 in the test lab using [Microsoft Deployment Toolkit](windows-10-poc-mdt.md) or [System Center Configuration Manager](windows-10-poc-sc-config-mgr.md). | |[Plan for Windows 10 deployment](planning/index.md) | This section describes Windows 10 deployment considerations and provides information to assist in Windows 10 deployment planning. | |[Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md) |This guide will walk you through the process of deploying Windows 10 in an enterprise environment using the Microsoft Deployment Toolkit (MDT). | diff --git a/windows/deployment/index.md b/windows/deployment/index.md index fe0e5d5f08..f63641d04f 100644 --- a/windows/deployment/index.md +++ b/windows/deployment/index.md @@ -32,7 +32,7 @@ Windows 10 upgrade options are discussed and information is provided about plann |[Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md) |This topic provides information about support for upgrading directly to Windows 10 from a previous operating system. | |[Windows 10 edition upgrade](upgrade/windows-10-edition-upgrades.md) |This topic provides information about support for upgrading from one edition of Windows 10 to another. | |[Windows 10 volume license media](windows-10-media.md) |This topic provides information about media available in the Microsoft Volume Licensing Service Center. | -|[Manage Windows upgrades with Upgrade Readiness](upgrade/manage-windows-upgrades-with-upgrade-readiness.md) |With Upgrade Readiness, enterprises now have the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With Windows telemetry enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded. | +|[Manage Windows upgrades with Upgrade Readiness](upgrade/manage-windows-upgrades-with-upgrade-readiness.md) |With Upgrade Readiness, enterprises now have the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With Windows diagnostic data enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded. | |[Windows 10 deployment test lab](windows-10-poc.md) |This guide contains instructions to configure a proof of concept (PoC) environment requiring a minimum amount of resources. The guide makes extensive use of Windows PowerShell and Hyper-V. Subsequent companion guides contain steps to deploy Windows 10 using the PoC environment. After completing this guide, additional guides are provided to deploy Windows 10 in the test lab using [Microsoft Deployment Toolkit](windows-10-poc-mdt.md) or [System Center Configuration Manager](windows-10-poc-sc-config-mgr.md). | |[Plan for Windows 10 deployment](planning/index.md) | This section describes Windows 10 deployment considerations and provides information to assist in Windows 10 deployment planning. | |[Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md) |This guide will walk you through the process of deploying Windows 10 in an enterprise environment using the Microsoft Deployment Toolkit (MDT). | diff --git a/windows/deployment/planning/act-technical-reference.md b/windows/deployment/planning/act-technical-reference.md index 3d541198b1..a84f82eb0a 100644 --- a/windows/deployment/planning/act-technical-reference.md +++ b/windows/deployment/planning/act-technical-reference.md @@ -20,7 +20,7 @@ We've replaced the majority of functionality included in the Application Compati Microsoft developed Upgrade Analytics in response to demand from enterprise customers looking for additional direction and details about upgrading to Windows 10. Upgrade Analytics was built taking into account multiple channels of customer feedback, testing, and Microsoft’s experience upgrading millions of devices to Windows 10. -With Windows telemetry enabled, Upgrade Analytics collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. +With Windows diagnostic data enabled, Upgrade Analytics collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. Use Upgrade Analytics to get: - A visual workflow that guides you from pilot to production diff --git a/windows/deployment/update/device-health-get-started.md b/windows/deployment/update/device-health-get-started.md index 54f3d47f42..9350288947 100644 --- a/windows/deployment/update/device-health-get-started.md +++ b/windows/deployment/update/device-health-get-started.md @@ -23,17 +23,17 @@ Steps are provided in sections that follow the recommended setup process: Device Health has the following requirements: 1. Device Health is currently only compatible with Windows 10 and Windows Server 2016 devices. The solution is intended to be used with desktop devices (Windows 10 workstations and laptops). -2. The solution requires that at least the [enhanced level of telemetry](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization#basic-level) is enabled on all devices that are intended to be displayed in the solution. To learn more about Windows telemetry, see [Configure Windows telemetry in your organization](/windows/configuration/configure-windows-telemetry-in-your-organization). -3. The telemetry of your organization’s Windows devices must be successfully transmitted to Microsoft. Microsoft has specified [endpoints for each of the telemetry services](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization#endpoints), which must be whitelisted by your organization so the data can be transmitted. The following table is taken from the article on telemetry endpoints and summarizes the use of each endpoint: +2. The solution requires that at least the [enhanced level of diagnostic data](https://technet.microsoft.com/itpro/windows/manage/configure-windows-diagnostic-data-in-your-organization#basic-level) is enabled on all devices that are intended to be displayed in the solution. To learn more about Windows diagnostic data, see [Configure Windows diagnostic data in your organization](/windows/configuration/configure-windows-diagnostic-data-in-your-organization). +3. The diagnostic data of your organization’s Windows devices must be successfully transmitted to Microsoft. Microsoft has specified [endpoints for each of the diagnostic data services](https://technet.microsoft.com/itpro/windows/manage/configure-windows-diagnostic-data-in-your-organization#endpoints), which must be whitelisted by your organization so the data can be transmitted. The following table is taken from the article on diagnostic data endpoints and summarizes the use of each endpoint: Service | Endpoint --- | --- -Connected User Experience and Telemetry component | v10.vortex-win.data.microsoft.com
    settings-win.data.microsoft.com +Connected User Experiences and Telemetry component | v10.vortex-win.data.microsoft.com
    settings-win.data.microsoft.com Windows Error Reporting | watson.telemetry.microsoft.com Online Crash Analysis | oca.telemetry.microsoft.com >[!NOTE] -> If your deployment includes devices running Windows 10 versions prior to Windows 10, version 1703, you must **exclude** *authentication* for the endpoints listed in Step 3. Windows Error Reporting did not support authenticating proxies until Windows 10, version 1703. See [Configure Windows telemetry in your organization](/windows/configuration/configure-windows-telemetry-in-your-organization) for steps to exclude authentication for these endpoints. +> If your deployment includes devices running Windows 10 versions prior to Windows 10, version 1703, you must **exclude** *authentication* for the endpoints listed in Step 3. Windows Error Reporting did not support authenticating proxies until Windows 10, version 1703. See [Configure Windows diagnostic data in your organization](/windows/configuration/configure-windows-diagnostic-data-in-your-organization) for steps to exclude authentication for these endpoints. ## Add Device Health to Microsoft Operations Management Suite @@ -79,7 +79,7 @@ After you have added Device Health and devices have a Commercial ID, you will be >[!NOTE] >You can unsubscribe from the Device Health solution if you no longer want to monitor your organization’s devices. User device data will continue to be shared with Microsoft while the opt-in keys are set on user devices and the proxy allows traffic. -## Deploy your Commercial ID to your Windows 10 devices and set the telemetry level +## Deploy your Commercial ID to your Windows 10 devices and set the diagnostic data level In order for your devices to show up in Windows Analytics: Device Health, they must be configured with your organization’s Commercial ID. This is so that Microsoft knows that a given device is a member of your organization and to feed that device’s data back to you. There are two primary methods for widespread deployment of your Commercial ID: Group Policy and Mobile Device Management (MDM). @@ -114,7 +114,7 @@ If you need further information on Windows Error Reporting (WER) settings, see [ Devices must be able to reach the endpoints specified in the "Device Health prerequisites" section of this topic. >[!NOTE] -> If your deployment includes devices running Windows 10 versions prior to Windows 10, version 1703, you must **exclude** *authentication* for the endpoints listed in Step 3 of the "Device Health prerequisites" section of this topic. Windows Error Reporting did not support authenticating proxies until Windows 10, version 1703. (If you need more information about telemetry endpoints and how to manage them, see [Configure Windows telemetry in your organization](https://docs.microsoft.com/windows/configuration/configure-windows-telemetry-in-your-organization). +> If your deployment includes devices running Windows 10 versions prior to Windows 10, version 1703, you must **exclude** *authentication* for the endpoints listed in Step 3 of the "Device Health prerequisites" section of this topic. Windows Error Reporting did not support authenticating proxies until Windows 10, version 1703. (If you need more information about diagnostic data endpoints and how to manage them, see [Configure Windows diagnostic data in your organization](https://docs.microsoft.com/windows/configuration/configure-windows-diagnostic-data-in-your-organization). If you are using proxy server authentication, it is worth taking extra care to check the configuration. Prior to Windows 10, version 1703, WER uploads error reports in the machine context. Both user (typically authenticated) and machine (typically anonymous) contexts require access through proxy servers to the diagnostic endpoints. In Windows 10, version 1703, and later WER will attempt to use the context of the user that is logged on for proxy authentication such that only the user account requires proxy access. diff --git a/windows/deployment/update/device-health-monitor.md b/windows/deployment/update/device-health-monitor.md index 2c35b7f05e..078a95742a 100644 --- a/windows/deployment/update/device-health-monitor.md +++ b/windows/deployment/update/device-health-monitor.md @@ -19,7 +19,7 @@ Device Health is the newest Windows Analytics solution that complements the exis Like Upgrade Readiness and Update Compliance, Device Health is a solution built within Operations Management Suite (OMS), a cloud-based monitoring and automation service that has a flexible servicing subscription based on data usage and retention. This release is free for customers to try and will not incur charges on your OMS workspace for its use. For more information about OMS, see [Operations Management Suite overview](http://azure.microsoft.com/en-us/documentation/articles/operations-management-suite-overview/). -Device Health uses Windows diagnostic data that is part of all Windows 10 devices. If you have already employed Upgrade Readiness or Update Compliance solutions, all you need to do is select Device Health from the OMS solution gallery and add it to your OMS workspace. Device Health requires enhanced telemetry, so you might need to implement this policy if you've not already done so. +Device Health uses Windows diagnostic data that is part of all Windows 10 devices. If you have already employed Upgrade Readiness or Update Compliance solutions, all you need to do is select Device Health from the OMS solution gallery and add it to your OMS workspace. Device Health requires enhanced diagnostic data, so you might need to implement this policy if you've not already done so. Device Health provides the following: @@ -27,7 +27,7 @@ Device Health provides the following: - Identification of devices that crash frequently, and therefore might need to be rebuilt or replaced - Identification of device drivers that are causing device crashes, with suggestions of alternative versions of those drivers that might reduce the number of crashes - Notification of Windows Information Protection misconfigurations that send prompts to end users -- No need for new complex customized infrastructure, thanks to cloud-connected access using Windows 10 telemetry +- No need for new complex customized infrastructure, thanks to cloud-connected access using Windows 10 diagnostic data See the following topics in this guide for detailed information about configuring and using the Device Health solution: @@ -56,10 +56,10 @@ The Device Health architecture and data flow is summarized by the following five -**(1)** User computers send telemetry data to a secure Microsoft data center using the Microsoft Data Management Service.
    -**(2)** Telemetry data is analyzed by the Microsoft Telemetry Service.
    -**(3)** Telemetry data is pushed from the Microsoft Telemetry Service to your OMS workspace.
    -**(4)** Telemetry data is available in the Device Health solution.
    +**(1)** User computers send diagnostic data to a secure Microsoft data center using the Microsoft Data Management Service.
    +**(2)** Diagnostic data is analyzed by the Microsoft Telemetry Service.
    +**(3)** Diagnostic data is pushed from the Microsoft Telemetry Service to your OMS workspace.
    +**(4)** Diagnostic data is available in the Device Health solution.
    **(5)** You are now able to proactively monitor Device Health issues in your environment.
    These steps are illustrated in following diagram: @@ -67,7 +67,7 @@ These steps are illustrated in following diagram: [![](images/analytics-architecture.png)](images/analytics-architecture.png) >[!NOTE] ->This process assumes that Windows telemetry is enabled and you [have assigned your Commercial ID to devices](update-compliance-get-started.md#deploy-your-commercial-id-to-your-windows-10-devices). +>This process assumes that Windows diagnostic data is enabled and you [have assigned your Commercial ID to devices](update-compliance-get-started.md#deploy-your-commercial-id-to-your-windows-10-devices). diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md index 9a98859652..ead61e2d95 100644 --- a/windows/deployment/update/update-compliance-get-started.md +++ b/windows/deployment/update/update-compliance-get-started.md @@ -24,19 +24,19 @@ Steps are provided in sections that follow the recommended setup process: Update Compliance has the following requirements: 1. Update Compliance is currently only compatible with Windows 10 devices. The solution is intended to be used with desktop devices (Windows 10 workstations and laptops). -2. The solution requires that Windows 10 telemetry is enabled on all devices that are intended to be displayed in the solution. These devices must have at least the [basic level of telemetry](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization#basic-level) enabled. To learn more about Windows telemetry, see [Configure Windows telemetry in your organization](/windows/configuration/configure-windows-telemetry-in-your-organization). -3. The telemetry of your organization’s Windows devices must be successfully transmitted to Microsoft. Microsoft has specified [endpoints for each of the telemetry services](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization#endpoints), which must be whitelisted by your organization so the data can be transmitted. The following table is taken from the article on telemetry endpoints and summarizes the use of each endpoint: +2. The solution requires that Windows 10 diagnostic data is enabled on all devices that are intended to be displayed in the solution. These devices must have at least the [basic level of diagnostic data](/configuration/configure-windows-diagnostic-data-in-your-organization#basic-level) enabled. To learn more about Windows diagnostic data, see [Configure Windows diagnostic data in your organization](/windows/configuration/configure-windows-diagnostic-data-in-your-organization). +3. The diagnostic data of your organization’s Windows devices must be successfully transmitted to Microsoft. Microsoft has specified [endpoints for each of the diagnostic data services](/configuration/configure-windows-diagnostic-data-in-your-organization#endpoints), which must be whitelisted by your organization so the data can be transmitted. The following table is taken from the article on diagnostic data endpoints and summarizes the use of each endpoint: Service | Endpoint --- | --- - Connected User Experience and Telemetry component | v10.vortex-win.data.microsoft.com
    settings-win.data.microsoft.com + Connected User Experiences and Telemetry component | v10.vortex-win.data.microsoft.com
    settings-win.data.microsoft.com Windows Error Reporting | watson.telemetry.microsoft.com Online Crash Analysis | oca.telemetry.microsoft.com 4. To use Windows Defender Antivirus Assessment, devices must be protected by Windows Defender AV (and not a 3rd party AV program), and must have enabled [cloud-delivered protection](/windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus). See the [Troublehsoot Windows Defender Antivirus reporting](/windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md) topic for help on ensuring the configuration is correct. - For endpoints running Windows 10, version 1607 or earlier, [Windows telemetry must also be set to **Enhanced**](https://docs.microsoft.com/en-us/windows/configuration/configure-windows-telemetry-in-your-organization#enhanced-level), to be compatible with Windows Defender Antivirus. + For endpoints running Windows 10, version 1607 or earlier, [Windows diagnostic data must also be set to **Enhanced**](https://docs.microsoft.com/en-us/windows/configuration/configure-windows-diagnostic-data-in-your-organization#enhanced-level), to be compatible with Windows Defender Antivirus. See the [Windows Defender Antivirus in Windows 10](/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) content library for more information on enabling, configuring, and validating Windows Defender AV. @@ -74,7 +74,7 @@ If you are not yet using OMS, use the following steps to subscribe to OMS Update ![OMS workspace with new Update Compliance tile on the right side highlighted](images/uc-09a.png) 9. Click **Subscribe** to subscribe to OMS Update Compliance. You will then need to distribute your Commercial ID across all your organization’s devices. More information on the Commercial ID is provided below. - ![Series of blades showing Connected Sources, Windows Telemetry, and Upgrade Analytics solution with Subscribe button](images/uc-10a.png) + ![Series of blades showing Connected Sources, Windows Diagnostic Data, and Upgrade Analytics solution with Subscribe button](images/uc-10a.png) After you are subscribed to OMS Update Compliance and your devices have a Commercial ID, you will begin receiving data. It will typically take 24 hours for the first data to begin appearing. The following section explains how to deploy your Commercial ID to your Windows 10 devices. diff --git a/windows/deployment/update/update-compliance-monitor.md b/windows/deployment/update/update-compliance-monitor.md index 30bf291b67..cc368c6633 100644 --- a/windows/deployment/update/update-compliance-monitor.md +++ b/windows/deployment/update/update-compliance-monitor.md @@ -19,7 +19,7 @@ With Windows 10, organizations need to change the way they approach monitoring a Update Compliance is a solution built within Operations Management Suite (OMS), a cloud-based monitoring and automation service which has a flexible servicing subscription based off data usage/retention. For more information about OMS, see [Operations Management Suite overview](http://azure.microsoft.com/documentation/articles/operations-management-suite-overview/). -Update Compliance uses the Windows telemetry that is part of all Windows 10 devices. It collects system data including update installation progress, Windows Update for Business (WUfB) configuration data, Windows Defender Antivirus data, and other update-specific information, and then sends this data privately to a secure cloud to be stored for analysis and usage within the solution. +Update Compliance uses the Windows diagnostic data that is part of all Windows 10 devices. It collects system data including update installation progress, Windows Update for Business (WUfB) configuration data, Windows Defender Antivirus data, and other update-specific information, and then sends this data privately to a secure cloud to be stored for analysis and usage within the solution. Update Compliance provides the following: @@ -28,7 +28,7 @@ Update Compliance provides the following: - The ability to track protection and threat status for Windows Defender Antivirus-enabled devices - An overview of WUfB deferral configurations (Windows 10 Anniversary Update [1607] and later) - Powerful built-in [log analytics](https://www.microsoft.com/en-us/cloud-platform/insight-and-analytics?WT.srch=1&WT.mc_id=AID529558_SEM_%5B_uniqid%5D&utm_source=Bing&utm_medium=CPC&utm_term=log%20analytics&utm_campaign=Hybrid_Cloud_Management) to create useful custom queries -- Cloud-connected access utilizing Windows 10 telemetry means no need for new complex, customized infrastructure +- Cloud-connected access utilizing Windows 10 diagnostic data means no need for new complex, customized infrastructure See the following topics in this guide for detailed information about configuring and using the Update Compliance solution: @@ -43,10 +43,10 @@ An overview of the processes used by the Update Compliance solution is provided The Update Compliance architecture and data flow is summarized by the following five-step process: -**(1)** User computers send telemetry data to a secure Microsoft data center using the Microsoft Data Management Service.
    -**(2)** Telemetry data is analyzed by the Update Compliance Data Service.
    -**(3)** Telemetry data is pushed from the Update Compliance Data Service to your OMS workspace.
    -**(4)** Telemetry data is available in the Update Compliance solution.
    +**(1)** User computers send diagnostic data to a secure Microsoft data center using the Microsoft Data Management Service.
    +**(2)** Diagnostic data is analyzed by the Update Compliance Data Service.
    +**(3)** Diagnostic data is pushed from the Update Compliance Data Service to your OMS workspace.
    +**(4)** Diagnostic data is available in the Update Compliance solution.
    **(5)** You are able to monitor and troubleshoot Windows updates and Windows Defender AV in your environment.
    These steps are illustrated in following diagram: @@ -54,7 +54,7 @@ These steps are illustrated in following diagram: ![Update Compliance architecture](images/uc-01-wdav.png) >[!NOTE] ->This process assumes that Windows telemetry is enabled and you [have assigned your Commercial ID to devices](update-compliance-get-started.md#deploy-your-commercial-id-to-your-windows-10-devices). +>This process assumes that Windows diagnostic data is enabled and you [have assigned your Commercial ID to devices](update-compliance-get-started.md#deploy-your-commercial-id-to-your-windows-10-devices). diff --git a/windows/deployment/update/update-compliance-using.md b/windows/deployment/update/update-compliance-using.md index c97cf7439d..fe2d443d21 100644 --- a/windows/deployment/update/update-compliance-using.md +++ b/windows/deployment/update/update-compliance-using.md @@ -16,7 +16,7 @@ In this section you'll learn how to use Update Compliance to monitor your device Update Compliance: -- Uses telemetry gathered from user devices to form an all-up view of Windows 10 devices in your organization. +- Uses diagnostic data gathered from user devices to form an all-up view of Windows 10 devices in your organization. - Enables you to maintain a high-level perspective on the progress and status of updates across all devices. - Provides a workflow that can be used to quickly identify which devices require attention. - Enables you to track deployment compliance targets for updates. diff --git a/windows/deployment/update/waas-configure-wufb.md b/windows/deployment/update/waas-configure-wufb.md index 2fda260e22..f705f7b85f 100644 --- a/windows/deployment/update/waas-configure-wufb.md +++ b/windows/deployment/update/waas-configure-wufb.md @@ -28,7 +28,7 @@ ms.date: 10/13/2017 You can use Group Policy or your mobile device management (MDM) service to configure Windows Update for Business settings for your devices. The sections in this topic provide the Group Policy and MDM policies for Windows 10, version 1511 and above. The MDM policies use the OMA-URI setting from the [Policy CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962.aspx). >[!IMPORTANT] ->For Windows Update for Business policies to be honored, the Telemetry level of the device must be set to **1 (Basic)** or higher. If it is set to **0 (Security)**, Windows Update for Business policies will have no effect. For instructions, see [Configure the operating system telemetry level](https://technet.microsoft.com/en-us/itpro/windows/manage/configure-windows-telemetry-in-your-organization#configure-the-operating-system-telemetry-level). +>For Windows Update for Business policies to be honored, the Diagnostic Data level of the device must be set to **1 (Basic)** or higher. If it is set to **0 (Security)**, Windows Update for Business policies will have no effect. For instructions, see [Configure the operating system diagnostic data level](https://technet.microsoft.com/en-us/itpro/windows/manage/configure-windows-diagnostic-data-in-your-organization#configure-the-operating-system-diagnostic-data-level). Some Windows Update for Business policies are not applicable or behave differently for devices running Windows 10 Mobile Enterprise. Specifically, policies pertaining to Feature Updates will not be applied to Windows 10 Mobile Enterprise. All Windows 10 Mobile updates are recognized as Quality Updates, and can only be deferred or paused using the Quality Update policy settings. Additional information is provided in this topic and in [Deploy updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile](waas-mobile-updates.md). diff --git a/windows/deployment/update/waas-manage-updates-wufb.md b/windows/deployment/update/waas-manage-updates-wufb.md index e0d006761b..e26cc352fc 100644 --- a/windows/deployment/update/waas-manage-updates-wufb.md +++ b/windows/deployment/update/waas-manage-updates-wufb.md @@ -121,7 +121,7 @@ Windows Update for Business was first made available in Windows 10, version 1511 ## Monitor Windows Updates using Update Compliance -Update Compliance, now **available in public preview**, provides a holistic view of OS update compliance, update deployment progress, and failure troubleshooting for Windows 10 devices. This new service uses telemetry data including installation progress, Windows Update configuration, and other information to provide such insights, at no extra cost and without additional infrastructure requirements. Whether used with Windows Update for Business or other management tools, you can be assured that your devices are properly updated. +Update Compliance, now **available in public preview**, provides a holistic view of OS update compliance, update deployment progress, and failure troubleshooting for Windows 10 devices. This new service uses diagnostic data including installation progress, Windows Update configuration, and other information to provide such insights, at no extra cost and without additional infrastructure requirements. Whether used with Windows Update for Business or other management tools, you can be assured that your devices are properly updated. ![Update Compliance Dashboard](images/waas-wufb-update-compliance.png) diff --git a/windows/deployment/update/waas-overview.md b/windows/deployment/update/waas-overview.md index 6c80c9612e..3452191682 100644 --- a/windows/deployment/update/waas-overview.md +++ b/windows/deployment/update/waas-overview.md @@ -45,7 +45,7 @@ One of the biggest challenges for organizations when it comes to deploying a new Application compatibility testing has historically been a burden when approaching a Windows deployment or upgrade. With Windows 10, application compatibility from the perspective of desktop applications, websites, and apps built on the Universal Windows Platform (UWP) has improved tremendously. Microsoft understands the challenges organizations experienced when they migrated from the Windows XP operating system to Windows 7 and has been working to make Windows 10 upgrades a much better experience. -Most Windows 7–compatible desktop applications will be compatible with Windows 10 straight out of the box. Windows 10 achieved such high compatibility because the changes in the existing Win32 application programming interfaces were minimal. Combined with valuable feedback via the Windows Insider Program and telemetry data, this level of compatibility can be maintained through each feature update. As for websites, Windows 10 includes Internet Explorer 11 and its backward-compatibility modes for legacy websites. Finally, UWP apps follow a compatibility story similar to desktop applications, so most of them will be compatible with Windows 10. +Most Windows 7–compatible desktop applications will be compatible with Windows 10 straight out of the box. Windows 10 achieved such high compatibility because the changes in the existing Win32 application programming interfaces were minimal. Combined with valuable feedback via the Windows Insider Program and diagnostic data, this level of compatibility can be maintained through each feature update. As for websites, Windows 10 includes Internet Explorer 11 and its backward-compatibility modes for legacy websites. Finally, UWP apps follow a compatibility story similar to desktop applications, so most of them will be compatible with Windows 10. For the most important business-critical applications, organizations should still perform testing on a regular basis to validate compatibility with new builds. For remaining applications, consider validating them as part of a pilot deployment process to reduce the time spent on compatibility testing. If it’s unclear whether an application is compatible with Windows 10, IT pros can either consult with the ISV or check the supported software directory at [http://www.readyforwindows.com](http://www.readyforwindows.com). diff --git a/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness.md b/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness.md index 96bec400be..bd9b717522 100644 --- a/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness.md +++ b/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness.md @@ -14,7 +14,7 @@ With the release of Upgrade Readiness, enterprises now have the tools to plan an Microsoft developed Upgrade Readiness in response to demand from enterprise customers looking for additional direction and details about upgrading to Windows 10. Upgrade Readiness was built taking into account multiple channels of customer feedback, testing, and Microsoft’s experience upgrading millions of devices to Windows 10. -With Windows telemetry enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. +With Windows diagnostic data enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. Use Upgrade Readiness to get: @@ -28,11 +28,11 @@ Use Upgrade Readiness to get: The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded. -**Important** For system, application, and driver data to be shared with Microsoft, you must configure user computers to send data. For information about what telemetry data Microsoft collects and how that data is used and protected by Microsoft, see: +**Important** For system, application, and driver data to be shared with Microsoft, you must configure user computers to send data. For information about what diagnostic data Microsoft collects and how that data is used and protected by Microsoft, see: -- [Configure Windows telemetry in your organization](/windows/configuration/configure-windows-telemetry-in-your-organization) +- [Configure Windows diagnostic data in your organization](/windows/configuration/configure-windows-diagnostic-data-in-your-organization) - [Manage connections from Windows operating system components to Microsoft services](/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services) -- [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965) +- [Windows 7, Windows 8, and Windows 8.1 appraiser diagnostic data events and fields](https://go.microsoft.com/fwlink/?LinkID=822965) ##**Related topics** diff --git a/windows/deployment/upgrade/troubleshoot-upgrade-readiness.md b/windows/deployment/upgrade/troubleshoot-upgrade-readiness.md index bb097f89bb..a837d861dc 100644 --- a/windows/deployment/upgrade/troubleshoot-upgrade-readiness.md +++ b/windows/deployment/upgrade/troubleshoot-upgrade-readiness.md @@ -24,16 +24,16 @@ If you still don’t see data in Upgrade Readiness, follow these steps: ## Disable Upgrade Readiness -If you want to stop using Upgrade Readiness and stop sending telemetry data to Microsoft, follow these steps: +If you want to stop using Upgrade Readiness and stop sending diagnostic data data to Microsoft, follow these steps: 1. Unsubscribe from the Upgrade Readiness solution in the OMS portal. In the OMS portal, go to **Settings** > **Connected Sources** > **Windows Telemetry** and choose the **Unsubscribe** option. ![Upgrade Readiness unsubscribe](../images/upgrade-analytics-unsubscribe.png) -2. Disable the Commercial Data Opt-in Key on computers running Windows 7 SP1 or 8.1. On computers running Windows 10, set the telemetry level to **Security**: +2. Disable the Commercial Data Opt-in Key on computers running Windows 7 SP1 or 8.1. On computers running Windows 10, set the diagnostic data level to **Security**: **Windows 7 and Windows 8.1**: Delete CommercialDataOptIn registry property from *HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection* - **Windows 10**: Follow the instructions in the [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization#enterprise-management) topic. + **Windows 10**: Follow the instructions in the [Configure Windows diagnostic data in your organization](/configuration/configure-windows-diagnostic-data-in-your-organization.md) topic. 3. If you enabled **Internet Explorer Site Discovery**, you can disable Internet Explorer data collection by setting the *IEDataOptIn* registry key to value "0". The IEDataOptIn key can be found under: *HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection*. 4. You can also remove the “CommercialId” key from: "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection". **This is an optional step**. diff --git a/windows/deployment/upgrade/upgrade-readiness-additional-insights.md b/windows/deployment/upgrade/upgrade-readiness-additional-insights.md index 70e29d0699..5c45338c1d 100644 --- a/windows/deployment/upgrade/upgrade-readiness-additional-insights.md +++ b/windows/deployment/upgrade/upgrade-readiness-additional-insights.md @@ -18,7 +18,7 @@ This topic provides information on additional features that are available in Upg The site discovery feature in Upgrade Readiness provides an inventory of web sites that are accessed by client computers using Internet Explorer on Windows 7, Windows 8.1, and Windows 10. Site discovery does not include sites that are accessed using other Web browsers, such as Microsoft Edge. Site inventory information is provided as optional data related to upgrading to Windows 10 and Internet Explorer 11, and is meant to help prioritize compatibility testing for web applications. You can make more informed decisions about testing based on usage data. > [!NOTE] -> Site discovery data is disabled by default; you can find documentation on what is collected in the [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965). After you turn on this feature, data is collected on all sites visited by Internet Explorer, except during InPrivate sessions. In addition, data will be collected on all sites visited by Microsoft Edge on computers running Windows 10 version 1803 (including Insider Preview builds) or newer. The data collection process is silent, without notification to the employee. You are responsible for ensuring that your use of this feature complies with all applicable local laws and regulatory requirements, including any requirements to provide notice to employees. +> Site discovery data is disabled by default; you can find documentation on what is collected in the [Windows 7, Windows 8, and Windows 8.1 appraiser diagnostic data events and fields](https://go.microsoft.com/fwlink/?LinkID=822965). After you turn on this feature, data is collected on all sites visited by Internet Explorer, except during InPrivate sessions. In addition, data will be collected on all sites visited by Microsoft Edge on computers running Windows 10 version 1803 (including Insider Preview builds) or newer. The data collection process is silent, without notification to the employee. You are responsible for ensuring that your use of this feature complies with all applicable local laws and regulatory requirements, including any requirements to provide notice to employees. ### Install prerequisite security update for Internet Explorer @@ -27,7 +27,7 @@ Ensure the following prerequisites are met before using site discovery: 1. Install the prerequisite KBs to add Site Discovery support and the latest fixes from the [Microsoft Update Catalog](http://www.catalog.update.microsoft.com/home.aspx). Install the following: - For Windows 7 and Windows 8.1 - March, 2017 (or later) Security Monthly Rollup - For Windows 10 - Cumulative Update for Windows 10 Version 1607 (KB4015217) (or later) -2. Enable Internet Explorer data collection, which is disabled by default. The best way to enable it is to modify the [Upgrade Readiness deployment script](upgrade-readiness-deployment-script.md) to allow Internet Explorer data collection before you run it. In addition, to enable Site Discovery on Windows 10 you must set computers to the **Enhanced Telemetry Level** for the Feedback and Diagnostics setting (Privacy > Feedback & Diagnostics settings), and enable **Page Prediction within Internet Explorer 11**. +2. Enable Internet Explorer data collection, which is disabled by default. The best way to enable it is to modify the [Upgrade Readiness deployment script](upgrade-readiness-deployment-script.md) to allow Internet Explorer data collection before you run it. In addition, to enable Site Discovery on Windows 10 you must set computers to the **Enhanced** diagnostic data level for the Feedback and Diagnostics setting (Privacy > Feedback & Diagnostics settings), and enable **Page Prediction within Internet Explorer 11**. If you do not plan to use the Upgrade Readiness deployment script to enable Site discovery, you must create the following registry entry. diff --git a/windows/deployment/upgrade/upgrade-readiness-architecture.md b/windows/deployment/upgrade/upgrade-readiness-architecture.md index a37441da3e..fd7e2605ab 100644 --- a/windows/deployment/upgrade/upgrade-readiness-architecture.md +++ b/windows/deployment/upgrade/upgrade-readiness-architecture.md @@ -8,7 +8,7 @@ ms.date: 04/25/2017 # Upgrade Readiness architecture -Microsoft analyzes system, application, and driver telemetry data to help you determine when computers are upgrade-ready, allowing you to simplify and accelerate Windows upgrades in your organization. The diagram below illustrates how Upgrade Readiness components work together in a typical installation. +Microsoft analyzes system, application, and driver diagnostic data to help you determine when computers are upgrade-ready, allowing you to simplify and accelerate Windows upgrades in your organization. The diagram below illustrates how Upgrade Readiness components work together in a typical installation. @@ -47,13 +47,13 @@ Important: You can use either a Microsoft Account or a Work or School account to Upgrade Readiness can be integrated with your installation of Configuration Manager. For more information, see [Integrate Upgrade Readiness with System Center Configuration Manager](https://docs.microsoft.com/sccm/core/clients/manage/upgrade/upgrade-analytics). -## Telemetry and data sharing +## Diagnostic data and data sharing After you’ve signed in to Operations Management Suite and added the Upgrade Readiness solution to your workspace, you’ll need to complete the following tasks to allow user computer data to be shared with and assessed by Upgrade Readiness. -See [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965) for more information about what user computer data Upgrade Readiness collects and assesses. See [Configure Windows telemetry in your organization](/windows/configuration/configure-windows-telemetry-in-your-organization) for more information about how Microsoft uses Windows telemetry data. +See [Windows 7, Windows 8, and Windows 8.1 appraiser diagnostic data events and fields](https://go.microsoft.com/fwlink/?LinkID=822965) for more information about what user computer data Upgrade Readiness collects and assesses. See [Configure Windows diagnostic data in your organization](/windows/configuration/configure-windows-diagnostic-data-in-your-organization) for more information about how Microsoft uses Windows diagnostic data. -**Whitelist telemetry endpoints.** To enable telemetry data to be sent to Microsoft, you’ll need to whitelist the following Microsoft telemetry endpoints on your proxy server or firewall. You may need to get approval from your security group to do this. +**Whitelist diagnostic data endpoints.** To enable diagnostic data to be sent to Microsoft, you’ll need to whitelist the following Microsoft endpoints on your proxy server or firewall. You may need to get approval from your security group to do this. `https://v10.vortex-win.data.microsoft.com/collect/v1`
    `https://vortex-win.data.microsoft.com/health/keepalive`
    @@ -68,7 +68,7 @@ See [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields **Subscribe your OMS workspace to Upgrade Readiness.** For Upgrade Readiness to receive and display upgrade readiness data from Microsoft, you’ll need to subscribe your OMS workspace to Upgrade Readiness. -**Enable telemetry and connect data sources.** To allow Upgrade Readiness to collect system, application, and driver data and assess your organization’s upgrade readiness, communication must be established between Upgrade Readiness and user computers. You’ll need to connect Upgrade Readiness to your data sources and enable telemetry to establish communication. +**Enable diagnostic data and connect data sources.** To allow Upgrade Readiness to collect system, application, and driver data and assess your organization’s upgrade readiness, communication must be established between Upgrade Readiness and user computers. You’ll need to connect Upgrade Readiness to your data sources and enable diagnostic data to establish communication. **Deploy compatibility update and related KBs.** The compatibility update KB scans your systems and enables application usage tracking. If you don’t already have this KB installed, you can download the applicable version from the Microsoft Update Catalog or deploy it using Windows Server Update Services (WSUS) or your software distribution solution, such as System Center Configuration Manager. @@ -82,7 +82,7 @@ Before you get started configuring Upgrade Anatlyics, review the following tips **Upgrade Readiness does not support on-premises Windows deployments.** Upgrade Readiness is built as a cloud service, which allows Upgrade Readiness to provide you with insights based on the data from user computers and other Microsoft compatibility services. Cloud services are easy to get up and running and are cost-effective because there is no requirement to physically implement and maintain services on-premises. -**In-region data storage requirements.** Windows telemetry data from user computers is encrypted, sent to, and processed at Microsoft-managed secure data centers located in the US. Our analysis of the upgrade readiness-related data is then provided to you through the Upgrade Readiness solution in the Microsoft Operations Management Suite (OMS) portal. At the time this topic is being published, only OMS workspaces created in the East US and West Europe are supported. We’re adding support for additional regions and we’ll update this information when new international regions are supported. +**In-region data storage requirements.** Windows diagnostic data from user computers is encrypted, sent to, and processed at Microsoft-managed secure data centers located in the US. Our analysis of the upgrade readiness-related data is then provided to you through the Upgrade Readiness solution in the Microsoft Operations Management Suite (OMS) portal. At the time this topic is being published, only OMS workspaces created in the East US and West Europe are supported. We’re adding support for additional regions and we’ll update this information when new international regions are supported. ### Tips diff --git a/windows/deployment/upgrade/upgrade-readiness-resolve-issues.md b/windows/deployment/upgrade/upgrade-readiness-resolve-issues.md index b75afc225b..58ffa25e69 100644 --- a/windows/deployment/upgrade/upgrade-readiness-resolve-issues.md +++ b/windows/deployment/upgrade/upgrade-readiness-resolve-issues.md @@ -141,7 +141,7 @@ Applications and drivers that are meet certain criteria to be considered low ris The first row reports the number of your apps that have an official statement of support on Windows 10 from the software vendor, so you can be confident that they will work on your target operating system. -The second row (**Apps that are "Highly adopted"**) shows apps that have a ReadyForWindows status of "Highly adopted". This means that they have been installed on at least 100,000 commercial Windows 10 devices, and that Microsoft has not detected significant issues with the app in telemetry. Since these apps are prevalent in the ecosystem at large, you can be confident that they will work in your environment as well. +The second row (**Apps that are "Highly adopted"**) shows apps that have a ReadyForWindows status of "Highly adopted". This means that they have been installed on at least 100,000 commercial Windows 10 devices, and that Microsoft has not detected significant issues with the app in diagnostic data. Since these apps are prevalent in the ecosystem at large, you can be confident that they will work in your environment as well. Each row of the blade uses a different criterion to filter your apps or drivers. You can view a list of applications that meet the criterion by clicking into a row of the blade. For example, if you click the row that says "Apps that are 'Highly adopted'", the result is a list of apps that have a ReadyForWindows status of "Highly adopted". From here, you can bulk-select the results, select **Ready to upgrade**, and then click **Save**.  This will mark all apps meeting the "Highly adopted" criterion as "Ready to upgrade"--no further validation is required. Any applications that you have marked as *Mission critical* or *Business critical* are filtered out, as well as any app that has an issue known to Microsoft. This allows you to work with apps in bulk without having to worry about missing a critical app. diff --git a/windows/deployment/upgrade/upgrade-readiness-upgrade-overview.md b/windows/deployment/upgrade/upgrade-readiness-upgrade-overview.md index 15cd2c2bf3..d74712221f 100644 --- a/windows/deployment/upgrade/upgrade-readiness-upgrade-overview.md +++ b/windows/deployment/upgrade/upgrade-readiness-upgrade-overview.md @@ -54,7 +54,7 @@ Select **Total computers** for a list of computers and details about them, inclu - Computer model - Operating system version and build - Count of system requirement, application, and driver issues per computer -- Upgrade assessment based on analysis of computer telemetry data +- Upgrade assessment based on analysis of computer diagnostic data - Upgrade decision status Select **Total applications** for a list of applications discovered on user computers and details about them, including: diff --git a/windows/deployment/upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md b/windows/deployment/upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md index 8b8805f491..f0f332312c 100644 --- a/windows/deployment/upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md +++ b/windows/deployment/upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md @@ -10,7 +10,7 @@ ms.date: 08/30/2017 You can use Upgrade Readiness to prioritize and work through application and driver issues, assign and track issue resolution status, and identify computers that are ready to upgrade. Upgrade Readiness enables you to deploy Windows with confidence, knowing that you’ve addressed potential blocking issues. -- Based on telemetry data from user computers, Upgrade Readiness identifies application and driver compatibility issues that may block Windows upgrades, allowing you to make data-driven decisions about your organization’s upgrade readiness. +- Based on diagnostic data from user computers, Upgrade Readiness identifies application and driver compatibility issues that may block Windows upgrades, allowing you to make data-driven decisions about your organization’s upgrade readiness. - Information is refreshed daily so you can monitor upgrade progress. Any changes your team makes, such as assigning application importance and marking applications as ready to upgrade, are reflected 24 hours after you make them. When you are ready to begin the upgrade process, a workflow is provided to guide you through critical high-level tasks. diff --git a/windows/threat-protection/wannacrypt-ransomware-worm-targets-out-of-date-systems-wdsi.md b/windows/threat-protection/wannacrypt-ransomware-worm-targets-out-of-date-systems-wdsi.md index 4c6000558a..6e8c26d829 100644 --- a/windows/threat-protection/wannacrypt-ransomware-worm-targets-out-of-date-systems-wdsi.md +++ b/windows/threat-protection/wannacrypt-ransomware-worm-targets-out-of-date-systems-wdsi.md @@ -17,7 +17,7 @@ ms.date: 07/27/2017 On May 12, 2017 we detected a new ransomware that spreads like a worm by leveraging vulnerabilities that have been previously fixed. While security updates are automatically applied in most computers, some users and enterprises may delay deployment of patches. Unfortunately, the ransomware, known as [WannaCrypt](https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Ransom:Win32/WannaCrypt), appears to have affected computers that have not applied the patch for these vulnerabilities. While the attack is unfolding, we remind users to install [MS17-010](https://technet.microsoft.com/en-us/library/security/ms17-010.aspx) if they have not already done so. -Microsoft antimalware telemetry immediately picked up signs of this campaign. Our expert systems gave us visibility and context into this new attack as it happened, allowing [Windows Defender Antivirus](https://technet.microsoft.com/en-us/itpro/windows/keep-secure/windows-defender-in-windows-10) to deliver real-time defense. Through automated analysis, machine learning, and predictive modeling, we were able to rapidly protect against this malware. +Microsoft antimalware diagnostic data immediately picked up signs of this campaign. Our expert systems gave us visibility and context into this new attack as it happened, allowing [Windows Defender Antivirus](https://technet.microsoft.com/en-us/itpro/windows/keep-secure/windows-defender-in-windows-10) to deliver real-time defense. Through automated analysis, machine learning, and predictive modeling, we were able to rapidly protect against this malware. In this blog, we provide an early analysis of the end-to-end ransomware attack. Please note this threat is still under investigation. The attack is still active, and there is a possibility that the attacker will attempt to react to our detection response. diff --git a/windows/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md index 1a68cfc212..f44c485e39 100644 --- a/windows/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md +++ b/windows/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md @@ -133,10 +133,10 @@ https://msdl.microsoft.com/download/symbols Universal Telemetry Client -Used by Windows to send client telemetry, Windows Defender Antivirus uses this for product quality monitoring purposes +Used by Windows to send client diagnostic data, Windows Defender Antivirus uses this for product quality monitoring purposes -This update uses SSL (TCP Port 443) to download manifests and upload telemetry to Microsoft that uses the following DNS endpoints:

    • vortex-win.data.microsoft.com
    • settings-win.data.microsoft.com
    +This update uses SSL (TCP Port 443) to download manifests and upload diagnostic data to Microsoft that uses the following DNS endpoints:
    • vortex-win.data.microsoft.com
    • settings-win.data.microsoft.com
    diff --git a/windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md b/windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md index f5ba563109..0dd2646921 100644 --- a/windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md +++ b/windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md @@ -51,7 +51,7 @@ In order for devices to properly show up in Update Compliance, you have to meet >- Endpoints are using Windows Defender Antivirus as the sole antivirus protection app. [Using any other antivirus app will cause Windows Defender AV to disable itself](windows-defender-antivirus-compatibility.md) and the endpoint will not be reported in Update Compliance. > - [Cloud-delivered protection is enabled](enable-cloud-protection-windows-defender-antivirus.md). > - Endpoints can [connect to the Windows Defender AV cloud](configure-network-connections-windows-defender-antivirus.md#validate-connections-between-your-network-and-the-cloud) -> - If the endpoint is running Windows 10 version 1607 or earlier, [Windows 10 telemetry must be set to the Enhanced level](https://docs.microsoft.com/en-us/windows/configuration/configure-windows-telemetry-in-your-organization#enhanced-level). +> - If the endpoint is running Windows 10 version 1607 or earlier, [Windows 10 diagnostic data must be set to the Enhanced level](https://docs.microsoft.com/en-us/windows/configuration/configure-windows-diagnostic-data-in-your-organization#enhanced-level). > - It has been 3 days since all requirements have been met If the above pre-requisites have all been met, you may need to proceed to the next step to collect diagnostic information and send it to us. diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md index ad0296fcc4..926d1d9c7d 100644 --- a/windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md @@ -106,11 +106,11 @@ Health Status for onboarded machines: Sense Is Running | ./Device/Vendor/MSFT/Wi Health Status for onboarded machines: Onboarding State | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/HealthState/OnBoardingState | Integer | 1 | Onboarded to Windows Defender ATP Health Status for onboarded machines: Organization ID | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/HealthState/OrgId | String | Use OrgID from onboarding file | Onboarded to Organization ID Configuration for onboarded machines | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/Configuration/SampleSharing | Integer | 0 or 1
    Default value: 1 | Windows Defender ATP Sample sharing is enabled -Configuration for onboarded machines: telemetry reporting frequency | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/Configuration/TelemetryReportingFrequency | Integer | 1 or 2
    1: Normal (default)

    2: Expedite | Windows Defender ATP telemetry reporting +Configuration for onboarded machines: diagnostic data reporting frequency | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/Configuration/TelemetryReportingFrequency | Integer | 1 or 2
    1: Normal (default)

    2: Expedite | Windows Defender ATP diagnostic data reporting > [!NOTE] > - The **Health Status for onboarded machines** policy uses read-only properties and can't be remediated. -> - Configuration of telemetry reporting frequency is only available for machines on Windows 10, version 1703. +> - Configuration of diagnostic data reporting frequency is only available for machines on Windows 10, version 1703. > - Using the Expedite mode might have an impact on the machine's battery usage and actual bandwidth used for sensor data. You should consider this when these measures are critical. diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md index 221265a041..f98fcf98cf 100644 --- a/windows/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md @@ -60,7 +60,7 @@ To effectively offboard the endpoints from the service, you'll need to disable t 2. In Windows Defender Security Center portal, select **Endpoint management**> **Non-Windows**. -3. Toggle the third-party provider switch button to turn stop telemetry from endpoints. +3. Toggle the third-party provider switch button to turn stop diagnostic data from endpoints. >[!WARNING] >If you decide to turn on the third-party integration again after disabling the integration, you'll need to regenerate the token and reapply it on endpoints. diff --git a/windows/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md index 3a456f6352..cd4942e214 100644 --- a/windows/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md @@ -47,7 +47,7 @@ The WinHTTP configuration setting is independent of the Windows Internet (WinINe - WinHTTP configured using netsh command – Suitable only for desktops in a stable topology (for example: a desktop in a corporate network behind the same proxy) ## Configure the proxy server manually using a registry-based static proxy -Configure a registry-based static proxy to allow only Windows Defender ATP sensor to report telemetry and communicate with Windows Defender ATP services if a computer is not be permitted to connect to the Internet. +Configure a registry-based static proxy to allow only Windows Defender ATP sensor to report diagnostic data and communicate with Windows Defender ATP services if a computer is not be permitted to connect to the Internet. The static proxy is configurable through Group Policy (GP). The group policy can be found under: **Administrative Templates > Windows Components > Data Collection and Preview Builds > Configure connected user experiences and telemetry**. diff --git a/windows/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md index 43244d2c7b..79a751c4a0 100644 --- a/windows/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md @@ -155,7 +155,7 @@ The service could not contact the external processing servers at that URL. 17 Windows Defender Advanced Threat Protection service failed to change the Connected User Experiences and Telemetry service location. Failure code: ```variable```. An error occurred with the Windows telemetry service. -[Ensure the telemetry service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-telemetry-and-diagnostics-service-is-enabled).
    +[Ensure the diagnostic data service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-diagnostics-service-is-enabled).
    Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
    See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md). @@ -206,7 +206,7 @@ Ensure real-time antimalware protection is running properly. 28 Windows Defender Advanced Threat Protection Connected User Experiences and Telemetry service registration failed. Failure code: ```variable```. An error occurred with the Windows telemetry service. -[Ensure the telemetry service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-telemetry-and-diagnostics-service-is-enabled).
    +[Ensure the diagnostic data service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-diagnostic-data-service-is-enabled).
    Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
    See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md). @@ -222,7 +222,7 @@ Ensure real-time antimalware protection is running properly. 31 Windows Defender Advanced Threat Protection Connected User Experiences and Telemetry service unregistration failed. Failure code: ```variable```. An error occurred with the Windows telemetry service during onboarding. The offboarding process continues. -[Check for errors with the Windows telemetry service](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-telemetry-and-diagnostics-service-is-enabled). +[Check for errors with the Windows telemetry service](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-diagnostic-data-service-is-enabled). 32 @@ -241,7 +241,7 @@ If the identifier does not persist, the same machine might appear twice in the p 34 Windows Defender Advanced Threat Protection service failed to add itself as a dependency on the Connected User Experiences and Telemetry service, causing onboarding process to fail. Failure code: ```variable```. An error occurred with the Windows telemetry service. -[Ensure the telemetry service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-telemetry-and-diagnostics-service-is-enabled).
    +[Ensure the diagnostic data service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-diagnostic-data-service-is-enabled).
    Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
    See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md). @@ -250,7 +250,7 @@ See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defen Windows Defender Advanced Threat Protection service failed to remove itself as a dependency on the Connected User Experiences and Telemetry service. Failure code: ```variable```. An error occurred with the Windows telemetry service during offboarding. The offboarding process continues. -Check for errors with the Windows telemetry service. +Check for errors with the Windows diagnostic data service. 36 diff --git a/windows/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md index 05f7de339c..b31dad703f 100644 --- a/windows/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md @@ -72,8 +72,8 @@ Follow theses actions to correct known issues related to a misconfigured machine - [Verify client connectivity to Windows Defender ATP service URLs](configure-proxy-internet-windows-defender-advanced-threat-protection.md#verify-client-connectivity-to-windows-defender-atp-service-urls)
    Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Windows Defender ATP service URLs. -- [Ensure the telemetry and diagnostics service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-telemetry-and-diagnostics-service-is-enabled)
    -If the endpoints aren't reporting correctly, you might need to check that the Windows 10 telemetry and diagnostics service is set to automatically start and is running on the endpoint. +- [Ensure the diagnostic data service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-diagnostics-service-is-enabled)
    +If the endpoints aren't reporting correctly, you might need to check that the Windows 10 diagnostic data service is set to automatically start and is running on the endpoint. - [Ensure that Windows Defender Antivirus is not disabled by policy](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy)
    If your endpoints are running a third-party antimalware client, the Windows Defender ATP agent needs the Windows Defender Antivirus Early Launch Antimalware (ELAM) driver to be enabled. diff --git a/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md index 8fc3acc6fa..3027bbe7f9 100644 --- a/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md @@ -72,13 +72,14 @@ The Windows Defender ATP sensor can utilize up to 5MB daily of bandwidth to com For more information on additional proxy configuration settings see, [Configure Windows Defender ATP endpoint proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md) . -Before you configure endpoints, the telemetry and diagnostics service must be enabled. The service is enabled by default in Windows 10. +Before you configure endpoints, the diagnostic data service must be enabled. The service is enabled by default in Windows 10. -### Telemetry and diagnostics settings -You must ensure that the telemetry and diagnostics service is enabled on all the endpoints in your organization. + +### Diagnostic data settings +You must ensure that the diagnostic data service is enabled on all the endpoints in your organization. By default, this service is enabled, but it's good practice to check to ensure that you'll get sensor data from them. -**Use the command line to check the Windows 10 telemetry and diagnostics service startup type**: +**Use the command line to check the Windows 10 diagnostic data service startup type**: 1. Open an elevated command-line prompt on the endpoint: @@ -100,7 +101,7 @@ If the **START_TYPE** is not set to **AUTO_START**, then you'll need to set the -**Use the command line to set the Windows 10 telemetry and diagnostics service to automatically start:** +**Use the command line to set the Windows 10 diagnostic data service to automatically start:** 1. Open an elevated command-line prompt on the endpoint: diff --git a/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md index b4176ad214..487679607d 100644 --- a/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md @@ -128,7 +128,7 @@ ID | Severity | Event description | Troubleshooting steps ## Troubleshoot onboarding issues on the endpoint If the deployment tools used does not indicate an error in the onboarding process, but endpoints are still not appearing in the machines list in an hour, go through the following verification topics to check if an error occurred with the Windows Defender ATP agent: - [View agent onboarding errors in the endpoint event log](#view-agent-onboarding-errors-in-the-endpoint-event-log) -- [Ensure the telemetry and diagnostics service is enabled](#ensure-the-telemetry-and-diagnostics-service-is-enabled) +- [Ensure the diagnostic data service is enabled](#ensure-the-diagnostics-service-is-enabled) - [Ensure the service is set to start](#ensure-the-service-is-set-to-start) - [Ensure the endpoint has an Internet connection](#ensure-the-endpoint-has-an-internet-connection) - [Ensure that Windows Defender Antivirus is not disabled by a policy](#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy) @@ -176,14 +176,15 @@ Event ID | Message | Resolution steps
    There are additional components on the endpoint that the Windows Defender ATP agent depends on to function properly. If there are no onboarding related errors in the Windows Defender ATP agent event log, proceed with the following steps to ensure that the additional components are configured correctly. -### Ensure the telemetry and diagnostics service is enabled -If the endpoints aren't reporting correctly, you might need to check that the Windows 10 telemetry and diagnostics service is set to automatically start and is running on the endpoint. The service might have been disabled by other programs or user configuration changes. + +### Ensure the diagnostic data service is enabled +If the endpoints aren't reporting correctly, you might need to check that the Windows 10 diagnostic data service is set to automatically start and is running on the endpoint. The service might have been disabled by other programs or user configuration changes. First, you should check that the service is set to start automatically when Windows starts, then you should check that the service is currently running (and start it if it isn't). ### Ensure the service is set to start -**Use the command line to check the Windows 10 telemetry and diagnostics service startup type**: +**Use the command line to check the Windows 10 diagnostic data service startup type**: 1. Open an elevated command-line prompt on the endpoint: @@ -204,7 +205,7 @@ First, you should check that the service is set to start automatically when Wind If the `START_TYPE` is not set to `AUTO_START`, then you'll need to set the service to automatically start. -**Use the command line to set the Windows 10 telemetry and diagnostics service to automatically start:** +**Use the command line to set the Windows 10 diagnostic data service to automatically start:** 1. Open an elevated command-line prompt on the endpoint: diff --git a/windows/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview.md b/windows/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview.md index 356afd413a..e5b587a7fe 100644 --- a/windows/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview.md +++ b/windows/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview.md @@ -43,7 +43,7 @@ Windows Defender SmartScreen helps to provide an early warning system against we - **Operating system integration.** SmartScreen is integrated into the Windows 10 operating system, meaning that it checks any files an app (including 3rd-party browsers and email clients) attempts to download and run. -- **Improved heuristics and telemetry.** SmartScreen is constantly learning and endeavoring to stay up-to-date, so it can help to protect you against potentially malicious sites and files. +- **Improved heuristics and diagnostic data.** SmartScreen is constantly learning and endeavoring to stay up-to-date, so it can help to protect you against potentially malicious sites and files. - **Management through Group Policy and Microsoft Intune.** SmartScreen supports using both Group Policy and Microsoft Intune settings. For more info about all available settings, see [Available Windows Defender SmartScreen Group Policy and mobile device management (MDM) settings](windows-defender-smartscreen-available-settings.md). diff --git a/windows/whats-new/whats-new-windows-10-version-1607.md b/windows/whats-new/whats-new-windows-10-version-1607.md index dfcecb8b7a..fb858f7d9e 100644 --- a/windows/whats-new/whats-new-windows-10-version-1607.md +++ b/windows/whats-new/whats-new-windows-10-version-1607.md @@ -35,7 +35,7 @@ Windows ICD now includes simplified workflows for creating provisioning packages Microsoft developed Upgrade Readiness in response to demand from enterprise customers looking for additional direction and details about upgrading to Windows 10. Upgrade Readiness was built taking into account multiple channels of customer feedback, testing, and Microsoft’s experience upgrading millions of devices to Windows 10. -With Windows telemetry enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. +With Windows diagnostic data enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. Use Upgrade Readiness to get: From c03b87d14f4dd251e8a48c6a8fcc8db0ced15bd4 Mon Sep 17 00:00:00 2001 From: Trudy Hakala Date: Wed, 31 Jan 2018 00:23:55 +0000 Subject: [PATCH 052/109] Merged PR 5608: Updated rest-api-reference-windows-store-for-business.md - spelling error Updated rest-api-reference-windows-store-for-business.md - spelling error --- .../mdm/rest-api-reference-windows-store-for-business.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md b/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md index bb8e58dd2c..465bbd98f8 100644 --- a/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md +++ b/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md @@ -1,6 +1,6 @@ --- -title: REST API reference for Micosoft Store for Business -description: REST API reference for Micosoft Store for Business +title: REST API reference for Microsoft Store for Business +description: REST API reference for Microsoft Store for Business MS-HAID: - 'p\_phdevicemgmt.business\_store\_portal\_management\_rest\_api\_reference' - 'p\_phDeviceMgmt.rest\_api\_reference\_windows\_store\_for\_Business' @@ -13,7 +13,7 @@ author: nickbrower ms.date: 09/18/2017 --- -# REST API reference for Micosoft Store for Business +# REST API reference for Microsoft Store for Business Here's the list of available operations: From 34778119c5975a394671fc29b653e039f1ba00d9 Mon Sep 17 00:00:00 2001 From: ashley-kim <35980531+ashley-kim@users.noreply.github.com> Date: Tue, 30 Jan 2018 16:59:19 -0800 Subject: [PATCH 053/109] Update Note for Express update delivery scope Starting with Fall Creators Update, Express update delivery no longer limited to quality update downloads. --- windows/deployment/update/waas-optimize-windows-10-updates.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-optimize-windows-10-updates.md b/windows/deployment/update/waas-optimize-windows-10-updates.md index d694f2ff14..6af7a05dfe 100644 --- a/windows/deployment/update/waas-optimize-windows-10-updates.md +++ b/windows/deployment/update/waas-optimize-windows-10-updates.md @@ -51,7 +51,7 @@ Two methods of peer-to-peer content distribution are available in Windows 10. Windows 10 quality update downloads can be large because every package contains all previously released fixes to ensure consistency and simplicity. Windows has been able to reduce the size of Windows Update downloads with a feature called Express. >[!NOTE] ->Currently, Express update delivery only applies to quality update downloads. +>Express update delivery applies to quality update downloads. Starting with Windows 10, version 1709, Express update delivery also applies to feature update downloads for clients connected to Windows Update and Windows Update for Business. ### How Microsoft supports Express - **Express on System Center Configuration Manager** starting with version 1702 of Configuration Manager and Windows 10, version 1703 or 1607 with the April 2017 cumulative update. From d2bb7fe913b4fb896de26d3bdf2d7365cfd5a681 Mon Sep 17 00:00:00 2001 From: theznerd Date: Wed, 31 Jan 2018 12:12:46 -0700 Subject: [PATCH 054/109] Update faq-wd-app-guard.md Fixes extension confusion --- .../windows-defender-application-guard/faq-wd-app-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md b/windows/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md index 71c3fac2d7..387b02dde9 100644 --- a/windows/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md +++ b/windows/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md @@ -37,7 +37,7 @@ Answering frequently asked questions about Windows Defender Application Guard (A | | | |---|----------------------------| |**Q:** |Can employees copy and paste between the host device and the Application Guard Edge session?| -|**A:** |Depending on your organization's settings, employees can copy and paste images and text (.bmp) to and from the isolated container.| +|**A:** |Depending on your organization's settings, employees can copy and paste images (.bmp) and text to and from the isolated container.|
    | | | From f9e9aeaa8b544203db7fe20f6b69cac35695032f Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Wed, 31 Jan 2018 21:28:19 +0000 Subject: [PATCH 055/109] Merged PR 5622: Merge fix-build-warning to master --- .openpublishing.publish.config.json | 18 -------------- microsoft-365/docfx.json | 37 ----------------------------- 2 files changed, 55 deletions(-) delete mode 100644 microsoft-365/docfx.json diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index 7215ed2787..7c6bb4d033 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -102,24 +102,6 @@ "moniker_groups": [], "version": 0 }, - { - "docset_name": "microsoft-365", - "build_source_folder": "microsoft-365", - "build_output_subfolder": "microsoft-365", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": false, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes", - "moniker_groups": [], - "version": 0 - }, { "docset_name": "microsoft-edge-VSTS", "build_source_folder": "browsers/edge", diff --git a/microsoft-365/docfx.json b/microsoft-365/docfx.json deleted file mode 100644 index 585130e915..0000000000 --- a/microsoft-365/docfx.json +++ /dev/null @@ -1,37 +0,0 @@ -{ - "build": { - "content": [ - { - "files": [ - "**/*.md" - ], - "exclude": [ - "**/obj/**", - "**/includes/**", - "README.md", - "LICENSE", - "LICENSE-CODE", - "ThirdPartyNotices" - ] - } - ], - "resource": [ - { - "files": [ - "**/*.png", - "**/*.jpg" - ], - "exclude": [ - "**/obj/**", - "**/includes/**" - ] - } - ], - "overwrite": [], - "externalReference": [], - "globalMetadata": {}, - "fileMetadata": {}, - "template": [], - "dest": "microsoft-365" - } -} \ No newline at end of file From 5e05509b4974edf4696d03f657067c543b33fe67 Mon Sep 17 00:00:00 2001 From: Maricia Alforque Date: Wed, 31 Jan 2018 22:43:38 +0000 Subject: [PATCH 056/109] Merged PR 5629: Defender CSP - added new node OfflineScan --- windows/client-management/mdm/defender-csp.md | 10 +- windows/client-management/mdm/defender-ddf.md | 1256 +++++++++-------- .../mdm/images/provisioning-csp-defender.png | Bin 23712 -> 29644 bytes ...ew-in-windows-mdm-enrollment-management.md | 4 + 4 files changed, 648 insertions(+), 622 deletions(-) diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md index 36cb8e6e0f..bcab5ce598 100644 --- a/windows/client-management/mdm/defender-csp.md +++ b/windows/client-management/mdm/defender-csp.md @@ -7,12 +7,15 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 06/26/2017 +ms.date: 01/29/2018 --- # Defender CSP +> [!WARNING] +> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + The Windows Defender configuration service provider is used to configure various Windows Defender actions across the enterprise. The following image shows the Windows Defender configuration service provider in tree format. @@ -310,6 +313,11 @@ Node that can be used to perform signature updates for Windows Defender. Supported operations are Get and Execute. +**OfflineScan** +Added in Windows 10, next major update. OfflineScan action starts a Windows Defender offline scan on the computer where you run the command. This command causes the computer reboot and start in Windows Defender offline mode to begin the scan. + +Supported operations are Get and Execute. + ## Related topics diff --git a/windows/client-management/mdm/defender-ddf.md b/windows/client-management/mdm/defender-ddf.md index 126869323b..4077ab58af 100644 --- a/windows/client-management/mdm/defender-ddf.md +++ b/windows/client-management/mdm/defender-ddf.md @@ -7,12 +7,15 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/05/2017 +ms.date: 01/29/20178 --- # Defender DDF file +> [!WARNING] +> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + This topic shows the OMA DM device description framework (DDF) for the **Defender** configuration service provider. DDF files are used only with OMA DM provisioning XML. Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). @@ -22,648 +25,659 @@ The XML below is the current version for this CSP. ``` syntax ]> + "http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd" + []> - 1.2 - + 1.2 + Defender ./Vendor/MSFT - - - - - - - - - - - - - - - + + + + + + + + + + + + + + com.microsoft/1.1/MDM/Defender + - Detections + Detections + + + + + + + + + + + + + + + + + + + - - - - - - - - - - - - - - - + + + + + + + + + + + + + ThreatId + + + - - - - - - - - - - - - - - - ThreatId - - - - - - Name - - - - - - - - - - - - - - - text/plain - - - - - URL - - - - - - - - - - - - - - - text/plain - - - - - Severity - - - - - - - - - - - - - - - text/plain - - - - - Category - - - - - - - - - - - - - - - text/plain - - - - - CurrentStatus - - - - - - - - - - - - - - - text/plain - - - - - ExecutionStatus - - - - - - - - - - - - - - - text/plain - - - - - InitialDetectionTime - - - - - - - - - - - - - - - text/plain - - - - - LastThreatStatusChangeTime - - - - - - - - - - - - - - - text/plain - - - - - NumberOfDetections - - - - - - - - - - - - - - - text/plain - - - + Name + + + + + + + + + + + + + + + text/plain + + + + URL + + + + + + + + + + + + + + + text/plain + + + + + Severity + + + + + + + + + + + + + + + text/plain + + + + + Category + + + + + + + + + + + + + + + text/plain + + + + + CurrentStatus + + + + + + + + + + + + + + + text/plain + + + + + ExecutionStatus + + + + + + + + + + + + + + + text/plain + + + + + InitialDetectionTime + + + + + + + + + + + + + + + text/plain + + + + + LastThreatStatusChangeTime + + + + + + + + + + + + + + + text/plain + + + + + NumberOfDetections + + + + + + + + + + + + + + + text/plain + + + + - Health + Health + + + + + + + + + + + + + + + + + + + ComputerState - - - - - - - - - - - - - - - + + + + + + + + + + + + + + text/plain + - - ComputerState - - - - - - - - - - - - - - - text/plain - - - - - DefenderEnabled - - - - - - - - - - - - - - - text/plain - - - - - RtpEnabled - - - - - - - - - - - - - - - text/plain - - - - - NisEnabled - - - - - - - - - - - - - - - text/plain - - - - - QuickScanOverdue - - - - - - - - - - - - - - - text/plain - - - - - FullScanOverdue - - - - - - - - - - - - - - - text/plain - - - - - SignatureOutOfDate - - - - - - - - - - - - - - - text/plain - - - - - RebootRequired - - - - - - - - - - - - - - - text/plain - - - - - FullScanRequired - - - - - - - - - - - - - - - text/plain - - - - - EngineVersion - - - - - - - - - - - - - - - text/plain - - - - - SignatureVersion - - - - - - - - - - - - - - - text/plain - - - - - DefenderVersion - - - - - - - - - - - - - - - text/plain - - - - - QuickScanTime - - - - - - - - - - - - - - - text/plain - - - - - FullScanTime - - - - - - - - - - - - - - - text/plain - - - - - QuickScanSigVersion - - - - - - - - - - - - - - - text/plain - - - - - FullScanSigVersion - - - - - - - - - - - - - - - text/plain - - - + + + DefenderEnabled + + + + + + + + + + + + + + + text/plain + + + + + RtpEnabled + + + + + + + + + + + + + + + text/plain + + + + + NisEnabled + + + + + + + + + + + + + + + text/plain + + + + + QuickScanOverdue + + + + + + + + + + + + + + + text/plain + + + + + FullScanOverdue + + + + + + + + + + + + + + + text/plain + + + + + SignatureOutOfDate + + + + + + + + + + + + + + + text/plain + + + + + RebootRequired + + + + + + + + + + + + + + + text/plain + + + + + FullScanRequired + + + + + + + + + + + + + + + text/plain + + + + + EngineVersion + + + + + + + + + + + + + + + text/plain + + + + + SignatureVersion + + + + + + + + + + + + + + + text/plain + + + + + DefenderVersion + + + + + + + + + + + + + + + text/plain + + + + + QuickScanTime + + + + + + + + + + + + + + + text/plain + + + + + FullScanTime + + + + + + + + + + + + + + + text/plain + + + + + QuickScanSigVersion + + + + + + + + + + + + + + + text/plain + + + + + FullScanSigVersion + + + + + + + + + + + + + + + text/plain + + + - Scan - - - - - - - - - - - - - - - - text/plain - - + Scan + + + + + + + + + + + + + + + + text/plain + + - UpdateSignature - - - - - - - - - - - - - - - - text/plain - - + UpdateSignature + + + + + + + + + + + + + + + + text/plain + + - + + OfflineScan + + + + + + + + + + + + + + + + text/plain + + + + ``` ## Related topics -[Defender configuration service provider](defender-csp.md) - -  - -  - - - - - - +[Defender configuration service provider](defender-csp.md) \ No newline at end of file diff --git a/windows/client-management/mdm/images/provisioning-csp-defender.png b/windows/client-management/mdm/images/provisioning-csp-defender.png index b3be3ba7f4735039aa1fd80e3e9b1a9e0ae4b129..8d34e77eb9a9a00c2dbad533ed220a5bc16adf9e 100644 GIT binary patch literal 29644 zcmdqJXFyZywl0hXu^}oVA_ywdrAw10g0x8QU8F?1f`Fl_EKsBgBt%;1y-61cU$n?;CKheRetf?0fh5{(L{yiX=00zGakWJmYy2sIIC&dGhi}GBPqsB}F++ zGO|PIWMoG_9X|}-+3U|Z2VM@jXe!(#%Wq+r0)HHZ%c#hZkrjrW+BPQ#f1h})Xy8Id zcIFG|zeDv-nU-W^F6K&dGTP5f=c>Kk8S2e5X7DK9x6-rHUZF0bYWZv5s@yHOdkWL+ zY-s9h#G-oM%nGWOxSb!MS9oG+$;=#~SgnB+87i@u|mT<(EfmNakK96HFL5LiYL?l7j5q3yAFMb#+EE zxuduv&tLZ{AVeGo*Vo6wD1LmJn3!me6-g8j%4;yVt5d6q z;@4D1eYCS#aDoyF-NNS{)e##vS-1L89mQ!Np6bXn?KrbZbFAQl<%C}CoY$|Btp>p} zWP);>PFc00(@tsMcfy7JvreEYLn9+sESmVvMGnSPEDd531hccaF)2>b4XCvpc&*3k zwk8yON5!}i(boG<;V(zPU=?b+?W<`%nc}=o#l#Sz)I2re5 z4O4SHTdp28!|1ZhF(V%J$OoG2oW1_G%CaYOei?pa5ghi}guxmmcaTRu&aMxx%=DNU zdVMlT-jaLM@HV_uETUUctyEbv>)h#z8<2o%ymdu>!tu5u%Wjl?GOt)yd#_;ULxIU? zf}2EUSyZyDowR5LBo`IcOFYzs!4G|SGB)1+vREodu%sn~8-=)Bs?DD4W(nozCe-$! zg`P~unnagd2^7WzG>BX-Y zL?3Rn96fvT`|8&$_F}efm2OhMGA3~#&k)W;GVDxwHur% zBP&+eS$~LF+|8)@ncLp}VO67z{?^E4i`a>IsOUZdEpkg%_I~!RhiQ^FqAu#OGg0#C zaz3hyI8I0LobEbmZDPT6Z|aoqXs#x+^CH~zY>>ooJyGN3d!G?m+KY5aatNG4rAxJJ zQxglXm5EZ@&le|=A`-G%_o1>jRF(unJT@;5wOY_Os05aKZ@pcO!jCEv&Om1UTANU6 z*Ap6#_-v3Sf0~GL97OWQ4eN$$ICN+^WWN_6TBU0V5$EnBuH!tEoD0uz6g&!udUqNf zC|V`KEfdps${y}GD#r$`7zBz>>p}U8{_T$)9uh`)-LQJr3f4EYUnQ7_ro*1 zbe{Mje4-*gFkxP^ydwraAkwzMJXlN)* zdiNRMrQBQ|5w-%1I2Uqlc!EcaSlsLn;~EX@9~{KG&P4fak|iQ8a5;f7-5e8y6-fC& z3yf2{zreBxaqi)_3+6qyo#Hj>w<>fFG? zZ#*}p*rE!T8Wg_@k|G(1&OEh^ZS;vx^l<}yeNzbwJ6%CEX1^4@mU4#OOg+8tZBr*F z7?V9BtAHGbDodZu-%5C8Y_U5Tw3cUVSm#03EW@RCvk?{KeWti{a&lW!s;C*pIgcWTPVZgPph4)#R-AEgsI`+KpI;y;|aIv>h+U26HNjT1ELEqimST`lZ zI!_`T>~Puo-P6yHT}71_RZ3L5FES9PBIY(iH8jtTWO>g#OFx9$`nE`sk98MA)E#;d zph)EA<`#pM)Sc$SOO-HAJ66F>OR4Xt44l!6WXaiS$>u3>4|RTB;?=Be`swi+!^Qa1 zl{=|QDj7E7zN<}oo0Av!o$dRio12^Jn%Zq}rwi`cwqNCPGW_0ih5Pvczzak z)VAFW7t1*@)s>ZC!g+-!K8zG?9!?T*`fEq8aR3+=_uk_L(v$px4x(ZTbmH z#5m6wG2yV}IQ3Xdk5C@!<&%ZyAw5KOx9wi-f!W%rijh(2q zp^RGW)3S^NXR>!!rt4|po)1-S=al4&;v(H$7WAF+4fs)dq&q8{)7!locc?Cg@t`P0 zT!}m13O#{&UHiS9CWr-yH&psZZhK`i1N;W9!TGc#?A>f`7{b4c6N!#i?Lw9p!~DOf zm>@v5tgNVr{vBQ%2R}SP30||rgq@#1dzfx}^Z+X%Y<##N5aP8p#Ty9U8nIYo z6kB;z;JX>m<+L<)nvYW5wB^;zLV~g35Ai$JjEndtURs~W)*GGO-BCUcWVVNiHUzJ& z_Axf!sa#2cFN1rXw6qr!jD|1$)H|MdMjbQmuGj6eGLY1Kk@PrNonlsgTZ&L)U`=Pg9y z1cOsfi~i&pr#U%Ra+$+zpp0_??3&L=`x~D=GS;iMLa9Ub06m6pIIjFTqlHJMP*;Q z0%96t$Q|ZRTv%m3rMDHYW8!FkcdNPt+KtJV9A#qjQK4eZ$ir>*5B86snoleZ?ArP6 ze0Gmd12>ziNHx~o8VxwF?onDS{Jli;N7hSQ-HJ!an@<&P%~!5CG}v}DK&ig4X2I{p z1yZXGYzaU2j+51;<>7Kz!fJZANI>FdURK??x60WPJsin{zf`-ka}5I{;?6BqIX7C* zpXFX+tt`oDI0>A%eUl;{q=%uwaoXhvn!Utk4>USUnV=XJVsp~X)~d_cf2uP>!bBlN z|3|mYD-*`f!wbab^=b)&qTz-oiimq%$~Ze6jKQ^at`AlAUL*|LeFol(u1PBm;F!XVt7MA|QEqs*X86q~-Gsl?CW zMwnWPKtQlIvJ5(zWmohiS6ExAbo+;mXq%%QJ3ilutMm>6k~b8Se8Qx^JK8HrJNzMW zf1^zh6x%(tme^lCwCc2lTw%3^4nFJjMw#KgD7GJw+A$1LO61ezM5T2s)>?i&6yNCQ zA%ln!8LoLc-lY)FqG0{bNqQ%Z8dkrqZJ9}nL<@e{`~)y?&DO(-bFt!uQ}glOD6_AA z{W6G);^N|7U;6Hkg8vcShbMBbm|srB9$sf0p!>Mi`}xIl=R6D zA>1iSB!&8a@Dg%FmjIA+`2*bS?Cj4Bde&n^|GE+sDf&}MdF{<2b}|Zixoh6PUuTH6 z1vv;eSy}sRG33-XCGNmb(ER+ zf*+UH@W3TTSY`gzyxYhvppcV?1YMDHwB4-J{@K+i?kd2gjBVOK(A z+!v$$wpU?APG9A>n))KK%_5xOGh01O@9>FXv6+xt*M_|}8$pq_)J;$XchA&Ah&T}> zx}-lT$chM4U8%OSay6(m`~emy!~^9H#;vj|@V2G@N6V@gJae0@!(eE@XinUpA_mlX zdyNzIo8*2wcMwS$DNw#y?QZ+%sg}dy>-({Q{*6F9wnS>hX)O2r%;)VoLShx4w$Jm8 z)ebX5W2rAxk0oXHzelLq?l!CaWdeWE%=4;pz!SIvCu}-!>;q@v>OqM&@&azYSdo{< zy;CH^LYj^?p}miU_=}1wt>(jH?K5cakxRfKI%M0$D}n%fY&mV#BswMm>~lT8M5d*&z-^j&oIS0WuH~KoqP5zR)1<6hQDQkEG$Q&X&+1{9kcwCfpY-j`l~ZWl z<;G*EL3JH~9u^Hg9(?@eMxBpJS#wxUi(9*{gG~hP8_`$&tVNSmFX$4n)RQrXjEYDL}fAWi=4IlX#>C_|%HkdLp0 zYU70DW2hIY+Ou{8V?~^%X%9XmC7Fs|C!Dy4CA)&D_tVEKM|NyqP_R?2j&$c4!MNb- z<7>xA)j4)!m1XDl3nuUh+}*w0w`NU`cQ>$j{Cn>8mg0xLYgJr!n>2@=)ES>$Q~dyf z+b>|RT)WlH%OrghE2#-ZMst&6*mj#TO8X07{e~6)fyjr1}Nt_xcXv z`Ty|t>&vL}(o&)4QIA)qy9Uag*mxPh_cApQFu11+n-8S8_9}J5Ky+z)V!|5woFwu3 zwZ}dfo%JfBwy_3NyFio)PQ;4(L02`^P2*$`XF1q;Tfi_bAZg+1jB+P&L4sg7ES$t< z5+E2D&=MDEgmJxq{?Mt#XYOVijNXm_IkkZgH@j5i~!>@NiT_HyMs7;ZjqzF zMXeU?uxwAfa$Z<_;EoGh?|#T>+*4^Rw)LC8tI4Khz7%i_+|1axmS=Y?i)C*lyk`O9 z``y4WM43~R$ZB<476F)%h0Y7*)O{=`J4RvI4YvoDuILQUYNZwn^YIArgAu0569c`L zM5NuKbW zI*l(YZ`Lwq?#DI?UZT@rD8xsaur6^bgdp#BS*HbeLuiqwV2ZRfi=4b$HnK0EPER*x z4!jRzWF$k(W{KbNxa))vc|^KskuQJ_ff)mM6-n3w8!D zg}{gaY9-2mLYK7I|LSeI5ZoA5OFy~q<751qDbTw9i;MnYG|v^Y^blUpw2eN$QuzDP z{8KY<-Zuk-1tjWe_c8a?)gt@cE4b_i*uYZ!vg6E4k`WQ4aE;h9zFKpADq{0_B!z_^ z>j`2h3z!vg*3)QI8dC|a)cefe%nN`YC1&}}*_!Fe zB7j|e>OC-vjTEz5mX4EC`{aDIh>#t8CSk0OzuJU??ndz6Kr z=aIH0(1gU-m^$^Yct)Q^F%;|0Pkq?m;(xXn|8z$?GqJ^7JJdn-7cV9-H{++$v=Y1^ zr323cu3B7NOg<-5YtK%V{2%US)%N@VS59LpjaaS6JRlz$PQ3!5;vkg*VB!7qr%CDt zVt1L^E8^r=#cJHxmz4hVQW7Wsr6Io5A&@dV;R>p2x3%lGOJ-FypjrjB2|qzZK;A+1 z0N(`>Al2~{%gRJ<&PtsoVbDW-89Z6@vo>aMl(O=aEU|+MCw`n13qDq1udifYiI(~` zotJ>@T=inh=~zfZpXAKJPz?Dv+ji@!2*JD2EUNhU(icLl_enA6JkfjdJIxb|&kQ~l zd+`}H0B=X%i-BdcNfO@Zv$Y!EDY7nOLAq*3M&JVPyBxv26BoBb>kYa%yVsHIi&kpz z;@)B>YHwAo_GwhNJ+lsq4ktO6y%U4A`_7)DWoW>O-#{p4K_@-C(bgaehhKMt1M8FC zTrnE87dPL1>a$YAHtz~DF|$buHpTI$7Cc7Iw2zf%xEZC(sD!vDDZ)(hY7NZUs2b@* zDm&HKr#U)>_;$3VN?vh0E`@_P&uMuun6zG3QEcVf(e98)XR5nB6Y*Sjzy5;5xKley zXH^|j9UIBw9QmkvM`Vd~t-3oR>ycbjbIf@I5B1Vp$n6hboQ=(i-bi%9>*9!)7&sFc z>-kTg+`6+w)$ydjLQYf>SK0b>54aeJD(MV}+m0;-V^*Y9_!rg+e7~jE&GAJ47eHS| z(4GOoqcc$zeK9-cvYguxzj2BiYKI z<#=cCH6+cux%JOASFl8{2jpbkY;v*`vN|^8Kdx!+%^xCDo^UH%=*l_w?qkdd#AVVN z$#AH>;fM^U<4C{nKhe@cAaeMoxl{5hMNW4V3jLvD=9ZS1ai%Aoe@n7Hf(Ab4cY+ii zWD&YeDp6??sx~%56bbVc~i+ekmgXq$y@0&V{)~r@UOANZs-6 z=?YNU{s~%IHUF;@+d&!x^$K8+$`e^EeH~ayxez>L)_*tfn+2ex!Y3w|+q3L?^8ad? z&$NU7&6Jl$gNrp1sgZZ99y5-Y0i0?3M(*mX{IYAnW6~CJGr9dS)SKczct1vcE|uWQ zK(>siyBqmNuBn%fKGThLBQ5C{6dQRV$!ev)e~5@M!pgW`D|ma9c!hzTsxG|`7rB*{ z9GTK85_CtCZxwYaOq?6Yw{C95YHM)&UQMIImVuo_o?>zg+Iu#Q^WDlYyA88T z4$i@DM|iq_P}8_pVbl+Q0cof5P$op_Q1gGC&X5qA%c`*o1m+fDLU0c?J}1K3G=ko0 z7VV8uIf-Hud1S5aAC6*6@qi7E>$)7ftb(}iJdr)8UFHc^@Ls0!c0F@w+UD-j`!n^l zJ|?WjTm}c4k4|Y&NM@s z#I(=nl~^BWcSsdw8{o7AZ=vAJy1RGUk+(gPNfS!vQj=Fwp1$+#{2$JLAYax(a?7Sg$-@BwpA%EEp1P+sWX0648eJ>`8Dn*>x#!VR&Y2Q0<^~D03`E^0&e>MCG3}A z;v(Y*PPqOnv+NJ5u$TWFc>Ya9R(3)57|;*)4G6aX7xHi6G-}HVaB=Y)w!S}Ymq^hi zCJj5c(W1VwEKu%v+wnZnRd;Pwxcf}j0O(_Mubxd?%+<93(>#fDIawe08ym1YDFZYX zo6c1*TopMW=a}AZkIMsX>Qm>059jD?I{3;YTMxZY<#6^lF2zL$~SHeDiY#VNsTH`x{(&B z%^$#(=d9sdYL*|CRIOvMS2WljDI9+jkB!8!OA@AgW%VQZd3CfKCyi^+45ZBd*E%A~ z7e`e#9be>d?Q5s*{3tC==g?t};53PuX_XtLZc}Hio9buMu;YmLsN4Il&P8a1 zX-5>ejn$_Zq%sFEJpG7^)NpA`pXS6zZ#=?LhYM;runo{nVU3F}ddKEAvRpAWJU% zrM5hqWs6Ypo6KTM_5x+Wxz}zIv#zznwwf&U5mxPMXF$rbiGs$VmWcivX1|&16=)5+)m>9LPJ6RcSP4p3A-|IzNYgWX-Q40+*EvdZwd*< zpP1rgf&qGw(oMWKVnKdYb6SUyiLoo{*NDbH$3QG(#6GhM6)eem)AJ;#n66AaqPwy_ zAlc~e68LKHWO`A5yD}CHhrEUy`!(JAg5BK>q+qIx2 z_TZ`_RGaQ{H08*$mS_oSFF>>xSIB=&Pd(wUhhEh&EfcjuRPG7TA~s&CS@IiWhTZzJ zZ^WDx>HIm>)zY8%co`y5-4RV+>DoTbbeFRj{kmbvu^~%p&_M_J+G#1Ix9dQqw}{ zDLIX-JSUDELGEIdsvL~Cs13Ur_0^(G*V`ydOBbWqC;OdLya1bOZ~FK0#P7-sGDmH85sBhHGbH z@7qGzjQrsbCQ3`J`-S6;+PnfB8&d_8!^&^F3E>I3wiOU=En=61*7HPr(`lOAanOf$ z4xXEBucifgX`lEfm%S)6YdS$2%EQ&m%AFgPiY?C;qmrg#CI@r4rH7~sld^j1Z>hx^ zVfW}HPOwfVoaW7>*1Uj@G+s{RW0o zeQF3>1ugYY>KGT-^Te!}{BO8Pi%=dW#qQRqa3Q5y!m`OwQnqle#2DfdsjRy<2bmUF zq1W{A@p}tugt?pC35r_ZSK{Qkol_pSn#?GjQw$vMa#rK;`+oO}7B#z?oB=Nrto!CW zHO)Rolh9ZlK^05ArCDyFcts~wQ%x5hPeyrCF=X@E6EXhdf8Y)ODMxZNNn)!fI8cEE z>F81LZGTxv@1&pxW{LK)&G@iJCaind=N75NO>@9$`98PmmHX*rktaA{VmiW9o`mIi z2|cjyPm|!F9V?jcXj*?Do{GJ=57U$p{!E9iMzHg4o${KDyw^ni2+}x=S}B&EEzdvW z9s$=!$SVm<+TUywp20DcXYbkUe@h9WDIeMraigXcJsbbvVfnb5b@H3dc9l)pd1yp? zN81*XRiBNYsKLRw)4!pc>Mwy#MaF)K8Vo^0X1kx%9W`T-J>>z4ITd3kT?{&U^$@Zx zI_||!)@FS7Yt2Jf>^rJLp;Yy8f^vo-!uGg3dU84Op=!z*qRxtR2nnIC?yP@~3Q}Il z=dLZ;<58o-t*A~&nbfOX!NqQtwd}7q8d?tc{wt`YcN3ccAzQLhY>u?pFxDB`EM2%J zajs|Y7Adb8rc2PVyte0MRnaK4(^Bn36^9wGKnnzpGl5n~GTo z&s0HVb-w8o4qDheNAh5EcKr5Dd;o`u;Z^SW;? zaX@caf@6j)#ZsmHd-Qk0xV9^mt4+TM>F#HVEQd9_f9aWe=)t(NIAUiU^sWmz+}_IZ zg+`WHhQ7{rZ(KBCp4f7qh3d!vmH9`qgy+n726i^0?Q5>Jh)C=QX_vF;h$`K3b|*s; zE`E$e&tuOhBc^ZJ%9#|QCJ8DQEk}tVpcPPfLJ<+De2ji0yjYhQZ6xfDMt^gS>nb*Q zXLIJ@0wv@c=(of4oj!Z*HT3LmMY@Z_?D`AilZ8DV;!#nT^wNUs)G>HZgnU4mYlBZ~ zCP%%1Yv94aj1AGaoWDevj?g@;`L`SCT1Al{)0(c1=?!RY+G=8M*a)OzOZW<=jvqWx zNgrF}x?0U$I26nG%4~jbN^7spz%Vsh20<1n5V;0@e@6P(OUMvd7a!Qyd;iyeI{yOx zUtr6+lG!BEtS~mj5rxfW3AqI?2RDiRVfHRvTx$cK#x6kW*yKqU;QS z$3#LA`m2D`?g!r|OOCaP53e?iddW zhL5SYK-J4Ka4Y;8kp=*m0v&|)h>Q^x@z8x-6N>HM>hf2U#uFU^wRdC&Ut^|8%fsHC zj+y1lq14gjmVS0wwPfHjz^((z-0B!?xUQ<&AO+|{@NrNSNC@nYAQ5|!96axhI^l0< zW3YzTd1|*-ank}e_gV@tRfwhi2GVau-M>`J{6%*60#dF3s^W_bS9=P~dekI8cHTko z00r}c?=M2%5)8KU4JgXKzaXZ4qm7D+0@|7lAbI{)E3&ylmPvy|Ge`9SL5dU*{ge+; z)PlZeJU-zXMI_UeolT&8c6_qYq`;InLwhVyN*yC_KfgKYS!=xhi6pi$_+$LX(p*OE z@_1HlZOQ880ZE`cU;}7M%w_e4cvU(P2iY7_2v5!)4AuB(2)7ErjJtAfhP$^gCZ(yjlXu=X7;c*k2?rJ1CHj4mc= zF<0!4@f|AUa{Aq5waYz0x2j!Hv8ptHVuOI#Pip;__fE{A`*%8V)by`_#_)Dd&b8b(R+Dn z?@5!8+phas6G^uar7Qces)5Jg-SB%i%ZIVL?`0ab_4BaX4+a+c=L_<`hk{|9B-y0ckn|L25v3|48ayAb>d?Uu)346^;~IzG+l4?i zTgzy4%PQz`^BvOQQhN+E*Mib2iJGLA&IX-sj`IBM(}u*VZhBo)9|*;gr$GQBt6wcB z57Q^F<9bQ`wo)LNe0=eejdqRe_!4|``x9NK>@1G@mRpKK#QSf4AeVdYt1I^AK)blj zz$W#?xxLFP__g)#5}BuvY#ZalyDMMY`Ez?pjt_HV#GAt}+8!m^03n5s#|FyUCtEpg zV`Fh4aOX-5Ng*Q!HWQFS^(_*Mev`XSpbdSb5g6|-fa4fr!)G(`B4YTvbBPjYz+A>x zx0-=Y^cuz^bxYRy!NyA9E0O?gn%C6Oh*%zKuAGQ{2>OI8QyB?o48M0|3~x^fPO8n36u~C;U;w)Z-;| zH-(2J^olq1YS?J>ZEtFdUq4~?YMi8%0Ntv2mBs;SW<^gn?9A?XEl{WNZgg6Mw? z7sSVoXF}3mX6OB!DB(*Q5%#zrNhI;ti{u4SA|&NMZ?i{zMgKBj_){az=BP{@?xR~N>Eipno^YNKvJSbThtUIpVbU>^Mwz{fh;8V?#3Hq-`E zsS*g!M_;U(WmXf#Mc5Lri-&jc;m7=|t;VeNswv{x4;C$+R{AU+?;U35^XunU=o)A?0JzVOT4)gtv#y5+Q^Tz_6J z6z6b_?rIhbP!W<#&DAtlf>@M`TH`6e9Bk#Sd9-$fcSzxE+L><8yIclI%XfF9x{u?y zJb3Z;*Q<(fc_J;^ROw+)b5CUU#Zb30S5^ZKcgz~MbonV@Z%Nj0OBEpyh-ufC(kx8n zdkFjsTT_dn;PNK|1C zgyKFc{+(I<)%M!h!^RKn;|}87vHd+eLcDkBV5Y!&dlyd3fL6lS(L$mNY!mfck0kNp zJ!6SKNw0#Y$-b4d|-M$3433QU;Pi&?#!8&Nxc}MlH_)%01EnDZrn;pU&i7)f|YA=hHvdpQO=41Mtt;NSujD6rCb+9(;E#X|F8(CcYg5xfo z@O_#1S>lw57UEmi%|?9%=?ovYtfwEIN>v)yy;qBZ&dsGd%x$i+Z`yFgYWB%qVmWX{ z-@YAn3F$RSpN&r`3u+M*n40ZLg^Q$t9wu7N7!X42>L?ThKV5pR$$t0?Y26A^ZqoQ<>L53 zZNp(*Q*)zg=`PA1byI3mTJPbd{JOOCcdnIgvv2|sA-NovC7hbLfx%mcPG74or) zWy+<=j%=0TO0h;OR(c*tIR~XHF0b2nhi*?HgQH`KfwweF$AI+n$zCM-+me>v?s~#r zadBn(1ta|^jsO&#K_bl{qAI|nsdoi-CN{L}h{ZwK|NrSzt|o%SAk!3$s+$3f>?Whzu@hPm*5G9L>^ zw3lAmGV%he(o?NuiJY3vDcgK3$iJbFmZh$CG`n^nCIa1TIPdbxpC0mX>}q$!Qs5N;sQ&LPSaC{3z6Hqn3>HNF zb*9$lXICcTK4%@kl$2^*q~UL!-=j7~IvvG~V&St6A;B5+NLnc{+x~osjteOqPM$S_ z+ENeIP1nJcAC*Jhlm1VOLNK+D)ERM0q@g#Wdibr(-_%8f=0;-7QB%rDG<$AwHWyXp zsqVCr$R?Gv6$c_s+0Kq9XsQQO%a ze(F)9XfN(XMAgR6{KtPWRc&AjK)wC6UOQRh+}f;I5d_I*;vV4yFK2(h9Xh6Nszvgu zu`wn9mTT&HrJpVDC_%+zPSShR#Xxy%doxSP>a=h$b7~&;R(8yL!XunkKMn_TN5~5q zAtrcuL$pGnn3KS(otSE_V-gx%_AF=<5JWoAkQXZJ?37oVP0B{0-&h|eW>KajVZ#ZH zg4eg&>K(eIadxa=jU)W#oHm(iH`?Hly3{3b{czAy#8h=qPlF;>^NbO$%ALipk(D7Ty zTaEv${+E~?d0_Sy7jcmRmBr|9aLF9jnfN5=1`%iUZdj2bCV+afyIA3xz)zkJG`7ca zv7{p5j3FY>?=*tLZk8)(5wy#HtKx!gue_0Ub5zYL7Jm0eUxRQTSkV*E0e-+bP>+*TeGaC(#pD}+`Ja01Nquf_d_F#S|6pkg-^A# z482Z!5<^8}7^xBe{oU$KpR2Z?{V3bQIBK>vPE%dGUU~WHR>L8QE7zsNs4DGrmp-#8 zq`hAnJ&0o48*OVKn!{=q!)WLCD*^+K0k=NQUeHBw$jClV%-JbH5vy`3Y!0P7{!qcw zRHss}Db#VI@$-F4+e9ynK?DUm3rg~SU*P4T%X)^UYfol;IG*I9yNUYG67oOj( zl5mldhrSdre*2m9*f`o|7Fs<>*>(4Ql)gQKtJoy#v$T_wJ3`p;!;QtBkrTMw z8|2}N<{v6BI=0k8^FBCO%=peslFP#DD*Bn~5Nx1Oe)tGw%1!>3Z~kg8SH_X*`bR!kdk7Y{_(UF2gvOrj!W?&gF7*D>Hx~6T*EN~ zUXN6i{VNCf(@Q`#UXQ+A#^RNgLaLpoH3@SAe7FnQ#D4p+-3>7B%Sl)bVY_=k#Wg?Ykb6b5oXWL) zhUV4mV4OMJfsdvz87mJ$5P-`K+=QoYrVZ>sb{_Uw$q%|rVl?CsOO3yS^dPZ$5-+g; zdTSRr)Mh(_9guS`4-+XJzP5k&S+==VYkOg0h?P0p$5P-0F5)F+d|X8CSS4?Q?Ff5v zIjO<lGAnyZ!LgqOM%l zwY;mGIcM@PA&lq49)YuKa+bn=L_1um4MS``Cf5UBWlIGwr@Cu3QaS4k8qPKONKnLvS_#?=7mg=~0(&c)i7` zCe(>(J~@=sHK9rGcTg0p~O~ibF;yn)L8N{9mSm+{kk^7q$j?hV7 zIK!>A#p49p>ia~%5?h&kQm0%glv+{5n0noke3r324o8|x>WV*#E? zX{2u*d8-AZK@d9g?Hg5x&oP__BlkhAqO!w+vW(A3<8f6_lkhg`5wSwLM)V+knr!n| zR`oE!ZDERKwT;(j#KZ1Za5$lsS-1E}$7^-oGg)u^mkoMX0e$~;;FEv)*1zk3|NkKr zju4wArq)7Z&2CE#9qiM66T}8B1UKs}sBs$JbljU@UD1eG%+u}<^YVeJ+=Rjj#{IG( z2Lbk80a}&aJ7n`vqdns6%UO zvzb&(2XU|xS6t55(Rd5Vwl#=Zcy=L%4$~mDbDT)0CmAbF=cse#z}AoS5-AJh?E){e znb9OER!|zx<&;%^wa*t0+>GdDigqt{jAU$Q-B49t7W=sxd9K(o{!HXuF^^9Hs&1&} z)|)qDm2{-(Wmis(TkRC{OLTpfImM*GcyQ~#4FYUt2+#u)aCT@cMKd~C1^aV{B=QpN z#0?5P;s*v85FCPv-T1d0xwd5x!>P=|_A=;uba0xSaU!Q=L(%Rl>moJjYzHC_{;l<* zg}WnK>N@j*xekjt-;WCd3LQQPO&T%=0AGF2rrw?K4bm}Zv`kY zZFToG4V|geL(#Jxctu?C!^$RGoz>UNCI{&uq;}S4eSr}%_9w0dp1-&KJ-H%(F!Ni2 z{m)<)&K{Q$o&t4t8=(q^&MX;(yc1{k-NHxh`B+rBn)I}MDRkeTM$%0K(32^lZv+n= zEJW5`gfe4R;9VkRUXwF1YbDMk<}(kk+6(W9yJE?;Q1%u$u7PNdsL!9V%)>Eh{Ek9d zoN7Fc_8iK*KhxgvYIuIiSk%U}r`cjWuZ5Vu_?pdv)3OkYYSXZYMq4I)q53pk`+&7; zN1F?uZ2^x$XVG6JQTixy+=$A>9L7C;QovRT4K9=ZnV(jpSaLmrcjc?x z^=dIhDd{IU&Q%s=Cz#=GYZMym_WF+8Z^Cg}OMk&}o?H&R>$^{YVsp@ydi5s%-9IOlnkx#RdgaZ{IzQm{U|zasxC4v-S!hbI<5 zhQHC%0(vw1%;EnIhW-t~LFouub`zRrdpoSR5>C6c;&stfJrj zWJ-hO@RQJeUcT)tF^hMurMA`0V(zV$IlC4(Boav{G(F(iBQ8rM$RH?4bmcKpoftW2 z@@}}-?3OF1ljG3&R?=nc1wy2vEg1@6&_?=cVtOpkNU$#?f=Z(87%@vST*}&dMnc0B zu7d{Uq7uSjr^vZjo$B_c<+8OpEpDJ8%`(E~$`>v9gwboHUyMLN?5kHEwwlNyD2{@s z)*@`KViI0eF)^C<#oY*7IaVvW`lh&KThJ@&zDiQJuPsB0;V8MoZ39Pr)*RmEA~l4E z2)h46WE(Nie@R9X30Jl5yjJ%c8Sbc=p2Mq|Y>fHt;#;PnVCN|PI;G%mH$yDue{^El zhfdN_7}*>`^hhqw>E+K~WOqt!5G8Kt*Wemwf+fC+9>h5HDr}EkA8}{y6t5VpQF`93 zj$lc5I6~tk2!8T0!5s)6cL`$1t-oCUXjaX>lss-og>it@fVzjAniKCNpo);{euksB zdHv*fs$FL?%k+*KNx79RQTp6IpXMrML>GGJr(+}T)O@HEU0=oSy^Cqz1xn`%ux+m{ z{f;Ef+L-=tma#Ek9StJVcup2GJ$>^|JVlO&(>fuI7%f*~C!Y}9=Eq)G_Mk6uLd}^A z$u`RWM_bpW-{AZ;^b%*8(Q@R#+K=IK0DQa(s_8`RrXO_p@W1Zm01ca|>FwPEarCc3 zPYuigeL?^~iUe4>eT6h)3o`mEJ@@=7D4{^FnG;yX|LY5QDrmvgkaL6Ii%_Vw-#@rp ziDdHv`4{{kfkI3IIIY!^{|~&%wR?b9`I7Q)GlOkBL@P7M$!oxOkZ$JG4UPS#ly%NO zqR`zxrgABvia8SEbmqJt2hOQA42D4Ir-9}6aXBH$%~G)~wmi({Z*SKM8gcGBkj}%r z0T1?qDU#DvL#ctshRDmUxeJjZoAy-K*`08t_c73T9h-DQKdkZ&!WOM(dA;<7a!cxl zP72?GFrCH8-wcgzo8<(vszwtuy>T^OLYs0PK#{*Gpgc zyKd4#Ls}J;?W-vCb^ZaNV;gomaYed8$Bzk||3>cEyOFL;v9PaHe$> z+nFoCX}!ZWUR}EOJAp}g?I$qOuX?mhXNMa9!s#jnd>c=bpyBYh-|>udyApUI^xbOo zSH7Tu+Wy4ADpdplRRBS^nW^~i9zc4)iflvmPCme8G=6!5|A`F)=`_uFT7*Py2F0BpACvIj;eb{8-3;Jf4U zb$j<7BM4o8bLGc`-rE;5bulHH-G0V?#4Vp^{nK(ftXEG8=8Lpyf zr-;%wdOu2`lP_^D?Aq*Pz2L!G73-M(C`9%Ep~*ofl;aq&biX<3^hO3T_doPY|63oM zpP#oww-oFjyMd~5kMjbr?M##SU-B^U+bG9c&jVq^{t@$ip6KBT&<36YC#RK`1l>p3 zymFtDyxms&FB)x9(f5y?wtty53qhquIX^o`N4Idw9Mo!S^SPk&w1ywtB*cTW2#-hf ztJCOwrGyS3K}s8rUZCY?^c{XEsGMSmy!d@_WqEnO2uz+5XGaIda#xRVBm5;e(1=7U zo(L`Pv)4V?!TxlK3Yg&>j4rDqzwi{GfxfGK+DKbwHze@Q2|K)lHH!`OXY`M-CNF{7 z?LPCInV~>ldS!nBwTZq|*X7@q7PSVok6Df$mxUWD)rH=#m_)gGZiw4c)Kkm4dV|y*dUBw$>eIcg7)3M}b_4 za|W55KRJ@HZZCj?39UV@|H3T8Ar^saAWFL3gPFlYz^ zdjm1OZY{wZf2*hW9L{rfd=|;(ctJY~ptse&@hjn5jGXVO1R&WI8fI>wPZI;#XIL6gZ=lPh z{9VWCl*-OUXZr3X>)n$F{V-9S;2BK*p}^mOo)4+#Ex_`-)W562NcTI;{3D+U{9#?Q zzU&WP*JV;)4WJ^RNb1VbTUom+J67Q~7vn=rJP#T(t{hZXNj-}HB}IhQOX2qw6Nao zma=hh6SJW*f*6tOkorJzfY11~{(2zi;U~7?a+5t=g1)>giS7r-bgh%TZf2F%pTgN) z2aaG3x-H*azVf3w3nXCOoSH8Ki;NCH>^~zp@^-F&~xofQlsz*nH3H=+@J7HgCT zp!oE&v{8{!GLgpTH+k3o6?5$MZFeUq)(R_A&}1hB#-Bq$70N`g+AQ?Jt}pp%u(Lzq z##tg&DM=K4jFZmNm+=qLLRL3Rh%K~ z8F;B(vA;tsL64jTn}uv?*1=ow%)>f?L!5dkI|&(UOl#sRIRPGpoxF;P&0;1tYG;}{ zAs*=NRL1{0l)=p8T35ZS+O?5lrcxE`g>3NoU7PLiyIpk!pa8!DV))N6*g5}gf$e{- zU4Xdt55ja+h!e#Kk9lMkHI;nW-;jY7rkIKT(D65`s!s3M1Fe`_;zWd$oGI7ob>LOf zm8=!YMxb8MR&EWGuhiMcMIBz;8+UN=_cFRBywhx)a+6=O;Hta4rfFG(Y}<>;5m06p zXKa?XD_lvCU)xK5O7z1Q_19EnV^j%mL4ltRlM}nXwi7ZkplS7jf%VsahU|q*2phY2 zQ$Fl>T}^T=xb+VA7Ic?(X)KRkr-dF0O}(H)>@_mwPc>2l+plfCAw)^G{j$>WKrLBl zT+&-@m2&?@7lix;RLHU{mKeQ60#BkUsffZjc=k(ur%jEc)v)__WT$dU$tf4jnoDA{ zmIb488^HujmK6`x-?18uGJ2K9bBlvVKb`h7>8~dlq)oA)(?;X~_3q-pu^YY}D%X`3 z%XJ7%goRghq{G&lhvh4bs|Zwl?WBA((<06W>v3rKxEX0O<73jK93O}&(vw+Vu^mP%Hc5X6^q{fBC@=0}aVJT{9* z%yP2J=Lb?U%RHvnn%$&^>9EA$_;`XD#x>+>uZx_Uh@j86Wx&=V0G7z4O&u|x@YZ>!f1u95^lbE2azSg&ZY4#Fy(qH+JXq_x!N) z^@Ks6SM^%D?%tERU~|m+T^um07!RCH{+-!}AJ9(oygPzjnACV7QWA?BTr%y`v7_?Q z`538ckk9s+XI|((6HQ<9lE6C@FxnaobKw}bRnGkynRfrc2!C*njBo$@AJ;_Z0E$8< zWOF(BWiaR&cvW&_r-t_lDJH>|p7Z{17bs5QoNu(<_`LJza-f{d*=fg#j%v<3*+~r1 z7mGu9gN8Z2JT(!e1yuR4Wl_?H-w~iyh4oKWRa-cBmMdb5%2Pxu|(f(C`vU3)4FM;gOT)`Mc&@dZ(L4^>~?! z!C#URHx@RK&aTlZWuB(RRn0O@bmB$aaf4U)px)2{3S`}PyCMR8YRHP)X_RPBN}33B ze76*=74W|2NPY5i$wV@jZCAta134bjm&{|WJINqLV`1?tgZmJh61u1_ zXAY{;?2(k=)TbSZ%9#{R)s1tb?^QG!mRr9na@=A@Rw11^_w%errYff)e#I|XhU*b_ zOFWy;gS{tvN!!4UUjJPF=J_#-n2_bU#M_2x(s`8m1zES9JGp84xv-Em*%%O5)t z(4|M!c?L+1+^(SjXCTEiH~@zpjaGf-Dxhg4RtS3AhU$C`V66KYQx@QlS^kS3;I0fX zT?UK+rrR+W#zSFqTOK*w9KRMCxXzB65lS$M=^}if7?bfW@H&@#89)D(1L3Nu=2in3cCDf zph%oUita*z=H(GjnXE~zR?d&}Lfr>w%`R}I_O$>d(IZbl_dP=^Z>+4`eZN{g_le5E zA94e$GXI%Ar&{gD01+1y#Pwv7b7Crxfn-i}Boc9tlCNIioPD=h%fg_{s{V3r0ZlFy ztKr}Fxnc$TWk#>C4Iqs4ws!W4ql0%#7y)YI)9BWSxpk#R{@J+@8QZ906;2XX_Y8lo zwYsYD@yI<7@Nq)50{{B)ja)tMkNL z97Iuz!6zu?BC@^Ahf=W`Z*-trl!inZi=y82Ev7zc?}93v)GP9z#M)mq*;n_+zu1ESH54BobDG&H8a!=-8)pqobpDRfPRP3!F4aGdq{dWy^5FcWp2X=0_24nFjM`ceN^E|H;_5$WvLx zf1$;1#qKN>(jj!D`Y?^!mF$byqa|k!EaD=frT~hhsifbbC;qWI5ZiE?;X()QCo8j& zW~ue4se{b*eL_r1I=obkp7iEtKkg_c79JEPwYRPgxX~x8@Sxwvc02zIyF%CjCPUDXzeZJDh0!#bUYs!TFznaYUD>ezsb5>D|RMaiQzvF%B7 z3uer@mlXO~LjQpWp$GKeP8@QKyfuaicNi5O%~eS(1aFR*;F0R6dnG>8sx~BEJM>HIn`Zm ziF}bs%D~WWB36>)Y>&;-_oVyrA<71$XQqd1$S3AxQ3S{U&5MdjB7geWh1Nc*v*YNU z5JL%HHBXxPMXB2naiVr0IaVjo4CBvH_R^}8!biI3fUxc!QdjJ7%p5pIlka;5lYhpxW0T)$ZU46} z`F9j*J#pYmy_*c0InMT(VOsmY6ihpp+HEIcRC_iy->|3_NO_2-=cXilf>mMO<=h%^ z9zrs8hxBfGbXnB>Km1|rQavk#(s0$e+%(`;0RYuYT$E5@e`$*QcOYC2Hv>iV{* zTKdZC)tg(I|8{C{;6dq?Z|yQbcG3?ITEnkf7%q;zLeX~9c0`zjk&PFty*DB1;U7tS zwF&_TjBw$tw2nKB>0Aw~sJdIGr<5mG0JeO5@JB{pPOvK^%!Wm4#a97V5T2>b6J{Pr zG1K_24|R|5I~z2eGCn?;bO#G%7NOhqK6nyA3oBZgta1}i= z4QfG;;NGFDqYQW|)+%_}wx({kX_^~?)1Li;7LUjj4Y-i8OCEbu%|&BPc~y6ze@oDO zSLncokJo&mRdo(?5j1ABZmsule%jDYTR&R6(%$BrLXb;2=et*tpbb2h<{TtGY)d-+ zKE>d>ILN3IPeDx364Ky3s(Z9VeU!`HY!a3ea}6*g_;7B^b-(PVwF1oGD%G$!abxq@ z8`b&gplyk=F}*UVWgF6GZqXziSDM)Dr|s|ao9T9(?oc)AL)yrOnCkUfQNxVgA{)~> zGNbo7>UzTBA;Y4WGMf=09+wLkpM99h4_L+G#g9G(S!B{}DC2PFGGxIAlWP(kiFCDK zJVuVli1V1%>R!1^LEB?bUw01$p-8BbV!SQZmgY?I8Rp;jP~5jiGY2RoNNnd;&q{B% z<^qKUA6r|Ty1$wBnBO&2Pn=)5wyS@8|CVv+vTAAnZIj34<=NZ5t20s{;nA5Zq#?gHeR53&4HnzoL==I2CxCPe_&`P=&B@-|H7-eL?RdoI{wE4l>uE zRbL`Q1=k;wp_0dfy9*6~4*bfSkiLyFz~FM}+XUelYBh9plEEkXcow724lj}T2V>XZ z8m!wMASfg<$Z>F#*C#-S%Y>ctPL^}s{VVxC}fK_%~^2=&Rha!on|L;!BE1V<47Vtm;P z2uE|J(U7$pVPFw|6mR2spJ9JW*SlZ|BN}>lD$dbC!_?_QkRB67 z&p|d8)0HmqA~)VD5wm)K|Iq;a z=VOh&{*#~^{gXn~j2$>+qrvB!(F2vxiV&VF9A)s!-*^iwI0a?!O>7?)bW9YG5x{Fk z;oe>$b1wpOYaF(KObuU+uB%fPE7;7L*AEE#EGh>&!og<&#}I`M`~Oah#5wyB-s=rA21aHPC3#b_Qz^Br#e1W@$9#T* z*h-ebDxO0gbAMk)Md+#>)WWFOh??581qt`K|;D9+&h7=(rhCC!-=Y0h-0p=b{1tTZjsS=($lu36-A+?UIWSzy2*x*x5T25Os z6fHUhk^DfJ=h5`#B#vk3v@^73V%e_tB*<8E! zcPGuSBO|3HA+x@=%EY}MxWdK zz!!qD+aq(XGYNh4)pyS`he~_GrJX(AjD7P3q(#m5EM4=KbZox z>LUlt?eX!tmY1SoI^B2eM$}GZnJ`3ERfg)vcu%98gU$KfTc*0adM(CO8-d5Sn0XFFez9$UQWzy+lh+g7}-lVksea z1VAh=~UcarZWp2;_exaEZzfl;mQqG2DGOS zV+{1OkW#p1D|z+u7@^v9h5b)@UPzOi_8mi5F2I}l&s9Cq^mFpxza6!ra#bo@J+Pc( zh5id(G{UX=p78C9b@LMNENhV~4Msn%jp@f$WRRV6k^cQNVh!m_urIb>(w}C`?d>(i zSyFkjf}3~mW-Q1K;=p4EuXgEOYxfdL;G}{>jCeS$d2(9H{6njA$^<4B6VO3Vg)VQU zQJp@flOs+*(iEvft-E-u-rzdp?(<#S^U zA?=`Lz*1GHd~mHiz3oSCf6(~r znr)pCaDo!6TzIQIXQ+cP*GJIOLs0yPP}HE$vw)?r0ToJul40^$>$I7%Ax|gXY@g6; zPwz&)+b6gkZuss&J;^RC6xjfq&{`EOOk$uzwO1CUdktFg@Gl6%^Lr0dvJT3%HG3h$ zJ(|nj?SnHH*7eDfJ^+RP61Ez~J7N+d+H0DaB?vtRC(oHi|eqg}`=mQZSI+U2o69z-3*1^jyIMk&`G zI75FN@!&X&;}!tw)HMmp`Ki4jvUBgF4VKVzV|%VDuD%sHJD@9%L_1bFvaLS~Uk`~1 zKA)PU=GaoGC&N;nq)6DmJ-S_oBs*oo{laRp9UdtOA}%gEJ#Ts%_h?0PxMB?*9jlx_ zG~F|!u5a>evir#C0(;$GYxoXq-@QZmHE-8*uOz`oKX?lT+-1RHghfg|m~_rkcR}n; zb=umKxEB)DMfK-B-_!%G2o%(X-EXLf{i$Sn78woSZ=UyZvJFw)TfPocDusgDZlxy%wkIrQLUOK70MQFE>AH@HY|j4qXsCo{c3Z z$~_FIxUcQ!gf_|b@WNC}KfIEM(RoJ%nji~K;QR)8UQeU= I+@)Lp1JH<>2><{9 literal 23712 zcmdSAc|4Tu+dtl}vb8J1U6L%N$ZiNl_ML2_vXwPt8(UG_5<&VWGF8{-=X(M4}e!R%nTjCKl|PFR226WbzGbUzZ|kt&{WvBuQ-Zv>(OEG z`>|*DP2BhGW2uLJ_BXkptoQ9R7gN2fVBkG4H%yJ?=t*2%*rs_GyHp4WF9s2e?Dd(- zy(L^vlldyJ%~94#Hb8B5HY&jrW0b&QT-zw8xR?&d4Z}^$HkK?c zH`Z(Gno6iW`rKRfgG~XJ!w;%_S8rf$DvA`6;%qZ(sx3)n-{NWlfFGGnh4m73+aYWh zE?qFB1&X`O$yYHH>IuyXw+7zJ+H9k|eb<)9XLW1#!_9n6{KWg2Ma1NnV1^pP(dKvr zCAVP2Z)<#%)MaGTT69KPMR{>MYU3yadgR9Z)>b&Xu$ZDq7HOri;&l$bC&g>0&cghr zzrz@LJ#=)dUi@O0B7W4-II7OvvESKhu*jq(z%e_iLC=Aq7D?dBpMc%G5O`G^XApY_pchsb(MIN14>P5obe$HZ+F5fv@C^1VwlT~z0Pt`H!6}kFNH*Y z-xQJ5VvxZqJb-z`*Bf1jlL+jmOjdr>;&{LiV#e5Cvw5UD1$^ue3O_}t@1XU{2$ zq$9Un@J9XtyV^(egex|CVQlC2yK2>a#AZH7L6ARI>K$!QoCBu)sNW0FImp?gV#&*l zOqr)~X3>e06XfO~ixRy{7;$hkq;iLLSktb1U--`wlYUu6snFl-PI;G~j5!NfPZ+|= zMLthI1LRE435KgwK6|J_T|PnwGLm}ZssP*j;=3)^&L!s?L_PBtxs<5i>6viGfAtRs z$vEdYqm=;n*w*Ev%~^<;rG$=_F~Ne8gkI^zE`MiuT}$}ecXRo6IJ8!30apU==tDtO zJYt5}>Tp&rNclbsA$F)P(9-D3d$j$C>|#m5owzSWBawBo3&MfxxlEq()?<%Xi{(=a zkdmu5sX*+p<_JXUH-=+H7PzS)CTw+59!DqgLB)%}2ud);qvUkxj!x8xAOuR~r~-_@ z^XelP`J`e=I;lRCb#kZB4a+c{S?M6?$AZ=V3v~^h{rz1^9$)xtKcCsJYCzUdrKz(! zPixWEVm-IDy+>?dz%*OQoLUacY(Hz@wK|lsns#7KnVECw3NWd@n8pl;znZv%PaX;2 zVXVg+1t81s#R^FQjnTUgOf1KaRKBvdfSKIg`9)S)%(+)I!OJ-@-uq}Bb5vMFQ6wK( zkRjCClxbLvJsxv!!bCUmolw5lbVn*r@8!$^-M60FMVxl2x{4yXqz!(D7n`GznB$th zt?~BnTbey>3@hf;9%aaf552l;G%=m6d_RQXP@Y6H-f?*Ey)JhC&g5gkDz8LcZ8FFP zSeKD0kW!2Yv5f5#`Qf^G#1!Jmi!Vyg&w=|(6-f5utjHj=gsq=Q=!9d`$ci2K&^C85gAWZ5g(kIM4|dNNn%hsWvm7aNt@YfCzf3I}X z(G4$COW`7u&`(ABYHWH=Be#kVnhymK#Ce2nJi2s6kZgfRco0X~_&&nDTfS1=<9Nso z;*@3JGEcwGW+nAYfZuBsv&FP?>#R(|l8Uw%%rxcnTcuz!`Lt1IpO7;Cdzh>yY&@Vb zi_0ITXuDhkzj=o0>Z69KMOq%)MEp3p`Xqb_@yhxh-nCLT1LEAl5$ zJ>v+NVo5e>MlM-lp`S^y1cgk+caCc5FG!h#U$`8KK206JRGN*PAeXmt-#F_kFbn|J zaYpCP@m|R!tJYTg6_=GHl)vvbRX3^bY^NCeM4ybY0IrM-4ZYvAtpUyNQ(RW~>U3T0 zmDTolOGj$H9&N5hRQN`fxm)&X8)?`0jsdR^%7{p|F8qN^qpr1@_ePS}x8luXE0bG~&J`kLC~*s@2wUF(CH{r;xDAN4!{?4OA`7=B3?M=PgL6 zLx7$U?Q3>vLuQ@Q1!wGC9T(8Q-dmbV`naGLwl>E%kaUW{bLC0Vxq; z4z<0*MPBy`)jrh+JjgX$Two>@TYL5-`%>me5$&%$ys2A7^}#TBV76;xRlyHd-}`zs z;w{%`>YZGs>z_@{M!B9I0vgldd~UB_`8g^%pX5(yFm)I@4{{-GVpTNo;}=ZO-+dhD@j&YXy&d@^=;=WB2YNZs_5J(Hpz+D^`OZ?p zDdhrboLsvqaoTCybD(Hv<(8Ysjzm~rB$p3T0sZ)bu*D{&PFUS8U%_e79h;|cxZmP< z_OPIXdVy*%!Wxt!U(u62+a+Cm8yYp%`)~Jh--U@N0@kv;4tJ;4vVFTnOl$tzM@4+j-Z5pPKfPRb`y>k z8oB#4oz!Q~#&*?*X-N#!)v;T=-=yRchkiChAy5g5)))M%0>Az7RPZ+Sx{Tfp&kk(T zQtU)IsKO)ke7;H;$0YZ64=ce4>W@xYWg|q?Iq_9`gU&tE2h8`rmFKQdwORBnpNWVcX$8$Ky^P{}cOLRzlsMIuq2oDTo$^ETW~ z%q@fv9?6?}JuYZz_sa(?4sRj!yUG{krlvxj(nu3hqh7a1`$)1G@;N&uM8)Qz2+`DX z6o^8UqDh^kbvIh0?bi)-`3>0bOnGda>e6Pi4QEc{1lCi<*hD%DJ`$(IySc{7PmX8Q zPAXw-Ur@Ei}Hk0k7w(&aJ7OK#H#2vbovMhj-#gdfX{T4oDAU zAL7*PUm4q+N6QP4$0yX}P_0nQ+cbmS>B2aU=1qi3uNGbpAuXYQVZUL=%E#U8s0YDC ziQRJh)L}59gMd3?-dQl`o>za(DKZA3R57dA@Jo&8LH$*S1f(reEkp*J7Wn zx(6|y{`N+w=8109m6k#??74)I))fQgPrNgc9yyX5aP8dX0cqkvMAto;xZ{}OsHA7A zn3{kcCSg+o54hI&A|vAxH$2i+p#J&d4QV;%9P`x0!_POphHqhdVao%)X3M&Tfz8j+ zav0`pKGVe!zIDtQsI98|eCq}}G@#wiLKN;Neh|2CAKf4ukB$=xWJ$=#3`Ja-G{<}T zjC65)i|LQK_t~2NCLD!Q>C)K#IxEk)Bfl2Y{`#J=gq9lzGl7R+MeBU?m>>=5&1_TB z+j@HO!Cfxk8_F%aU(y5?{rYw8wJK@tj>+cF@o+A3^bh6gvt6^NH$AyG>%YF_T=WsU zD%~jcAlku#4B9Cs?b`?= z*q*lqQHZeiD6XkaYYAw!RNH}rJqYU-0C9HmTbIJWOk_+5^9Blo9fPD13cZMx{w_Lu zfbXWi{tWm{0e{RW{i#d8Ct5Do>1jtMNG^nATL4s;`=JJ;0u)gwen7#C-kd~0OVoAe zuMNX2@KXDKP?_?#zpN)Y5rw9A@zj7)<-CIVk+o-F-!a7(VS?nIv^Cn&5(E1&iUcii zW0}4Y9%m>6#HUkbPubWE7G>|Sk(npWz~Np|?=SUKg3CYc zi5$jEDd1Ix=8@g{;T)p^jvgC`oTV3PX|8rveO=W7izprK6W~CtpT64c`qB#YdL471 z6_Z7|Ws_Kenxe#<4?GF-cgsVKwS5Y@c<+KMokDC4LJZHtTe;(_9oMyZ=P9?6UxEu% zl7p0Af2h+53zT?|*znm~p$i6`9P#=3Cn_YQ%rH!O@Fy%1l$?)OAKs6YA+W zeg9w6U!zDz9OOs{ne-9!7ASU;>^qvAOi&UPj)NE@{|=WaKeUDU9q363C-Qn(T=@0F zAZddm>MnwJy3iZbCm(~q2=i5k%gd1D1hKH(u567hYFy-m~1}f||u$(0lim{=bj%zjg{))zT2}($TO1DJ1e)>iM^0~d0o%)kbMj&M6E(kg6%TkDy_?iIE8vlTu zJ3NoJ2Yu7zfSuDOvmKJ&QXAgmL%(!x-~9G;){7}syyd&(00|)UhP2u5YEdW+^A|vP zY24uMsf{LTo0eOxq7&Jhqzu;YzYfJaV+sp=vnp<3y$Fn&QGevKVeKH(SU5Sa&LB)Q z8{sX$H|3kuxHY7>%Oa9Oo&cXI<$9IdI zXdeoY1Zq|`kf6LcO3s%5B$i@M@pzQ_q{rUKbl{kb)#iRe_vZ7C_-}c4=%D4P49b!b zGTe07xQ!OjwOiqFG%xe#27+9R8=a?a*g=-&ciHK(w+ zrudHrl=v@z6mDtJx8@kp^5uE_|B%fvzm zGf$_Hm_36(W0dqbn;+~Rg!R9N6aL9rFmj<9x^s=|M7`rTa;eQx=R2@cc?>%~u2J$k z2=|=3FqL9Y*GH%oI`O!Ha{mX~#C0T9uzWk(CHtd)-T<5Zl(P_1qqsVb2-~*D%x(a}s-cx{Ec^ug^SH#-+S@evtbL9nID} zL*K878NocRPz>7N%u<-s;XfVEgK9a@!agj^>Z|D)cOg+aGj-aQD*BU{e_`pJ(9n^y#8;(Q|2s#DYqwEoIvy|`(e17dmoxSAg zs~}<)a*MX&DYDSI4Cb*2R=|EbYUuYMuM+hUsen&lOYVoJRXgg ziV6Jb=~ZlR{cn8;9dpqdC@&fbFW#)ZM}MbmsHZ9aH&60S2xa_40GsL5p$(64E1u-k zZm0X21lxAv^Vz$fZ;hxA-ZIYYmAXPZKS3f5CkLq{F;_~^E%Xx4K*Q^>11CLO=uGD1 z76SPyjJArf?NRcDI?`7>(zK{n>+KN&QRZP2UZRJstvOrJ+y@>fdp*9cM4DTETHOj>x)zMM;j=@k=piyPqx3@{ z#EA$e$Vqq@4fqRa}s&$kF`&1waWXtd5Ige}!J$*9VtA2$oX| zr?ysBb#7GD1Y=C-_I5-UV_|-NT&C{3L83Z}ohj95&ZtgthP_E3f95)Jfq+sr%H-&@Ip>0R?7+)wQywulQ%muzV0mb z!$l&~&V&gO+1F38KWtr_<^pHMw0?0PBk+_a2iw)g5w!(?2cvDVG+11(4{XSe{2kL8fg~b4|03P%T@xXP{tHMFiqj-r`Xd+soLyR?}JWbvI%?I0oTTRQ?bfex~ zDsizAy$)mrY;@E`J$yw$ia1D&jcj#&-tKzwwSvItfeDhc?Sy}@_1axRkUM2ih=G13 zi01Iqfb{!AG*6of0}2QGd3G#fXVfE7yZ}D)E!3!!LoKw4h*J4>J8xP|*Fk`9ZR`l* z!VG0y+g=B=6#PJS1L0~X3%-6mP~Yi8wmq)bpjfd^Weu`_U(S?IW}ZXRLlfru3U5@Ul*O$=uYv!$@8fH(!J47 z^=XAXb%P#j_XIY110g4xu$Em}|map>X{tnGkI;V zpRljwg9UOg5Y|%!t89LwB&ctC-1X0boGp(o!Vg{`p9GcUk>8#c5h5MB$IU`=pY1$C z8}h$3i+#x=x$@F83nWS^?KE(-IT(T19PQC($3aQQlb&aJqBIpyx^vL2_Xt(yH~JV{ z!|aU+P5cm3pDrkx&lB7?grEc>XYFD9O-zJbi|Cyk@uSKZ7-7)lMnw?c8@ZuhZ(+#$ zgCrq#ZjKF~anHwFus`y09bLIV=jKU~53f$E%vFXdI&S_ zS(4FRIlUPR2FY40PL4U*NP_mr`f7kbjAmxk5c=>YP$p8+qYf+VCiWLqX37Z^*?9YE zr@v3rYQhp}kABu7^RnyG*3!-ZM-#stm3WEh*p#|mC-v*7#B!gGFn<9u&*oJw6WVS^ z6~v@@-gIr^b|`Bfk+IP~2bpA&SQ+m_1>--3`zt;A9ZF!mreq7JUt ztvV=)oh?-=Pj=Fk3rG)*t3geOFF>&|eZTxpYFj3dR0_X^wqrlgWPWVUBvalB6Ysm- ztlvKNLCQSa^=^-DK5=|aH|m63XzRa4VKXv_*;6xS`lxCbzZoIxp?o-9Ki$s7d;F*QEe%Rg4+#h`XHqX^JI@CGC@2> zI@F`@GMkzrPMv!9CE`L83K@vIFN5oVLX3-OHvG$ir{gF>xNNk0>i`%d`s#JV0zvde8) z`6Jvy|8VZ_vL0C`%lsMb&+}5#ETlgC!W;krj71D^)T;O09KM!`sCDS@!gcn!-c(Fp zeK6Ul5o+z{*~#OQ!U5x2Dndwf6T;UGKXP5t7x@aXqjK9~BAy*oNb$Gl8M%4Q+3wRt z-!@k(z1){$PovV&8{@3`@HYAzN)as@D3Ra8S#(v>;oj#e2R}c*kMH=SiYgNQMZ>(NQJLKt2MxER29A(LXFWXNSiG?VMz;H{1AH}(( zwi>~D($*u#?4N$Ew-fM%4(Ym4H@{B0SNdIMrl$|+9vYi z&-GhVFe`GdAp<6b0kYx2pjql;;NI<8C%Vg+=sVTBd_Tw8x(&L ze}t!BcYe86Ir(#ZFqBB7_z5~|`jjHl%k|##=@C;|ufOl2@PjSCY2*_fRI@7&kB#@* z)5<^kc}0xd;C1@#NBqhecyfS43+s2H zX!)E6H`7uH06ObeC+GK(6Nz9)L-0xr(Mogub`J$O1KzO?u@h}uIs)5pZY&@0&9kev zP{tsMM>h~{wop`8uAOyays%I1cLdp#dW%}9Hkax%ZueAQ$7PNU2buUqi|mWO`cC6V zC2R{<6b8`s8cRuwvw1}N(7p+wCBC{f>sN;1u3y;GM%|h4nGid=e#m)%zr_lrz3nd+1I^F$p>$jjV!`@3ZL)7#&i=H1r+a(WU>_|q z1Pc8WU>-ll-{wt|K3spUFM-=-Zlwp*K&7CSuJch9ftK|_>zPcGum`U*$ zHqCCzLb3U7s?b6rc3^cjxWFc+z?y!a%8{$LSqy2P(&sC5ONNqHq^aeDit_|#{M4K# z$9m*~EtEME-X-&U{opc((OQcfQsdQB3dT*@WVQpI4rt=yWYBpy=HX!3DRc0=7KAPK zI#tsl7&E_VrKAL)~F9_{@qBRS0-3Sc-2=epNOQkSj4Lw+3$d|zkKV$iE@lS~0 z6e1-Zjx|P=J-54g<`!fYAKWK|s zwPs8DL{D#CbZ*O_^5{qHCBw=P8zMSCJV=1yK|=XDla;j%uI_Q^&V!{4;eh}|(OsI5 z=ZVsr`ym3re?h=^zVf+JYF62^1=`D~i|-zWt$+VuYT0XW!GXi5psPCLboKQsdKxuB&c zasfe?thd&R?JQ~0q`__@VL#k``nU&c-FR0@PWdAxicGeAU^WAnYVPAfIVdIHXNg}x zj)UbJiv{o~pue3`BbaGgf3b+O%Bd(I!Fl_yCwmLd_VfY#jlIC*FED>5as(hrFXAjh zEwlD=tBNsGy@h7RssWdw#P=)6xc;#u1mcx{T{$wYL))a)xnKwVez$Au9~!CwtIu52 zgAi7R+Mm#=q)++K0hphyZ(BKLvGEvMDDBklV%O_XR_?`}D<}z5V8Ur-olWeE^XO+5 zqp8HXj60aPG)oh+>MqA$=Xg;P0)X|y@{Q(Zu*~dG>RSR-<%Z*f%lNP8OAUVJi2Dd{ zArDu%PkWcQ9gn_HV9dI^L71l0=pG|y=RsNCc%t?lxGkkUbJumW%Y=jm&$RWygNj?9 z+PyhV*MF{12Wu?AXHWPDH_Op1|ZPTSMy8Pn|GXvMC=~?_VJ#*#o%9lD&E)i9eq78f< z{#<09?xLB1c>4@IPLD7@c8RDoQHPn1Q%7p|y$67adeM?|jC-RuE-En4-tik5nRXIa zlEJWLB4rdF8EDJ6CvX50OmpCItasBXf;zj2ns72jjaf95LxU&{>OJuacvwCg)5~(H zp^K=d&@RyTWg>-c^0q!$R3N@h@C#6uyH`I5?x%Eg55vyLm)vOHQr_I(BF#cgOpqVp z_T=WWhaOgw#@w(s!u>)fX7BICf%{gIk1{`8Q3H>D4g2k?1F%v&LKIG!iU7+Gw$Dx+ zt|jN4t+G%O&wXyUG=D)P*mag7?2~Ycz|k`tWQ`KUPDz6W5p1eZ+0xIBEU4JSXY~(? zn+I2H#UVf$jU1VcrF<>r^?*?~j?<+0L%`KcxR$<)KVMzi`auoE zssF0Gq8~Fs6wGN5$1Ti6^od_D+OI-zNe_^=kLc=P#YWhV~85OXvg95sTR) zZM*T^lHSVbF{+9GjkNU2gHW~<)$9A_rrE)Hr(b)oa=#NLJ;-6sEW%k*z4yU3Se$xJsdi(veY_-I$ zPmc@pN)|M6Y@r{iW+~IcQg&rZ>cYg;g51@VfDQaeqz-JDC)*h1!73(F7CKXXIEwuN z{#S98MU9)|F5z`gq{Qv6zH!G-d&AttVe+f*Cxj!sralo0h}m!*};ypQkJADIofxK&L5K zX$8n|uOvGQ9%kUlR+(kJ$=sbcaOTYbQU6A9FYf6EspfQ`b18!N(Bry4+v>TTIV%li zTmKm=aIK!b;}$4sMF%A~k%QSQ>y5W4I?$0>IG7ty!e>;1e(hRIcwowNUcdT(G0%o4s?}}v%rR6Q$0|@emp(ix&z*vRr zj`&i*x}gaY@2|&TEk(y8@Ri`b*Cf)7po7oiA2T=&lFP#xm+3|%oQ@d2?ynFn;d6Wj zvL_M~dbO=qeKG2l$3q{UD#XT2kL#t|ZwN;khMU-vd~(`|bKfr9ndYyF0MuqKMQ?xO zV&_FKy_?s1Ob8EbycDIgTYjEA;>3kjXowC{PAYYu7KtwCXcj?1T7 zl9dZGR>Aoz0?|2ZS-Y!ePkx;%G$dy%l>v7Y_1~I_+OI?%uVC0*I6E)%HNvN{?}zJ? zR~)jszZ}A3@++YX9V_7G1sC>~XW*&4j}a(97Mr|Pxb)j?;O(ZW68?KfsD9^j1J}LP zob(pYY?|c9Zy>gr*vl|>pPwX?tK8NHtu_&ArE9hDwsIM0cM|l0WkKUIebWW^O0aqf z0grrKxRKHoE0RLwNJPv_Np>eTDRfX?N46~MLrV-_=@Dhxeyg9>!Xe`~`KGx4xAAth zFY8!W7NSwyZIm7B!do?8uUavkPOwtv84Ho?=iX{Ep;f@jK?t!Be!&kUg1`@W8U?W- zgxbAZ-+m{c{cBy@qz&N1+LIa3UE!yD$C1s$I4?Q|PeQExpYiiw@tyn*VVuNl^5R8{ zdQWE>RNO+R>W%UAY3u&80&ETBgW!_zqngz83vSbayocQX4r-gaWtl(~nk&~(8_qIs zl^;CL1c%PpqlhoI84M^VyB}NqWZ?>pn-yrxf#WK_ua}rR^8aFf5>dgh0i`~KwaK%! zd;H%XiHKDA^06G3tt-$;tmc>;!S_(E**>8K8grjqwa1{?{2zW-r^O9_Ng4n;@@5 zCPRBIu|X)>(hLC05wyMPU}61C%;6|R%TdCY>?NDdTKKMR?&`0;Z3dOGj|D6Hvm-Wb zp2+ZkTZVT9tKNKNpAHttPtIle ze$m9r|Gww^etPh+Xv6E8xpfg^=cgZ773s~3eKq77)2j09ad|mSU!Xa1lRFyv_uyu1o>Kv zbgHiPnu7$ct^nIR{QNg|Av}K8cd(hBPGv0?M3>kYABQ$F6aj0AZh-Rnv0{-bupzM8 zVWL>gN&6z*rtrn++{d?45Y({){$R+AN)QE-?zuM6=9!(D>B|B-kz`}MPT`Ls*8%Tf z6E@s=K>AHPu{weyyJV&C+cU`ud=YY?IBE_&D&09q*?Z%`{9Gp6cCu6@D&Rr~#b>*m zMSHlhgR5G^-oN^nnj#Ci>Z1uEc-IPT-Mj62f#axl{$GPDqLbKOLW zD4D4_`|Yz-KC<5hm!dM)IwmK(SK-iP1={=0fnO|=DJOmv5Yx|r| zKW3p@QvpeI^G37$soq7t-d6;Q=c*}H5->2oxE7+{8P__(HAvJ?0=O(WDj=sp>eIt5 zO00uadQ`%0iH7$94 zqkcW$$#f_&{N53y#$%@2rPUU{y2xljNEJV_JL9%>^uM;RkqNS zIZPqx*G!r851S9(-lyc=%|5&jgE~+RIZ$_8(g@*t3s`9??Vq*A3_QYlP6UT0JinO; ze^Us(&(jn?RCyIHcn>$jB*C`gwt-oEnZn7r+y`|*yMazvRiQegW@1{{Jl`7s3W};? zn)Fx3;WU`7Mcl}>7PfpzSBdbB+^%(^?jqmItO=1mDIKZ-->x_odFUcs=K zzcY?{r}U|>Wb4;NRlWoKfl*5KxcK8@_XbPYeb@az^4uxYBJuf+0qtJuTl(bnS@uK( zA=ao-yS4?H=G3E(sq>j7XEX4#q-5O^pjEbql5bI&2{V<*IP&!@Msaa%i!$$eqv^gr zCqgEXauI6$93$bgP~KUhIv)ZMcee)Xd?*YFa`l=c)A`e0oS2nrhPi6Za|J6?<>q)B z(V_L9VyTQu9Jvn)gqkwNiaucw&Cz)(u&Sv|MDy$LXXCbbuoV6FG0Pr5Ue+jIY!4oe zFu7WrDj}~s9%8jPP(h-Yw14CRoZlb{H=UQfiiAv)@5Ii;8;xutzPylvi)n;&IOWyz z0B@Fx^e~-f&q}W6@-^koa(Jqn{`|=-v2@jWa>+f~;~BKm#u=osNz+c=+}!rV?e>>M z0^9j~(GOqUjeT%J=hNAm@JiP~bXADi@FqH5(>OoD`?tcwuiUQle!aHNLhbeQxn&iB ze8t<@d6=}R32l1|f%4$ahv65ot@TRi*x;=^1I-(zk}BCFKh+HrwH};3hM4CWCJJvG%Au<-s+~j zY=_*7J5)8;#&UXEAX(QX(^@#on7by%f9}md*kYm}A(M2Du%xOl_w>!50|L9a2lg0+ zfG%(WT^`;dGV=YbyU%>>pZm$l$YpT>C@)-3>q64u^5Z3Ci2BTK`&SDyZYT@$iRU+= zyDE51f?2MOdLC9D*{;Rs+mN<;#BT6454UX1*Wl*m7{_e-LjmN;2$Bt8xo*-C$%1g) zYsrXC02~xV&zgPjp=8grH9gf#362PV)GB&z{H}YSpL#}Nt1$maZu7{PUaVcSax#nZ zq;-vS!((STPK}Iu8RW}}Z_ucFb!jp#ey+64T#jCOxi#aq+E=o=C!zM^Klbzl(`LlM3*m zc?GupX(Uza_R51faPncVp(&Zw4=YFPpQpHHBN%6cBHH!Yu9I%|NQtjpEF=TcDmmb6 zvC5d$CxUnq>&VW;ru;go9032D?y!=@>bIaCQcXM>>lh-#U6bSf=*jpQ#&)wzu^S}` zduBl%F5E=4Te$-l}@@%ahkXNP~9 zwZW2Cfy=;~XyZHy7fg_#P|n0jSbuzX?09!$kdoqr=k)oSXd1 z!arc$>oD1WXHCCus9I_L*_H!jB_!pAL_sV(yb-UXmz!TnRD=TqbG9TU;h}&af{|_@}zA zaMR;ft0^|_NS~XDM?6>SVhqRMMk)=khq4_l`o8iwDis_Bi5JD@bt{4N-pLT}_qjAP zn2RI9vYG5E0t9gmuv$;5($~HKj@b@+3(x*?M)Je<BOyb>I8>7Cp583 zRdzlZU&mead<9BRJ3a`1UkBe~c1uehAlv11TG9OOg0yDd;E(_0#ven@ zhNo~A{88A=yNnQwKbl|V83@Ejm3G)GcQ%oH4~Id^z0%WanFyeZs{^_5YU6Bv!QTwY zXCH@Pw#qn1@im^)J=@|*B~QuTr&XKQ@_32a;{^sT#qJ|bq}2!o2n{!~iHyD1#wEr= zu!EiAxfC(jSwvcG5bF?O5}W4$iP4@i5?Z}%n0 zUWQ;o+~9cH&?@Pz=~-ZUtu9#sw5`iP5}t`JP=?_EqN4!U zH_x$566@AKcgh1OK9KtVJHP)wjDzk7XvYc3emmcUvGZND(SVuNXL&04_Ayaozp3NU zX#UFcf7MUnb$V{H)%A`}TM@I+q7>=l$2RNOEZ_P{_v4g--ntKr`ThYV+K|g*L3?>V z*V*y#eqKG0#xl0EETc3pbz{JLMaf-CJ6>-If;a8RYK7 zYBSWc#n0C{rZo6fNX~AsiMkw{=2((X*geyIQO1xt8TJZFC?&CRR z3h7RHoIHu|e4N2vmxV*%&nVwx?Mabj;9#qdw-ah?c6cI<%SJ^3Rqj=!)z_fTZAGeyRZIA90HF(|CSIG?3WXJ-Xjo@?8$zUOU) zCY}&(#PufCSHqX%_bZ*}F}Al&3!iOeXmV6k2#1i-@G|z&l|3v)!-bKnlbn`phrZam z!2Jn~gXl_{Oj`Lj=M*nSa-qjLXaT&&YT-+L=6Guio2IVsDx&#H6=l zc>Hg18>Ai5A!&@lF6h*<5?3Kz;idM!!QnA_KzR~eS_I4F>a%Swkbb;!2}}P^Z9tD7 zu@CT|O!X6IBtNzk!bwObr>4zW{ye~bb%LgC}BM(0S#PfzKyPM&2KO0Q7L_uo;EzCgJ<$Yu3Q0C(Sj^)Roa(<#L zyPIpTHQ@hnIIujYD?-&-7O%+_6Cuy}wndO%D_Y5fYQ%i@ZLAzE9}TUV7sEWoaH%CG z>`s{!uYzU#687O`17VMc?kyLdaxkCOa>23ir{-_H!DM;3-(SV@Q(K0Oeg{L|yMishX@Qzp6a@4SUF(bZMWwFvLQV5L_5O zXJV-=-tiUFp)}CS8D=5?F{p#l-{rONNFZ&X$06Ax9WGq7UKhgrGe)VJ%_sQmBWT9N z_=Q+Z$+Vpy&?_A1kxI4+oT*$YH^rZI;pM+tWfu`XE1hMA-`7HpIi6R)iC8F9hFT?b zQT!*s-jGZgbrjH5dVd>(3 z`5>F~4-QI=B}8>3^6azI3ZRo~zOL`Ge#Q{&*lqJK0(B2$;B-M<>h&_+kGqHlL3957 z|0d2lO;1}~2HgYD3eo3euf+xoq)!;Q;Vz{h<)u~812pjEAj?9i{%607Pc?S&es1a? zM)f}9S4wT((Y!kT%lcfv?Aqh;oCJT5JtbL=`ZJ#DVXWOE&#U`Px&&u^RBoCsoqgEn zCveg0|FkXgx_-HemxYixX)&xEs3W} zU*W3B>?|x2h2UA4U(}=p;tiwn*91gyzmb;GZ(kKr@z2wR_$y57uOd)q$@f;LlElw$ zn?8fNN7pmX$Y$O0c8I(Pw_7?XW@xcaADqVuVr1ioCjuY1*0AOhxRbzE*KN>dt$rA> zf|xZ9pexO<>mHT8H9BG(ext_Im#CAGe+b1vV4>Dxh~~9m)zwtaQk>=Q-9}G+@o+b> ztB(5;E_UI+aTFW{GcW{PJ9$!|=Ty1n`efs>CRz>>m*i|V?yrMRP9Ngy;$> z6E6*u59=7Qohw}WgALM2E(yN)F**MxA>r!D1aCg~#W-$ASVoRFgd&(F<}OFEE(MbH zFy)6Xp4LYedHCM&xi9No`9em$=<^|eXLUo!DzFbj2FqJc)?|56VXh<$WT!6vK#+KD z*hdIgUabT(Ih+B60_U`U_Oir}Bs43$`KP{&F7$|aJ8k!uWUw|>&1S@M?*9~o;jRKZ zThsDs&GQo!Ox?;7I8UedBRiC})E~j4o2xxq1cthm*@NKP+AjPL8HPP2aM;6JFTfbg zAPhO8a2xGo&=`wU@W(M?bqk)LxUBMGGZe0y`iX010mtM z`>dkj2=#!{Wa#Z1Zh^AN5h}uaA{0UP@X$NvWi;;|COQNWGD%B2mL7GT0mk|re(d}a zJMu(NR$jc=tjblk<+VL&f19?hQ_4jNmZuT15jR05R+X<{C%`c}1@|CM~wY#x2Ck1?iz1NKy8h5qOcFE_8C z#rUhuD^FQ+v3Lg6;iLj&#FKZ5>mjXA{h;v_cKFt9TK$(U%_lxjf07V#9gy}C9L(sw zQdS&DTxpPO_Vrxc#=mdh@%?^D3aeCXzC z9lrg-{9~?a)H-8r9^4Jf@*BI}T{3TzD#n1|Z@zNkoOhwbefJDCXd#_3wn9F>EhTV_ zE92Z(JSiXOU*Az+K)h5KyGQ48FD?99s^BnfVx|^@HN`)(mvU)8wF)3!7;3n6<}9R^ zdoY9*fRoB#V4_hPSmPn9ibS(@FeI-|)n~W;%n4XZ6>J`^e)*tH3B)|1CTF@>7A$G)MGn$^ReFVH;r9jmAKcy9#dGl7u!NwwM1TA{_q`3s; zy?*NB^rGbaXa29yM#={UT*bxObt2c-b3uD);bWB#uv>n(w&P!ZT5RKUE-Q$yupK{1qpO0ud--Qh?iJYy>p&+UL?yQ;titZ`_y$^9M*4w&Dg>(e zBm}S0OU6*X3m3Y-{1PF6v65|WEZ#m;uBOO%y+OrzFK`q5&=-G(A8>nQjHm`etwPkn zT@-e%9T05~ZZ1ojZuE|bq^!Hlso!i$abaQ+8feaFXw^>8%k%fPBAI%#ZK(LdBi+(#%5i3W&hksOo z@2iu3rT~X2va~#IU969t&M%T0L5|c=&~T3h_sy1tafOWVW+18wTsssN{#SbEA*i$J zU6gEYrp)jP1|u|l5Bf`EaxF0l1J^HR`P}N)9ZZY?xz-C2vbks$RVwfJK;Cz?z7DtB z74c!TVkT@ljMJU~d${rINjcW^9iAOXa`<9q;s8qeAtLV5DiFiSHrm*Z!0R4+a;nxZ z)EqxCT8~n#sfBmi9|37{kl--vm0ag;qoBI)uD3(Msz3hW=ZlzcNnHtq(P%`24@McU z?wd;w6*)5D&%ElA)U~uTCtDv5i#A;Yb?)1DPfjta9j`dPe^7K}WfZ{IJ??B?FwFBR zUUh_g#NaJJ`rHZIfNTwjqlYj2i?a#3#-(ckvQxpo;pM;OZ2#9m7%hq5yR)^PIH!e# z`A+R6+|p#X{!Ys?2h-&4fMk6x?e=7B4us3Uo}2tNcL%3Ixw5pm&_IywkaIBzDR}8e zBZYV)NUucP`PJp;Hfr5aFhzb(Kl7N8(fm$0Rp~_}hqJmh3Ac6>nt!xTHNHv7W z@}QtdEdsJe1Rf$GKmY@TNFf4qUsA?7ZRgB6^UwVI^78II_xHWO?Q_qa8px;oU6~bo z<}%LZn(3->y^s4V^(x)D=ZR%u{r(`(TPBs#Jt6Ype6On&zX=22;~J#QdmD|ox3ec= zPp4a%`sHyv>?IJg)!e%Vig4ar6$6$8IevOkwa1v3sm; zLl>+Yo1b%q4ioOz+N)B>6CBc&qO1^x&2bvK^>D>mkYb=Ib6};bu~@82aVU91rStW} zuoA5BqCn8)2-41sO0IA>j)>_V)0*!vpiorJ+FbJRZmc^DwU> zUPF@3}!tK~G{cCLaz@%?*WN_d!_`ys8D@#XNTojP6*iEi!qR2oB9J*;) zaC}=mav0%^2sIxUPtw5YQFkGHNz&&fcZp~skV{oAlQD2W>TPh@qf4E3-3R%anFAC^ zIlKK9f%|qNcTaR`qgVXy{*5|rrAe2J=SE#J%QWauEB#`AJrVo;$rE@s>Z^)hyjJU= zdQwHf)+O~=-(fa@5vS_)=h|H+2x^@^2_>t5IS=LkQK+3JZGUp2ixwI$it;ZTwIqLp z-f>sdP%6*ME9WPaFsX=uqPHLED^?lfAiV|wmPol%(s8HDSSZ{LcF#^<^T3-vY& zfsHC=ClUqCBzBI~G>E?Z?2e4F#vp|3>+>dKDM;Ph+)Gw>bv^w#ErE1aG+EVzF23eD zwFgK7f@`YZb`6eeXm_>13jvBt%&wpx2(#xsXInR~ZHtuDua!hXTChw)2teU*tE1qaF{>sEaMea;pxjrJdtPU3M<6n8-RpEul zg9Qw&8%;(gRb0W!enc*&wh%!tFcN3wZ|Y7MyEa#3vFw_yCG|~@?tY_~oLBd}H!KR> zvi`~Shp}oa9ZSQ8YH+lcpem*%0psy=#)@Y~S?QPVB3}b7&iED4-4k=k_g^{whb-;UEg?uTB6M) zRX{E9N*C!npg=S>64*m4KHD3nb!4T=zmqQJ{d_o12cP#ps*21}ZPP>8qQLY7%t3+&{RymdKcu-Nefz`_se)4rwF!{I6bWLHGAjNVG z?`veGQgW8}Il8~BfG9ogp zY)FNI$ho3VxC1!iGR#9?IM^qQ?LZ$O-z7Kva?iT)HCxL$^T=RC1su`FA;0%co_{EX z{{3oXct7!znx+2Y!JaBuF%tDDT<$XK+;Dl$FVc>?p;za0?@qsx0Yb>gRV$+gbQlzW z-REp&4>V0735M&2gfC{?pn&&7ZhBn!8_H8vZweDCC&M1BpkCN!ws_$V9$u5PPT$=A+;=Q=SkVY||EZPs* zp*wmGLQ6Y;E5UDlk<6HlS~_HfG*kM4^2s5K3V$Kw}x*urVzKoFDX$hUIqH8S-gF{`MHVI><(}T1*Bl) z4z9V6z-7XTkWd#`iVh0PhTSHdUCbLy`$62=gUp8(3aY|b^^%5Cvwmg?DeuII5z{`M zyi8|l{9PgjNh4A`kS1=&+V1b=hMU6Egy2@s#pY@XW)`hXBSf7Qqw@X1B&dB!wp6x{ zOt4w353>aOnFzUEk8<@+so-uXBo=!*;~%MoZ20!U+`O G{%zIZ5nOpx>nH90Qou zGLq7w_`{K#0)zqNAQa##V;|I0kV%i3X-e1!S?0mr-M6@1aCZ3IP)dKejJ1K|jNc#4 z_~HvdZL?LU68?kvN^GI=6pID6P6glI8QCR;msgXax_Y zf_-R*GDLpqx&M2$%IDhpW38iJYXFlvDPyi?^QrJ=HTbzd zJjUN~)pTd-2djw5*KnvU7=DZV#$|zK%gS^R-#3lzNFq8}Wy2;%=~GmjRL8W^rVup8 z{k)4zQyrDHm0c<}$kNp{e)ME-p}3so6SXa%W8;Aow$w&1fHgMi%-u_xO+JP%5FUd# z9oLvs@RmZsPe1B=EeaohUFs8~o%2j0tP3taRTwjM;eE4MA5z;TG-_Mfyl0Dx{NlG> za^$~)FO~)xvR>ygJ|)!E;78^VIUq-9-D+9$Z;g z`w!}5qI&YEM80~R#FhaVz;Ta5w$M5=-P7PA!Pr>_VOKPx@;3Roi|et*nWp>T2ygB% zJO9SE=+(*YlkCV{ha;~te4OwBStY%h{*L|jW4UnR*mn[BitLocker CSP](bitlocker-csp.md)

    Updated the description for AllowWarningForOtherDiskEncryption to describe changes added in Windows 10, next major update.

    + +[Defender CSP](defender-csp.md) +

    Added new node (OfflineScan) in Windows 10, next major update.

    + From 87019adff190139268d466f9129f8e063b7c80c7 Mon Sep 17 00:00:00 2001 From: "Andrea Bichsel (Aquent LLC)" Date: Wed, 31 Jan 2018 14:54:33 -0800 Subject: [PATCH 057/109] Fixed XML. --- ...bleshoot-exploit-protection-mitigations.md | 217 ++++++++++++++++++ 1 file changed, 217 insertions(+) create mode 100644 windows/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations.md diff --git a/windows/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations.md b/windows/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations.md new file mode 100644 index 0000000000..0435dc738a --- /dev/null +++ b/windows/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations.md @@ -0,0 +1,217 @@ +--- +title: Deploy Exploit protection mitigations across your organization +keywords: Exploit protection, mitigations, troubleshoot, import, export, configure, emet, convert, conversion, deploy, install +description: Remove unwanted Exploit protection mitigations. +search.product: eADQiWindows 10XVcnh +ms.pagetype: security +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +ms.pagetype: security +localizationpriority: medium +author: andreabichsel +ms.author: v-anbic +ms.date: 01/31/18 +--- + + + +# Troubleshoot Exploit protection mitigations + + +**Applies to:** + +- Windows 10, version 1709 + + + +**Audience** + +- Enterprise security administrators + + +**Manageability available with** + +- Windows Defender Security Center app +- PowerShell + + +When you create a set of Exploit protection mitigations (known as a configuration), you might find that the configuration export and import process does not remove all unwanted mitigations. + +You can manually remove unwanted mitigations in Windows Defender Security Center, or you can use the following process to remove all mitigations and then import a baseline configuration file instead. + +1. Remove all process mitigations with this PowerShell script: + + ```PowerShell + # Check if Admin-Privileges are available + function Test-IsAdmin { + ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator") + } + + # Delete ExploitGuard ProcessMitigations for a given key in the registry. If no other settings exist under the specified key, + # the key is deleted as well + function Remove-ProcessMitigations([Object] $Key, [string] $Name) { + Try { + if ($Key.GetValue("MitigationOptions")) { + Write-Host "Removing MitigationOptions for: " $Name + Remove-ItemProperty -Path $Key.PSPath -Name "MitigationOptions" -ErrorAction Stop; + } + if ($Key.GetValue("MitigationAuditOptions")) { + Write-Host "Removing MitigationAuditOptions for: " $Name + Remove-ItemProperty -Path $Key.PSPath -Name "MitigationAuditOptions" -ErrorAction Stop; + } + + # Remove the FilterFullPath value if there is nothing else + if (($Key.SubKeyCount -eq 0) -and ($Key.ValueCount -eq 1) -and ($Key.GetValue("FilterFullPath"))) { + Remove-ItemProperty -Path $Key.PSPath -Name "FilterFullPath" -ErrorAction Stop; + } + + # If the key is empty now, delete it + if (($Key.SubKeyCount -eq 0) -and ($Key.ValueCount -eq 0)) { + Write-Host "Removing empty Entry: " $Name + Remove-Item -Path $Key.PSPath -ErrorAction Stop + } + } + Catch { + Write-Host "ERROR:" $_.Exception.Message "- at ($MitigationItemName)" + } + } + + # Delete all ExploitGuard ProcessMitigations + function Remove-All-ProcessMitigations { + if (!(Test-IsAdmin)) { + throw "ERROR: No Administrator-Privileges detected!"; return + } + + Get-ChildItem -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" | ForEach-Object { + $MitigationItem = $_; + $MitigationItemName = $MitigationItem.PSChildName + + Try { + Remove-ProcessMitigations $MitigationItem $MitigationItemName + + # "UseFilter" indicate full path filters may be present + if ($MitigationItem.GetValue("UseFilter")) { + Get-ChildItem -Path $MitigationItem.PSPath | ForEach-Object { + $FullPathItem = $_ + if ($FullPathItem.GetValue("FilterFullPath")) { + $Name = $MitigationItemName + "-" + $FullPathItem.GetValue("FilterFullPath") + Write-Host "Removing FullPathEntry: " $Name + Remove-ProcessMitigations $FullPathItem $Name + } + + # If there are no subkeys now, we can delete the "UseFilter" value + if ($MitigationItem.SubKeyCount -eq 0) { + Remove-ItemProperty -Path $MitigationItem.PSPath -Name "UseFilter" -ErrorAction Stop + } + } + } + if (($MitigationItem.SubKeyCount -eq 0) -and ($MitigationItem.ValueCount -eq 0)) { + Write-Host "Removing empty Entry: " $MitigationItemName + Remove-Item -Path $MitigationItem.PSPath -ErrorAction Stop + } + } + Catch { + Write-Host "ERROR:" $_.Exception.Message "- at ($MitigationItemName)" + } + } + } + + # Delete all ExploitGuard System-wide Mitigations + function Remove-All-SystemMitigations { + + if (!(Test-IsAdmin)) { + throw "ERROR: No Administrator-Privileges detected!"; return + } + + $Kernel = Get-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\kernel" + + Try { + if ($Kernel.GetValue("MitigationOptions")) + { Write-Host "Removing System MitigationOptions" + Remove-ItemProperty -Path $Kernel.PSPath -Name "MitigationOptions" -ErrorAction Stop; + } + if ($Kernel.GetValue("MitigationAuditOptions")) + { Write-Host "Removing System MitigationAuditOptions" + Remove-ItemProperty -Path $Kernel.PSPath -Name "MitigationAuditOptions" -ErrorAction Stop; + } + } Catch { + Write-Host "ERROR:" $_.Exception.Message "- System" + } + } + + Remove-All-ProcessMitigations + Remove-All-SystemMitigations + ``` + +2. Create and import an XML configuration file with the following default mitigations, as described in Import, export, and deploy Exploit Protection configurations: + + ```XML + + - + + - + + + - + + + - + + + - + + + - + + + - + + + - + + + - + + + - + + + - + + + - + + + - + + + + + + - + + + + - + + + + + + - + + + + ``` + +If you haven’t already, it is a good idea to download and use the [Windows Security Baselines](windows-security-baselines.md) to complete your Exploit protection customization. + +## Related topics + +- [Protect devices from exploits with Windows Defender Exploit Guard](exploit-protection-exploit-guard.md) +- [Comparison with Enhanced Mitigation Experience Toolkit](emet-exploit-protection-exploit-guard.md) +- [Evaluate Exploit protection](evaluate-exploit-protection.md) +- [Enable Exploit protection](enable-exploit-protection.md) +- [Configure and audit Exploit protection mitigations](customize-exploit-protection.md) +- [Import, export, and deploy Exploit protection configurations](import-export-exploit-protection-emet-xml.md) From 81b365fea65764568c4b0b473fcb994f49fca36e Mon Sep 17 00:00:00 2001 From: "Andrea Bichsel (Aquent LLC)" Date: Wed, 31 Jan 2018 14:55:46 -0800 Subject: [PATCH 058/109] Fixed bad link. --- .../troubleshoot-exploit-protection-mitigations.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations.md b/windows/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations.md index 0435dc738a..549d76f11a 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations.md +++ b/windows/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations.md @@ -205,7 +205,7 @@ You can manually remove unwanted mitigations in Windows Defender Security Center ``` -If you haven’t already, it is a good idea to download and use the [Windows Security Baselines](windows-security-baselines.md) to complete your Exploit protection customization. +If you haven’t already, it is a good idea to download and use the [Windows Security Baselines](https://docs.microsoft.com/en-us/windows/device-security/windows-security-baselines) to complete your Exploit protection customization. ## Related topics From 6d85dc32df72789ae8555df426744b70b3682925 Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Wed, 31 Jan 2018 23:34:59 +0000 Subject: [PATCH 059/109] Merged PR 5631: adding redirect adding redirect --- .openpublishing.redirection.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 395247be86..aaf6b0a337 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -51,6 +51,11 @@ "redirect_document_id": true }, { +"source_path": "windows/configuration/configure-windows-telemetry-in-your-organization.md", +"redirect_url": "/windows/configuration/configure-windows-diagnostic-data-in-your-organization", +"redirect_document_id": true +}, +{ "source_path": "windows/configuration/EventName.md", "redirect_url": "/windows/configuration/enhanced-telemetry-windows-analytics-events-and-fields", "redirect_document_id": true From 242bc46edd996e0f43366ee6d78b32a6967f47ea Mon Sep 17 00:00:00 2001 From: "Andrea Bichsel (Aquent LLC)" Date: Wed, 31 Jan 2018 15:37:35 -0800 Subject: [PATCH 060/109] Tried reformatting xml. --- .../troubleshoot-exploit-protection-mitigations.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/windows/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations.md b/windows/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations.md index 549d76f11a..e95d263b12 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations.md +++ b/windows/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations.md @@ -146,8 +146,7 @@ You can manually remove unwanted mitigations in Windows Defender Security Center 2. Create and import an XML configuration file with the following default mitigations, as described in Import, export, and deploy Exploit Protection configurations: - ```XML - + - - @@ -203,9 +202,8 @@ You can manually remove unwanted mitigations in Windows Defender Security Center - ``` - -If you haven’t already, it is a good idea to download and use the [Windows Security Baselines](https://docs.microsoft.com/en-us/windows/device-security/windows-security-baselines) to complete your Exploit protection customization. + +If you haven’t already, it's a good idea to download and use the [Windows Security Baselines](https://docs.microsoft.com/en-us/windows/device-security/windows-security-baselines) to complete your Exploit protection customization. ## Related topics From 203ec9597bddf5558d77a3e826e3b4b0861632c0 Mon Sep 17 00:00:00 2001 From: "Andrea Bichsel (Aquent LLC)" Date: Wed, 31 Jan 2018 15:49:47 -0800 Subject: [PATCH 061/109] Tried reformatting xml again. --- .../troubleshoot-exploit-protection-mitigations.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations.md b/windows/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations.md index e95d263b12..ee23324d0b 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations.md +++ b/windows/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations.md @@ -146,6 +146,7 @@ You can manually remove unwanted mitigations in Windows Defender Security Center 2. Create and import an XML configuration file with the following default mitigations, as described in Import, export, and deploy Exploit Protection configurations: + ```xml - @@ -202,7 +203,8 @@ You can manually remove unwanted mitigations in Windows Defender Security Center - + ``` + If you haven’t already, it's a good idea to download and use the [Windows Security Baselines](https://docs.microsoft.com/en-us/windows/device-security/windows-security-baselines) to complete your Exploit protection customization. ## Related topics From f21342fbee7cd23363d02e058c1abee05147082b Mon Sep 17 00:00:00 2001 From: "Andrea Bichsel (Aquent LLC)" Date: Wed, 31 Jan 2018 15:58:38 -0800 Subject: [PATCH 062/109] Removed dashes from xml. --- ...bleshoot-exploit-protection-mitigations.md | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/windows/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations.md b/windows/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations.md index ee23324d0b..eb71a22518 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations.md +++ b/windows/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations.md @@ -148,58 +148,58 @@ You can manually remove unwanted mitigations in Windows Defender Security Center ```xml - - + - - + - - + - - + - - + - - + - - + - - + - - + - - + - - + - - + - - + - - + - - + - - + From 8b2d3858d8031c7d311d4de28d29ab5ae73a7f65 Mon Sep 17 00:00:00 2001 From: "Andrea Bichsel (Aquent LLC)" Date: Wed, 31 Jan 2018 16:12:43 -0800 Subject: [PATCH 063/109] Added new topic to TOC (Troubleshoot Exploit protection mitigations) --- windows/threat-protection/TOC.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/threat-protection/TOC.md b/windows/threat-protection/TOC.md index 42ede7cb70..58317c1029 100644 --- a/windows/threat-protection/TOC.md +++ b/windows/threat-protection/TOC.md @@ -254,6 +254,7 @@ #### [Enable Exploit protection](windows-defender-exploit-guard\enable-exploit-protection.md) #### [Customize Exploit protection](windows-defender-exploit-guard\customize-exploit-protection.md) ##### [Import, export, and deploy Exploit protection configurations](windows-defender-exploit-guard\import-export-exploit-protection-emet-xml.md) +#### [Troubleshoot Exploit protection mitigations](windows-defender-exploit-guard\troubleshoot-exploit-protection-mitigations.md) ### [Attack surface reduction](windows-defender-exploit-guard\attack-surface-reduction-exploit-guard.md) #### [Evaluate Attack surface reduction](windows-defender-exploit-guard\evaluate-attack-surface-reduction.md) #### [Enable Attack surface reduction](windows-defender-exploit-guard\enable-attack-surface-reduction.md) From af7480eaa7fa6791b1689519d831464855cf939e Mon Sep 17 00:00:00 2001 From: Maira Wenzel Date: Wed, 31 Jan 2018 16:53:36 -0800 Subject: [PATCH 064/109] fix typo --- .../whats-new-microsoft-store-business-education.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/store-for-business/whats-new-microsoft-store-business-education.md b/store-for-business/whats-new-microsoft-store-business-education.md index 38af4a8e01..80d4cc6d6c 100644 --- a/store-for-business/whats-new-microsoft-store-business-education.md +++ b/store-for-business/whats-new-microsoft-store-business-education.md @@ -11,7 +11,7 @@ ms.date: 1/8/2018 # What's new in Microsoft Store for Business and Education -Microsoft Store for Business and Education regularly releases new and improved feaures. +Microsoft Store for Business and Education regularly releases new and improved features. ## Latest updates for Store for Business and Education From 651904ea5f776b9cf522882e81694ea9c857c921 Mon Sep 17 00:00:00 2001 From: chintanpatel Date: Wed, 31 Jan 2018 18:34:45 -0800 Subject: [PATCH 065/109] Update windowsdefenderapplicationguard-csp.md --- .../mdm/windowsdefenderapplicationguard-csp.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md index 47b499d041..6b6afaec07 100644 --- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md +++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md @@ -83,6 +83,9 @@ The following diagram shows the WindowsDefenderApplicationGuard configuration se **InstallWindowsDefenderApplicationGuard**

    Initiates remote installation of Application Guard feature. Supported operations are Get and Execute.

    +- Install - Will initiate feature install +- Uninstall - Will initiate feature uninstall + **Audit**

    Interior node. Supported operation is Get

    From 7ea9974dc1c210b1b5686f782c5af1e663430aa9 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Thu, 1 Feb 2018 14:30:33 +0000 Subject: [PATCH 066/109] Merged PR 5640: Add instructions to disable auto sign-in for kiosk --- .../change-history-for-configure-windows-10.md | 4 +++- windows/configuration/images/auto-signin.png | Bin 0 -> 13645 bytes .../lock-down-windows-10-to-specific-apps.md | 3 ++- ...kiosk-for-windows-10-for-desktop-editions.md | 10 ++++++++-- 4 files changed, 13 insertions(+), 4 deletions(-) create mode 100644 windows/configuration/images/auto-signin.png diff --git a/windows/configuration/change-history-for-configure-windows-10.md b/windows/configuration/change-history-for-configure-windows-10.md index ce324c8cf1..a12a531608 100644 --- a/windows/configuration/change-history-for-configure-windows-10.md +++ b/windows/configuration/change-history-for-configure-windows-10.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: high author: jdeckerms -ms.date: 01/26/2018 +ms.date: 01/31/2018 --- # Change history for Configure Windows 10 @@ -26,6 +26,8 @@ New or changed topic | Description [Configure Windows 10 taskbar](configure-windows-10-taskbar.md) | Added section for removing default apps from the taskbar. [Manage Windows 10 connection endpoints](manage-windows-endpoints-version-1709.md) | New topic for Windows 10, version 1709 that explains the purpose for connections to Microsoft services and how to manage them. [Configure Windows Spotlight on the lock screen](windows-spotlight.md) | Added section for resolution of custom lock screen images. +[Set up a kiosk on Windows 10 Pro, Enterprise, or Education](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) | Added section for automatic sign-in after restart on unmanaged devices. + ## November 2017 diff --git a/windows/configuration/images/auto-signin.png b/windows/configuration/images/auto-signin.png new file mode 100644 index 0000000000000000000000000000000000000000..260376199ecadc7ad234a071a4648483969e4a36 GIT binary patch literal 13645 zcmbuGWmJ?=`|gK^A%&3~V#panQo2KGXe6W?5hWE6RJuC{K~e`$K#&lW?ik9Xq*Fjr zKtj&;eZTzII$zFN{|_Rtobh>{z4v|J*YCO}&QM>I63PsPKp>RbTI$9S2%Z!8zJwGX zd}VQxqXU28`59}fLaImMo8SjRHx)e<2&6WJ{KA0<{7mMpW$6cjP<8+NgV*m>?hJuQ zENQE&m97c4C^(8v@pz8hHJF1?}81|-;niam|*)iza5(5R((@)HcFW-?s3{o-9#Y}}vI<&-+-!2@u)mUp96 z_l2Wo&=bXKBm&py{Pq?)%L<>$B9TZz!Akdu5&^SH_s>|$Fya_qz2{#V@6T*(Y@kfA z5_dnX3}p%ULK$WK-OKb}&{W&CD?0X&3Jbr*<%*{;iLV{+%osz|)zy!7W~6LB_=`+5 z`7E1N-MRfzE3G?*+A7A$@zKuo@9nxVViFQ7a208p-g&4G{+o_Gj*cNAAv)QDah)-d zk;*i$bh4)F?`FUcj*oAcVA0ObD`{Ms(nrI>?OKXFe(R&H?h~9VXTP_=V*CY<<@8`! z7)5YXEBA$509G$A`+jnJ`_;vtLq0UdduRG4G?7i=4iwUaH7dPjWMuU333KzzI>pNe z9hg>H`0OwB`mNzMKbINA!%#JT2L}1lVLafAQG6IeEqdW_wK|>u_Uogq?*<3$m&aE8 zWR#Q|lJ)qL108}4!nW$wcN$(lN#Wwy2z69%d;I&S_?W!f?Q~NlOq=oqQ=%M(Z=m>x z+j)Q1Z>+&1wp}p|_rBlZ`2`UR$4GikhPL=`egf-|uk_583I&UQ86AvXTwVS8;o&{PbD?r& zOxJ_CN7%`a0bby#Ha_?fk85-sd44mQQxt5Go&|^eFanYTn_^X>A-iT@o}hyjk=V@I zQm`nQ>PYkI{1*>kPz~emoh_KJ=qIu+STug<3zTx6n56Sq~zoo zD{h5P%-%U`56w6EM7(w#D-ingDCFw$B$Dm?c&D^uFoUnk8Z7V;Sm5pUCyY(b&_Kk! zZ_%{2|N&R1kTUTHPzK4BO|w`8xn-b z{&*@+o_?vadan{eoGc52_7a2#qtn2WfZb_9#zMueNMT}sVJ6FqH7Hahg2F^{XdleA z#3V9_zuPPl`4|V5JYOL=TP-AD>zj~WTS#yGb%8te8(VMNAN*vJ z^kmGM6pls0;z=MU7{`-eKlcBQ#WyXypMP3s*J2+~^X%&H#)i89D_wWB!&rfWSyxyB zgD|b0=X8CXf|j$hv%UQSxXcwARYOCXm`1Pp8%mj^;Gzm-{9J<@z?sDBP{5uB`&^#= zetrARba161l8xdo6WV8Iy1}VGd89x=F8Fx+tQ{S-)VW;P2?M8hFcqQpYqnYG>cUSz zx7bi#`9d7S$@PU7=|NI(g~#>Q&Aw7zbM>E|34m2R`lKt25VZMl^dev`4R_vI zVNy2tc&my_GudKOZezav>er8tRqEk1^z?lf;Dx<9d~9HI-)Z(;Rg0mryeri?bi6UK z{3Bq#;nUTvrV&^c|Lx~D@6k_(Y<;WxZX2AGPe#Yva`y9$?@=LXw77i-MBo~`q}QBv zqo-xivV(QY=~BXc$YD}eEJ5kF!E~O4#6;Mi2U;1tdM(1XXI3=Vuk(D7eE8F}IPtuv z)~TOa>OsrB?>7XVkgN{p*tI`x&C)`)o&S^#l>3%=^j{frAVs{f44I`r#t@+`MSNmYGLhy0E;uGeuKR-a-b7sD{ zI2;?!7OHDE7Lk|Fhrbr{LM#jVx*OrBz3Lo$p->EOGP}})g4HL-+m=SwA9}{6bLgny z(#rbo?(U!i*aa>U`R0cxx*07RC|w?b?QK?JtdVTn`uH~qNqHf+ZMk|JZJ;hwFSx8% zENid0pZ)z))^aB)h|cDv&Gf*m}5SCA5$qL@LqE3l0b2zn#Ah5y4OQD=$L7{fX3;_|8h9O86B zxqx5Xai5H@4|BgAJ-`f)qbH!YS3=gBo8N9de&ou5#)vf!DDfDw2 zuZ>8}Z-dh4nItN@oj#z+DDBM=t!Iw1u6H*w4Xeq}fim2ft+J9jJT{@Zc1`7KKgq(Y z^j6YFy5M!nn_hGIBU+%#jlGbINf^e6IyHEF?Mq~eVEc?*zW??0?H?Z=y1XL4&d)8` zF=?b(U!{>i|3da*$s`yGm}fq*jt8OQ@RJxt@tvFoZr=N*e)nZ)Xcc=_``@!ISnTjL zu~*Cft=~Vt=5n5qp^7dEBhVb5Z5upp%P#EfP-S$nT(ZIN0d8hRcOVVcc`3+$U=ggI?{I+55(rDVjNF-~6Qz`V#F7-ppb|G%9cD zZTny5n_FMsFo>JIHbtFpHQ?R;T5c54`|1s&0*FV%^?m;C&|) z#3rr+)doOUtUV(|((;eg+f$M12lE_7R+PF%Ctj(!G4ewDJ`_owBF-Wj#p!uz0#pq! z@!3LFU|G{Y8$I+j^b~vpUcS;H9CWzmvbe$W{9-YNU3OYK1Qe%jC8MUYg2zy34jdD1 zNuRq4V^ewWyx5tEGFhSARR4}ZAXHRTD&5bHHV2uMp0<2uvxsF{P#c#g#45WJiDXTR zZ1H(%#HdVw@hygmSwaiC@X7LS<>RHExHZB0DsaY0(eDk3?MsY!BW3*7dVV}PJv%FL z<}7_~A&4(2?(qdV_|k}x1dlaJn8rP`Y0yXHkwKe%CqAL73miXu1HPYA@$GIpqNp|a zg!AV|>HQkD^4L_iQC7Ck9Y8GPhzw-|7~~%jnZGsXF+Rx>p$@ zBu!pwU5jk?TQ4~x-4}}@i{&?~9H3n|Dbn?E?}3eHG<~CB64OFcc`05VeWvXizhA60 z)cukaKU2rkcIjHa&^#HUff|g0xhBSWKJyK)C)u+)|KP%c)rzUM2x)PAH-YN{ea+fJ9rHTM}ANlaV{>Rg6-;qfWz3F*j6 zt%2)$p?q$OqI}Nvg|E^>kd)oLxChhq6}3T2)E|_i@Ldr=$zZm^^DOl@s30B z;!x=fZVDY|WDJCvgIUl%x7bgWK>L&58iU*KzvsJowoKTLMm=Q-=K-3<&AXqmO!}hA zEa;ZfEEw*EgiTMtnn5m-_0*3LRY**el?b4_J=t9n$ zo2dJt#~z_R*b}yRd~MGgPDBf1!75)RIrTdf#c-0Vzekv9uMOuIG}hvO2&aVgAyQtwXTVuU(TCkC>rR8m;J64KC)MI-bxr(SRb{(BuC^2oTuy~YELaiq z_NjZduI`dEx(A5BXc8%>dO|1K119Iebd9r~=>$J6`Udgd5{-l!3xP$5wqHdehRC&e z6igVZ2I<;ONc7_JviRd8_dyA?%3u>Z>^|m&corRki-w(9N6g-dQ)0|^bC9nvvsL1! z*poAVLOB!6Jy*v;ObIuUMUDtjE#~x3Q|Kmc41EgEy=vl+mKx%>cZxEhRdc!St}Cet zbK(kBo<+DuY-M}wcESkFkhKF~Y;kPPRa-Ohopfm3>msjIxB7h-O#~Py}5rEm+%6m?%L--ILLiOb3$e5Jn}qibl zE`2W0GtZwrF{BeTa+ncv*3=@hUl|zugmm5XMC9$)rmBRGupH4Z58rup)lc#u7>h1F zr>}wez#J%}ZOYuP675Pl1Y@v(gMl)on0cU=q#^AH)LX~%S0u(Aw%a2pBN`)g49S^YmJAVl-o+}J4;SGTPw-3oS=FXdCpwIB*c&5?%Zn;qzcqp(Ihqn764Q+q9Wrvz_Ux}Df_HA%$Hb(eAi7r7 z)-t9{KWI7mZiuw~N$n+T6shXaxne+s3*Ua7iNPDn0g^-v2x%dnTBQGTs_psq!n?)% z`Y&0QE-K8n3p)>zwCMu8>%AAdJ{b`FRH;>Wy@Qc8&4#YNyHS?lQxba=AItD9PlJm_{IBsRaxAHkX2_-YPP45B%776($jN{{+b%icTxYA>&RKB`WTHN8P z(+a$9zwVn19U=IldLuw4Z0Igg7=C)hlh7RI&)c@sXl~<|T2Pi)84NRJorDw|3==|!;-aaM+j`wJcPdnRUWXzXicV@xjG7yqW=C;zMitk;0PT9LSfN{}V5 zeWBV}M>7q{k;*5M=9uVl7#kFON|2rgHQeGKyJ z*w~ot-hf)}QXyfN`6Gkv(8;C2`CG6!@-EKfYun7H+2m+w*#Ea=)kI&retmU!SLyzA zJs6VCPERQw(d92~ZOPsHCP>Zxw%ibz&P?VO52ji9lUcvs1ctFfrDvo0GOe_cV8~_w z!#z0VHXk3|9IFF_j+%wG3kJqAFylwEf^M|BzP|2n@baUy|He4r83Lx|sls-O&7Jx{ zje7#%0q8^Am9PmG_oc$5srdd#P*j;HF~yI7cnN&Rv$LBAdK%miTrs2x z2#te$B0yQ}oBCm828E+9n;GXG52uI&Qokd<-p?$ZtT0=6e>m-|x!e$6r&%bi~p=DamT z&PD~JMS~8U%T)^O8r{YUJg46M({kYilOAFCM7NURo1X@DlYrdJe7&St{V5r!G&S^r zAPNtb0sa}NH5%&bG%6IVvPT_Z1OQsTwyawNOyI$@pNXo)T98>MXiIBQd`pWQK{CfF zgEHq$k1uaGPXT^1 zLx9J@0UpOlp43~Dvg83))?K`JT3vXKc-F0-30Qw&!@!~~Z7`3$x#SS#XWq*y~=8RcXzB>#g{g5Z*LDs7od(dpFaH(nGTezVXdRa zv0TXed*4TongNYGup3KFO$FN`FNc^P7EjoH9}8(~YqPbrT_e(q!`~pz8_Psx1ifk1 z17S{obD}V z@EH_%)16)@{XKP>YY76!3K`%F#QR?Xu>Z;MeWb9`40L|7yt1ZBXA@&w7c#7V=jr2JHW*F`US3X1oW|vb zrc%oBy2riZsE^{ktIoB~KB&>$vx$_aY*EyWV|?#o#=8`9!+pQ^_o%ZcH#cbh=Y5Xi z6tB~zjj&>4&y2;cLwif3Vyz#DYHZ&-2fK9qb2KN@oK3J+;cWvaaY`AOHf^wmV9J% zH1G(HCu^O|&e+2b*T=+-%(|`vT0Pzp?H6Qp0qLi0yQ$D09T-J9>rjriVKE}gjp450m3}HV`GTB z0HtyH#UHQ-^a>S!fdBPv%K=m`Au%_Ouj%RKW3W+_eu?fIS^)!~GEzWf25`eV+LMme zd^S-HfQX-+ZSn~$2I|s0uyjUKSvPsBq)QV9RcQMA*RL?<%LOFwmTIO%M@1ok_u;+t zO1HLsw&VqkvnPV&hHcBhk|h}lBVW{N52%QCA0O!*ylNJA8|4_#nQsZo@Y|$b-FY~z z;s;YJVr-bO;*Xng_^ER5+5*0_JasR3OxMG$Z|+#di52ciLyh5UFgkEPzTb4 zWU&EGF)|6hONZ*0+})XL8}h6Rsix#i*NntuuYT6H9jj*ruMIGa-AE!eNwf|j6ma%d9agdd~W67k({1Aq*LAvvlR!ixQf#Xwy( zd(st229VGz>JYh|d&HE?M_)_~RtM4uo@vqAmPwxVc>~*q)59b5ZtXGXP1qLnDX_e7 zF9#i)M<`(*8$W&|UZ5w%!u6eCJ%wiXX;((@>l^y0G6m_x=Y>yl2mz zK__#=7s9LXVzi*C5#iyL>S&73y{6;t0H}W|GXSjniCB)HC9uQz>sOoC3rbroh_>WF zJtsVhJn(M==!qN9fp2fjg^!Z5c>3=ik7ocfY(%Z2L3{h|e47HR>uX?e#I4q>Y6EJt zZY>mR9F>b8p{_P8#$SKeKM&^hvRF!SLV6eA zuJ~q$))uj4y4Cuw;ZV64ZUvZC2Sx5HP!)!YciXSpJifj*6~H4klkr{AlD*|1+hM^W znC`yoH0bxYfzJ~6mD?WL$14*S78U|*&OX8zy*$Z>AF@05#vlGeUA`qvO_KMgL-smJ zNNYMk5lgJ`UDYun$IIxICOb$I<<3s>cm=VJh?mppwWlrtPU71#UnBoMrhqi%6gCAB zHo|hKrI?KF1qLrN9FJpM3T-L|DnyIh7#m@|Ch@=;(~pPn#2*au$CFN+EWljNL9*h} z_TX^ncl!UXegMBa1$eeJYfG~}%YE9s&ri;_-f{tY%A%2m{-S|nvF8UxObr9hLbY`> z&A7ek)mL*nja!QtZNgdDb|Pe>8@R;bp;gZVzKLH)-~5?8I7mdUpT=l7cXNz5wL;B1 z9z|m>ASq002+87NEJ}+sr)3qiYNR;O*gHHdmDw-Zc<)Y{>;^gqQj}b%AQf>qvPlES z7olY8P;~4LKKZqJ4o=tgulRdi=5|k_AbNQMtRmaMpw-A$ERrNWIJ?Jdaxo94}%uUZ%wHi2T1P7HgmCG!&vOIl^r7^Ey@{0jBGC2n)GQJH;Y4Hr_nd4g*U;HeQah)9Ewxk9vXND zXVLM;T|^bkN*JPA_`r1yZiyl_8pLu;Gi$Fx1N2L>H!{svKyFQ!XpqYcr5BwfN7Qz>I5?Sg;Z5qybyF3JWu%jBh#%htl~23$4S<4C z2inuQ`0HF~l|oCK!Iv|t389mWH@jebdd~@ybg;EZI2I!nN@{@*XGRblYEzjIwhtJ& zvhb9SdA0q)t}tHgbyNRyo{d;sw5D@aZPmssaV+?6AoB=DxU_d@s!1m8kLy?t&ot6& zz$>{Q${0iD3qF4~VaDs?u^s*is*u;=MAvG9X60@q za9C2wgrQQ)Y2A3xo&LL%wcS1<#3?GYVL{xGj3=l$+Tm+cRCFejx%g9?l$+5gLn=RQ zTFa0q2k7&<&qx-$-~meec(4ix5t&EWRCb^3JX_D`1=27S=b3U*Xs!pL1N00fk8kg> ze+a?ayN;WxUhh_kM#WN1HgYIq%cBU%BUwtMNTa86Jvd{5+DmxIMAN!#bj>|njMOI= zzeBM{a2vMG;zT2CqWn(G7*aQI(E+=a$0X=br*4t&_|&18f2w#=Wg{%lB_Ja4a`L1G z|ICa24HyQnlF?jf2f=)e$fIlH2FrX)Vt_C;yIxDng*RDY??A{|s;|`ysp28|j)baR zfN_URSq}76P#4HYPSoRx+t+^)A*!c6(UgT#R5 zNs%b}&Aq!>dM_b7fLBxzL;Yr9_Q*R3(qS0TSJrxcsxC6Ge+Kb@-{l z>(O<(uiEw8e^7n*lw`18oQN0C1f%e>^9QDDAUx0s>ij3ELxhMp@!S`l*l;V*#F?Ov zC!*`+qIGE-p^8Q6fU>{7^EZnNrE3*U?j5}D3msvkdrlK28a#CXFV<8Ipp$!;^KalW zceo5TZRAO7GiQzb0siaYwWaQAUV{Qq#E5-R@m8g`C~F`6K@qMeIwI`*K79?$4KHV; zjJwwt-~?Uk@sXEoqu~ulIoH`&lWO^y-YW@hLOYN?@50;|{oLQL=}VgCJZ#wd_@VWC zXVnlNCurTF6uPtEPCkvY&D6Y%4Ju{;sLX&!Fh)l_HZ=Fdpc_k!A;+DD8uVZ*^@^j7 z$_)|y`;!*5Z)r|64KtI9teo@lp5iY8@05O(}*6-U5K6PU z{kWU^GWgYBFJ61);JyADsMqj>==bY_SG z!U^J;#YFz2Px{3`X0lIa*g|S=GpoYm%tdSd*6K<52D?MPrx%?r^weLe$8z`5h8BtV32-id27QN~Ef$Rt(vW3>&9+L59B4 zme%gTMRJ6KOA)Rac(s=W@J}TBxH7(i>Ro7Nq?_wW4y@Imd&t*^;7!YZU8q zvW8L-1Pu-De;!ZT8T451hoT^dq)Y_CvB`AZF?FJ%6Aas0O!zHLGc=N^jvXSg*3%F^ z{rnC_byr&vvNXz)(o!;1MQU`9(4G*3A)bfk0u3CVh(B0f!|7-0{8@@X7B%VtqB#c< z2^oS#zCOj1m_=bOt^uP^H~ZX8?kufj)+U#wXJ;tw#N2eu8xz0Kboib2rwYejUHXr8 zd4~r(M%r62w(>P!IxLVK{ETHon%CVuy5)87m7;nDshE;rM;i&fya*^(8Th=(;=1Ls zVFU@Wm%}vM$}+k1iH6uHo`}B|L_gh%dAb@Rw8e)aMzx}jMmDJHVjPB3mh_9nO$EM( z;vUL+*jrP4Yg=^u;QX-T>l<^PJv`Io!=jd2Sazac&f8fZA;CILbBPRQM)8DrUH|FP zA1swT_qwGT%}dndn)K28p<%TSJA_%sHeZ!kQ+W{z+0pmuaI!YHk{C`Irx>^)3 zHpW$|kCfa417C1fgo)z-mogFAqy@^?&1&>kw6xjNDdUUQjxoButE8)WJ?O$KCRlZ> zSB?}OX)G_P!V+=a34yBkqq76Q&3Op*)d)!Qv61~xn(*Ji4i^gJ`01tgkBz|O5R{v<8XJfR~_jye+PM-w_7Bz?}thEWp;~mc2 zZhv}tcCwqoA#;?9UA}xv&LO{8-g>=nczj@GX2|#Ac=QB>8_){+Pf9~8_~hkV092#N z&DV(X9XK*Ps0iByLTa$RV8kejbAJ(GQiKJpjNkaBR)Ktw*3vxqX8-830T5-YAP<2C zzl^3}T1j?&_Uy{BH-2@jupMCAft3Za!Nra7Vl}6&4-w!VOu&5O?@PTgQL2d|IEM+_ z%7Y-<+TUwjh$JAYYU;8|uB#fj9IS+8Wgh#A9eGmnPMp_1{G*5tuo! zsvx;x&A0~=Lou6Reb#n%^w#gT0v`v!Ft{-?osdl|s@Y`cRgP_X-bL)p>J6^YAT=J+ z7%EoP;nlHGfJW2%=_ptvakFNgG0nmMX!z+B=oqRueC7H;8VfvYJ--C*)R|L_zLWSC zFsC1FeijA^Kc=&e> zqnu~6`Vt1F2o=tyxxxNzgBP+<&7VjP-7F%2gExF%qhpqlm~pfZSVUBC|^AD|E+x>K;jaJL4Y?f@X+8Cq*AXvp@9xAKPnRW)9nf3M>el!AaZ5ChlL@^(t8t{ z?3QHxKc)a?mI*l(;c9s2>HeiWZFV4Jxi1N1U`_4=8l{_wRC$q#I_DttyW-q717R}1 zeuOq@ly>yrm2bC8$i&GG*G9PPuUQsr@dF07@qU&_9;7csgXK(UG{{ZtRi%xsC8+3H zb69_Slfa3tNI0oV0-CF6W;!sU`i?ZB6oGhCPv2*~K!py75Mf=8cYx}=T+OiqQH2D> z0JbH36B@$7UlArNK4WiNkDtr$<2_GJ2Ang#7GNl?_dDNNl>t9<*~VYO$6*$t+SDUuwcWueU&;Tf7rBmLS4baPy6`FTZIK^JBR?X%QF#)pMi zF`@07k~+Hp)%d{t%Hytt3D6 z$i_GhWukn8Zin{Q(^>xF*6h)`u2fNzb+5*Pn!=W0UG!`{cNG+b6h_55Gi!L07E1)5uFSq&F zXl>HrpZ0=HfwZ|Mz+QM9)Bp#lJ5lM+>4rDJ;-Ru;8|PNcJ;h(A&RHGF3jk4AZ?og= zski|5Khoylu}w+p!VV!pPq zt-enea55?~C`l!JHb1>8FGq%x9&!_L&Fq699Nixipa-UrSX zC=2x5H0u(5#J^%4mxU2^jfNj`ke!ArOn@w0nuCN6?O%9+yj>yuU?)R4;Rvs<_zklO zD0KyP6CtEwQ!{Vf`C(9l{kP6gYYDk)bUGkL|DT_L?KAM-IQ{=q+LfEr1g^mT+sVGC zK53n=n*7S<{I4lkJQ zFB2`s0X=@`mwaD=?dtOeK=JdCvD_v9o{lvHR*PrG-E=jln4g?rRx)IS)k zzV1EYx^TAu79rtYD(Z$^%8lQPX_FQZa(1@VkU=bm*bI zY7pvN$5Vsi!8z~o$c)vGzxU&Q`1sq>9Gp>?$&FBJ%g9RdNwU9VY}`G`IBB3Hqo!t8 zdU^q}r6kmBm0m(-NLr=>5sk?#tJ*Ngv8PmUfRbWZ6ff(Uc+cZ{rPJTzSs`>0PJ{UP z%y0{@(b~L;8#lZQq^iu%o0vbuhhvNq-bYJHcqmWCM7xtW09gHA;5uG&=tx&p;Xh z-zN3sagBCuJEhitZ)<7e4@>RU%e}q#)Vr-&W$Xb<8 zHhLZ|s+mV)&kYO(^-_0Fcb3;9_FLv>$$;z#Jf3m`Q-H#Q*(N*!Vld=r79>9d_7eD1 z!~NN&Ycky2gfbi)9X`<@LQcXa_HSne@e*1E(@3|!@;pGDdXTaHCWRrJ>)`+j%DIgbzDfvhZm6<%O~ zF9j)l@L`?%Gm>_8c8etTqP?J@0eVabZWBrrDu_=&5XBza3!?n0KIT0=7wpa!4Xj&2 Tjw|3JP!Memef4Tp`|$q*;6tR= literal 0 HcmV?d00001 diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md index 7e5d71562c..ea121c6820 100644 --- a/windows/configuration/lock-down-windows-10-to-specific-apps.md +++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md @@ -9,7 +9,7 @@ ms.sitesec: library ms.pagetype: edu, security author: jdeckerms ms.localizationpriority: high -ms.date: 11/26/2018 +ms.date: 01/31/2018 ms.author: jdecker --- @@ -52,6 +52,7 @@ If you don't want to use a provisioning package, you can deploy the configuratio - The kiosk device must be running Windows 10 (S, Pro, Enterprise, or Education), version 1709 + ## Create XML file Let's start by looking at the basic structure of the XML file. diff --git a/windows/configuration/set-up-a-kiosk-for-windows-10-for-desktop-editions.md b/windows/configuration/set-up-a-kiosk-for-windows-10-for-desktop-editions.md index fcbf41202b..0fe1c5b458 100644 --- a/windows/configuration/set-up-a-kiosk-for-windows-10-for-desktop-editions.md +++ b/windows/configuration/set-up-a-kiosk-for-windows-10-for-desktop-editions.md @@ -8,7 +8,7 @@ ms.mktglfcycl: manage ms.sitesec: library author: jdeckerms ms.localizationpriority: high -ms.date: 10/16/2017 +ms.date: 01/31/2018 --- # Set up a kiosk on Windows 10 Pro, Enterprise, or Education @@ -37,9 +37,15 @@ To return the device to the regular shell, see [Sign out of assigned access](#si >[!NOTE] >A Universal Windows app is built on the Universal Windows Platform (UWP), which was first introduced in Windows 8 as the Windows Runtime. A Classic Windows application uses the Classic Windows Platform (CWP) (e.g., COM, Win32, WPF, WinForms, etc.) and is typically launched using an .EXE or .DLL file. -  +## Using a local device as a kiosk +When your kiosk is a local device that is not managed by Active Directory or Azure Active Directory, there is a default setting that enables automatic sign-in after a restart. That means that when the device restarts, the last signed-in user will be signed in automatically. If the last signed-in user is the kiosk account, the kiosk app will be launched automatically after the device restarts. +If you want the kiosk account signed in automatically and the kiosk app launched when the device restarts, there is nothing you need to do. + +If you do not want the kiosk account signed in automatically when the device restarts, you must change the default setting before you configure the device as a kiosk. Sign in with the account that you will assign as the kiosk account, go to **Settings** > **Accounts** > **Sign-in options**, and toggle the **Use my sign-in info to automatically finish setting up my device after an update or restart** setting to **Off**. After you change the setting, you can apply the kiosk configuration to the device. + +![Screenshot of automatic sign-in setting](images/auto-signin.png) ## Set up a kiosk using Windows Configuration Designer From 7b9645c83a347b7690e46c82389c34e208ec7541 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Thu, 1 Feb 2018 16:44:48 +0000 Subject: [PATCH 067/109] Merged PR 5641: fix link --- windows/deployment/update/waas-configure-wufb.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-configure-wufb.md b/windows/deployment/update/waas-configure-wufb.md index f705f7b85f..b6260dbd6d 100644 --- a/windows/deployment/update/waas-configure-wufb.md +++ b/windows/deployment/update/waas-configure-wufb.md @@ -28,7 +28,7 @@ ms.date: 10/13/2017 You can use Group Policy or your mobile device management (MDM) service to configure Windows Update for Business settings for your devices. The sections in this topic provide the Group Policy and MDM policies for Windows 10, version 1511 and above. The MDM policies use the OMA-URI setting from the [Policy CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962.aspx). >[!IMPORTANT] ->For Windows Update for Business policies to be honored, the Diagnostic Data level of the device must be set to **1 (Basic)** or higher. If it is set to **0 (Security)**, Windows Update for Business policies will have no effect. For instructions, see [Configure the operating system diagnostic data level](https://technet.microsoft.com/en-us/itpro/windows/manage/configure-windows-diagnostic-data-in-your-organization#configure-the-operating-system-diagnostic-data-level). +>For Windows Update for Business policies to be honored, the Diagnostic Data level of the device must be set to **1 (Basic)** or higher. If it is set to **0 (Security)**, Windows Update for Business policies will have no effect. For instructions, see [Configure the operating system diagnostic data level](https://docs.microsoft.com/windows/configuration/configure-windows-diagnostic-data-in-your-organization#diagnostic-data-levels). Some Windows Update for Business policies are not applicable or behave differently for devices running Windows 10 Mobile Enterprise. Specifically, policies pertaining to Feature Updates will not be applied to Windows 10 Mobile Enterprise. All Windows 10 Mobile updates are recognized as Quality Updates, and can only be deferred or paused using the Quality Update policy settings. Additional information is provided in this topic and in [Deploy updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile](waas-mobile-updates.md). From 01c6963b9d395499d46df56fea54c4f60560c711 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Thu, 1 Feb 2018 17:09:59 +0000 Subject: [PATCH 068/109] Merged PR 5642: fix links --- windows/deployment/update/device-health-get-started.md | 2 +- windows/deployment/update/update-compliance-get-started.md | 2 +- .../deployment/upgrade/upgrade-readiness-deployment-script.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/deployment/update/device-health-get-started.md b/windows/deployment/update/device-health-get-started.md index 9350288947..175f553534 100644 --- a/windows/deployment/update/device-health-get-started.md +++ b/windows/deployment/update/device-health-get-started.md @@ -24,7 +24,7 @@ Steps are provided in sections that follow the recommended setup process: Device Health has the following requirements: 1. Device Health is currently only compatible with Windows 10 and Windows Server 2016 devices. The solution is intended to be used with desktop devices (Windows 10 workstations and laptops). 2. The solution requires that at least the [enhanced level of diagnostic data](https://technet.microsoft.com/itpro/windows/manage/configure-windows-diagnostic-data-in-your-organization#basic-level) is enabled on all devices that are intended to be displayed in the solution. To learn more about Windows diagnostic data, see [Configure Windows diagnostic data in your organization](/windows/configuration/configure-windows-diagnostic-data-in-your-organization). -3. The diagnostic data of your organization’s Windows devices must be successfully transmitted to Microsoft. Microsoft has specified [endpoints for each of the diagnostic data services](https://technet.microsoft.com/itpro/windows/manage/configure-windows-diagnostic-data-in-your-organization#endpoints), which must be whitelisted by your organization so the data can be transmitted. The following table is taken from the article on diagnostic data endpoints and summarizes the use of each endpoint: +3. The diagnostic data of your organization’s Windows devices must be successfully transmitted to Microsoft. Microsoft has specified [endpoints for each of the diagnostic data services](/windows/configuration//configure-windows-diagnostic-data-in-your-organization#endpoints), which must be whitelisted by your organization so the data can be transmitted. The following table is taken from the article on diagnostic data endpoints and summarizes the use of each endpoint: Service | Endpoint --- | --- diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md index ead61e2d95..354ad86c3d 100644 --- a/windows/deployment/update/update-compliance-get-started.md +++ b/windows/deployment/update/update-compliance-get-started.md @@ -36,7 +36,7 @@ Update Compliance has the following requirements: 4. To use Windows Defender Antivirus Assessment, devices must be protected by Windows Defender AV (and not a 3rd party AV program), and must have enabled [cloud-delivered protection](/windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus). See the [Troublehsoot Windows Defender Antivirus reporting](/windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md) topic for help on ensuring the configuration is correct. - For endpoints running Windows 10, version 1607 or earlier, [Windows diagnostic data must also be set to **Enhanced**](https://docs.microsoft.com/en-us/windows/configuration/configure-windows-diagnostic-data-in-your-organization#enhanced-level), to be compatible with Windows Defender Antivirus. + For endpoints running Windows 10, version 1607 or earlier, [Windows diagnostic data must also be set to **Enhanced**](https://docs.microsoft.com/windows/configuration/configure-windows-diagnostic-data-in-your-organization#enhanced-level), to be compatible with Windows Defender Antivirus. See the [Windows Defender Antivirus in Windows 10](/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) content library for more information on enabling, configuring, and validating Windows Defender AV. diff --git a/windows/deployment/upgrade/upgrade-readiness-deployment-script.md b/windows/deployment/upgrade/upgrade-readiness-deployment-script.md index 3e838c9578..fb04dd5bf6 100644 --- a/windows/deployment/upgrade/upgrade-readiness-deployment-script.md +++ b/windows/deployment/upgrade/upgrade-readiness-deployment-script.md @@ -263,7 +263,7 @@ The deployment script displays the following exit codes to let you know if it wa \Windows\DataCollection** or **HKLM:\SOFTWARE\Microsoft\Windows \CurrentVersion\Policies\DataCollection** - For Windows 10 machines, the **AllowTelemetry** property should be set to 1 or greater to enable data collection. The script will throw an error if this is not true. For more information, see [Configure Windows diagnostic data in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-diagnostic-data-in-your-organization). + For Windows 10 machines, the **AllowTelemetry** property should be set to 1 or greater to enable data collection. The script will throw an error if this is not true. For more information, see [Configure Windows diagnostic data in your organization](https://docs.microsoft.com/windows/configuration/configure-windows-diagnostic-data-in-your-organization). 40 - Function **CheckTelemetryOptIn** failed with an unexpected exception. From 79a6f58699d372eb5a515347ab5b6d7e6b4dd0d3 Mon Sep 17 00:00:00 2001 From: Maricia Alforque Date: Thu, 1 Feb 2018 18:02:35 +0000 Subject: [PATCH 069/109] Merged PR 5644: Added Browser/AllowConfigurationUpdateForBooksLibrary to Policy CSP --- ...ew-in-windows-mdm-enrollment-management.md | 1 + .../policy-configuration-service-provider.md | 7 +- .../mdm/policy-csp-browser.md | 119 +++++++++++++++++- 3 files changed, 124 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index 2065aba9d1..54c9115a56 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -1405,6 +1405,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
    +### RestrictedGroups policies + +
    + RestrictedGroups/ConfigureGroupMembership +
    + + ### Search policies
    diff --git a/windows/client-management/mdm/policy-csp-restrictedgroups.md b/windows/client-management/mdm/policy-csp-restrictedgroups.md new file mode 100644 index 0000000000..8b0251476c --- /dev/null +++ b/windows/client-management/mdm/policy-csp-restrictedgroups.md @@ -0,0 +1,96 @@ +--- +title: Policy CSP - RestrictedGroups +description: Policy CSP - RestrictedGroups +ms.author: maricia +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: nickbrower +ms.date: 01/12/2018 +--- + +# Policy CSP - RestrictedGroups + +> [!WARNING] +> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + + +
    + + +## RestrictedGroups policies + +
    +
    + RestrictedGroups/ConfigureGroupMembership +
    +
    + +
    + +**RestrictedGroups/ConfigureGroupMembership** + + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobile Enterprise
    cross markcheck mark4check mark4check mark4check mark4cross markcross mark
    + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
    + + + +This security setting allows an administrator to define the members of a security-sensitive (restricted) group. When a Restricted Groups Policy is enforced, any current member of a restricted group that is not on the Members list is removed. Any user on the Members list who is not currently a member of the restricted group is added. You can use Restricted Groups policy to control group membership. + +> [!Note] +> This policy is only scoped to the Administrators group at this time. + +Using the policy, you can specify what members are part of a group. Any members that are not specified in the policy are removed during configuration or refresh. For example, you can create a Restricted Groups policy to only allow specified users (for example, Alice and John) to be members of the Administrators group. When policy is refreshed, only Alice and John will remain as members of the Administrators group. + +> [!Note] +> If a Restricted Groups policy is applied, any current member not on the Restricted Groups policy members list is removed. This can include default members, such as administrators. Restricted Groups should be used primarily to configure membership of local groups on workstation or member servers. An empty Members list means that the restricted group has no members. + + + + + + + + + + + + +
    + +Footnote: + +- 1 - Added in Windows 10, version 1607. +- 2 - Added in Windows 10, version 1703. +- 3 - Added in Windows 10, version 1709. + + + From e7b1ba916c38173d939e931be40d831bdc0ed015 Mon Sep 17 00:00:00 2001 From: kaolah <35081118+kaolah@users.noreply.github.com> Date: Thu, 1 Feb 2018 21:23:36 +0100 Subject: [PATCH 075/109] Article title change The article title were not correctly assigned. --- .../bitlocker/bitlocker-basic-deployment.md | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/windows/device-security/bitlocker/bitlocker-basic-deployment.md b/windows/device-security/bitlocker/bitlocker-basic-deployment.md index 8a37191b30..9a2d09f6a4 100644 --- a/windows/device-security/bitlocker/bitlocker-basic-deployment.md +++ b/windows/device-security/bitlocker/bitlocker-basic-deployment.md @@ -182,8 +182,9 @@ Table 1: Cross compatibility for Windows 10, Windows 8.1, Windows 8, and Window -  -### Encrypting volumes using the manage-bde command line interface + + +## Encrypting volumes using the manage-bde command line interface Manage-bde is a command-line utility that can be used for scripting BitLocker operations. Manage-bde offers additional options not displayed in the BitLocker control panel. For a complete list of the options, see [Manage-bde](http://technet.microsoft.com/library/ff829849.aspx). Manage-bde offers a multitude of wider options for configuring BitLocker. This means that using the command syntax may require care and possibly later customization by the user. For example, using just the `manage-bde -on` command on a data volume will fully encrypt the volume without any authenticating protectors. A volume encrypted in this manner still requires user interaction to turn on BitLocker protection, even though the command successfully completed because an authentication method needs to be added to the volume for it to be fully protected. @@ -240,9 +241,8 @@ A common protector for a data volume is the password protector. In the example b manage-bde -protectors -add -pw C: manage-bde -on C: ``` -## Using manage-bde to encrypt volumes with BitLocker -### Encrypting volumes using the BitLocker Windows PowerShell cmdlets +## Encrypting volumes using the BitLocker Windows PowerShell cmdlets Windows PowerShell cmdlets provide an alternative way to work with BitLocker. Using Windows PowerShell's scripting capabilities, administrators can integrate BitLocker options into existing scripts with ease. The list below displays the available BitLocker cmdlets. @@ -442,9 +442,7 @@ Add-BitLockerKeyProtector C: -ADAccountOrGroupProtector -ADAccountOrGroup " ``` > **Note:**  Active Directory-based protectors are normally used to unlock Failover Cluster enabled volumes.   -## Using PowerShell to encrypt volumes with BitLocker - -### Checking BitLocker status +## Checking BitLocker status To check the BitLocker status of a particular volume, administrators can look at the status of the drive in the BitLocker control panel applet, Windows Explorer, manage-bde command line tool, or Windows PowerShell cmdlets. Each option offers different levels of detail and ease of use. We will look at each of the available methods in the following section. From 6f04a90725b769ced4cbdda1d9e31aea075b08d4 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Thu, 1 Feb 2018 22:56:58 +0000 Subject: [PATCH 076/109] Merged PR 5658: update graphic update graphic --- windows/deployment/images/feedback.PNG | Bin 67206 -> 78621 bytes .../resolve-windows-10-upgrade-errors.md | 4 ++-- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/images/feedback.PNG b/windows/deployment/images/feedback.PNG index 8ff7391e844134fd4918b4d610e72fe749f72e30..15e171c4eda0876ae28d7a926ac0f02ff8e5001e 100644 GIT binary patch literal 78621 zcmaI7by!tV_bv)5-O?@6-Q7q?cc(PMrjd|tB&EAsO1itdB%~CirMvIM@B5u|Zanu7 zHqY9z)|_LEIpQ7f2vbs!LO~=zgo1)Xk$x|(0tNNL9Q^ge!$LtpCv!ti!3WSzDpF!l z72`y^;Nq2qsJti?)c0tl`wuYS8o~a(wi6T-YR~f@^nhKlDHPOGfwZ`&nw!Dj47hYP ziOYInmwEN4{pN2i=B#j|$=FUfPCC7z(Bxa`!i_fK{j zA941&NZ(~&w(>A<{#;m8RJ67&yrV}o}-Q@TmJjg5oWG(aohHrt#dty@uza7IIFkZ@m4U|a`e7BDWBH7t`>(WNWHH= zTraIX;#@A6M4uDfDJSzfnUA%yZ>Kv2lSlEqZJYH7yDE!KWFD@4p;U-1Vvth*^W(RI z?NZ+3&X+xZhT>*qYu*>A{ATvKk@YCKm@+Dq&*1wJq3^btpxLb`{D37HO#&HV?znf1 z#PA$pYzPb?_2#+1T(Yab??z%?IR94JUTtNa+a-rtqe?%c;F&+HF(=XT>7W~Iru(OL zC2{-11n*%_{$y`Q|_S}oT{v(!NpGaYD-WUDOCQ|Z1!uydgd zq`Hy>tMU_hP2`VeI{L>CwB}%0UiT*hA5zQ`zpo?C>p9809X4%uKi(aYwqLJ@Pquq~ z)-{x#9j;YX;O*1+atnT+Wa!;gE_b?}l_sjQXH+i&x@&487=cD5>?zM$` zSV9}48JQf7!m#B*{+ZI!(hh>w*VUY7e`_WRw?BgY2wnershcwNRf+`vu=Q+wvc_WK zc!1O=e?Iv5Pn=?~kk@T~k`5^^*hM5PdnB4u<3<#}4ILZX!ITtfT|%xm*q`Q`f6G~P zyWK77k*3awH%Nuq&+^zSNsZR|=On6! z-@J3;d71iGCnXW7mLrmgm#t0hLF-icX)DdHa9-`~u;nN?$-slQO)ZmyZf2ZspJCte zVx0ddum_c&;e3CdIo<1Wu~5I|u-W>0?dcIWif@l*sljP`oJ;UxR+VuERq$L%S71mMQ_K<)Ty~leK>`O|v03EjZ+MB-bZGiDEa#Hicj%{Jr_SX))F zsdMB(wBTj3V7KR=vxSHIvx(m`io$iXu~Qq`P%suh&yVQ1_0Q5}bmD-W1Wc;@ZF9c_LtM|+ z9$?NNA%!9jR}7@0Oyt7%&zrBa_n+WCLjg& z(QAmCA{w_X^!l;&q@S?oC7OWI((UDe?*7n z{Ct9EUE`NW?RQKOq{6G->{inhOVKy9s)d10_$G^JjAAwV-v=Yrr&HS|Z z-DF^HP*OEUwJ_`_I5sJ5FX?GFXE9a&1hbVxf$g9Y^93^2FT8D2LrI9dTJ!1naZ|IB zWBeNWs$u){Q5$YW+oevL@Z#rbmCO|;PMU}0Zyr9Z_0v8$d(1%VxcwG6=z%xP<^;)wh$e?`LV z#VBsdwd}q?MfwUd-rV3%s{O1KY0zoSTklq+($K+Cr7P?wa~Yyc3dGjbV}014lMVpJKjiTwliejJdyDt_2Uw#*_1C$B zf*A$=u|kn2_Unsz!=6wK^0K|O4JQd4rkoDdiUzJ6UTEWJ{T6c4S18;Ju^u2b*>6+J2BIHgnm_&tgk>?)hbz~v6R`L8r4deIvncQ7zr0`3v+6X zk4ld>C&)Y>P3Vx5;}J)$Qd3+yf?u1qr07le;Tqa_yMLdmhD=a$S{HJv``d8O=+PF* zwLISLLkfzsbW*4s-vQlorr?m3p&`kj6m<+xoKorUiKF)ZmHA;xz=?i-k()VGvY((! zTL!$=ZqvtO9pHw=ZU4L28Z#a9Dn{7Lnv{B}BMVtZS_t&`5OtOfqlys0CUEO@R@P?q za+oN2a`aHZ*8ap>)uvj+LO3!$OAb;v#fUe}7!^+8$yo@|ow9g4(1mpPFEq?Vtm$A$HSegx=Ft{KOO`L z;NyXHxtdo?MGcb8a4p%?q#i0GI~yTmk%tXL5?Xls(S2QHW8{4yVQNt?*YZ1Mv@{QZ17u&2$Rd-+;&GybCGZHt*U& zH9}|by4?+#utYOJk7)eHVLrk!#R85U6LcJ^uSBBU#uVlSyKdnDFvDG5Wn3UyE&&;| zcbEtq?*s{;&G=mQOo`LHBKUheJ>59(IQmcQWT}eeFzZqnXW)_J5WG##x@5J!XK*Ea z0qZ5K%?u!{NwHIl{_r;{U?uKFBqN&8b@o^TmE$nSdDt%<9!5ixNKPB#)ffa{2}@bF z7%u3ySLl}eq2y64iv9On=QE1jQfW`O^Br<`mKOHH79@ya(;3c9L9Y1iu0zfoaliBy zGksOQKD#}j*7({A{T3ZY$!aI0jm||$6SjjK=Rn@8WvB8Bt1!yMDpY%mbO%X~Bkjiy z{N{rh-mT=GVC)l1>LqF3;1Mxd@*=sBt@3e+ReBn2bI*K!?5mIYP1~6*l27(ALMHtY z1dx1;<^pp$FYu`6aH3NWrIrw14Z=&i9ip8P zhX5hzOkqG?*VP#4ESDn-QaYrD9kNUc@v`J`#;O(yo{h3^HGPTxC^YKVK$KZTw3=_T ztxSda`C`vZb+z4%vY--|*b)S0_NA;*7q`Ee9(%ND)Ef^d!$-wJ>pad$oj2(r6zgb1 zu7A}v_06Cgic?>-J5{!x$}FL-w753d>8*C61a*!kq_fG-7Iw*v{KeO@q9uHedc^-Z zM#yVjIJ%xEeGvBympO!QWz}E8IL6sEb*v~cO^i53K)OSWW8n4y)8vKClu##nLU z*P0{cv%LU$k$h(E5VB@daLFzT2X)$?q@@=cDLD$EeH*&aEra(F6(-`M` z{RPpC)oVmmbL{dyw(~aEY&|RGKl!XL2zo$x&5_f% zS6}EWsw&hyUr$XF_>1bp-gja2jXrtE$_IOBq&*}5iUB?p=b-KO3y0BeU7i@iG=DJ0eSN+&$at=-! zqO7V-$WlEDp>1PMBzr+L!8TQKV)Sv|Fk$g!Kabjthb<|UaBAMb)}T|U#vI#cOf3h zrmy`R8x}2N>CIoFQf=x)4l}LI#0k6p@ua6?}i{ z&7BQayj7&MLOtZ)%i`;`vBf!yLK`)k!p+qGoF3&u>}Q>QG$Syfm#)jX%#JVFRHmQV z*@;cDTI_z!X)%l}J-bXx_@9VFkyQJ!qqIt=Bjxu|QlGQc2fzCFi?$R=&ZDdYT3%~R zEq{$o)M^gmWQQfE*vd;(>ItpJ<0BW@#s-qYn}MSe?*V}$n`-9mS#LaJas2dOtES{q zX^VVxc^L*BffSz_G1%RUEvf*n^@};(2|kA`pU0cuAknYclB2Wq`^qzmv#}#lt8h(d zL0E&#b6J8m9Dx~*1B0UejjGKcl!_9E5t~EV(|Afn6tj;Sr@SA#wrMMMq!8tyw*5EE z!OuGO0WTN79%1Fx-qWc@|1H};*R=1Bh~LUk23$>llxg8~%aXRZ_@UWwt8QOO1V`+w zG}egMEj?=%^X2qSB3c`t#7UThEQ~x>mR7CWq&T?vcIY2WUzksSW;01V?nOJ3&gXr9 zeV(}IX5Q&>EAzsOVrA9X6M;o2h?V+U-vHz#5Mn_a=%sODg7qzgM4gW%u$8j448~Kj zxnb*=;Ti}2TOVAV%Q-fcW<)~#O>o8{`_&EFjdJHsmJYH0CVV5Uq)t>KRJqx=TiC{IaIHfYWy#6PhAhq~P zZ|;xQFZG}TE8G^R!~l0jB!EQ8B&7655vMW1pn&bJz(k^k1b!b+SaDrj>3-;O9AUIj zAZYvGwO`&)UlMK7Z$&N|b|bRjy5$?fcIyzh)mhCG~od zA^is8aTU#LfQhOLvSj$TQTTC@U%_IXEf!p!wOF2@;M=O>hHFO1PIVIbT%a9YT+C3)A064UIlJ8Bw99j{4#YT^! zi1~HM@BH9MET>|;Cach}wi09m_^VKvC7vFyI?BCKidIoyYK10=w-MRPjc@v?{o$%| zK6h&mLrg`#P>%KAnp%PnL^1TbNND2V*)OXZtt9B#juO0FU@;qxx9`Wd2((>kUi7{{ z9A%%V-HO0xH(%h>p%9=F=eq0ZCR}E(4FxNi&(*@yU&*cVA|4D?N?gi?ejB@ z7nG{Ca3pToThW80uWrwGO&pluiO)bJS!@PX*iVCz&Lrybd%Poro)EN#T~M#vI55^P zJC4{7l7(n_5#POjis)i&Sau9Q7;wO&{(_1BB=Uw1(XjMgF!FaZL|&73CmDYOECn=l z(zqah1pt&$%XsI|^|`{W*Y9wpWyu8t?PaLE+R)Aq+SH&}EDlonaqCxZ1!c9YG^9k3l-5+Blu`P>H-7w3 zHOe-!5UHM82 zXD&3zknvdF2x?}6h3F6gGpfkO5I{9aE!lwNA1+9QYSrdj=3WCc^r!lw$e9mQl7IPjcbAo%z|8QMerqzz4}Z4!P5>(>qd-m2dOsLWKM zt+mpDXckAa-b-c8)}qoY?3cH(Q#A=Df+xM0oVJ??T`0hBeu13jxU11uMU$HJhGJ;2 zqd9Nm6j0)nPty`);4!zIPoJxB%73_58ITanu;c~Sq*?Urhk>!RT}#uoo?F3ZNT~(M z!;K?rMweFvk>0DQ@0^Obpp7QnjUuadApE}6EKP!Ii%0ytqO4ENVWdLmc_T|l26b{*%=%GyQX=!jxmEgzT4ph6_9>i_Cf`+B{suzB9{d zSU75<6cj<%@5y&)DD-7j{$n+0d2xw`-tM}qkcJhTpRaRR(_t^0v#r7|_1a?vNd!=i zBcRCJUmTKj!m*uQjKMQVdSS?or6sqXW)BhM{A5#~q^R7+0~6lpu}e7QfB7gEPPy^^Xd zhia(S=<~v3VOpDYk@hw2%U8YG-|FtRJ1zQsp6(2-ar+*ym+(a?hok>jOe&DE8!$ef-ONmn1ttEdP)J17my?$z9NwxxP86;>ny!5Ha< z_{DnM*i$lKhd3O_maxPYRLvi_FQc_a{Uu#cR;C>c0!)%^?*62GQJ=KWlQD42kUOD^ zfpmDPg8Ql8`fr_i7EJH^ounXFKz3mwPf!`#vXu!tlX%X~TYn*C+!VTDZoXsCDe!T5 zyG?=RUkY6+j(0pAi$oCS$JUrUQC}XT#vqZGJ*D!l{S;kwtoL0kWXD(inI~!gxyZNtVoGrv=s|z?sANgvrN9|zNB+pl!Rd*38CRBCV6-3sN7OW zXQ@a2MfMC=-r~GR%sr)g><8|EKTlB(3FDFjflLq<2VLM0HC@&a`yMs|C4AM%O zih~|B;abnU*Xe8Dg%f7fv^E+7WGv|NP67jY1SPA!2R*#1~85e5kPU`6R+xYm(NXu(X!jsBJYmyPjGU&MAa!@R`=p#+x8Bcv&{-zqL z2eOz?qTy9y(j|Bxxei3n#b%Ydb)gfFdp$BIOlyc$-88))XsKen_>-)#$%5YWJnSvT zL6Yq-GS&w*9+!{KdwHa<$(xy*{=}X$i(8ZHb~I9eJkr*~_7lM9TF%q4tMyH8mu!L} zGLxNgoN<#zH@-j((6>jeCLeOCs^K(>>f1JLPRrH}IV0#=kYVPQD3M`GNCnAZ5o5C{ zJF5+fPbq^pihhY*0-z{=JFqybEGPnFBtQS#h}@1(uu}p><8@#VuEBx|RUEY<>PoW< z(%CqFrMtJYeZ1$whmb{@Jvl1*)c8!yO_@2dM5M!)i84(Ty^OhUaT{Po%*r)asZOpX zQSbV!tK5SZ`P&uZnNRF!(&Vsk|Ig3(@r&mIImNc_yfDOEizoDt;J<2t;xs_xfJZfU^Q_K9GXEF zV+jjhHq_c)%jSDucWyY-$Fmec28W7$hT2In4c@zltF;gq9IZDt0FJH~w&e~JalP40 zTB_qAIYQu0?=?ET-pk#Lt&71%WD*?!DY5}#ofv_K5yJ}$vmR`WH6(+tvdnsLA>_Wo zI=}SFWa)}5Q#h>1Fy9i=nda_b=?&U%dUe6z27*jMsIAZ{`B<4w;NF%FIW5+JY&eq- zX;F1XwzQ3JLHzh4_*#J2@dgy`f?%!umpS=7#1!$6d-O(&HAn@KMIkN z{Y;_-=L$v0oGO2Mim)Kc)G}4$u#u&{el}sScX68EoJDHxv}>z_V1q|0W75I^Yf7t( z2HEgfVJ)hX4;5VqP&vuxzh5&)qHx(@oytHh$JNpMS~d_E>I9vI)m{GjMXGhhcSvQ& zV{@PJi_-VM!l*N=N-S4^ZWovB%-4fPo6e_YdqAmS#R%0InyYExPAPExE1-UqYtC=} z5sipvvM|>rt}doYc>cB&lf?bc*YkAr3-AWQRD5wvSgxu)SdmW9H|>@0*6+ zH+_jg?^W!{0zjehMgWN3d~&ADxd(+izX6^#9O$vg2~;YI%m`CF)i~7vIt>QpV@08X zY-m4_Fk{Q#>YUG4hr5(y1X9mu9~pgUOS}=C2M5&owPC--Wa4pQaI3L3w8)5@Cq;J) zw7q&k$(=OWU}u=N=CNOH?b)j08^yB@p9V*&B~~u{Xt?HmcaYj{1u`;~1(1kCGBvr& zVK@3C*`1ZLU!ullo@KqhP%d z{nRNoxh_WZo#eGuUg-)%=>E8eQ^+JOE#FRi%CV#-#tYQ+yG?)H$X?#YFgE`3*SO32 z16qI$@+Su}*A~s_ktBjYBivxWL6yVu|E&rb69y>RhyDosEoZ!c=wWxUa^Bw_zZYIV zt%|gJ<4i-X{@s>SygFt|`fKH22#LpFB7$@eZca$drI>hE!J8@ENakS*thYxNux>cU z!opOn4qCEWbmE;urUwj+W#FY$YAG*z0Rj_-XLRN zh?ul`l(cNPwPuDmpvNkp3x}0Y>T^H!cH%@TaJB7o2!O^WTcI&x{Fx*Vf59w_y9*jn2My>V z&=lW~ztmUSfydiI^NW_st_sk+&vc%a=0tmSHg4DPV6Iw`F&UXcvlm}X<4}d8v4wj zX6@WtUB-nAdSj6GP!Et$&Pw{9eA1o?2F_Cw8p&00Jg{Rbpov-3miVymyq)1%fzUbZ zPMhAULt8wH05}b4m&3Xqy9MP+k$9|c(?LI+%M9O;_?4HLcGTTz-hTwKBi3&{owuz5 z2MaSDpECOFCWCXnUn7~&v01cHb&WTzRc9KwJ{QB zqKZP68bU>Dio$9>ntZNjtE45qpEDH{aoJ;I0&OolsYem8KMz;ACid%P4%xp%B27Zy zfPxfQ@423tl06y!WmhSSV5+c8LXyyM&3MxEkX)$VbAt0P!SF{)8EBT{g5y2+hWg2HgFYzfMN(x| zI4r3@AhQlhy7)S#>w22nM17g_O}To7lW@_aXNxeer4BgGJS3FJna2U>=2fVEVU&sU zrCf~E;4@PQKP2SvCiPI%lc(_;9pY<2!`;Vs0o*9d9NjaM3S&YKV>>f_O`hV|Fya1P zMmQB=LYAX5cxcb)6_?_X^(W9LP9`@aShSKgONj~9OLEmTR*QF4%0--WOsTINtnp#v_4?Fi?y=__-fWy-7+D zV}oC!27(#M*TBQcHjj&H*4WjT3Cx1+)8jlF$hupy(PBF$WDbV*M{QR>ebL%+PNG@8 z@7L2=Qc8S?M~t?wP*$iQ>?X+Qy83r<+vP+9s}coHlEo$&DocqhMjf61ARIK$OrJ z#MA2GZGtV8po;`bEbf1B3T+1JrfefqVV3m5xln0szOUW3nCJQz}Nzrt&b9q??tPOmZAhzrMy9SYpL7C&Hj%c zz8bGy!=RDkq7IDA7h*C#+b-Tp3dig#wItDWA}=+XA&pSER`s`G(KhR@O|6ergzQ}! zPHbMrf6h*(&}*|PCe%?u`sZ=J^FcLLk)_e=FJ&;JBr_>2fS%X_QoP)-`8a-DEAga$ z#>?9681UV?!n;K_bgDBU9UmIBYk%aSX7Qd*vtg-F7LAYIB2vS^h3&LXE2N09Z`Z>| z7>9$8x}@RIqu%Zu-2Q35-tE!Bq=VrG*--F{ei5?8lDe>*@q+ZNL2>daMvP5S-{>!b zuIP8GlM%2Sep3;f8**LpDDB=i3%fH#(b)B-nI7KDAP{pwq`{I?{XIKs_dcp!G0%8r zv)qujlt{PlNrVA;BR|&(K;9oFjD%^`&4)vP640A+fssZ19|@s-074`C8lVr1edAQp zmM);V_C;?64b$XIT#+Cel45+TaV|R5lF{BuykDwwpEVn|ZSK>QMP<;CqSd-td6^Fd z{0y)US2Hd&4ZZ5rO`CCTl?i}BieRD}rW`CaG<;Dfno+h!z5lwMW+#-UD0YQgsdgbF ztC#VaoOi|1o-Q3>z)bM*k!%;yukelM5ZeL;g3zTEGj>6Na!?toX>isjsoqG+-5F9n zVu@WEZ8FS+falc%gCHlhY?K|nTie3*WFMNnB`5pBmitQ#_9=YxZ>`ifq@^KHDu!pK zsvjSIX2Vaex8 z2#7bjrHmuiwp>7{us91`Uhz-N6$$9t!x+=l!L~9Bx{;ZPu)ItXRP==&X%g#roRiB# zS~U24V5Vv;`dTujew1@wZ)T2FF;pxy6W;R(z1cmSvA)XvQ3Sc(a=s#iu|eGO@zmkf zA|ihKsOKPwyfw1XNg}L&xPwn%Ic(}=>k955QnzND<}13qcShy{la57GL8Aj&(o)h^YN~0_~Vf=d^QsF_WlM4BDKSJgs%5 zp-$PJY{Xecg_eSF*(`2T^8e|V@g+-DHVZvz8etygtJ^B=X=$m6dE_tZZ#gH}E*jj4rG zQT*KdwBn+PpL}LC=weH>%b_)Cl9CwjUpgWo>Wv$!}mJ&FK{oe`zWRr$~U?|8y zTh&$^?T>{2kVRAp-M`h11{*Bo7KrK*Hyt+7a`%7vg?QC!qeUZohK9|BF1xEuBYni^nq% zYCIC!_0-wqC+N{wcb^?Q#3Dpvmd0rr`xiHM}0nors3iSOfZ*g{Z4Jw;EIp=25B;^kQ% zm4%8xb*AxVEA`v$tSoa|EjEYP*srVg=Ulnmbz(Z|iFMx4$1AP*B@QB$VIF7{Wiqzx zU)7BBjoceoLB99l)VKg@j{bsaoc!PLBs5e+s4hKX#5De>oZDAxBozy*Nm0?s6lDW9 z5dmi=or>@eyVrQ+^FL&KNR&OZ# z{s#7oI+-;YEhcs~$0Ad9LH_f{F@N4YRYT}G%%;_XBK9bQPrg<|m?;v}$?^=od>I=R z4>GHNIFnu+tT!YJJDyalQ0Yj7d?urfE2J~kqb5c!R)gI;tv*Onr28fotobqb)|`rs za_RBrKlcu7u*LG9^S4<-l1|}}ATya{DQB29sg^TiqjdtH-Xg8GV~UQ$qg!B#LIpF0 z8TpcTP`)FrX_B5}n7ozMiOV(Z$&Hw*HV#{=p%Tl_yU-6&wHAkIcEghO4~Wv6DubbR zomiB4VJJ!0wd59uNp^HCV!>$0h$$gK{n@s=T=sFi>{8r3-eVA(S z79bFHVu=8bRMEz+HvS*!rk2KFlb6I4sB-;7KB?$Tt*Z4!%n7({(-&c#8B9%IS4y>i z0tF~<4GN1)$q1R(_3w~++pW=*IjIP56VU%bLKD8Px;ZD{ve6pGouZxvw0}JRvEi{h(cg?~;0Bmj zH{0e{rzc`Xa*~1HBhg-7ZX2*o#HHxyk>zE=w)mzMypBUMCHBF3bW_uuB*%W4fNW$* zl+qpV-#3rW1=A)ygpO!ke`fk`cR9Uv5qPZK6;Mcn6Q+eZqNO$eMtY?5UN3|aiuB|4r;OEx=7A7VTELmd>^0S6Od!aDo)^VlaL zMaGJl1iEKUGg6x6&YPv$;7+Qj{NE%e`_I~BrBjN5Z-o0F-}s#1{jb;y5Q5&Pu5G-B zmOx8}8tm$`31ML(Q2uk4*d7ll4N3nQ2KbA)P_ToF;((M5}xnAA=o7hFks*!lZS&m-1nS z&^-9aTh{DB{<}&EB0d+}7V=8=jz{fY>9^D@b|MjrrH*7;(&56G6%Jl()aFXMh>Wj@ z^9sd?xKRp0nnLnH7baw%9d*pG*qWsVowtR&Ca-hdb7sG~1<}#c($@V6)c6qg!+89h+Yeo= z)-Bik1k&_L&Qs-)vXH?18|xCl8~2d8qb=N`c~TI@bBTzI#HzpVf#$x<1Ok~3f3(19 zs6-&8%g!WO8yB~N(9NH7y{ec2>0EO%^Vxotqz|0c<2J@yC+R2I!ATr^*uTZT&N)kF zA>*_4Hrq|&0t5#Q6^_W>w~6?EK=|>4YUd2W@n>%-9z8uHQm0YYdINZ6l4opYOETf` z=Z!sRn-^`1X}PYr%s4gqMP;*6XSx}Cj4|YzZ!(#S!B44#rBbqDip2{n*HD;?g`QG> zOzf3|SAG;9i%mu#8_p`$e$7rMeuK&Rjl)d6}CUYB*=8K-5t@};lK1|i(x=W!phzAKP_ApLU{Q&*YEW_(%#!p+KQPMh>u;#5`oZja)E3uaFts={c!qy`E|Y zoR=QZL4Qr+c`T~iu>OU9F4VA-!RDk^e6($r@7y()i?>OOFPkZz|4~-S^pCt++PqKJ(9K3cI~BIbV4VIp(zc?h8Mh zt9md60?dU~P?Njq)6UohNg%qsEci`tgpfA7`DpR((T_T7&9tqNbSI6^n}z(Zh*g1; z{D6r~By_nyKT-d?H}dg=vu}ZQAkuI!p{->HK8uk^BLE}H$r<%2lS6*@goLylwev3n zn64h#t)=a6^@vSo1)lQ?6p_3m$~iUvGh{@=zC9syXS2^FW}#g%B|(JN1n`Z_F(0t* zOG3WwZa^=yR{ho7_-PFn92U&9X|q6Ey3k+GqYwLm=+BnvoRtDdFDdc>wK2ndeTF92(qaS93u)jxGk_>mz9fESIc%k$dOV{aGitghzrhE=}Sr^mZp&bkvE z)vH%;11)vHnWr}Ic*O7ij;0=D=Pg}H69bqqfZr-AYi^Dk3ivDJg1Do1L1>4C>z)lO zpK9D;{n>q6z3whQ{H(R&6dEgb9%!4;u`V|o`TI_m=9e*zro!i1K2jcP6f~x0LgeHG zVGiWUbs4iqkf7S^TWUe+VNAI_b7GFcz=CcbbS9T2o|ezU1%%YQp$|uQp%wituvM_A zjl2)vCo$mN95oeng7eZ(F?QY#nHcPDN@X`6}kiq7&*rw3#1`dt~tf5QOMxaKBs_n zz+~M8qZ0CV7-FH*7@V?MDgPYiv%`Dl?ZiNO8=ZF^jt)Pa_Vx5}zWUA+7XfhL`vjo= zG_aJK(NJ?C<6d|qcmd}fC0(iekw2Ec0FYgXSAKykFN6Bdn1~_|-hQib!8m-8Psp#u z^~m)FU}Ia2&rBOgV+aJyY!3g0nk>)~L40gjaa6<5%jN7?qz%XT({4dhVFNsw z_-<%wLPzp%M>v8rtA2-_8dy&u6>iClx#y7}5}$jAZ%f_!sO?Xnu|>$WVDxec_sP^5 zuImBKPt5*X06+1I^5@RNZ{L@wRS%YOzizJ|mh3tp7fw8W6vgmDcfUbhRC*)V$NdCI zpHckwa0$mElf_kZ70QWgx$EP7yaz$n+qkeibPYQigPqvJN6X-F|h=;fxM z{W0*4x|p6?@XDS#5y_PD;^KKqY<&?p;{M*~Re^{;&0b31qX!)nas#tm=CprwR&zTDox&kH!^kz1)e5pAQDWs6$$-c;jW3ayputlw< zA#q)H*sZ%!U9;GlEl~v_S%*0U89&zGqX#S+iQdu9OEU49Y2)6%fG;LLp&n463h$iL z2m)F{d^{b^Z$6vuKm;r7X9to{I4%cImKqDp8H0VVsd$!Jq(Tb1=xvr+HYWYjiDg-XJ4ro>6Kd4PTi4%iYmigxz&X>9mqCdyHzub5&7OH~5`K@X~&UNki@cMy8l(6f1 z-)xrGy(Ya^J8$`%VG_mLzkKNYcVQ~gPoey|TEB3Rtr#H17aGK)?5rx{{jra@<>agRA8G4=s9fYHCJf{qh zVF!eokO@xz@9B=iv^n}MpXOX)uSAfu)~|fiDAuu|SP}3fCCdDty9RS0QUeDA1l9lU z?HeglFXw+#SS$U6b~dV>3Ci5tL|}$#OE-c>MtY+Dn%wCml?##@_WE6>Z?ix!&u`qw zlO$jJi=(x*@dnUGn0LP3=fe78c3<#4 z%aAY+5ll!~_O!wGib-{Wxy9Um?o{;L-LO=30+8#47E=66(tf+DeCXAck&(epSd|NM z?O;-PlMjMU82*Lctb{U}c!p|DI+sk_?FW!T$xa|B;{ygH&xAKf5EyHqU&3njJ?s`` zWg5f@yM*DBLx;lnT8goS!at5a^Ty6zF+rMvAqsttw-qGiSDZ8s=OGl#SbbDLz1T!6> z=gAS%T6B9FCG=8@Rw4%48qZ&@#;lq0t1|wGa!@B?e{NGPmo0Gjr-iA z{O39BF9jB3>BJ{d<9YEN z#F>KaR9K;c{TFtvD8DOu&VEPnAHJUmN@ejZ=oOxq*w25)Fq$n8nIh^P(%jFRJp@(}f57Gssj%&NLZ~QXJhA z#Fdqt9{#3RWI%7O103%9^j`jf(-e2m(hC8zmkVsy7BnaPA!wu|8ro*qx*dR*_%r@a z7Z4_F9)WMEolwZt;Dx8V68D_?&=Z^@>yWLuoSJ3f4ND{zx3NYs27PN--AG=9nB z=@B=7*q$!rdrtayu3YzdYSt#hQgDa81|E=T3njGP%15?nl!oW06$BgA2DlQ9OPc7X zp1sE7bGG!5R(nxyFj~cOtgEqRp}}?PvYfnoNx1xC1eZvT?FH06t>NA&S2t_iq|w)d znKWgX&If8n_T#~04mn@6sbPvm_-XWq+l#a@#K1q)AGw|fR6#%dhuWw`q0jI$cVG@K zTv6C3c}1Fhy@#d1R0&ImaF+zS)@@q-<<6JiXhIC2zdZ*NaN((PLK|OZ@s>(;T=4}^Ov~7%C<&Wx_%W1dWCc1rEfd9 z*F2rV-6Xsx4+0fULLefU<#ls9pBRK9hj0($IxxdJFv@#CMwfQb(NAEl^^I+*QA)>M z!YprM)FWFqWS$ySrd&XJ#n(ko>RT2XPQQqqk;vxvFCHD!NAv^lil`DP5UOgcIXO(p zZ^9xac5sr>8B@MgjaF4%>*d4P024yfh14Z@+1>;wAW`HtfS%~jZQKgi$CGHEg(8$J zNNx3$qg0WG(12yZIUk9D`LVWC20q5r_dj~bmM8_f@a2%_!q{sL@UNfB@$sK$kkd}J zc|jasys*!xHSiE-72>p7Ji}2L7hdx`TjXT_*eUFCGn-4!v|a;<5nAB|@4k^Tg~z&R zd-BaZ1Wd?PM0?N+Ih3HCHM3N#NhBmH@R2xqL4MYLS2R3KQCy2t;2RnbnMXgxL08a; zI-z>YiZv!G5sI%7&JE@EfVVE0oRh4frJ z=)eHgTqEc9P-dkz#V88mX5~vG?#fK*neL~q6DuQ;?XE8CLc(`XTiYu*J#DwYMCU+4 z#ZC)zyxnpeYx!9Bxyi6A+!dsyOJb*gu*zQ-2VJv+Fp&6uwrn~SAN$JLrr<{;^lvqr zXHrPLa??S3-_Ej3A7^>0+UQI(2+R|UTx5avAo@#=?re$R!u4;G*@!&A366BZ32lgf zo#WS`+BNp|sWOfBCJXc}*1jFZ`u{@|Kt$AG@)~@7Xx^C@#!fL1vZHi@CKNR-m^%G> zSOn5f$9BY2y~0lGUCU!T?ZR~kfokCKW_rtfb4FL&VA&D5QHf7%xzoVvy zTmDUsm-}uert4a2?#7GdJQQ9Y+1hyZ2#K4IXzhsEUEoTpzly@uuGgIxwkJ1veL3cg zEi+!jFzP_{Fl)Ssh_q2Lx_MlPM0z!Yv)RHR*mvstLgm-b@0(v5PYNh73a(=@j=Ock z@NIbrQJuwgG@zAT%~`t6{J9zXL>dxKNO9az6fIbw%0&Ea2-8RlCnJ{^cHfF2SJkF) zjdSYuU)Vh}*m)+q%e%X+)Vx9q6xIqfb27X~o;DXIQA1=$<6q%HXX<}H-Lvc?)kVc> zF!MQ+9V+eEHk9&AAVT1k!0g|BG;B2d@{;?x6AcaT=&BRnjR${gDi6#KIPq9(BLT{{ zze!lGiT!)INOYpcXkf(y)|?o9p-y}~CO(m<>DWKy^w)8$`zgI)`GYpOH`3{J7$oq! zmC2Dw=T8a}{Cr5`S9Dy@URDWs0kp-WleA@e|4?85kl*ik(ACB_Or)Mivp;ve$z?K6 zPdaN%K5;df6u3h9L)JZXt#ugCfwC0KjPZ*nJzRX%LGCcpiFLE@m(bxte_iM>*~dg7 z_Mm4lf*~vglr8@+ya|*~qr|u`GS#inI|&&Kj7k=$<|we+k@Zi%m=eI^O^X+>sJ^g3 z9}M_nKsRh9oj;v{!&(`-btSYF_r-}W8vjZA-Tdiv83(!{E7m{he|tDtoWo(!=$1+vw*~YR>uIEUyz_%% zf>FE`^I#@BJ9&%6Ei(6^b#96|ibVbHjC}|&Tm4@0kj%>vDbS4>f>MGXc7HL+^UWF$ zEDGZv*6nQ)Ji-xglBL+zrrpA{G6(-)l+$$BR~;mWksBw3hiRXG*^RG7w4QV{N!jJD zlU@@#jp?Dych-G=R03`O9J0{XO`*1_5XrZ6Pfa8hX>&@C3VPHixI~Jzwz=kYL?aP6 z0#}^<0%!!~1|$M=05z))sLlH;(h$;}=I$ZTmfUp=RALcUG|2hB)!U z&~vT+9Sx@m+{b=#y=w*s`oQa`GN-j`&&(6pPv4C)AK%;7oh*tPQb&zY(>)Yi|M}(C zh`L@rPK_|~itt3}z31tqMVPml=P4y4zL4t4<^(mms*rvtM(1{l56+ZT!lQgB;g#4L zy^z!Wi~{_W0DxU0V11hzXd7k$JSP9_{!*^o;L51VXy|-OfWC)y_jI+Sj_kKedixNK zzZ8fcePSS^ODJ(J+U8f95HsV!!JQ+SBbd(D@! z|3V4w9VPetyEeizwV1P%QHQp1xMHmB1vMFy2eMQ>Oq@5Uv`w~q2@6p!1EEl5yyF{! ze|eebN2z%t-=s&cIY5Zg_P5#7-LIZt|At`8yhFH>F?oqXEFy?`CH)Rze~A1k{W8Z` zkN-ww^`zmr1ADvs?H0lR#oAj(W%aFZzer0ybT?Ac-AJpHQc}{TAdPg_gCGdf^$=2u zgdimy5|V<1bf$-2jx{5!32?E-~EQ?kI*auC|2Pw9}34|HJ)2qBNZVnHu}d$L#L=?f`n8 z9;y=nb_df&(1Czk%D`VooANuFTeEp?YAv97_kQ6pB#_9;5cmzM!Yhr zxm9DQYjNzsC`BQV6Er$IzjSuI5kWZ!m1LCZ!6q{(rIF;R)s0y@Z9Siui|rH>6&ddw zjd0ob>3DOIMd zw3k%3fFe$`kE$$aT*tw4KC1{CS3h#ltcGv?54@Jqn{>)lWW5&?vp!MW0K z*Hs+Tp?;&l40K+QwF7Qvs z_PcV6oBVwAMJ1VAC{ty_ORejdJigRu66iiYn!@whsVh{Yh?{rngKWQ*10UVqxWyf* zXMjU+mD)nQ3U|c@kX&p>fSqYn{QXacl!0Qmz$2vlPC$a`Mq>Z0Xld zJgc?@CnnAA$G>_ee)D@Q`N9uv%5xDz9=;q$)XBhAq8dgqm*19X@u}_gzMjlY7S?HV zD%Rz+K8b^O#l^(TckM7LlOpL=Lld;i{=Qn#KU1(6AKQZGgBJT&TQj@@Mk0J9S@6T> z%DVcL#}1%PuJgCUHqwlp;~}}bkN<3vf86&clg@sc&F`xtPnr-D^{}4G41b^^sY1)- zq*$I73ns7Bo1V-niyq30aPVH=~K0}Ew^ZM*v!&tl&)p4saZ zz4`VQj$EsLo4PRLi5si5pn$aN`z0r6fldxG;Kcg+`g zwe8mlEJQ#kOu!TdIeuh-J8}Z#KB(S_78t;^$?_`bZ@+^8Kh@X}W!g{VE5D3!M=E0(4mawwhg?d;o+&g@s8$g2nVoHdEVQ$YR4<{dU z10K8IqRPnbuosbhIVqit0iGL{=yTm&{OMpdcy$pQaMfObxeSS4@`Lk0S*vueik@2u zs{sJ4A&l@Q2}l?XXr!_auQL)Dc<^z~7sI}*IECN}mq*0#hr;<{NM$X2xu3>)A|>mY z-^J!{g9)40?0osbEfoC6N_|wVy4mLwS>-AtMe8F$x^sA{?F=~iEWPT=cF6C2C`#0g z9`dL1PuZw9Q4Gx+*}pqKOiu9L|EcTwAM0+(&&Wx@*^`62#g$&TChXb45}s@sA8nn$ zb96HB9khOvvOeK9PPB$ZTb|f@_{!|roxoL(iox!H|Mv;A`}{R2%y(<-b2?Xz-S|L( zp+j9hu9{hcWh|{!8&GoXw^}=)mbFk^9MH#KjN~U9|Nj1(KPGnJA!IlHd|Dh)l6T0` zo=JUTwVf40pXtBB@Q#n!o{APyA;a z@tc@P+&f>4;%Q?=2y$Bz?L-|gY~1U3zCORo zW)kn;8-E2}osGJyY=;9N$CsZ&W`ctAcK|kh#2rx9*Np3X`APC)g23OK1jJK&ZwFHC zP1ernUSCR7Pt3B~MJ(>IjFY;(rwj<e^1&VXh750 z_Ot@@Cx3e@;M~dQj#+Af0(jKvVuzM$!)WE>22iqV~=AuZvfNpKg6I{-VTA-+@x{03R zNo+qEF^{tN0Yv?-Y2%TXKju&ilLfn-UP0`RSWQPofymf=B_3-^OWhP z?^+DXz*?T0m@`flxfD72+;KIY0=aZrf%fs{4{gRC+F>3|s$q_cuk0m0a9j}!d0s_t z`iaz6aQL1Y`u3=5guTAD36E+2#MwLXx~323(@8qT4Vj0;QiZnO_3zDV#eMk26H2~A z(stE&^OMa_Wogee<`))Pf$e$o>=p47YQ8T6IlMk(Sk&AHffaLrmbW&SyR#y!jY|{3^{9bRJn~s}?Up1{(zi zL#{ywX|f)m0yV2QV$%5cPPfn8o$b3m^PRZge`}|}>7=?o4u2Pi5M?-;dmr)WKB*bA zOwi#X^@w4*n8?)C?n3ht+S1v%AB|VfTzhPfP_T!`!tT=fSD=bb5MS-KIzG?7POIZS zh;xlAGom~1o{RHoXIzrxPBA8(zx1To?Nls{e-a|2G|X7AX;bl#@HHlfe>7c&xqWeT5 ze_FEwyrSTr8IvFDX8?fv~TV4DdX;jsmh%2#h}$xvv$wz z*zs_D2M%23%?RqQeE0G2DSnxt+v=)f{P{OcW^f_#Q4|5|Mua50gq3aYqb7kN%F1iq zT&Zy0{xX>(@qG%x6SDh#$s4HAp7%~$IV^}(T%H%lca%Kr>Ex`7vCDlh^sNzCgmM5} zlH|~Q{d#Lg{qc^;8)m-y4jg2Bc~pj*9>d?5_v!>Sl?olK6_4rFY+7CNe(idy@bYK&Kag zX96COEOjL;0<-#?`w7^m^;)xsz%9^N7D3srV1u-Ns_6k!|1rQQX%}Zm3$RBCKHf(z zFgkPRyN94~8~l+HYJoClMVlw~zN3VKXuN}dxt4W#N~jY=_R_ z5(rH_qW*i?~u^Gj;sA?aN4WrF?0G=rY-PtKa+6 zD;iLH2;1o|)%P&f6Fu1nj!n{t$SU%~8dJI(^yPif9kzKCPa`I4^o;^HDFD~xim6ZEK@WgF}2|(Na+GW!+r6+#859j`IvF69}D($OpAsr`{HB|5Z>yKm^xq#d8~w5$Of*V4$A z?56}qKz&DjalDo6ZfN%y^zPDv$GEK}tK^LzhkY&kgcY*nwl-xQu5&qngYAK!81Q8z ziJ{Xcxp}?c$GfqlUAqvbtygo~$LnZhJ!ju#$5pJ^5v}y4UwEp-nu1JIg|i~GPNpq? z^rs3B4MZpq@or`Uz4aAQ6JR%fiL2YG5?1o7{5Z;ZaawDhv3AE{#KKyy>DlqsPv@yG zjURUdHfpo{CaZzj`wh&i2=#~k!E(=Q1SS<9r}K1=cy-10l-~vT*^^DFT`yieGA|hA z(7YF!s(CWH*->))LA%!Li)Ma46}Y*3wr^Ms@_SWkH8{XB4cHMVJyI1RJwu7)MAG;- zx%Gc|3q;C-a)t(~(ZSDqA&$O)H4y?|f7|D~7|E*IjTwLc-yQCMb!`6=%X5D-nZb80 zQ1I2_Hv`LSP4MSsak0GW9}7S%Hh>A9X{(q%BIH(rOefOnxY z!j@b?iDAcH`S__63&;j)Jil08lA2dPQpJs;faPz1pC>@p45A}&m1*3y$;DhOAqU@f z0jTLe?*aaQN;o)MHBFHHXnnZdKPvE!>=O_U>>+_?-nD!77M3eHukzL=IaHkm!!wC9(7Lpzz_4#QS$+gi7mxHCfEWma zQ;*{-p9)D0ECvJG`(+I-5Te-*E+H8-)PZeYWw4(S`iU&yF#yNe|A8?7539rfJHh!M z-wd7V!RrnVEUQoehj%Hj(<2bqb3Z@%U`}7y9H2`0KzT6=gRsH0EzF#-X2+?-29vv+;^S--QBqjOc$8o zs9@y@Y!vnsqNH7&2d?1SzU_f`F)UTUW{j|MSqNYj$whbSq9#H3q65ORC$zFkE(Ju7 zy`mhn&>|D)_#rcM19F9aAAv=(YJ*UP^XU@NpNcNp%HpN2*74tf=z4Y7qHSCwrMF`)5AlY$vDnbSGDdnO- z%C{7=Ov{1~Bj0_U_)t*W(9q`Q!I48{eXcn`6acxeo;Q%D$505cPy@4~kg?t2p+@dab6iNf7!G{CE zW>J!VV+_3gPe-*hCL3V6=TMvA$Nz9g|9`v*_XGIaxdwoBKFt_FML&sz0DyD}KFn9X zOJFq_S`Iz|o7IQ4O$-@xz+?n}*$0Sx;o8TZm4;fD-mB-rE{zxfm?9Lq@4>eutJv*y zDKEZ~pyfiCr0VM=jJ)9Aqif`>=sJ<|7Gw{9So`Qq_wrF0X)5o725#W<1MVbgNA79B zZ(8bl7dzbS-rn#?J?jT+0AUkIg*y7lNp1`7+uYO@NJb@tGJJmEGbosKtO>~cz}d0{ zq1|^OXN^}T8*v6LZQB8Tf5A$JA7})@4l>FQG%~O9hAZp`4s&WyZoX zAYpncJSrDZy@Q-Tp(Hb*CCC28IhW7dHIS9rUFv8^zIxVzhCcjXk{6Vog~tdINC*vA zQ@9=E;GpA|h)CI=-vukdsxb!Zo3LO*TI6^0x^N6C820>xZ(9}+F>>t2ODn~+wr9T8 zL}CVGeEM9SrbfVCvr|1`j-4Lt6X_o1G+pZ~90p~JOuI0N-%R#NE~Z^+cYZ4U#w8BY z*VX!*h$98M^J2t%$J)UIO9iFDf(IM0GIeTo!XCG{;Q0BPT*lwmn>|Gon*odUrS1(b zlG+{r4j5)hK0q;A#>{>p85=vd!4rSgxvn`4h^>tt*hZD{`@XBY7qWs5Ha467U0nbf z8)AssTV@7$vs}m2w~y_s{7Tl|f8kzUq@n ze51ZVKblf6fYJ$F?i(^FEOe{^rv3yhT42XeLyC(eV*O2w0oRlEC2RsjO*Qw6I(qXS zQk@eFe74|Dc)$%a05}Z2OD|4i43$wuS`~#&>t;afML3p7DL9Az<@VMk(xLw!-?S!x z{jxlnN2GGMWgzTcU!^&(;C67spdULx&D_&#Bx>ie^G#0&n4U~J4NLYa1rBjU%zTwe=qy<+~E_}vlz9o zAfAFYB@x}QxnKGwa8gBxDlg%Xo@nmGm>faqY~Xr581%vaxCMKdygVdiQJDGq3+-9h z9?)C_^v}k(i@f;$7ZMD>3}s%jL^o$ZPZs4@^YD)%Q14 zyG#`lUtPrv)cj3>-)qNjhoG-ZSFWQMhVH*~?B2p)a?7CnzUr{={=wkp=b04vM~pLo z?+0ldbrKN!j*NsPkB&+UF=U3A5Cheioxr?gx;5bsNT+ZJ+0FnEq8T`X3qF;n{-XcL z&FHfu%v*TCv!vI1Q^5XB)}@;#&9S<-1togPO{d(@} z#+Jsjq5B;Gh9>`8fxej2##TV=7w@h66qgS^KaZl=(@$Ckj)1#74SRCl#lM-p1KHY6 zR~_KJpB?@{GYI%HIZ-UcDVjn(hwKn$>d+buB>+!=df_E%tQTE!58nYv<;>2*Fq0+L zW1uz>&mzQy`l4$Z^urbF|As~ezeUYfhq!N%AI^}fJ&dchVVk z@pXgKCuj#r1B4^Q)F`Mh|J&&TvG{RN)f-x*4V~$G+#9Nl^O{Y6?1_^MYzkfpsX}Rk^1r+on-G7nf;9>yv-e>-h zg~7B8ApYQ5>Y^yrNu2pT0qt)1z-ao&Q_vZFEs&)T$^@ps9{bak!54JkKuz_RMIS|? z|7-6MYEJ3T5E~(Ex_sXU68Eaz>sl&8VTqv83a$^?a~o7Q3!p^$d`|)N&pbVW&+?~A zo&0vcQETGYN^ckJK&1toy>NlMq!jInz8qsXb=J#9_rp72-IzLpp!W5L z+af?yFvI|;^0!w^Lp|%md0f1hvZ}Vu_ZWYIssUCCwAra-2WDX1`J||q8+8|EA3Em< z+J)7ef9Z2jHG-^uhIB$qOQ7YMK~X(weURUM1Pa?^(Yv9d=bQr1iDO)PJfZ;3yk!Oq z8r4H?AS9S-f>_p77sMi`6ViebboMWlP0)=Br`u@tCeyc!GeD#=DaTZKSAo=+R!$LA zkahRE5~PwHzIC6qqSB>GqG+~~+85jqZmWQ3`lZ&tJlZa%%Gy5rRMiWM5iovYx&YjX zzqTdLM}Bc#QbyF4JIT}NkFdGwco^3$v8ygY=~A!;o`}a_{ftTlZG$Apn?W(ACXB5N zPTPMMx9HhhWm+#wDD3pySq<$Q_;}-slp&Z_L%RwASYb2p5{x^sFepTUBlnHD(ho*z zko_sl6$%A_7=g6|m^ws32;qq9+a-|Vrv}Voy`ZxQegYTVEiCXmd@_Mu%l@(QvlMan zk2J9{zyf44quEt@e4QjPyT5ZJdLjc#wtLn+` z1xIR2rx1ut4(yemm#A40zAoz^Qk3g(@~ZcKSxSD7yVC%4G^_qoJ;kk>!rL12*-T5W z$_T8s+}41mb`=FQSUaeZU{FOJ4y92w-V1<*1D#K(q;~O5wW`e|k-8`Y4vqL|Qd!+9 zB@y!}B7A5X+!ZshrGK%aq=&Jsj~2hbb^y5$!cq7zsP_GAT}0&9Z|u2%mOcmc$9CX4 za6An3lm?y_kl5}}KDV%FJCrS3jZ3Bsg^B&qQoUV~gMTN0>Mx)9APm)^@)TQ4Pmsqo zVt5d8W2&bLXUx>2_#_6J)duFT!P()r7bJQZDxCp)0Srvvu>H||d-F~IS*C;s9>g8e zRDykg#S?Fgm>Q7s)|st9M{MKxR6+=(dR{|x&Nh%plb+}S(ul&08@(s@Hzt0-J_44! zY0Nnc#uW=bCO_*WY~OhAnJifDF|Z`LzX7b%7x=%ub!jGjw#9v<^x9zEaA(bsCypx8 z@8_{TW4;6obzgf}e7xogv*SD@?LuGbM=YmJ3l4xr3j*f)$1*`mjc_N82#q!5 z#-d76m=mDiX$i*Ww#~zu2RQQAVi;f&+4%Ch8bj8J^UDRzK4StWKs(G zs58{(pikB&bvkV^HD>52MfJJ^6Pc5Xk<$u~*rsmCI}o|eBwD67ujfYfNrZo+ zG=~#}v<3yO60xdRd9{s+={dISF)PG5Cx@mmaU=0^k79ffaJ#!tEJutWy=NWW)gf*G zGLPE81*aLO(@l18MqZvM^IngXlRq&L_S~C4iihP+RFU(^TgC^;!B9Lf67X>$?#+F% z!YK-DDbt;t=^t6XJy`C2uOa>7_*qA}wx;IC3_;VDz$z?3DX{Qg0(cT)GyhZi1B?e4 zPn4s!VSzsT?t!DsEH>)-7j(5i~y}DV5psV&b>jP_H zKb941Xm=#UeN=+XC&=SP^A2Al*G9%P^>}--Qui5*A+!iQkbn!Rw|Owvc4`>~~zx=bCO@c>`x)dBER64$C ztK`9Q^I_0iYVkx^J`GINDRG){9}j~%z1bD1z z90o!Z1rv=Eq`V5>!@Rq=micPZ2J(kKMTWM(x8$a&;gKL*Z!S0i!c?jUHYO_aym}P1 z;U>HwvuJNH;AVtVEheJ!QE-MO)&wZ;X`w(YDvf%`@#YNYD+kC)I9N*szz8NfQoDJe zO5mVi;Nbu-31mnqs5@pk`vCRr9H>rVi#=qd@0iuQr>Q&8z0_t{vLtC+Jlrp z8XBB(*uXl~%KiepDPf?5tpBca3M{METF5!{+(4x$<0>m}!(!2Mf{cXonnM?jqoebYVY2QEv(<7J1OND)wU0p&6(=o%XgWgV*en3AGv|G zcJc~{WF||<8CzoDVB4>W5?TVq7$Q*V!_B`7z;b{7#Ru<`@hgkbYlc0@1g{w=1OL;v zeBQbJl?OOo()k+mKYY-Bv=QeKWy7QhIpN3=lc1Gc4hHgsgGEK6QCMccJD1}IfhF(> zD5MsGr<9X%?z!*q5Odf?>@16v+1d>&ABFun#k!~gW~#Z; znvTKc9>2=kgyzo_;|uWE7=q|cpiQ0wFF~RTSXvngM~DIdoZtI`O+)yLzBL2@sGWj^ zF>Q%ITZ%p9h~W~vxor~_7VRC8L~4>o%$RUw1)sK05vPB0pUKcz=nuj}z@y%NkvObR zM()fDinFa5jpj<=SdxmS5-BaPDC=T2{m=$YOghBoEDu!kqw<@Fna2utN_nb=keT@M zK?i@KJS0){r-fJEVMWZquQKeFz#!*_c|3b|9eLWH%9zf9!O;PWhLur(7D^2{M%f zz#DS(`>LD88ji6Is25?Y2IkzAeIaKNg?XZZNS*NGRkL-NBqwi+_ct)|svW#k7Ni6g z5)^Gm09TmWg%M_`h)Z+6i9>=jy`>DTn*z?WzetYmxGV;ZWn1{y2*oZoq>gyL0vsK= za#2LALAEr(CxRRwP)hun(94qYJ}M``US{ahB$s;n0_<9LSYIMj4TWfxiOxdZ_)u<3 ze89m?b)wuCY54Gh!`$J5mF4o%nSe@~oj__1kDCpX2;r~i52a|j&#$4@;GL_Yl?Y~M z;l?f3;H@#<(Jh#ZpxXt@Kut052r0t#wSt^LXNLvSxISh7ilR7n1k&uBe3@}$i5UYK zTzTk8mFs2$R+#tKiwq@~&tYQ}V_iV-%gjorF)-h1m+?6a(>2OY{CZFH-G{8FRq7mV z{D)(Gz$9WYj^5JBNaMEetdxHNoX(V>KBt;O*B+>hB?IMF^Bl(xO?~V(;3tG*2L-QE z`oX{haaGqoqQOmaC|iwoQc6e|*m?yxWDx2{bl-yEAILJ+!t&d&0UN{Dw|Y0sWb> zn?Q~;s`5KPU&{vnsp1F2@eYJ=86K!`pQ6j(= z@H0fa4iT>4sL;=|;8?Lu+83b=u?>lORkR#(eGLc-eEdE7=b#clX`#0bY=LC$)u1NR zD(xola8*ZpGS8SFz8mp|!^-JsU)=3RHWov;rK^d&%}+A;_zku|i|j`F z8anG!#@2}@Dxhv0EZ~w?eLOJaRHr?&%nOmQLmhAjOilXP9dk4z5l)cRd*aiPtb`M@ zD?MU+FaI9NZ=g{yW_E<7%`I)c>LhtqWwkRRbrv51*Ep!DB4*O_oIty!8SkwC3YUOk z6VU7I>jA$IiYqcbwEChoU(vfaf&I0goASnN<2RbYL)vv|lm=#)j~ux;rkFafvp>55 z83}{+j%FI5FVx=tnje5wC{2&tH%;Al^7`Q35q(V)Ok&}ML`vAT(0a!|q_a(onv;n$ z7$|9zN!NGQJV1P4>AeIXi>s;0h;XvSbou*p8Lca%|t3iV2K zWdRBI-Bh!%JzaW^FUt4j3Uc0^v#ZCi?cIIZw3~RZBI_G{7b>}_Qkjs?jFu`Zr1@vO z1*(Y~a)Q0N=(N)AA`0>oxeRW0gAp?w?4Fwu1e2!y79MZz$_+Gnu zzj=m^9L98S21;hz)I0}xeKv5?)>=n%bmcZhSk!iFw&G$2Df`IT+E&f~E)w_#3hB?> zpF#f8m}rY*(VRJE;F{3b-JLteHlg$k z3RNGxv1#yy#&8mUb1TdTsZI-^JNb>W-&yP-SMLaMAmz3e#2j)DiJ0?i8Ak3w!Bcpb zn>*d*iM;k4bY}h-Qw&CWnl@^(?=UXEGl9SS5=${$VvDPYL~)_0!a5_4WJj3Oi*Ei% zkiEWgUbTfv!>A9bqQHdGYhZ{kTPPv?t|NWUaNr@*7@e-jc#5wWy!QiRM;}Jox3KWU zu&>JqJ~$pJ+01-?SE`)CMnZjM0r2XuUn=N44>Qb|t_1YCjjx{7`6HD6vj>e>U; z_%_*3%(^&Z@F<2KdU1OCNBhX3qai3Lh#JXl>K}$|8@&to5`OD2;riF~O?vKnntHl= z#ez?GNfUf>e;_xnG~n^v=}6vk=_Yc*XNID;`d`<7dq+ll64PKt<1{m?6BcxRV=mh# zigCS*(q4~>uvKnO*FjW3J0P{ao2X$hbkHUj59%dzbH&{N;f^jA4 z@>ol@j1n-s1bSk+*wau|jcV=Q5lUr84~|d8w+EO{N1gAO!`bQspAe|ydlp=UlZqK| z%zPF~JfS8#%fx4Te6hVIDP5FlcciOzV%AMGB`VW(>MeXLwYEQu+j1VChgW1@IPkWf z$3U;n#!(+t2Jdu9zPxr88W*%$9Fb=u<^FtHVl8htNDnJ3cGS?zkH&M?|3qF-iYJs! zm}Eb7<8x{h=NGtCi5pLLSbXbD3rfs!Yr8U<7|D`kG_bOr&t``7+J9H@u0f9JY9H7q zhrPA^GNTyv*yFpNX0b-{-Fk1{T8S4@47}3Q7(p$a!b=JS_y#;19CGb>dv=Fv=R@XN2it2^vYp#613+`ya4fs!tH8s|)(t&p>SPD%KoVvDKH$3)R*mG# zz6HHB`wX`8b{JE*)o|`+uBrt(R~iJ$&q#dEue!l{Y7h1p+kO-}>i#vl>+Xl|wv`n{ z&`YrC%GK;>W+?+>YO21}eQgbN+D&?Z5b}>r5tBBCF|=?f?3K?p+#_BmU0A{)AVqH< z`G|=*-VC~sX?Xd*N{hNwzS{*gL&(MgIe{-zjfxSzwip~67*l5)C+=w){LOV3&d`5BJ01Ok*^`U4@w*w@4S>49J)i z;KP=xXLRz@GnuU$R~#xd3c=>0XQbwd3<%eBOu1rKENRTUugkvU9BAQwGJ6)K7_`Rq6-4RcKB;GnX1`uBn@jqnW=Lj>2& z4_vzhX?$g#eJ}OiH%1?a-_Vf;KjIl?kFNe^Klw8Q&MN_7D&I|?`%c`oCN&p(3nq1P zOE|WBJ{z{j=1L5w`vJyuzhF2-y@`Dq8V2VEjP8DntcJRWom32g-xJJrkH$|UHLzcm z8jH7dg^fjs7%xYC#D1*&iKtQ_H^uMF4|8P66*^IfZ8Up)<>&KxX~1E0m;scW{Ct0+ zH!SzTaT;W9y!>|<&p!uxa8f_ax;c8%wRFFK6=$rV^DU{G_x^}^4~*7edHu8cCmR=q zK$x89Ulul6;{!V#LEfj(*k?ygk8!fB9}+CC-VvK__T|qmg~>hmtN3#A1c&nu#PdaX zMw|9AdEPRL*T-Y>w>@~7i^u1g;pe)4dM~sHL_UF2!38+^vKzRm-8b;({|w= z1&KN=q1{TOoI*&L|M$eF|KJ7wx%_`nr2l~ppaZnBPTM706BYn-;w6M~ZcdLu*qd9nU8mBprx%zUtM|jeBDC z?G&36Ra}XJYW1baX*ML0;)DoV29g>WEr`!LJhj8XLmziABx7;dZQ!H zGwKmrSM$XVd1^BtZ?J?+5`Kn942%;X$9OF&9n9}J3DgI&KYa_+R!G>-&S*zLF##=8 z(y#0rcapCOlozcQ(UM*%$S+D~0YKNMoK-E&63SDiN)L|kX1ckzwnQuGOYQUuPS%x2 z#CMp10mCh&kbK9}#h}a9wK)BtgS|A?;#?dx zW(+;_8>MX(Y5wKtKikT*@8*`7_Cy%zdWa6XBXalo8DnkwQl2iMjWe0-*R;6TD)*Te zrDK?!z;%Hc%*D@>l~&X#+r7m4`A@}KoEWbOZf@B;nfD3ZLs-HfH z+=0dijD~72wK7N}-K|(MJC3-+@PYS`{vxEMT>)lR6XWSg@j)7NbA3c3&-zhzNU_^m zLwZ|0$fkgz83qQXhC#=Gr1!O3DE7GO3U4f&{14tG)(M-`L zCc{n@rJbaV?(@I~f{Nlr^dcK@6jlH!h>OG(WVAWXkM=b`C`I@lT)#kZ5~lZwmRebx z^#7x;;h%R~$AB-7O!AC3<@*B-cX4BH$0Oehso_aMy7;aW2BpcpIAlB;n~nKYTqRPSn!D#3%A?FZ44RYKWC4CdIf)FWsb}kOdnc*7pF?`T?T0GFsNBR$ zx2B`dV2S^-U!3;Y*s~xnFD#Q6ARnDr>-_-Y)yp48)P;p&jSU-#I~FH_w7V^O8enP6 z%dp_5Y>6Nrmd|wkX_zs0$Xmga$xncKVkL^(W#fq>?;N}hc{ObCPbx~(8#@ifpG;>N;d)*K@Ce8(zFS)=gTw!R5t@g&2v1bopUKy3-tut zp&1su=D`Ey(?n}lkL&iX#dvZ%-M`Suw}{I8=<}h4kNx$gQiPGQ^-13hVA!JIQ}Au+&^WGE2z-ep?T#E0ZF#gha7_bUCg$iN<>+h`mzHp4_{iv3Zp05|Y zC4fcwS zDbyW(eENe<%>G+zd&hx^^Ic0d)IVgj^mo@#2iDH~QxUJJ$9EG^Rj+-g1r8>fedg5vjGctqwWUbBX1#xy( zgx`6>!r5q~Gp=tneXVL8-lj>>+LCy2ms#p{QC^O8{}!-C_XBzX*rK0tYJu5J+$2Bs zB;C~J-=jR0mrN;KA!wCPu_dnEYs3EhwI3}G%YqEH`Dg;sYhkcdG*qaWb-~23OH)=T zHwx>9CLr#^B(v4wOSOlxrEkTl$DChbl3y+gzMErA(u)%$b(-n%=4AkLIMZ}~52_l} zHXu{V9`xEdZQV7hwWa8InRhT=!{lb{-0$dTV$fe?`kgQ@pKAlZkA{^|_bMFg#mT8( z17nt5oA`1{iAC=@h!JtgWFL?99R3=_&Xw$s50WB*zV9W7B#7S8*~$LiXmc6BlpxVE zACTB-@wN9?E}ZVXT-S6ed+@E&T;`Hde3t1Qk)9<(ZFi}qOUo~GP&ub5@!C5nxp z-~9XeMfbXA*N6u^-2A#e^yb0P=0k>DxvUFzj;jsS-Zh#`0g8G#Dbg7saR0cY-uO~t z24cMT61Q?OLXH1pTy(~{T-)M4R>;EfAS20}fxWT|0xqGeZ4{SD3W zt1EO{(fOdo)}_Og>lcFA^MvP-m)TYcl1MudSqCj&hj{Ny6Ghf5Rv$h&v&Cp8n>Ve7*dWV0d)@|oM$X9&0td-^WLVF*tKO@4Wg$=DV(W-Px@h$t-nUv05 zBazegMpw>*pn=W?K~XxdO!mO#w;q=Zjt{@01{m@La8|~)&qey?dIyIyZ91P{@@wc| zm_L@{^6J`!neC9VMO^(6mA-W0f(wtUKIil5Z+t@Qi7uLS%f+u~(DxT;qL2>>q+QqU z)0$JLLEkl(UC5(!pe4s4 z&sueS)(jx3?BlDo;S?=RJckAgVu>)J@N*d+;L1ALVck(xClI0~jZu!`#3eH#!o4pT z`fe`p3BAj*RO9+&xXwBg6HLLe!|ZV$&T+it_B7Gn5ECqQOql21L7;_;MxdyZqx4aa zGNqF}YRIMB8SHT=%31n53{3U_N7I0l1;-YDOqM(9XW!0kBUKxA61NJdUAT;^uh3Gq zef!}k1Fcah*IqAzJ(yVr;SQZ*6z0h<{0>DP==E5HlCj~33NClb>YFV`#(p<-L-#x< znf%uac=LeRbXMEg>1ttBc2zc;cMqw28^4~+yT%A6T4T$mKun1B!I0VEyj%vK5g+5M zJ@Q_c5Ph2Db`R~&Rg&HOwB*@Mw(LRejT6e4!hxjZgc03%4@%2ahO5(HkL$UA3tynz zpkF!NX}B%pwo%0G*xa;UG3K*_g{9wDXf1p_%Cl$O9Mfc{%2{7xT=%E~<~>{KH;vNi zlDAHz-IvL{`u&1#)y@)>$&t2@%O8v4wRN9+#+B1~tpslc7#<{TwQeqUei!nlxa0pr zsQzBpT)gDM*)oq+i%E=eK`lbHVIO|zjM)AmUOFk`alN8E>)K3>5vMjwH;%=?z7jn;NQ)&liG|j-nZXlc#||uG#(1JEjdf@DsMR=72$Uj>kzAvf1j8rXzstT)&-5<674y7^mjrbl_YS){qJm) z|AhYk_wXxpJo0_A@MIqZFg`3RMz;w&4$}DKyZ>;q6P+gqw_->RJ0DEReW>#n#{6|< zUJVk_^4C6!fkCqUj%2jrcbe)S5a(yIYd`jk+uiPsKx&48z`)Im4Xs~ITab|=mGUAOz4)Ar+f596315zPlB zJ=ms}VX#Dqy79FpbR_f`J8SLwu^Mo5h@c$&So=U}+KD=)swBQua!=YDun~pH!JXwD z6pV5~RF>5YSfGPZ`N|Q>-OZl>+jUyG_b;zChbbnTLT;GN!oh+9S_{XozSC=Zw<+wp=wrfCNNHmY%ysYB9 zQ+_nUgLQ+SV*jD{qt0C^(;zO;2LQd78)$~uD%o?lrxHBK6_71aT;c9hv}tu$>8lxe z(66|)hsLjU! z?@@PB4^^zf3i2-Emz*{SsE`g*^&byNof=)19Kvi<=>tJ_vyON15$I7wrkAv<$X!#$ z#e^1F=347y0dmiP?*DY)`Gjho^f>J4u5Oq=(Z{w~j{()PK7{eoK`i+!F-R=P6hb^Z zjUth&LIP;(cYZLY`*@+I*~;3}_a#Tetr`dQwW$vIfs2mk>6W(X)~ttam|wUK_SofI zL0jH#e%q8u*xq!scCD`}hg$ANG7_F}a30_?dhtai>jwd7SR`9S6nE1glbvrJj zX*R{6vyfZ(G1m2j=-0^YtPTl!a{^ZSj1gA>e&c&Aj9IP5of;YWTHc*z56M%J<`3Jx zT{0P17}NbHAIrCfKJGb7?!MoB)_GZk<)KYw(8ldNrDLIGc66!OFU_C;0B!8APmX+>yea#|iISf?ASlFVg#@n7 zlred_=H6cNk_gwabLqtvw!Mhe9Xy3H9jFaStiQ|0dW(?UJfsRP^NZteo!a}pNur^y z5=JJoB2r8lg}t?(ivO_KY0;DG~E2ER1gs94yp`%9v{QhT?5S`XN%Y z`0wv57HSRWs)UI&mte&z+HHrErRavG8<$9v>XLDK|0>b={RyEGmNT52cI2GVl!m31 z3!B-K`^u)PS}fKP2WF<36WO2M>cCmwL3fG zT4ob=#ZEqw1;Bg&Py6LfiIf!^eE6hl&)S;rjWOK(To#2kbSIiI)U?fSn7?5SSO1w@ z0`}8NgIMq|awPvh`E{W8?CRZuJdTXjRXJ!?-C(!>xS4Q}W|=CP)2En<-T_>|kxHTLda zD+b+!U}CSoMC}}DCo37B>tOSabS6C)try385WxzDrALrs^*j)DU$|rYC9yMU*}Zo9 z#j&}tRWETm@S>En+*pEO3r-ipra#5c#K58V<)Ss@xGFf?IAv4r+1($=lo&tj=t}k{ z^xg0PF{`T}J;GE1Uru?HWv^QWV5|r=#hqGuQH2H3^oKgmYV&C^iZ8Mt)L)YM4irldcat|um(crbos7Q~{ zi5Uchf7>!eWuekah88QEv^mNUBnpF|M8gyEbmARmRLa&iSJ@9kS`(3Gz~0~(4(7^A z{&fI_!*jdw2gm!cZjCxifV<)(Ue*+#NSskRkJlf}RsVkZX;QM)42-U`K12;-7{W2b zhN9&ex?O2q8_3>$H3Q%rQh@Z*rQ1va zh)44T_q0r5$U_Xs|-ztD$Iw|?wpe#WFEWp+v3CYp&=hczv;!>M`ZB6scBuQ38AKIc zg{Ly=vDI~TFjLbwwptdPNe;h>|G0}59oWe2+fo77xSKIG_i=k|@9q!hyS>;wuX6X7 zIjoIqQm?2k#cQ(4+dzhP0P7q&Jo~nhCZ@}gjqHX>n&v!{jxMFJ?|i=*xMb3b^o$X@ z&k{I?dBHDK*kXOgNA#I0GL_9|lTZL3m5T#q*Xjw*U&Z^WzDj2Upes3kSIXMCR$nI? z*z|5cA4&l6&HjJWa9REhg8v6P^dAB^^!5S@A5{@BoClCg{~qup{ck2E{KvQbqpkf@ z1wLlA1|ji}23NwrNjN;-6F^`CA28U$%E zkP;Y>0qK&GmQqSWT2x9=QY2KQL+O$hq@|?0-gR)E*Sp=@wY~TI?b#kajS@3+%(3rl z?Q5<7@1F@Xs7Yk*Z1VO;b4@iR9Wc^mz4~{Ygk`R^IYFSyv2co_FnxD^LQ=gmtk_mV zAxP<93O;I$wx0+0qYwp4=HJ-Qx%*MMaZj0~n@_OGuL3Vw(6|`H51G?`Co@=UX-CJ% z(Pa_kKnyvjW`>wN1&eJh7y{$ zUW@%bNRo81BBx@HlbqY79LNTD)=?O7I|~wfA*q!ltB+4l(Hs}_s6ZSh{jA7`{Ju*_ zvxdSnaqHAmt_c}Ys4pNT>|nYvA2dbC^Cd%Meklpc7tf{`4*sM?oJEX;atO|g9H(#% z?jx)f<)|dAmXqhI)*Jm%46W^APe7Iz-%ycmk3w)$Q&lFWi20-Nq(0307PyhQ7l0(V zFQy$&!i|hqbCpYz2>5RRH2o~hI)BWOYZh09L>nL|ke4|lIpg$uf(=S&oWyxFVy}yy z6`tb_!8=ah1d+JzV=vu&O{Lz}h$#Z>;idIV(A4;?&wN+6SER{UB!_x@NBCZbhz-LIX5+cw zLqQe#ycFV#<;ob6x<^ttL4&CfRK6MDhhqLFz~btv!wAXWi67C{+sKsp#qCMA@y%_R zN&B_(7s5fY>5@m~PP1XZLVCzP(hSYv{W@x+7Cqh4`sRXk?n7(P9Zs&#WBnG9 zyPkNSP}dJT9xmlt5}peocU-4G+;N?2x)Z;#kgaGk+ncqt`YOwAk>TguaPY2#P>#FT zUeM33(Y&?+Lu!~h=e^zh8Wgu18|7@%#CX97}B=2qW40bFvS_-3w@ag7X@R59D8XNLNxwD~RPc zd+yB{9)5INiJ!@On?fH8Ai1wzC9S35h$BmOIY^YQA;bC3-}bB#(-tb~`eBDxp_RwH z+Lq5={lmID$aVvSGkt}i z=K@nAS&*Yv%Q|~!nRX8hG&K?T*z5ldDN}V=cl_zy%Vd*v+LJrInx*3gi|A*bHM&=) zlZNilTp-mbH>BC17oJ-@bm;y=O4N)RIjFzIBfcwhH-6c3NZ{bH#OcBC60HCkzKm)g z+Csf2sbI12lfSN+B^icd#GB!8Dohs4@NJiZY-#zqHkVJSRq1G;Fqt@7ywbq#Vzc(` z2#Jk&9k)tX6$KJjXB(Mhz!?djR5-bXbu)?{zg7?nHy?8$;ct*_2rfU+e(?l-EJegM zI9zNhzCG(U_wM|YioHobA+1`NCbj8B1)n41+XZWc%;NAMmV%X$FYy9AC$50}t1y?* z|MVrYGr?>|SMbs)M#otkzOxn2Zw8mC>^0?VnNqI``ov#gJ&0`}R;rR{pB>&(%B+Et)Uk$(*VHsKd=w z{oFm=QRG2|rV1U@T<}<)+2%O+IfqE4HW7x_VGXzjd+xEXYaM*9E~E7*{z_AQ5KL)% z|4_Wvp|W%3D&1@dIZHN)JSn;0R2J=csexH+Hg}Etd3#cAhUA9Pc*c>uCku$kJnX`W z=?UDpc(CB=JTXZRy=6A8mvHY~Q^R8K$+)Ym6~ftQ<{KkZ`DDFS%P%J$u~vHxKk)Kn z2@&TctLn86d%pLWmDNj%B-?gea!(+9WE-t3E&A*I`kcchfteQn-AekCD+E}FOLSX$ zK87qNxb16&WUqD)M3x?>Gj5G=CzwsJ?~2_Xf3^2(i+O81!WB>>K95G~RJJcOu`NWn zCK%owNm;INz4j`Tv@F5?AZ^P`{i?(k1O&qlk*DSI%G+=CUz2GUkMR6_ zRd$Gzd$5~xtLEZJK^;UW$S@Qdl&^a6OvaTtTFYVLB?lK@%xbKQvE8U1VLN&}tn?L) zOlH5h9TiU_0_>e64!p7ufQN<Uj<`kT z{P`(m>ko_fm0xn;uPc|%RM~3f&Oml8Kz6o2{HH!pb5L(Xw<5=JHAUpS1K>kv%43E# zF_OwnUo!Wjr5XwJ;n?Igg=fDw%J}@^6%z-gE#;c~YE$-!0xt^VN25_8C|Wtul-i$U zYU}+Qymxu-VQcm&!sVVWMX;-sk>AEska-M^2J#FpCSLo89rT)YBFgUS1?(kpHvF1U zs`U6fN){8>eQTw=XD2VLSTBjLpO>_D+ zT%BdZj0kL6w;sWixUn^NMP=+g68Key@x|1u+cWDm89)R&pJ8RJ@PVA>ZMO({e^3vb zYzv!lHs2$*Soqig-xL}2!?ZTk&PUrM#>AL2pV^+B+DK)qI|eSR=`%WSE5gvLM5j*& z`1)|p%e|xSvPelhN(>|&u|GhL{p9|VQ_LW~CpMEf1d+$?u&Wpwh zX6m!-;<@Z(i~$65s&HLqJJN#gGsyTAP?Lyo!^K_pTL9GFeU0LU7~D#79La6j^Z3C$ zgwu56>C&DPW=-&6XF5IBaXGcT`J}3GPibw_lRX4{b^R$ZbG_AWEW)gEJO4%erSUKN z)ivM|1b|b5wro2I;maWdgiCd6ETZj^>zJA%%Z0!I^3TaT{DH$54f?B2?`pFto{DD% z?SL1WMJyfP^H}GXa9`-3;UjMR3#0ux&9{WA-B;pgDKniWzi;dU{izVIDriDQ@h$hx ztgL>kvBKEN>ghHZvKLI^?4SfB6x~x=Y|g^OrN}u?6gEsdW-#^^GqR4dhU&62-a60} zIw%1_D)FBsg)Fle3t(%(l0ueQ6PpA;D71*>QeXd^)D2YLx0*{juW2hYlGVJfHsh6% z@r*8vYfnw$@ZzWb4G5c?vpJX2!h^I#a$oJdvf8B<5Q>YBy!R>GY-6mAQ>e&9g&yVM z1(ckkVxdRy89)ESQqSUlg+^2}o!GlAMM6#A-1mV8r>7MnYW#y_4^zj} zZ0Xb)E@nI3m?(APlqQ_HABM4KY^^IT1x4@y21Lzi>g-RGR6t(jM3|B@22!s3u;|i z#UvZzB|X2itkzFP9D%g0Fl#Vv@cEELcW1|6)(1QY`I}d1eH@|;eZ`K zp8EP`@D@j^&o)EIh@+}|u1UwT;*@?FuNaxPM=gr)y{en^#RrTmA2{7w0y1MS;LDbO zxG+=3{vcaP&`^NUpOZ}!r_L{)s4rJ7Q24GG>(+l$_`9RN6#H|lY1{GXOL*jMdT3@2 zyG=7S2{bZKhUXpM2`wNSYn7a!(xRQtNRI9eZAu@q7jHao8gE0l7rU3*To~r2aLkUG zFl@Y##WcR+jGKCYM)FF@#8%Ax10oXbmA)U3FK{R|uiOy7vsaa{Q)aump0LXuH@B0+ zXO_De<2FBWQ2wh#h|4}%-&`Hrq?)kVQZ}tPRZcpoalhh{mc{Lgx|;5F{K6%F(- zu783fkp2FbmE6r!7wUCsDE`*LMcR-1>K995&h&e|?Y2ubu|vRt|1tRaPXPb_FKPUD zZQ{S8|9^fNM92iSr}ElFFG23`k30`pV~j`>MFmcKuA-nO>(T>i#3#^7sU2zj!^Ky= z_jl5nB}e{;NETQZdVv=(LE2i_YXH;jd^|}Ir1gG?L%s|2vN$YzI?b!t{@T#C77sD6 z2RzyBUzM{?+@9WjA3}p`At}zjqw|!ty$)o5HO7H*LYMQcjGZfw6Q^%BzNBJS4*-AC zi+7E#I{DXTM**n}1+9aj_6(IcUD&pzklB-TPDC818}lS8@Z={)u&hIU(Cwa&r2u{-$_krGpn%OpaX*P zWsk|`e23VDoQrp(;^E00ad3z|g8)=|77`u;cN7OA44smq*zVNY?2G0L#>KTi1?1rE zRNn%$T2R5;>f(;^jpUsf}3 z)mqJVXW>BVKZ=wx5Zfwk$n$`;>OuJh4$7;Lt1I^*GVqIUlPQT%XmW5v``un*JAweM z%p?pfl>mRHIyZ8Y*Wg!LK=E%HftpXYw@0U?WVI*WCqUDHO8_4pMAFHO;NE+{WSe_zmBB-|fSH zZ^kUA-4Wd{xD&q_W$^)(>ncn$u+ikz+!Mufy*a<0{7T>f&VHHP#Iwk<_ljzga7%0( z$VuCwOn{tYF?PQz+hH*DsSZ1$xxS>J%YVABQvx4I)3s_n=8+_7n)1jB*d|3Z#j434 z!`zE9y5@8(-=|*{m~8}Q_&UaIhY5(p1#}KCL{VKeNL6kp zN*q0miofd&32PCA*$?x8f1CfYdArBqEztB1oGM)n0sRK3*R1`0MC`j)JC9TrG>@%C zy1~uXWf}0#61m^Z3?5_%b2%eU7C|;wgFrs+h(&ZHYEP>`v05MH{-7R zZ+fyZHC8|%7zJ##3g6x6gj4;oiedCLzy@8hgPunaOw4uX#7)QY%vB=xLO-c z976gtx%90Y1J_?D2d7|7OB5@o)(1-njf4}7%}^=k!T0BgHYmf(mJk#WV&k{Kmqd2;-w}&0;2Xkbx}$X9HP) zka0rmXOBD=mQOw;G(kxDwpGG;zVE0;_MI)L4;z5oX;)w0G6#mq8xX8(A#9q?$JE3; zSy4g{?&;eH6#W(I<_`*^x!pw%#>#B|;B5+bUK9=pesFVJ{9k?C)44TrctGm~q%Vx) zRP$Qm*b0yeb#LAaS{3g7oV2PBFIZlMh~ZLZBeof?Y^z!jA|;Pyi<$t6;zv*AI?x(Y z4HR25fGzP4jMv`Q+Q3-#cJAk?L_ll>F}uU~nGZpyO5G&nuf-hjj_+KB5Akj|ZUZbO z0{|$`u{Pf?01|XYs7HC-uuZ4~wc^dUxLD@?US)K{PUCTh$P}i4f8ANS7*|Z_3<{&!V!8RK}dHaya?KW0i3bg=T#H< z>rgQTCJlj5QxrsO;NC!|0taoAvv610<>*#G`Bc~nmJSYq4367{LD4u@DC8>0!;^k~ zFR(@wb7e*>s6wy(os7-*!p$IgT(d)L`2cIfmJL%NvGL1nA4NK=hiry{!Bd}xIR z0iv-h91@Sgo}DCqDS)Kp1NAQu+C8~b0{~DsHJBpUT-pmter@Jt;29RH!+rUV`kyPM zkkbv7^;xz3-Ayu()vFz*Zk6ITKpB?aODKTvfhsD!$@wk}(sFJ2ej=2Sa`!B=cxnAo z^$mnKU}50~RG&Bb&`anQR60@dCibjc?v=hEM+7K5BUFWA3Y8AUNJ*^%A|i;+U7Fcg zT4seF>h^RnzH`{O1GKY1fE{*C35=E~)y&sYX`rA!DD9pl45BFwSC}{IQmM+FL{Olx zDnDcZY-RW_6NV6r$Nru@Q8VvPrJg^af@%fvLIyb40{rNtu$F2aw)x%lexoO(vucQy za~~|^u8Iqi{U`yng!?Bt`D_;c2RC?YP&L-D~36TRZ5q40zl(x@m7?YrGG7=^8*ISt+1B%cG{J-J!E_bx7O?G%jCrBFk zFun?@vIEe8>e{`jZ9276Nd5-x65B1v-K-dP^A|yhZCs>Pxo&R=u+$u}vlZS@bDmG` zHn^(KH}~$>>UaU)u8~tU)C$aY?K~>D62%U8dMn_S*fFDeAZ9fuhWAIrFxn?tHKzB3 zn>a|#b0ZrAACM7eo=LRa0;IJrOhr=}RNx&biK#tT7$eTKL2w7K&%ie%Bx;RsKwkBB^If2>fW^!osuEa_fzamwei@Jz z1-~f@pA0 z*8P9zakobxT~#g;h1hE6;W_Sj)P$1D`OmYdlH+`$uv|yqkrzPYA-_ng%PfPp)M@!% z3=U>B$TG_&qOTtXPFu3U`#_^9!V%|p9dOSrT8%(_eA^53$Um(__2zghl?~3o2j%2V zt8jBD^Gy*U)-XwD$ih;!!qaCfNZU1aooAq9t?bFV!R7l}Mx#)Gp6L9}in z`^_D51utxS2Ou`dLDcY1>2S5zp4hK#)s~dnW zw}S#sW=VJ8erawxuF6*QaBF$o>?;|H=5O@xiDZU7w3W)O5%-E>Bz5q66K#t?53IjV z-=&n&nsWa=pwlLaRt6>N4R@9GZx4nEnqoNH9HpFv$DjRPM;IW=W_k!FI5NY!25wA=U_6ev8o`&7$<0GIZ<*2=Ko1*(r_fWkUjs!=W%^otB(OcBa z-{k+WD>DEnC5e$Iy1Q$4KheL2pn}PUS{XjS3YvMT}6~i=m3JAML`?2 zm{SZ2g*l(&cj1ge-28`gF^fhYPMhS_%-`5lfwXMD(zR{&^qW&v5P|?&G`^vztupdOn!9yf~+nd zYzY!HH(`I%$zj=UD375CbP!z`3CHqY8YqKnqxke<^V}=f!oID zA_jW@h;!877Y+^aWqEA~+14p#1_-AK@gWc7EQ5O;PqHFH3#%uQ0haDFvv{~8y^wAv z4qz-FX*mN=@VTOx464ielBhztLSsM-C&dT=lH#*9&+tt!oYXvZ+$3;7$ZWo^00(N| z!fnVUgJ8R_HJCzM?wy75qo}~d#{w86N?P_Al?yv-6z^u;o~{&q`BgG>`?^r5jcv#{ zUKr?+x+UtE)E6PFM#wFW&Jf^0&@bM5u-2t9=)r})i5BTr$E8~X&doUjor`4abUMqn zHk*}S)P(zMQ5;@{$VhL*Ez*{_1R?y{?UqL-{nfIh98HfVObRDQNh>@8sK2#`)d&Mu5}_k=aPvLVcviPk_sBnugfH`9t{-+#!A^ZPl=k<<=#&fBZ94f*Nyf1uD%G9Ya6ywY$j zO(85X=QC*yN!l?;87~B$=AbfL2!sIU`Q<~)2oPD0aDTd(T&D4d zefhXz-cxD~`r{C|%@pVYV+vvH${+S(et?Xlq)=Lb>rSU@fs=32{U^OwH6JS;AT8cE zFoyERu)?c2W&fO^hy7RKop<)u^G*9EOE~?Hp`$9KjP3q6nA;bZz?mt362eg6p z0-$N%oA~YXz3_22d0uw4Hhnoti+0SA&s>HAHGylAb#cKXr7eaW$iIX&4jT{-&PrIK zTpyShWXEd2Zhzqjwvg`&wWZ6x}+(E}i{tcd~Dw%Ut5y3*>@z4gJc1L$jL%8>*IwV)Glc7lg`z#AE z-a_308Ux3A`M6%8oIlYY;&=Gyd8sN?EeIE4t%5@9nq}`v-Nl zygkZo8W&BHR{JfA(L%Dn^&o{YMe46nYcKiNil5Hp0Sp%VyVKsDzG1>`QNPRg)hly5ITSQu%D@TQGsUx9{Qseqi%of*(jTN7_xycAOsG;`h&Z zj6X~=(O!UT2QTgko8S}&EkT?ItgbmL7FnUsw+&JG$Z=(Z&Cuf&q<3whGT|~QQPWn_ zi%JK^mrvkQ!TOIYDPnS<8eb)KxUF%LA9l%(qZC8DX8z05EW5to_n37{i|_BNuaw+N z@ZIqIq-0mJY@Pg9GTRMR2sdR_HCBk4IC6m6Sl$?I`eXq%FVs@COWrD4uWSulN+J`` z;ZyQ>Omc-GQR&n}d26y|+5U(`x-q>mQkEwKdHYIbQ$!|p?8n=?mDR|mH_ZuMHyYw= zms0DAYsmZl7O65mp-(qn`tvm_zrS*;M6JPq`x8wEbueDK3)^wxxA(HfugQb=c2jBn zmd)=jrf2d~p)|;xHO#qJLLS$(SCdRG`YzXhi|(yGs1r z)SgTXIY9mspW86k77E_O#LeB&4~DW^YYpVir7#5!BRPGWt?%=7D-uStHgDs0T>1?= z>wMbf(5JhNH7`A3t2@I?5PbYNGksRBr1{w*L!>MFGg*ug3MEB-`PAU)N;_qwMkASB&`KeZ{jdU zL#1gKX`ke3m+iQb%#po2?OFeJesN##i^E^<<+fex=4aevBkubQ@2e|+JUaaLSu0n7 zYV3irz8F$)3V5kJB{lcmMOMzOOeIljJ4eo{2b6gMFw^xj_Q$0*7FqnV%kuWEbtXt_ zH9sR;4`a>zLY`dTOi#k7ugHh$Yld&D&#(x{=JBi*w~n@$h5oDqIA*qUVEIk7No_?k zzp1jjWfwAdtSzoIW^wEBxDh$|V$^z0*!w$;SGP<&N*45Jis|)fuDE^SY2GSd^L9k? zWX>m0DX~WtS_eHC@mlbI-@e~J^{^btt^F_1BHM}0wD&(dCsGaix0ZK7=)WFM+Q#$# zGQpcWhM{1rfgGrGC!mJ0M_RbH_)kJiiwc+s>h&cwp-`L%p;v9}MT;dWkJ&pY77<%}j#9mCAMda%)!sHa_*wuL* zz20|6+g~`&x%a+{&e8&etV_tCQtVMO2W4Nq?C)@t>fF$S(y}!V{3#O6AOBovD@esk zbg>q-m}(dWC$^k>DOOl~SO}~UJ_%$K`u7tV%4~+@8j}n)zEPMTJOh;gZ_%lElWO4V zGafZ!BsR2v!sI#piacDqTmM|TVB`(|_nSw02gvEVMxafcN+E)oDaCW6AE~T8S8nmT zhSZM{O6dC2$FSEVW_(^xvMoOayhe|nxr;H#j2D9Bo5>guhhmzux>3yKG*je4YhHz? zeV(|1ERi-I#7NOdk#qY1@?n zf>Lm8_U9!J;KUWudDsMd!W%=<31PVxRrE)<66rq?dIKtb0SEzi3Tu82xWV-7BreRz zh+>P#gZTRpnMM)m6kh=B3_%#9%3}gf2XK_l>L>d)z#!!+e-#Cb;BzK({sTOOF&a+`mDSxaPpY~;Z~ z@+e#};$SftYs7r=KOauY`PPsrm6$C#wliCPt{z6_* z>=ynaClDzdk+%>-zVgB}UII>)xHgGRRld6n+K?vch(e;@T$Ih-dREN#&)C}*Th?bLQ3X+K&{PbV{Ct*Qf2NOhK@7ILf5awRUje7at!#bzme=U$@lz;+{da@|C z45}cb&;t61|AuUpiMw`pt9B+x7b4%w2!1a<&u5i@!A40;)c4<3sB3j znO^avBUO&(Yf!%$XnHu)_4aMt`=n>T9#=3VCllB;jn;Gjl@cY(5089X+Hiw8sp8b` z@!qQK&kDcGOBGN`8>@~hk5?+$$hPiJk=#Tsiy-Qs0vv{L>F_#BA>{e>D7HiadyB@V zU9h53TI}~g4yaQ*Cwi&S+&(3qBGOP>;}*D*;y!y(kF2z#veKVDT=YD2F_@n=7zX5I9-{0N{jCMP8GS zV(4(#5U+97vt1D~f=s{A(hsTY=);OUH|jHYvK7kKmILDIPSIX%jJZjU&?hage@mx% z(r$lwB3ff$1(|Iv9{`{Mqh9@14KY2^@7xfXPWf?7ESm;Cq!j|>20-Jt+EN1_LPJ34 zDXr8&;nIT$TxasluQftO{*l2dr_dt$v6Iko)Dm^$6%ute80D}Q1aZ%gD+G(+jGaDrX(iIw_rXEsb97|Zu*Z!Y z>gm)hTE&n0z2LHI%`gP%Z}Gek?yLd}Tf#dU6$F>3XMK(+K~9Zsu2idn#ext!#Xrhi z>ZQ<38T)MD`fDf`f+$p?7^VOC@L-?Ub|`@tq=F7uA0*gBvLKs!IIf2tEr1Wz4@Fj6 z4mm{U2mge?qe%TfA46zIFyXSW59i2TOXL4H#Os=k-S-C4=OF862PAE1#5AK9ZXic9 z`8l(#rO~PV*U88M*a1}-$*!0ghXmw~#Lu8*dJtdqfS$j3$tr?}5X8fOXdANg>rHrVPr zrslR6eyfOrEPY2U1%>(iP9<;D-PT zyqEY!_WOkhil@sp>y(XuAo!DxH$;@IcR$0u4r7)Wki}@q)r$>bOaw_rqwB+&EQzRu zOwn34eYkXr=_p;nR5D~hWTWmwIWfBnbPDf$y|NOs${)ct^CkyVY6PM0({oMv6HA#o zp^~YnV?|coLz>Zw+T4Ewpr8y44cXuxKUCpWR(Xp0V?v_c%DB+{`9N96j`-F?2whP^ zHC$|$sp@|s&QmQuP*AgXS8Vjg7`|!;2|YDX%851Lxk5Nu4jI+urQ(0n+&OjF(!M_0y~vHM zZyQ+OzEYIz6eBP~mBe%L=&Pu8V$pp^KaL7nT!H`AB9IvNKWiHQ^D(RofxXbt$ze}_ zQh+%PxuC%LHWmll;gmPZb`Q49kgzGjvPFS-Ur+nrJJ1JAs6mnzVO4PC+n|6q=zoD4 zNxVPQhmIDa?=FEYS`ZWu1Ce6i_`OazWmqwgORWN}_Tx5$rz8p&V4=o88A9{`J%>;$ zn@UqVinQ2&Dkl91KnTlwoFELNoXxJP`Ed%hw6^#rt$c4qg<;fJPA7S4%Y4>eM71odbfAPA)VW z6&l=6IC{f@`<&NP^-TmmUJ9ME8YE|f>@9ZqHuBPB|2 zzraHam+zTLyu|iIbTTWH&4pq~Si?v7EZUa#f5PxnB1HspmC0Y6MI!Uu-XScsK*Zib zJdj?<^ypj0&d9q-!Szt$1ph#f&1QHXPOR2*;9CtUus#n<0uk1K)I(CiUKrt23Lk=*K@fL}Yc*plo*#}PH}BpxU4?CK$z&UGsR1Q~ z_7*s+TO~cA@T2&?j8VoU_btMQt-MIlTxoQz!OkSuG6Bw^u5j40rh5|XiC9VKsaH$j zoFt)XP?Q)dMq5#J;pE>u zj`z_{e`P#G#H5cVI5(Bc?e$l-;C+%oH^~ZN2`otdc-+Rm_q~HSGEqxm^+e#g%`o3T zy`&RD4NlYLqKChXLwK#q!F#Y6xj`==i|#$D21Q`fz~u7D4dnyPW>zaGB99_ogf)M_ zob6*GXV0h$Y0dGpF+@Nk>3~*fV02XdgAjacj{1@0esF#JLs`NDI{XU82N^?&WUp00 zGsb`_#1W2>WQHEg0sFD#u9c6F!m@A$++Il?1jLMXKBVt|C!$B)ks7l*t337YRmkvP z(h166_3j za5A|_@p2$4wUE?e9NDAF#9%dBBh}lZI>`HMNxTn*&*)g-*%nK|EV1(8ste;H!`X4C z>IsQrzaG4P`YCrGtAJ7Wp}%TNRQEb{>QpIn;vbB8GRz`2Ceku(Of#Y#`zu{>3=I>m ztuTh8{b5_6|3Q~!nf%;UNl|m*~orGUtO?)SXqf78dBq?qbXqI0c4Sb92 z0kg!gx6=JH3zGq}CI9nr<`_MG?QZq{@%?h3xBnihUVgFnt$glhH-Vy46ERB_Xu%G)h{h)fW)+_3yxnm|g2?;aav4~Y}H?O{Kfd*bcK$zy7Dh;GO| zYlf9*nzc#mq+>bz{c_}@@HtTR? z*waT(D`tkd!X=sRkyB`IwvP^VhbA?RCYBYArny7@^gNnep78h&F(ENCa|a6tD+f4| zBp3QrioN~2^RwTuurDQ(;Fo9TrgzF>|Kq%yZg;k;CKW%fa*^ zc?104PvpS_m;3!tXV`(V8+iLH3banN@@y^$6<%(CuXxkLT0;J2-`MxDEW!p*cFldM zBd0K}y4yQoT{*iBUMyPs%;y7x@57{I6XKs)LB&{nSr>YOvu<+%p6eeBa~g8WY^!=< z3@i5v;a3=p`MD5JqGB0|$nAvALLI{4e)Q!nIQ1LUaAx-?4?c)iv(T<WPcUizMD=lt+#yl%U}BLdIY&xf^D%4VeWI*gUIvG?V>iip+NjJ?9F8!ZA?FD6jAR zW_Yj?H}_2`isQ$3_JDqQ#L;Z_AckJmq?Lq)bYo(}LiG~Yz4(WFCKR_x#eHeCuNywG zW#H1|*71Fn{~6kd*Y3se$QsY38^J8ZUyr#F{EzqRS|i*}Mv-@IYAg=zhhi0LDT6P4 zm~;I4Ey>3^+=z1@X3NUF4x7y+Z`a89W6l&)UMVocGuQ_&*?`5>q@vW0W((gYMXEm? zmWf=flhYX-A2{`Rb3i5gl6~K8QK&c{63(G@w5AR1aj&H$bC>(U2Ek^V3KR7gkulQs zulY>Ss1#xf)#K25Do;}Ji~O?3pn;%v{N$6zTb6@a8lJPaUlt;7`3AgYax;g3gp?HX z_H}0pabJT=-1s^6q+fUsN!~DYo-qS#mfaa6M)QyUOG~g!FrNeqB!z}xs<8_98Y|?qUYqE9qlewd`73(|-1HmJZGwHanv5H&Q)$%?h_~us| z#asZ}|L&uZ4B?HXQ0qkUK^=R;tNmxF{Y}>DmAUOB6+5;2pyj&@^n(P}bI}}1QIU$L z3)x!j822=mR9j2mKbQ?3u804AFcDd86)eCQpc4iE;<$bEQ|bN*GJoogm_X^c{vxSr zzCO_{K$v%VwnaO;_hV(Qz1c$8cQfkF>baXZ5hHJlVAsdIbL(?A>*qA6PG?fjP*dH= zJU27=?cv^9b^Wq|Z^>v$Z*#%ufjQT#ABR#P?ZxIm(da=FyvJ=L@o1R|qBsTt(=v3k z1;;SBN#$RC#|UbBt(P-qM41W;P;SWW-I}l8x=flPvpj?eoQHIGHhCdvWV}A?5@hr) zF9kakAhj@WIZy|m!|{TYOY$DtHf{uX!5s1!0j*7_7AT2O%%~(;WHCM?csKI z%5~>lQQKi4MxR#}HCD)@`#MBL^!Mx8YPw*8H<$GrpNre8mW7Rkh-1B;OTRGKBeC~{ zyf+S}o!5nmVGPLYH)h_NyEW#b5b4xx8FXNhv5^I%jLb%KobMhk%9E!_YU>2GipAl%i19x8h0d zVf`lv(I18jt%2tF@qRcc!uRjGHp2wuUB-u{`WkoW{8_@r02-wo7iKqXP}RLT=`;7ql#BctW(ymz1(GU{tA7ib6+_a5ck%{vCtbn zJ#wc5w>D4^rJ!x%4gV)MRc%2)TAr&0( z*OmNHEY~T?{TYqkr^I`4WMi+{B8H_;_zx0FPn`0ID*@StG-so6haQ!*>>twFxbn4( zQv%K}WZbTxxIAyLM6=6Qikg+3m)sjA>(#hGmWyTcbEO<9CKr;Ui@ovm`kPbq(dxlG z(bxPo%QwFrcGf6TUsSBskLi{EeA~t^!efHHNVPHgyI$J}^8KsFuU~!2=aPNb>_-AL zJMtvYaAjZkP}>j81--@nKZ;ViQiCLlj};2d)UUb?PqsmHzF#wx5`fx%I8~I;iYLA_ z*CU}1%joJo4kdnSC7f_=f<7)27fPfyIbw73a*6aOZDN({Hgu;0A=USmjfhbQMLXKO zHh6`^&u6G_LI+hz5`E`v=~>5QHI79tRgrn+J7%(Y&AsqVAuZ$zNC;+aU2{sXf7g)h z$v66%xc(N+-uNLD>ajSt@Jdznusmiq(qyN0bKO9Kay|aqeZpX!cVlntshy4A@{SFV z^SiqU1}>P&U#^gOpxY?hc5*YFY>1|cC^@BMSN0j|FTb@HGT=h(t+D(^;q<-k4! zO)l9>DN!&_+#yFkQ^0oT>vb}z)VQBT?k?#GqCS7vz6UEzPl{##;<64dEdi_Mq9J+o zM9HMWiDeFhbmCDW3C-AN%Vx54F^7Auzvc|?HR(w|_u43Ym1C;yw)QPd)U7!9w#0Kn zG|A%=%I@)M41UiqJX>ivw9`nIh#*XSoKAaN@+%wVse9WQn;MJBTRLa#fXwC3IlEvdm96#ER;*UG(;8nM1fzr!{5BCMcHeKXI)lZ+7Ay8)} z$J5u_2x>=LxDKQ~t?1~&UgR?K7^odne~qGU@C|?T6)X0TO7-CYnbUr4wP1S@)oO$* zg8*K2y7z;?bA}a7vc$<7C-Qa-E)B7MCyDoUzyIWET?h&17HjA)RV4$N{-h!M2&`Az zD}oapb^(7pQTkn1Mywe%G-EmBUQy%al4sbOkD>%!VmgLlOjS94o0##?kNa(jxoG?T zj-@e5%Y$3QqsxzOrZ)zYQ!R97>@B03l6Ig)IoySNM|WWirtsr8-+5b)afZ2#>-C?} z0uRcfdU+NWJdHN)gCkPb?hB++{Zl(IlXMVz@T>fi+e{+t1bRy2us>t-R-Zkq%F9vVU zmkY}empm%N{`R_5bE^%*x_lJA#=buvN$*D8TZCn9Mpsu(JVg_8WuN;YB8hy zzGAVrL(K)r2l!88G8?k5s}RNO;4#IMS5eP|r5TXC*7Awzb5R#hdMjR43}#qWq40{y z$PI#(Q@2%&;=}N-1+88^I96OWjHgRH-uvx=j}x{%nPg1(INqpOR7HwlSEv&IZQDjT zrsT)W5(+jWZK3rBZ8m~sQrEcFdWj-zO?#!y z34E*$KC73(+@^^u`fM{1HH)#VZh{9JQ+gOymoR9n|2Nah^LFe(Na=Z-7Lq$$sNW(V zZf#TCo58iUmy}KNt`AEyH(m47=>K^4j@9_jdNBd6jL5YY2i5a!1Z?4(Wz!Ptx7{z% zHu{vksP|8LJTVI6odyTH6^CC9E~$2E9Bc{Vs$M%UlM7Rc!V5`o&#|M|*HBGJ?)WAi zxb(=@eo})JYxS5!6$MKn3 z-ffNUXCI!DboOW8(u?Z9Ffy<6u=||9QdB7OzcKV-w@_*ObIXYnh0H>!wGlc-L{gTR zfp5gM(Scm;tdutNOMhfoIRx|bh0)oQ>DZ2UE@bjt#-&-fgGyq_n-LHDWYG^fOlG~B zZ3y0^EqC9XdHL-6!+=O1wky(if<+iZhIz;M{OL5)T}a%oHQR)Y_zu&Oa#fi)_$K&t zUL?U;W~M4o=RPeeB4L%4^AH;DtPa%(j++z>_KWbGH(8HYknEf_liJl;A8fvs`tcg6 z(2)D1<}0C}#uP7~dQ(!@$u)Lz8y`hTLMR&%A7Y(M(nyXUGsax&;0kL|e=+TUzZrkW zWH9D{axwpNBvv>FRP7bEQ+`~rv#e;|LD^7+{^%0Tz;qU0 zVjQcFv=3!Go|E$K%8hNdp39@Sh}+a{A!- zVR;nVE}SVu{-u=3d-Net;_La`79Q+{_No|^%=}oHwG#dP!f3Z>c)~baCtF)84O^Zi zkygNvM>QDDYCxLj@YRrD@M+a0{yf|_e3;B{1Gkd~pXn4QXH7okOE*X}{yNmN!-&d({+3Dk zfO$KqUGMKC`-kG;%NTmE@yE?q1aiN-qD`tpmH4;%S*^z-LnnPL!$`;C>?QnB1*2&H zu2K$@T2#KUX4P*qzs}#*e)4D|ABoM-j;Hown8)pr5#m##sQAfY5rcLqNc zBl?-IUboI!ZV!WgRcd3xNLfX2&~R+45C5Yyo8+F6YVs$HTh+1MzK>Z9vVEm|qfd_? z?6C`msZhJPWn0-re64?%P&ep&TVIWfLc?SybklEzwW3x{Y%Qp2zut(Vt1)GTow3nK zl~7YXtn7)N~ajq zb~(ZY@ddU<(%R^~k<4$luM|40gp6yvp32MQ+$1*Otg(`6;~@LW?YNwgig`obD}@W7LCw(QR5cE%mM zbk)uKza(&-pjwHY-J4z1j3N5vrffy^Xy}CtQ9hLYOGgM6`KYPQl`le`x z)aI8%bGXk?ivM1rI)0M&BqL!Rqe7GOGHF>ZGHKT5l1+S>*{Ws80t|Qx3GRQ`l#L)g zo^j9b!qb+Tb&EerzP-<|XIc|gW9#f*34K{h*O_jjJTt^CXuPaR${%^%oE+oc=^w%B zXYfHgHZ_d75Q-B)_q^B+NW}bnr0w{mf zj*9Ai+ebeN3K9Y$-JouJ@ede>y6Ap1t?;-1l`~LBVzLS;}7VSXWTkGcVtmhG?(3c()as zH@}AT(jRg1`$lotRP8fdm{9X;7yz|UqcXq##l>j3_2s2E5yF(lNSoazjbRCRL#LtD zweHT+%ntH)ctw;~YbyLweu!5MMlEVh(dv$nNhw!7NF~=!iKZ1*wYgm6*HJPs9%wGF zrK06v3cor3o4(pCe701h_3=;uAg32E&Pm05l@eBc@Xxm!X;nt8 zDi!>_6PWOJBiTFhNqjkaIdimm>}%c?iO6+*^|xfQ<+0|A(D2$QzAbRe*t^2soa?I| z8wC9rpkin%rE4lxZrS&is#Px(P|=f=B=!gjF`l11eA?`?TA^U3vnJT zu;zj|Myp{k@-rf7i(5dDl}XFG5iyRrJk^t6;*3Y_)~P!%z_L z)A(eQRFK>n(reiyL2IHRGXBjpHvjKKc!SOf{2PORZv%;h zn6WL--_}UuG6Q`{<#qc%|Nh2v(*L+W;Nq*HbY}}-CAZf+aw@=29N;j?G294^Zpwe0 zgDKu9(?6j=2JC=BRT+lfu|JxMJri5I_E4rsqP({GW2YY&nDjt=t|M__GTBYViKiuH z%Q^L*fWE@CKCVi!JlwMo1dhCs0Eo|0c*9f<+CdU9w7eImzH`WLyA-jyJ|ZqJ{v=;M zeDR1Gi<$3&xOiu{2bF}L&D!3%vhgemZ964d5S5w$4n}3k4;nWBkhCY|)K>%O-y@nvpJB7TfZbBRUcA&~ z?%G;wRrsjx>{>ra_45Ei!_kZjV)6hj3UF=^*VL!$zBMarEj{-|ljB5$EJ2}f%#ZJh=kjm}V z_H&$fyPmsSdxZ=n=Kd(i`qr03aHWgCIhEP_ZU~!+O5O=$g1IK!sYj06D2+QO)&hgtk;}>7ep&yd zq2R$`lGo#+ZOu(DcZRm=hKIP(aJg3w@G3Am;J12R$y)(fsNUIPn^&btNrT68>wT;H z_XL3jdKHk_n%E!!Qa0)p(Pmpg$#?3qp!du+KstK}YK>ujPc9@qTd)=oy zKiPvbu>7F#*_8V<;DZ|Vysp_vCx3wYMeoSNkK!)fMxHrvk_Tha;`k{Z9A^oJSYSlN zePMWJR2vZ>cqov$?j0*Im{%O>Z4`3@0Xo<1MSaVg zjbuw7vp$Z2PniMhW*vO|^UD)&aUrs?&NHl;sQmP%d;U8agj5Lk9SnCCf^R2N*YRUJ z7)g{zM7M7`bTYSq+5&nL)#8N>HIP74QmZ`X27O~n3E^45y;+ga!HtyAsu(Ha6?lxL zJh^c?`ujtL_$v&tm>)f1qR4^K2YK;8;IOJu=C{XA&UX6k$sMxHfCin?Cl=A9X*mR) zgmbFG6i)_W*IR>GFN-J9hXF^}_f6`Xj;G?!`e8T3r07|x+9Rmva|b;vXru1Vilb3E z`kWUJOO(F*sR>1GK7BHoR;vXY?_`=^2@JC|&C3=0N%ko(-m!sc^A)(2wm>Fr}n zTfVarbf$M1z%?D%HB%aqx11M~J?FV*qe#0)t%J`VaEi@@G!PNoQnDawzD$YwBotfE zY~s@GWA*J&Q*udHZ>bmq$fhu<=!s-2cySD!Xn_@V+!F9YW2YfBrF6gTAZoBhxZOB~LLhTYQ~On}<_ z3$AT?df~|dnpXwI;>f|0)5{GDyByqkXR@pM25$b7vw2}-glWR!km@^LmTielNjr=5 zoUs@NNGvR{vOVBF@N)A@q$2K`S?08#e1h%(1z}*T;p+V^+1BHV;M+jou<2r%Gmck{f83mYQ$wT*I%q6ydyPt!nj>$- z`35Ur(zS4O3c5_MG}=Z@fAVp!AJz%X0&PQ1R7ePQ!!&XiGV9Di+#JhdE(Ot~3qInd z%1QcVy}(nK$jB*7cz{^f+Dtg1$+tKe$*J}$S34{BrPoon=DtbYxt+^Y&@doJG3#S- z(UEffcDLmmDSLYZ(>ihPp=!$%sYKYzW{QXq)S~=4VXz|YivJ705QeqwYgumXyOiq< z@~3W03d%K|TVFaP*2J8e;}56X)G+KgJ+(7V_K)#*hZPwo?NED|I9bO+yd1{&84m7c z6*V3Bi%}yk=X(v?LT=?u)JxL{`^m8#75JUob?*J%`c_RHly>T}(fsp?Qo9qJXbOdS zToemCnFZJCYv#84g`4R^eXY1Ka@%PaZ~$$C#p?NV4vv<$#5Ss%eS}e!brm{q9zXv7 z`p6ppO>Ivd>ZGfFFs)pOcdK$?m=f_olBc3v|6ua|@U;~_v+o`cY+DPW!>8VvO~dST z1V>BXeFsTFlw3Ado5+!+vimn#nmUB6`B`t@H2o+xN>sh7Jk_^8i#OLcRuve!jeGEV zhPpq)2=m$QX~*${btWQH*3l-1w^|92Jbl(vrJs+%0ZI}K?FRM2)yTY&dOW_#?iYK; z*XnZuoVFg_3^JW#Hhxqurxox?oz$40pAKv}N|@zSUOnoILUlb`Q>X&Ad!_09LVOt| z7=aH@iP`wlOQOo^uEv%oew%t(6k1eqv5Bh7Cfpm>tz37?CJ`oAQPtS6%@_9mr1UZw zvF~=zhh68+!61sl5KNsx>;2)f@mUvDew5=Sudy!P72^aNS5rRC24$ly^Onx3R%7@2 zYi*w`upu?CCEZ(F60_+2$G)U}M6dtwJ(MIjUW~t_T=wN&(dRh4p&QgpbOIgR-wxl!evt46Qr4bD@<$t%xDFeQ&hKXxSXeRHe(oIy0v7NVyF zV>H5HA|muv1kyVrr0_AWu9UV~?@TQ*-tKoy6Sg z${i(B<|5QgRVZAVb!l_wo<-cMaE|p;q`#(KCpq-KIk{o@nan-@LjlrI zu>b&M6v5mtX;w^w*4?Pw7Pg2`a{NrvqZN67Ji83@xpt2k5J`pDn9wy8dkr$~z zhGt4gB!5t0`8qHGq|tiCFZTQB%;y9)N1CJ5YeKAtl+E7wplT-U({%iNlsCCgD#r=} z5{Zw9rr3DmhpwUK2EyFDUfQ-}1qOBBN7utZq|NlH@fi2O;8c(G(t8W_cSp9LnC6ns z>tF_md0q1F7dky;%HG_dYXgOF>^ie(Y`t0!B64fs_I~Df;o_9s3wo8uTxIUt#Z~u@ z>i9H^I&%r`+Lqe*2q};sgg<*q-2BlWL1{}*bl!P|v(=1Vt6f}z{&NuqPdOx*UW2rh zXxf$Z;sshcRXAZ-Mq2q?Qs%WqaYA}dmo2T^M|~UQa5ol;8~yMLP1B>?FIdhSsh*JJ zKE|Y0quY+hT>ZPvo$Dp~kmTU5NB}v6@ z(Xodp&LdX{iEM^H)_3q*S_+l+tLWy+emlALD7+oRrk(HGsguIyv>oC1>fQx+cHDel zLgl74?nT<7nxE~$=Cc5O@~M<`r;rMFlA#cV zd8~AZ+p)?`rq4aC+ij!@3-K>R^7!33(1O8@h5SU3HL;mrKZ>8eLC$BBP==@mCAeZO z{W1>H8g4{|t4k+XV-nBjxk!e-?C@!qza~T7OfRQlUI*t!An0PixiNf=H0p&!YUPtW zvEAHDv0mn^@e;eG6fMKo9=-lZ*SGZU#@8RpQ1jEP5G*HXs2Nk7nslgMO7pum$M-Q@ zTo_I@*~<5<9d0-{?6pKjx9b>?#!xpTa1ZM z4J8Xcrxdu%J?xF~WL0aK+#{ws37^(C!AR0EYl7kb|> zJnbAm)kL+N0^w-qlyFEJZ(AWz>Ch7QX`nM7hFNT=RA&46r^n6%_e}yG(ECXGvRXO? z>*YHPPfEsKJY;8`e-Ik}`&QA!d-F$K;vqAvD1pnDDYb7kjF*ax-R>r9y}K4b`hoN6 zG>vUO;k8!B%jef5F1t_$!BYuuwQ6)G&IpD^GT}Cn+ysRKkFF^~7bC z9d+GArMXUhlG3YDTJAJHi=8*;xkXiO?rsfBa`z!!V8NO+nJ8 zAPadeH!>L7zwV*sSNO(P(;y*F@qD`xn`w&wo$s5e?$>{g8~Vl9PACp)ws^%+4@r#q z3nnAd%F}4Kc*SUo9QydsCZ2fZ(VGOQ-ZfKM$@$sXfLMW-l`f}5=jpKckd=tEX`8n` zYZZqx8Hl*bFAjc*yiBo{Fr>;@+hs~E;xQek{Zh|UQMG}Rm1pK_E!49QAK@C*Zu^{! zWYqQV^sKBtv&KtAy0o9hRruvI!aVP|e%N_kfO&b6xMYeP;5+2jEngBecUA~5l*tHh zKQRqUGoN1kn6>Wp#FqbYLTq$m2J2A0Ol#}Cc$2+KYPxy)vHG6SIf5ZnMTk$Ma$Y5@ zk;*Gl>j81S$$91bHN}ShiV#!Vz70YGcEt3;)7YD_UeNuJjTFUA&Nd80-#e%!$f_kI~ zf=pSKY~MWlijVnO=%;w8pA_-ZA*|!ZMVp&0`O#`!<03W^HcFQY=B`_H=f!L4x0p5$ z;VZ<7FVs!s&y!Ojg?ChPzmRs@t}OFS6X>oFbj7SC{yhbP`@sa~hbMS)2ZR-QreOp=FKDXISE61hy$w z0xVVvu+seJTVW{HzHoE+F$tjxC0H2m5&FvqJZbYz)D;t-QP=Ivt)BcdU0AA#H|Hg5 zPoLJy9*d3iJ6wYgB;Jb6r0TZSH(nrUWQz^^oJW4d@`&qI|91C1f>-y@*(=)V6l43N zj+0fgX2r!5K-2|Mm7aQMYmURpXC+1sWB$P?9>swv-6Kb zx2_8oJ@1z6ea1KF1>{^54;fS zSgpKN&Do&!*Dj~t@kF}mlX6!%FQ|^^B&*%z4Z>#czV%(Fxq5JoU{Ew$B!1W6>QAzR zPK^aN=f(?TcZEo05At%oh>YfkZq2jFmWPXQ#Nel%4*%nB-L#cOxKO8={(Bzjr7lKP zPL^;7t4rT#Om_w30>>7#P|(EsG+grkA-|;`kwErKYVZRixmH|b@^82FZ`Ty&$IiCz z9%6}=e#l6sbN%>PscWYM|6H9j7E735rFS{ZB$LOJ%}CaF$bf?hn-=hmmYCSr)_^3h z+Ks{pT_o#`TuJb45VF@Njt`_zz)2Ih)3^>0`yR5zZL1&s6s-K&n5Z^SJCJ(1Y1!6f zHFK9Ewpt{+{M$;=pm7`C(mL~2GWDwhefvfoiz5M@Fx|<M`PQMw)&Gm-!21Oa5%IrA(jXCAu7RO6sraOv0v<&x`7k9Z z+3>?nSJo(Qs?$!ZD>^*%ZPBgN@UkaQCXu#cDQhNWUu(kMZoZ!ke*6YE!_Us8@g_L@ zKQQ_K*U<7HTQC0=8)wE9+y65ea2ozaR)6;1v9znI`~NrGdY7;o5XIUUfmPtAOg=C>ZDw-&cXYYh(eq z=IO5K3@sd#xdxSBfQc;@sQ*jY^#*2usjV^6{89AH5Q9^NlDC#@^f2Jw*IR(T+74pQ96W1=)@$Y9 znF0tYH3Cjjwogyn&emMVc7vdqLGbxOa57|C$p~n@_qAO>oXQ@vw_J-m}`G zE2@V95lq>Z$2qt|mhnNS3oJr^#shH>DG>|ASlnaQ!9o60Q!~cXvcS;tgEi#w)vETc z59sB^S<;g?w_7@+F5fOvNIB~v`-V<3L19U#h=Y#GnkXLygo8G&HN z@@O~<_x%Ve6=N<#5W_63XzT}Os!*lpWfw3&PmG4br$a{wSk%*|m{G9}@ z?>^c6d|?*MQ%lUHfK0o`sk+ZNJYg&ZLYybSohbQz?Uw}0;YWfGudW5Nm-orc9`$d7 zc}~(S2o19XvVv7c0lU+~Ey_;9Eudi09o-0-g>wSQ_S7;s72aQK8oI%nX%D8N$7kSi zb@Tt79l7jFE(GNK7K>v&?(q=12i#~^1xWZH*Q~LlfpRb1ha?+ zw|7!{a)8RjLLYK9pdaOkm#qq1wPh)BX#xHcSQVDzZ()9j1%_E}a8K+7__iO7+&3v> zcLT_9z#SwOyrCj&8F_Zi2jBP3cNESI+k<~{uoPdEF$LBfu$fs<^d zfwxR3?E&h+Jz!r2O1QQK@VW@ip3EGeHTlYn1mH!xk2+zc#6m3<`(BX2!yZD8qXE3# zFxP<%#6k0;9( zHiE4o1BA(ObtJ`WR;SKax4hOVGTQ<1w>G;Syp&Hj$X@5yI{vxvr~ zWZJ=f5S`TYLb=t9ZFhH9b;C^Y`W4@L?hY_WyC0tI76(A~h_|o2TLd1lfT7oRfn;kj zk&5Hp8$D!l{+_+J)MEn}#spe6QR4Tu9|8*Jm0qi7|NJ9*K|@u^sJuH`s#SZPs_^_U z{=DeX3Gh_lM+Qu|(5Y7(HM>EBL>zpp>20yS4 zS~+{mxqSd+96e!H3f3 z!J-({)LKGKZ5wm-U<5NSQaAe(_3H0*;lv z>6fuwTdIK9=>^@vV{iwxY$WJ6iTY@zTH%n8aPjxgT;IMDZ8`W?KDG}r=DSVeUGX|R zRwm7WiFkvq75v2i#Sj$g8|u6Ev)dSg)^P`2c0CdU@eWlL>Yw6A9H9d5GHm){qd9ca%_UAi-6ZGu8CBBvP8IyH*6%w;=YHhan zv#sh=YEY~cKX$&WOxJ135aDg=x<{~*Ik=JKdA2*-?n7D5K~F)4SU~Ee7|YZmF`IYK zZ?QXU@ExP=7k3l;2G;m|B@y#mi^u3Xnzlfe{*_MH&aX+Dw4dV(Rc*hTaGvuXYbs}B zS#F-zX1R?n$et54!esxxQn(Jijd_QcrM2|02pr5cs79e}MRF@({s>-_KAuMw?9-Zu zO!ro|PW5h{srq6QgdI9LMyJ+G9*8-HZq@Hu*Q-%x{iuMQpp|s2q~zB(MF;klVm+3FakzUvSdu(kR! z-@+%@nu;p;c3b^%%?*(ZlC3R zUQiCZ-@P)%X$k-E!{VfdGe~g7H~!mk@4g(i^4H8p{2I@}{>B%h{l=F1(_ckx9(Oq2 z$WMj&Yg4Kn1XXI}t}tXD*G|KGUdO(_p<21yFypbGaWjN5rlnKa)N#nTf|ziOWs#!>)N=P z+2( zxk%YVZEI;?!7mAN$ui` z&)=r)SWo8HGY0nYb@=qDo3SbAnziF9Ydh8h)gj~8}My5i*+UN;0UjCSap z)<4Dnfr>2n!=+GThTiqU?%oxxRu$h`A4>T4k%86nlXnhQ+_eP6_$cSTTHpHeHOEKH zt)}qM-5gTmhp@Y^?>&ZJ|C8AR9z>w*GX#3>EDvBAkpws;vH}9m_!Cf7khKL^Kb1S3y6?cizb4%S&4UG0 z1^RD&H8nMJu*qXfACT?h-bI(eh454S`&0u3x*lMVH1s0@L6*LA0#u)qN8*lkK%wLT zoE1TZuOTud1yV`S;3rNWiOc>uIFdkZ@9;Ei!nuBW6jWmW%I6GFtM6dtJj4PudW&N} zD}mV2yX}k*GWtIPvAWjnP%JwZsDp}Tt%)JZ0Ccc}sn7sWqF94a!>^$1f@CWc$HBebRtzRiW#HB9c=-vN*zYuyewV(fq9fnlIW*{?nh0vrrMh|A6tyxr%Ds5X{` z%F+o?dM=+ly%-&|_0qbu9TaH6Nl( zZ>xX}XaYnR04mVg;%>+vT?9D&CPTT>U0ZLo1dHcRKMNuB0ZFB@3Y7GTz=jn`BuTXa zd29890%7vd8R+dt;%}rfL)}*`5S&Vud*)>Uv$hg>7RWVr@k@{P3bQBzSha2Moj^*Y zZlphT7VvJ_j&%*pWwy2nr&_M|2lZ-#Z_5HxEd^wl(vt8!Xh2^k{Hp7-gx9VSs4>CH`v#6+ploTlO7DKUQU$KavG1SI(%89|5x`R&sT# zRXw9k&zgZZz{5u14fZss3Q!HdyTt;+Qe5*iX3k!t17xAzmj;RDthlsKDdeMGHh7$a64t+u5-}h)tX;AKhf4dzWy7@rWAFyadqr zRL_h>D4uS`2V=nN!06elukd*RGXI{v1%!o35F?7H73b!VV?X2;7sHf zF(1za^;1JrQ|9tVUv+)rb`L5j9p|A2*C#G%a-j^z7WZ8!jOhTp96zqOJWcqn05#7r zAik|>kkIGS{Vt>LdgNI|umzgUvL!0=N2vGxQJIK6cF8x7pKeK@J!^og@OKZX zSFFT;2(>qRAw&IRA@a^QL|1UxCu2np+VOO+)r6Joe$@vj@D787fg})PP(j3<=+R5= zISoX?hV3dys(Pc&{yX_d6G0qln$ib~`8q2ps@z~=oSbj2fn|}Dz4ak#51xg%XJ_ggnK$S(waILJfU*6E z12?OOEG)#~IRnmV=`6xwyqbhG^0KNfO=Vs;5j^4hh0MZzy-?smU9@lY{O-#Qpv5*X z6KYVAt<{&@G;F1MOLxj<=nF|f?-Rmt3j+zaA>RZZAOy8ItNv_BnsFkxgSxb(Pe2h0 z0#u6k68wtW54o5c?7ln?_|$&*R{ietc1$Gv#t^4Qf#ko`dJc;7pI1t6(2;_Rgm&ti z(B>ru*rIegrtwai;gB87{rSZ(QP5W(J`DYE{(%3AWcfdi%KsX0(}6*oqfNaJTJIM){&<0Zivc)m zAbdd^s;IMsPqvfWEq;NH5}Z&jz8RP<{A_!XK$`&IuS zR36ZoLH(Ve&3?v4V4($Q!Lh)Mia!{@GAotAASMC}jzD+N7tR0J@T}5wsD2 zo!&tBQkm+?A3cUpAT&7oj0c1oeuQGdzEgZ44?roqkW19u(Ag#Dl0OF#8i5`UU;@C% z0ODb+`2W@b`*54_D1h$ar_e@S^2&V!Y}zJZmRSvFI_#EPOfr2G4UfsP2IvhMSm9Ve zhLA~S4jHx3UXBI(1Co73Zo^;K47kemfYU6hIp{#oo zY_%;I0BY==C=oCj0d%PGSPrbahT65iBL!#(jCFPmFo#lOKRkRgZvZ8+!{f-0Rvi?~ z+id}ybKl|;*qrZCk>X!+S6?M}f_oAsN&vcCKmH&ADq@pu9uf{FLiAqdS*QkqaK`op zJeEU6IbQ(rBtZyS?V>ZZbzjtWodHmZp8Vk_GGn%AkOR{I{O$SoPC!Jt)n~fn8E^YYn0On?y$+4-Rt zZy9F#H;8xmkD^#|LP_WXr>-oNGE!PSla`Qoo&D#!|fVZiIR+ry?eS8M4 zzMNg~+gmlo-Ti%In>t_;F}8qMDI043PHhiWi4cVu4Iv(rd^F_DTgR`*;oUMb`e*DZ zfn@98hQWIgSx`+Uqpr2bSKbWHezdk|pHce`S6EDDna?;L4tjI)G`4d6<8f^mz%N!={LEzBpI zkqQ>^DnfLU(fvMBSDsv?>Eu_61ch4jz8Da`{9Drl_Bq2lc~C}VSPSJ6M16X825y-f z${YXXEWC1;or0?C@e zYHT_zbbS`3^?oVUGd@6t(VOFH*75hkrwyS{pw!HQx09mYauCO^VB6t5Z}}v-R zK1U_PZ)s0KRVqTg1N<=VkSjLVtPo%EmI!kmFdyoCZ-nj?sN$hV*mW~_Tf{kAid>bd zQt~?MH)uP146z0N>uvF`(%=up9om{}c7eFnIK%Eq>Wk=9Z!~a!ZEaFj?Z^GqW~lvb zl2dEzCt)vJ>67gJKrF=hi+q+z)54gK)eoIZYsJNZa-}tYu(N_cg6i-&C?5-VoVQuU z%7i5HO@(?x%bg+b)$K@y)9i9CdnU1-K*$-u`}HK{FN2cZZ#dkm~ zPm8A)x}sO-K*EdCwwV~-vrnUA)(9AwlTaH42TldIq)l~Uk5Iky#l|^fhqX}B&eP|Q zSF*`r#_c9^l!E#^4+?vHRCvu3S9KBFZ{e~P1<3*#rF8ap0;!fEz}K6kL0S^n)pOUcJ`Bi%YDOzAxdw0;nHwuSj10lM zD)oL9yoTN;7ht)UP>;NWSKgWN3GA2Ed=zYF&A38rF7J5QAS6eayOfQaN+=&qKw|z}aFlpk(_s z*ybhE^}IQg_Tv!`U?(wl`ns-y70GlZueq$C0<;~Ym;9I(B(iY;P6+AEP{gxnuLl3mb%7k8!i;KWwLgvbT0&IN}KD!uBScjZv)z?GAtQN zN1IX)s=uarP;q2K9T$5bd*?o4e{PqGsY~u4)cW}k!x?7C;U%jy*}+-C|54xVB~H@Q z*H07_=0Q0+^?h4NNPwGP!P)&Xu>^5p2CLJZ%Qh8u$--I$&8~`VPQX*q4y3g3g4OgC zUjEcMGv)~4xEw~zn7ctQ8#f%mA~ejD}RvSm0u%aW{Sd3xIufxGV%fe zW^bjjp| z%D37Y?k|f;yg4e8lsInlvNq~n_{NixeaI9vlR9#45j-lC`TsiaR zVKr7aQS5$j&6Y(p3q?U7_Xg^Q4oNa=3Zvmn-pdn(t!Q1Zb;0|q5e;uH&hEMLYrVF}DiKGJ`GUEsi1?Pc#QVRgyz*pZ;; z#-O2>i+D(Dt<|(}hDZT!W+o62;FvV|;ae6~;%M`4F zwgi`y<5}PQf+}!WZby*2D<#s9X>6y9bce^-hu7U9pwhGGUeZTWX zm0TA5mI}LX;=|rwxcZtkHbLQtmnG`ylZL%so?&!|aKk;*#0>HoA7^qGM^z^t$!#k< zq0%8uAsV(~3*xseQA~on%lJbv4UR&D+EHJ!pypjXo{%E+uI_tKW@5un!b}ds1a!}bSNhtj z0CcYwvzJ8avd%|#p4;9HJ6eGEcy#Y3F$pd6)yq$sB*`3OTTGX~w0Q(^{Hjpmz{IsL zB_7p$$qvHK^mlP+iQz1UDeM&#^6F)A7M|ea={LZ3h0XjyGaBL=kAt< zt%5#&u4V;|_Qjlm8X_2|qm_Gpe)d)(qI;z^IyIAwsy0Z}bMyR5`0vr?yh;N><%e7< z46Pcf9|DJSO9@;m*nVA^+&6~ge};GvU5?z|iig6oD}m(3m!`fF)pHSOm~cbG9v`aC zRQ`{E&<-@1{|hzY|7dh2n!-}Ur39qjB}wG=h9ZZFh{vw}RDUqJD@@GnEA&IAmgFY_ z{7&qp37I6+&n633&)1Vw`#FI>l(6f2aWqUsidDqr4#CE9)HO$Fh1 z-5vnn9;=f6Cg*tml&9A|z4$FOsjmVFq+{D3FfQP1w}WbgcF0KUIAfglH?GFy--|0; zX)lMiQKzP*0y{7>FNqzi5p(&V=QA6001)B$@4+E>;kIHxJWJ;~bOQdMlypLcOwOn$ zYjGxK6d*~XBD~gWo{i}iU_QFA22j`1ec%q81Tdv)#=y-_;w&j1s}?o3gB?EL$V&jw zdG3qm5Da7Nzu(R}B?I8@cHqz}PAre~fABz8SN9Jk11|-|A3hNyfprB`K|v@P)F0Tb zaxorQ#;0aRfmE&bKhy+>5(Dg^T?Oi$C5Mg$!Y6hm9dqurf$DELYXX9WAtKHFS3F1> zOE3LK5Nf%c6${KBVafv&pkX!z#-P>`7`F~U^@vOWjil7MQw{jB!T`YTK{)}3+N^JP zL46o)t7g-wlsrXi3Ii*qUNW8rC%bscQ z-|xq1osx>R_4x*pn#?y|yYS)-SG5+ze8TbKb*FpA!glW4w`;^-w-+4+%O(T9;#w?i zGkEh>XsunTIK>6|hsvhXUrJub7;PLgFRC@?3p1$Y37?qQNa(@6h(+g79l>A)Mu7AE9r1 zTDV3+BPV#&p>;|_kMptEx+umRQRZmByU;Bb^9NgUsomplc0|^Ido~co73>CxO=lip z&lwSsmd1Vy8Wpdep|cs4K=q2;1#^|9A{wyP&|`7@IZ;f{jX(r%-;z?!{_^4Tj}M6g zO6B|JP16Z(B}4D_!<23N)!Z4vd2QWtE3w#2g`4PQI)`+9nqOk0-IXC24X~K4I%fBA zr)nRU4jaC5pv?=*Mzz&-&opuL;xF?K{G*+rM?- zB|!$r{)SVvY;QGrc=Xl+!*HK6F}0JY-+6j356G_2bIUbf*5gZ~S3rsjEb|Cd7p{(g zr!D4|_l*EBXIep35-@pv3;SxkY;ETY-fccG-m?x$%l7TdvTDA-Jyp*3rDe@cw#OU1 zRd#UPmV)WUj?MUB=|1w-Wp(=^h&e8k~kwdTn;1ez8-$m&+qFTZgFz&9b@Av}H z(7WR|_xaq|U8f)F?}Xn5qlY1UV!^(mrAfu=_E<(T-iSEckmbU#H1^|$&(T7`Nm;VP zSL&rNecYmJw*`6|r8Z{v4>sF_1Qh1$cj9W#d@WiS;}`Q}?)96m-<6sJ7H(gyf!XtB zm|H~iI*o~o+PfnXU#56r(t@wnHq0)6IyVNQUl$-AUXY)Y>tl&j6qJ3P42@3^^{uZX zdhj0Z$DMJ@6^)|w8{Gi^ald%XjQ!&(BUQY(N9Pm?bF8*(1+zSEb87qIDA&u#7c3Y# zfGd~Gs>a)579~U%hL}@FMLheTmkn;SntP3&sb)uv-fCx};eu&gSp>1nh79I8Uf@R} zalm9hL)=NV$c{AZ0Hh2Rt>|2dEX!nU22-eI_gV4x_|BcqMJZLB>%%Wz^Y$j(vfBe| zpP_dzFU_OC-OVahFTygn#Z2U*I~FCnFi}}lDpDp(v1i|47RrkL0{qd&7@_&;& z>Xncj*Q2$UaD1n+ny}O^?0Y+!%eQy+=C|qGtA_W!hm;#$&5<|hF2+k_3V3{6{eu}N zP2){1IpUAXBY8Jce#-k6%{*vpTmUz@&AakC6IImW3W}0F_!{0hHfwvC?i%No8_U7x z0r5EEc39XQbM}@@wmAxd0nY4S($Oa)9qXP0V5?geU1^pGJ>Oy^O@iJaZmH*%(q869 z`^*yp2S z)KvG2;8QaSd)V*0<`;|45RKx8Mk+ky*=%2_e=&I z<*}3!7~d2-g^AwgY3odblj|cE;0NmCj5~{_L8UH+#%D)fmWL|?rTa>9p;IM2>Qj+|<%0iU7r9lYQg^NBvI8Rga9H{WV{n-IVdv})d-;}qm%Dq) z_^(ybKZT5}Dp>p)0bHX6p!|wEAx>`GC8Qvu)X#adc?QjEFMeqkVb@srk@YTe7B6>e zYx9U}LFr&);CZ)>`9RUD`4IQsR_8%1Gjy&m9x9zSSmn>nCT#k-9j&CeHAe=cXwLH* zxR`kf*8NP4wCCs2H9soob>EL$kA0z&V)PC(DD||6X|Zs{H0-`<=TzgTa`MT7(&BFg zR2=##Jb3UcKg&Ei84Z~e9nXL4J>=e@Cp%hC9Tesv(ME+Ch_A>W!pRI{kt~yY(Wx#ZIy5sOF}%<0Qb(uhA#ei&GMlE+Bns0>(E{Kja5Eo4^pt9E_{izEzao9csiQ$U_%A>80qG+fb zfZ9kflrZ{V&RPFEzncHiVg8phgMxTrD6hQ-8VV)>|M%^wSzH}IApO_@n7X7LB>#0c zefs0XWcZ5NvD-!6nI1MeXVE_xt_^iVCO6 zE7c(Eq47mkNawhs+Iv8IZ|4R17>~Nc|8&=H2CqQ>ErmTKGN5|U!(ZL|jNR!`frB#$ zNLg(VIXhg_Z^gDtuJUY5@B`YE*togmGEci~O}!yr!lVoot(6R>I>O+i>*G*ounwB7 zd!)h;>nTkFwF>Czr59I5tZc46hWyweSVX2=TftbW4H@Xxler!3956gIq!toX@T%`_&~--?j%;RUWv^7|t|m==zTp$YDFo z${2`9~3?;~W z^ofs=_z5~6f(D!I9#QoiEbL9o)Lc%R$4~E8yE-QLQv~kx2O@hvMBsR5ufzNx$yWlk z+|#_DkU3+3vz^Y|-j5AHH%qP*KXNYUiuDzrEvbO5c9`#t?wli!aD!?ITMqk7X+ZQS z(7(oK+rPo*I?3A8>jvH-j)9-q3dbzxhuu9O3)0+S_Z)zFC8V2>_cloGhyyCa`UDV> zlV<^vV)kgaeo5V;`M+8_^QWe+D2{j9Y7x*W(`q1!&Xl$kkg^s*pmi8wL<>|FBL;|= z28KoUr4X=FW)P-B6k8GmDnpAbf+Rr7T0**DDElHp5=c^-CP+d8Vn`s5F+G=P|AO9M z^M1H@?#nsvobx&7tM28wtVEARbJ2(teIZ2V%s(q8onnl}bq)6F) zap&xT!iFY04r!^csf^pj8ki0nRW2y(R!&W+^5ZpIX8rQrqYFwqYLt+m?SIG`=&{H+ zA^C7@A`PsG&6wtzb^4G61qO?^a46}!5FR-IRS+jYoE1nVMce*}g6D`{jyjv=fZAJ- zQU-eYLm_@=qSllO)U)?(J5=?%P&*6-UUVnKcHJwDv(TW_#-U-D(mMd3_In5R;6yUc zl$S7kBe@o#i=;Wi{Ba3^7c)Z;&mP0%F}^ajEry?&4}0;^0uhJNo$^nJ&RO3mHJ}Ar;)Kne^CGH@`qPvtA;yp6Q-qs!KyZvSEXlX&q+a) z^ziB}+L^Fmu_Q_w!*XXYnTLRpcU6HXeT$U7l>tOW0R?JSEWZmORbuCr9H>tApa1o= z@?jV$0bddqTHV!V;_5v$4&>clc8YZx4umOc0~65fdn>5f7v38Yee-*{hY$SC&}IDD zemgh0PAVFXQEmUjPwG2$eFMD472(rv;}OBAjDfdlpryc0h5}<543B=W-me~@@U|ER zVO`T9IbbzMceHYOUeEpWSCjAjCJ|w)i2C{5%`G>4oxYRk1L~DB1QAFkGOWz?)nDiu z;b;5jOHfxf$3g0_k>yMTctfdoMmm#KK%ljrTLj)N2}jL2nsqdXm89ub~{)Ttp>= z1L{qnC+4L_&sT2+gVt7U#!EYp^hNeQIRq))+UlyqPXK3&4~UG&gRDqftJhvN{JXLo zwDEOIHbP31f1U}TJbQ$50`b;7peKVArelCWsG{x|_XF`!5Gi&)dGvC@UOU43ficLT zXmGEbZtMTybp7$zMKbC7T0M=^;+(m0kj7!V*sC3A6B2$A&2h<+Uded5JY?E2-VGsN zhp(ych{RKgWP^auHF5LYK0)L3b?Dp!ewYyREAck7&ECw ztiX`8#>HbgURL=*lXUs(qQun1HAmXT%zhydUdGipDHdA>`4cU^%pWzkscHTwN&3@Q roT~q}p*op$$#}!A?mM3uRt#^1Ph`0~avt(|4OXCk@L8tc)uMj^vI>VJ literal 67206 zcmd43WmHt{+cyj-ic*6}NQaa(D$*z+dQm0}4FiZuH%KFm5~6e{qNofoGzbhWAV{fn z2-4jh&#}4wPptc0_j=a*?fKwB5oTte`#g{1SH}*$qoG26mfmjS1_41{B&IR32;&G!Gj&&Hie}?=6;_wa3pbG_?7I`bz9tR*;x8$e=X+yQR|Bfm#unnCgR@vZj90{ zR`3}T+)%HwgnoKrwS-kq5`zwu`t1ZHM zX>wi;M;i+RJs;H)Ug<}>=jZ2JwFs6JstT1|l*DwGIa+v(2GR`@6kXEd!-@Al=4@$e z)7W&lZudJ&yS*e%KnJt8P?DD7@SP7I`KjN!WN5yQQobPfrqym!+BX!usO@AdJ_ zYh~+}b)?&+c`Ql}n8m2ix62h+64cKy!YSh(;!Ty;ry$#6e0S)EfOljDo4 zHiNz2-|$Zi0`p*vF)_0(SO6Xa-SCfb)EB=VW`@l1Z|2x6Wqu3CiB3 zsw10gBc27Mmrqjp+jP9WvDvL>+c%e6m72l9!yG>yLV2I<60KjLdALMKxJ2nuLAzXm zEq>=)oqp06Em;5FJMP<~!9z{j0t}f3nG&od3)mo-R%(ELdnSRQr5$)SQ_`a1q-M(Bx;t}@qwgtyT!*Rqp{{R>->Ryo!RKfT@_|?>7@!s2jx+sI*pmG z4-2rNT$p26;e(=hs}6T9^DSI*C_Kkrwp=!t@s1+%Gz0H-6pU{LY`-`ytM7)-gZl>+F~D`R_Utx&i1<5ig1k*nm$V=Ld~PGeo#dC{*lSB+aIVg&XlC&jN)n$`^G7r! z_wi_z{lud%(+J6LhTc2o9#GY+BV{*lMdTPf+n6=~`|YLbW@`}H1w?I$4J)5DcNVFJ zp5wB5|5E&)O^5HF-B!k$hx-HFLNt-1+`)$<;+K{l2(0(o8nS3)^{EilE##Ff@Xq_K zrN^a*l-u4ryd91>)WaS_kL-o2qeGX~W*#1uwZ?!m)bo2wRV6wFkGND?V+HjdnKnkK zZyx$vK59=*nV(pOS97E1$G~!kTlI>JObV|E7*_Od`MG_2al!PxN@VfQ+7yqFyxvx$3xsG_1bUDT3@ZJB|+Z4^|Sf@ud z9%#~Z_x(-x{Vf0GF2&g6Wx4K0i$>?g3h0d01q^+4E;uel1rDfxkWQsr^tA6bPl{QR zExt@sDR{)^Xvk&Q-GYw&iH79FdFjnw)0j%8#fmizOZde3B{Hr<&T+xyKN7DN)KN&c zdT)=O9!cBuUR z=1Z)@#CMn4Gd#U;$T8WvMftp8*jv#PSQ*T>GD7>J&ZwEtBRr)ux^!vIhlT z*5EX&C(fu~p?IMG=y0oQeBP)6T66J6x84Ai3e)IRXqvkbKW4HuLF>amG)RYg#fe=1 zDTP7yBToBF2IrYB^EXGsK1TnJv>`;grn3zYcx$BXMGH3BPCa`pp}fAMv7f zTcc%Dso|@S@|tmXur z7Jj18sxSW&?7>cIO_^w>(DcNsmN)aNZ*Mx3ZuVQsVvDT@xK+}pXR~rQJ!~shzVXs# zGe_vknG(t9UR8t&r_`6F%FAir$)@OdkNO#M=WV}`k^|x`#G@A^6Y1|T@ zWb>6z5>wpwD5>v#q}_<8V#8`IR^ zb354R*{eTTr;ApzYV4=!1zfSOTl;lu*h7%kq4@$7M@$_%>6o+D;1tC0p;xrqXV)SgH zpdt$4Q~I4-bvRq+7!_TsoVsc>@ZC8j+THZZHXXy5BZy7@$W76{QY8+s@ z`XLKD)+cXD0qy3!dnHUtTk9L)@$l$rH+CjA{^%T*kJWqo9VyvK@;&#O)#scV*a!Qj zNw>#tL=o(ecVF_nB`O^1t`S1%w)W%N!un6mt%dz_Cm${iSIWL*Kh#K(D)W_Esi!`W zNe|o6HTdeJBlJ>@R~~xr0Ykkx>WzCdzi+RmUQQR=cnBk$YO(T_Z;W2v3~jgbtWq4? zB+HB}#L~{1lwOKAjzpUi9eu%iz~NMS$Ft~5deME#_`{Q5pYA&S@jJach;yQ46t|+6 zg`Lnm{M~)MQ{_E018xQpzImJ z8QRLZ`n)vZf8L zjI8d?<(AU~N~%7YBX@ku@@$%&72l$Y6Ctc~LgNg*HXep62eF#Q+m3i`ZM>`h@-S=n zaMss3c=Q{spzcMLSROJ>%x#QZZ`k0q0H+x4Nrj1&HCj>zMmbNnoQG%W{mt++He6jI zFTUH&z6)kal-5rS5+*C7&y z5SOOlF{1K?;-oix_rFaEiZ1b1cW_ddtbMgYQ?VP&tc$J(q0JY6!m2$Q@mzZ;yEk7T zCqP%vM?IUsU;H;hdiT!7Cl`fbB{L}ni5%PM^Xq>T#f0&&uD2n?*Zoe$oz4>pLs~1-jx<6?$}cym3JC1G31pbd%QSU1`C0yp_YY0!?MNVF;9hT*t-JP zUlsUJkybrks@#ge_>C#1rbszExRO6wo{X3q^bJIkVaicc z&cVzsAq>}Sn4pphm2m{iA8vC>EfoGtM;9vR`M%&*PaIeLAgEWYmeb@nT92IDI(D1E z+b6ZpBmMkHwJyqP;`7_5yc!Y>{jqv{Yg<)X%LJZ;YUjrQApXG_D$oWtiF0$j>hi`57f0 z%<{LE+yIJY+m7Iy4G$%^1|1jX3)+jhRAVoyII!gcEG!)I-dkvnzB-lH$WlOf;#4nm z_4#DSw%ZXok{Jv6EkXrXMdHuG`x8fao)M7h0|cY<^P_q;AiCyGCge=-0UKQiVzjvx zf%TeRrlR+opSK!#{Ql*9i*S`%M0_Q*9<9n}&hlG8moEY)EVch@)fz9_JiJ6iyYAEPg01$qSMXKE zWrw?S*_vr`&8dC$q13VlAz!Kief?2PNV3WgeIuYFCYdOo>b?7kZx91w*Ny~T7tmtPc2TCKL>=OGw z{dtMj04|!N-#7vw+%8%^*cut&iqjt(u$%c1*B?T~slSb1t|b-s++H4kfsh89rnu@_ z2Vj+gdWDap51>`K0HE0w>3gVcFfldL3*R;Q{pI1>K@oW@AC|vn_c=~#4qGq}n`_If zTFPmmsAsq1JV&?&z2(il&4n2L)-}hU>eqInbf?-<4nTaVlSyuu+iUGFww~+3z5sQo zHWlO`y{}H64`6G1lUcIZa}t~>zn`h$E#rHKiy6A1{Yt)Ajoyb^G`U&5&Hapzzmdm(*) zIn+=rK!`&>#kZC{Io>bC>R-JMqGXd$`AVhz1ow#8kA)47K$sR{Ud}}xO?US8LS;7q zoYuSRGcH?0uH~P;Jox;Il}A=TmE=(uqY3R-5G6rq$65U?y^cji9K*8SaX?>Sl< zh_B4)1w_06TV!P+QvR^lrhGws5AK11nOdq$UvRPbkkkF8!o~<@OJ*r2+*+G-yR@mm z1K(Z@n%w?dGH1Z=#qy;^1$z*|iWMm&%>uiV#LT~!J`Bj^qm)^`PG@h@^lCd&X7v`M zm|2Jcz)&F>Dk)zQ1re$dpx%?Q)#teW*)F@1v65hsns>Qf=BG=q$!UJ=oMhIitRFwF zjSSBI`fLjDHjeeg?D*T~6!~2rRP_#aH$atgaU>lC@xewt@yd$lT_fL#mCu=}4q2Q; zq9JiTMm|F=zJ&;u4^~j@M}2BdlRDh~Yn^0Wys}LwDhY~P`ySzGCSw&Q`v6vz7wk=N zS5(tVf_c?Q#RG-_hMQb{`fK@sK=C=CL%eN_&+H4aZ9vcm=tMX(LfU_*U3XR|WW9b# z+EH%w<{DLb>eRyl3whz66ts_W?Y}FapAHu&E(HiLy|2JR1<2NhBXp23!1j{^b77zu zDCfC_z=w+DUA%RG9=xEEBJCQ1u}8rhH$_Ibz2Z{c75Ciut$kPECJ+z?DW}IyD-Coi zd2XR&6a$efTW~Yi7AowPpz1I+jIr;I2D9$d+gla=*22p^?qCznx(=UV@<-C1_*O<} zpkG?MssKs4{L%j9zHpheyg$pfaJM z8Qj2&R=}B=Y@ETdh7*rG8uJ#&@O;ci`%>I?SVq3B$Gvq%mkMoyJG5if5(;VQJR%yH zku)O9r7{u_Ii%&Lz1|gb$`Usar{MH!9}@Ez(8nIH{6Hx2QAbop=60rvgz5`xfJR#y}!fJD5)TCVW$Mxm=hE$3c?V>^S7lP6+e~h8%d2{LE(+||; zGffFu>wlh8?&286X-M6P>9#~X<6I-o)#;O^e7KRprqsm|<}|5Y{pxg3GfIgplAKAR zgXj5LAeX%;d)l&uII>yzXC2y-C2x~RMiq-B$lEf=AFSWc(kb{zc}=YS?7M&HThr19 z=@S+AKe8KyIP{Z^g_qsS@|WN#nZSwEq3?5Vp!By<4l4@p-Aaos8m;#SkO zxi_Al!W#i2r@PWxlOA)ro}4y?Kq1Uai7J+zd!92tevMj*-2bJd8p)X)&ALIpdeYi} zGrjwDiPR_0nq=_!{Y~}VMzOSd)p9(4Lmp1KR=TQdNH9l_p<-|BNg(OHuOZpcPUSLu zg*b#KS<$T%lKk#$wNWg{SF1V$R91 zxy83Ka~ofN5bS))zS@q7x;^3Kj}5i_M@`fyhL8(`gvRV=*eL9He1C^G{|TW8QqQAh z25Dt@hBKLjb-U}O4+*#N>UL|wWiQq&O6tkHOB2MZl#4t#PbzO;_PgA9)INsv3|xk_ z#8|EEb%hsy7afyd<}RPYsS3xP+! z$Q52&ex~e-{D2^FbkF(6{|c9Ra`)Z_lfXKVuy?Ec_aId{X#afQ+b4-rLdS5HFJHXU z^|Q~-?LEO3>6r8I%K<3Mo6%=Kn&q4JUxP&@EV zD^Nq@nP_%QTGa|Bmn;UNf9KD))g9V=o|TcxACP;Aov6`q=}*l!Ll~SpAG{W$O=-=g zhhNOB`wMrHO8ue3)*HHw5_>=+u%7SDYwoPNY~6oFdc8w28$>L*)@`F@P#=*78B=+b z8k^@PWvr*Cp)a~G<+`XpB4^SgP(Ec>z=IE+kK6H{wiVDVY|;g|1lqbUK&BR20d!RI zjs>FPCS9{N%#W)Bfx|3PZufCM4+0-Yu(8#-RB01;d+2-(r(@#HT*FE%sJ)w2M+fak2tfAU-!=&EUDS)0{pH%=9C4jN-n#O+n<@Bia@&^ zbm=pvD@n9x0y1ZYsHj7(BSQ#Aq&x3>tJi%hCEKJf2v6Bc^Os)hDpr)5Tg`5?#;BG; z-@buH=usPhzwuidQo6-fGd)#+jE}+AN~;kNB0{5n@8Y}6d_K8J16dD1k=ov z#-L!!u7-|%3TG5z*NuF9k;i*40#H@R5NPc#W1&2|WtnN-{h-!T4p`<^da|OD!Oy}k ze4WdYYb6bM2%6K#H-?*T04;Frib30XS-JTBRQJgXRhaL=jeTRFz&ja`P zOWDI%gG!%R=3>RztNl-Qd^WNk=>*CViN{rD{FXxs`GGrN)7gHK7!a0<)Ak&aPa2oJfs$780y){|{TYYB* z@t>xW><@~14CflVPyL)scqkB4pl*19R*B8r+`OzKEWPOzCCmI&mQAd=e6Cpts%y-- zK7>k0gG$3Qs@f=kJN8x(D^&&}RT#B2l7{5LhAHpGL=15!S&cm*kh6MQ5k$^7NyPB! z#B96=h1|9=oi331_bFf*7K7tfg;Wo;HY`_S9$O2`0$ty4+58>uN6;du%7c<}pbBqQ`Tjon&iBJO+@Up7ZA14Dq~u+`zNDC?FIhRO zRUtvbRr_6ndLaMhh3A|iXXpjH(Gu`vv7VK0M4Cu`L4jlTWw1gDj`5w5G6mRjB?*lI zb_4-^pYFc*l>TX)l6;`jw&^lpJr(;N_{5H!`^|c`^P@dzee2km`KlVP5X9Z+37pq9 z@|u`H=jcniz9S6jkzOpVD*T~Jy*3t4JEx0fBjf0;u)XyZlZtxP8 z*KxA-Hn3GhQIyc>RN5w}^GNgF{jB#7TL^Qt|8wGSAD{i`_cCxOua$hXvub|D& zxMLxI2<2n(VFn3w~ zU?Cs7l)-eM*1t^@!!Eh{0^N`vg!5~AUyyAxL8C3D@IrR&w-m|h!|Y9HTrz;B}0rXqG9c|2^*C*2eR z!k#GGC!gO^ZZXi2##ui7+$t&UXJ)qZ_LvPQszx*88w9kkDVU{78=fd5)GGU)TA~HW z<$*YGG0KZR1KE??Nom{dHI3Xbkqvqqzf>1Ra}@76^g)$wZlEN0Zzx@{QNgi>m~Oj+ z&O~Iqx6;FPt~c+!ULmfSz%gLhb4{I2oms?YI0WA)8oj#Fiu6OkL5nZFdhceq!-lU4Co+y_f4L%;F$B3Ef-Tx@b zda`Hv4X?Quh+zGaQ^|iDQNLbGZjFFcWoVmxTELHe(3mEmNJk6le&2a@@uSSyI6{3L z*WbExf9<0m4zya8t2;{l5+5;ZRN!xsV@TpG%=vV`-iyP!tT{}2P_0gei`&>V+t}uw zAxg8gy{5l5V}-`g{G>@ejw$vNXbv5bYYj|}`SHJgFtG#?Ucg_v|M5lpK@Bi7Lok!4 zMP^u9NELlrGciI`F#}YZPRpLnB;)kRPFJ%o@nKZ8IxLDXSy_h6`A4Q$F$R8>={HK52P;%2$=x z6tq{vhWa7><^UM%F`SZ7F0~jrM)xt#?WfDYfHy5sy5p2{oORx>DW|A1^feRi9|GJ> zF6n#3c%)KxUoJqEY4ABerNHZ%9b;sz`ng9UZmP73NY56TYh^mbdL3Ds{dj7o)3U2P z9~4=zu#QIm&MCABc*r22G|GQD0A)lg_AVvjg6Q*@PT=Z&?MHgsx+vEZttFT-DIt#O zdMXTBJKim_qc%>9e)v+;ddm5}>`D%PZLulK8m~)@=F8e+s`6;r zg(xUwmaE6V_)yBFpsdl#@y0J3&d~3g+MIKYKsg15x`%UmJi6Ytyxe5ufESX<_|hj? zRA3b;NQw_ZFj6-y2-A)DXlw0X&H0?J`uO{@pN7QtKIu^L8|bHGBiK=i%_wHjM~}Xb z>i3~g`eBJ`tn6ju11cgcJBANHXRhkpRm(@p z8^nryC;zX8yP99}xSYqPl^zsK=tNv9$DbR01J5`?Q%2qBO2xq8|XoD=A}X?<^R zJhuWtQ0wzOE;zn=4#(L9Ox;BzqB-dI`Ow}5pxMp?Q(qI_4x(hWL7)rLT);mxAF!>e zM0_=H)?W=CziFPyD`7uSimrNqErb2%&81=_Me*S&h;15ehYfOj^MAYl4K9!;c>btC z4knTr(#q6erqkm;r~U7p2=>&$A?6yAVL`Myn-5<=)Lf`oYqM#-WQ4DHBdFJ%3vYg4 zRqac7+(W><%GZqzu$-|)&ARsO^EFDBe52cfV>=j>AMMnNQ}HC6BY7-dPQ`s{fI#%-BPAICMxwK zI{%4Xuxmxcen0-9{~ZOH)$f)zECnPBHsfVIip#NR?f1E_8$rSOHyF0xbN-eev`S&bm7Yf=W>7hP093XB1JY;) z^Amv;N6G=qMSuIbA$P#7k^ERkN2fX3M-wDT?O84#(5>K8fHno@4oJf>c4R--*dW3lOnZYJ?S0tXA&%9%_tq_IeS+TX= z9D>R%5MnR@;jj5ds%ZUiZ7(HLh6w6IL`kT73u&$VW6zl%+2PLW?-Iw`Fu$}7oZooC zZ*2mpD!14HRC&=tyKQ;2?pUQZY(rgCFb4rt$UlgJdDcHXFlVh+1_xgKcYuIa?J{dG zydcF?+{~R+N;3ztVj+UBe&+quknRIoeK10+XJx|bx$Nf!ts0+W3NZ;;EF%2gd_g}t zunc}t`ET;O&Jab>gOg=oHSvRb#cl|(!=W&iH#Uw9B71AwmiG$L97vKbs#N|Y0Pmjw zZChFJNk`{lv?|Teipm;%G?CTx8`iZHg>9mtc3OX{Qd`H%4~NI)H|jU*I3I z5>XRo_SZr0zCtdeY`fOqxq(KzH(AngU-zVDf0t6cTCIg)HzXY1F#Yf&F1WC$e^-hq zxurd0XMY?)LnzBQ1y0;{B5Jhj^L?JQ`wghUKsv)|+7utmTy{w@SREHVCaK4sbA5)S z1k3P!O<8jU*|L(hrbzeDl}%dSG>)K+6$wDm@(ik+L^N|+@kz@(=Iith*3h91Is%1R z2FcZa=ep#Zbl~gk5KZ|sO5NAyYw~!?SHvc8-WPUdNu6Qcd<10#PEQC}4Ex}qU zj)mQBw7HYW@TBZa{XRfqjNJ? zT<=7j(IWNW^XudM3fz?tr8)3fb5~BSH9G?9VPs81;y;_D!-fIHO7>IKmCu)w_asSd zhG5BHSEOjwXSD<|p+xkj#DxkJZA^c{RsdJ1*Q9aaGJ5bC7!>L`hN++}JY&E;Vs{E* ze5Z_-AZ++@zU!Rvr>Iexpwm=O2q!h!?Hr!UoD=1h^ z1NhBTY5|4C90~Uw>8%iNeZL?QlgP$SEV~?@*18(Lqk(06o2am00)Y$y98*)2Fhi{7aOOMfBu6@ToM2>-8FY`DYL zQoIi~4Bm#NO<*OyZIEB)jr{KPdvM$~#-Ab|54z&--7u8xDCp_MPk(>e*+mLRnqE=- zHa@4uLsGRCcZz*%u_}PQYvak|_38JKn;YlKK6sKo5?JC zx*BBX$IQ|$>(&B}NNEZ_4QfVyFspZOiB4n`af)AH8WhE+lsv7GCsx~bLtYb;s!|_; z<+aZgj_H9YuN>&UbA1JwjimZ5Drc`J+@T$8tnEQIE?Rv%OhkSj8aEWIpXsHF5#L@i z(j7o;?5qtWeLwRvQ^g|1Sx57bYeV`)$#cp`yz)woXd@Ffl=e%rkji_2 z_jH$cfnInMA>X!*MEtYR46gt)`~(gDu7F57#9Wq@KcrdgL6l>80bJVc5iqADz9ONL zq`8}sEDHm9e?mbaniyDa;*50LB}sC+F7P59jH{876M1awZpLX|n=4g$BH@_4$pIkP z=Ih`C-}Ktsd?{4=he%%B^xKP1(8cgbR!arci(uPKNzhN;hf?$0gh+&~jr$!<$m)68 z^xprdw(_+CvKL#yh!&vPY!Q&LfW_eTY`aAwS--AJAY1xrqXx4nL5l1NN7% zo*mAv0?bRf9WMjwaIU$Ls;UN#W&{q&BMm{H=aZGG0b(rb6|>P&*p&GrVd(9Zzh2U` z99rp0XTpgSQy{hCZ3W$6BXr;Q16fuN5Yb3u17MQI5pW*e58)h7vC@tSoQxeK56EYf*07}4N{lvjESiGV;nxjuClIsaa@FZ->a{bd6eFm=Da?*%0E3qaxMMlgC90=)ZDZN>C5r&F4ueEv6jCT; z@U?WqZoDblTYgbY;aOJ{ON2bgpN14j3e_6FGkI+B-pOEDG5MyS3nGfUK0u>~Iq14C zfq&8X7vn5Q3BSXC~+?y8g#Fp3!amWNjd z60Z>72%ZQLv9JD)V@?+#`#}sbXW0@rB#zxowI+k2q~+-%C%bx1PSKS_r7J{a%<_AM z<#lgRu7y1Fu1AZ1e-9Z}p>tFp0PKA(dfZu?%M}T=@k5e?efm_WgF8T5ucmX+O&M;; z6^*A6@#D^(KqN3(P`ekk{3P!ox09D?+%n`2mN{Op0hM0=1{%-Z(kSBpSOrb~|AjsM ze`i979bQSxeL@GI*Vdo~gw#?VvTlt)uyOkB^H-d6^2GOyH>Nx5n4gW6G3Oq0OWtJM z>>1UuJQ>yl?;G!`b#ZSYZ+m!*f&%Gc6HNnS{mp7F;T&;Yq%26cOkci-$~^hxRXNgf z|BqpmzBL3AMx|qiAXDedj=yT4HfQdSV*4$SG*^G z1p8q7Ss+wc^&I3C>vuKYokv3yp~z3)X^AkzNb*ZI-M~3EKpjw1%5A?j0KM7; z(iGe(hv^8$_=Kp)9sqS0z>Kx8aqd*6<2t?qj92EJvsf4{(FNHJg1<)>V2)rF`Ki7t zg+b7o5np7@ROH$EW5gU}^#Cqtg+!UbLiCt;qm6~ohd5}19#B*d@PK;c%UYnG$Q|>Y z#mX(iEHFSD$>a1LLJ_?3Raje0Vb z>=?oN{HLb;kTTuc+u9C&$iEwqnf$s(iboISFB%(1wpoL_Tb~Yiz{REQPtJYXFgwY+?gNaFT5rGv* zU}~(2eS|2yc>w(sMPWiu*4YUi!g2&(xs)p$C3Nx*f#m~OGB3u_^Cz1I%N)JvBiuFJ zf+$6nKHrMwXxSOshCblccD@^ngliG`S2%b*!=;|$u&fy5Xhs<~9AYpv{BEE#O4eVY zLw~%*i3xotSAS_{hv(M)Tk^x!p^=5Bpr>zKv*$x_ptCBTn3jV}HkYs3?gGZt%fIXa z3Hc<4dV*L3U;ux8Qkoq%2$ahFXnl^6`wiu5A@(C&`*1@Wu#?d-V$q<-L??SeLAQwE z(JV%2mva^*)m)Aaw)X6pjds{SqGSSGp#|=GLq6sp^-9160Wq4z%S4OCwZ-o4z zn+J3@FA{qsO>ZK7h}rpa??V_Rp;$69F4hk;+Z3_hoTKUUq3%r0L&yM;f!q?~eKrvF z1dNs`j#)&9EmT*_A zIQ4u&cmoXm_~v<{rkawFa!gMz>5#D%N-uTxEHovP|IEM1-7fdsSrvcMb+Kep20}1G z1l=@h*v5MScDe>Q0rp2-Mhhlf3U5Wm8#@fEybsR)igRnN!Jw&0d%+-^G~(tMMDB1c z!TTHZTxS$#|Ws6jhu+o`GqrLQ4qKNAXJPdv&N`< zLQsk;2YCrl*!6JnJil-zifJ8fOz#Qmo=ViugVX0=wyVKuImLh{ z_Qam-!Qp<8gc6qIfL8$RDMr{Ya7~@b46;5E&CwGk(^101-4i_lYG08%tTf6~8hq&% z^r>YCD6RJGc_x&I#mhv*x#F>U15OY^fH3ir<4Y~m2s~2K&(eEdkawI^GrGZj;Mc#~ z_S8$c6kpvXdcK(HDRRsLSu@T$;?8!dI74?rYMuhN9UGf;3i%t!O8fthfgnDd4Fmdh z84T!vLwk7u03a6ZS-i0$RR0A?@2^+_hNNSJxkzS+Wg&xu{Giy`M#4OuA*ge%51zq3 z)I+AmAiZTT&xnv^B+Tbsg*2qqGY_jVVE{r18v-|W~t6y0L*xAeg0^3q{LE-wTWDjM|0>~BZ=*C{Cr zd+7HlHJCX6|S7-Q50LwfMsDcxr( z2n0@edz}oPtX~@r^7^Si{Xhs16Ss|Ep0f5CO^tnDT?UR#5=?suT#(yRIyiu5c=!Vvg#9ucS zR{k~)0B4;C3W-DPdxV}H3yQFPy$z99#whZDN{+b8?9~X>?%5mgT>Ig5gcLz{?TMDS zl5nA~yk)w_KU>Fbq!^&T3hinDpwj$glI^B)bV9iEu=~`%FiIh$nju?x8{TTWCjc}& zjR@rTknjFGq(_qHunM}p*9V`Y!{Qd9@@?&xa4ND`A?MgL51#nOLhUz1T!e+xfQcGb z7A#rpHAK|%WNgHh4mBZy76t}vZ*Q)img~Shs)gXBDO9vH+apFKlF*~?_|j{+<}|_; zcvKKv>yMlp0Jc@6e1kX17_Kx0(hxnry#*4kt;54n49uP__Bxw0c`n!RZzu;5Ed0)j zv%UYQHB14K>{vIk{q%i*(O<=0A3 zqJ*}a_%U%}O8_*Hkri**+Q*0t0EviBgmX0_T~iuB85V+YEZ_WzN%tidCZ+Q8%MBJ5ONh|1KyG6r?dRzT4|u5!m7RIyFaK*JSq!SRqLzMld477k4~yT zK~OX8>+ADQ6&7xn_)Au`1n0?#@cH$M)$jZU#xLnbYiE0Mk4o6Zm8iNuK=h|6@EoZ% z_3700GjZlG?Be`>Q;hl>iP4VdfTyD8EfL|yA$-}QO-;do<>M$a0LLPZ;=!DuJjC7z zwW~LkpHs*1)mxvQ8HDbl|2SInq~Juv^@hMkn5SD*^m02=aiWszzUujj-E)WNjU8d9 zvM#0MIBKrzLwM#@-|O#_k9V(<-+45`L^POC5+rO9CZ829vgJ?5=LNA{nx3X&MFvqw zPhh1Gc1Rk11?}u#UF+|Ut`;QjrU_63jC`PP9HTC7pG7(kTgU|&BHDyl&o~jeJr!0b zB$|zB8yPd*6Ms^U%-gBw!df^OJ$l6&bkM}emVr`4$Dpp0$W_b~a9@lv!fN|gBbgyD zJWXv7P}!|8V-}h*RH;k2VDa*(!gUf+qi`` zrG5mqHR1|K4_LvmFal8-A|12}LxCzICL8*+^-8xB9 zrz&wX5SjY~XKR7T9D?dLlDD5nol&$Pxrh}aITN52$s()Io57wcQo~4iu2@n-VleU{ zPqkdelBt_;%10zBVt>8EhXQMh%A z@cefk;gDvL5>oq^RDsASF8#%ntCm_|s5MzvZgi*e1l;$nxJ&1@PicHck%XE8L%}P& z>euiR$!(O_%$%(YB2+TPVG(#j97x26^JOnNK`GM_Jc*?0G3np~2vI2Tyet|ACf8oX zVK1n9Sh3!vD(8BZ^ll>5zJ9nrSJJ`*rfX`QA@a}*y5@9>42GY)mW$*AJbYm?>~!(% z(`y;=d%*If(=5)PWFEVyAFfP3N7o~AgDIMZO}_OxOh|?zdW2k+6-3=#5E&N7bOa-> z=7>Z(N0r*zfJvoICvIU`;jltosrmXw!_s#@4}Wn>tfC3Uzr#I@q+ymUBri_tivIe( ze<`QoTmwo#;f#GCiD`t+2;R#e>XlrO5>QokGa-#*FX<8=*( zs*ftg&h#e54}KmiI0~Ab0tNh=*UD$!`kT_}3i^Q#VuTFvcrnY;QhhVMM!~uAC4#!u zx#34;zV#tTfk#AB{*Gi;JJO=lQTILu=!EA)FO+=>_ zRWs*dCI~Ois+H}`mqXOYz;d1sYHXSnoDN>A^GcB^;2vPJ8qZzAhF^m?CmkA_tqu0; z_*wQt>DsXlcZg7EIQ={~VN&)JbM-5lAx8|fp$L5Hrqfb2Hn*_Y8v%ZP9R4Ew zgFKib_)HHEjG@iPUJZJ=?SY&j7_|4q90s+*X!!!54E4=!a%5!g0NPpe@T@&_<-Tga z6EVoMOw#}0ZWc7)Xc4DH2!}j81N8FSZCF;3okIX<8}6q2UZCH5zLLY>*z918t`8b* z(!6;D)F+*z!-JU0tEND>v;a7mEv3!C#m0Fh!jB9L!?ci@?L?vN$nYlkYsc9KUI}b; zH6~x$5r^a|2Vk@i3u0Dt!Um~aR5Co4!Irc5pEx0F@T!xo0Vde^oxq179*lKnii<-{ zJYB>B@Giud+m=PIXvpoDr9}n>5`zwGa&5>d=Bn-RAWXzyph-FL_rrM03*0$_Bf zcZ_bJi7rG)FD@4f0eL|PQKYaMfv{mkDNOgZ!Wf$j^7sJfN8GaQ#wOUhPIuJQRYD9C2?Kk-@Zdc$d4Tj_Z`tnKW9Dhclc00trB9lKfeLN- zfb|v%o&_^vWFn*HRM71?$}mHArtRjP&a8r}n_3zI0_i~6hDsVES=+CX;F(>U?n3AF zOp+1M$*(Ul?W9+SvE>pI=sulb{iMw+cLLdYU-~=}#%f7Ne4w|cquG@5Lc+t~Q3Z`4 zSSJm-0mrK3rB%Q)ljeT{wuJYBaaiR%RM@l4`3nYs+`M00nFnDJ{{QnQy%HPvTEa`q zh#vyX{>iAyyA!G@4H7N!79fAZE`MDL43zZ21$2cn9K_Ya29B1yt%ux!LA4J}AYt3`{YLf;tkI1sK2G_mR4C8K2)(5z<4N9LO_ zgvMUG>-Jf<25;|4MiA3~ET4$ggJ=Axi}%%k)J$8X6|PpeZ2tXx)#(;`W8yJZV}qJR zVqi5XdOie}od^_|pcN2C_tuJ!2Ih{*?Jp}@Lh`Lap*?tjev%)az0*L{(w-UG@T$T8 zM~NxbT*Aa-tf>>)PR2`R@k>vEjq)CJpk5|8d2-)7S+$Hnm^di-QFKI44Sa!NM ziJnCGZdK~vyzRAj8UoJ07|oM%u0eGft9n#)QVZO`c_bkW+CmLHK;kl;J{Y!}?r37d zlP11xj5YR6?7@(rGPQ7v7{w7_#K=TXpcq`y#*V;Uw*HSs zb;Z^DTu-2|SQ#x9@qksq%S`ecqBesPbk{>doeYU?tP^1tV3>5dLNue%lUqq0rBa>Y zIvY_+_0|uZbzPX~GEh4u5wy&1edBHPFe1?YH5QYyM=b$K9-s2NGIdZZoFX4E0OceFH^|Vnjc+leLFVHGn*~1g2Yi9EfJ&nKp%p6e_(83EkhI5!pft zA*VeQb9kc7T4km|If#!5JIt=|ZTzoD>p`BtfKJx@{%y32^X>Ax}7m#Z900}AG1_0H{`P1T@1T6!1OaTk0mT(YB-l|C`J4>z7TjW7oa_7IDbm?j+ zLU$knzeTG1N6J3Yon$A@*SJ%n(J6Kbc5U_oRsoFxwkI(RixZv+V&;Pi^-%*5Gm;gk z<*9&&S$xm738?~p*|=0E7HWqnjk>*vIDD)sR-ytS9g3)Xr>eCB)WlRsL`7NW7}C#; z-bw}fX@)!v3q+PuH%>$Kk05V zdV?*b_4%~oFQf)}Uhxqgcxq*EtB2$K5k(MKl%ml(xMT#6&yk)(&yfVJU(tNLP-Er_ z-@$m@_^*!>idW#n+3{3oOfA!}Mu^*oxr1ZErEPXfUu=1T)hIuk?@43w+_~gbv6a*h zF17hLvPg|q2=TSsXYIUB#i2a&%D#3yQjqI8Kd5{18jB^PzTdL4IRl# z{5Z2HMhOvXEF@I zw%EWzM^aOFFzc`FR{cT2&~{;tQNp>wsBcyw=}d$syranr7Fnr2z4AXTFN?T;{>eXa zWLdh@+o3Zu@EP2=JD-9{R(`R_;mwTTN{h{~+#7!=diuuy4E3U}nf5j2W_&$spPHUG`j8jS_}bu9Cfw-C#ua zNS3mc7S$*rS;xqlG+dN~8B3PzDKhE){jdAD@8db1`^9tIubwx($-!a#m*4mNp6BPB zyP@(daMHO_C{Xo=@geC%R>$GyCL!ua&4sQM^xmVm`taf#tkoL>5?^ab*%xR^Pq&}Z zE{N~7e5^{RCA<#=vPt8r8Y2OLXS*{e(=1<_A5gxIK6jq9Mr{i_uwjB(cSPWq&5bBU zZ0?u_s@aJ>ofuvo95a}Z@mKr{C4;>a*Es8J_4oQWA`cb<`auEQpR4L2PL*czki%%0 zm{nvzjWnflF}-eSW+zW^psQZYByGq^H+_D|Xa@(Cx%Ho5@AXv2KR)rge6PCd>^?xa2P8AHYZ zpJCjOcdN;hGeG298s&l3YR|dzn^`JfLYrMv*s70|q<^vOGA1Plu6Fct<#B)Au9xd- z2Kx8&HpEF&9|!dHj3l%D#)HvPw5xc%C>L*v{%hrxDK;@hScXj;kFWv=pX`8_Ya2j1 zoBkXROm-UoA%2K31?%#09d1Yr{^RR%5pCfJB(PTH73t`rq?-Z=8dnbhPGxwbW4P_sxz_dptnyZOixIOJc-A~*bNAnnOpBWb3P&2t@lz(i(kML! z8dU(l_qycY)kO7AX-)W4Zf}xECu=M-DT&$&M*sO?SErlari)*>@f?mZI^t-qDpg(K zn(*}vcgae~SlsfZDI&yk{J;PR4lAQ+ErVN-S?D8}XQVpKM(TZVi?Q(rL&83|{jV;K zszT}&VNPbsfKEGhjWZbi<$TRmns8c*>s}44=Pc5|4Nql4?~dYb9}w5!im&>B@wAtFl*cqp{=IUG&Pc-b9(AV!<*$jwI6 zSTnVswiRf7^6WaUn!&B`?(1xg>8|ZBYoF0()vfz~b(X?4h;iXX2({{zV_YiS9s@P# zwUP8&TxrOBAun4AJXg~vp9SU}%^=BNQtEvTNF$HVp?qF1U2*(=dhV!38&xb|rw!={ zhVHTWzvC1_X$*bhRWABE_|UJPuDQaod5>tWCWOY%p&-~GILBd<98Xptr#iB?o2ddZhy-;~)jHpy2YU&dhWsCIf| zn?|>WZumRIfLqPEtUa~L!XM`{d5`4Ddwh3myVFFiMok$Stvajvz6-+MCA!|x^kc32 zNVYRFBlf>xJ`UYydrQ3vnlmRKA&~`IS&V0)$a`F zNy)b0-XO;D-OdyF*J9+CQ>hQ1L&_JGAr2(p7r;}u z>x?mng_@bp4+;QN!x&3D5U7E6SH9*YXXFWIm6^^hsa5Vb;aSI4O`kh!toONz9QxtW z`dXE_WnR*NT!4&7YEk^NHjTuBEGjIw>?Ox+pR=t@E@Z*s-$H*|i%GW$a5n^eoFmwXrE8Z95X1mK!4 zyK0%7b-~09_QU;P3)stx#TpfOiI#GM4!t`I2oYMsClh^}0$#FKaY5*HZnFO7dRzlB zQ9}m33oCafM5GJ_ZrmyLv5LUm@Y^kG#yv*1#C3b$bfRl+*?zXr(HQPh)4CMGxB|f& z0?bwZd0B1Uvlesb%$3)jqkO)SO3C)9@UlH_(sr(aJd2VNt8##bhL&k%KzFz%u7}bS z!*g-!Int2&Yw6yM!3g>{sN_@ch z74^)~Bi{0Y82+zN3WWnrI={Cs&303<)JXhZ#e-?9{oX>X(-ZW<(VXOryBR4vheLz& z_(?8Waet=_6lzDKQy{r8S}KiCE+tm5eiQh^o-Rrpd zg=B?PZGX(l<)hWP$paaw?GzzK+c8c(!vRq(zk{j+Au3>P#-34WH{JV?zM zd3!ztQoBUsCqpvWsqym12Sd2%wk{6$E@!8SU_0|h>PhS(gPEkkNjKN&$~tqP+5mRD zR{7w2x^)!>ubF2^VyNdLR+t_vn0fia_963X>(FQ8DLPXgJT_yC+zY$dfHU{5D0B1Z zhTT<7!AcC-VUxC%m%clzhnYyqi_}b1+7^iOpxSB%^Od>Brl;Byqge(_j`H|2-`=FA zY>#IZd&((U6G-b{23rNHqCXxHJoGkV(otjb5$`@@s3y3p$a{H8`42gErs~_($8?ZN z%cYu|1sjej;&{(8_stQP1Nh|Oqg!y8V+_CG2R>M)j^BkmfrTk;6Su6Y@4w9`Te%4h z=rZ(m)u~V*v!uL4?hlnF-eZ)!BF36r_F@X6^N%qT5k^!9-ByrV$hDrN0ArHp+s113 zjHYeiA$K^;G`9SUg22B|({5=?n(M|0k&!taZ~;pV%jy z4?dEcR)`hsS9dE?EAaJiBYSRS-~HgODENH-$&*(CvogKmXHDFAPH`8;rM@@0&AikS z>unkKj{N8Ee^JYsJtOgIJq9Lvv=r_gU;kISii?|4-U;C`u+~?{6o%s=Q1QO|ZQc>- zkkzU6^mND{Na<<~W*uF7#VaFkmw7ISDkxZji0E~?pm$}wVf;OFlsBp~>A51Kx8MSE zbN5vbu&~VZbs zibEWQKOO@F6<|S=Wb59yJgw-pBi&L?e@BOQ{YDdONv||67TAv?>}IM3=-Hm?U^L+6 zQhY70x$)*NVY_r5BC7&;;9AZJ_k~qT8bvh_nzKvrLpjMl#eghh6MXQ(p<<9he^+3P zGoa|}dTtzC@v101df}J4gmFyN%86qp;duX!U}XSwUH2i2!8wfIiYS>x1yxPkHJRx3 zbJ(o~24K-L7$Z_Uh=zy&rL1SD`&Fe7pjH)0VfvD@S^3f34s6Vx>W24a0feK*4a-w2Cyb>t^&KZ4NCWsX>oeJWCrRT%svJXN@jO`eKzdEd z_2@f5CEfAdFfHA9kQx<|t_d9(AA`IzAx$H8FUkoKME6#Et#=_+dhvUENm zR<#}{#cdSSRiuYbfc&hP)6yI3U9vwzbO`o|z8ostX|t?-@xFg?RNd0aJeP{d=YVX> z!O?J%DJ=*WXk0ou)bcp;=gRWW`hZCzZKG;`;^>;5O#by${cH7)c`}*d3QER)#M5M_ zA#QwEV!#7x;L!ze4!RY1qR0Df+$(|A??hm~kUWKmFy8I5Rq`DIi=jU}cbRfcXJ4{m z1BQo=Cd>Eem-Yt*AGkK$GAwZNb{2xI#q5Kx-FBF8lh_4&f-Q~amBuCDWjdIzhpTQl z8dmiboWEDN7{bRn12)4oyZ(r@Je*4?qep9t8882J7RKW`yk}<+&u2}(0|b;Z72%<}?pW7=I(l;zhwriuy=yL&Xh<<7xbss|O<31*`(4 zdaocnV)}ghd{t>=Z|40}UP@~jWcc{$)~18jX?eHBEQJ=^f6Ry<3p&XH1+Bz<3LNa^ zX5nAGkHEU989Yz8(qN)WS?8;T$)eZZ#^4D-UvIyWQ1vQT2FFb4JPE?B1py-c|*PcMMH=@!;=0Of=tl|r9KDT^Ob7{Fr zi8U`Y!MR=h?1NIOG9NKi&tEq+$z*?8^Fv^qX?b7X-ku-^pHxN_YCvB&hTny-o&IibMTk7_vxNYSF@E#`+Fkd6!BU^LGAk6%=$32 z*7*`0y!XP=x&daiCcuZ(PU8z-$w(?7a9W&RM`!pR7Romox!cj(_Nr2SIjAI5L@Pf7 zsWc+^jJF!!-$QGRpSG617c8?mOnuDs*GDJ54yk~tgc~6iI`oo{DG^B#6&kaw5AxIf2cQ8Bfd5X1s9#Qi=Nt_r_pgbB}^61k@0nP%G5|`0k_=0 zLyHs}nXu~!HX$0-9PcdeF8I5=xMt7m=|1$4d-e%`r){sTW!zUH^5epFs)Uj+;qnyh zJ~;E&`s8cLd5j6nlK;-#!uY5!jXvAAn4#vUQpuSnX7|pk2Sly#9+in#6m<;B2d$Qc(2Tr)q-@K zSW7r{wJtT6q^D?gl*|kKXd90B>N8!xaWV`3bYF=PZ$teJ#|u!J<`-44BhL?MBsl4; zWxqE8jH_pLIJn3?%P>*az02{WkJytEBHkZSE>>g2$xNIk_K&@yH5nI*JI zkK*}5_XLaPl6FxNlu~G)l`<&tkAo{n$pmoc8E0hxOTqObxto>7C8b%$i~(aF2clxi z7B{NQLQ}(RkQx$MS5g>D5f%VcZiwfuXiAS@7`v|X)(PTO`^j5!NOQEYydN$+qhiNC6RKlgu*eG zpMA3WFfp2;hTvO5$)#C7c2m0(p^g8iKkCq&hN)h2zxDL#YS+-bN)>$6P3MEEURQ+7 zZfyv5*|>JgdYS^t^T>1;7iCt_LC>@7Tl@g#Lp-*^sKdJtCcwjWQVy@se?flLluT~u z;rEXF(G~_t;!niTSUOj}w zK2qyl&Baw`y(I;?N_Won_muZjM4w2g$!11)_5a-wNqJ~Jj_dE1U%qpUXQ)plsC4HH z-O>Oyq2_s0_vEnTGPeIu#kg5fg^c>O^v(9jqWWl8E7-|u5=DLS&ee1s-z(Tw+c874 zf<|U(s2k*CF|nJiR+!g3wdDu?5HQ?E3dmPqIWl$gZhbINoy{)aw(;_nNWOc!t>{|t ze_x>`{eMuSz?m2>F3=xOGuQR3Wd5XdUR>|{>vsFk!A1Q3V%u#-=JW3woO@M){8`CS z%z-$<{`J}YZ9b6)7K<;@^fEYG7H5`>_k90R|7H~ZYr7!HZ`&+`fM1VKev&K}y#s9G zT7O^t=|^6bAD9jlS>nM|>n4W@dfHasN{&^KzR1#sd0Mo$ zqDmP-6RED&P3_Z40;o7+IkqVCNaFSN{CB6X5G!;BS_ew>-~3H(SZ})7;cVa+V#wsF zy0!hN+_mePSc$=2aa>a~u;Q$s^uy(?>C83Jui4w?`<&0~D0Hr({o2M7iEXY15$A+V zdvkZ=sD}`Yg(@ld!7h}^!3UN$TC65$`^ z3$#ep4v9J)WVkfuGC-_cYqs=2Moo-hz!R*Aw{(W4=puJd%G>FEDV26!}5Pv?Y6BeZP~vuXV;XD@UFukpaZ~s}RXVvN3(4ZJz7aa86U$>ETAtQQyg09nI(V6zF*0`n+r3x%#N)mkULrW08jVOT{+)gTEMpw@5yKSAus6!ID~*y*7Zi>0Y3QY2~r1# zx6nFGt_Np0BV>JtyaQ0PuWjUvYf;5jIl>mi(`{MSbQu*6?2U`^CPbJ${vQAY#LTw+ zrkrBYO%JCXaQ#8Cx;LQ92RmmlKlH;!G%WE}?zVt9e?_f-)7_yf$|3ZJV59XX+3X0F zp{7Y6y9mSO`?p8Z)vNb~Qi*@fH&Gcp)cu3Dm>@c8BK1QAW5>tOwDJQ=E(>Xm=T6jV z8%r8&Gy5+LPvMfzth@Y)p+5rc6TAMg@I>0cDAZ@tWDdFZ>T)tMAnkisb5XbPD*R_|wJwYfoZ@`Kmi~3)ik*9)WvXS{U0@P4=zS>5L zQWRdtulxGM7Uv-+9>u`Y2$x|Ju~aF}xwDaS3%TS?tm8Aab2~B8KP~^BqJ}r8*jJ}g zwmE!LxI4rB()t@P0h3AfOC%=(KF-`mC-ggf>Ak2LWuS{ zS*5P#O6d}1x%atwSOQ#01DZtoN8z8rhO`t%ozS?2&4pK==PPTrsce`x`PB{*?ne^C zR#TIu6K>XeNtzPnur+4t>B(YzX^4mmJH?s{p_Q9=>XcnFC{3Y-FWxoBO*MiC$l1Sm zK3K*e%VA19ynQp&`J=Omvnd-eWPsk4DLuN7d1m@Q@)}roYY(KU-)+InTdHx?=?ebp z2*2BQNmFlW-C1(W35_@>6E{)gpqeHZY+lfT4cp)MnJvzq!zh13n={rqAWuwgpUNo2 z7o!P~(jHoc=2%s`4omu?(7nQ89nqAiWEg6*HaD~xEIx_X_AgcuN+RYt7CzEgy(UUG zI^)YUk_YEMQa$eLTUT=l9^sTxGA9!?X?g*nAN$|g!XJeiEDWI2?6!Xi*$Iun$u<%R z9g!j{=6`+AY(~H6+zM$;Db^X={9Dikr>a;zG?hd&@8fnkJ-zX?=807aktY; z^zxc;^=Pq0W&7qDMAV-F&& z7CN)yzl#upa8{CgT*<>6xCD-K#QdIh!BmY}zG1^z>mBUH&C|;g$@ibG67JRU$C)n#2nhRV~+f2%D9(%ZbB4IP2kHH)4QDf5FC6c zVK>p&(JBhWwtaF$KiX&*I2@6;FC3(fp!yLkyT%0AX1atPjtfjQ!!li z676TL6q$)a#mw_uEs;X1_9J}N?$nk#TY&C@j#-}823gyAhH+04s3w7mZP!HZc3e2X z=n*-r!p)zzUC>JiKh%}Fm@Mee`TW~Xe1^vJ0BRU#$@d#*`L6bhHi(#~8lRF!#TtwS z_9jm9^Pp8-Mv~iTXN;Co&vT96nmHSMICsi1$+w8(n(QUlegT|@b(#A&$qRR)wvtDf+ zwA(c{ZD#cy9@_flw8lxl!H^hvMOQ-m^`4XRI5m|kGzhx_x1q6N&jumzJod) zodKV3uzQ}WR-&{ONn%O%9RWJqXDXyqFPZ;wNE6CTX!!V&{a>WYyV)v+I)an3Jp(x= zqD9c?JOjGtkt)FIk5{a70-j39K(`BEBvH!9 zw7*85oqY;+LMH*_zI6q}lCGtRdi`q_#f$WXsa+g?m<jMlS68eh_jG z0m%^c|5y1K#ODHxsxgpkj@ku|-tVz$VT*r32mvUS2XdtdDPaGEEU`a8;N(}tHu(3y zE(VW1TrtQ)8Gq`--H=vzjR10rp%C?4j|g<@L_@@Ms1+=r0HmO{v@`+5 zyfyakplSyYYW4-bs8^ukp$A|avZT)%Zu_UOX<0b)y&8wLqM6t7WTZ2e7ogwnLk`Ur zLl6QK{|o9;c!T^0TrbcCu@^Ukd*5MfQe|mPZQKtcnH>(fw{H1Dyg)%jnnoaSTXFHp?Q?J1oWV0`l@1U9OWp!$1E7v`exwxg z@W~E9Oqz^Jpes$dft!D5^}cxi#B;fxMcyDilxiw603-^n$Fw(@lkc zK(+%a9D8#tWgA=?E9(U+rv^Fz(xyHdfn(}`FsjF(hSon{X_cx65?Us~(ZFb5Z zVCHPl8Ha+>A3?fhF=!2I-N4BOzr-2P2{I-X*Dz2=21JG1G;IVFFaQ5Mm2xzt=P<_& zQ|rWkZ)QY76`l}{WeiB{pDUj@6lukH0_ahbc@#)^8caf+Ybj7GTR0{z>O;JU)(D(O zf|*qhZr{%!$-1z!0IC&J92y%kd_rrXK)d!tc!wnkr1}ls5z&WY7ZamSTu}RGSb0+E z3Jt1(Fp#A?L}N=I5%8Yinf?a;FF;AOP0!u|>cRC=Mgo$#3Eb9WRd-|l0Y=$o2>b?F zzypo~qy6`d`!b{*6KvMrV3{i5?=97V#x;zR-vj()#8;X3`dg-jE?t#CQ#-w3tDCb5 zBHbfU&&1MDRc3(;AbvGZEacg8``Q+gwFHLsnJ&rXo@2G**yURO4d^YlTLZaBJP+F- zf`;B6%7oql(~%&D&-SeVq4J57$hw&Vy{hycWB-H~Uw<`mmDUCkPO>0JwWauo>fVVF zh+MGV89=5U8Uk>GhGUe*x8?Ry;Me$V5aof{J`xlQ3?FQRRygb4vfQ|`_77YwC#~Y? z;MLcyfRN@<7uWe5fB+_}dh?Gg`2v)XV6387QhD>>)rSROixFW6Axf^8-tULXI}!X1 zrL{B=cQz!{`Ye6}@1a-VvM>kQl@4GFwRZS(h8N1(q$ha8GuJa?5 z86_c;GP(5m)A%(?q)KE<4k7F@S#61hjy{%aUR6UaAdDMzcYqB@8MRRJ-Vqm)O@_aP zV8AcwX;UX@c0~nL<8roPZHiY93Q~WDu;?Hf^5EKmP!`C^-?`>dwuwMaf>ioq$pS=W zgTPcWAOxx!$2Ak5K~7O0e58H(<6tKjB4}fv0|NEb1Hl4!F=T1K+#E2+g`(n)t&v3?*9MY=Q}k>T?^)V#&DxFitU~$E*>G^cxo!~ZK|w6? z+aby`9YK}TmEAM9zxjMH$&(L6)==`{sts*RqD+fVDE_TGbuHM?i$}p`yQT^rZ(0N~ z(wn6pBFJ#LJrEZOsd3WH33zt@DQhgE zS(ePCM~p>8VDY_DWl8t$J;fz2d`B716i`tmmGywt{kj!VojLAw2k@}IdMDM&IU>~~ zfFh>Udt<{&bA7jLdCkn!@M(9ity^yFST965JV_iAUB2}r_1GP~s^5c{2wfcz|882Y zd}=i;>z`Y|IVMh8)3=!Cq1?S{>ju(|?^HEV@s*o-u8!+vijIv3RPS^q4$>2fQO5r5$F_RI%alVC7Bz!|0z62L(7>jDHwS{;Q~PlaVQwN9<7P>R9)2-O>R>MB^lqWCLw>-Ppz*V^vq3L<5hKCjwO(~1Hl z#+V*@R|it~kC7OkI9Y0!he$!cfen8?V8mc%0dMY3e&1Z?s$lGXSCMk6T0SoP;2!o| zjYyX8Gjn#J@kx=X1A4$nW?n`1O%~37@gDA*;>x87}Ev@>Y;?hN#th~k*F$21g#!*YWaR;lHUJd8|YRrKH$WDliw z?M%mGiwOCLNY7dX?Rbi{1TY)C7!@1MAv}u(Y`1(VkGY@mgYCZ}!3!r+BJXUt)*7Q- zeeuQ%CHKYbrdctA1uc^uXIY99KDoF;h=C5z;Fz@z2VY#;YNJM{T&y}WXRj0?HsYht7XdSHXQdpDUAQk7OOwIR)dkyU%`ONm&xy-A@ z1MxC1@O5V3d_(w|ukrnf#r%3-k%BOzY7+55_-BO}n%6^4&K%*Q0pya<&yXYQYjrn~ z@T{u?A5iOcjwx}+lK7ALl~rK zWUOu*C%{-n7N@afyT~{-8-5uvb3>R^HCC{K4+R2`PucRAm5L@R5u0ywlsV|eKmSl7 zp|c!lK}uW+jwE&<1!ysB+khC!t)R$hFeJSl0YK0M>{C{3Zv7|-R_RLr24q^YyL|LWUckkMh^GBKb*^XxF;oLtHl|rO>)#N*!wyO@?`-00E{GQ&C$LDnaitW|cLs zUoShti%erK7DY>n4Ggo~$c{wmw4WbhNjn6oESw1Sd3;pMlqs_BUsAS=0i4{;&Ca)T}I{WG7_gxKl}%>@$UT zL}?rD9jk}V;^Wp4@>Z}kaJi@u&Ejf<)Ai(p`orX()6Kug+bHwv;psxm&4P?{okQ1? zY19Y2uv`s!gALn8G_&inFdOMqIsC?3!H)7`OVJA33^yVzkOK|%H2Rih#Iugf`7R47A(1CIj6WWJi8 zDPIB7n($~aVsvQWwN`Bn2UkXDAY%6IBoe)4cU|uHu;EU51}w#PomiwRi}$6R9pjcu z-FOhwjqodT;AywiiBr38uq}h)_ouYxxgB6wepd3Yjiw!(Knk}WqbYf8q-Mz-nYqdA z;P5pyvXKfianB?CB(q%yD$}NcYjl{~KXpvVfj;u-7)b)Q___Aeqp zq=A$zOV$KCsO$Y2d5JH-c&mm@J>VTpJD&7+kiVI}*>=^DY>+xh`(Mf1L)6@HNXfvB zoccdDbpJcC`~MBv{=X==e&8%n-4eY!2F_&p-wNLq9_=y$M~-s=5g=dDcka@cbuh_| zfvN)#l>v7xaNPGD1Pc_z+ap`RyqNphs%|oA}PCgIWD0 z`0s<)cM`9zLFE@96z~m9bG4uw<0A&SXAM%VqhiDK;aCvcI!mqlzHBmk2r zf@gt35jSvDZ>sou=anfK6PF)WWE}sY(Pah33q~k76R&Ckr{1}MEoFeQ1vMYapUzwevX7WQ^X}>CrMztV%0CW-u zq4qn{I~PEIQHpzfXP-?Bl>P1 ztFA!wpZfG@5Tk?IieI-eacQ&XKnfWneDVo2yXaff-Zq{9&5Te)e;NFo4dLq$vtc{l z0Kzpu=Xh~Gphi`uK|;u9fJ9gf=p#OAh=tfB*FiC;`g_?0Ch7ev>FE{-X23fECp38h z?B$tf)7Z1@X`EB($^Ab-G~yBjF@Z?7|7k;UYKQE=hY2z8J^^FgiVPEcD`q}sz=z2) z+5ixN>+iWsAPUE~5|OWm-T+L98|b;b3~I1SSD_9;0B4zwDD$x_&N9Z{B!7C~ASJF3 z`y^+%7kRC_w>Q{D2S7aoq%P;C0CXu-Vc2XB#`C!alP2ehVR$**<}=7BU;Iy+0N^u7 z;qeBQz-}!L6SnY^!W;X@9TC;;mDj;M5WEhI@=g)s-{dWz0+8oE&nmtF_Ey|;+)_C#u_rW<^74MrGite;kKr*U&2|$=0KbxYm9AiX7*&wtWekEcE z-7V|8!LTDl#Q3!ii*A{GJa%a$6eU>61gzvAO@YM*Cq~Ou8&<&0{Nwvehj8Wu)W`|u zf)(%L@2)5FaO*j$3_HC#P|o+~>4%YSmF3jXH7SKFJhl*`yY<`VZh16Et6j{cnVSWi zi>Z@}t?I0gK>Rb5Ve>sw>dl&-x%PejLn%MQGGb`rpV4Q_Um>aH=irqH55OPP_edeX zPuu@qkWm8?-oFC!Cy`qwQi^OSZ+X{l*b@*{njAqQFG=$oIArftmkDJB0KUzAKz)Sf z7;tBP&S{pOx5?CD!D0h924~yfn+s-u7&kO*{EkP&?(I}Hg9P-IPbSjqYF6`W971a* zY#>JcX1?d%0W7vUZ~+ZoX&Hh^(0$Ve(nYwrtX|X?DkMQFC>_Hb6?`+k|#T)Sm}_X0mN|(Am@x% zow)%6?HVc=1ZyL8Pt1jCh3e&T%Lw|~k7eqw=&XKU=I(B&0M2C&e0Nq&P`kWrfZe#3#vg~4<8YQZmT%j;Z97jo1I8y%LJO!yd6JP%i4_CwFB8U&{OzLW2?9VKk(I ze|GFJ@2qWUx9mw79%%xM_%|2*U27Ji4&`8Sz5MqFD~{|Ez9;Z46vIrP7HPeU!^fnN zK4wo>>bFJ25ZLlJi{a*qGe$zt&!2J!ndB24J_s0#sHEjd^Wg z_4cGN`V!WVEIH=daMz#aBpUMurWq4bDH&uPk*ifIKnY5AGB277*e+QwzGshIsFkvi z{E1ZJ!n3c$T}SRxE`rBN6*$8w9+?CpM~{basJ8(!LT8AR3*m*K8}!e+&(Fkxkxkbe zPBfyT14{=KO}aYG5uELT0xUkbsP|3BLdWdu5@^__|Ayl~_qmzOzBL{{oB^3bMkk=r zV7_Jo>qQN`zgi_f=TInoxBdrIFrU&M?(@~i!tJ)WsGgu+ST)w*p{@Kn?&|#IZg6;Q zm~YyVBI5?jynD*h8%lTMsS8MDL^3hlM`@X}H;H6X{nrefX=2^ErhJmKSC-Sl+FTMV zsBBJ0M=0J5?WWth=SiXs@d1KG>f;I9ZNVniU9U{W9)+~YrA)~=(am?;e&s6GB4B38 z4Ljm=;gkD#1boq00}CygqpVy0diFFE>8!b|AIO-A4f!k8GI^pTS4C<5-ng>kcz2=~ zH__{mQ!?U_lLepeI|F<#wpNT``X$S;HzhWYM3FVMGaU3_?8pf+oF;a5P~x3c^qPx|U?qIcD)i1hGY#P5#mGielb-;K{*+%t?Op zm^|*Eq+9X?;$f7^jF^h}vKGu}%7bC@8uypq8*+S@Ak)0rb%hw(!@Z096Ys1@!QdaU zuh<;*&-r2b#U**BAQFe51Tie!Tw@@q%~)mI-{pcqTKFSc&Q0I60@G6UTAAvhT5b;! z$qaF`{q8SVvSE&y&aitSv+aH6+5CElGZx$dIR=6eaW5RcN@NVVfo0G;*~m}}X}dFF z;nX1F7fh>OjqEE=OichYOf*Rmp#C4cPPbWxp2^eKBMijd3JbiG!~ zJuq|?`Ow`wI#|X(r;aaAd>4TDY|BK5g~^VkxMbj;Fwm77;iVW?3--HyMqUJ{T);H; z>l0`c5~zMd5lVJA%4^04=nP{C9OA$ONYpf`^TXc*8erC*~gd6w8&9;)N1KXkN-{D5i1q^ zZYfmkEPeP6BX+6Ir8^;_-_OqFqyW5$lKVhKxr zKEK@+J#Ky*jKmhC`zE{X-U8X0+qc@a(PsPBUXnkWWMPxnY&)u^VH{*s%M;|OsJ($x z*36^9;Se&Pf_)J9xcfKQm^G!zu~(6N2|U?}7fr`G%u-Wd!DKDqm^VQS$R_(~P7J4c zI83_w>}Bq~aEZBtQASm(pz|$FkI`23jUvLn8f45xXyD;Uwp#B>;^=S^Gtd2&Yeci0 zp^n>+9pO$OL`}Ru=ALF_M$X~e$PBTlj?X(bD$nRvi7*dj9u#eLmzIA&Q}SXKvtchm zInw5BHHN(Y->>ulyp*K*yd91w63T$;@a3sKF#u@<#~j=P(h7I8D(|_ zCpp8+eJR}R<*97RC1E)sxG<(;onR3TldV2O0SF;7(rPf%_oCq=Wrfe#PI=uD16U98+VIBMcR|o zUI~1CTqz&*)KYK#X=enRGh3X7^CUk0_|=FEn0HU@rq=rKvZT?tM{|DH}&+&lJ9xllIO>@FTMYKje5w8)?L* z`Ggm}FM@m({uU}DB(A+3jCSBwos7L7|KFU1)I z2`$Kh2&_hBwX$(OK_FzX8}3nqdJa>w5MMYLHKI48vr93n&t|)z(Nzs!t z9JY)kLbYYe_-@2VB&_2y3^B6w2JlAnMRQaV!$yc?Eq_}G8$*vx3=IyfFZZLn2<38e{Cu+qDbqtS4n>!#%>;y?i-krx)de} z>StpM>+8H&#-;0j1fp&}eKyLrH+REgZ{K@gx%-OKGl-?)f3}^UkEy~qHVgLfKM7g_ zD%+>eNY;{i5ul>FVM5?&xVMYl6tZet9 zK3Ia*RX_fCY8nyM_w)vsJ`_InG66ZN|6@qp1(fH{XAavkNmuJM9?C}{9<=k5))a1g zLV2vrRj}7Pp20pE6@Rlx7N=nfUOd|&-oZNgg6`aFZ5-nQQ>}hrc>9r&_Y6H8Wf+K9DG-)q{E|dxmPgZ zv%r+mxCWUZ`dTp$HQP6urt3b8n z-`5Wgtc4w=$})s1GnXg?2S6zNjTz$_b#93$i!m!iDn$tT3eYW!us7Lr=57y|MjMs~ z%p`EKc~Z=jt6Y_ablcy-N0_W%$^XijO$^NnUEY)udXK>#k*+#x_N$&hqVL8gz%d34 zWhBbBfeqsTu-#^U3n~63yh-d>wV@ol-`42YX08{Yr_(DaD5E!gmInf#sT!?)q90rb zCYN7D0;)oRS9>zEWp$qkgr8~G7F|JMBIj|j6t7!Mrb*Yk-)!fgpKTq5{`t>v_N=#O z^nPAVpZv8@2@@CRZSZTmq#N*zXcQRDVQ`s}N#J!WLVW1@thxR|6S4PXZN+iyb@DDs z4W{QVv!?aVJbxf7Wq)}BKmO-NVCRmqUpy31xG!V}TS0+_j4-GSSpT9zY?Hdr7n|#6 zzP`(D!V$vvJItIZFHRr{2mg<;6FE} zzMftY+8YTB@B6GJ!?WA)0w$}A#LU_?PjeJpwVN>e&AR;qSW(tA4mvf+;5=(xSlG*B z@_rRB+qd|_tUe!%t&C?oml9Qjj;HyG^$BgI+X?mN2QyE{IOU0L*+|`w=G9gpcNoW1 z0EFFo<9+UmFDKr*J2jf`0QboyRD^X~RxG1?v}RcMYvR<5#Q&h}Eu*U3+kR2$R3;)N zIYH?ZLAsoTqEd=eX%GSF6r_97AQF-SD!N2kx}-%?ShUh5At5ETuX{bu^X?DlyyxtF z#y%g`7>?m$I+^pn@BelEa=PE$@exAYANmXmW^m};`lkGS<1?xCvXcRakeLT)*$HJ)U|NU8l*$&Yt|x(a#p2vF7xc3 z${{D~)}6Yd*L3r$7mKcb6LP$8%crQ5U@b~k_s1aZuoj7=#<>aTKrT5u!t+}Mh1pXQ>v<$W88XI$s!%inBIqgJ@XO6cL9*St9G1##a8 zREaho>eO^p?nmNN^PR7l}N)GG#>WLoY_6yYdG~}n7&Qr;mA(BWY8Q(6G)`N z;Is`t?*`%H<0|xqa|+K`XI|r>F)o2`pmJ)ju6!jcrRKBIn0E)1N3NP0 zC`*sNJXu}`))9~1Jl}INt0MH*AR%O3DcE!wT{stA&1u^ivq8;MMs}2fzQRMb)uu4U zWIDj5&Q>6s>9u_RN;!WkO+^dO zO&#km*>pu!7Dq9r3X-9GAYo3@r{*J^$!EgK+Z}@Mr2kGJZo1C%?Q!$3u&bN0vy9Zf zzXD8XIivdQ->sZ6OE~1!_Z4gDmY=_MtXnw9y_QiHFZ``ZEL@tbFBFLcZ3rvBJ&NAv z<@BXFS_dhB^XVG9H;_nX4mN|=JZJXQn67VZ$e6JysXTng)b!{OszbN0P#)m>dey$( zG*A`LR(NrCEqsyCPO^+Q)3il{p^P8H-Fq!l@HMq)Xx|)br{tiR1?p#bwz|>t0eoGY zcy=RsJ`5Pceo@xSVJ%dVcC06|gQ%;rR-TfZZ}DX-mr^QYNO&CW_LpL=FVW=w`7#zRtV@eGzs-PkIK6f3P> zkb8@isW_#8GhYOW9E_ClWip`Y3^`m1M%_@{A7pe2m1ggKaSHP5pTZYj@NZo4?}Grb zmG2i7kI)8Va!tt+N~1(pn#_4YT!MoN%EZb{3$1wjK3b4v%3G>+r=?lKI@f^LVN8f4 z-d*+KKE+(}?`HwNC z62E{ot%l(Eb75r!4Q^xXYiu7x0{I82mlstMMU;PdwuO2VjK2`nGD6$sSH|1-nlgRc z36;Eax@)y3OToi$6z5TJ-6QmQl884h<#pXgjymIp!JFHmUjAFxyUhP4_=%%eMGpnz z%V2PxDJ0q#Svy??j$SPh9u#j(P2Y}ZlWgD5=14)2)~-2I4biaTj*2{WXV9u6vPT~K zCeD@&fh5;AP_bkgULNY(Q}dsjFL_Ce{wVOYIxl=W!e#$0&~ZvIy+StB++*eK_TtAx zl5;)Eo-~h3c)9GP`B*t*nQ=7KDp=XdqStY(Jp{{~Yglb{n(Op9>R|Ndd4E&VuUgve@-O-vrkinUCfZ5aN7RI}aULW6FFYb!Qk&&)_&o{2TMVJ| z>iX?5EOiNa+qptZR~b)cy4h?i#`4+(<2$^c%cyYsrmoi5Cv445bu|0% z1TF2ctzz&T5KL(opG%G7}D6JF*SuA3Ta^=iur_QEUxQ7~(QlLIUOkBQktl!l!Mtqz^ zpvkPXv}CC5`}q4llS*A6D3}?QsY&mQOP;Uy7ciLSM&XFXJMA>xAJ9dg31w z5;utUApLSbVs6MdW}b`Oz2!ZZFiAU)@x=vQxor1B)G^)thU`&!2itrbN_70_ZFpoh zGa=fKu~S*ZQMkc$4A1mA-I&mFuAE3&tAl+09mRt_BhuKi%^H)NcuwYMi_|j>7T@j| zS$P>~N}ZRmdj}aVnf8hzeMU_>24ysz;nJ-ST@bC)_*?I)q@#_rmJ-a->-cA{M)u+eH*-4MSVf5~4k8T*&orkkC zVueScV7`K|%u--?P_9ASH?53wjLh%gqt=}=xIaGX3}gEad^T)zqImQP&*en9f1NqH zRX4@DrBu(W>0A0j#ee?`+wf~YuNU0HiImwTY;Otr=-xSuofGD#e6ZCu^9H0HEJd0J z=I`fOe}+p>SGE1(7FdtP<_ZL34d+NcpaK-9l^TOAeDF)nwfBgx6*7wmH!j!LILe=F**rt%OtInFvhf6TtVZNTq2%bK zyvB3X5%be%`X6IM*YqwIoQb4xD6*juV61)fO{(CQfvNWFM+ur4@|37ri56Ou+oa9P z{vi}!gRn9p6TykW*#evNl*Oh{LvzIP;9s)+D^dUIG(s`{_kHO98#0am%ZsGoSJ6#F zaI-CRYt*Y3A(|2LYoK+|11+|3T*IqZ|7o9%x}}J0>;Hef4~GADO9F2ZzRgTa_z-Bl zy?|t0g|=Fan1U22RU8HRbJA+KTPuhpkd*O1Ah1C!xh_{y z-$o27ZmT1rQl(}RKRnEl-k1cC$bwe07$n(J5JU>|9Lp}SyIS+LS0!h+P*kBlH& zDT8LXE2D=`)1l;3!r@2lKXK?-FK7!#I{6+zditv0>0uTk$=wB&??Xm@_M;d& zKn6bQ1CzgF?kTeb0){c90v_q0fhcFR)Dxtb4{2bSJB5Sz9=$U-ZJhZ>0maBN*r7+p zTc`$p2oRRu6BSNxj0uEN$TG8MB8rkzggy0*n(l#CxiKPogQ-*hN~C2*a|Pmc*4j-v zU+~(;bFL#K>N%)yIfU0do?C5@Q1AsZ8MXr$O2 ziH$Fn+Z|~}h}iaXa=*0>A;#F7Nm2m>Lr9C$M8r-Lg|NrNa>$UHFMyKru;Ke)f~+%| zh7{Kgn=dy1#D+qNOzlJ^RHkKanq#-;F~K9dYUcBAcEj7YY^L%$#9Q*<6I0L>i*C(hi*3Dm zAyQ+~7j#0-D^#j6%#4V&r)r+8*dqc7OCN8cMx-i>yjs<+%RF?sNM=zoMS{&a=_U3_ z#NCsNls8tO>1;AB-+?>C74WY=5-<4f@j;$#yhD4S6x6^bd+P(f7^(!M$q5wSKM;`5 z2YZQp1#yvj3(Kq4jJ#H}Mi4nYG4|O>Yz=JeC7>&)Z2nz!$4Si=RAEmwv;|aGf!@AV zaHZnOnW2}JxqE9@y9CYb>5|@q_yju<&TV~lt7&GM_WX! z(VZgNTv0sJ8rWPh4L8%C$F@#|yz~ykrV}#o^7~b;dMw>vF^L{(T9O$U^B} zsCuCHM#9N}h1bVXodK0w3(MeA*=ZOwN2THsp3iY?!BNX&!XIy^EgsSH+*8uE%sW7pn*oD2LyR)UVq-vr#IIkTpW(Ui5-HK!mm&?cv)}+EEheFd zo}wc{0Q(wg<^~IBN>^gjm5}++tEM4j8M}aSC)<2BTc>TJKr0)i5QKCfDjWTIe0T;# z34(h^7}-YIOIKE&Lw0se$?4$vg%hMQPbdyeT6soK zm5^?GjfVsdWF`iuJgq4cBg#`V>ho)`Cx7j>egZgt8Gug*6K^ZGx6MH@7HK9rH;#%t z*YFg|Ha4p6qn;jV!`YUDb;K0MZF>1j8Fl4Vftb=qq49`s;XE8a{7B_^ZY7Ook3cUh z&dFYe6P|~nC(qZx?4br%u-|Xc5*}`1B~{^}7-6P8e^|U9VTPXbj8?h6Ui$|8nVzYY z$x@02%|~dH0;=s~kaSWb`b;=Mlh`bOJP=^^mJxBBQoNv4viCG)?-Quf4(qy1IgJ)f z;9sJwbNZ$T-X60izE0AA*`+X=SA$u_i#+1vD2lJoARmrRSUnB>XH%0{OWx?@0(;Dk5j-axp6r zPZ*>ZGFWoS6{?y$F9XWM1pX7o&}GC#li>#fNbgFmxyBZ+P(CIov0+mj1QuZNm1ugZ z@jLnjqv^i_rf(x(JL`EY5h{tqY)fX_ccZm6J@@ZvFmG-iSb96*3b{AwaePPC;C#&v zPIORVQ^+S@AT9BxsUP6G`!0@|7J1O111=+W)_7C$vVT=*{vUF)rhsJYaaZi>@24ee zBg3U@pXEn=SJ#D0>{bOPFRb{hXmktxVIP-g{m^;_vCv*6(lt?uXBiP1A7ja~V3QCu zlX=m*)ogsiFv_Ok?ULav4te#Rtph9}BbIZy~-Fy}GqNT7GX?pl0)xfQ)^zfXwtqTm9;;)!%X@`PSV6X{9_R zT)$NH1d>X<^twtS(o!JM^6O(E5t%pU<%zhE&iTy~Q5nkzd6M-;G@SaVJU4CTHt|Et z2N`yywyXIa>&I70?%z4mps8Rwf3TC57*(OkW0vgpwOlWZuDH{p`{T1iy`GY0_l}aV zhKSWt$u7C_t`Z^*4zK+V4%KsM^~rV`W`Lc?C?gw1N~ zOnpxmH;-kKuF3ESF>N(?@|Mb+`%C{fUFTv4co4}07x@y(G|8~Un0owIh^^Pt zIpd_&l_hsD&1%BmT#msfLN zH!wa*u}gC}x^Fq@aPtwBPllabFQ3`3biI~Ny55rI?QVH%qZa!QSr+u}-Q}vqJkpZq zs6@jmr8n1Xy?!n+e;xZ;Ty(gb*CBMoUSeY|IxKaEUa#ERh4awU=uxzh@ng2u;T-<4b%BRQa_?~&Wj0B2Y>_-3qI8}lwkv5p{??BRTNXQpcSs&rsWVB- zm9!S~1UWURlsmp3JuE)M^jo*wEw)g`^nPjP4I|;0))8y3Hhi%=15X<;yR*OIZ^xXX z3!Y`tM!qq3-WvA1S?(i`=Fa5uvKakR(|+*1C*MurTg-&$SJjrild7vF$qmtk(O=V6 zjO2O0#(0Z!qmA1wux7dGTMRUjV@ghS2GkVa;MrATM%My6`44jiuV>PSTV65k$kvr4D)e0&PcecDfQ@%SSGiRQWxA@bdgZpxG=o z#a4f4H4RH@dol9EPyGc0itA=huKn^-_$IlMBYbJ8`eAogQtYnnM%ii$2u$^2JC3MN z4}IcC2c_b_kMWo2Noctjt`RzA8;>@481AMe64rg|NSn3$XO+; z3$ZHQGgzxn4(aBbW|CVi-%D)W1#0ngeZSn`K3!;0<`&_u=NjTYw@eT^;{HC)V$Y9p z)III-s6==idEDO0xsH;cF^hJyE0(0rxg1h2&zXvxiRue#EoN_dl1$rP>S3Lfho{=z z^=0LoBxhJ#&aZCCiM>0*W^CyX2KkajD{dwV##_`VWYAc-ABEKt<8rN-f2Ctw@yuxA z+ogUIkEr5U?}~q|ugS;lTx5%!q;mPj|F2v5b>km5-$$0U32St3x&Nq@k1ss<@sd*~ z<&cmfncak=Cg)C)zA-~;&047~JdZi-H%IfXxFnQ(G@>m{_+U9I)6AJgkoeZrThJw4 zo`Gf5Yjd(Ems%&@=R8GFntb?b1;*RXkn3w0%FVkN2&L|Q*J)D@Uo*_eD5&V9EeK}ae~hKJ>&6a+oj(4?_1U}t>;$0ql-JF3SI7` z8Zn=L@FkjK+-rqH!tr7GC#Li@PhY;6y&B_^wE+3ia$TZQc(zhs*MAX{-(G23F=g7F z%9Ol)`LJz%g1@KTVmStW3%rl9h6<$o1PM%skFp&9s=j740oV9Y{c-m0?%1nvC7>k!-V_>|EGv5D%Pg zPS0-V{EPbWBSUki&>oYK{F_xB7k~9UatKa~Z9EVed(31xn({KfwYtN7l7n0D)?bC& z%H`3OuAYKXA@3F|I~H0OSL|){RB}ay^(#eNP{G(dJ zfNF_|EO;Ucd-p{&Q7cPbsn2=&z}c)ua`#?(Y)#40hh}lS53I`M#o?b;OO8`!6FD#B zb$1s(o>o|0ONgvw_(wO>poVY5;xB$SKt)OH(iiWyNB;9<8sh=H71SRnXjU6iE*xAs z7Q88Xpun9^E#^!}XWg__?#Ua@55pFR?tgWQcl#m@kHH-x{~tVGw*r0#eS)-XB>P2R z=nI%sZ+cv%<<}D!)fWc@r+-@!r%c%!#Gw*_?az_YsG}tW1nUnp=GpCUObeAj0Xh}y zYk-ShBGqwU;_qz(;8WG{O-u>bMAjQja89xj3fto5I{s)vYb;XpqF;=7GW2UboSg4M zAARE!amd(Ug2rw`$InDx`tNOn6aUZlD;R9c!NM~44wWOKm4hK$fxHAHO9sG$S9447 zYP8r(NI(nH=1filRbClBu;3!Wt6XY&-OwOohS;jW+Yh0tsF3idKRnx^I1&4bP!Es< zqcd*VD2}ZBFTeDggOo2Ak(*@|7LxvBsk;*OUoN{B_%=|1?GEq;m)C*$JsR`Hu9xOW zPnAQ(lfOGvqZp>gPeTI;NXEc^6t_Cxm>duPie*W%`FW(~G@;IK0eT%jL5=ujFF&;e zzt+$Wu;Exi`S2Y`_LiY&umtB8)hc8n7lDc7+v3xOFj!C?07#Nh*VPy%0yc zXs=H(P8+qT`;ja} z#{_*VFsKP}#1z!5OC$Oc7AOq#rQAOs5HGsx8bKZUDQ}TU+Wi= zet=9L-%0S@&7DYoLwYP>f4;WYzX_1fzUX=#0CY#C|CmH#KWnS8SisU)p)jbC$d}06 z9RQ!jZCnL_5AN^|#}UjGKJPj@5PvKxvJV3J9Z1ld6&u}DJaiT(%e+)#agkH?O}>_&(& zXk6B&$ea2XQqiG|hEi&=to&ZFpx=Pou_BH_0}a|<+L@ULjh^{CM==LyIio!6kuU-z z*U67Ac#))6{{79JmR*9j{sc#Bf2ZPN272ZrRae~ z&*{H$pKww`fMm8_D%pMLg#4L7P4&d!ZdaDVWGi~;J<#z@lU<&;E%#%<@W-I$TyAn= z4-8pYP%s>$kDze8D$xO4X7Vp?rUqm6`=~k3TX|W>w^|OTUr))mL;5NnRdjlTVKc5s?D;GZ$);pU9H6q2ZHMpsY&`+dJfsN#WOW;fW zJ$dO6!2YM7UE!-3_s1i!1sL6rCPVCT*9N^{=2=puiF+H~Xh9^LAp;6bS?PPv8%-6} z9yip91?)X}c)0KKO;(53`c=Tq2%Q@jUtHnBT;6s(JG?Tp<@|lmxtsoeWo1EeWHA5r zH(D5sj?PV;9Gp&$Cu@)I-k#KH;`e^Xo}FKVr|FY>+Xq>tdt(D*UJ5G@8g}wO?X~4m zA1ixIS8OOTbCNcmY0uegt>56Di(XLx5(2@|dtKy|=`R=7DQZoBmE<}JnWbcv9XalX zk8usay*;;(4yvmnMeUCsF^<1R4?*L-F%jF9L}lS3Ska4?eIBq#yE?YJBQCV7D?ov` zDurw}7l*djI&m?aIk$=+@9Q59Mw51&B(lf-XE}cOC+AKRE_SCa#!y;?&rCdbJeue) zj^lnY~- z2Of>?aBGdgjlH^!Dd3@h@g>loly?5&XaDcBG**JTbXHn;7O`wG^81uI*Z0qK(rUB) z5Te3V;x3~7Q4V-H_g;usUzVcNw&;`N6Z_D{YFUgF^=+UX;Y3WgK%c$Ld)cO!S2rE3S{L(%yB zbFnUz)D0p+WzZ#&cGeojq0ncNoyiQ%7~_0ri-3Kxf3k6bn7ppBDPSt!KMkiVaK9j3 z%@3t289z1XC{%Wfu*9r4yh;&{Kles}PmrQ)&ySL&A(j?h0CQpwUj9eN| zs$S>WV@|_6Wlkn$XlFP6l1*ls^(D*`7g#FyHBiAqrXT=yDu{H8ZmA?o;*sOChJ-6W zkakoxWtZl-EJ?^ADJj{si1>ahP8|Iu$;y>nryOw-{XU=fFPDFQAFOBQ?B|cY{s_rj z`(dcYPrKji-dN5Y)F&s1WrnaVAHTnQyY|T*{$Ut{<7!RNHS(pGF~TpcZ~ zqgB7g6d1H#3uI$;^XKsCD636T`*2U@hyFu6ALSl4k%|+Si{WBFzx6N5*6^PdEuvD3 zN#JJtg13Ulhi6Z5ut*)oD8Q3|J~1-Ui}$rDP)%Hp-<*Gq?m}9#V3?x`RQOC|f|c zd{gel8>j@Wc6ikqJw-YbOls)A)mG12ij?gMiFa}t+F|}0_2Zeu>jCxcq;fj-4Ko9} z8C)BhTELslkXNxKViuW1YS3S<`QoF?070(NypDDL5q0>84JWgEJ0!F+XR|$p&l^u$ zrGRXaB%OYdKJ+SkJskj`hiz(3T~mv}Bk_HWuY`sxNS}&~(_lm5k-Tz~@jh{OjOk-F zQUNq(;dwZ|2Fns7KKf7J7SjCPQV>n37piz4v)*2SOp?Vm9RCJ0A79ZknfINof^_pn z#qFb#I(mEx^c8wmjxSfQILFC2a4fuMfb@vqr?VS`hDHrn8rh$+dQWo)^Q3P)pR)70 z=5e2slZZ}ud-fh>)nuSRFc0%ol2!3m`Ce_KrR5w|Fi<$IRc?s~Y@E_!HvsH4q-( z?7nKyzcM1e{b!&}{kITbUF_d$g7tso0^R@KBwjQAo2I||AI-tzf18&6Z(fA)K(MLG zWpV8JWeun^Tt*UBbBdbVGodQ|3A8Y4zFGaVWZwIasK8nk%?^JJxa$AH>;4~kbN};2 zY-GAJ<;LrwU2!md|D!jsspY`f4yMC5q%HZyBft%aDdZ5>aamq8KK+yY-KAIVeU)J{ zGH8I*GktKvVG+n^B#h$q!nbw^O0oi0`lF%S-}iQ5?0Bv7&o-!{N|Aq-Nn!*Bc{9YV z&v!ZOMgrF;keq3$Voc&sUcj?jKs;FiBFb#$I}0XHj%x*i+tXW@%{KKNX+QF z+c5sv!PxWuZfOVweYFVr5lm}(_1>QJ93c0|EVt_CfR(G*Zlbau+9fSVLHXb#&(Ci& zP>)r(;cRUB44#H*<+n><6EqgSF%o)QU{p7j7jTr!tJ}8ym1=~0yimWQXEDKX9Y`y; z>GSMt`3-O+-|ZA`pT!F3H~7}|!pVGO0`gV0Cq1hWQt=4}eJ*j!A0OK#`0p3odUJ&D ziJ0xLttm8mZc;3w6d8Vj2Ex6QH*W-})Rdcm|D(yNo#vB^uUdb*l&aw8`x{+s6jwx zG*Vl+jI5A@MW)vk=(lu$Hn#%d&WQ{xipMFoG!%tPIL;Ux9)ZLE>1vLBrLZ z14n(&Ks%5%2lYtj-NX9@2BU@O7JR{<@I|{qTd>N`%5bci>C*D5B_vqL%X#l_yn{$n zdBJ}WHF!YX&Xkps{`oFf$3=>E4?uZWV2J z_i|(N;5Ar{*R5{^h(ovg5-c6N*2v8x5?^c>990*g65cw~1oE1zks(p79G{Z~p?toy z;A-{P=i5k%3S8C`h=Ak}hM_vI$n`=jZUoZCk{|Zr>a2+nT6G-xg-dwnBk&xTS*0`tf{dS(f8~>4rVx-UzW1Hl8;}( z^1BOKj)%>mXLWg{T5>uNzHR^semK>F#+Qa&MS622O$Xjr1zabd^pET%PX*nifW}6> zywgT5KjkjXhT4=~UdClpW2{-~pE$FF^o_Mu!DXkwFgN#Gy z8w7va2eC*BPZmuY86BswM%?7*dTMqDs|t-Sb;&CoTKE8aWdqZxMv&tkQY`Wqfqw8sQCKDP{lKf(xu_ zY9DA|U7NHu2*cO~nZ@B%Wdc#^maboZr(X0Z5NVYok}D+XLsJb`e3pZgmji{ejjU8B zry9CJE|64g54zH0GPxE?P0p=g&I4h+{E^4w+qQ z^y%P85Rz^_P}pcB&};DZ$y%s=K$oM6Y3TteLKat`gk=wN7V*{{UtC|Y1ED~iU#9aa zWZXu6nv)`ozu}A0Z2VM>02L#Rf71DjCfU9J1u&|T3*;!pf^zD~I=zQsGdwP=;S?zY zUD(&3gYV5D)y56oHW1oHV>q3m?b;2%%opS7J_w|l^aUN=kJi=|awHGq!@Unlg~_YL zv(|FeT_{SqXTR0oq#}0|qDCFSaaZ@_NYP`6Ugx`eE#C}WZlyuzq&qn8=F=#?5Q*J4 zk^6ByWJzfbNp!9-JtZxeK*f6<%qRO?{2abf1!lk_S(Hom%7x9KSG6#cA2SzJEnKXD z^VWy)K<%oNZ6@|Lf4mg~yTq@WU-HK8uroWHw{n%^uqBvFF1TON4Wbo$#D9rIZa|iH z$Zf;-%(?I!mcNaNt$q!_myI#y;J>-68y*#M|6VP;avG*T$;99SwTMw>btxpeIIKec z(%6Of2&76*!+6Xput@=S(t@WX_7oiY`VszXl$r1y-8Rhn=f$p5=W`IwL=>C3>LWLT zS^Ixj=f{I82w6xP|Nk)d{LjhapE--;zh7VBsYH(icd!r~a zX@Igp{moo7GKt`kFq=S%>diNE8_*!~0RAX@iY#F(n3h72SiTo`XP#&VcoMlPGHxD- zds9|JhD^D~rWt@yzw+VMet(&WWOxD5DEan`@H-v6 zD3g?*FR%i~&=dQw6A%|7@$9!%FX!I7SJ-OT_s44ve%sbtUy2X1*if;EhvbRo!owuknv2CLX(AfaCE!GOGI8oiP3I-oEVxAA)Uns`#$L>9)fA!J`1X-JgH+ zi&xlXre7Ex$a-wR^bn`~+5Vd7E8b=XfFF+J4?CJ2FXD%QS3>`1_~RqeX>dS?F2khbdxP zR*vke!k;D1LiLruKUhN2@5V}t8+R;{r_JVf)Sv6@?+B-dS6#_G7J|=WBY!|tZ=1^3 z-^&BnB85(7*-kfXI-g-S{8w&ej&cug!Cp`VbK!y8;`LE<^}&dFtfxx&hRGq!fPHX1 z`;6NZ*4ZL5CpX`d1Irq)qsWbY-kI71JaNCSeH~H4t`Om#IA)w~XPtTkOE|(4)(f)| z>vxo!r6AEIDmm%cp#SNK1+oJlo9C^10S&MVklms9xy5cLxK>Tm6#VLuoTmZQ0H{%` zjV*JM(ua*tw&-hCOTKz%F$Y~~5$A=r00#nOs)2RJ!?h9_m~2;*-_aB5H}-@xmoj@{ z9Gx|rHp3;IgstXG941!SA3gX5fbX8S6Kj`Cw3MZ7>XC`%3-m<_+ponqSF_#;nohSX zKRetOYAg2)9FknJq|RBythDdEO=q7%#h@>?$<@IF`}kpob0@FfrziI+>f8j}VRN?KmR;O!@aLdQqwAa~;mA!Xp?jzwC zNT;yYH#?f>xY?FBS>7WY9mIBDbvNt%|f92YY@is~KytJ2fl{P(r^V+M!AKetMs%y;`@>8?%Hi}2r* z%@j^96kTjAJ89L8t6#IacMDT33Vj$`t?N5>3yKazgFCK9{MHS= zyMMQ>Og#Zfzgm}d^0iEN3eC%K{dQx$g$l5JFv6zgO=I5sBhJ0TE@w6DyQ}XQ?#LfJ zqSwR3jnu=1vtIVT2(sNZ3u{rgadkjnePdC;Cy*36gqlAZ=3SPj6VqlWwG&_yYS^WL zUGg#HYd$?}INi3RzRMgd+xI4J^_lV|9no(@n9FXkw|Yn?k|drvJZfe;nL3!3#i7`_ zsM+t{Bz<{FVD_1I70Ksd6SQ*2j&i&1mv4W#vT*pj8kbX;dO~g{kw z?Dx|29w)|oss4J4Ba4jd(vY3XY6j^3;Nx7^b~&@`N3Q!&Nb3l1k0FFq@{$_oU(2zOx!CKCqR%8R`l!H=)23 zgLrt^nluIBhI+{|LB2?T9p_fSwig<~STl8kEO$b|)NherctxVgM@{52h}lgL^Vj`v zs|3^`R%lI}66OJl9Cxvk#B)X({Td(V)*?8ZbTjix%O?uu(3RMCv$ayJaSrSJ9K<#A z6aK2_-Er7AHB^UZ*+V<%MVQ$!-jxf?r@ekBr4$~3bE*Z?JjfByF|tC19MUzOR6d>1 z?{t9E=_peyx>BW<#Ls_38AVdWNGLuWEX%n>{X@=cw+sNs@7sYH10&Nvf|mr!Lo!@? zd1wqYwr-R~d$syBu}X3m&>X7yhqPUc=IxaI-af)LEOnJmQ+5+$tWcOAVK_(>RQmDW zgv7%lj*8n5^s0?t(u;Ky+VNfpbDv};}XRQF|diy!cHWcxMedF z!4;9=a@C^q1y6xM?nr=&-{JV=5&iw&^>-kOEVq(qeZVQ?0!Yy{`@ueZu~pDo(|mkn z^uYCbr8tYBOSiZ-93nZDwD32(JO%1H8oBR)W=z|~b0T7GjS;V&iQvzvY>M&StC@V0 zG>5v+r@i{yN7~*{?Y@zx#f8W;o`R{|kt#Ky-wX#~>E^LdR4dlq-C=iM?}sqatkkb) z`vbLN_08qV^E;=jh^ruGW~ju0=Ki_N)5`M^GdFo6_&a#$yzA}ljX;;Z1fuVVhvl}* z+fGC@txX+yvp4yl0Ya1u2ZUHeNK9U9PSbX3uq;<$FFdE2TWO=RI2SKg!UHWA`|d!h z0lEkJ0pE>#_}rzyNreSg?A~AKBC7Im{@V?z0WdiAZg)#%f&%#cVEQ2)#r3S1R`m<_ zJAHpCKlJx;YA7c>yzGaHT(v?r^0OoQ=U2nG!&USzP?&4Z%Ff)Bc`{Oz-RrXUXYUtV zD?Z1cc7>B^>j3PaM<$w%`9uLl!E(wLDW`C%C=jTlt9>Ez0}oxBJWC|$DOK^Au`YRn z;>MVQy4^7zdjkv&*R2hg=#aW`b%6*SoB0t;t9*1CzH(;$3!WSfFjIy@$|%7enTS~n?zRONU5U1UmX9q?LyAd`*5b*^7>O)5`Hpxq`T5_{jkFLJqO3Hp-1u(2GN%3SI3A0g4`k0YcOd=P)uOLW-9HuCmX3 zR`jZ7Q_uYx(xHC7{A@hW!{WIhS(=X=&IlyrMHofrjPpKYeoy&?07K!d_8tHAfHW6= zt8aJ@>hjD(>dV>s+&2u~ADr>7E_+Tz6a0>tnq{j~^m;P$VrJA|c#Fxa5jSJpOjCs} zb7)~~alU=`+T^bfGY9)P*H53sQ5EoNhxXAD+@g8#D4)8YgF_g@gnJdQKsp?4x2$tp z`B8v60bCiF^Fvg7sa~Jz@~~A4uC!uB8A91ugMD{2n|}s19_P0g!N22r=l-AyNctIb z{4o*i7$tu%I$KH4AGb&jDN$svKTy_iRjagwuC&IwuuETTB)(y8Y$_tX$FX{i(TA-3 zJo{uiw>Aq$v4J^)ZqRR2b9Zr#Ww5v|q|^ zjx`_fiOQNfiDi))T6^BX7_Xf35YyQ4^a@{cmu3gIqcD!kTytbH>*P1LFn847GwILE zuNxIVs2&b~Hy@U`$y@%;)cxkFp7gqn#7b$QQc9#c+w;%Iy7eoCwP_`Aw46D8iqpEjK$+AGY~ z+S1)L+E;dM&D?JhlqNs39K9^~w+hddG!DTclx7qZ@fA7kyC!N)_sLyqcRsgH zx1IR*eK16kC|c~6@_pnnvl?^7e!9j*{&E9yb+~%dv~Xr2s9=8T>t*4*{*YPB8wS_yj>)8#=Iq{-DRlLGl#woefATRM%nY z3aDv)mmbb$YLkW8%T|9b5^v+h`<~v2mDwVl_D~YJ9CC*Jgn>Ksdx>9xW@Y^d%P>cy zobsc%Uyj22vEQ%gi5Q4&wd^-dNZh37lxURdQ&$=cS--dS<#Ui(CH>Ys(%pSlNzT9ZZR`Q$RzKn%MYPbOvE z{P@wh(R_)w_t3?m+jck+roFmR`5Md7vJg@sGJ*Kf3)TTD8fouTz(8*}5-fVP%z*lu zD%(Yb%x=<0To-V8`_N2^QH#mv#~ItUU*(KIrZxL z4{H@M`4Dfd@DhdH&m)X&x14S>?8g?VE0@J6Rl!l5QBm*IH^*I8%gEX6TU8LHiPpJJ z6m;gca%*4_XG9|d8;8YRtqGXBqF!<+x7WY-ruJV=<36dBU{1@MdbcD=UyfH`jr)V5 zHcge)@^mrI^gHoXu*C4<2iSb|;keS_Zyih!7_@}1EmuI0V*=2=??>w7)oWzbimVZp z)1gd9Xo_{FgM~~^p#;a?CdGNJDi=z=;|)pq*{Tlu;jH6gW*GP?70}9<3&9at-snC? z<6s}BH7V|`=6Z%l-I4-Z!GZ<=QP#`B1MBkKKIzvp<6=e3=rGbbR+_45BgZ;M{wt9 z-pEp<-#24<}|*Y=mVm#wiRF^m3t^T}#T(_Qj@amFd*} z#>>ZfN8IDpXFJNPy&jED#_~PpmQAy3mrt-;F-N=JSTU1uQ+kwlwyT`@9>ZKFr+t&6 ztJOofubqh?<}syH2f7iXDN^wn421&@X7*&n$)MI}cl-3csFHXLP%Mx7B(x>srBI$2 zo;hC+GfPEQ)HT^l0Jfb90&a^t)7PrRAM12mKL~gBJDn>p%4hTk14H~vREFshv!DkD zGv>IZfXX77=aTu^@aNy6>r1mgyu?vci$b25;G@@#IW>{?!qp??Bpi{VG_@T51sC9@ zm2oV$0WFPi4vvMQpx$=0#Jac&IHEUigLxQWqPBpzYW*idVjWfiDny@5n~Cq~ z{UjN+Lzw&YPbE&p5g5*~)4Nib=?Z8a9sFBcHM+!8}FE(p>QT45vE#OI8U z${KTMF9%#Ek6bv+F7Z`x`v!=&x)#b1^x{GO>e5v`TS@3_0;e}5H z7v+Ed;YNyt@Uy>H1X~Ku6&8{1R=+WRTj#7e$5uz8fs@VIGg*`Ms9J%bnn%DvZWms= zTWIuscg#ju_>^(AiTpwx$%m<_>ih?#ZGbk+56it)DuNLhR3+a-Tg$%;?wQ;$p~WZv zN%vD)!(@%JQWb)(D-e(JKwhyr=r4=imij&~ij73mGJv^=WcL8jh;abrYyk!J&8R#% zq8iwb|0-0|rB`T_F?Q1y!a6hj3H5p^Ho5MkTS5EPgz0d=aS{aSBTZfSx$pEI!|PB@ zvZeu!g@{OoUMUeE_GPtFq%aGSlumF#o6q9pW!iC7{0}DCqK$4jQM#HyxP4Pm20Bl! znh2>Pn@qm6PhbA`Q+GeKE>TjgS7=a>e!X`U(p@kZjhdmol6gW-# zeR$8Mu*T%{Of>eC~9#S_5)!3|0s8Yf#oTcDU_y9*MT4--jSW6>0&MBJvj{ z7GKAJ{%}ATDNrvu>AsHe67fCqKs1QJQV#Ho^1X(o#o-A9u6w$gC-9y~pUBi0R1~yA zt%Jrdq1XH@Z z&J|s;=p2D2f;9-qD*?gmC=^K8u8tJD1ALBv%a;ns@wPA_!6>7*7Fj)Pf};1ZX7|}g zBm?;vrA$-X&Lq+%K5%}CA|lhK&(@doq`cq zramf6oIw-E!Ee*OBc3rgOY@gu-dZ2_FG9zOxx)H~IU*6mpQC&xswRuWWI_<&t5 z9T}!-_KU9nnfvSK8g%K%vRm1NMaqkU-&tn&e)XPG7Y*nT3eYM(#LdFQbQiug9|0h)>%1KqqqTbCmfWQni+_#`r+qXOI z<{Oy8!PN80IOFS_;cX|N8nr>RWgYi)4A3t&vSeQ<{g2wdGpMQV-Iv~l(0fS`L3$IB z7J(orNKpg?K{}$5BE5GAMT$sKs)z*vX%c!1y{q^_5LBwD6d^z$((c;6=YG2P&irTY zIeZ~7nPl&sowc6l`L*Yfm>V9O-yoa@5~^p`0J0-~AsA7Y-YJQKxs(*YJa}~{5~hRZ zrQ*skFOi}<-AC?mmJnX<+>PUA9{TMmjQCf4J%lvXY@VUBE19<@!=T< zl<1S3pC3<+X(?428lh9EELdq)I&;bTIK?97Uj&l(`OTx0g)Y*;!^x3}Jb)e0-myJh%QArowkEm{%Be@Ye`~%A}xy$8j4&Mo+yRCu}YvAXIId0 z9l2X)Uj2g!fcU+xZs#;3yIRAjZmU6(Iz8l^vZ^oxexj8E$o6qp8v^W<(D< z@np=V4_H{&J1JS-LCK29;ZF5f5Y*yxvel?SQ4U5e?aZreT?nu-_Q;8ZZbvNTpZ3QjKnG`y2E(_dM7Y+^7IuWV131C7irmsF*&-ek$FbBU0go|F1E38h_I9fTo%*J$$;XSTj2(ED> z?jb>#f0;X5yuX&t4EFv-KR@09RH_>>+n-f?J%UCli{8VnT1_> zeb!=OP>c%#2`QTI@(({SEDUDNB9fCZ{YktAgHzuC#N!?U6uYgxJt0+qe+%jue>J>_ ze>1eHcmnNz!$wdor_GBHR|r?IOsbZpOm%4}5$XC0(+6v;kHQY%w**?-p;*J8a3_8A zGI*PIaj}2J2fNgv=PD9)gRWTqIvFqJMWj~P-h4mz=ODrEY-@8&1qiJiiFjAy#T+_E z0%DFEr!TIt!2~awv%0(}nLk?ramS}r9+GKQ7?z(viHS9_DRCL=Nzw6JH<)Vd-~SnT zqSV&HqTZv@z&+|XQ&}0~IW>GqDW_te#ue?8W=U%wI-@j)Gp3XAJjEc7NDi?7r|fz^ zqzQ@O;A!+n3%`XMNA1SkguN6}^L?E*>?oqK&5Ks-pdZWIHksc^->FV}6B(qbt2+-|o_55Wk_p|HZZW>SAKu@vjy_$T zM0QJgVCzRvyG{7n5-!05bvxD=d0qiAUU;qP~~r=hpyL%hSwW=J;Un*3*J zC1px1%u)N%C3o|Jv?y{s?L{>jbywS$?&hZ(&JG#auT!0_CiHu@8SAwb`y8`bsTY+BmJXxhNE~D)+lJcbCKG%L8V%O?PrKRPvFlspo1z$5Sn(16dk zsb;(bsBO!rkLS0*#ZwV==ZH08Gs_XxQpX7_kFF@H8I#>doOGm`WUyhHl zk`|vJpG+6_LNI+zMt_dV=?@hdA4_cMZDt9#mR^e|Kvf zFp(A`@NyFi9c~SIj@Kr5^$8EhTG%)QB)PSANPr%4;HCk)6`GgiX%2A;POe)4jM?V4 zacsge2Ss~%U(i;iq~x>zVq&h&bb>Nrbr?|c+J1(e8lrY&Vh5pF?{mzVBq`jIJ&Au`g z=Efh(N*vZ$UI3M-54mxZgI1?XXca8Pxf%E~<@E>>RY58|Qnueo5S_l51KOVT6h(~8 zBYkvDb(r$g)qcOr38M}z)k^E<_gUHv6Du8byDaA?8guqDKr^!cXZGIV;?iK|(Xk`T zejYHi8wryQ=ls?`Gf{IYl%LgPjU}%qJGVc6vmlh6{r0f`zVe}WwLY4ezuTnl6c%Ia z9m>Z;mk;qs!bDdeFwvdzC^u9Wri;~I$)CLvdM}K6aCA^m6bo9xc!>of<^{s!KUs{Sgs$SSW&o3;ZL3pxA)$7n z(c7tE9Mt8(x^ZFG<{kQ1iXz%A$;>aBn|9HfZkaxD)WyiBvc~c*KfJP_j8CHrzvs58&&th!g?(iSMd=*jQE9XYZR|I#Tx=eB!}8& z?*Wu64Q$!s{GjlHnsYt2{v|$yKk#gtCtmvcn)c3NA;`@rr2R#4sJ3G0#95TM{)qPQ z+;XJnsN+egtBW`$%yi9~1gsSkH=u>ee*A23pW=RD|bGHp0K_;x}Jh4SL{xP~tj z6i})#IR>>4F;FiO$F*7$F$u8>glV@DilKVC?VQ1C ze6(S^LASeic%&*q;HsV;-^tnZcNNjP3##w-C3-mgi3z$rLGo9VlQlltcAr}ih{jp!&ZEJH28B_XBG<9Yhqx}I$fvZxitGbH=<4+)34<{ z=pj1rdNE<$YzR3VgLvdZ(iQrdm$go9OGL-1*pS!)*x3akQLjxiOuCm`)9-y*DkfYy z-6dzd=m}sQASYb^-gZ? z(McSt&(Id}9-i}(RaP7jKPVM?W;Wao%UFsEB`Dk(OZ-DQkNM_i!zY$c+3##i7!NmC zw1!Izo_{ES7L>4AOZM<3_WIwNan=+iBv4sArLUA^psc)Ot)lA5Bq0CES-XVnL-3`P z_Y1}6;xg*AsN;@m!fWRUPK77r3`(hyTVkkOi5`aw2PMU66bKi+gJaItOn-HPV<2>I`th*qtM=HK2QZ!(=X!+48SWRA#996nkxh+-xg6xIz0 zH0G#=OTrLlzWhGIWpmL5-k$JTw{R3)wT$%v{8y}I>~a^EL4v(F`P!3sYEBAlf>l43 zz;IyrStTRo5H07=yw8u~Y^SSh%Q2si=c<{%cmh?K+Rs z0D;ug1yCWPi_aOoh_1BHQI^FpnF>{VH*4IUVnPqz07^m=>AKC?)hC3#0jA_Mfy-Ej%kjO^VFYK{Amf z=l1S*14zD@tV;v56to%X99%}3mXfE6(Q}F!&^iVYt9Kiyb)H%2m z(c=292nJ;TvwNu&ooU$uC5a~~!p}Az8MjN^!iX_QI+?2q#qrJeD0KX?|BcEWLq zppWNuh~I>Js!|EC*oLpEmr|0RrTa+dQ?7KAd|GFN#D_W+FmKGZ6t$vOdunvWM*Q$u z41og?YIA%WlGr@i*FPGk@aI?hk9xFJP1c0@pX=Z*ksQRkCTl25rW*soBKej+Yh zH6Rqha?|S;nj_CGZ>~JLE#o|~KNvl(ycZdEjcb$im@yPiA{!%*z*M=0@fD+%@Z#HD z@ih@dUNjN#a|x|ADKu)hltuQq#r&8EmY79W*L)`l+QStMSa{R+=t%+nigEkE?K2si zZW>O@XJu~Z{~VKDx;(&m31GI#Nwx5#QwU%EjulK$bST-xfwvlo;*8nk^&JZ*)o2JvHOU^t z&mlojU(Bvf`y&$la*{^eHvXDj=7c&sA+mA#vkMz&m6lkOlBlu=%wLx>A@f8o3<-o&K8No9QC!$=53Ng4W$K7BL`%9QfUsBuWtO@ z4<@?}2PwOq{v?anT3Od4HxXE-vG#$BxPbPLUD;pfq^dB-Izitmt&GdQ^$pO#QSdVtm_seyk||cfT>V|g;j)}o!4w^rJXi8t z9FSj$WYs#U?q#9*<;7}i#jeroV01>Go^tK~UE~t;XKDZWV5ay%<-wG5b9i3Ne=X899C^wwX(a( z(;X&5XSac6a1*f8y+UD#K~VfD0dz+TKwvW;dOOb5#%}f+itkltDk>;g=LVB$aNQ*8 z^rCLmIO>%HHSv9XH9V^}4CVybpLM_?L_P}vX$#Dhr|*WgfofX|uUTa#J-N8P0X!!S zB=!FHg^%jBnI8Tmcxi+U82;}1L9wuwwthG6LIyHAn37R{ zBvAkY8?P3q{R8?xXP}oOcCA5kEAW@q6GfM6_c)n?uj9luzngv^yVf?8XOn|Fb&UFkHO%F|o3EN}0nB_i8ed_Qjo^SM0>`w6Nq6G4|UN z>26W=Qt+s(X?t(v+mtmq!Q|g^p&x>lQG1ZLe{xCW1)-wVJl`Q>wU4oV~6dv$*N z^K+UwACTcUgB%VP%yp5P)UzmebZ+n;d+?$DPW`mI_n(%Pew{L11#XM`_uQsO3zDWY z#kuPa()v?G59XpBi3WR)vSX52scXQZY_jB1cEQB#+K8*`i7Ga?64St`vla@|3AI=U zX~o_(H(p%fR0k|hTNKbq`GA4%c}UMw3GN;()H2YU5lKK$_mxY=dTD_kzWWM!H2B;O z^!$yWJRSu$$M?bgmk;u_@3$N8)0@3Fuur6j+cItGwb)Cm$=KC=nX4JBlYQfCo@goa z>!+fa+^=nqr|D1Cp}YG6j{@^zh>G_P00& zxfvz#Jj=ekI$QWFo*{Czir%6-iI=}Sc~83OtK7A4Rti_)*Z6`y+{?(4zOO<`7?A9V zzUSmWMx>L$vUC{zVQYcKvAJPp$jE5!UPft~KQZOX?2df$*1G-;P}IDqW;c^6xzTzC zvZ-!o`k;rp3&cZ2uoc*(32BB3_IbkJxsK#Itj{zwK-Qm-{CTvQJx;>lbTuj}2HE>U z(e)QgmD^04@Fo9a_)YBHwwr@^M4~ku3qy77a;1fxwv9*`bZl{~@##b6q)d<$Xp#-4 z{sb1xvWPw!Ym^Ds!4$B3khHsU1g_R+fHU8chsXX95&%JLKp_;Q686V8&3a2sq=yF? z%T+~>DCt!`a0um^sSO1_-jJA(U%@dJ=s5L(mL}p`2TYxkUfQf!ueU6dz~C&t#mGanLRuFYdymyr(Q9{{ucIzq>IHF zE}O{xg>x*Xl46Z`W`#=uOM5jDl`RQ3cL_JKW|D@O0%kBL-++{!P=*~E;PXNmj%%Eh zUjTPF;y0od7zNmBz+XPP%{fnht(iBdWDU5<>>6-Ueh(q8xr3d#?P|X22jEQL3e-)z zySqEZc-}St>qd9goOrY*){=`5QrdTPoHyIGOj-LRN2-48k6P1X!)dowJPE_en2aqo$<}13zSP8htm}(>5}kU?(JcT zfgL{C*3y$dJVt6wR`gYf>Ox!NwQ59~pjCPSC}f%NM0YqRH& z<9;3ZQtuN}emc%+R7I!)#i)>C}0$-xH24_M*d!N3|x?My`M| z!f6LHp66tkHw4(3!IC7Z5av|DZl^OukRM&;t)~3m9enuu^AAN-toWXoBKu#WNwmQm zE6Ek^9?r*7Pcq|S3;Nu`?(l;3VrS`AoIk1*=UWzdp`%)moH^W~2&~48u`J)}mJ=>A z;4neiTcR?g_`UbG11!%3v2oQMo2R~P`j-6t4*xBV{sU_SAn&`{t*2YNPAb!gF1iBj z^X^VooL6`4kPdlfX`JT;Jb;cL=h{t(pgu&t(hd^-4EP3_SEhFd4Wf3xp3exYmsmNv z42&^ZeqSiJ9jv%_ly7-|^Sj5_oYS!qd?GiXQbLY@l!G8sz5nq->U}`S!~#XdO`!ML zRr#CRilHL0SpkWC^+R5zzS}>D0GgYI=%T_uTY)C6Qa6FQtR5;b;7KZ^U(R{z0dJEl zpx~)yzg1VDYTEYHjvE*FTfbp67%D&&NYcOXEqGN%_~88uL++C+7lhw0U8ic8eUJ== zivz=el24GW1*kN0H2hc#0c%19>~2MNfaCHdc(u|3i@quB3&q%kK#1Qua07Y=3bf9Z zzbxtMqp{fg|vG6+p7)53*)oPX2wS#OEbL`!4Veybp@Q zZSE9E@hDsI#=Pv2wdCK=5ZnfTfA?Sqr(Qky_aX6rwpppnJwnR;@ZM0%mJ25XKbQ54 KQEzqZqyHD!HmBAA diff --git a/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md b/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md index b22a841fb2..16de770ebb 100644 --- a/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md +++ b/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md @@ -60,7 +60,7 @@ These phases are explained in greater detail [below](#the-windows-10-upgrade-pro 3. **First boot phase**: Boot failures in this phase are relatively rare, and almost exclusively caused by device drivers. Disconnect all peripheral devices except for the mouse, keyboard, and display. Obtain and install updated device drivers, then retry the upgrade. -4. **Second boot phase**: In this phase, the system is running under the target OS with new drivers. Boot failures are most commonly due to anti-virus software or filter drivers. Disconnect all peripheral devices except for the mouse, keyboard, and display. Obtain and install updated device drivers, then retry the upgrade. +4. **Second boot phase**: In this phase, the system is running under the target OS with new drivers. Boot failures are most commonly due to anti-virus software or filter drivers. Disconnect all peripheral devices except for the mouse, keyboard, and display. Obtain and install updated device drivers, temporarily uninstall anti-virus software, then retry the upgrade. If the general troubleshooting techniques described above or the [quick fixes](#quick-fixes) detailed below do not resolve your issue, you can attempt to analyze [log files](#log-files) and interpret [upgrade error codes](#upgrade-error-codes). You can also [Submit Windows 10 upgrade errors using Feedback Hub](submit-errors.md) so that Microsoft can diagnose your issue. @@ -175,7 +175,7 @@ Some result codes are self-explanatory, whereas others are more generic and requ ### Extend codes ->Important: Extend codes reflect the current Windows 10 upgrade process, and might change in future releases of Windows 10. The codes discussed in this section apply to Windows 10 version 1607, also known as the Anniversary Update. +>**Important**: Extend codes reflect the current Windows 10 upgrade process, and might change in future releases of Windows 10. The codes discussed in this section apply to Windows 10 version 1607, also known as the Anniversary Update. Extend codes can be matched to the phase and operation when an error occurred. To match an extend code to the phase and operation: From 37cdb3720e5e948459926528495a5789ff6f01e1 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Fri, 2 Feb 2018 15:06:32 +0000 Subject: [PATCH 077/109] Merged PR 5666: Replace procedure with link to new Intune topic --- devices/hololens/change-history-hololens.md | 8 +++- .../hololens/hololens-upgrade-enterprise.md | 44 ++----------------- 2 files changed, 10 insertions(+), 42 deletions(-) diff --git a/devices/hololens/change-history-hololens.md b/devices/hololens/change-history-hololens.md index 6b4a3479c5..20d0866be8 100644 --- a/devices/hololens/change-history-hololens.md +++ b/devices/hololens/change-history-hololens.md @@ -8,13 +8,19 @@ ms.sitesec: library ms.pagetype: surfacehub author: jdeckerms ms.localizationpriority: medium -ms.date: 12/20/2017 +ms.date: 02/02/2018 --- # Change history for Microsoft HoloLens documentation This topic lists new and updated topics in the [Microsoft HoloLens documentation](index.md). +## February 2018 + +New or changed topic | Description +--- | --- +[Unlock Windows Holographic for Business features](hololens-upgrade-enterprise.md) | Replaced the instructions for upgrading to Windows Holographic for Business using Microsoft Intune with a link to the new Intune topic. + ## December 2017 New or changed topic | Description diff --git a/devices/hololens/hololens-upgrade-enterprise.md b/devices/hololens/hololens-upgrade-enterprise.md index d85bb461aa..1e4fbc3f9e 100644 --- a/devices/hololens/hololens-upgrade-enterprise.md +++ b/devices/hololens/hololens-upgrade-enterprise.md @@ -7,7 +7,7 @@ ms.pagetype: hololens, devices ms.sitesec: library author: jdeckerms ms.localizationpriority: medium -ms.date: 07/27/2017 +ms.date: 02/02/2018 --- # Unlock Windows Holographic for Business features @@ -25,50 +25,12 @@ When you purchase the Commercial Suite, you receive a license that upgrades Wind The enterprise license can be applied by any MDM provider that supports the [WindowsLicensing configuration service provider (CSP)](https://msdn.microsoft.com/library/windows/hardware/dn904983.aspx). The latest version of the Microsoft MDM API will support WindowsLicensing CSP. +For step-by-step instructions for upgrading HoloLens using Microsoft Intune, see [Upgrade devices running Windows Holographic to Windows Holographic for Business](https://docs.microsoft.com/intune/holographic-upgrade). -**Overview** - -1. Set up the edition upgrade policy. -2. Deploy the policy. -3. [Enroll the device through the Settings app](hololens-enroll-mdm.md). - -The procedures in this topic use Microsoft Intune as an example. On other MDM providers, the specific steps for setting up and deploying the policy might vary. - -### Set up the Edition Upgrade policy - -1. Sign into the Intune Dashboard with your Intune admin account. - -2. In the **Policy** workspace, select **Configuration Policies** and then **Add**. - - ![Click Add](images/intune1.png) - -3. In **Create a new policy**, select the **Edition Upgrade Policy (Windows 10 Holographic and later** template, and click **Create Policy**. - - ![Select template](images/intune2.png) - -4. Enter a name for the policy. - -5. In the **Edition Upgrade** section, in **License File**, browse to and select the XML license file that was provided when you purchased the Commercial Suite. - - ![Enter the XML file name](images/intune3.png) - -5. Click **Save Policy**. + On other MDM providers, the specific steps for setting up and deploying the policy might vary. -### Deploy the Edition Upgrade policy - -Next, you will assign the Edition Upgrade policy to selected groups. - -1. In the **Policy** workspace, select the Edition upgrade policy that you created, and then choose **Manage Deployment**. - -2. In the **Manage Deployment** dialog box, select one or more groups to which you want to deploy the policy, and then choose **Add** > **OK**. - -When these users enroll their devices in MDM, the Edition Upgrade policy will be applied. - - -For more information about groups, see [Use groups to manage users and devices in Microsoft Intune](https://docs.microsoft.com/intune/deploy-use/use-groups-to-manage-users-and-devices-with-microsoft-intune). - ## Edition upgrade using a provisioning package Provisioning packages are files created by the Windows Configuration Designer tool that apply a specified configuration to a device. From 431ec380fd72cb41602fee28e677939d9f817e76 Mon Sep 17 00:00:00 2001 From: Zach Dvorak Date: Fri, 2 Feb 2018 09:52:01 -0800 Subject: [PATCH 078/109] Update upgrade-readiness-get-started.md Added an additional endpoint that needs to be whitelisted --- windows/deployment/upgrade/upgrade-readiness-get-started.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/deployment/upgrade/upgrade-readiness-get-started.md b/windows/deployment/upgrade/upgrade-readiness-get-started.md index a00a5c05f7..ae10dbe161 100644 --- a/windows/deployment/upgrade/upgrade-readiness-get-started.md +++ b/windows/deployment/upgrade/upgrade-readiness-get-started.md @@ -84,7 +84,8 @@ To enable data sharing, whitelist the following endpoints. Note that you may nee |---------------------------------------------------------|-----------| | `https://v10.vortex-win.data.microsoft.com` | Connected User Experience and Telemetry component endpoint for Windows 10 computers. User computers send data to Microsoft through this endpoint. | `https://vortex-win.data.microsoft.com` | Connected User Experience and Telemetry component endpoint for operating systems older than Windows 10 -| `https://settings-win.data.microsoft.com` | Enables the compatibility update to send data to Microsoft. | +| `https://settings-win.data.microsoft.com` | Enables the compatibility update to send data to Microsoft. +| `https://adl.windows.com` | Allows the compatibility update to receive the latest compatibility data from Microsoft. | Note: The compatibility update KB runs under the computer’s system account. From af625b467be1b996716b0264026a3b36ba5014c7 Mon Sep 17 00:00:00 2001 From: Elizabeth Ross Date: Fri, 2 Feb 2018 12:11:18 -0800 Subject: [PATCH 079/109] Added info for Diagnostic Data Viewer --- windows/configuration/index.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/configuration/index.md b/windows/configuration/index.md index c462632c79..e38d95e4ca 100644 --- a/windows/configuration/index.md +++ b/windows/configuration/index.md @@ -20,6 +20,7 @@ Enterprises often need to apply custom configurations to devices for their users | Topic | Description | | --- | --- | | [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) | Use this article to make informed decisions about how you can configure Windows diagnostic data in your organization. | +|[Diagnostic Data Viewer overview](diagnostic-data-viewer-overview.md) |Learn about the categories of diagnostic data your device is sending to Microsoft, along with how it's being used.| | [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md) | Learn about diagnostic data that is collected at the basic level in Windows 10, version 1709. | |[Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics](enhanced-diagnostic-data-windows-analytics-events-and-fields.md)|Learn about diagnostic data that is collected by Windows Analytics.| | [Windows 10, version 1703 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md) | Learn about diagnostic data that is collected at the basic level in Windows 10, version 1703. | From 8a65a872327d97f9c71dc4089cd0c773801d401e Mon Sep 17 00:00:00 2001 From: Banani-Rath Date: Fri, 2 Feb 2018 14:20:59 -0800 Subject: [PATCH 080/109] Update .openpublishing.redirection.json --- .openpublishing.redirection.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index aaf6b0a337..c88dcfc75b 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -8453,7 +8453,7 @@ { "source_path": "bcs/index.md", "redirect_url": "/microsoft-365/business/index", -"redirect_document_id": true +"redirect_document_id": false }, { "source_path": "bcs/support/microsoft-365-business-faqs.md", @@ -8466,4 +8466,4 @@ "redirect_document_id": true } ] -} \ No newline at end of file +} From 3e30e7544c131e56dd51d8d2c7556b79ecb30168 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Fri, 2 Feb 2018 15:31:44 -0800 Subject: [PATCH 081/109] fixed links in BitLocker topic --- .../bitlocker/bitlocker-basic-deployment.md | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/windows/device-security/bitlocker/bitlocker-basic-deployment.md b/windows/device-security/bitlocker/bitlocker-basic-deployment.md index 9a2d09f6a4..529ff6e574 100644 --- a/windows/device-security/bitlocker/bitlocker-basic-deployment.md +++ b/windows/device-security/bitlocker/bitlocker-basic-deployment.md @@ -17,14 +17,7 @@ ms.date: 04/19/2017 This topic for the IT professional explains how BitLocker features can be used to protect your data through drive encryption. -The following sections provide information that will help you put together your basic deployment plan for implementing BitLocker in your organization: - -- [Using BitLocker to encrypt volumes](#bkmk-dep1) -- [Down-level compatibility](#bkmk-dep2) -- [Using manage-bde to encrypt volumes with BitLocker](#bkmk-dep3) -- [Using PowerShell to encrypt volumes with BitLocker](#bkmk-dep4) - -## Using BitLocker to encrypt volumes +## Using BitLocker to encrypt volumes BitLocker provides full volume encryption (FVE) for operating system volumes, as well as fixed and removable data volumes. To support fully encrypted operating system volumes, BitLocker uses an unencrypted system volume for the files required to boot, decrypt, and load the operating system. This volume is automatically created during a new installation of both client and server operating systems. From 0a5d81c214b5d4dafd8fd1fd4a54a5dd6c931417 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Fri, 2 Feb 2018 15:45:59 -0800 Subject: [PATCH 082/109] added note about telemtry levels --- ...ws-operating-system-components-to-microsoft-services.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index a34a6aa5a7..b4b6298953 100644 --- a/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1430,11 +1430,14 @@ To change the level of diagnostic and usage data sent when you **Send your devic -or- -- Apply the Group Policy: **Computer Configuration\\Administrative Templates\\Windows Components\\Data Collection And Preview Builds\\Allow Telemetry** +- Apply the Group Policy: **Computer Configuration\\Administrative Templates\\Windows Components\\Data Collection And Preview Builds\\Allow Telemetry** and select the appropriate option for your deployment. -or- -- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DataCollection\\AllowTelemetry**, with a value of 0 (zero). +- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DataCollection\\AllowTelemetry**, with a value of 0-3, as appropriate for your deployment (see below for the values for each level). + +> [!NOTE] +> If **Security** or **Enhanced** options are configured by using Group Policy or the Registry, the value will not be reflected in the UI. -or- From b8c83f261958e72e02735d9f5b08b00690b81512 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Fri, 2 Feb 2018 23:55:30 +0000 Subject: [PATCH 083/109] Merged PR 5677: Fix table and image table had an extra row to provide spacing but this created an additional line, I used breaks instead. The image needed to be cropped and adjusted also. --- windows/hub/images/W10-WaaS-poster-old.PNG | Bin 0 -> 86882 bytes windows/hub/images/W10-WaaS-poster.PNG | Bin 86882 -> 143010 bytes windows/hub/index.md | 25 +++++++++------------ 3 files changed, 11 insertions(+), 14 deletions(-) create mode 100644 windows/hub/images/W10-WaaS-poster-old.PNG diff --git a/windows/hub/images/W10-WaaS-poster-old.PNG b/windows/hub/images/W10-WaaS-poster-old.PNG new file mode 100644 index 0000000000000000000000000000000000000000..d3887faf89380367f71d3500a6cb324079367f34 GIT binary patch literal 86882 zcmcecbx<8o@Zgak!GpU565QP_xV!U^;O_o_5Fog_>%%p;JP7XY9$X*p@Gie^U0vOu z_t$OJ*4FG!_w4rebWinsB2<-S&{2p{U|?X- zSe91y`A5Tk5Be+WS|um6cm(eA&35n$>Qmwky9t)`gb&i zSFbfwYbJ(;g_UZ<8nWtxt*xzX8Gi$3rl;q%t>69$l~+$cOG!#<7!=$^{p-~%aY}%W zuH+E9$VyC{xr$N^_#ZWR|6c@aM`hzw{7G3$qB%NaCQ8&xR0)jH71>lOGq4hhIlpvg zx0;7wEK?f4S_IjV05nLk-vBavB@rRB6)IL=}P z?3a{!XTO^#`eyqUV5`UNcGNO)PNF18TcDU3h?iK(kx2EvoW(IpH+i}{MD=n7;-G8f zn|oHy?&R&w7I8asj9krrRZpDE-cuG)BH|kGuJaO{cV|}Cg9==)SJMJCY%&8Am;;@P z-fBm$h?lTM+^8}dB3=Fta-y<=PIW%hy$JusiMul&dQOi~+x1)A$x7l{82H2ez&K)_ZE`I7ejMPWQ~v=^{j1U) zbwJkCZLJDm1WHj5c!$aM{kuZnMw;1Z;c)lWx4GtxBejWwAy(`%p-5_8NdrtLIU=mz zJ}Wh891Q5<75rP|a}rpYp9Jl1o$A&;Ec?iZB&>ye+1D)UYWDyK)FRZ)c`utw-^g{C zs}4sF<)`B9o`(!|A+iQ<(Ef={Ium4h**9Sq{(@RMDI70OB$W?-_05s*rapeUp@{1& zMf+v=u;!_-RbJQkZHz|&KR2?lfl(|a_p)zF&@gK<>>T`;>&4<~gyR$^)XlQi+(-Fm z&R0P%K+}T_PYM85u7FCz%BikKl&qP;Y0hTgg4SpL2TJ{YWAE0_z}9AwQxDZGDg~3J ztL@(}7#sfF#*)lzE|$<4#(J9Ksbk(Ft7X^XeH|;MmDyvrd#g`T=?0A`%H*U;lN+mda`xGPb0CjJ~Ii%_P@c(fcJj6{ONkpdE8L zO}RvlgW_Nkhl^MA0Qb9lDZ1zGf%g0&#oooeggD)AAngh(RX{hrfsO9WDBwzKI z^nKRTz!+F{!WTzRBM(THNFSe1UuK5~hYHwp>PfeA6SnU)|KJ$!7x}SlPHsy#HXc_5 zQV~hFRDQ7IE;z>2K~>tKWTE-qgGr#YvQHi0Ow^Fu>^#-zPJ}Yv*(!^fHxuF|m64Vi z&nFO*S;vgbSsDT2g(xlGPA3CImYQGD7v6mOo_G;_i-?{cspfni+d=zUV)(m{6$`3K zDGZ|wd4f>;&=Y2%=k(`HOjhHNpVYhvBNJauCXZ}RYd}7{nN6oYENr_;*W*v-f^j(k z9Anum$_7(ZfuUL5+P;)~-HXXG2?Xw#4Vi3#Q#bzAGnxm7Oa{MSv}RPYaXzm2b9*gu z*4x-<8!C3BY6u;!vomvI2SO0RJD8Z|yK|buso<8G=R4EIDZsq19;F4LxG?jO5Z8vu zkaq3E+f^$4+)oBL>3ij2gpwl@G&v z(^jOqMwYC`?iLn^w2%?VQ{n$fBV0776Uf|TrL^oYY!jj8rNopg3|5Y^fPTZZP^B>v z_;|OfLL~KVBb>MjG@GG9xfP>HOc@jW0mtc3Lz~FmBU=U%!>on>yJoD;VW)({Mg*oB zKq1xprl7j3lnmR6?7Y#ksZ7Ll@H2Llz?XJH;jt9@H-rKj!K-tB3?9I;`0| zh!d1r+2#QP(NCI}vSUR&KM+3wXAWojE&A*28M@q#GchXj)Ca8+5kFd{EsYyw-Uwn! zyi!eo`3+`wxZwQD_Txrv5Xsl=_bRMPkv_?>MS=r0y@fGNyA~)S~=H?;Wd&Mu)~| zgd4#eCtejGl#a_9$kd1*>(>W66{3By6Zh<$fNJ{6U%uq=G%eHF%D$u{j{FN__R0BH zH_yKC%0vk&v(>AL*Tq%Xl*Z=7jB$vWCn24Jyq`bEmS$bU60zp;HTHsPFPa7$@nimzHI=bR6a4zj1njY|i@-PZ$elq>md^2xD%M%VA z-#X8^(%iee6P-dSGo-cw{UOzMX8{ql0s_Ijz3d0S$p^yj?d_G*`u`q|*C8bM}US?onO%TFns*vU^fEG*`1wtJ6L z7w;Q^!sOEb`dMsl8BE=hw5%3fDK48vPF)5deuA2_Y6S0QR2mq+&e=Im5s4a46mleS zPzvT~?ef1OHu?;_e?SL69XQJyQ4#rn0UK-ZWv=b+CQYss+UBWX2uewcLaaPslw zm2TFma#oSqq=OL7gO9HY$v+{`n1Oie_;1S9-)?56pYPNZ374;q95h%X*L9}i@r$A& zrf=WRmDf>tN(=KW7wxtpEJmwgD8=?YSHdaHy#mAv^ru=(vgT6qXU*3mbl)7ZaDSJV}hAUN_z0&e@?1#vezw=Jfy&J)W}_ z#Ig1LFmga`vrh+qu;l?M!(-<0`~j%frV`D;`8dmLu@dc$_P2Vypw zvY`LTgDG|UbK9CKFW6ABN0XgCo0vP$+0X8NAwq#RfcMI}9D^3Z{_VrPUP{fxYV+IB z``g-L6R4A=1SRmHNtE~n1HMB5kF?eF*4l*j6U`)2(A*buw>^hxA^K0l@zjgzT%k=qLK~Z?x;t!R9%4&jJj#W~H)W2HlU!&ySjFmS? zBv_5Lra4hMd;u#(G6_-EoYk18XGRXw$A@o2o`u)h1}(`*A!XOEDTg>isQ}9`$&I65 zDK3JT1htR!%Ig`lst}QCdB0$UIM+{}K4~d#jh+>2jd9Gvaw`^m-Um`0L~rsPVk;kQ z5gW5}ohS-psTC^O`3vsR$?iVtfY09ggWXzz_X#My$1T@6*Q#tRtd)D%n zFb{PoFIV;^OD}Ge9;tsKp?r*aX5vN|F*@jSmVB(p2sAI`D5ZmExP_q3FrTbN9NoiS zc#8ow^gzJ&=gVgaIT3`Gb#Itskactmkg1TEIaS*%`aTX}BTU2BCm7z3d$)lO$^5P?pklxPf> zr^~9lK77LoI_>Ze1tINB$AS%@UXy$dN^8h5z=_$oc~4$#xA2q8viTPMgCihaY2~Ya z^l3cscu`HMamP~=!{lJw(_o3r;Z{p#lqUfTmt3priv94SMChTki_trM|~$YhZWlH7Vq`|@waWVyHjl`EK~$v|D_tFY4km`G*) zw}VAP`m>{9u)XvX#@6k`wRutLE3D7t`mLh2^A#ai>o=q?lG^q~Uy};HM$s|}aafH6 z70;W0vm^?O|V?O=j@hfYM535TDyl}&If?i^;S2vh48?h2sAlr-U`{v@quil*#;S|Kvx4_O2!`txPn^C4a`YY$l)y-hBH7hsW()gf*Uo z*5|9SRvGa@a8Fu&oMaNT>q)LMx%emLZQ_Ur+ zb^k8>^ZM~sUFzqzi1GwM5ixBuiNw7C_V>QLJ5F!US4wJ=yAoQpvBk}@4YD^SGCe!^ zzm&t4@<~*TS@(cV_Z}4Rq^QIqHHo4?X%YSsHb<_+bdY#pnCby|Eb-%(n1{C7;GtUk zs~LXaSMK6huoN!@R<#IBU*s7H%e$L*nWwi6)ekm!p+-7*yHi3PebpIR zzFjYk(z#BZ9?eOUr`G_s&g=3oOf~l@sE`pV5nuW&~a(y*Nqqo=35w1^l zE;RYDw9!B0@-;aLqmDlE`m{fko=#ub4K^Es5Ajp(_+PE|Sqn|WJ)I1WX2+70xi?9C!MpFA;c4v;l{u?VLw(HX?%AnGlySsq<{qh9? zR7iV*z~L6mor zLS(CT?xAjt#Q-VWP@kww{xMEQ z)Y0&1J${U+Ta-JT(y>ns7U7ijP~*v>)&13MjzzSmCMo@W3*FdT4oUpe1I1Zuk_0o0 z*86qOjYjFDzSWK(x@Vp?XsbOSjv=e=erJFraFb5>v)yeG=ukp|!hE6d%}I$m0bvVR zx7%DVgvn}@)%CjfZq>F@8v-JBY++3ei?g7}qTk{6u2R%h8MAOrhHlcDm*-1Y5h7kNl3TUWG>TG#vOeOFe8 z*UJff0?p6TZilUNzhzIuEp*n2r=YT-Da4rPm{Vc&`}Bjwfc*w@sT&k9?c-t&zEN}< zFX-x39Binrx`LZ>wsYLH24EF!+g0=2S(^sD^KtuK6?9?ZG}nl{_O)}mD4r%|sl3%) zKQ2XKI(FQ#@{ah!YHI0DfVT0zzi331o5@{YYz2x7$Cx+cTDdP}cytTg3eE5-Wz?v? zuDzzjL$K?8h(Zf3dT5~KGI?KcVc_TJl*xn|FC-#;h)fJ?ojwS^x8Fu)irg>k9>OYt z9w!-jrl{pS@5sBK78%!q08ZaX!Y4*lV(m8ET_2beXfk>|GhWw@Wp|zFeD?tgOX4w0 z_!MI$MK3{JQk<)$ND}DHG8-bHzYPPPnp~`j6u%hpKzPe~AtjbCs{(=axOHdCICIf9 zWe3;wsL{S#6iA%H*g3XIrS~LT1WoX8w?s!c7B+G;#Q^8AcT7 zN^91J+1={Gn(yoTawlB=wZuGMln$gpJC%0Ggh%pZXIFKMnuyk+LRnnyY8TJtLrG zIL|GQ<`kd#=4(ACSo8*{nwjMruDP47ez@?=vFd3{N~iuK?Oyazl2R}T}& zXz$kvrHL#aU)DkkKhe?`5uOvrWd&TkX~t5oDTZafTh4v|5r*(sS=6Rc(89w_c# z*|qCX9#fbw3Gg4FU;zZ0#7gA@7%7MXyUAgT@VDqWHE87~Pk1d>KNhJ52$uc?rU)_b zrSgle#j<8rHFEVCD0!Z=JWGv$uI55I@}=$MRq_-PMbYxsz8~X^Qa05r7S$wcuuxO9 zAYEU?ZYZUR>=-dB^ z=d!E49yqv2eu@nZjE&p$8e2DFy15T^dp__AtT1u@;_&+LLL+`SsBXy)hpDvQv`1(m z7Oz}M@i5^{GRm~w&^{R3>+0jwDN|=Xj|m}-7C+kRr=1xLW+;jT*?cSCs0^z% z@}1AV%B|AzGhT5b(b*aIz~!$!%;TUTB~i|>=wS~D*ll)DnCC6P32f_v&L%d@={N{* zLnl&;AaIX=m}2ToGl;$^`R|cal11W#&8DGCOSJ1R7c|@-5y-`(*m0dAXSmHjrUlZt zFV)T2@qRw%#n&;}jwv72u6W6A}X*cPw4o?ZOrmsD!o$MU>K5XujCiLB?S z%kuIV#q4;yFrka|I6G1xg4B7mkS`b9u9s}arjE?2d*DJSU49*M4yH6jS}*tX#y{5Z zeAyo%X1wf%(WS61YbUA_pa+8+g)AEd?% zFZNyc?En0s$W)bPmv*-!A|z8FvPc(d-7O%2Fb3UccZr&MF9pAmWD5eg++vE{JiL%*c3AcjnZ zq0I+l11$bjk5M3{Oaw(){;noGK2Z4kQIeQ$fAkeD^h%||^JIOIh5AU79qCX`Q9HbJ zzXOj6@nv_gbzDj2Tam$3i;e#4-c+N_z0uG<<_!&=r;9abP4)ZgjaS3xwRcsnF$&_1 z+NTn`+Ht*)hsMj%N00O|<}}L4>!TTs$ltpl*O%h=uZxE-02Nh4v9#7#p>``^o11$Y zCEeE=gCs8vxHP2LPaed{j~nJ&dmQ@7qE75Rpojolp*uUHuI}sJiV|QFMtGLYeBjU! zWG65}fAL-S{_k41z4Nl%oMshPvHEC7G&%LhC&s6%yn*+{FG9MEN}>WIeDtF9GZNZ( zqC`ysIbS;dtT?tB_Ny`_Gx+I{EEFrU43||2T1c&4Iz~w}DVsbI;asZr8@AH6;7<|> zY_+|ydI+*|y?Z?C&0FRyPMS?6Sk23C&)Y04u1ES(`6v5|7uSeQ`nNEW*Msz28L2Ln-Qt zutvw&tBuHG7Z*paQOtyqN3qNoYqU6qrfE&=dbRdbM2na)k`v^$hue*oESaEM*xg2W zO*b1`qLI97#WLZd>mHSK0@zofdZT6QLCij6o4zX z84uB9GtajcyOKwFbHSWL_gwo|v}h(2ZSa3Q`g$vmszwXzPeQWQu>@2AGPscvF#sWx@F3>`&g zX)ksHf9lr)M!(VT9Wil~`2BW|0~<{y{~EAancUwgk{zX!gkl)a@D~0H-MW9G;L?D2 zVYv%Z8$9IGW9hD^dB&jc4TLGm=M}NS*U8+068ynb9TpJ8Z}X*;6_d>h)Gc*~B`>WR za=#QTG=aD%l`P#y=P&zFCj0)}?RTecgHJsV#=YQEWu;2?a=;7cLr8w{VcR)F7PxT)Vc>re$ra=MRf$X+JS#wY_B3^Jz%k4-Ul4vr4AWw}WFb$xjYrX7w!iger< zQx5o}*8+*F#~4wFB^io;tP)PnU!64LRv){qJfkmrYqO`j;o$c2utvffyPd$~LexKaKV1$-A`<{=M zE%A#z9Gq2)NkVH5=&fL3i`Hn20~#Ttr^nQcH@;Zd9R7wuFM53TS*I^A_XL3#{%=z! z;+mV`gd!bI?=v^GBJ_qhJlV6_`~g<{)xSq{l)pZCkf^yE%VSUXD>Jai&|kOtW7c{qgm0)PkF6@ovsI)Dm- z^yf%ttn{uYm){z9dys`5?*58w<*3ljq?5Yt+&*^wwGw<$y9bYzylE`O7`oT?8;C9s z8!NPCO4=<#oL|cIyt=k*s1~G%zJ`DCPUS3wy@oOd~D? zYQC6nIe~2wuk!nx;^^0+c>?#QMH$b=m0?wg47?7ebPj+ z4WIQNmp^pL7DwA|pQa>1s#osYNAgW6pl8?%;MQ5NM-<-i7rY%UcZ=H3q(V)5Cx5np zU_CQ2mgBX<%_Jv)FmHIn-4iGexAtAtUL=*@UzfV^O3kkf22-@siq#f?5O_YrN*dyB zQ+G@KXyR$p=(YegQb(VMjQe=9J@x!;5YfNsEu0$!0=~3JZP);FJ`^o)>A-WfM>pV z6j2T@s54?qzw<(yfkiVd0i#4huZ$(2vPi#L|9-Q8vAzH{w10m=FW*=8T4bwju15#S z_YQ?{>HBLeg58v2#tp&POO_=nf#Z=?EpSOu4_|BgZpg(`G<7NOXQ5*_4^KJjJxxaS zrdzit$Hd5nqxyr>J+$-Ub~u8O2z{wqu*)Tx_IuBkVD}d=Uu?zxfHJ(GkQpO%gueAX z4ks-)9sDZ06fD{oquqgd_SS0)p?}L9Dca-oOR=6KTi(zZy>il-9nfT4Kp1_%`2Fzf zlY<-i64Bk%AFc50_H(xV6b7wNgvIeXHT~-KiUq7s*1Pj>Pvmo2;l7OoxjIy^>4p7MBiL|M?0C((yrF>G*ZkE{z@pVQ1&jW+<2}WOMzY2UU_y~ zG(_Klzs;v04nxKwP}eCj0$aRaec7VVerktWZaO&`joTDqYn{C$Is}n4YzEXGOj4ZjTYjeheBh{C znrgy>T(;HX!*2!I-;Lk?370x-dl|&DKRN%>E1Zm~o!$YNB^jOtuE!swQfTZv0VJmY z1|2JxyMN*Zl2ig8K8{`!DV}lEY-aX>Jzif$NV&KcV1)x6s->Gx#76f%E-)IaZl0R& zV7OUd6_zJVKWm{P`>Nf3Rr*u`n?tay^4uOc&}5K@{B&uWq2vGk*!X-YcJ0|AgV*IB z67|9TRTp*n?Im-iL;X4WY`Q!FbuK>u2S4E2)_p1i2U0_SrM*jV{Z{AH(j6=vW4kmv zw3x5m?M>|YW^=z(3Etu^`r)-^^f0UIB_oKIF_gthfkTWapRN+a^ z`b!(gsXJy$o6ScEjJR3ky8zmi&LsXvEByyqwZG^7Be3u#|9=ozyZ;KRui*SkhhdAR z2V9DgcU7eT#=j1U*wT-8uK~VX^z2qf%sky?~h4E z;qUM5skUjM8$qQsjE+>Z$1GJ5C!hjtZEfliy7Y|RIAkF8awe%%<;ltV`g+1JX2aHa z{c`z&7nNyEYUtW?3JzJ1M7H8`Q}XUitMv}>Lr`XOKGPfLLo`9M`u3aw{+9VNei=eUAd)a|2p7^9*a(f{y5~pCH1^~4pJqOmXKHYH(CDLf~qq;N7_$QyDzm-)m{&cMs zS?YM!McF&?a0{O#TZn0>#Qo>r6`%CM6(l*zd5NjYg_*^B$-~RvA{5o~IS@n4%o`~s z!?Wf`m*u+tMBbku(jv!TFt>I@{9lsUkI85u@|jsVL_}!}I>U*sc%j4+_V)Nc7ZCHc zwKP1mnq=`#lx}1u31|O_Vf^m_yW^9iNmDw-zD!`oL{H(5;nHd5Tj7}qAFlc{&>2&K19a{TVLDzx<2NUb;s%hRCwXB8p;+iEJGIcvojMtI9mjAaHv7ExNh zhCdog=yWhXru@RgX#BW*WJ<*rAx49i;2TZ4xqh)6F^3#wG#^uh2!|`pq+ztl)}fOX zrm2l5{y#>%4t*}6iyx)x?r`At40^>JVb$C_IQXOQqwDVP>KiK`MI68gFC&eN`zr-@ zCy@;qQ7IPh!-uH++v5PTR5b$U^p!C!kF!-AsyvzfMcG@#s+y>c#sILY=l@a9Z8dpM z1XeQtIz)NTf-xykg8c)nt|dHP->@>i^6sAp)fpr9qYS4QmNRp)p{jaPO(J!t;O`{W z)$ii{dJA&0@T?st(Z0|rAey>fpl?_2zI&ppQugfx1M*BD3+|>t_eDX0Drv*9h=>{nf z<(X$GjTrv|U`_`SdqW;H(SjCnoD`qraWJyvOr)lkyQ$9dQ(kJ3hU}NW>%21&K8X@B z!O8iQgdc1z3VtxV{QNi6B@(!@onuTfr3_s;UfJ`rfzRIVB@IT$L8PEEmOz)d{~_yW z4a$F!?Oo>-lGOM`tm^mmkNC33Y@vGXxQvRLRuprojxUIA$Qo?Odn1}oQsr7#6_pGh z*1-bNq^s*Y{UaJ^Upu~bnEaL4Pl?&OwLVu_0igX$h6}^cFrdXRJcK8obbWmMr1*r4 z>X{-0-%{NDVYy)J`q@6Af18`|M`8TfufzW|{-l)q8a4MT2gpkoIcBNR#*G<+alW<) z9fr)&y+r*3n@fqyW1dr3mn;tVu=Mr58>-9OhRGKt70JSmCgO-yGcD9juQOTKv_GrN zR~Whzve(t0A9Gp}Rb`(3`1C=qY@QAtT6)I%UtB0YI89rHvG~4!w3m2xc6PYKUZz|r zVVbWU%BK>lTVaAqYDrvK6J5JSSc2l8$y;TE9gI`lB)c6-`)@C{e5A>Q@@Hq${+jYc z0R79@e@;~L||e6C#>G{tN%W2~g5 zqlMfWbw|iwSASQZWYx;uN~K=C5V+8>u!TCPexIfmavMd198GDOer408o4jJRiCrYv zs%FVv1Mr=3v+k(KL?Rpdh`1Z##+@-(Ts%t=Bkp?^VK4E}p8O=*A6NsRZ*#RU?dB6@ z6%gSEF!7lD%-pjf!bglnAM~QsgTuBIL&h--*nV#O%Z^_0V~E|1B}=Vup~6ti-SP|e z^6+L@zh#~70>|cS8vF${C2z*kqS}2L>}{p=cwVWG$5PuNg$8i-VWHCjy@Pq_-FEb$0$wNzo<$%#_aA7YXd4In^6sdLl2U4^O;RXm)4tM)V>FcQ$O9{D>PNvi zh|J4OWy!q+AJ_agXy2~}>WJV8T69I|WSzGem}4|@iZmt=RE6Rftp`5aJ?M}plMyU$ zQv{4}1&BO3j~;!EO58jn{FVWg)U1T2fcmd*T(vk{?A3jx^~02FXRw*jnZ#DK`KDlZ z^^=fM;Vx2Km=NI%_qQw9opckN5F9^jn{`~G9Rfij1P7zGAA{MpQQ; z_;=<}-)8ASdO)L@HA+9#Cn7qF6zTbTg~@82WZ3vl@ior?-?csXOuj&R_i^N1WGV{` zBq?do*Mn2KBIFznuFp*{{x;&rtBX~?tCrYTlCSEwoj$9pqcAW4t3j$rQYCwc;ZoVH z-gXlQMhevhMFz*xYBA1x1C76Ic){0SfBQWN-3Q`TlT{a5E7ME3ax$Uiw{;U)e` zf8?ask@|}O^Nwmu`4j)M0ctb-Xn6n|k+W=Op%IQKytX^<0v{jKL6?q8^3}jRZh|Fl z7S)A%ylGH*@ZVa%qTwj7MTU19bld46g)+hQ{kBu1#Ojtg+JDA%`I*{_8skia{q$DvMDKB;-6e3dILQpWk zY30U_zfk$$&8x!eX1M6n)|5jcS)zi47znbb46)CyDmZc;dS9=<1KtMF2j=-;HTmox zbXRUgZPbf;dA?n|RuBD?S-)Lcp;5T#fEcIGdQ6`*4TU(a12^6JN6%TKU2dO5TdIJD zG%Xq3fSkfaEUqdjaekDp@AuP!KqDY_qw7_v-v!>A!f6v5}Sj@tykMq=SZnF z?{?>TB=7vLjt_U2f+OG1KvETwTTDx^94)y5L->dZwBvhlyr^Y($cUe?8Be(NBlJ^H z;e!hsxI+wlk5r>aE3_!ts%DRv$b{Ld4pQ?b%!H8Nwq{uoLo$dcpqD=L`y{MZ{*4~1 z_jtyo{%G7mGFG2x!idJjVS)=v$k}wYD-7 zkYR&BvaYtk`&u`|T>h7rN{_XPI~^IILDYSox6fPamzyv{(d*qt1xyz#uVmBb_@LcG z`Vm2A9iasR;?02zle)GVDn{A);f-Vl0n#k-n$??==K_e%BuSn5i&-A;VGRM{4K*vN zpyF?|bxw=pb@3sL*J1RJi5%n4q0OXqc84o~7FMG7)7ONDNvP-Hk_QzZmzm<2#$jHD zcF=4M(wEMdlnitw`$9WOmJbtI;J~2)05EF~x}7VP1ZV5`Fc1k7nH67z93$WE`w#u< zh+}>;pF80u@gxsDnWxhRG0n=AMrX#x*udF)IIbXlfH{$2cpOE(G^w=n-)^+_Y34;}z@DJ(hv>qR6yDJO; zV+=|SV1VWdwkF9em$}MPIq;c=X46 zOB|N$geXeC7My$~@*25WA@I&rMA3x%YZ`Wrw z=O~P_>3ezB&=gp!+Xj5eh3}XY?Ig^6K)jQ!KhL<}$nU9+TP-QtEEO544Ab?7v5r&r)nW`5-Yy}|w&wS%1mktZI ztLZE^R(D%%E}Ns4p&`wLS$jc|0ejrfTwhxZ#=P9lGwSLs(%NBMBvfU-mB4-uRz=5E zP8oLGleEaFtJ}lg7xD7}DmC_LVd47SyFe18cYW+Ux&+-tOX&a7|`dSkGKAoO85SBZ3=RG`3m5g-Ej1R1k?>|~b; zRp7!*QWi}d%w^^^p{Ot{(Mv86JE!iSnd(pknrL}()s8D8@&j!AQ3TFi4}@Ycy?FB}^y-#kx}zx47*Zt$5M(_;l&9WT+`7G(ne*2wHtH;tR zFE6qY)z_gTB@MjuJb;H*C=5ZfD(ZsQr-ebRS#PQPJLP96vDXXBo@sGL7?zKVMI8AVeOVWq-oa}J)FdIjcl|fCf1`L=DvW6>6}!;= z?yCZiR8$h@Yg@oRr!dU$`~yULME`_R$yJlj z9ZisNGKTaxcOB0lBum+`)hH$YL_{#oy_)Ns911dTm53r5DE|TfL!+W+#q+aq$+OhS zU0FG9Jgk&j^tA0A1?y7&xO~c@?)_Av>{ocXVY(Tg>&9}TXDRFkxD5T0$&s{Bq)@I5 z0&i;{f_Py^iSUUrj0~L-znAMr^UyXRk|9djN)#1xSMTH6!!z*gX=_PFbrb38&;8t3F7$t==d5}f5iSz4Pxxb!O@&KiFi<<1{R7F%J&X1Ip$J;=g{EckF$AMX+Vh?)PO z=^a49-pI?r+4r4%-sd#9T;L$%8>Uqt#1T(y zjPzi7gd=3suF6k@lA*z&`hR-c(|YYAVE@Fw*X-c-I*uo^=t%ZKZ*I|8&`+2T+ii=B zx`)#B*2~1ywrO&;Btwwkk9(W1Xw)xM8O7I@y)xqF@~JS& z@^1%Q6$w)HKZ#NdO?NeFYp^P|3WNp!j{G3=nlcQylRj+qD;z3ukNQ-7R(2=<*^Kx( z))Df!*|dAZX1_ihR2W%PSXB1i)qny}7s#0|UERo$y3+0#vRE}w6i5i3pWt(!THQfV zFEqfhs#Aut3;$5g0|ac(WH7QqXm+eHlv}*Liu@u?ItHr^youxboExUp>q`b;DN{J{vJqb`jP2Opd-c~PDBE;e0^Er7Lq4=a zZIF?@Y8w>M@h_{7D_*7W?{N#XjX&Gn7;j#G*=je{+ovhqp9-hbE~vKwbo8)TX@gSQVQcd|wrD*mp;RrXt=V5`duh)L(RmXm#I z73iXf*`8uAt1@zHyJ;4L$*M7Cy*X`=OMNj1>QYT0&IHoNJRn%zOg1 zvhrYjp=4>Cb$oxwXok!Rn5k1+orr(OSv}jhd(>`@H88$XCA~PP=yE=!Pt&*{=_%F> zGhP)%(mp-7h+2F1NIJ5k-3U|Ee^Qwqp;wNI6S5ONu&e!r8XDtwxB*_VGXop(Ht6s$ zo^_w>q&lFoKsuVerEiEpO@8ePf&P}@B2fF%-%9{y8KV`CJp z%(hRmfwGKScatWE1)y35o|)SI0w%i`Ku>A(}E?Szin&o;;j5O3SN-gsmV+_7pn6 zNKFFblq66udH;wmUM#)XXHpUGbPa9(9&I@5J0qXlil7vNSt+3+l0%Yh9H8js-$qS4 z*f!|=oPe<>(xmXO>0f&fldlk#tRltzBc&g5mvY+p6LD-BjDk^fN*ogBypRr6udjCAuW693- z_fIR_M1mFlP~Ks9Kdv)j7y&(kC}6nl-ft@RJ}m2sL9p=h!I|&zfrs%v9R2*DFMcGi z>sQy1b0GVgTW@)PRWuxTmd{g@`-F)~b@_D*Q~ok?6hLl=-+u3^a&KEOF4hoT9{;d= zL<$f}iZx}JGN)qG+m%ECRZ@At%+^hwr$(V72CEkv28n<*fu7ZSUdOg z?mw`v$1wRZ%x zq7sAFxt#iZV^Kyzd6dl!l!Y}E1BV=hECtA$nwKu5?d|MZjI}lYIhj*Gj6ex4pckVL zZ$NQ$IA{ugh;o4!{4u-&yA*|}8JxH$ln5U-3d~V5^9;z+nyuI2?E~NJfe~R!53irc z3T&r=LZSx?^`r@gZVC-pm4To+Vgd&2kLbbaM7?b3Fh(PR*arLr4FeSk7&WWI0>ndk zA2_A=L1ckz9)dcW5c()1XpHTFum*9Kx-hO$#vlas$x#-u6yuXYJy?Os(akv~gM^6m zEeKVMj>_R~PyE5;zworXe|-h2W&kk9=#V_g0mS-j(GCljp!P$YQ0+a09*k0AMwK7m4TS*%Hu)sK4IaCd8H8y1?GR$59d#lUtBMg zn>NGSo34a^vV-aP{Uk~VDcSkX#%{X_9dGw^oe>DxXfmZhS=yZz{67x5`D;53q_91G zZ;5UijkmitEImbZym9f({qC`+ng5D9n#-sEQf$Bki4k*Syx}ud5%6$%35$xL;cW?x z=Gy)uk;tyQtFxsQ(KofMrseFZA@;W}RSH|FG+r7Cv7Zb|a%P3eySk#ZxEKIM^hv0$ zYotJ=jAh*GSH?16=k~+Fa8pUGxjbgm!5ozo8T)%kd#NQKj3Xg$oeFBUSZ`t`y$DI# z8HcEE7Qpqa>1uB<$bd9`vG%OVC@qP}5FO*5GL8Wv#_(|=(_EBOXUSW3%qEeODqA~! z6U5?0z@J8EhYLUOSZlnnKG{%Hc{E4vW(B{TpL@R>nktpe-4jwhqhRw_jMj@@TvTi= zI77+I(%?WNQ^19asz*w;>ctaDtnT8?EB0DLooI#4cFV_rWHflFNhf7{y7e=lWjeIg zB@v|y_9K&7vAQ$M_z3~N9rHIa%?iS;=kJG(TV-=;oGiPmcOYim-;HRMQ|maHShu9w^9e%p;FMPvWoCA-I-_ZRy32f}&9ezjcWq_=op zq~2DmXV+7Wiyn_3z3A`hW4nHFlLRY4Usg`QK6>!#y=Fhu8MrNmud&B$k;#hU<*>Vc zExeQKW9#8{qt3#9OjjhiSo-S(jCr7Vd9E^MCr8RjIjrja{_#*#xHjkOW2^(tTRty( zp2$!<^}YS%vXaC0PxBJo40&gT@Ym*R_(_d2KY!;%-|%EcbeeXmu7}Ibxo>}bK$H8h zhxcjB6bW^*X76onBZX+GI8SdvVydU%3_G;>6t1V)!paV9FV?5Y!5#*c;PJu31%X61 z3WDqxH;lNlT#cT`ne1gm_et*G9sivf&VwvX?E}`c+qfV-U9acg>J%$$%8zCtb{{V` zUR&9X6x+yYYSrt`$2x&*wioQ$&{LS2Z+c^X&>pyX2tRQK2btWlCF5TWx(pvZwn}S$jb{#bUovpxumiGIM?xLy92X0E z0S@ixR5&~Hp|Sa_to^Yw>rm;X;YV~{riT;pGSf#P1a(D)1d*{@9*(z{9eBS+sBWhm zWAI1v!8hxK(m9^iRw`zpeQnZDrgtxbVK#T=(K|ZgzGNzr} z!~FPB^Yaq}PBCxoznb&&vx`K*xvPtZS?z7i>$K0@78I3820X8ZqOl1TllBv$rkHIdhY3 zQY^`PWaQpKw2NDk|A&GNyx_Ff+Zx+-a~j@;A9<9j zd>=yW4=Zj5NCMa>>0omNr?@|hcz=e94vKpc;s&5<-lhFN%+(h7!kN$lb+}oZBcdpd z0nQw^U{oH?(<)=H5J6}Lc(*6@>ZW2;Zv?<;p>2_qYxp#6hw-um$Z@UJSy3bu{Tmix z=xYurFy;&g5v4sG*yCfuIjf^I1Y-W3n?S4hrc{9>gQYpKOi)j*nkypuoq+ zmA}#FYf&16Q=r}^1I6tX0H4=2=Gv~*!}GnW)5}Js8N_Ol^*{9az9va@Q$~ci=#E#K zQeClRzf{P`j~I1qR=oz>#mBYKPmVU4EPkP9rTg-!9UmTXP3C#CYhKy(gE?X~2c3iZ z%uiIdaMF+`4gY{c@p{Jglm(unn8O!=> z&F>7}ESlse9e|(D-{^hbLOj&vK4g{LuVw$T_yBPbfn1a4W!?TPp;d^kQPY>bS;_Ns zVsfi>Kd#!g^|sW<7Q}}MmNwBEDP8@T-;ag0=recjDB@^2Hun4ycW6Xx$V6J{`n$05 z<>=+zEtRbZ^5*da1!WjN*A75lJSDTd5r9POKG~ktJDp=XSHJ+L6Cb_VB;s(c3K_y- zSJ%=Klwl*0^ouCxGCv#8Jhm~6ykw0j!v_JZ+v4Cu@L*yj3YAOIguz-F|D)x}>Ez@z z%;qNdBP6ksp7iP>zv3ybi(0HDa8_p3H|yac`Vq{NkFqQYQV3H)H58)u!c5r0v?8Q9 ztq~>^%l`UW+f&TP@2?S95KM4i%9_%UXt~6&%_fbfjZj%|8~U#IX_Es(PQN z9&(3}#D-87SW*oh)=x|XFzdsT{ACkptUTNOTkQ5LjnUvaJVy~-$CwvBvm$+55e)=}~pYBgCIPS@IT2U~%h7&ETiy1vv2^v=I z%*n%-KDb*kPb>>l_U+@O{#p$jWHuNi& zA^9Zj)%EKh?NZ~F{l5OtLkx#M_PE8_>4`|TbBL;*oVoH!Zbfv?@0?pAqj)P9n zEjMxG0ykiuwK)W_b(s|~cjJ<6poSe9GH~p7awPc58lEhG!Ilchm#O1s`Ci$BLM&c@ zXD=;Ygr7nG+k5JokXfnE z@&yj^WqmmFZ;{tDg;VyCC(moqcuV1!w9*UK+UdXtd}R&+2+ zcn*X{48*%t7cy8QOm2w)nfw$E$%YtSPAUJ|S@7Yp+|On6ne06$!6x-#qoCg_vsRi_Q&3GS1>31ccxE&e+#j1LH#CxTCT`4!(K zAG}REDfm*>)(Pb`)RB_Xu0oMtGVLYo?A6-yYAUH``e&wQ|0vZw@i39-xxJ;e$@@`% zY>Hgs({AEuGs9SS8unz*p@v|GaIrh%t&S|DeIKqI@HT`>jL-7wZWZRBVI@>59DjOa z%mdKCkX>_Vp<7*yu=PXOB>U6A2O)k}JZFL4{>kHMf7~x6aF4T!r&gU<)|ME#wVR=^cVjV-fq^q)(^@9xN@x56t}Cl zov#-I(Plv#++Gzd46|!H1GY&g<2OetQ=x~`xsP4w72>{$-`p#S<=?<9o&##YpEP%+ zDK^5dpr*u>4xlP2Jz*od<6T{cJ8WH!irnMz4` z)pF%x9m*GTz$BgrVIOpb3JcXC96LS24PF2{srm(#dwBHL zRJM+~TT2E{VLLU7V>3GbR|$O8vb1Y-JMSj4|O{LLYgHZ zW@BfkFLO_Ir(U;(n>S9d|MkVI%?ej#hekzt{b(h~9}v1lsYCD<% zsYqDg%s1ON*W=LsZC~-Y*OSo*_tb|ewYo?9&)ccEoMETSEc-Hk%_aGYW!03vK;{zz zT}b=0rSRu@hqtf{&I7T-O_^2$sBPcfx$`XaZ0*_~uQu8%c7I=~iO`aJ#F5`Z1 z#Pv&Kcqn0uyY+H&r~fBET7C^ferTjc0 zv(lKvU0l0<&8cIXKG%t^dHXlCX{+srwu?TlAb4u4`q2_v(fBwLtTP)2<9xa)=jOTM z*(6BqsZ=1_6U_Y*C#QJQwLCMa!|}u503hu$3j*i>wX83ZZsfPQJldtI6`W&ndT#Pfl3& zz7%1z+9~Q8-Pg62kJIYAB?K>uxi5>k#;bcc$x9dsT4!x=t66B-2;keo>2xLd!jbl- zg|)OCle^H%^QQo6uM8syu@XN)k*4}Q?GHi&<&#KX#qE={*`91!+wK!`c2SdT5>t`^ zZv~L9P=M3zQd=Xd%~eTZG`ARaSA#H+)`@X{i$THrH^$uHkxgzlQo)h))e=u3p(dHI zPUblwPnE81bCH$QcXaI6nqVpTok4))%+!{#DzdS(J-HY+2Fd6x4H_Pxh7 zy9KL4k0mP@WT!d<@}mk&vh#n^;3k@Va|AGHJ6?&&8M>$Qb7Xh6v2sOTIhF8oiGO=> zS-tI^%;IU(3TFZ#W4$~BrTnR*nyaE71~Jd>Q0BeUo=`@_dKHXjm6n8LK4^s1$(a4K zvc;i(uc&>l*3~tE{KUAyqKCWlSdUS zVIe_9X^O@X?fR^R|0eW+ScLh4V>)#}Pg}%E$2Id2inQn< zJU$yX+~bN-GDPBnabO)m4p?f&ZVshUDL?ncTmA7;6*wg_w5^?# zVRLmnBZ8EAc8H?@W=N8lu8y5{%ww52RvoMJ+tIB_CN|3b_F+<5rq2BdByz?y0d|}- zmTePE=+xA{-gu+MG6{M(LR7Z9no$%OZ9uhD+}RioG$hRm!cqt}VaR|07D-kh$8q69 zdGbxp+>VXpLCcqvelX6!$nti-OfW)EEq!!7zjg1VS4Mr zaE9jw#Ndgf*C9~A;_8s>N)br}nlxlUgfeHqSP^mnU?8GM4ShBgjR{|5B*goUL8*F> z02CKo+7(H;!)4M`m|sytj*0e$hV%x-rji^&L^VqWHc=q#c1EQD;q*4SQM8-G5UG<6 z*K9)3Xbt)E2SV}6d90K5mwo-8tOmJqZ1e~;g_pA>Vy*l}q$;XjUwHv25C=sk0wWHE zi5w-Vg(3wn(rUMtoA9{Y(Z(g_nnnOVo68OhY_@d{uh#l65n1rfpD;m0fhtcVPMie% z{%vPsR7ZEHM=3H2l_{;FXaPndwIc`^vpG=s%ER8!$Ywriqa3!S71X~d0dpFJa=Vt` zGGN&dm?OX$L6|m%og)>X2WXR5lX~UrsM>V?|4nV#>K4qW%LDZDX$X$cAOXH3rrGuW z0BnbtT`1Xa<=0WR@iBZ>paPI8#a1D}8(f%!V}RU%9F&MO9I9OQOS+F%dlrb3O<3dM zQhf)~>XDJvNm*+Ws8y}eKm}@!HcuT8rGB<;2o=VO`?qo^l0Hu=`{zb&DRHXwB2l;`pzMTyjBM@}&vUA*mO4P9HcM3q@0 zebk>{8EeixBiCG2n!EaoJ`h}A29fNslsl&|aPUv71veo4Ebp{Jbgd3oVl43v}7^%O5gi@ngOPm~vD zKfQM}CXe%ay6Q!1$gq@__o(9zQ;1mFK)LCc z7#X%;{9~$41}QywhZ{?PWsz z!sW6FvJt#jpFU&h@b8;WA#RnQm8H!4k=; z8d}*5rITH!n@!1mB&{cJqwLODiKR{JSbd|>*GIf|$pdW2UFDRr1qdks6D1~8iw~*p zhKw>+%PrdUhC>w6#~B^26l&mSTEx~;IR*-T&&m|4H6vu+Hj5)}e{Lw+7}Kw=ANyu_ zZM)kVxIYY7LPhB^Pa;By>y-cDSrhxOuW_DUc5Y9fU;>)m*_;LM#$j#cTnw~Dsap6$ z>~ixE3850Gv2L-5B#T@-+UEuAmmf>Mfw05Ls=BB$15cjK3;vO6s+yJEy~anh1?R z%tac9=>|`znjoNc5HLQ;RB`~IJSN!;@M$RodIP788WdlO(%LwX*0t~B$5iaDKq2C4 z+=$ieBs7HBCRv=l;YBLuefdk@?3tmI9x(*|>$!LOyWO43>#Zcl8UQXjSRhkR{!2a~ zfi^XY8E)t$BqW4JY1W{DAr^k3ad1^_gdZyI2WJ#tg>M)1=KIXDj-%doC8?#YOAm;E zKQzQ@E|+hprgD&YfJkXayQf^)@x!k-xc~J%xBGwj#o_Z(9_WLDM}`XhdijR@h^o28 z>Lfy<%GM~<83N4i0)j#vZ3M?G4YZNN83C-#PMP5H$Ry*XGnXIk#?Pf#?iIYt_cRyH>@>J0%hGc$Ri~jI5 zEGTg`rDgijtVCMJfWI|8TdFZzeCHjX&r|u;@$kO0QrmzTeG(=ysZM${=G4fHmbmE? zp;4sLkj^lUT*w0*Z48epJ6dP4Pt@_iBvv@b{1XN=5=x!#Q6y$C07bU@vM_IpQsEqn zwVAu1{%&&k`mBel{2dJBl9qXDY{iO3;jQ0sW3y-86I!WN6CB2(o$3EBrSIzJT z^d9`Xj=Wu)0~gO+S~W`1WqdgYH?WfG;$7Qzs|w?ZbosGPsY0zh1U;~tx@TVNh1(%R z3Ox1Zc=yUzt3dUfU%bU~(XFS)u66k{^5u2A&4J=%y!}M6z;jtIF`lpo?cg#3PHsBO zl4+>;hfP?isrcwIl8~;Hh}>pnrRB@Yiq0eUT)z;P-(F^dueaaRf_pVKE0;I#RBB2} z4A)u|;HhT&=RK|s;meLTdxs~7$jRxV5%s=yu@vuDbaR&JH2=Z z9;}R6iZ9>u%5B}=x3jm>Y3vcxGl=z}l{E+o?!zo!brvEF(}7T%mkpMb6gps1432p zcRfaDi?dR4Nl!va*(Ua^|J=N0ccGJ4%QnR^hRt50H`P^bi_e2G8$$14gFo2*v}%1) zuX&B~&K<+iMgMrW^U@$vS_)YkH1-Xc*GKe)j@}F7akeS!EXVw}bj|6^R-^xCdf*dZ zX=NsNEbcwb6X??GDc{pRoRST@68FhqeE`LtVYp^*%hiVW`esz-EWYpJ%CR}R_jz$5 zvQ^o-`t-TNPDe>Q>ec*+y~bjY;aK3UYOpR4`1@fUmF20pov6ULQRm*;3`bYOH0 z9t~C&>fuALu-fcSQ2k~}rb85+ezTNU-BC}^{i#nU}JPgWj0LwDRIsm+M*5 zLT4+4u622K_|n?-xi1ah$L>xq%}$fM=bwlZjVGcm3iXtj&CFKaRAq-21WOArO;Iiw zdx&0(!t(ozP%nqHu)_-~i^5NvAtOfxh4`|vvhS#u0&68WEi5kJm9uB5VkTu4tCUDh zoqTvGNr)SQ6bn|bAV3U1q&^6?_?%h6c*x?5jRRv9TL^kmSzl)BcUTlmV+r|}XBnp9 z&Qx>d)1j_9GpeBUSwEhNJ!-{h6GZ-(SyDXGe53JKaySM}Er_?oqW_RVnwRXmjUrID zuWwscBK*wSK8*ErD{86*k85Urd_4cCI(x6`?uv>yv&nKF$?Zhtw``c#`{{}0)J#kc zk59+2IIl6+Gv+=@XAC}Nk4KH1bZ?Hg{Zk%Og|K%VO+{ibt~kKv?@A9|LP#^V7CY}s zSq5#VA#bdFTEewYg!>7f@42RE1lB^2tq<3n7KJyT!JGgpxo$Hj_cfLH6y|(EO<6TB zR%YOHtL4ebOk;>+Xi&LkE9mq^8^>bB%J9a6no4+exn0zV-RCDQvCy{6%f#QQAb>w2 z!AVOsc2Y$@mJJ;>+Wsq>tMDp5o(oYLTCOa#yWNq^l}>HJYz#_S$OHC2JO0&z8pxj* zsS;X<*K^2ZSZ-k5`mKuBV2(k02k~PY6*d&|szQOLD5MY7qTOz>uXTW_0$<+Q-HU#F z-7NKfOzFH30m5?SGKBCWMbzop*|?Y(S!wCX>1oK0QWYxLz+DH9v9c~BRbK|f@JXZR z4y{(Z-R%m|AUiy*e;3R3qW8xL*LrN|I*2_p_{eaok~JcsD5S@NTI9hfNL68Lm_r~D zPqn-s?nGtyVe9R??zv(0Ybjm#&jiMO4iwz;1LGgxAf$?4pDVp#bnG~ePA@KBT!#aE zD|^iOfcnNx-W1XMGfV&!p}9cs582ZPFS@izqxxqbK8Lxg>S|9O{AMdzFftw$^Si$p-%NPFqNz`g4 zFBpu`%1)$>k{eGvG^_YQmf>lXAp}n(!)ipt9+E9E|F7;=6_n6Kv{3CR(yZnMTP4r) z=ASEmZQ=a&m$v|C2MLP`4}v-k7=y6GMq)*Z0V9A9#|~0F=mO9} z`LOs3m9miklBF9@ktRE9hoovoFn3Chmw?qSmyHY^j7D~P9G(XAiay;nCwM#!)hMW} zpN<7t4Df7U<=beDZ>R+O#x7bx6Q0wcc?3$JJX?qYDUdjS)Qim8$)c9Y;NxO!mqyF$<4Qu@DnIFlK-QMjZk?%##bT90oSluw{L*627s|OLMJw z)8$RC5x&~?pN;@i^`GCyd5;4pp56z3v(z%YS%3lisw@a)tF^!d9K-wOcq)i_xGEG9 zE0d*@n1_u*&_mjO3`xNX$>m$rfdm4R6Li=bv!ag2O5TM0rmI_^K|;n;$DHk}8k=8l zHXrgJzEON%e;Jh83TvlE!PsiA+0GgU=rgA=;iQK ziGPpwKA(rFEAZ!kjuhnlL~_kMpP2$*Ro++uY4Q@@5Obxo&z4?Oh5ipKKhlTNW_jHA zZSEf-V8I#3kD$)Gmbz!&6<49ADM;M>gL`Bu-P2& ze`s6_K6E4xuo4g;MLaX16?ROi$}VhijMf7`a&3=E6{1q*am ztEDeg)IlQLBy{v1gt+AK;*f@cw!^ARFvy!3lk#yv<~}Yk!!9^ZU~GoSmGpy5_0p5w z#_sb3ea=Ze@qY`iFk-XYeExXaIXOHWJ8~kl+WlmDvpDWsSYOZ71Q&CIGQJ{>k;b2I*1Nn$?(Q>n6e}1PpR%lkN{Q-lg6UL$nVmx2O(m!T- zgkkeEClitb57qwBK40d~p0)I!_p+!;dU<(SSy`RT9w4gJijGl7c*vcC0oGJhYACsBX_^S>oWl0Qt-!R1q=Oc8hl*Ds6EAalR294w)N zfTVTrn_c1Qs{>$`JtEjysY$B&GwMlpc62A~eu#|ihy;8t?(R>ww*@T~O8+yZ6c{-8 zMvE<+N@znRHefIy(vk(+`5-{40>TLjM9A#g>TRc|837`#Z?0*v>GHB_Dw}6l5zHR- z^lu~@_3t7?hW{-db}r4o-LwAm=zD9yid3H-0ShyrKL=Zv)97@uk&qZ{R_o4Bucg0@ zFnyAg^2^n+(uSBvKyKy(%7N(!5|~KMg?){`x3%agDaWR#ZCC4vOw}pA1KgYs z@#|%VH2&h*W^%O8xNxv9Mx5$3*JtwJOqgv(MMj-IwC=02(yzW35j^QAkXZ8m*d+W} znPuX#)Th!%1!hVw&+niJ0u=;$2sqVJ+}3|H1sXOMo{-GdPA#6&nlNa-}eVI@q9iJ)%H zS3N4FoY#<|CnmsbAsQ4+=baXMad88v_~4<+Z2OLTSQXzg_xak8pnhN6{?8ZHtM3pqucZAE2EPJ2$7kMom84FXXfAr zX`(3YMx)^in+dA@KPloP{wC`wqi3anZ|N*hnZyyCN-sh)y#x(YG_A$fqdG#Us9RFS zt+I+37FAD8Q95^VIa6U!S5BdNy~7#rkCr-l_Ex^w)7{4N<6yQmt=&omcUx;u{saR{ z*EF;t05#=uAR^hsDB!_@wh%!9int)Y+0uES3uG(v)WaTsZqA|BH!b-_SsdJM~kcx&^$a-mXHP)U8qGCen%(ly@7 zyAe9S_t%CR(U8AqroVsx24|_zY;)RvNttU+4_=*Bye^5!XV2hC&q=bhQJFmo#*eUqWNsD{krwmR6$K6G@_={(OrgT zk@Gp?F@JBqgC*g#*);@YqQs7!yZV z@8(#an2{cz(|Px7?d9%`3bwSk>OurbVdeX0?~6yP7=oYdDH8=n7suScGirveAY7x^ zS`hIMNgLYe0Cz$^&Vvd$J=gOA(<35HDUeMkF;F(b1|A4Og9+9bF!@1yzjrxA!Gcag zF&~4i6u@T1IMAXn*qrp2mqcuH(bIm{>9q5asuLtvNv0JMA=9WAcISm`d#3u=BAqrH z{)yORTq)*kU-y8;PA^FNH9uKDQUpy_-qW4vO*eiDj=UC9S>&pWXu2gWuD&yaKH%UKgXZ}@vMkjXRcOQs~%1tO#4wfC~& zJgfZCJkL#V{I$N}wET+0>*d+)nT43D^+OaNspFzg7&RsQCB`5rNZ`)7w=hrz3Q zI%By`QMuswqC{*RLcs~nnfppeaBQF4Ytk^plj5qc$X@pfMeHWAei1e;%XBwZAIs*_ z3cVt@wsvKX|0UMJnQC8-WB==6m73b_owyXJJ(ke#a~}S8j`AVyE?kao3W5yPU^E!Z zqyW7|@J3y!5QwKN5RVNZMMnyTt8v@T1t-mhLC(p6UmJ|Q%9KHq4%)wWre$wl6EAsA z1VOWuP)91S+;`+rM|9ynWAKy8(MyQ#*tF7@y2V0oG;z`l^H8(*gJat8eJKxmRpS2M z78jSPNEm?N$0mbpR!57JgMNw9(jr(qt5?=yx1y7cWO{T4&dkA61#+~CjNQ#euQuRR zchK;&1v1MNX0z38Jmr$z9Z?~yxS+xlRUkWAdyQS)^0L5Tru47 z<8$4*3p4|ULlr#VkaIE!+i?c?dyB^xeCyf$YFE5I9LSSxFIsbNjoTE*~3t-H27 zuXH?ZQs@vuy0=~ycr@Ga=qYvj-H~LTj3#J3WfdPxW2>E&w%d8yBG4+#>UjYjxZaA0 zZ+}b;9Md0cG;Gj?$>y^q=2)E$H0ur0BighW?wA*;xNGph9a+X}s^cyD13hIRvau+L z4h$PcfW-S)G6$!P-$s)QOMxG}P!@hh|cPNHjYaceo#;_~DKpgZ;V z)Vw#c4LaWZRo)0F;Q@m9L|*Dvz2MTN4UTvDf!nUn#f};aJ`wO4+*k30OjLW%9yQwD zfy;kW({Z{ZidR%0GFeuV$GrIPd5qL)+5nqBhR&2}Ina2hzP%qrP_TdL!XMNOPkxey zl%lE8rv@nUq7@v~WNnCYPnxziM|WPms5xYP7#YqQuTF9?GVf_j(oDj|0Rc@N%4)Vv zXVToKvg>R}a-1UMCTFBaG`fGz0d3X$1tsD^H@|r1`<$9xbnkMk<|J?5o9)WF!O#-q zsw=N2m3;0)^(c!+3NMIH{+q(J337dLEy`Vd{6>wk)5Y!Tzyi}>5S%*2o7}sYXEqD3 z2ybinb|lBAC8`fy6fxSZ!0q*C^u;32WXnffcU8j`P8XMt)5QL`za1B+$6efa9`MO} zB-54YY6Eh^53>r7{XP_&`|U3tju|3$$NPB%`5`KMDOE0R~(A>R|`;7oA=}M@l3Hhz}$?x0q4p zHO3t zp1**>92t}UP+g>IW-V^N5!w_bom3&u<#B9Z$|ieKm-U;p_-h^G-)zz!bdW|wnP+-L zALETr!pN~2PDAuLk)k{jodrz-pjI+Jn2DP$c@z^?wg&lBZ%(Wo=`T}@0s1p$V8e;|6HJ6Lu^0s73E`arqWT34q6xoc>L8*SY6h8(0ss()f!rHyKOtleniM9(ySL;j%T3#VxnDpU}^_NYLkKnFPlnSQ1d_Nz1dWk%V)qr(71vSFD7 z5d@7$pL>uH6nC&~EZ!mXvq8+E*#ewZ0ChNQS<^=KeOPP+-5fILIOP3?{iO_15xX3A zT%=P5431!7eR=gNNE#voyYVAQvbzwgM3M%iQv!qs{1Bsk2f+0rSO+!Q?~jItGAp!{ z9CUw_YPt5CEp9rUQMinH8M>K^5fd<-$+~dypjC~|W_8#L%3-XgrbhS^9sL^%p8et( zfSl(2IC%^%>Ez}HH5-aXt>%-M4+0Mc$@VoNVB4=r^&|q6x#t=dRBZabz+bI57ujHE zW{NCbV6=6X%4FQxpQ|5?#Pr)j#cEvJYT~7LBgcn_hd+~k>@yIufiVJG!HYq|{`E1w zo;oA`o1CAYpP9Ly<^MvBpt=N8$5oK4ONohrSK!5ugZ8rs5lYC)s#L2Ktmi*=0YVFp z#^PzW*hsFiu&_p)SM`dg`|#CXZf5|XvL=lKy34KM;2D6)L0xGA`xqmrr0r zc<9QWx7TzKQoNwSj4IDThk8?OC^;~+-T~NtXqlcETp0E)^&TbQ{Z!!L7(x9O8!gq} z8F3XVSs57_IXNgN0wkolaz&CU%wK9p&fggd{sOOSjo@*Wp_&)psBC*?L_Z~iVXkoD6 z2`F0O5JEr&7&r2|zI}Ys{5(=a9wOtv`+4qoo#RjiX(5oSoX^1h1ZJ7@FK*`oxfK=;6ci9hjk45!D^2Y$RVbIWwY9C( z>PwR%$B2P%)=W)JrP1qy={L(}vGrM&kVTiaC=Y+AgM))-vDron1BCyLFN9QwI_257 z{UkT==s1hT`QdJTwd%cDbS zu9I48JFt@Sdfu+qUep8M;EcqW{vc!G`}nhF>_q-Gp3!S$6ZZH|NB{=PP6bI7ND0e< ziUutL6ISHmA9F0R zOZo5;C*4OeMa{p+_f1UED5!x086~ zF#MO5zwCI6{N#N84*FknL0L`H(47tnc~Do4P7B&D*UwBhSoHK6^KB^H+>b}ymGaEA zI7mMx16uG?r=H({I@05N0>_~Q@BTcv^PSqtQvtq-CjkOe$>Ar4j_b*b`Q>8~)e%{@lot!ai%vfq3XbRrEs2m2i_EaB zy8>2%1pNVSI=oW}=F^yN8K|n{;(36%|KeZ1j@d1k6O>4c{Z7w!fMBk~%$kmkhyZmY z(|};G7Zp~|(ZpPX4q|{(0#{b1tU4dnVI?y1*?V=i469!*cGEtk z4@v{+Xi7$h`Ay@wXcF+H%KI9EB~jY9GOE0Lxv;vCG-%S+!R73^{0V=q1xFhq1RUE2 zm5ri7U4C$EJ-QLi#jhcj=9YJd=F_*Z{i{+|Q1@mQ|_&{=B!lK z#Rrhn+Fpvx)NJo+*pLTeGgx7ey?A^W4Jc$HuM-$0&-I3Jd1^I|us6$4vamQDX*nh6 zkbUy#Qm7dqq&l#(mk)R>4N;t>)z;ek`0!9>Y4*N8{hc+c-`w03kdu;%wJ?#or*Aa=7jjKPiQ z6yl_iI+tsJMjBSG1-SQg*-P>6G|N79q3q-RG6OIbOSTT2?y9&}>CT2qmi_7Wx_UJ& zR8p1`MTB)X~vi_eN;PZO%_`WV~N`i6d^uFIsR%^F%xt=FyW_q2>;1Tv5 zcZ1@|NJx~61Ogvj&;FFyZnPxJ3M(g-e?AfHM38_3hp2>kL*E@0^fpFvi&Ng}^gbHM zU`aCf-tw5%SDLZ7dYWyYBr~{I%CuK`I8dJ-^!f31+e)TS4Gj%v*IO-xkkQ1PQwGf% zYj%D#QAzZqR$Of%^*FFMD$DOkr?Cd z_PKPb!EfHuUoXV{R3OnN^ccC{B{mW}D$pS(Ryi#ShCul0swx2l zN;VF~V+^za$gV`EYl+ikxv$w zbxIC_U1pgy8lW=w99nF$hgYi}zQ@jm&eZA1SL^>22n}Y7^`Y*JyZnc^3=04(TCfoE zKtQsY2P#8=>>piRT%4SQ86K(Mped4O{?A*V)prQM+z~iX^Qtww4DJzoXQou^uI6m2 zO?7#=ujR%}%>WAC|rtNb!% z*sxGhRWvllOqixApp$VWkYR8>K0dyACaJ={tBRR24=es?gEYycfcCaE+qdhqEogSS z_m9nMR}x`E`cO5=zAo>TzY>YYE4D9IJGOro#5xXk;ogevv${K|^}{~UU@ zWDd0n_C1gH?2jt_^g2B*0Oqi76sgmWUfL}5I}fWbd_JFS*86`>sWGQVM=sv*hJqmh z{CDZKL36y}@S+2+V?)B;1|QKG0{evMHmA_|xNz-kpyj)NM5L6oQoT{62>o%w|A7WJ z!!}pt_I-V}m>(D!37tKGg8(x(KatDfVzrptH6Duk?|muzK|uwOK_XwsCrJmm9$bI4 zJ2^h}fFBH!q!TBw@lF;N$m?lvblUlHkY!pchYgGSV6*OFg=JJA?J9skgSNq@JbW3| z?NvdC>5r{LEW*Nj8l7w@WaCeoMr3EPAv@S|xmz$B<*U1h*lE#SUj?>avj483yA0{E zW%rL#B3VTRE$-j+-+#h+LCOfpZN7>;As$ zATeO4f!z|xB!VK7g2HOJG0@Ei_$cG?DI_`lKg^wFR~${ZhMxqN-~^Z8?(Xgq+#$HT z+YsE{o!|s_XOQ6T?(S{_%pBf-ar$eoUbVWrWY?~HU$=oUV~4DylVFs!x=XWM^$h|Dwe4VX(zT{u||b$`{j4prh0pJ$BCg9nXmDxlKwhtQ<(5@9dXTNePFy@f&q) zc{crABYk@zd3h>&u+fy;`Iph=MMTuAvqsAuCjhBnES|lkohe`9hSyXC9De3*cNZSoI zap#$t1w`=R3%bQx-CWp|Ae+BTZ}g5+%LpGYA0j#ps?z%MFSqgZY0Ng6KdOwK-b^8V z8WzJ+r=MrU#?y$hNN~17H{Z*1Q;H?tBS;k#*ll-noP(u-v2y(n-Y^xlD1zJ%R;Tzx z56GrS!Ni-Ed@r(vc~^Y?Edketj`_mq`}*c<1eBw3%Je&UcZSl(2&-o=enk2i6lzI{ ztg`O!XR!8qgoBmIPe-x6UuCh+bL<(Mf(rJAZC}x9yMD&~QabxJKaG8LL7y^G?*aH8 z3GbQ33~WU^U+DL#%a_DNt L~M*%7M99)^lZS`#@m4|Xb|2e>i^ED1Wg|^nO4#} zQUmzxM7^$!je8;8ij%T&t&J($-FP4>e$I2rg#PN#1N($t488zxc@ z>7xJn)P({2M{Vw@&Z)NzSKH%uR~rzV-2<1z7_VgYknte3fDb>`=|#5-jwL8lB3c6- zPXt%CGPb*v)$C0z`5FTmwjP#WT}hw+#Ti}8k_rvD9RF#Y#Fryj&YgB@rd8=yM`uCL ztOOF5z)!JvDa__f|D);Q*+{OpBvQ$x1=-bjV6vzD|S9ceS0t!JPwX^tk? z%Y|6VE_HYN!>C{UM*Sk8sUBd(aIy<+XM50*%wgT^G;kk-PIuB$v(9!7tgd%XE-r9C zK-D8_t9@bnDy{Xu(J=M(ZU_sW#KhGqU!Ko^JcL`3^KTvQHqOq2M-yEBZ)?~W-hKGo zy^>vzS$;C~L2lUQJrkafHe+>*Hnq?tZ$2+NoK0tmvBCtxUWH0VfKc5E5VMeSoi_x; z)WXHxAdxFD=Lqbp&Ru5$bxd90t#?&X=CQ}uO)18kHH$dAOcs99Cm}0O*}Gr3A{h3o z|FuZF++6V~RX09V?D-v|1mklt$aJSn7`9pYfFI>i*)UA^O(;QEzF@pyTFzd`-zqTD ze@YcwE1453%3q87sJ#?$g^hQl@WMO8MVgT1l*R1k`A8?(x~*Wc6_mVDQ{&4aUjcaG z!$^RaHreMIJ19gGXL#1QC&WC$a;52Ctj;+s?t)O>usb#QKamO1j7j+nUN@&tK>u4~ z7oQ=zJ$|nX6>8&)pEy+WDobORl-k;;EfwP`>&$lJ*m-uXV2j_hA%weto(lzwnnlhURiCPJV^$-b5Ov%pdJ!Bo1gA zJxRY1K<2K~YG&ju&-&Qlq;8sC!NR`vtYenj72W9fPCh*gGubwV{;|PEQpUx;@o+V3 zbAnF+0ViI8k%kduu}Y`0;n4^gmY@37Jqtt5*BkZu$}R$c#dzeqlC*lux+*6|t)zN_ zwX6gT+8L=FF0Afa&1`*Q>>3rPh<8qmCjXPb3aw8{X-+dA@YR^TafylNYN6OcR24UD zpW9K`)8%`2+*JJ`?o?GKvo+@&&UAp&Q@s3N6h=GOR2qD|+#J`_X{YqGi38-^+*rZC zUg*R*X$fg$+&qnLwMoTi3tG2q7gwQBTVF2G`d_+#?*$ZqE8$c0*+<-UlmmbF5zHqn zPOO{Qh({O6o;=obSt4os>LD4NMS@sog*FLI3eE6D?&)W1Q5OTcp)A-rq@Qye&`tV` zoiSt`oJ@XHB%iYt84V9nNKuV*;@x^jJ+v)o{c!%a-n66f*QmJ!9G!AV(uq#|Jr$ie zIWwTn{JSn(*^F&f~eAbmVW@quV=8wnZcB^4xd1 z32vJqU{-Upx|^)zpE5KB*g@gN^tOF5H4+YZJ-FSpe8t~=tx!srKk!S_s}kzEt|}P*0gEc1u5Odr4JLCAD<^iu?Rj6l9pj@9O;K>= z=YN>W7@WsN9L6waaMEG*(mi-PZK>A|04(THxB4*F=@wZ>)lN_N-upSiO*?He{v=bQ z+8W<|DL~IRf^|LJbyg(T#f1a+W+IJ$;~F?>7uDW=Oyq(;ya$F%FR8DTz%%qZ*nzaz z?NNyQESez9wqyEfU91y)-(Ew~E4ci)y+rQ44Gj80*jDdJK=ENdd z0WbM`^83=VNnWNQHtN2eCkkdJuA-8+AZ_amLKMql=Sy3`7azM*=}uJw_!d`Wx!rdYMj-20v62cfA@=4UQ7!)&+YWLRUz z@p}79t$M$SCa}x&{jy1i1U4UG;&Qt*P)Qy)-SNBYjx}7`RA=x9nsY)ZitD2r#Zt#G zv8kjU@n?*m$@`RZM<|jEnDenKe67*kA9fCR*^m&3d95}u&?~-BSGv7N>?xoRhyA-- zEahdGT+}XL*eQg{_u0UW4#G|OC%d4I1DhA%qvptb&qvw>lUtO9)#c%0_b^`zyV~~K=fWITo$EXv^Y(nD@prE zl0)TMC6uSO2UETsd;aQDNpKHEW=fW+t22a)wv-;Q?`osXq_gEl z;xN(}*@KQKXvI*7O>F6T0`|`ZAfg5TUPm8VWC6*IQz5C-p|sW~cx6P1!4_5le!#<1 zh&o4o1oeL5T*Subuj>o>Lf*?qp<nFQ<&B;u&r-3+sGLh@St=H#U{@{*WpNLZrDgEp zYG;pWfPa~hIdC~Tee`l|iIaH{i4w0)k%->auQUK(Wv0F!DZ=3S8i<)%{bV=y{?-R5 zm4r}g%mirEE(ph9UHj2#rhCzrFceEgv&r~7#1YONN)1vB6QNC?yNJMc30vgt0plUbS3^_Ya-z5CcFLnpMEuG0bez-OqLW>zif$WnHIf< zu3(MU7dUtsqQLW1I?jZa?@)Yf&G^l#73$Vb>WgkKt>CY*az!u%MY_4Vm6Y)Mm5XN_ z9b~t3v4J_WgEo)ftZRMJsHyorW=B2jNzRRYS0HR7uVq3WW#PO$E_kkQos8wC7q=+h zy3@{KnhNEuGjQOd{QWV9mX>c-Je z@gEmLad9PE)GS{@WYe;fbRzEB8K|NMf3axWaaE)e;M$=OwE2d7;c9?gl+WK@ z7B5sYc!5-^VAY2z&Gqh1@wG9JujcJ%faV)<<@_Ylmbg-W*PfSV zz~xfPfY7ea8K&zEZd+k&lyfm+2EOz!81qsefy=gh0dm|9fYPz93*eFbW3+i6-s<3a ztI|_VinNCWD2S%)vA+O^L;?3q# zyFX#$ujySHsv!R;uhdePST8)Iy%ONC|3R-liStYwwEmRJ82S4)j&h4y;Yl8 zYFT`F+oxQA?FaAG{jvTjY4ziJzB`d&>nRh1g5jy@vuFsSXAF zunY^-8W&)Avb*h%HO)n*Hiyw+bXavlp~bV`9#$*MTWi(Gw<#>l{#hOlhKGf9D@`e& z2E21svk2~qIuT}n2>&qtiX#<9_`coqYxspRddRa%ZFte+<{#@m?k;sKH#tShU~jJU zB*D)0rNeTA?Xji2KNSSsPX8vZ4DPACQ$bg_BsD&~JKu5hBRrt{W}S->T2Wu%?1f2= z|39Fke}lKTuZ*(p%>;n8k(9x9H_h6gptG%$uWFn7dM0gr$j<-lU_MJ)PnzSY;rZ|R z?QobQ!ytwQFC%M=Gh=gELkun3Q$@MI9{k?(4uw>9nn4E|pN)jC8b&>aYHGiLj_P== zrQ(VH@W86a(%$vmv=Q64L)#O`{roYtMf0<3)&3R7^|7_kguukhoc8NBQX2^pH3zR3 z>vS6}w1KRN6?y;UY4CA>Pwpn{OB_x;sFBattBv1Zuqb@ixbll%1%UQ0)i|_Gv>K3N zc=|F-<)nVi?G>T>OIq3O#+SKx!bVYFj3XpzJjs9pweGN|DbKI5rudTD zDSozJRy=HMzAKpKXycn!f8Tc4y1TAL&h~oQI&D{rU+oyJ%~9U)G|#u}J9J#u=X2V{ z4<1Kf<0a(np6}do>BJt+xv+O}xbV+L_o5MiOeotb8FmpSefPB*j!Z{2%;WP?_IN#r znNPo)B8eqygJ6EOAXNx*xu~Bq$RvItd)kd&p*E(~Y$^1OcM<7HQ#)SQyw0XIc=L!4 zKo|Y=oH0<)W{-_3Q(!4||COfzdCFs($T2T9;`VG3Xa%g*eW#w54E(o?DVj|6-|p|yhg#p4G?i#be0Sr2b!#gi zulJ5C15cx0#?GGM-*v6zLlOPmef`}%y^S_EL(^0@Ha9i3%{M)3I|qA`eVOZi7JT&& zN>&yyJ!1lWi;QN&*)#Nn<#(q2r=c7Od- zJC}3U)?+UPG7@yTY`7E)I!#~>n3FtPN}4&!mye(i^{`pPRleO2lc%}#+qHY7r=4~( z)7tbuC&GDtVf+ZnnJ0JzA#p2Zf1D6ZZ}9EkS=M;(wXE0lJZw*YJUo2X4)`p)&kt?i zy@+!QI!^}>LmpzymYhB~1>XaWtkc1dXc;UZECE*pI=3cymLCenV%qq+;@T@wFzbZT zJ5N*tFupLiuR@(SAVj*9Q0VMBb1QHQhZ(tqxc7jdFLl2ukHufW4Osce&$(7~-PR-k zFqst(UKEz4%jjboo4;$7{$eUAJ;&DjkQP~dJ&aT89G94?!IHY>rmo?pu1nig z{`_?uy4W>O*+Nb^wCd@tta?AQg9k0fKz$K~)cM+aXwRmll# zSS06EmhOH=O|#j*($4{pn;E?M*gDgNif&50dLJ$Xn=!hq0*Xf-5UD@A8xBUlOS_5V zr;nf71(An+^`Aso;1L*b+}Z^M!rFi> z?;N))$%wmh+~wVWEH<3+*BEGNgS3nFIl3>7HPBwJ*@oGR0$7jE)f=#ClifYq$P&>4 z3xwaxz%b6HqhTJFxwUVJSRc)E-=4o^@sZ^?eWlifV~sdBO}W(crJxPr7YQe^ z%0Fs@W(9hroRw*s0i18vBq(0@{=9KtFdDkuG*pI%PojxEKXpQM-Y;${nS5#(lOAwf zTRZBCXF!vhj8!RjXcSvc|pzotpqMErONv_*BtKeI6i`Z z>D;Qi=K5>D<+UobYLBh7O1R{Ax73si+SQxMF(2i}JbT5NpPa~-z{Okt`DwfNSXn=uRaCF zUL3s(30U2!A#U$uuK=3q0`0C71On>T>#zdO9PMmTGnWFu+{3<;X#XBRvOKI$B9EEd z?WLAVmYLf?VY7)mLHfcO86c@qMy>bK>5AV>MV|{u%^GfG_>0M@sP&0EgC$SRYGe4v z%MuPa=Zjd##7JEVuw&g-z7HY1T=CpvxVJa#Uc7fo6Uak6h+eaLVJm!V@sutud&o9= z>#9qa{Bfrlj*(R77!bqmhkWZNiA(T4xGrz9Ng%X_DNtu$lWNQ@0Im)F4z=g-@d7T3 zt83HUd%vl^eqzvjd>nhc@A0aw-aKIV0RO4g1h||(rsl2-Z*R98^6?W$TOF+gHYAA^#6-D2V^~GJOJpyY2J5zbdqtThd6jnXIgOTjnT-se3I=BDU+u2PD-7It`%*_mEl z7--zr#7S5y$A(Tvsr84ANm&~HWlD-8b#ESunUK*^Kiv|K_TZ*9F}d!t7&&hh6g&(* ze#_t4AT0a4m6i?YLMz{q$!4Y&C5m*fD6xGN(NptPm-B10t$mbPe72?IEqQ9lBzJ+g zr2aIi2hHbPwXNZ=napAIJ8xZDl^n`SE8q3!zNKHDC(K;SV?yQ^E`FlzFppF#SH(MtLVrfPp4=p0c^e zD^&k1p1PHlby7AZr4H-QM1Y-O4in8)0;mE=U=Oa0ij8d&$ zYaQsmB>(JdO%2i7aW(vgSuzJB16@U2Wx_d1c;QM|8S+6^sl{t8ByeV0>q1yNu z>8*)>0pR%Mt3VhxKwcD7cW=CK`&zP;hMQN89Iy*nYFMErJZE+tZy~nuH90TYrk4 zgYT$3E$ywvj~xSW=zC{HJ>U8c->Uhw-e*EA;+2Xz?%g3eYRS}+0Nt)CV@Muqx!;_iqLwaFI`fu_IOe}v?y4Owv>hc@ z0{ppP{q)zEt{d6H#tw7%9cTn$SQ;To6`nEQkC>DLXaq!1=(54f2SZS!X#VCE3Jdrs z4JF7Dr0=4K>YgBuF7Mi%JW#MZJuez(sRLc~A*$p>$yAniwKyGvqOI^%DH@_<{OJmOUXEe^^qi6 zqEF*_{lF9`im^2eBgQ-mV7M3&>U`>^?LKQPgI zRX$yHfnwQ0CRPyZbOjP_o8FPr`CCwG;QJf(!@{7{aBREX(-aY`LaC&p%p0N^U>@4{}T5ihpA65 zxPY@`h;*<>Jkehg&_{{LQ>yL1w4(0O6dMWr^ekQ?hu2}@P|k)mec>+%nh0z~(ENjQ z94-g1n2hZD{((u=jN*H8CS9tZ*yt5MtkOslKOIe$!{2gERm5J^EZHTu{?qW!!e2RV zKvO?^Q?36MoW|_zkqHi2b&d7pSX97aDvs$M<^hJaxkjVz5H^XB7)`UwKb&GHYz=$A zf}+CFR>$MDmx(-#6b%}1%eB#FXW7-Bbz-{&Fj~?m05ZbeY~<%`d4aJ19f1AUZ}|!p zu-5D*KHI>k@nJFLXJR8~7Cl0;N9YHHT8q!l@`vs(8@6S4dtrV97PGCkIs!ch4dxv( zA73;)Cw1O#!_}_3jFoNsv(qta8Ez_|sv{QGnkT>o5^>!;w@-)yD+x34($}%}P zoG+QCV-N&a?!1LTrTXhyMEF&`wFa-QvM?Vr!TldIE7oz5q2Do&UEV0L5QvMnKan!d zO0$5F7Uqg~@2vN_Y*+&pV;Q00+6vG3vH29dOwoEPlmA|a#_8~LNHm=89iyt9V8+hd zzE#6l(ig9+(&ujS- z{xUXfd(UwVfYm<33-@6p&?Mf`6>^wz-zwT4^hJsaim_J*h5Tn+5tJe9JdJGp0Q!NG zSj|s4CmNa^4*qvSN!lVey0BX{j7(v)1H3F_?;-6?GFjP_To%1oWDpFE`d=*)fLQKt z`_)-CcPGQ>#xAMMbb7{LbUleCPf3Zwe%y`bQ;#H+$aFKlYpCB_P^N##m2_Va9HZb0 zHpmH{B*QT|xA&^>WvZRy{GsbH1m)`S|FhdjC|`f{9_M$Yw%6OyK0Kg)QjN29p1A52 zI+s++w9VlZnj&>Ck$WWZsCz^Rv}RCUR5B-a7|+3b+x5u<=5;vNZikv;x?r(h)?`-N zB`(){%rdtptv7VlXqn8muH#mg@m3F~dVaHgonn*fe4P~pUzxI}bn*xB*3(IkGnrl3 zx~dbjYDbjZw@^#rHI@OLB|S|>kFeSBmqCpD3>_4?&DNK6HvNj)r}#!T!Z5W5dz9%7 zagKHu=9rcgBRb-4G37>N$JECnK;3cvahj@R75!93>f3o>0QR8M8lb#ChcLQnU56?H z+w62aw##*vU|jbrPWSsMe8-=&{~%lNtCtnh+GC6#pTiRvqK(4Ow5hYb#ECXQ0*jr2JjEISjL7ADia~;JH5So z9pbmdTIwgRS6Nzz0+t|&eP;)0*Plf{(DNiql4NgJKsEshVo(fnuXw7V>w+>lh~uiJ z{JJa92;uSx7QQEf3%v**&selSc;XUdS>neTljYx$|4`__rUwrH!^Bv+E-FqD{_Uga zuCAZDKPGNcG6xyIx`V(R`}j*}8Ky%tUf>n{NU*%zQ+m zjyUS@$xEWJqOf23<&srXejpPgXRvKECO5|h>LT>peBt%o0^bu{=}MgabnI(L+%5DHF6;Fn^#SswJJX&pM*|gjkDkP%kGM zaz~>@%)G+9Apr#$ysQw>Q~sk(ke5NI4m9n#Jk1j>qzN<5iv#uZ9iRMIl{CM^!*eDi zfnHQ(86gfhspf~U^NUE_FG)q+RMk+_X6g58^Zi}((~%9~B}HgyIf%iBjF~+v#_&3Q0Jy!;-b%u+sF|} zIR6#wWbhB2Q%}{Cx=q5ULU$x| z+oBtAF!cOPnraK+(%}Zw3G~9kpKe)Q~ zf~A)^GNQHY&iU^fzTRhD=R$>36;gKtpyJfu0a+v79$$%qhDbwQ2&Dpt3WBEUB!vSM_1*LwB@?7~*}nIfM;k+rJ0lOs(ah}& zt|B11T0rPyR7*Mn#{QiLfX?czJsCEdCb~?w0)QZi+>g5AS3UJyo|Cog@ojIkTpy#u zI~XlP!K=pUv^e4F}l>l$ObP7+I}5Df6Kkl(03Jis zH)yTSZZvPx-P9shm(|nM#R4lz_Ohp7V<{0Z;5tM?JR9HLuzP;2My%(en0B1TZ{&S^ zdA!k|ei%m%`kW5gj|)F&CR*XMw8?}xYMzln?iTQoSO}niYhP4A5#Ymj;{=Y&!TTbK zAV43q*a_)S5Na>5(|GG5N`-h|oH0%d@L%RdZdcVk0597&6j2#jY^mb$o<`&0&YnL` zoO3tw5byaPkN|pLwF+hOCH_v0QQ6E$!6_H$mx|8)df?P~?Q3r!m-6|=(Nj9a+*PrM zoMQ<5)Cp5X(3oe8@0XdmU{Kfp#?A`Yr3}5b`#nJWHLF-V!CWMnCN$`_13v1`t8aUc zHsp_Y*T5V)4mMQycUsnv|IPF4$6`RQr=PB*@&m0fCEl}Qwh!^A%Ov})Cpb!I)trm0 ztE=|SvDP|xRn>rjp0&Q<@D@T{oMqc4;G>LZ05Df<`mze)!>h znN9syV2#nPv3~zKr5FaRFbh08N*vVz0$#}5NbfdAo?OUWd?b!`p6bX{xsgGi)7*mU z;nl{+;%-cM4Zc}bb)0N0J#)<%3FnZT6;4)y9C}=3sTsiy&v{@OcvGWQxK8TpeXlp67 zMWAa(7JsWtZri}atNs-&&s)*5^Q3X6xTQg*JQfC8PRG5|!SiL~wiD#Vj{y$olpS*z z!8=#yTMT3Mzbqoe0>s2Bqp&vO1}|<_JVF%xd&eTh4UNSM*NFuxlc+5?uIHtZK#0%cs zP3n{$26B(zocw!XbtZjSxZihY@2JSjCh}cwYg1Con`YXuKj^HDi*seTpC zQ=ntLtVJ^9@b*L0Ro#tNoE*z%b5M}7=>Yl!bT;{lid~%Ov`TqiT$%+8bkU$E-e-K~ zkZi-l5Aje#Q#c`@x1#tTJh}quSS1qb^&}c2WsDZo?-K&R{05A$Chh8*mMGyqbaE$# z9Tt?gz^(NN@*Qsxa^xJ8oN$)m!dAv%fPh(l`?fPy8B~$e)~F!AM0@j)r#I~5;qDGL zOv9Ea$Q+5zwNb58_D|o+%3ka;{d(+H2#*=L7?@u?4~?8LLaL={e)skX2!k~UPxhb@ z$KdH>MgfiYtEo$hsd>4aTb`{e zZ@_u)aUU*z-mB>ZmY7Fi*TA}+7uXvMBYl3+JU=Hi^%-1 z80+Sg)qxw1aw9agKj|kPS-rHOM$6?V!WTa}5)w%t)%H&u# z0k&y=tN4~iSpx2c(+}LH`bBC8(9^TF)+tL)mZKpQ7dQIxm1qx&gSju0G`bFeI_yfE zj??GWYUHus9j{1)cKqC)Ye>c6Oh65@~`p?8C*`ph_)c8*mE;z947wx)m13 z?%M1A7fWqt3_BeC*=G1U-pw=D_x81krce6&0`K?q7l!IQ|Hm(tf_1wiwSo}>uu(}g zkU0WnS<3gP*lfGt0P|7y}7`QJFJ`K~VsVmB34mrhd2WsHROuf`cQH}OO>0)#`8b2!$2 zJFYeyF6?W?f87f$5~zvGy)))7L=^mkh0CHZ&<*=5+e35 zwT!@RQxVHl!%_P;FFIQhwyo`FQeY?JGa{oRlU9!Gy}a)#Ixn4`wd zdr-Hr(LPR;XN-d?VTbnsv1f<3cR36LhodipP(@s+{J6%@`o+cj?=J6j)0L*Ga%WL< zbo5zwNL(9SrKQjI{8|A*z9x5vTHTvN8jzPMknRMp)Rx!fx~+eSZ65E;N@vU6c#=Uy z@!|SmYAMQoJpDFrTb0|2dwROVW@m}XIZMM`$1&3IH2x=&p#Q#UC!R9S2%Fb&wbOHZ z6=Z}+sp4q-6aSLf+kC$kvm~jzeVE{ut!sl?i*o9!I&(>}eyzmkw~!*%HC4fgA>kPi0Q!LZdj;ngxqgs8D4|p<+mttH5=S>b6!sOc|#fHiuX}` zYTZaGUXr7nK)QSSwe8KbOc9qRtWOzwvT4cnBH1nMXqmTq1*4TCie1@EHXHW3uJr_V zd1|3KCjdfQeBQ*;Ct|1WCwG02iqsVT3| zPB#3L<)ifWGn^bF+G6&+f6A(WbX5HrboJi;;%{MyFX_wXi+WL1mWB;esz|WPs5B6= zDF46FL>OblnW;aHvL61ZJf>Cz$M%=3@$2|#1cD}sTBM~<)3w^d zibsqLZ83z1r0(AX_Q!12l(XnvF?Mf_NO4cxOGajKz4Im4aN(wu>=mjhe)!p8?zFqm!9s8gfku`VbBKGk{1H2f^UY|IAGS-*a1*TQa?9X(5vU zsIWhIq}2L_0{JBLtFt?tYt{&XSps&gxO5yXm?;PsfN<&{8WxGjeCydA`SY2~&0cF! zbOfK}xj0DG35V~ByR-lrxMqeHncF-;MK)qG@W)>xv+E8TC-awFt}-Zb9n|i_h|WQ& zYul&V)pKpVYukoKlxRnXKhl$LkXjxYIPIcz_fG9-!M4s=4{yBe?CMLNSg%~fAhNS4 z)HLqQDtAh$Z1-~z=OsYae)LOY{r*pTX+3k<%c*#|Rnd$x_v<`=rnOGMBYx3t+`vO*&H?f2);qNF4w z5_x!ph{-SEdexdZm>*_`4H(DadW=-m!O%0E;bbH@;aeY0Pm4kS!5f&<5XLQ!Bf!BJ z>%S1&XVa3}eGR@LEA~Wy4E;r*^?w2O)U(H_Ph9_&*qT{62|C?7w$Uf3(@gvt8O&A zuXcRLb+iIp6lSA%+X}z-h&?^Od~F@s&ixD@tN^e(Yo0tu8i@8%ZU0rw43{al${;N4 z-)^zX{6OXokH(gy2FyOJrDQnPDtVc9KFUNZpWxiPdVW*oHE?hmQyK%0AGTu5g|2gv zR$3r@7=BvqVT_?JqVq&7Klqu6(cO*q%(T_HBEhR^k@`G=M(WM%xD1R|&f>0?=>cOS ztI5=H3fBfRj8q;6&7Mjl7A>i-N%QkboK6{byGulZwRsJ;vtuiUQ1qw{aZ0&T>Hb>g zQAe>F;Eb4q7=7r}82NN&L+7@)6a=;5czM!bC)ZCf1%!7U%)EA}w|yYl1)$>d@xgz* zmd?-h8zkg&Dt(P-7)F_hYImscl@C>Z=@;U_9msF`kM@gj=urt<(<8Wz(Y(6thI5GB z;QZ=8L0^S($obQqQKlRb)o)~Z@jQYcKg}>Z8?h?DuJ}iV&B3<6NJJw461>A&tvqP9 zrranW=#RqN4na!A0JrA@YOXyOOT_mLIB0kMx+F$H2IUe%Z!kFVNh9c7GcC3yypTd6 zm6Z8i6*yF8`>FO~k;}(d*~qWSH=?N0zZeGos3N-Ze9$#B>^x#(ojoHdCk%p_6Yn!! zSpu@1-|ilLXtHHwPRCLb(wbzIS|V(wc*iJ5wCBmdDK={;$LQZO*!)scTuswStq ziW`U2&0CnjcwSAcSb?**i;Vt@MZYG&K=uRL{o;mnTa&b;8lH@|QJ46zYliv1 z)G;#wO!yf~AKWMmtSMML<2;@*axV%Ox{$~NY6tX3`2)Wr!iQ~4Hr43*Y5^}LXovtZzFW|KAXAQg;RiRdY?3wm~dd_C7g2Vyy&S$XH z(iyUj^P}CuiwKJ` zkCFkDpShYyghzt|X4fkL=I_hA|E2}`$)7S+Y#v(1AO>%@Rwb#asg?l9GH=L!+h-kX zw;@SnbVQDFPB6GO8JF$cL0LaQ-%I)d^0hPn?d;Agp_3PBt$9v(-uyf$f0z20ruL$w z!^dzP(l%G&{TFn^rQlU{3naxwjw2TA@O{2YY>OCq{nx%+TQD74FB$}I@T>oXG0)tK zP#P}{wR>5#{9BUFQ_iBzGXjywn%b23`~1y3A^ez;>S-o5MUGxC3GuKXCUrh+n(Gvq00-^v0!U9*>vDLan*hPQR z2%Td!VQ?1NU1A{Ct%-fC`7C#a5)u*zcCTt{@$QpKwF+sq;?)dFa2eXz#!t5>jpK}o zM>L7}1nZ0{xHMFs?casJHiCek&q#pnz*S&o^v`x6Up_ad5fS?35gEMH(x$<6Omwf)Y^Z2oAyP+ilzAYw!@1xzhmY@L3fvp4g@mZE#JUR z@nJ~@Z(+kPN0CZUoL+y8hgK>4orLmHW)O439UB5h`+T8y&UbJlisTFFGXfTIaSB6dB zXw`An=+p@id#TD5M?&FkNBW5vA*j9g4v}|p+mJ^6mCx^aryO|f*L1Cir6H1G%$s(I z7v}DJQjEpe{~1PSuT{+=_=J?A6XHCC9?6ZZsUCTzqL(owIh?h3;cxkleM-oLx-4bZJ*Fq4>jBK7NiQM-xQK61_;Dm_)24 zQk#D6##S^6GiO=vGpFXxMtd91OqJ)VHnvWVp12Krf&;#2oR%^n`%I|_46qK;$cZKt zMqCF7{Pb({f4?rCe8Jzm@@99zl?uqm9D!0i*!`e`3;$5;tQgTw2 zHZkw7u=WC?3)P>S5_)+80(%!q4K2%!P9QpT1O-C1W{bD&>yY9%n*N$?^~|io+A5pv zmPR2e-DY!NciZgqN=FY$s&dbZzsmB9j%%85x-Ay=I&y!F$Ct*G8mWba1NqO8!46*d zWgzK(GGJ`C?{nldi6r=I?>Qt_q=*sY>rcc+{w~<=LcLZiWPBg^E0?!P3+5Md$-!!> zzUXJrj*wDJ_;>O(IrfT-czM8M80B zV-pd?{8X;fJz;?#$wW#<-jdRCNldN2L7L>#GV_XA3zgjin?Of7#atb_AB%L6Qskct z3df|iItFxBMF1{Ohw$C!kC&JVYZS2)j?%|ZJrf>0^6>3w(nJTc# ztiLzOR;Tq-MfIDjejP(^xDl}XYOhL1sT-?)Qj6*>jTZvn@;4#4{wG7+A3Dks zO*yLomM&8=h`huH#w$OXg9M?i{Ck56x)S<(^Uo72tS048W6Jboc*j_YIE*+Fb`(qG zRBz4rISDZC|AwRef9R(jA-uFcF{Y=(X{I?TfVn&Q4hO#PLTO)fQg96=rv5iay$kNh z=1`l{(2DlkijsQ?5f08IQ;0_-sXk-~0ycib?aOpUugjhmmxjdZ)r*Y`&W8alDHr&XKPTD{Iim>?BT3kJT!Lp zcC8WXy0BXsSysgW$=aH=Vlffr2yNmCs=5Lp>+hT{n;i4U<)immt#7N{(M*brI`jz} zU@tuZy0e<8r1``E;!ZU6`c|c1p4^pcPh81^hM~^X>5L zZ(N9SD?MEC$O4eW{pGj&%cw2cJDSwyV$P3Ia~1oge~upGo{Ln9Bi#F5H{FW4R^f+=keLXx^o4vp& z`$^pNhCLpX;Cfft@&~1gk9{d(Q>qA#OWfb;*{iudlX*bBd*4)E2{+U)h?EG_F}*r> zUvFBGK^DdLc=rFZmpJab;eLpDMvHSyM?MOS13r#=S9>asM@v9F;Qf_=NPmoScTY@y z#>mLQN0~Y046A%ktfNOgH`G4ab6VXnID!p-*g~*?9yszVT6O7ld4^W4Y~B@!#|&as za)PJL2Yqkp9JIerruSHJBv$+DfV6ca>5vFKc=L1SHp)h!L(KK;z-!@ytVT1W4_=Fvn@m0_DCPEDD1wVXNaA4 z*K+@_ITBAj75&=}r4`oIMe%hf;^O0#4^DUxHb^55!d9S&xxJyMy>L5HvdLld3Pco!92SLYPvP@QiT37Sp4@VOqpYCmFCFKS$t*WD9Sa0rv|x zWYi^2h~Pfx#5!J#utptg&H!y1hbTih+<$eL*5VV38r@a#gjghnODxItNjNW8@rkym zY5%tA>>*HG*s2eJM2g1FW9#Rm-g#DgIbsz=A7tlnxJM6CMk9bR%PMvr7gkURLaK$K@As_g(kxq%Apf`yoN&{ETv3rAF^N z3e^&1u~AWHpV$`*3o07)D%qrv^1ffc-8D78L%X=TiZ+TAhauw?E}vs!V*cn>&KFA9 zsx=ahq;S#A6VB-dyM^rqSkJ=6d#a3qo`d^M>#J+F^2z!W z&j7wjKXHw9{jK5H-mkx2$;K})W(wcED4cTLl>47p{U$h3?aiI~#PMG|iLrX_U&Zq5Go-nmh&ZnxdX3`*DT zsI*+1AHQOI=O=fmZyj4{GNr}*+dr9&@cX7-I=RMa*g*NzcC++bfD0U9Ve|f!Lx%~L$@Hggs8UGc3(dhEI zKNr~}(PKEv_l~}2ks&v0;-HlG9(m>MJt2$EgIC`F`7LiB967SPmf#WGHu#FKLgr!o zqptoE+8Fa*|M;7_NYedx{`b?pjuAt}r9OD=&LLyy>NfUwiP)AATtHPZ-mS zs@XN*!FAzu#M?6L;x{`K@sme%tJ$<>&P}h~Keslr=@@9rc%~e#k}w}Ht$FCCN%H;s zh297O(>A1AxCQvc-7g&p1x{NX;-5Y1`7LJ2#8LTpec`oFu2Cu?(mVIHkN@>aaY4Vl z(Y@opdg+7z%oBE_Y~lR-ergRHAoh~vDPKgw2sinv&md>vqWQOcS3iDqulPXQhH{}d z5bKNUs^A9G9&cofFkJSv@w-Ff3gcYKZY8(zT=V3pc6aD0qP zGAPdg#@7y0U)obXIZrpWm#$y3dUPleN*I);x@wquY_5D%&!~%gz)r%+a#lXbFZqXv zSD5qUz8qV*=&BnpefW{@OCkvZ%*FR_-1hzL7Z1wp*C+4$pC144v5-zlCA+q_fAPxY z!~5p+NRl9E^6jb3>l~pR;FxS&nSaA92vBmFEaaZ7eES{u*c;xzXVjox=~JhTy?s(D zB&yXiVH<*|6kdyA_^Y=K@7F!$hX34@U%93*G=uG)>)(I;yQl7&(!Fob^!pyXp|3h9 zgA?=@Tz7Hm*O9tA_7FKL1i5Sw_d}x)w`|$jd-BlGCPb-Hgu87{SKar|zLj~;120_L zuU~%JH8;(;uN&FH2!3&}Y}*Uv@$28Xd{p1`LH)ab_}OFiUwu--BV%rzv}xsbAt!=t zo_{Dg)?E^wcvrVeH(?z7`|2m#=e}_X)N;jjm(0wM9PIf6c>TWTZXpJy`?(CVA)dZtm^daX|$KLxx)HY-0t4p=s05Z?rL5*VcS_W6i-9$ZLnZ z+v=QAa_bMbRNp$HV_TK0q}_d}#kr@^QQ7I;-)Q&J41)1?Utn*8qs8w2?&c$pUDUAt zh`tHdtCrbS_sXcri4SFs|S6UJwL%O9|-T( z2~4|U$l|3tA<(p9%aBV(L*T}l{pT+fRQS7Phi6~WLon*XDXMD{0v~T=pC2K-8754> z%Z88vVKU0+-)?>2$xFhCVV=1<_p`+oM4Fr5USbWUe74K8`H`NVF6w~rf_eL|nLP{w z7mZAP>g$To_VW?+cLQEZBouO2xRiLRdn^&HpyIR=4=qJ#1%XkC8cHuG6ExBUHQX=Y z_f#aP$Rv$KCnplsltx%f)KU_R5nh_Cl_aU8F$yX{E1_8l!pLP5m6Sjx>xiUC2?~Uh z$0~&qq7)RYrKDiy@k?U05~w;>NyV$FC^;1e-WMiA7^Rey#)Gk(LRe_$%96B_M2!^k zCaRfIxO^`xpM1Bm-(}NU=B!=M_s#hS-uGAVHNmNSFmRC)WPxJ(6 zJXMc&dn&H?bMetiB*@|qjd#|)WPSU}n#Pwc_m1$YA56OXXlOnWtI-_ERpW(`@ z1}$H9pmO2fi?0HQD>lbb3vF0)TJK|?>A#=4eeb7N|M1NJeR9wfNjh%`wH|&Ck!;6) zF|5|i)L2=&pD}xAnq~Y<5JkXa^@D%j=?yykOn?j0T+k6&ut3=5q%B^? z;-$?#I$VOo$F{qLu*nNyrqaSR+xbp6(*cPA#^|9tTx^w@v3cP{2>KbO(#+Ob;La0( z#TLqC_c0wVD1jA9@U!hM+TvlXP=%LnbFj^3CddlAC(NOwX($2itTf|!Tg{zXhIyOt~pl2aJ&ffv=VxkV+!@bP_jTHTbo=-p-jSG#yQ%?TUT|_sog*Cr9;)txnkhEZ*L1HhI!@Z${Q~UIcu52iQ>I)@A2N=OBe=u-DutI zPpqDH)hJ=pF_eZy|2J{&lA=iT!sVEN2|g^!(YE^M+?7wbNQ_F+NurfxUNp6%R(

    C%={W>dO3yZzjzx)EQrQExpa7Amm^ZucQoe z+5O{!oiDnt?8isTrAd0i_@ei#>)Q7{=xTl5qm@VuGWo+3>Gl`g*A8L@11)KM*;(|s z`?B{_W`2;`%|J#gr1y_U z#!78o3=9V_u zTH8!NeZAthf2{Qi*KJ@@{9KDhar?{_w}b=vlC z+dFSpCnUODaHAIRxV>GwwT|VQ_vYwfmw!^&Xl?5-fBxPNb!Zfhoch&tx}n3j&D(YD zHOD*M`dl_>$t50~HMHj-I9q?}?{?8!v zM?EXfi}7Cw?OnC@!210SUY;5`Zs6=u8Ig1ZsV^$|cxj2BkoFsxKYK!+;A!~n2U__4 zSwb7CE1mTX!I-qW=PgH!uO|wTOtFVIy>ihKnYd7bG<<=gWQIC;sWOD9hD?)+Ct-nX|L-?6Tg9IWltFEbJe zvFBj(;C{)GNS9j9P#tS+{l71_x4V(PBL@C!T-x4B%b+}=yARm5Zu`QWO&lSeaMAGT zeUJB)c{)qbxA&p~O|ST-c&+}y1&B_Lq(;dLn;hfw3>&JyM3|7`# zj0x)4pAWbu_tgA*{8j`vT=8xWhIt33YByEet{$jrvKkXKaSIMQhG%MctTQ88y{ZUx z1?bsBWR)Fe6&bgo(lItizv+l|M5gYci?`GMQ|b7; zSoQu2^UT3Xi}tn7=oh!RxMO-j+_F6#y>p|QTyARz$Ik^%yzSp}d%w5RI;DT?>Y|P* zed1T|>ln~Ix}@C^2rz?kbbCw9lX}OmJ=ig|f9$G~j;n{p|8Pqog2te?s1VdQDK}=V zkSlg|q4DAYaVv`2C*>Q~7Fqh{M%8q&yv)*Lon+9z(w-p-5q#jLom z2=P-vVG5++hVVS-*X=?F*guK0biu^;-=CI)g{7E6rb(I;t1~`DXXip6Ktgz$p!$ao z?4LvAZ1|&`FY|}aLkc&oe|i29LP{}#fFeHi-KVFW{d`H0v*A?jM>OY&jOsS?)PjUn zJ37C+PkQaJ%BI$w)Vl&B2S@L0u&_Ro|Hg$NW`scyg8N}x-t3QEH%~NtHs>IM#GyCo zNQpl`L0?#5nK3AC@t*eY?oeJkq6%R#MChl8LT^+fL7JaSBS;6rf?jfKin6A>;+s7- z?)zK7#fwI7(IRdi|07&MjgS9S@ZXiz83W@NA8Mb{GkSHYDOMNN@%j-2@r`=5-?s9O zi+jhcIB0%*w)Wo1C7eGKzlz0U)Xb;ne*Vxu2hsmJE%E7@vo0QZ`Q(1EzI0Tik6h$j z@w@Muf`@YQ`zLS;*;k*TRG=fXv@RT((p{CP;GO>1tww58mL^KcrNqdtERb3qB+Kgj zeudE;SMDH2XKVVz(Kv6|R;S5~rUs;{FewU&L4ui(r-_mAL0acfF*@o>qI|5z)oUF09+HS5a>^huj!#ZKGD8Ph9f{Oe-iJS!|UE65A z*;m!!X|?$qE$&Zu@yZ94Pb?>!t*%{l{v~%eth=wi->Zt4MsZdG`;X$5xk<5)OQ*cAFu7bthx6i3q%n_4 zZ=Rc^dqnp6cC^{*ZZHPr_o;@wF7x=^oes~HpUagGD)!VewMJo2D%(BHR)2Y$CqVnt zpH}D}R9f7=s!mUf%~xx3uP=w4RNOaD+G=xE8{tGg+cwlcoby7z);xD(Ti&$wFW&ja z;!Q2vmLE90_vX7_+_mWY^?OU_zj5;w_dl__**0(9R)jBn>xUziKYZ}Q*WW(%z=M^o z_0K+h>!&MruX+E`Prm+W)cD&rE&1SqH-Gx%>3^**IdRaZ$azM%`{VcU%WOh|Fl~pz zC|DDioWcxBL?*nk632yi^+6*Li&vrXT2v$BbV`)MQD~`=7@DX>W7UY1#H9q7p(uv> z8Nr?+&?p^ZP;yB+BwB^Y2wXzo8W|F$MD%hl3CfY8QWBF;Xrc~@RihFTmyuYsl7|B2 z6bfPC9f8mo6u$P2@hB3n21^un5-P$_91^7@nxGZt3_v+hJ}5HmZs=fyr5Yk5HYsu z?ZsBEY}3ve6IK7Y{9etpn>6l{wTC*FZ`gnF_`YvG_i|fJgWuh+(`{){|+QE7i$5QY$5*6%wtCFepioxCOVn&2QOy#3MSn zP!UuI2C&x42`C|2L4swBih{LTCYhYam|u5%Kc~_3vTNyGb`%xH*1{$QC3$R$-~5K{ zrlA3)L=q~2gz_UtBl1T%FZ65Li(jgXmY6k(&;NUlV$8oDymZu@=U>17@h6{t`K8M) zo72N@cP0PEWAb76>pN*o2@Cg!G`Ozq&bCZls%Cfm&+- zL3{}6F}j)BcDmV4H#+>C9=gHq>u}SD+JY6$!O)x}cZ(xndUEUnD_yP##K`1vOg|?xu!5(O|`>V}Nbu-+f0|@G7xBwW#Ucsg& z2h=WdR$K_rA8j><95H=E@9hiI+R&Vsc6@ZG$c4pc+na9vvQVi$(?b!46{Z6EKA0Mb zgJ>On{)i$RLFy*HuZ2b&&Z{@oIM>`E;rNbNC99UYI3DhEEGakSJQbCo;c}woYbsrP z{=+30YBrYUytI+Mq^ItZo^=|je!>Sb1Pxx)L%yrt@yf+YgR13VQ|iOZ-81u}R#jSZ zqqQGj+2UuIceke;Y_z_9sY)qnSCFJT7{u|!@$Y$ur7PV*rqv!8m7!Z)ZvFmRd4i_7 z#+35PM(6Mh^}Z%&-z4>p8oJfN?7RDkG*dOHr`F^b~tE+ecqIg}{>oNoy~$Tv>)PAkK63*|_(HDtC!VY0 zxmKQQ`5P^*TyP^DER7uJS#Um%p9l)KIAH`%7@DTLMo$An^B5jF!<q-r4@%-6Y}Gg&rZcB_hl{a_)X;sqbqq+g~rcD zr$reN4)2zvzhx-FaM3yyk#30IUInTc8^ozGxyt@2%?PR}Z%GF4?B!|1lzv=*joDbL zO4b{u_oF9vQ=2{V0V(<^y;_hU-z_#~QeU!Pibslj>aD3i?TL2>OzXk2nX4_)N}>ASN4|rIkv^VHw&x z$NFdWmgdHoLZ8SL#;^YJ{r4_;D$PSz9XYKB-Dc z1-!1trjDS;#z|CgB_Nd_-oH6{R0g$e=a$X}XG}&c!eBvXhli6(@n8@kkbt+dy%mvY zNngjKpZ_qvSGJ$=Y+PEB)lFw|(h4c%v$X{1^R} z(&%sp%qCJU@3ebWa%%U7k2dB_kb6C7!0Mpoa;|3Ck{^F8m5t1gr5)|U-jYabQv)W^ z*xK808Rl@DYNlS_BPhuSVAcGX%pRtowBVWIcp7YqEN z@UQQvet`{3mofe=a9s)cQ6480*SzaK+~WQ8mX2;obx$nO|96SC)-C;bwFQwXF6r0K z({z5KIU~V#(|7WHl^sr6{^}BQ5Fu9_XxC}*nf*)%s+{$4puEBP*)8U7Nwsfn&_DH^ zeN;Yu&G2$HhX3nBXKRqZe}WmI`HYyho~b4Z@xZ0Mu}Xi#`%VW>EeyuD)Be zDM{bfJ;nIJ2K8e`Jv*LSf?&jH3Gs8$dce-hj`~dc6UsI~WKu zN~L7S?pm!@ZnAg^i<=0NY-+JVeJsmXRd;%Q^pRRqQoM#g_uWi9ib!zktoo_X8~v*L zY31%ZWA{t?kV_`rwZ|>3-~a7f%l5YW8f(^mzsH<(`0Ixku4wLfDtC^Cy2c7F~`)txZy*~PUZGFJ7{NevpL@5GW>$f{a{njhGj~_f|r`;NF-1FL_5AD;A zq)H1N#uc^M7ni^I(ypyv9Q0Vee04S1FaC>uSylb=7X07O(F5W(@3XWVs2nytAHicP zH~&z(t1*8<^kY{(;^;r1{J%Fmw7BHZvv;*kzUi{oJ>=Hp|;I)eSGL{&Let z+c%aijLNz=Q&RZe!u?GyiR<9c&pz?R>Q>9F!KVAar90|AT>ReQ4f9@pZ{1ERK(Bb^ z&9`fvL!+zix_s&7x92=I`+)_Hm{~)zBEQ~+#;#iXx^nZ7bnQD=_L$l;=F;AACoMM& zNm_8Q)9YlOosr8ijkJF)!q$ZR0=RVx7b=cPOum?rdEnY;%?^1Wm_SO%F{4OPW%%84InQ*92lCm7vm(rIL%6kd-%zR{ze*i9!P@xIAX)BAMtG*@TI zu{zZOIv!N&q8{43L~cyB7Dc2(({;V$sXC)BR?T6kKgh)EwbBt8Iu4~qWN3$Fx6nZe z98Q>1%^v~}-@9LfuLWg6es@{ z`t{Q{8-`syt!~5iA)}|Rd*%7y;9gUE4oFo+`*?dL8ocLHb9ye`x-;tNjaIE^jUHXC7TzNyZr@E!CEs&TwX6m(9_VB*H$U5_q z0sA)Y9`mmUqT04Q8TITNZ%VA8h|(YYRb2pPi-~o>@ry zi@>*lYnVsCi3qo$QJ(Wo8_+Sar#b)m=oc1yWO8yzNhd~PtIJF{O5OF1YjL^m{wbYo z02$e>WlC>rucVeKy{rW(EmM12^W!@>7Dq|hRbQ};4*SL7<8|T#{RWW)?VT0<$Wp=HKTzIgv!;L&J(SZ`dQE#L? z^^*%FiRHz{OZx;Ln_kf?9=Y~IuSA7By*%*F68gC-qzvQ9jWkp_LViCjg|?qi&w}!T z%Y}N5TCky!lpHU78#SCHtXU4c2qFJTShmh<9vs?Ffv)=&2=J0qe@^@Y#41;{1wG*(k3tYBg6R>i2|$2g8r$hCc5R!GP| zw>aJ22HW)RhUMkP$+=N0E3GqoXnT}H`S#5Yp#D* zZ^Npxjzq0??Y(UX>!0&o9^Bd{s(N#v&cZgl;N_Us z0ISAP?m%P8Rp0t&73g2TtitW1WRwd|gwVkY@1F==i^Bf^I4Ml9ilcXg4qxarC8ZRc z4Llus6)>DU7>0y1hffL&3wi<+MFfKkB_TML$4K1c^x`(w$p46j70inUUBZLVSOY$X@{H*Aq*sG~v%f z9VN(eK^mQ&ulV>XzfNc3{d}uKlNgo8BYG6mp_r8CIok6nf+|pyBdJ*FJ(}bwWMqbP zMVYhdc|xLSMR+W9a|rdHA$r-J@otk`{mD$DO@y_|bn&AH(8OV@{NI z|I-an?X>rE4>Z~jJVYkOv{Vjh1$8o}pGm#65*VffNxwKLvi_D%8 zT8tRlD_(i9#cgr16opa*ile*(8k3(M{~AkZ{OUI-s)Qhh;(l5K%`p^183v(95Q|`! zQv?h!Kdr@34ue)0hfstUMSU!%WLOEbiiE+jC?+ASU>RhhKyE19i=dz;T}nW(0HXyh z!Z4I&h0h2>-KJ{W#oc2z9x=%!WO|frU%lr6iggtK42|pW4H)s@ycAM-2F+Q}d%&LpeE72OAymC&-UcZmhFT5MEtt zxvWR@f>P6^J);+w7{_Htm3O%O3_l=Mz2S&$VxE3|rRAbL!-`7tv>q`lN{t1{s&+>( z5M&3YY1dSmuE>vFP-eU&&#<`Ma#bJwyVvZb{h++i3RaWyv+Bb=U;Hn|W2z3?i{Z^+}d51&Y;E=6avBoS9sX;s4ZOMGPs+;c@Ghmqot&Y z#4R{#mQrROTAKnOMBxPtSTLZ#05eNTGs62gLF?QQ#!$0_v{1N-<-iP-$RrpbzLQJf zSqWjH2%!qF59bQ6Nz4MJ2~`j#s2z3&qBv%UForq>U5e}jCm4`m5DXdEPAG@4P=v4# zAs8N!!XbtuM-k%Tq)_{h3348e_c5H8g~LI;4CmnyAH#e3qlvKQc`qx3k429f@LoOV8?{XSi&(KTc0K8#q-DS9)5B6*3S>POy9h=2JIdFRsZbr-q{OZ`PtAvcGDiC zwZdns{t(Zak=6dyLUKUElUIIi>(f~H-~9&_6_$$Vrk!stsNm}NJpam9tLs~5jTgS& zDsn!vtJc1`$|5E4P|GL+4la|>@C2J z7Gc5=q@28*(jbx;T1QgOP{L8mU#`0v9JTKnjx4`4I8`}l1t?lzZ^JOio2#vz?jW>kchuPu)RHw7<~S9#w#urJ5?g9*u`0=y zBNmgFVR(LTtuDlZFCr20TRWw)Y)`$YV#3mqDle=@oLH13X4`s7PdGV>;XB6ZLYED738LB zYpk4Hf5ZxVvaZSux1vg;x6$fXlK7@0=0vr0b)_XvK|i|IJwKJx z3>)tMI`I?@_jLcg5RUKU%Mcu}W8)_%oUONH&iaPBBww?u!7jn^%ourLlXHA-)cPvR z_-x(A8r$Gh&7MZb=q&x7dYhCYl62CNX6HpcqE}X!CuHk4R9na8=s~JRWa&zpT@;C> zMad2}J4a^ewpQD~V12c9bhd6wjcsVEwzR_q?f2X$#hxbnkPO}Kdi#W|sCCtr@j3c+ zm6jpt+FH;*jt5t6cY}R+hIU7teN={aOPzgeR@CMiOSf2s$sGhQuUDdKd#!zPj(%;8 zb!?_?eYJf`H_fAycLe=1M0g?hIe7kfzRVvw21ax_t&g6mXxC19JgH}V*ya=`vM{qs zCs#&WYvg0C+%tEKqbQj=CrtS&JIc)qB`eWcS(Vc3Q;qd`Hf zfV>i7?O{`lio9%~k)^>G`8&-Y68R?)>i-hjkKt~flOS;{+_XHZUy<~G9O3pOC$t|i zl%u)mDu-cWuGXNWdMBy}q^M)ml2O@FN*OUaTMyC$o|Il88I`4rR#JTu)%}tMgV8xr zGAS`8OQ)2R$IRl@RIdbezZ7+}N-{E2r&f?-vh@l%33)YgYGg*pAW_{vS)&&W^w8vl z62M?|W)ze&B2$;Bk#>($3{KTXsi+Ydf&t`JDc^%?~=G*y#fkav$&3`)~#l@z#y zLS9&dS+;IKYW?4>{|m8JJ^S{G(Ia|CqFrdNuh-~K{!}ecx_J*x@M?_)VH(Tq+87y9 zwCLv}WK635_^f7k%^|lwKJ;Oe4bWx2W1 z=<)m6WhI?Fjx8%{S5U^*#C82=-29p{w=%n1=+!`pZ;WbG*|xZ z_9CUUhtszDv*#Cj$$jrU@_pQxOPcm?O-@hy;gjcTtIgm1@Y9|xO;L$~rkyJb%gW#S zu`nt&xbv?2cf}7{^~J+ve5S3kAt624vEjXEHr1K;Huo50*t)53>7p;HZQTkCTORzP zj@fpY*70=}o8S3*PsP>`)diP;0-6r3dh)gJiq@=Zb9R2QsA$rtQ|PJ4*(2)LZ=|b! zc>;#*&B`&^8WO{@4f39eN(q4vP1n&pGCWuab}$xL1Bw zFkn$+SelkW(7|b1C4pr|DSE^!DFPpyrU4-tkpY{KA?aFZs}D-mDoH%UAnO^Y1Z^6U zszot$M7l1BAj8siU6s}(P zg(`MzMRCQ9nb+-ldE^0K9$4;m%j!$FXJzTFUgE%(&ktMFJAeMF??tyXSO0LZvaM)C zVgE}f(Fb-fDLeo_H0||Gm~(UK8&6hQ4n21Jf-4@lv2IH#qVGO)bXHT<&YNCezG3Zm zIR-VwId<%+hr-|c;^&-fOr=8n+biTo)97|uttu=rse3@zb6XdN*U zISTw-MeXheo4>TvQ`YIJwfIZg-A#7?;SP7B&3CxdU27HAjj--;mm59R7VlxfARr{# zg~WOX7`y5PV^4+2U1#-{bh^Tupx9&O)LDIHoo;aP>O)1x8Wgt+87qu#*oQis zA4&)n2qlEe5!TgaFYEvqG}`?o9q#7iCAeUR&+X%v^FqIzHHDdT?)&_{7vl%^d*j+0 z=WY&6$ZhR8`0-gc^t}FG&!_c}cN(VF?EVNW@452of8TwFE@8ln|2KQ~EzjrXrCtBR zH#z2IBSt>+)XGI~KQn7UVnLeTtZ-C+(SRgOyUDp~@x8lOS8cI=x8{z8|M!2v)C2@c zoH%;OCAZzS`t952-11_^;QnK$UVr4hml_b{na3W8P8o95bv>TCYWffJHy4)f3-6xD zIVZ?)L((-XG>Zi6QDGCfY_JwSXA)in1HncJgvz0C z;ZslG`axb2!-X9P)gCHJSi%*B@(P>6OL+H=?xaxBuld}+oAaXmDA6Ym>YJ<8$7dz! zHSw9f(&OT@yJaLKD%7M_7ag6bj!x(?=ZcHLQm@uvDnqyIWNnmMqf5-p&Wepq$nV)b zN~w&=&Pa$>#l$2uyY;iKozq{7Ao7@k{BCNMrhE7NC?)6g8fMQPL?VP*DNpX6s?(_T zhD4|_IyraJwbQ{IQ^$1ANhaj_q>POI`RSQy|LDfcp9i!b*B|b@V|3cc9DQ!AGR+_# zl&&jCR_Del`lM)bV&tQ94Bzi<1&tHikH^}NHlJ>O5z#kU(cucJBt*PcYW2`P6O`c5 zS2f!M-C`A1FQb$~2@
      K>t*e(V6S)~Z_hYIlOtG=s2Ja^_3zex z{590Qa^fPv-$37iy&|EmkkJ#SjFU$qB7ZG{Zzasr5oYiRb8T1%0T34cMOgSB{EhIi zFJXfK1ncXCW`0Xci__^01Ois86{23R*XQ%q*4A1q7KUMrMkA#A{eHLG-QM2Laa=GM z1RJmfv)0yDFoQ6dH8eDUrO9OK?CkV-Jg^CJH8wWF8fa^4gId50j3aySzb5nxghRpv zOTOJ1uzBcCSD@1sw0dcf6;P-SXAstqXz@V0kkaWC49s8&_Chph53PkP&Vbd!7+pb= zJ79GSxr73tgz!34CK!MoflVkeQi9DFS+_$u9@-o>@CIR*pjar!9w{dXVW`>^F<_ts zdnhmDf=v#u@WR>9u|?Kri8y{jxyrn?#=5!6 zvaQCtp~CD62pwU9{}mZcfP!GX_10Sl4<4i_Dlsu}`}XbY*RO}f!-o&|?Ai0R*It9` zVb7jDhYlSoDJe0V&3pIm&Cbr=wrv|2R905z=jX3nxe|nI$&w{d!tUL>!MLujPOsO0 z^UXJ)VqgjDMT-`JsKHjd-3~=5mCE?|_{bjouL+NzI68kQ5VgHZGALCQ2(s}iD#IY> zX|7L_#_gl~C8^zhrXWEbq}e_RDp)6|h1owS!wpQ)fOv%s`X;J9KBiZqif7n3r6k=T zV;Nxvk}tr74CsPHwLidslLa@DSOt}3kkbs;D*l6y&ws>SqR+Z8*Tm;d!Wq`Y_jg{Dl&-O;gjwWYuyL(Hcy~60;*5D}Z@N8>v7PY&!LfGit+GyX|}+)GZgG}`swfU^D(w_1 zDi2jx+~L|K?1Q7EQz#*lx5FJSVOxX!K%0A4lM`xzM2MCP^}8JnZIbNdgk%qyEdVc^^k9{FTJU6Q>1r4N=SM8_5GJ7Dh&Br5km_(7$m zbdix(F8u6E+PvY_#iol#C9nMYn}yZw`{#XT@w@)-!yT7Q?iVRnFmkUHECnqN(BLmi;L^7ES!XP~m1wRYK zC^2%N-giRoJPzXp^OiWCAdOGBSX6A$m6TrT2-@c$$BSwq> z)r*dfhGHQF+MXb1=cJ|cdx1mdSYiAsT%;Jv`)NaAyLwcXMnT}Y206G<8j2W}p(Rjc zc!ril(IIJCIf)NV)yN4fFIthGpwvo;5g9sAi{a^762pe2YbX>QoUT=qLJ9ftDiwtf zN!Lm+3=9Y;AzdpCjfc=kh-|1LUZo(3!KrGvSAYThv4%o9P(rFEN=BsVWqp#=3R19_ za97b4002`)Nklg&Ernr2({&OI1urZPJVdRmPqOfSYauU+!mh%4XohA;Mgz-) z{4a$1n~cA&KiE2EqVCBbcBxzCqme3f%CsLg?S3|nzGBtFOL8Xc+w{;k`}Rfm|4;vJ za`Uo}H)w~)A34Yb_qE21RGCehT;E#{FTDJ6^*7~)kxBUW)w>2Zz8L_Oe1DdnjYOUaWAw06C%tTVy>cb`}g{?Sj6e=q2baUK+W>;yu z3;txQ4|i(hT@#OOI?3j@bIOd6_}37A{&;Nu5F1@x|HG~nZm%!<-T@zGg&t&AL*p^H|KqcU}|3bJpas(+FuUQLb3j#5bQQGx*h zYmJN;nWaxulD!jD{ZrJjD#?gUolcm6q|-=+O?o*2DM>1-01T4UhS2;WgMu8LsZ&dd zQQ3O6lpL9im~;qNwoNUqnyIwm?MF0;>&f^-N+YjuQ17Z;P5ootATiBiSJhh8B}sZ@%b z?%kqdVsi8H)G}pKQfjyEJrffQID+Q&?4gj#^Luv_#Y^PxLD%sUO%~OE=2~S+Y(Yt9 zh1u((xs|2h77_CfcE}~fPv92e=#mnnTtb4u5v$MaXM~B_N^0(bb|pppRMa7p5nF$`Z-VXiX!{6Tg}sSzXa#l@X!3Hf8l zkDGs}9l@}T)z-pxH_Ic7OFF@!TU693Bk`YM4HXr3xEOACqqDHp1&-^Y;tr5J$O~=T zp9?#*3S#DfbNT)p@%f|3U%+41DEsRO`-tK2X*lUuf%c=5U&8ap)z#7wnHq-W zQna#eaSE^=oThUJnL%kZDoG3KS8h6FCCRpj3^AW(TEeJwc{_ ziUvcF6sASefK;`Q<_4!}-9dI>s>aXo{gTuKiX>{K-C`6pkMv7bLqihsfvC>w_xNwEiHMAFtF%2*Dsh>1U83X&M(4o}vX^8Iwr$&XPusR_+qN}r+taqDZDZQD&9k5PPn>T%qIP6e zWn`_Dnd{E$7L8s9g^1lkj1txeL`U%(EK3AFxNR~t3_>BAm*e#%2JLGIms8Yk$CIHV z`sF85M5~*Wk5I0;x#xGP>|jY~X!i(V*E=Q;1MUqvdJh9pU{N>(O=$PpFdGh75CvbM z3(gpv$Nv=xCGh-7K3{Ow%*a>?D;9d#rXQpd4^pu}Mt+;*Uf8>S+FT)+wLg2?Tv1_o z1N^v~N{{ByARA)b^(4S6B_i!E-d1P=hA6U4JnC*RkFOVPlIA8HdN;xk{ncOrYQ)Nc zhM>S}#s%e>DG4pYr3zw;0{1%+n0^Us<1hH27vOJ97YUjqd%A<#R1v6EP}oo(NDMTO zwdHdZGq|Q_W2+3a*e7BicVp#<{+Ba1LmB)}+nu&Ocf&U^=e^&vWfb{5q?Mi*@d-QM zE0*(1S5Au%+1BiF@=(TIjDIo~>kahC@qbr2 zLSTi6BwHuGh1d!g;poWQ$6Kbropci+PRGQ2$8s>Xv@rR4bIMxn#n*EyRg2r>fEwp&AR!s)?XBv` zBE2$7u|i&pe|H#oudG^E_4;xB`J-wUUmS*kS9#a)b@ipIsIggj`M`NClJaMo_$)H& zuOSFvNi?|F!AY74-py(CfdXx+0fYH7tHuFsrV6I;l|oKU)l9Guit2ij$8A6rr>miI zcrSv5xM$-OIGX}@3BhInXvGjo+G$m%I}sl)6ofZaw@_}dbJ{6>N6<?soF-K!^+F0Y%R;IX#p;Z4x)xfB*M4hYLm#>ux0bSx1v!`prpCD~grKPQ z6Yg~=$})TNAIC}GOJ@HA7XosUG*F4tmXH4%1j4ZF4ziL&(lQ^)L@tC4 zljAg_qztffAkpQtED}#PLE?G+Agjj8BE+hy0OTtm2K{8|V551MDxaEUBjkz<1iw?L z?pEMJn$A&bH8f;WN@5|_r0xc2cW1*YYtQG7$G#cFujuHI9c7fX4PHia0rq+edzR98 z89B+*#d?RF0i;@T0HKFS-!O{CSUiD%SYpnZT2Pg3*GFtI&4dj<~ zYgNAf>73O#d)l$NM56G#oy63fysnltpypFeBdZMEdKan2SiYi~siP-MICRZp9JeZ! zfqxzPcln5-Hd$L`qcSlm+s4jr@Wo<&T7nLTyQ6gwtu(QQj@24%DGR1aMB28xsf7!a zD#4b|SZS;RKFvHN86<=Xz2m%r>6eK^anHs+DYUC-ni%!ys)jZji?3X%SUHmZEaHcI z`;eZ={h(8AJ=1Un8SR7|4`67HT8(9%Jbs8`p1wk>maB*b0|;yU1qO4Moiz%VwWP}8 z<`<)f;%<5)$Iut~?k!?As%;66u+T@Reuw5jt5%fUEl zq{ZXM7Nn$nO~d8o_l6e2m@7zGnj0WOwxg=3z`0pu6q44);Cf_(5oggTu;6Fsa1X&e z#lfLzdUOHPkCMowOdjmi#6s9vs_66(hf*Lx*d;s7PIdZ$0U;4#G4D#lf+#g5ZonK} z6$hJ{P7V@6kxsIyp$zKwSh-o5=`_Dc38o9os}UL78(KBB6h9RZD$aK#`aB8geSIKA z^xGmzcJoO4nfStUQ;u0ip=XPJuzXMP_6N8vybwm2!i^g0c0^H--`Iuv=LwTVXTlsw4w!glEXy4vQIz({V4w zr>spl%hV1ZKs(z=%K?sL)>Noa6JwyeOP9U^wyxnuSJbnr>GgT2;F5+Vea)hj$cZs9 z+-XW)_e1b^;q5D1G1`2%@(jGzekH!%qZFt9%1Fl&Cdb5dYsd0;NGWcg249_y-baXw z)m2=hh72(-Ru|Ug*mZdM_R%@|_AvP3@>tL$5607e`ws5e7yz$Zj)=X+Xp`Odfb0oX z9pIv?P_;j2qE3U^xVUV7SCgJNFQXngGa~1kK%rv$MDEHMu!0Pc(lamqRd|Sn0S@ho zR=1<4(_>|y*(s5y58=GBvLAa{m{i*c91O>fs7%kZvS z^JtcHGB0}_tJWG8Oi8#~kvo{Yup;k-p2&!6;_dh8R&JKly7nAY1LO(RlBs4{9wm~a z9TNzuxv>lwA&mTKHupQ?TR`fvlkF3!`J~kpmIU{SCyDf6MG2#G1wF|r zQCgN*d298V!ZUcx@}IW5&Eg> zsl1$dBm}(PcZSyNlHT++J`F8kbIQIxW^3sG+$cAn4b^)%MRwH?)Q7$Tdhq_N9O z(bF;uyEuqtVrM1d($p$B!@zCe3ky!$@f%Ai%V4787Mm^ID>n%X(+k=zNsiksx4K8< z8zsf5srSU{s+l9;o*s!{>DJ=2x2ks$nkBWUVYH;`YS>4msmLH^7o(G@mY3Xu!pGyJ zB=pa@4PsJ8wH#seq-v_!Gmnj-n^ELR^e@)1dy{juc242dC(_ZgW1IesW|1k%>VC|5 z4#>s4DwrkguofizXLpM3u+398n2s{MO7gBRRS_}J!usvDsFuPIlQ7(M^xXIU{WFsO zbsFqm+H)0|Nhdj;S5)mJhM66+8=Gmvp!Nz@&MR~I+7+{mC&*9d3i&C*U(;D1+ zUUo|B^5Ejdc3h@Ymysn0RsGv#R&QL%R(+(O6LV{A>g84|Ou@}iKS1VVW*9Qjw56}I zLw~Eo12Lt}6j{R}O(ctKu>w7mgpxIB?5DOH|p0(91vQmO}vm)&z~j9KAz~ zm(ua}G45J)If{5EU_8Vj7_5JTaHWP|xQx`w;M@c-LFT2NoJo{OrBr2vq?6fEa$_YI z#8Kd#QC7UMLrbBpX|$yVDRSXfP?!SUQXA66sUv@}qnD>+^#e&K9wfqYki(dZNT`reo--{!b%4^1~-f( zAhJT{^4iQj*imTr6DCS3oGtb{Ni02oEX&mAIzxkLB7E10Oyqgh-yRTPqtNq(e)IF2 zk50m&LJ^@<@HM=24fWJr1Y9mA?J+c@1f{@67~JT}h9JH9u->=m4bwA>&nv{c@Db8e zUI~;94J(4l??XjBII?&oq}_P={#t`D3|7PI!51raghpj4ya?(Dz)RctOrIgWP5|5^-Y-C2 z`EW}12PQIV7!lzVB%I!-g1NJ2raZ-*T+{kNq^gSj3l9B?ON7Ug0H(+nks1#}`Nb^M z7yna0Lh{49TlY3g>^w$Ez^41RL8xD*DWww^P_he#d!;6xEZz;pC>4Kza&jg9!GOhs ziZ77*yB?+S8+P~yML;Pe1lA8No_BZ-CVkIwe<^zE4_rLz9@7vL7&0^=q(8(ShNp67 zpDg!GI{b%%$ zKTo>>ZeLD=j8?B7Uz(1pj;R*wPtLus20OlQpcMn3^{a0naF~u8b_9|oUvLUOTLVNx zV1j<9xgpD?HH6wT_y*lAz`|960nVs{onZ;g#F9i~;k-OC2)0z4tG41I|1+E ztVmf|K}2a0Cw=S(^U8gRz15b4SATGF1)zK`>1R_n}PeD6)Dnr*lX=sC*EKZ_yNH;@xJBbji6K2L#4eh`{Xk)2IBI>nMB?39A!rv8Ieb=~ zE+D>0p(Pn5B*7DtPzQ90aaG(3T8w(_1#oi&yt?SzWB8v=q!dxHknKL zdzProI@DJ3G*sTW%}N;L7j*}`#TQ;0_Uc$nMMu|{49uHc`@LOVN1yCHm4*zq#-yV1Agf6v@O-&XFPXYqjb9Cb%FBa zlaSs0enF$$|J6k{`f@mgw&`{Xfqna<;6+mQ>G(t6^Jb*-CCT)SI(h^M={~4k5fxY4arusw>szQ$M9v%&1}_o-TfqHD_Lg)iUlCno>t;_ zH5<8krbjy=$vOG_^HWW`O%xM>gG%`n5S5epF#NL++u=489o-c{iJ|MgbEOhd9@}m| zO?#s!C@E5ckjq@A;NCas(9MQDnkn}1LPlY!SBIcXoFO*)c*$9pZKZ=9{Ft5lPyW$4 z8`p%LTMEMevL>4qC6w}a&FEF)2!tJPx&wWB;vf4EpRU}_)m~4nqvn@<=OM9q?A+lH+o3z0!o_f382 zNO;BIN5d^XdCKB;*b%N+_V?EmV-LX6{e51OFFxu&K9@*UAHZJ15e_?{WQbH~pYf^g9;)Jar+BDnv$pG9o=)%nIQN65p>PS@VCY zMB=dqw|~W6obEqDGo~Td8wJTBlQw?6`XGHVCiMjdENMl+98kJnRkR4OFp~c zkB?6`S*O!h*V)I5hQB3eYq$z(8u-QFKf($dhZ)altYts@W$ zbXzaeP@&QoV-*7H7#QqqZu;)_149`g=@#4=pm#L9mA4S~t*x6rG2_xqHPp~^*3)v< z^4aRDS!*j917=p*21eoFLrNjR-DalNucJY_0N$&WrKM(%_fwjNK6RQjr~M{Wm1(1< zkPQqhtZ-|d|NB{LYO3A8Rz0U-bXZIVFeOmC;9FdWZs7Hoo1K7lvkbqdWep;iL?~?z z%Q+${)1?X}BzK_}P}8tBY>)aoCLNA=gq-$xWAIe403fUwJQh>G zb&E7v^54I|5*wmWDN(=*)vJY_jE#+zRaA*-QsafMkV~Sokqww#WHIY% zd%~YNci@H6bwdNKvtYp?0sX+jN#3IkkNz)@~ z9GZ0_uO-+6xY78>_ukh<+%Iq`-&oxdDkh62UaAyGuYjOf-92G*+BMGVq`@DuytBpP z|9T`6VA?zik|&Rq?Oc-EI~BMN@>!DvF^KK@j-4ZPMszXSNXwo>r=)#7Qa??$vv~pW zl)5h|pJg2gk((p#-!Ln>8#z5RPWF3w=vg-P*rMv2<_-je?q})obVyAg_8@is51m1S z0gSmCm5~ZzUOZun?y|fAPTacX^WC z6>?1e-Z;bn3>Fe|K5iWP8at0Byzm*o3c2%weng|LIZkL`gB$dC`jJYS7C2n=F9s0^ z_P7X9H~v0cD?;|>n-gdnqbSc{w(Im-e>vxSy`I$igE6aV)@#o_`!zMpe&Z~fwBX?d zBO&0|NpOKRsu=t_3>e^k?z8{s9T-Ut4JAa9VW@Z-y?=cL$y~;;JszJ>S74E@IB-k| z>+&=oZ1^)XDGj=cxZ>M7{;@{%S!!*HwO@UYB%0DV$2d;ukkIyU$Jy4mpRa|ZAC(YT#h*5V=u@)L&TGFrW@ zW%aZ6s6Zy;RNy34go*xW0h)RN{a*bM>8s-DF{`z2${t|`3;RI|J@TRs8n&r0($dBb zi`6-u{px&l+yRkQ2(uczyhK9Cr;K{^T<1iSke1ic-^}GTTSpeE$|NXnqOZZ1DKh6Y z8$C4C2|V<-f7h z@vhoZ&)C+Y`IR(wGkRTI|5npIjxt9p$u(tg4SWeyB0*ho&oP@*Pa`xAjQxmNrIun z1wn)7BN<|u|BXcU?jdkJS#FWz;RcS{E1Chq>lulSM1lX&Rfb>!T^D}v*M1rJc;(#Sj3hyPS8LFE$l>c#p!!{TS2k# z7&`!#k$SVOY+l}hCdNhz<)G833K86U>FSwdu&1+=o+hRUIP6n6Er`u49x$0k}J$NL8KS7X=5YwfnFLW?&bPpxG$p`N}O2VVC6z}61J*J-(sq>T~;}5vobho z2XUdP|2j1NrUUH0zptih9qM(C2>S{Nc#~0~vZYdvVQ_T$0b`gJRfmELZ+Bk8>Mk1s zVLq?v>Z#Z8CBNHTRT3L4|Psg@GY&7gR)lmCz%HTjIb&5ZxE~ zn7Oi`e43LxbqY4|G^g3%f0?f4sHjNsUvt!B8#*E%%g-h_yJg`C;q+6fOoGO@^UnfB zMl6p2h7K|4zbxx(CuWplM2JL3<_;39{;6&lM^BGs+NBH{Vz;mqiPm4Ryj!FTF#B1H zwd4lt)IUTEk{UaZX}{2xH_EQE?du`6_3Mxm7q1E*9GLE~aZLu3z!x|^i&?ZM%mwwoN58QCq6Y3_?BOXvs)y(o&kXU>1;aOq0NSU zmnVn5GTYWRuXh|OEhSq{)Wu*rCbvvG<`YmAg$0N@u6qje^#~TXnnTESI*I^)w2|wI z#@T;6>y&En=g-r1&q>_cw~YSFZy~T)kCsk_%qW7Sib+EfqM-D6;C>*8jO5ZZRHQ-p z_HG)@Ub}$p)cfg1 z4zLx?oSb95AtLxP280q+T14(2R#1N`EPf_~R3_x46z-SzqeoW90sJl&;a~eLD2c&C z^!B$lLa_x-5-z%cgB3!ZoiT{6+Cm8hZ(bASp_ED%_hDaUOu*sU>_j+OrL6BGx=V|5 ztV-Oi*#d%6&=Vk6?Ug-6{oK*N^9U3X=ZaTX*(LTZz}$gCQR4CO>d10UT}o?@R_H;mUiOy7)wyU0 z9WHJNMZ9SC6xBs*=afT2h_<KS21h*>0Eu^Lizl;U|IegTWBm7!=<=?5edC?R#^rOm91|c z0U0`9!w#JRh&A>1RUJa&prkG!7R}Bv8l`$+Y6WVRlVX*Z6>Nd^jwh2Gl>gHXSo@cW zPJeT`FvZ7O0IuZB!g{RXeJ9M>1%r}`Z~rpz^Ew|?pqWAX9Y>(p&RXsBS&x`%p|yu> zp%F@zz(fZrfH~x}C(kV0WvCI5;wcW~ASZ2PGwHttjgI_w;&}ZeQ%)rEb)Qs?svV%t zcm=~m+SKBo6#|RNm-;K0j8nd`Zyx))M36Pum+5oLzfT~%zo4YERibdKtx)&%ePo5^ zUr_j%PL2(apU*|;?Ypzi>d5g~;6{(Iy|0I!{%5@)D7Z)cBmxxi9R4dL#+)3NCf?{^ zG!4{Cl(mn!WjZU>cm!p+`2K$ru5f=~YwGpoj>M$3S;$!I`9JF+`{Ku^4A*Au%^p+t z#;EONg}rC2$mt2x{KdC*@rzbtu}SlTM6r@vik?J|<{FY!2rc|Qz%z$1e~9CPmV$mYL5v_{Mb@(eS@Phf&jrtm-9U61YNPfx589-U-llOtvFr0{YzP&23NLC-oH~e z2^9%$S>oyU?y7*p870-pp%j4pQK`MpnB@ZZdGQ81e0bwsUrh_=OY(?FGj{(~Um4uk zB1Ww`0f%%J44S|KMGXoNjrAO)3~}^DYl};cOSa*F36We(53a#-ljB+Sa06{rLczz_ zFhTMG%YWmVCk*AS@lCm8nC3VO)kKa7Vt=k%WK^;@E&mlql~ZHdUwF zq5T@Ezde?D(ojgo9L?7tjrNteR7^eT#}GWtgJ1FdK=$sN5M`y62=L)QbOJ%SH}`>i z!bhCr<}F+ydf0T94jJqonl(X*Mvt!Y&gBh4h7qq%k`NrK`H3E}!k>ZN;eLItp$GtZ z1m>z629oRcMn+2h23Ws*X+1<_)qJy;V%+i$k~o|1E(|NVKJT_m^8MYzc)8{ottCYz z)>Tny@_stMh0Ajc8eJI$88EzEkYS9Ai}N$lLzO&a{AeA7e4pG3+R(}i@DexI90ZzM zc`{ou8$O==7>=Dl7uY^^?;1j-51TFraZV;KXtugZvpfPDLq($?W^xgmBdxO(>L`CAv5^(+D^32HPgFAWi|N%ox$4DIRbgumpI9OEG^B#$R>927;p`!1F&QbW_Y z^t=0qfU+46J3Lb`pjVZK|HuJd9xOXJIM{xxQ`pn4@+dcszRwAS8;D$!Z)%d2^}Da< zAuwj&^W*heExs7Phw}`I217NPeuZo#xu~+tdS8&4Im_6ab>uH+`Wgyq9DG;NnqmpH zUI{5)525Zs{Dsc;dY9M$1}qNq17NF#wTZRMXLRc(&%)iEVsJ5;f#qIQWGn1^1~mp^ z-fOHFCWyK@GVP6jdi9a;@cSGS=v8sO1%@NVKdbZP1v>{bXDu+PU&6<{9rd>F6o1R| z@l{X3jtbP-u?PXoiAb?0Gcxeu0E}H>B$(O$dzIfHQ*t5)Ya7}chl&$9TA>jPA z_)hb-O=0mNb(7p}ys#R+w3u@Xh=i%E%3lGPahnCnBLP|KDJdn?h6;17D}#4XBb> zPgM>j#^S)Ge{J+rA6$lVPZtPutrZc@u9Aem=^uG=2`K5Ornmj>hDKLwykqMZcT323 zYB&V@0v~^S;fDCwi!HvL#;v^(j#%SVeKSa4$UYZO61N=+pJqU}AUGsl1V#gE0qdmxvZ|UR7x5FIUC_*f`^6<2)*GQ|3wlmxq&y=zY_gZ#jBBP1tvfd z5r#uZTQoVKW8W`@FVCgvxE(OXKZWnD`4yg^|Ka&Ql3(=kOj)nfcS?8o?CJRabOZ9M zNvbN%ifI@6Zmpso^yXWxGk~8O{ST^GGEY=`r=TI4B1Q`H*cQpeEDuLuCpXZU1fAbg zF(qeB?9u#s{ASI8=3KWDN2F>yN5;`kRu@HwQmF}@!IyAslkxn=zpz}Mp3KGVI7a=< zkh8-X(F>FdM-UHq+|H+iJJosguVnRa$N1OFGa{rm-^P~vFG=I=*-8jd^J{$f(+{hW z6*OFRJ3(c#0cPLV)NxvU7*_P}#`AhVv0UxA?gU== zJW?5XGotUrGRO3CYKt5NJoX>e0h}u7R54dSeJzt$?slP94`r3Z^=SpeCoheNwQx^-ktt~XA3QufCbaS3$lNHMyfA?@7kMgDT zTrM-JmwNoZe3I$)zhQEFZl1=qu&-fD-y4MJnD>0t>M`GP;}?C2EP6IvAm8W(sZ>36 zTR+pn%9YTjfjw&W>Y~ya=FA4I8C6`52p(KgIhvN{F)69-1h&1Rt8lVw<<#P;D?9sB z@hrcCKGp{pGJMz&`vn3P1Q+G)Q8HfG3OG=z#rHgDXfg^!=~>g&FsHfQO*guCvw9Xa zNNV7}MRE44zT*fB&i;kUtnwGqOX)nXXrd8g--i1=pP5=&nU6pRR~7->>&)zAyj?8h z$na$CA_3=?sNt*E=8k?+M6|$4y}`;~xqPM)CUybh4n<{+21?>;vX8%Sv5%=HT`Dov zI@&aCm+~OXt%O_~s;PO2TH5J226Q#LeftUK)C==U=?$#Cb*+{s1Ez}QJU@?b`y;Wh zg8Rxa8&xbC-|a)5;Wpg44L7Qvd6(AjCV`+ysQLd?DkN@ct)rl9tOwMK3$KZRnBY{c z4Vvze8r;B0>g$#jhewj|G!l>McwIAFrEb?tzFFnlM88PA@jiK)+12n`9Roz5a&RT~864WXjPjX^L`-Mb?5}Q?&bQBFgeyW?c$j%j3Qsw*T9)E7;gc zcz`*XmFdV9&!BjTIPzD?Ay4^OvZRd zIw?UnBZJNDrIIV!zPB!}AKNI1aarE3fYm&g@;1Ej#WQD*n{fudJ`Wpf^dwK)#r3{` zt%eufCK$X*mxuBjU$+JzD;X^xs*YV_cX#jQq!3zxx7&Gj{m^{_-?;91uC2@Yd|O;bgNZR#SCo?z+j)|{Z6C^Y4IrvGc-&kq z?Us9*db;o=87(LIeUX6En`|o}_l}DPvyer&i*oKb2Yw!E<>r=4r?Z&yAC}*$iQ55Y zBKMhu)E1Wzz+lk+>{g4BXV(eMGOSL|OJ)u#(}G!oM?D%88KrbZ?z|9crE~&6A2$OE z4sQx_N(-a!Y95tb&dRdox5^!MyUCP!d+!KQ1i@yinsS8b7y|D1jI5CMf~g2q;9iKh zAFinZjzk&5_&Ds*2m2Q@bbGw=v9V6sEYH~0fkX_!j?-^Sq9zgW2{>2$jmXLrqY82 zF1Sb>-)F0}VU)vMI%4sFx??c}zeuS~l;0M-Q@^;cTp&OS)~n9f~mLQcAUCopWUz<l4(~=B08q!EF zsj$RVY;suD;nkt4X7+n59}(~*g;cNk?h`pLHa0#!WJDJ~Xq>+(dpgy}T#2gqscY`> zPDIFG{}&4}9m*_-^ONBN_Z|99HjhJP2>Jl0gF zfvzy+t?Hl8y1gq%cS0Ilq<@-JxHuOm?lpWl%8pW+$_rGCQ+)3yd2C8z$3YLJ!{ZW7 z&MIx!Mel%f2_Un{J-VXf zRA3COe4dE-byQqWYGe+~>PG^i60WUUT&-*QvQ02i2a_Q^J2&8G;NK<({mKHWQ|kSrM#ohVBs{&uwqbbb4>ba zn3)Xktd73!IlE6@trHHqlG*j_=tI?6CzE^DWNZk?|W|thN zRrFFa>j8@Fd$Usb4kc^0UR&=O4#_n5>@IrZ28LGKX1D@&cK>eQAIS|$6f(!Crbf1P z-WTF-q(unC&Z}`sLe~?4BzOW&QZrUjk5>xyHAWF9baZIRUn7IAUB3l|2;&W|bRX8A z*WO%eN`{?#+i+)-##bsgWRhWcDCHtsEoj|*^K>1it*E-_(zIRhgT=wyFfsBNQRDEA z=cx|j36a;9Rt8m@)v7KxvDslR4BhpNLc+?+)z|DXj!jlHOB+1?GFHF!KI>zG;+!U2dA9I|52f-{acFcR-TJ){5BdU7H_=ABfSjlMIflY#E+m zs(LlDw3QwsywG$-uUQwe8+t9{H>)=tTGbonUQLzej0o({ki?4-fE|l0YCt1t*qwr z)NU@bjdxxpyH!~HD+PhiMzcQg=d*wL{-ece0q@v7z^agp(3m^aGc&tPfz11FK< zFr~APGF6G|+R&$P;Pcx0(+@9gXUwFL&7!tGCkD=1GT?himZRcXGSaT`dA;%KkMaLN zB@*)xVfL_QO!Ynv6D#HYji39ak~IEGY2_@TF%h?)(9d31Ja{u4<=N9&?}sJia{cXA z54Y|_QkT#PlH|7jjR|^EFO_ z>9>i+c=+XlSv?)aZTQ5)c<|imM0d@ALeH*C*G0T2(GPc^|I_$q^*iASV?rLX8_9QS z{B-q1=UjnZC4Vwy+hK_rbnV#2ggf2coB^HAzfRb4hVkhm@H=XF%~znd!KIL88u9H$ zP-mC&NsENz)D>Du(FZ_T20ezHn#RGBtG910-OXPkdSO0O@6UIebC+<&%oT;LE>h#t zro3ZZ`rn&)SQu7*Sn(%ya`O^|+gpz1fhTW>6m8m!tf*i#%6!XPXdr3nva-DA=jY<{ z#FChNwT*3<{Gj-P$6I8Y+@6I(xVrR$VX3?#luob?HTZ!(0D)29rg*OKYk8k-n-1IDsq?d z++}BFpiWW1o2Is$rRs3>_jo>)BAqEGH?AFQ7v-)^%X};1*faAw2%Cn^v}V^gSTz>> zTW_XeoL1Cxx^&HYR(dx){Y)YyzLkFxDzABctryxgxuM{}u8}`gSzF2Az~y;ZzojGd zH1T+FqSF%|`cJuy*k_=v;pzU#$*HBKsqw(`A9z^o9p-5&UPO739(0D1KZ7^yDo~!V z{RQE%ZJoKdR}QbM>EBB)gmhip2qDIj8M|A!hjg?SxzO@!mTTta#w$D@$!7gBd;yl< zJ`x`AM2SBreyjnmUSfKV1s)&6f-7cSyF)UJl`J}wA|hv84WE!8 z3u;C>4MaRMnjWPZv)|Nn_*JP+0?1S<*+kdSytMiRD zLnh)vHo=j@)r|ISj&mAK;c_1K70*6T(Ce*ipfXAH8SM&DN0(iu{7VMfeKh|rYb^zA zglrai6Yp3d)>mXcLF2!)c5yCa*_rjTMEzg7tgo|GK5MR>Hwe>IC)!#{!;MmWZK!0C z#sF3~UoS+x%8^g%&*tsFY#W;T#3XvVg(MN4F^Tj@YQs`0^U72Pn#y=vmuUWero#?n zoMeQH%_;Qj!&ZvURRd#+6OD`?A?IpOvzPlMJHnY{L3r$84YJ`x52nZgtB6)mD?MuS zLt62tQs=W@pVv%-nHx5o?!iNVj+^hqJ)@aZs4nq%!zXI7Jb7K^EmFY$=@UQ-6C!Gp z%RgVORa}K}qm$|AF3Oq4_(?@+IHr#X>8mB=`$-uY#ObJ*n`Rd`bn0jratlr2Y6^cD z(LKi=mx!H?cz$bU#x?>|DE|6xe?QE6dqjW&bJhU*>TIPw`8LeU_>quml#O;`C@p16 zQ_ZiW3Glx^-B@uqQ;!y)gTOq-NPD0-tM<1c$vb3A-*s)0h>9YW2#Y7YwmKO^0ju|7 zEz^Gk^5?ilY1!bS!UOR-^7lC=F#h2M(qW44L)p*{rT?yfAA zF_EkdgIk~TL6;#<-(8CerYTQUrF??L@C_Dx?1hVe$^T00U&p`$KfEsB&Vqu)YAfhZ7OmS><}H1^jM)hdp% zFK_lB!pZ5n>F5dTg>1WEQne~FB*(hpx^i;l11Bs`5QAB>%2v?$;VL37sA0s46#oix zeD|pt>XLu^IK;2b5HTGzEpq}5NeN2iVQ0^8R312CS@RciCi=^F%fL@uWE}TG*f9Kg zO~qjD(qSKfVio*XJ5aOaeH4!a>ZvF1`7=QH)-b5m-t<6KX*g)gIxBl&A`1O)HqBwctg#Dauo9NVR3hLL$VWRb* z*)Q05970F3+axqjf4J1&8Y}0O5?0+}Yh#giJ3evbeO#MY56nZPf;+V)OO%D7o8BM1 zyj|G`|8kK>EJceuQ^;ByTqpn^!?&p4kj*yX6ptQo;ySt9#NX>Td|)MGyp6gNP+C2h z+is3gW0sPOp>SvUIpx>%#WV ze|%U3VnP^8)wZspT_KGP4fUL3I_~sq1Z`~NDas|F?#iN|ha)c;N7C@u4MW{lJGhP_ zr6HuE;(!vb8jm2Ij5IvuMyVjs(s#dYJS%rKegvn7XeMua;HP?4Hh4!Nc*=w z|5PzY7TIjVoRe?)iOfIam^r2%Y!3~3$Tt(FvUrjlHDMQp#GMjaWZO2sA`qXIFR`P> z5>~P2!#vLBB^lJDP7BiT&~RE`uuF7p{gMJm^NIA$(NtYSU%5G>a5l8N`eW=--6Rj` z5YuavV#dgG`-e*P52t^e%lhbU`+WWUrl-D-M(>Fevz_YiOoWSB$}#>X{Om6M?ll%t zsb~u7*e-SwPEZm`w;8?(=V5MNJRt)5G++ z&2BqXJh*-2)ov%P2be!+Zc8m=?m3g3>wdHw;n6j2UeQ}R$*N{nJ{xC){{{fDYU5q7 z8G@$d$2osr;w~F@G5H)!vz2;|UsIC<2(AM&TVNiP`x|5WiN_Zjq{TL-5 zLOx|)L)Ayu_RUnne4kysiH%ZWGW*jsHfqlG>zg?qWu`2eRlSdi!ddzYfuPf=YH{-P z-7~x>u6)cTW!IQWR*j+>zDBGy{}m-dLxqrCKK`{d=e3S1d380!jA~8_99FCMWTV+b zKD09no%cy(a{UuNzO{iK22qs-9BC>p5t(%8oA?4 zZTlQCQ|81OpH6X`*wtR*hjRB*FI2Zcfxg^6!gQB^F>N;P6yTAzYG8D|5hwdD0ld|+51Q1QOAH9q&*u-_} z_0#bP&ijFwoX)yamr=m+>TqEw7Q3B^W5_0#uXO~^t)QR!Fm1o_E}EPyfVV#D+K=s^ zeL2d`lZzgGer9Jhh3o{If}%Poi(jr+x6z0+!p9f1(nNVz8hMB zl=$&sDDH2CALDg3_09=iYF=6f!H#8j5Xl)z1M;);W)OmNCzJ?6yPa_(R~~~z#&|Z! z=>;%(--7)IFHA~u8><4%(>J{MdAfxp`EwF{^*Y!h!7!?BF_9wOpZ}&{PQVhm(~f0 zSHCd2AxoFyr-wh`ojM*7AjwrkB(IucnXW);|3h}Dbl^XlkTt@PCvl^cctsB(q0z1? z00z>b@!#_6J%KY2sqMStN-=z)m!e+QYTDyM*#ahP-OVkn+{}x7{Yv*EYbtn>r~A~^ zUD+u+)Rgttvc-972Ff38$EWn^Qq)m{w%$2GJOQ-fc^Lm~&#GMS3N< z7R@Aobv!i5gatIUs3}|e3avlhg7_WhiqW(Q4kkl_?i{pptN5=hrFOCsF?qsmECRxK zXmftq3ORk93tlBI^&z^V_un8HiYNcD|G7V^niu3l<}%+;ey7eCZo5K&yg4j#UX*Vo z8njw4c&)D(UzheUaz&DD!r%sHs2(t_=dU>~eDA)6GpbJw=%@989|)wBD?7-~8Puw$@=K20bFtmyw`Fh;D~yd8@>?I$r!5 zVbe?X?(#jBbMMLVDw($% zQ!& zWz?u5hyYM5xQtA#8dz=gh@#*yv&?mITzS$8nr=ZJ2z=SvDN0H@I~Ou}uhFuT`!MYg zikpC;DOkzv9mG8}6o!<8~L(qO&4I7a~z^J=zMAh;EfT zIxE~nj~;hez1!$@u~=3M!YWH_5WV-75YdH*mW0Lgd-I(0{0GmxnltCjiJCOuk8UO}PXvx|cery-!oUP+iTY05n0*|za+U6_^Kp4obw4GN`}4&5t@t-wib zZ#W6(m26L{NqeT|ac{;lOQkvNy9EmD=Q8;6+atvz&4wHsnmD=FRPMiV7uGTR<}u_x z_x4%6=9t5)(P8BXCm_wfpq2n{FQLzBuAk%Th%OYM9n zMX}#`HT?hTQMXj?-}NbIsSfM^%2M!Kj|MXKI}_osfMqG8MblU{3r&TN6SuJEgD)0i z>k%Z*1gU^L9pLL}bq#)j$4l_4Hm$^1uMK8|v)*kd?8MLSo%wrsF}SDu-lj>8sd{!N z-VO}J;n1{DcanKk|LWQa4BBTN;4(t!8{rp38g_Rwa_jpLoZSx;>+p94qe1o<>0a+v zZlR6ARXbZ@hjD}(eUnaZ-UGV0M44JE+>}G$>rc<)2uhQjQi8Gf+Gu7-m1Xk0TxS^> zBHoZ*$Emx4KH66@h^MrBU2a`g-HS@@f#ZIgMlD_V66l ztbSfWK`ZNwv7#JwDuR77Y{SQ0Y87x>a}=nf{Gg?cQM^$Pa@WlEe`#~e8mn0QvM`Gg z&Gma}Ln{zGSMiJq25$7A@E^YFyAwSRJ7i@*kLtf7g zrK_rbEuT%;p=1P3e_*YDa1LM`m>wGT<<%>C_J9Wlnc3f6;|@A9Ou4No;r^qwn-;Cb zI2QO0HGE)X91*LTG?hc(Z#LThQ*wCP)U?_K+Kws1Z_=qL(VzRj^}fEjU1lqi78TBp z*T+UKKE$xkD&q@;p!MsR&(!vkfBQz<&<7ZKf78vdfOm8T|^O4W*Y{{?_T6?}WO`-y8NZP%p=g%AQQVQ_`w2ld$~|vNv1f`=vic?WzT^ zt=J70s&$r@_L$7yC7sUM0$voApd-P$o0R9WKsxpgDi+Cm>ig(~+>pJl!`P>+eQUq3 z_&_j(y4I5Xz#MfYW`)-*_1ZMZ7i z%U|arNYM_C7fJ&wV7GVa*^|{AmakRQJnS9&4fEh^=?x<3(IU2Qv~CGGD;=|W(lvvk zA%z3>#V|Cd($C$L%iK%~Nu$z6y&KE?;jr`-O4IwNx4$7gh@v|=ClRP+Rfp8}N0ncBmzS7)w=5{y5MLcV{7-17wKW=uCo!TDr=F^Iv*-bbw>?N=5t!K`Ne}~Il-8|o} z?P=3vQx_mLVFuCGKgJZRjMtUae8h7^+O-a4{$@UbiY&2KEqx*mp}r z7vOvh{-%otl~`*&czmeXF?~kUags2wv6z_W#I1tVuV;CSGGy5MiS&?$SZ!q+$6ja( ze{&VAp4xF5L%SR2pPl&^Jui8ZB1aKWu3un`Ga(v**JPcBvjJxjSpH_9bDq2>Jp)75 zfFt02qPuysK=IXPtu-Nx1Ef7TGIF^Z!NA2;5wKp<{Kd!DH(%PB{_qDZ%Dy`q*&Q4d z6crU!EJCBK#K6F?OT)|9Z)zAh0#o#Tq(CR0uxKONYCO9Ax#rre^fZ|?YW=6tu0!q- zSwq&IOoa98Bqqqm3hGsVsatkBHgOs=97yB4&J~0ocff7F3cv9m*hJ^ei^x>X8&iV9 zRJKBrcH{WcEwiqYe|>;1gH@}Z;;?Kx;)~mr<7gn|mU2ToPes|lJ2a z9c?uvE+=>E*NnY)U*JSvWa#+hs&i$>%J67d(2wJ!Zt*qxMtFqL;sNhkV`C$*XIM{2 zkfCf=UxC<4j;F==TdkgvHCa4hRDkp4jZi-4)h-OZQuNyRKswSfyuq4#7XHs$GFQ)@ z^#x=E(Y~3nKZ%zqkzAkYk{h&=x^#tYzb(W8;4c>BHg%;z7qW;gC~+Z`B1DXq-nF}o zts6Z?jycn9d6C#m(N@&ImN3NAJ8!}HOYVwu?aErHt(5h$rG2-Y5q`;Zuz4&XIub0} zMPuZU^2g|&%eA&*Tj}?A%cC<>1&K`}R@Kjg^BcF`n~nKttcX5>X5 zguQgch_sj>z;b>nbmCwK1Kt{6a16#0Dc>(BLM$5`7yzMJ>(t|LjBd!xPrbdppFRPb zXl7>SGr?&NmQ@wxgTsDU8W13w@Obcko{WpJwl=lbIQsQLYi=&*YB<1d%~uMbmsx1@ z+iUUu24h*>GYVxc!5{~*C4kPkQ#5MhlwLj^$7ij8=_Q;9Vg#P9O86ykhSe_RZNRyt z*}-K+6C_5G1NrAAKl|e5tT0Fy(etiS?z6M@RaHgQWRbwTmbAPs!UtLlRzx!bNT`l} zj@GzhepZ&j2l?*8BZMgaC8i-NyZ$O?z1IuQ*D9V!5-L4SutAy(IfI;dyR=YR6aMSb zUOpp4+{a9;^;|dUeD9qLi+Vcc(RF;I2*Glfs>hu8dco~Brn(%hC<*H6yJm^h_Ctc2 zEAV*#;cO{luXhN*vh?={a4*citpHwSMP(&e+*DJO9F+$UF3CRKQu4pg$j#^(92iJN z4raW4u+%J}qVn(2`T)@z($MtgGT4h)rjxZeKTpS_%GHB*9z#>a1pnE{`Y1{SsgwG* zjz2OnGcywxG#>rq7X#xJ&P=So4o>|xXQ0rbJSi+Z@6$ra;S32d(sVPHN%R>Hs~zF- zWN5$Frgtp}++NKcr#x_7b}#4p>Zik&tb16m@=}`JMZaUW0=ey#OJ_foECk5WCnj;H zTJDR-O}W2HDA3?V#ocnN3sMQFrGOJW5mqD0^p^_NQfa!=sqT7Gp972+6~m?WdbAp8 zcKxdq9txFU=^#niHM>4FYsMl~xP&!`C_V*Ly+=7+EOhQvxWk2!iu@=n?05_4c{SMd lQ-BXb;(a@!;=z|6HdESri6~u zwypCw!GH|8?BA@|O4gFD6B}ocv$M1DKmc$h%K%sY)Bj-moji^#{6B=CBV~*oJj%Ue z!MiHZRYln)rUqbSNyAU8NzuMX{D(2b=1c{Il;rJ@V;o?aS*VOVJLV*w@71-`NmTjAJ%ESntTK-`uu5fV4cW9t_8LT$}{T zF>Fe4Ed_F1S!!^ZI>zwnXk4FALVXiysz&?yl3u^p0K`sEj}zsd&m+0&tOH`eKE%u8 z%k^fYudl02+V+`Lfcwm>y+UIP@aA+x6>7 z9ax`sJioTO_VA#1`zYAaiN8>kdd8OD^5suZv|@aiQpvAmb>$9UI!Ko@%Iw}eB=1#O z)`BHX$v0r+Kdq5D37kxmkR?Q8$DFeh{9HD^BfI2=2RLVkGE=vrT}XOhQe`cG8ZK7C z#=j(vWT+10lG~VT*9wMfGF}GYB3|Xv;^8Ad^{*R+<$2}*;#_Y0##I?iaZhZkF~5s? z7Cu=7iWTQ*y>Ev{xxv?nCV2DRCKK~IC1EIAxsW7H6z|@Dt(VVyXKX2GaJBiyA;14% z*Lu2Xa70cXUJLi}-OECBVnRya*ALTysw=N>P!p;0o@F8>ZI0GKh z2K2C=om%s|W=%B(8wy{5qHuM#1WL(4)3A{40jf(9{^1YlpQ{!;d>WXC)O~|e=Q8O{ z+Dek^RT~AXM;iN{N>f>!6z%Ps4T?s}0{H1a3i(fGtz`ZE-gSJsWnNXTek&vvAJ9{c zxp@}aGqNpte3q3>7XdH>-|h|9{bA>Uzj_RmjG3x~tuSv3?UpZl5Au5ij25zzO&iJ9 z4pj%m-!>!1YDkmxE~vmOC%wy|g9UHjLH7}6Z(u!Iy5tO53dvmb3;+!tp3IEBrQk<_ zJzH=3KdMTFrgG2x0QN-)d)UgZtU{pJtJ|7(e6(hp4+PDLvireL(A!3*-x2wpC7s(E zC9$PvChi6Bfv@{;*7dA}H9v37e97{z{6)X3g=FF@`aYV=E$J$;;1p@ZZ#bsas?56E zrNH={%y@3R+sXMBeRbXWXx#oHRp&uWvNP71KCWqMJB{G{Pt3X;tI^gSvE~9E>Yu}R z>)D4ahrYY|ehFBcZLbCBA?dnIeYX3IKAuY;!;~~+tcM|oV*Rngv5KcI8}!4=3=}+W z>OrueLc|jE%=1{Z(;BF08qN~1)vk8{Hs6VKv^rSoab$E;Q0znSnUF58v57MIHD{lk z@6QFvhN0!>riD}S*P%NucL#F?ulrJ{d}W`1g(m^bu&ndazh}^5Hk(jUbe6y{nIR#m zkzVZWf4GL7m&ww68_$Y{{Q=38I`j?Y>9n5xfcJD<^4qQ_Q`g>%7KtL;gT3$n?J_W= zjPM6LDN<>sJHD02j*Q!<7wc@QDkS1so|Gb7gMQ9+kMa02P4OWplZX$y@NYZb)=MY8 zJQ}%~j}p!b7pkC%IBvhC$YFF>H=5~(Rct>av}$1d?o~K?Zr%se?spwNke=b0Vq6@Y z@593i;gOMjAP};qJJNtf-8OB$R(J_*8lqH=X|$Z$G-|H*nP~?;uFMmi*Mltv-a=7P zJv?UqL=``OPVF~&&Y=kkG%o5E65jN{CIU$(u~`2p7ddAWRFfbNOtM=q->bnv{qCHB z>7Czw^m0;%xX-Y*f;vYRJrfqn4i9GMfNSOtTYB)R3#dFz4w!_5zAr%{Q++bY@83%? ziL8`YPm0CM=jSJJ>Dd%(xRe~KBjzl`hppZ3{(XD>{s>I-ySIwInyE0|$$0t5?JK>y zo!k;Yoe%JMpPk3tK`Gzt)VuTrYg@e}z^Lj^^}kiv0C!O>fkl4~*)=L-V;fq#xi2n% z-CyqLGtr4Ae!cs+nFqx7YeHJirHelQ_Tka(Bh?G=qfqtfQ4crIvmL~uQ^bW!iEJWS ztGj;4cV|^**|l+~L2pVw$DSKH_t|&<{BBtdvvq_O3G7O9p^oGXcrZMxIysK|3(ddew4AZEvxMNF}Ri@FQ>&`$+KQ>PEHlz#Ol2- z*eeGMy%!G_LRXW7avVa+Pq&d*Psc7HIg)$*gHci~y4!)@{i5UBwgUGanOp^K`U5=L zW{4$0LEh{5+r1XN9zMqIf<92eC?VvR*ZX7Q)??`8LHd4!snfpAH}{}ommMN7nQ#Vk zyxY<|z^RtYe@o&(fWqY}9Pfz~BBoFG3S|5K~J6PEs`uq2=y6uS8 zxu;UF)kT2NPkQ60m6fZW@#6<#@kcLbL$@{5i(GdE!Q+*!)_%!oVI0orE? z=g(;i_{&2;mw@b!=ah>!vd%jwUDp^KlHHY)VxLzwXqlN3IxAQTvr0cN^R8!+{Zmo3L)H3><=poLxlK-HiTU*`q0Q)ey0nd6^?q!K z@Z7jpanEEAZA@gdLdIdyo$uRgT#oxiptFmeVOt$J|N3l1PU|=me#yMb=HynZVne~f zABoQBu}Y_oknGuakUu#l`<+bPW0aNl=st^S?p)ox1p#|tncPWyCfECV#}#+T2#6X? z#APz>wAvUmHZrn9MounVu`nu}7bssqUGTUgTbNHOqbuE5-m4Kd2os+Y&w|JcMs%Aa$F8$&Q=vx=_T%ljjtKrC>`340Rd?puP^=iICzJLNRTej>)2;wo}{_V4(D;*V9A28Cpk#@ z)M|CFU5mTqGuTg6;uV3jrQLG%Yu&t_JNDKUHRpY^b?)Q|XAg)ds6WE!l@wLs<6B4C zF1^9JQ^v;Fpz*bU56CAXccQBUSzOS59MB4qTt9kUNuGK+4e@C+hgSK#y;8PPsM-rv zv{h?Cwj}_M?A2RGdcq0J;SC0D)CEBiah*Pl8Cn-aXOnFQC#vDA8d`JXc8$gxl!+B< zU9tFgK{0EdwX^uMqQQ@6$eaR?)a%QD@q^$Mtx3|=V+;8+qsfzk)@U~uHz1|mZ8$FT z?D_Wn2h-7BaB%hCkMS5$Y9_&HH!-is(CN@3=j*W{O2e+){^X@L%LQWv6-xo=?H;wq z-h}}el}1XeG5rSe#;K>h;tX)&6!h;)UC*^y@_*;wH;PH+Pwlh!&v;?Xzr|N0k(@`9 zbK2IxU^foRQBC%)R)co{)-GJx!m(Ql`d|g#r}t0vH!UC3Q2Nn=?oCLZuw=4VU&KCG zjN%|VD3^`090G3m1?fHXaHYQ`gex!Fxr%HN&tLf^%$P;${lbO>?53yYGuLg<4`Is! z;Y|4{*gTQ({2p~4%*+h?N{4d;zcm20>LPoZK`$`~CV^Bq`8+Oggh8jeCV837lAj#t+~ z<}DH6f>aY8h1@gMa+;C`-!I=&^Or1vDV6!Rk5SN+%JSXVi~50c|3^Jw;@jj#0+|!I zTA}9`-(J?z(sqHGal}kms951ZjOQ1e0tuXqlEs~{E>1Nla~ees=2NCb=8xTe@X`n+ zm=_U~GNiSfe%YW@9$dmA@R}X-?2l009TdtOuIlT~;0w;Wp!uQ(GWMCc4);{s4E3wU zpo(JWBu%K!kA)$@cJ4rbc9-su)wO(fnVR>Y8I&On$Wk~{A3H5^@QC4L6p_%xq=@p~ z-{?{Hg?~Y!=N+Kf_dy;ToA9shKU|q|+h3f|^atjJ9-#}&XCGZ-g_r-}u zKUw2&p4jwr!JM`kHCBja-jUa}RHGg|Q^ouL6kPfwc*v^^Ax54_M6h*huIlA;Ignx~ zl`|jiLG=0Li-*KqK3yM--mI;G@Z2FM(rnBXp!#QyRAZ~`^Jg7=ek62HCQO1&CH=46?bIDNJf?|Y8*$DFd>3C81?JXmZLIKtA>ct)tT21irx`|) zm-(v;1RmeNi`TB=vc>Y=15sz6AWGQ6UTJ|rq$={ zU2)q2)YQEuQ8S;z71EnIDFs8Y4v(6#NyC{O07yHlU$ls!V&@{PO+Az;aIEVPLsYvLLw4 ztdi|Jt(_1O@5d8Hh4f&$FHB|Is}6IT%|RykA0 zwrhWM`W3bA%%+ral*_29zJCk2C}jJo!@pOKYJ$R`W;t3Gtlz|g|Lw4F8QoRkN3=vR ztt*U~>Y46x;55l%t0+g~`c#SGHi!f}*bQ!IPQSgu`;F+95=O9Ttn>ZVQhsL+N-aH^ z57qE`2pSLa6v4|Q%M`Uf)WLqnM_v*O)s~kSQt_o|pf-#YOR%xznm(lLtpWhvd*qv7 zdudXOK`++a%x*->CZFI$iNz8Tvk-NQOFmYp#w}WEr=UJuHXvU<4;K2~^d@b4y9+Om z;CPJU*Y3h>)Emz+t!e^Lg-=Z-u13Dz(76i$Ly9Obw$}hyk-72k0#nnU--d@T3yW3| z@D%nUEuvYlbJ#qY<#4A=>+v<)|B%;^{G&mTFiGWk-^V;R#i)!w|e``2)SQ9c`251BNQw}f3RB1OV>#PKXr@hLp;Ah0_pLF(e$-CtoU7R#u1VOJ zC5ZgMw01Zs>I&8@zh5#me2jnj0#35%7hJOJmoKmwZ2%VjtOjdm#uJkGO$4sLok;RP ztH|A;Y5hEQt`tuLDVP3=ILdvF%xakq8BmIxXa!8~-Q+^wyEIrG7z~isXvA-TJP|mI z`Ok2GD+ht5TPPmtWX+s`aM-4jSj0(R5N2@c^=Sh5*_fjPVw`@jLLW}(b2J-lpQ`^CGTY5q2T)G!2K zA~Q7JEVjSE>o64aIg0X9FVYQ`F@2^|RUoo8zVC1O0~q@|n6Fg=1ID z{L@(U&(e+545jAkXt{>}oI}+jIb~TPJjTK0Mcbj~s;o>t8^n3Xl0>XBZXwN3oF=3( zEC=;m!&u>Yb?CQRIrgr#g}Kp3KYF@J>U;VU9MRSM6|W&j-r{ltgc2KR{)YXq$Uy|; z21R~Vs?HgzgvpSXs3sC#UYt>UNG;hMaPPWT*5EH<5W4{X1`u$IzkP?D0O)l z7X!BC^8f?GJ?f?7MLdayn?@#g09pD(7Zq~1NoY`n@l=yoNLaPanu+#9$?j9ku>$H{ zh*~M6hc^s$Wx|4GZ9zz*gB+KFESz=^v|TD#BU}HMN;0r%uAw9#wuP!sBb9_6tSqhh zTQYQ*#{SJ}*_w3+tSvn+aSO#K`6cb1Nit{+31GPY653LS5tR)9g!9U;UTPj4RFzeF18z0kz5*LK+1b5g50N1{AARf74IX+Uj&6mrBmHZk^3Ge{)fPe13?zh9=0fAZjV%D^mh z+ut$nA9TM#sD9sH^*634=2wZ+_TBBxFT0gxb~?2%+HjoqYYzBRF- z)RD}q4Nfk`^yo)5n4FyK zpv-<2-ZbS|RzX=F@@x%&_ti`59i;n_kK(wo2R*L*NI^j2*;c$0Pm|UG>N&f{jI$Nw z!`B^nMA_L^@6>4-Hy0o)Nono$`Y1pb9uBQ$ zkJ_0NB>Ke^3|G`IiWXg{7&es789CdsUnEBmjo4NXwjQ51iO$bNtJIH@HnedW4}aV` zAL^0CLzTJUujxViW!JCELIP&uizp6 zAgM2!Aup_7Y0_^fJ?)J8gH{myMm}l*+HGg?N!G0D^QhVS9whl15AGJ~iSi=)8+nZ< zcE9*-iVG=?Ed~*yn=8tQ}W>$|?luu#dW3+vTgv6XH3 z1Fe8Z&D~Hip;^u-CM6{ivqGU}amAv!k@GO7?0&UHt@ho~FxuRzaX5{ve4y`0GF#w6 zc3l|5w)|$X=I(U<2syu)A)!bZ;X^LIJN|lK=NNc1At81-esIZLCq^nt^!h-q#P*>T zdVdudExQu|A5^T~>4Yp{=tl6^gml#S)yn2zFN#t0>cxeSB#kUl2w-MdOp#==elik+ z^J5x2WC-uM(*j!;Qt`>Dm?{C2V;Lw(eiN)8RwJlO=QZTn>9vFdE!sa%K{ki(S}%LF zk`}wP5fR_HF#Br?cMb;y9~HP*-Uj*Xr60#!I@w4LW2op~PN0d2UT~9P=wNG%F30jy}WE{oCa% zy|bp?G#xWoc{Aa~Q686rdJc8f)1ehESrH}FA3))!L+1K{N34~mxRtu}`To1)&y8m^ ziD`nxzlz`u3_k1ExnsY=HvQ+dsDO8Um?RV{A{$cS--i(g;>c@l-^aX8@*X98n_v8B z2Dd1tDwa5*AmPYdS(bgPX1thj%8SXk6ap)oUad40XR#I5sJTb+gAS>(@n z86M&l#Sp8W%)p3S|5hoT$way5l7bK^T@ixYW3EOt!k3-(bk>^U` zt)}@F=<7gMPEXv2!C&IC`ePtu`G)wa|%s{M)xjr7}4sUN6v(-47QbJy^{!oWeg6$_CL7qtrKb= z8MnhS4rvx^94jmXfJ;c+NDr!8hu6l2HWe!pR`k14r=k3KC2hM~7SqY!{y};Qg&fPgbNcazdO0us-i?V;juRZ zNUNz-p%pUivLyWWG}1;Q6vDb8u}JMi-htNmC7{I2;J*)3U0OKn?FtB#4o&*F8!gn4 zOvrn`L7T?3(2&0?-{Uwb<^3oy7ZgV)Q-XHFWp_6$ri8k+cvouY zvOQtJJUu=cTNCo4=g>g02QsB*m?dRA3aZf^ho}D1)N%I+vJmt?$^R;iuo5w~X_>i4 zv;pn(e=ZYrkB*L`yV!+d)^KsMFlx-xGBKjQboi1hfEx)9GJgFU{j{lz7+H$cfjpFZ zh{-LmWU2R!W4@4V=DcX^FO@3|Dt}hD)4EquZ%iwnHU-EVgo-SKHnxIyzyX zC%lKVb2d?LOPI^Q|CnMf*i=P@@c!VV^q*@P|F0B%+LV@drjfT33Cn;=GWGK58W#$> zH6PZ-;ov=MO14#%u`U1$+GSE$MjC1iZC;aCHY&Qzp ziL?bh194ASHvyjT(>VtzQ=H2jbFasf%An94*CW@BCTa^%oz@4WV61wp8Qt}_0qM-Q zPYZ&!nA&f_E(h-Fb&WmqkDnQ|3%K;N(JpU`sds;L00(cVs|N$N&hH#?jyQ;0X?~ET zQ}^bQOZIT60ixDcz@}S!&7kg{GJ~m|YY@?n8EXvv!R$qK3z#2^;QR%1k6Ap<1|Smb zzUPrXYm}S-x(Gm@>godFU&~wemAil~$HxUP51O;_>xbLU^l!&he=d6SmQC_Da~Q^v z^1X&JOS%Kq8U(EV)6}@?(B}RvaA8Iv4M?9z zr?n1CCfYBoSYh$m)I1-&kr~h)V;s%#0~X-n)tkC9PAX+(@h0mBS2x!@+NSk2A~B=b z3VHG!AIn}kamh~BcJ4Ia*u5ADGhz3dj;sA9WO3(T8hjPIB=`Yh^X z7*g}yHJ)w~>k%G~TM<&Z3SvcVFa`*3vqVUm04BsdsYpG1t++R~#DsY1B+)xtH?!y~r)D7ae-Y(=FE1K&Q zzlBh>Zof}44NN8r^EU>yT-Nn^y2&u@M8?#WjY&lI=U<{@mPp5TzwC;1I$SwAU!n_I z(@55kVFSI{O}RG5Yw%|N)7l8Jl{Z+`oU+S|*amwf$(3KSh3CNcldB7J-P=Br)A2l<}f5jL!* z`RS2J6uhI2?uhM>T`CG2vJFXvUb^t3>%wxQ?Pvcrhzanei(+YbFi>H zxEkB#x16C9Vy_}E(}@`itPgsQ5K_7_TpgU6wVXfJ*szeMv__PNHq~`UoKzs`V2beD zEB^!`X@4aDb*rV3H&+k>n|tpne*`lX_l~eJipY0R+&4xi?9kh8{kOzaoi+$Tiy@q?AEp1OR;Iu^%};# z!CZx@03M_gFW!8I)gs~jj2sHoI7uvT)lXGMEK?)>$ORujb8jtp)KeSbZS2^VY9`{L zPXlxlMzJ6wLK>lE>N=^?m5YN9gQb#(J%y@0lo`;lG_tUD`hb*UK0M-*zqH5F9qTTF z+sR%u_%6Y%1aCorj}loha$}G=1&e*}cX(9p1FE6WAk1XgBfUtElO^@08;K<6X3Y1Q zFq|D$0nUu~F5OM2de1>0W-Zp*HA%5#@O3$1m}*^Zh&6y_s{aBR#(WNo7t22Z_Z1L* z^ZEq5YN5>4eZ-{SFceTi3iLqrQ88VM$fkr|2QIzIA<694s}Qz44= zc1rB7OFk2rBS*J!Ek4k3EMia;C2X#5Cy0#cK0TtMP?0hz4(YFkml%0gxm0HQ`i(f? zexj*x#cp`hj|5(()G{y^_L~UrS=zx{o8OBr2RbtH4H(R4e)1Vktwy$3KXpigcdm9jVbpt<-IAlIKt&mKw zQf}YZ%>lbSK_0u@Wp=n+>2%6$*@YAM_OpLrBqbdO&E+$={bC?QMfB>~Fz)I(3aHt& zm3Xm4DU+%ao3)oJ(wT@Mz~}9>9I+%}5|UA7{OGu;Yfpb~xmW1EJgD@0AmY>Ks|II? zOiuIedBMHq#wH$tP72B5lI2vj@)^g>ul(@KmWb23Yg^&OlwJc9OWDIhib^9N91y0- z&qgFeeot5*LWiEx>=ZmpvP9r%>9{h!aXZQP(4@~(6EP-(+k%GUA=jkYIv zBfep55c=0HhWh8P*;h$GU^Ecef=#^PhK>=j^#dyidm|X_i`z~iY;%Z_>*DroV~Y1@ZfOqY~ck&{H2ggMmW5*%p=CNBE54JT*xA{+{u46nWoa9!B4yh}y6 zdg9yKj=^#fw8@Vka!~B?@VXbMSepqC3Sh7GIwli)TE+WNgE_R*RS;H@huvQdFpn-K zDgM(Pa#pTdGtP`v`87^hurnkgEqJ+cN4)*@ar=66kUe8?I~~{+x&&NFXcPUSQG7n> z4#|J{g8eJKGqZ3haSs5cFSc6ThkpoumD8`<2*`CHsvP=Vu_=`<_I|A;Q16ji)+(s>-mUJO*5mpsDjbef;$u9dpGH6(M#Gj`n)Sc)1v()x~s5=fSF=S+J44jZW&RP9Sbg)e>FBk$k(J>24K!YR}qOE+(}klyhjk z4eq2jH907GRD8i)eiQVtOMRRPJtQUx9801pZ9s@3p6IUxrPKQMl}r=V!6dN*Hi2lp zf5`T|ShBGKZ!cQ7UpEIYDS1g(kR=ZGd=7&`YhF_#xlCR$ieInr8@;hC{$lL7&14F- zQ%4Rw_N^@;v$EFx^MEPoVe<58h%O94)T(zq1@YYv-7%TmbcCs(+XGX+Kf3woVecln z&+gRzZ(xl#t@)li-=Z6eUo3m|qN_+=ii16m>x2r&`lz3zTg+bm4%M?GG5GpyBeuV6 zPs0DqkMkVDxc-Wl$K04usbbhF?2*6wEjalAbw{W|YHB0+@nwA*7QAz>mnmN8v|K4L zY41@m;ymx}vhhaEX?72$`1mzY-$tNnb(HbX#$;Ec%mu33&1G(s(8F68%wH>?`8OeR zi#139>%_3_N>2h5R9g|kCnT057Wh!m()z_27Hz1pi%NsWchkoD;KGVl z&L&X&2^w%3b+`_P=7Zj@*aUA9r`q=Nx8f<+g7@}!eB4B{RVO{2=qE z@Mo!*_39iji3{Axi2*NS&U$W!CN&S&m7e1rVpIQe^3)*HR{skWjNsXv&vRnm_I*326$%hlt@GXoMX(FAxa>t5KjtwH zgpG|*W=bZJ2QNX_`@%2-)i;|t)+Hft-vgdYn>|Iwzd6sWQM;wSHH3^+^IVzh=7f3p zqrG*uRS2;-Zx3y~5H3xVEhkc%0wx%Zt|XunlV8<_|N8A5GPeq2bL{FXZrt|cIS)KU zwM`{?6`&W0U5N=EKwR3+wfXA>Yxb&N*Z9_RL{)z(scsb=aFPeoL;E7%RR>j#Ki}y& zk5-npt<-qAC9wjOiA2HfZ8gUYV2K@R3zzNcSD=@XA6WVDY<-g&ctG%yzoUD`b{FpT zn}t3uNBmC0`Q#KPoVtOpfbpe0E8ud>$*34Ch%MSOGV9G{?CmT$nDo1}^$wX$EQE4I zGP&1SU{A{V=@cf!2lyqrktO*uoDkp&58Vs)d0nGaos^=M3zoz387y0CtwG=LTDEJs zSyStd0}GC&bAa;$pWU3Vb_du0sN}Tf=2BGG)ul9it;(G{o~%G$mm%nl6A$-ZFdLpP z#g)9~VMqw3h@qz%JWz9zogLn3gdD)aD_!jteG9zY_KlC0e0({7Da8aW5MvKa zPA&OMQ)c-dOhOAX`RQB@Si60LvRsbzS3WDivijMLrezh+j)sO@`y4AJUE7Xc^~T} zI|=Ash0Ov~{nauR&@6R0hKxR&~Z#DMG8*Fl<7Oj6E$ zurgq39OVwYyR}u*4`7kFE&^j*$=CKFH56AdME})}9_~Lj5)esku|}vbpUCt8Hz^4D zbs}_zrC#-%eWDmC>)Ra7FF0l)fNyoK#6#vK)7bax9MSTlAVY|1jf*M*o(eTL2W+Z1 zai&*^euuYnBT0skh77ky4*b0Lj#u6?V5h#jf_1&z_!%wMh&Ege!+@h-rD2kts!HSK7J=nE%utc_E2C&myhg zZ5i^I`!+H+(*JXHcM9eIm@j3FsoR-dbQw2I_o02}=;lX+V@0+PMqACAiK&R@E4adPvJXY36_j$v zkX+C1-rv}MN}b%^L$;o@ytCLDYW957BERB8LmM<6MK?a9%DUEii!;3Mm&5w*wk2}r z+)$`mds;DAd#^Y&tq6gA89CDlGwFcQTvy@!o+3kdy;gIZ!jR)-N!{fx0{r-QW)Yte z8VpZ=-lHz2|FzpMB6nClN5{ZeVjkX(20UEd;dDb&K1Z%xH4fR^xMvmJDH|V>GRA;V z;U`w-|85>C$W2zd(z9HMdH5^$V@C!eM*4|)OVr!Npe%JYCSQd!4lX#8* z)+8G8L1hkGJxxi$pNVpD9l6^E&w3!@IwYc;s1j6B^<7?@R5_cmmX8Z0++w(!RwG`Y zPYWg3B!54WrWnlVemwUShwt5Y^1_v@AX17D>P^_j6W2 zt%crVIB*}Qj@E~BD#kr_=C@|QD9`Lm2l;c?UsfCqCAAq>ufrQ1MwBn{j8f;evOS_W z_%)eu$5-O>%bo;{>y~NTKix5oE(~Uha{`KV{cfflj7oD@`nDPSe+m9R}0Hs6^J6KFk#)6XvTjL2`oo^*E2>Yr>Ka*;`VYoIL}kRC^FI6efuggJmU0yuvlMm8~}$Yx@fU};9_nb*}-xAeIs%;mse;G z_UU}#v);QIGN9&P*{=XX_e8;b5}k1uk-;XfrNjT21a!JyrI@i8qHb6reRqhIFZ6F# zCI#DIi|N^JzoX-1kyMg7!rax7)7(`Lhn6c8Gu0J4=ygOwP<6;jFMc5Its6^{%NLFQ zm?SPt#;XCnaEC!V@WX~BJzuqki)<$__G0J+wG9L1F71=)R(GKd$aBtBi`!vd*k*C?kk$7PN=A2((*qx#4=hyvf( zzoqc-?(f?0m@RscaNqdFx9&2=cR5JJBoGxil^t=5|4O_zV4|A>ft)UUkiX!K<<6-P znf>ut#wo~7l!s(Tz+7^VIO)$Ne2fL*u_c4>B>?C4DH@=1SRa0Pj%J(NYO`9zQ`vWLSu`?_Gco!%ZULCY`TO z{-`Zjea$h1SM$9axNsxStn0%G9N{<_rBD*?L8{n0bYLfSOT7Bt3d~e$i+vN61Y3!vtpFb87-;=_i}1RkZiu%XEv_lU!gzqpo9*a5!QFaQV@sy+^0E0AA2ZpY{JUY z$GZ5by&m|2xPITF*!p((w>3io>L&r+R46dC*=}Fy@9{@A;6ln7HEW7iTPcejL02Co zv}KCB(!Lp?w2D6+E=q&7=+JnRcGk85yn85z$nKrVpo=}5{PuxwDj9W`$*D`UREI(J za)WjkD=@1m_LZ=TO@_j>1Jj!C^=g3ipe4dqSUqj)&gfO^-HBW4U3Oh7WR|COFB|n? zJH}1_*~`U!_Ot}cC3a9n;N-&zfEruJNM%6Z6l!)$1|HY9mMkf^U~GNs zglVm|t~j&ws*-o-Zq(-x|I?Va^A8rkpmt4<>Tu3ApS*>nWaaKHl%-Bw$hZu(ZE{!n}~QEBz)#fc9IA4$1FnO9=fFqiI{0 zVY$c1;Oel0{t4 zignigjgxvWyP4wnVbuV;RO<|4asFO1xDhGDGKz+^5UjVsVompa+Kake@5)~8AV$ys zvdd%li_0GSyg#{R!_OH%$Gk-kNdMW^1VOV?T1xdTvUuJRf zSKJa9@1t998qvMSUdm`b+Eykjss%?b_&ZV7RO34al%8Io28&<^iBRK`l7;IPP=vK? zJrKIo*!8{WVSEDiB-&Y6|GY4{@Z=W-z;@Zyez&iJ$PWx#%rX7ujdxsyR^=A!pJpUN zy~`F-d{6GJIv=k@Duouk1{>3&pd@0;o6Wu9GS`ZV8la?v-Nfnt85@+{l(oGgH2e7+b4Tc|OzB2% z&5E6KOCmG5wfziF;U4)8T(%vGZi!xVVQs7p~JZ=iyHLf-Ve8Y_B# zu)R}Cv_1MozE5%<`P&yR-Dc0M%dI5nZtPVMPiu|MgR_r<6^Y-Sve}!!*?6@?o%31P zTV~{l8>g7xROxbtUP8S{d(zK8_4Q0W^)6rMq?WoDfJK33@QsI&&@73gn ztfq|>l1mW2(5v0MuC!N)T1eGQOt&ni6BRbIMcPC)GK%UB!;|?tW*$uVzL&=U!z!jVX zVw=teHI~%vq)aji!@D4n_j4o`adq&Bnc9_}#>=CipwDCJ9fWZcd9#NP)-B9*$uOqeSz8>>|jShkJ_<$yaU0UMR0c!@?> z|A&35Hq7?NdgiMk)B#Okm$OQg)yM2EiUYtjSZXbe<*+><`TOGocs~gBtfi`0CLb zhbe9;ywD}FcH|!RAZ4n1203FPv~X%1hB5Y`q&2+m%Y_q2rk{9^Z!bxdH>$~!z_vgS zvYf1tGXYr`$h-0w??SBIt%-c`tZpcQ)1H7tZbMOqN$l~`LgZ-_orS~6J zZT$Vn=J^wnbTDFnIrkIT%vxUez>S3I=k8+kM{g3GkFR-@y>0b}lT#43`c+%upC@s5 z_fY$_%P#1v2gZ}9#?X+aV7fm$R?buNyL2-hP7_I;X8s|4mJ^9SJ-+bxP|XZU*_DIj6(;J$~SF_?Oj|$14g9TwZr{+Thrx8mw2> zl6d3GJ^Fp=_2z7@_F%`*%%iJqIk90GfkK#U6-_2R@)q|AU>pdJtipFi>8YUzNx1g zOvnv;^>-Gue~OnWmMLn8k%3r~({l*HC9nCz%9-8Jp4Sq_+SMbnT7+NSzov5XY%Dcr zev%%{sIf5X`M;?CR-}}p*6`t{SPLVMLo~6j?TZocdSjS&#q1vsoDOTyIGf<^M$G0+lu7xdex(OGp7v9z!`{mWKwo{rDj zK>De1&(2*0bE!te0lz)$Mm(BhXV2g_e@@e9E`;@q(EV(2RZLePP79m028^lsgOYL! zEJ0z34&nF$Xr~ompg}&Ab6}rWLyi z+d0$%)@N3m{*tBk5IXYN6f0fGDCjfLB`cSA(gVp9u5Imy zk&5b(60eaW%xbs&p>T|azvcd+pnylD(~S;jYWZY235ics)YOknzM zweu!3VLnW%^V81T=54~qW|+NeIt@h%PN%r?IE~%$wtV^9g&yj=?6emRPJWhZdNXdT z)lAB^ew_#RoP|Ozotqu&dp55B@jK9r1<{ekDmhhoC^ z;Pwi45c_4m<)PSOuf^xIhmpWl(|_JO;NrW)L;g6D<8ZmQZjj!0;kn%08Pqd$(W`u! zA)9ZKbeRQtJ|dCJ$n1K5XS;S5 ztk!QSc94A&o+XzTuPkQqj@>cEIbBr z(rlfUtcPkg_bv9S7|IHg2)O)!N%hD7xm9m7Re}5rEEYi)aFN|6+hEGE&C#$fNR+*X)d;KR_mT4{7DLDV1sHep^vb%y97;0H8y305Gf3G7^k?fu8bcc{*by$aFm*yFEN#jx^9B>j#~P59NxV_WkjS z{s2A5tv$>L$0+*4$Op*noE)+ZXSL6n@O=6B3*+6epeP1co7wrLotbT^Q*qPeaXM%g zZ~9G_i@NI%0V5EV{4Y7S`keCUmw(tz@0`9t_^;G3KkA#lp z%N`~H4sA?vNMA=1N0r=GZSg<|Y$oYPoYsy<0J4392?WPDwIv;9V-29$H|4sr^pY7i zL%WxU{lN)4>f5M=rlO#5Wurj(fhpj4#9=PUBJHs0lR&%yUkW$ujUhdpjUg=;%`?_L zE54pzf%$3$!-<2@{t5GcKtB>8|4aP&|Mka~aro|5)2f9RXvx0Iyj9S=S=hYguQ`W- zMXSIgz7ujD+5Z5D@*D+f?IwQ@eiJ^isAe6`$sYl^snO}y3Wu-<|Ba3$Mh2QVhvmo8 z#g?yFhtBSV%-YdC;vAu2%7fT9gFiq_zy1%zw8b)PDYyN1s{OGF3jL0^sB`FZyz=K? z8&P%d zk56I#kGU5rm`F!Qr>dsr=0&LMKd;Od$^e;WyD{5aLrCAFs;Vm5!BlQ^LITP%!1ke8 z`9D0V-vT5gsufXTR7iR3uAtmR4o6}Q-L&YJ(^3IXSMekg!G8akXms-70#Sd8)G?9g z!ua-$U`R;&nSem+9! zmyc`XVEf^&n~SZ~u~+Lt@!PPLuJ-*50ncR&ykJF@f-gd{gnA8+;wNB@#K7PZNP}hP zB^0C01Yz0-o$$`ITXURzxkN+@%T$RL?LCiP0^yXE4^nG0M!NDFx&aq#q8BVf!FFNm z+fwnm(GFZvhChjTczCFUdr`i6smvJV%@_*U9hEjKTDU5imx5Zz#ls9rzgzGSjDGS2 zFD)%$KbT3o$Ymq_cQm$PXC=cJaAB^3EzDGT7wi7U*s`GwwX+j((h6drmM4OM%d{}c znEOtw15u6Q7qV^a;%sO@^DXWi}zwb*I7%S@`V20dIF^pMv+D{hLlUe zQ;@zB$gmEi(E$KBOM0o0evyM7A7=&{s3%3)kj56oC(7}dA%eB9*Tz1PDU9{lQW1^&g>bl`zQQ6t`$`FzbIxNnRvE z7-VG2-OW{iBxS;&lr<{8o1}RRrCJF#asn<~8L4A*%+O8$Y!B?3c4&$eLxbhIhufim zGr1?rB+HkTr&;wYYs7c1t2Nw#mgcm`hn0$N!63-B_3P#DAI6| zFP%-Y+1SMfejAlh`Qm$wCpONfuFJV1tf9KHxk&P_`l!i?)sI{1Mce1FxQ5gA8e=-6 z7w!Ls6$eskZ$Deq(Shlm`WZJJca)Ju(xe$r==#=yR~Jj{;Hm>+8>oF-g#x9jdoO?` zaBy{1^OIxSsxkJc%?R?gv}2&V5F*@=7m{4qO@`F5hW)feflw0CXAtw@(C@{s(?u>d zh3?Xj-!K)6o2V(~HdMG}shV4vks&h+2O}n~Aa*lemhxka^WripY+~|k=9d;J+KLc(QB`IL zoT}{kid7wDv3-MhZQF&!IC>85o%wQ4v*I&WOnZFv(O4uhQ<$Ei)3vFdtJI}W33tUw<#M1ou$BC8zp52D+>*JF#;rnapvbGH}^%IWFP ze0f^K{EH}yLyQ(C`CrhpFRzMg5ykx{FmJGwe-Lp7TARJxj^`uXKU@I>oBvzx@II&k zkFhI&s5zSm#ig+E95{jm8~w3TX6nW{f-^hL6%B1ing&&a*JPS;%>K zAm{KJE}yDiUjwQDGhp+k5=lpyARXk*JA3yy2>(j+H$1~3hpfSk%Nul=rb1{|+U(`P zpPwuwd%6c>hXBjSVBvs6y$u7o43~#rLvFb@xSls?+6ORGd6~ZZyT>_ z?IgPG06ZSY7El)J3lp0TD%^aFog$9PM@5y;@Z$EQ3B$|85z6HMk_Sas&2H>29z)}< z3B^~K?CZy-uoaddCUl*FMFo{o)nxv#m}tl2rp`DfEdnpvyU~XeRcETTSt~CSL%!j6 z$z;rVJUOk5^PgFXWp5fsCKVj9J2J7gNe_!?I$xxWtGz<|!dDs2+rbti+6#MR+Aa_y zC|pa2eS7OBL^6{DsB)N>s#)l(;-x4B3CH+~nGGe1VOb7FmYCYYyl_lMF z7e6i4{S+eNVMx}uyBO8BtZYVrm^mN@AFe9*a(CQGy=MO9Q}zuZ9dF{Es2bV#1hY;5 ztptDY|J0e6?69mx@6iw=w^(8=M)~11 zPr)aGaU$k}aHT=g*am+*_MH<60Owed}ALFP;>UdF# zYf7wf0lIIy5VV9uS-W9Lm{@xX%MM#bqQ~T(u)f?%_mNhHy$-h0=F;d~cZ^3H^$g4xI z57t5NuU4i%WSHcQK_pF`ET@9HQU!4+-*384ej3=y82ezL{SJ&8JeoAHmCCICD9xjV zj4`!B!V1*OR10+Bgh(y;c`PB_bb_0Zm&QZkxuYrFd44`{#ZpmY4_fx)ke%~vpQT4J zm_@QV5!LxhDqahgo8DIKrZ1MpbvD{Wh-*j}Poi0+;C0Y)<|R zKYyP+K+;qLQE7a_f-7eRusvgrRXW5*Jxjgq;R8NR18&704HTSmZd+k5(UNwOXMbv{ zwF!^YpIZy8FI;&Bix|@_T8JS*jy+tDd>DgKn{Jkse|}#&_Y`#7odkYhCmbP63LX_G zfGPY#%=!MGxgU&sbdwu|w}rc|^Xk3~bfQ(#Gl6_o9F`SnRyftd`M zrFM@KmqOAm;Qzf{DI6KTwGDeaNh>SSq=WQ6XU=}hL-opUMUlbCT?8#OAw)F@-jxWd zSi-{AFGbj@RM9c`Vh6m9Y-&jlkTsKhwx>%Keg3@H#|d;UpaPKKM^w!}4lZP-qt2lh z;-hK)<$O!MuN+3j{D!V}8@<2+oFSLz=Kq<3_5yHa?uTK+RnePG!#`&Ff5a!|bS~4@ zyE8>?1E&}_(8haQoULD%iic#}D=!bs{+!@UfXBM4T0GTkY(dAU=f&(VC&BA=_ROSB zXKT~aUE!qxKnsU3gbCe-=&|##HcfE-lSq3f-!iN9lGTUQ;xW3sFk%N=@lS;${Od1N zae=vdIjef3-m0|&a2Bar-NAUOczvb5g^NGbV?J}dFpFQ^dn|P;s!&Y!bDH+0c73yO z`{bAZks!ep@Y_RZb=gc}HEJ^#I zVkKEj`K&&K5}}(OgC~n){LfXP`_)%cJ!VWDW92a!itifz%$d`As;bg4?fr7f;pA{F zT4fs~d|K65gNaErh#u#zIV37xU!S;m0#u-Rc{T0c=h&1DYIS{^l%~0IU|=12K^3g3 zau{svMmiPKhp|^j=nwQ0bcpvTK0VT?{XO5u&w=n}nyCNl7e=<1C5rOto2aRWxEXYH zA-^RR6tIySx+^)YUz`^%croW3RcArKuNKBwpFn83v3_z)x>*X=B{Bh(eaqrZ-d6|t z{*+ZtJBvT)(Ty4dKN*AlT3zHhPi!iyO^h6e6^;(#-w)#l-K_Rj>l+hHqkH|KKA>}Q za?}kpB%{m($C-Yl08L^_eai)8ya4ii3(eg^BuoG))jC30R?D>PU$a!G(Np}N>qC58 zgBmd&qogbDqqWar!&f428Q72R{OnNVe3VxlxvqiLeR)Ged*8rx$IU|O>bmjr&RJ+JZT-#r)1~}37}MnFv$e8p20tDG+KJ^A zSnh3c%+Fk+FURS7xAp75&05o-joqA=fZA2PI0w;YB~$@j?NI0;q6f5fkgYr)lY=5* zOn2$yayKh-;_0P0qLnYEF8fE=4Q)k~(rGgI5INw{h?7XjH}d)6>rV0es^Y;f*xaD? zNUD5P)#=vFXiWcRX1AYZhuxS0&yB139JvV}(o{zUTtD&>GhbDq75DYVW9+H_%Uf*%%&<%ks_&l!=H{PDe7msg5nLQk8-mDj> zI&4eQWSHM>zC}GwPxUYBUpFYY1a$w}J`B8OV4%-$&{3C?4%phyHurmdUD}>|?;?h- z<~&NsPqIf}Ew%bqfz9_^oz4?vEuK&^{V#G=gtBhgwMr_Smf2%gdx?!qg;QqO@HU$p z))Wke9AqxJ%61dcKTnaITDROqtS>V4n<7v(ERU>`Do2+Zdy)dqjo6Q~;GO@%Hy$!W zy%V20FQ0i6e5}is7D|7VpbQO_FZ=VLpLml|Y_CQ(WH^I`#cM}SHece@GG3x!jgl;m zXYo#*&?NHT5eQP*LU|v#1QcJauS$zhRHD9YLw{I12xAK-E9kf9Zu;rH|5ENO$I+Y* z_bl941@CiVy8rly3Vk#kKyf0)?^8U&X67EZ%YLW(evDKDVG!6}CqQ4K?eint38h9= zntm@mu~6yChe~mOLnu)|$sC1Mj!y8h00f)qS0CHH<*L-kO2?BOc*`b~4zJG4hY5wp zyYLvxi8|y?aWs>s36nVHthOzqVRJQoL_{v!0K)nSC3MWO2o#x}&6*9frNtW3^05jc zA3;0kkRhA?s}gs>x(7+`8M~BXeBE6&!lt>vs3qG3`%uBF?{YUizTgn=%s-SW2Mb3w zZ%VlD<_b_$;IGy`Py{3-I`WvVSF}}3KO*WY#<9_GNNS{=O{ve@g(AH@O6ohwbf-WTP3Q2 zLHTkAJHFA8A-Bi)%&G679l${@uo*GKdp74(H*KB(B4SsbSHEsqKAhIWKhJL^yni#C zKjK
      85FA0dGciZt@s<|dk1Ta)qCkN*Bc=yaN;h|3>lg8yvzFn)2j&P8wQ>>^|5 zWay;P&XF&Jd|@|>mIT#e*FvEaC!=h|l})STa0*TAZElf-8$MTxxieL8?Y7*!|H<^tn$t#G&S z0gav@*q)7sNNOIku@`E2VZJl5kl-GFocDH`g=S;i=#%SknhRA;T(o*zNiS z&2plCU^(y-0qr0|UAjh6G9Cu?55iHPra78I=z=&QTQ5w^yk|pt&t5r5$9Q>E6@SoL zw0+|f`(t*n{Kg7gu8RH7 zrbvVwfX)^7I={ z_x0cQ*M08Kvmr|ZOIy1q0~(q(5^i;?{a+iB-IlW#P#DV4=6SWP_Bq+R9||3>8iIfK zKa-0=U4{O#4k0;w5bts04q69>BR;%i7mAA^CvSQ%ZUj6z;9N{Z$k~Rr=jxDX?!I!` z+d<*gx<2$8jitWWN5feK=KJjZ!8onK-Hu6eYAnuJYe#bUM2ObO!R#M3@D3I5OUCCt z8fCJ>n&s`nOm8Q9#JN9^`@6+PFP;Gaz8TIx*d%^44f^WsCU{`3O>L;_Vl9!=)ceDW z(9h!WjowASFjVi*X6K~gVkG`ys=xG`NgR2v56Xi0d&0tqLkge2fG-OXiGcdx1$ru+ z?8$v`XEzpI&lL?Ik^xmY>YFP^kDosxlor+1Y%agLm|1)#Sx%yc#rZlLjXrv0{F)fN zSv>$WQ~A?0dh*5nbU7GDylySxTd!$Io7fW;dGMoXk5Loa4Zp3W6%g0A1SbtXN!|dqM)B7hdC>uu)J+ri*66%CTKl`g>-55H0(k=Bxe7SVOXqAM>)dNtS zxqMH@dp(^d5kY=0OS{&jCG-7E3OebLuHOOQYH&e1MNdC64@$I%Ir4k$I2m}&2aBP9bhiiJ0z```r0c4{U-o5U z(-h3~0aAqm6JPHWT8a#lQ&P-fw4TA8ebai7a}S4Pr5a)p%3#(*6>Mobp5DI$A#PT# zySTfqn`h0JSGn(l%+vs%!^+oD+B*x~sxC^0@Sx5UfBL`hW7d{Di^M4=n$eDx{{B*{ zF$lC4G-@X>WZ}Qht!q@OI610z5&NM7&GG$#6hzx7MNv#*8_h$|XTN2D;HyM!Js(Nh zcnRYb$|q;(xq4^Vda~{4Rz814qE-O%N)8y^ z3+J0C>{vSzVDmT_qloB7^wW99kb)t5B29iE*sSJ zX^g2``zK2S-(}`u6C>$dIaq=eJ=sThwZ2Q1-_nIEqY1kF1l6mxGSOj+!oOnzAy?%0 z5^)#LWiXy^o(zw{Y*TddsP&JpsN&3jPH$|lP`)RIy_Vi&;R;quCFPYk{5%py3w&YzSa1W^Svrll4)WFExRa?U`tVa- z2%}3Eyhhn(Bo#9dh=m50{LxvUv-Fm*0l|w-7Vbg{QL0g_O?^f}`4$#s?fJ;SR3gbm zBi1lj%Z_-KN7Yh&-}H);;$45H(QPqJW06T@W#xRxR~1a>9LyL6HU5{Z5IhKcPGgfH zT3|Q~0Kxxo8?2BuDaK`mV4CaLK$ zjafB)P0zW%flfk_&`@OD@O`HaxO^Ld_?;(bbvX#@+GtyTOBF}!fTK_r!WsIvU3E_y zg;(gQAGkw#j~JgSr0&9k*eX^-sFv~@updLWm5CEGOs~I@ur-WR7~>gTY*d{A+gQ%Z#jua z>_6(uSp;m!L_R(@n=iLP{kpAgEgYW-f9DicKXeDCb zTRz0hV8iANR(00`ljt=ZHovXL#wdszbBSV#*NcWFCiWaPWEAT>IOmX|n>fMp;bc=J zyZ8?w6>>2x*MS-W%Iz~19s#hUqp*W@b zMe(Iu0aB(NwjMSjW?4DK8lb(QmStSK*7Dwdac_X?k#^##JC05GB=?xV*i7TSQ0om6 z+O!0ftk``Mce#mZ`}64UsA20^EHuW~A+^18*k2 zIcIM?+eFnd$qyz;SKq#Lh4;#`cmuVN$%T1ULOA; zlV>xjc6(w)t24fe6R+v(bOXU3cC6Ar^GCuwcq$81`VY)nybr8SY-0o8h?yXd-%eMu z=FZEc_O><|<%cl%;!;^B=n`Y4-)CPh!5-o_({F}?O&;W}hYNjlUf&p--h$#6#_`$s z2>QPiXxL6ip_aGK2rj#S)+(jhB8mrbZT|UDI+KCF{i@RuFr*E_D;3rby-Yq1Pq@I7 z_%4K_)WFB7*bTtCuNO{uspUfH9=&-O7}jP*-4_ZL*V*hbi{lwhxg6Rq40aV*pM_W1MJ#i$_X z9JUHf?L{~WVLKFe$dU6C(L@x8guHuKz%4}+-I%=F?L_*6tHz9&>#mz<_K8!EbFkb) zqi+mXHBRwohaS`010{V%tH*8El&si6f8nBT<)%Ug5#zUQCrw` zuP;|D;pmjw@_TX_r%r`8;TkRT69)R-5{AE-AVer17qL2%+Q znhQC3gnAFCMch9O7n&}pc)K_T;W~PvEL!E;kBo5|ieYFH7d7ki2f6 zzl^^CIjI{mQX@@~GTLfq;gLZgMtgt|OfJ^kj3szbk(!f{m*6ARF@N;lzQ2gWg~;^J zkijYV70dZBnPME52ElX&|8VONx9jpw&FJdvBdD)UzjI*liaB9i*&a%;$&SG5-?~*3 zxq3BKa;EQ9^?7#$rA&!pzm6rg4T&Ib`QggKAF9BMGUg=us|Y~7UP)u&?T7!m(L1CJUDEUk_UDk z9WT%Nogi^LCQV&fuTOF}9>i*QFA{sCVOQH&liB%5u>M8g!YClXZ=5a3=);3;kIck}(r4%~^fm)H0goeBS4+fKsO4_wJET<~xL#3S zq-~^cLu4ZE7|x{R36CGWoJw)$AwA^Qt>#DJZGIaPHZr`ZMf!$;lC&&ALBysQ>u;Z8 zeRhs0tLFSH49g-|toU(#J0SPZEs)bgQlFD9=_;W7PUx|%jm``A=MmshBb#a^p=C57 z7GGtuip|Gf$e8>?jLC`F;!BtKA^D^g7LY@U#@$CF-$F~%5Blcvi?&QU68jpzAX4!a zustY5{AEwVl_M4*Ry(AD-xB)QR?`ZFE)$TbIw}J36K~H(5Yw%4@(^v{f_ln!@!j>1 zQ}Z0BC>a0Fx-N-e0UmuSCQ9xiq&E|Wl@4FC30 zyW)wLVi6yUDuw0I?~kvf%wTJV!zVnTny=j}^eApFslO_!9US8vk_0y}OC zeNYd5!oaz?%O`thKJ(LgAY^H3H-(8)nh+zQ@*+2~8j&j~Cv?TUY?vNl06Ux^h)XRz zjG~wZ22wpsPY0u#4+r;Qguc>w z6aVHbp_1YZvL-2kUR|{KN^JuDVJ4Ed*VLpg)2_ylwU508wy88_Diq(|NNbmoQw7jy zM@wOI~c~aimZ2BhvN|P?V{5LpzQm=Bnhq-Jq{0aw*Ud25yh7 zIGFCI%`Ps#fGgfvg!JJFt3Nwp_{<7VM>YsAtE2Kg<@yHD#m5EPBRJ!)y=s<_c?>s+wJKol1uWmbhY!V9-qV3rUC4w4yH(m;vZI)%8k#=0^oCkpm=YEFT) z?yamwh*1e)IURWdK}M2BDBR1>x~zYq`yQ3vhn^PEZS(f7ucw?eljj}N!EnE_qZzv2 zs^PQlJPg@9pP~JHIVN6G<5K6s+Q|L!#~si6oOTBkjzqSh4p9M~`@Ci(yTmfIguIm{ z3z?ASIH}D2OB8VD)sQt#)mIYF9Gg>CyQsg)i&lR6ek&e)2SX8X@D|U(Q5GA;cnooI zDc+9+EbsQ{aET|;-PB)WP#&UOtO#%Ek!u~WQp=R<{TSu*8F_DqZ)Tl5^E1CpV^4VD7b(owbtz@WjZ!_f3=)9mrXMOz5E)j(v*|lhf#WeM zE>c!Fb)rg0$S7*$frs~q+rB6j(?Am%z|&%2T-q5LVFUjh8vyNd5H8Wtm#9a7vigjZ z`j+I&d~@{_!n6h%^ESS}orn?YB*KJ--%(e^rKzAR`yg*}EdfSS6zCU8s=C?20t;_BoiMY zzV2e0zTb+w|IMCz3o#|Db#fjC)&`u4>&Cw92<_o!SPUIV>n~tL2)^os5g=WHEN8Sd zj@Hz@mt4K0&PK#o&Ns;Ba7{@4<3_CM%~3Ip1~Ts`o~rj=ntM&@>$&OGgUJ0(*MI7OpWIEW8Mx`Jj{L4T>Y6hg5WVj#vPM))@$+IGQ~8 zdQ$XvQNJh9_gB8UHg2FQspW%1qx?vDysvGlTg2UK;kqVJMyvV3W&b%J3ouzb^fZu8 zz|9GJ+@nfTd6Sa}r+r+O!=?wNW;2|&3)==8iraw2o+W3JO%0;tp zcXMpN3)$v8(mHpbSWH_RZu>+en6b^5|Yp%8fV~ZubO}p$_2#GLMV>)H3a- z7qK1nmyZ)gx8p|8aN+kjuo9jTOqv52_ zQ>N833oYaOW`ESGZpc@Np$o2mhJA}5#J2y}h0=ZzuOWw%wK&QNvHZyWefymB5!V?^ z*NixQ%{nOW)Qj-4kBNsk(Z<3BuT8kPEO&s;iMh+y^wR$~rR)9dDw~#fugM-GsG0+d zGnf1?9ZM}#^S_gNFj-^S`!eyPfut?C+jZ9EAh4sYOCG10LBDH2*y?9~EG2R53K9Qm z=Fot=ti?Hf0GsKNemCHa$#G)E#T%iQoSahJB3f$g*qUmpr&;Bccy%Q|DG7wR02bqd z!~h`n{-2=&x>d`{<%k{JT`T63EzgV8{RBAMWg--?e z=(VNDvNTnf4n41#VK~v#_gOu>25<8dZ~0c1mBauA5koG`32TvwD=vJcC++=F{W*ELwi;3VcG|+DZgDN=e&&#o?ECR?51U9m}XB zw=^uLs_RJDKnyOA`AgqU8^(da1OQ(#P(hKdW@uMYb?kP)+2**6<>iu5>97Q7s2 zo;g(?Hf)n@9G%1#@bv_uK|v%r1+Q-xNx7QWME95k|C8{D9yDyv`$_--q`mHz9L+8g0=3 zmIPiWn&P(;7j1a_xaCx3A9g;PiiHu{a;_5adG_0Gk_5N&3`M&Xu>#t~JM7sU0`yBy z%H$U9+%#4+%mZ@72LbAYPT%~~Yk`(j5+CM|p&buR$3wBCa3Jq34T2sT;?@KwaX^2P zV`47p1o;S&Vj~VE*x^e;%GJ#=06_kCm`E^uAt}PnY%sctlWPq*oC?QoX0uMpS@sqqDjhY^$T2BusH=;4uK?UoxdlWM?2{}oDAzX!mh>GUNqvw^(2S+4WH2$ zOOeaA*%#t3o^Z@Ar_GGifN>;d>GQj?WB*F1z6L`XC;nWtYrT(6W~!yIxPjiSZG7?m ze+iaq6f>?qxEZ9?vgNjZmZrXpT=AmFU;OPDSO&)zl#inRx^4N;@eH^2oDO%w@ho}z zg_bK%o2DOC*olh0xr!xao``-9sc-tc5AR`KI&NmFeU5lW*tHn5oBL2wRlkTWWjYv} zYHgtvi|2bzYoMX47alm`u_pdkatg22hNNh?`e7h5eq5Pb^QV|K8gM>Ac;GdlUAOS_>fU~@8GcFZ7 z;f~ZVP8xkU=G^4N^1c)XcAvQ^2RFqOqVq(%bQr^E1UInh5jl;lcMGmkIm*?x!|he- zA2&XqMD15u&ag>tjQA+bbwdKQX%-fo%37pjo%)!Sr}$IQ%H)X z3MB}Qq7k*8;4O{GgJVV~j_?nYd(xcw2%=hU=q1niuvr!_gM0_ddhI zo9n)R!upSxgE!YCH?x~!Q{(4SM11`U9lR{m$C3~TdC%(8Brpok^3s_&3gQg44#K<< z$^vm*?dthny?osnj`;pnQf+CBCv_h?)sv2Zo)Gh_=x9d9*L5zPn$uA;*g<%YfS=|g zl6)leg$;#(4`c2buC(h`AB~m)^iOZVvEE-W2Xh4+C6bdeyy>2P0tgb#&EnguM>s2Iep%O z-1=uhk6+&9)Y<**hBISnD2FRW+#YMx?>OXe*9%Il4a2j}4FUg?dN~;=o#AteXs!Be zc0StQ$!;bY(90teC0oqaMWo#82an9h*7xUCW%TVB7OO!Cu&1fc@$L&S?SN&DgWA?< zM7q&+lC@DJY+8DcoAN&yBO;C}?C~K&7B>v_WnS892S;}E7H-9>i4Qeo%gx)?_O~JH znfrUgqKtU&y!t+4WSECqJYY?l{QN9_C=6`eG6ERfk!%=M$>$^!Hd;G1{AL(xG!v6> zmgHWvS)yFmL~^vl+3>qp1pMv5@^4*|-t_s@(EG;89Eotn; zT#-jJ-+uZA_d><(V^B4?E-6mC!-M6K>=IQosuYpMcL< z019f|gBy13_JEM;rh;T|5hm(!t5X{n04FRp_N10B==NxCHb1sNutnX!cPkMy)=7S} zD!oj2oIhf-4^1d<*M7T;g%E3$`@6yi(LY!Cw-EQ__P}yiMlL+Zse|X3NE-70( z`ixN;E46d3F?cH&geS-?g-DDzX8PUiJgTtHida_u*@Slm_PDi}E|I=D4xMo9gwY8l zem$8Hh*D}CiWa4kfq^eqg^ZFZ^mJD3gJE6lvC^SBiDRLvI4jm4Skd@Hw%AZTPaGL>vkJIybM=(6y zL6Czby3yq?U|l@x%DZ5Blp+&>P7q$KL{HY~&7oN_8Rp{4caJwOX{)nyl^azoONi#R z;D(aL^BMSY_5l&q&}cR{Chhm#UcK*`g2m(+x-eTUvq)bG^TI53hzO}oeQw7?3B(EFhX=M*o6?3_Xa#9%>xEm>By(@mK7qZNgi? zz`%Aiu_U?EwHMePGridFFQu229!}FO{d#46KMgn`y+iViHU@N9V}I%#s^r7;cu#4B z)M{Bn=8t6%a5eq4#f{0wfE@MGxGOuy_JP3M%;??7k(uCI1y?HE?wSdpmodCSIGPc9 zEzF^Ket#~=@dR&ll2!eO%yMDfNR>8w%np?+;DIdScUJh{a<$@FVU)Y61<(;m49caX ziUn;#OF9Bt>+Y_vu!fH-JXA>qHK$ytgA;YyLe1sWwaMtxo%sfmXZUkAZcW+9HSwiK zE1tvkq7w5@27Uodd~%7e!%45ctPE6E%qiV15@xMynFP4FL}^*FF-UhqAregfI(})( z3N!t`C>FC*^jyA1iQW=n-!H6UkkiPA7={73a83XcRKDfzrG#DAEmgD=o0%$_Oj36sNcccM23J?pD0TDVE?G+_gY)DN@`6rMSC8i#vrD9{1k2*83mcZztCw*zyddMi^dKxGYHu!<#rf4hd&a%JnkHK zGwr$=9#O!)LqpZ!h?p}0Wf8-bzT9yWZDl#A?KOHNWx`HO7|Gv*X5L6F9BFe)3VO9Y zgRUD^{C5UC?pk2$9qk5Jdry)qHvZ>bu&GOO2W((s^(M^#F2JsDPe#eCmK?|Fv zL!Oiae=!gBNC^OyE97{DUsGf234AdTC!S%6lgq!iZb(BnAG*H~HqebgAZT$}VwgTj zi!!Ta!nPdPA~lrdHl`XUg~S0DQNJ<-e9>*qc=3pa%it^m$POdQhj4Jj>{Ky;iYhiT zqbtK_$~l%SHTsDykk@CD6_-*XzN*mc`d5B@Z?W4v;I34KLFy zJ=eumjvLI#d}rnS4A9kE22f_kW?B&ez?q?ohr;(F(b_~lytdZ_a=I@xTj-hti$GLh zY7UG}Zn*IC1_n&!n+|J-76X7BL^cApz^R4xd>%wN%kD3y%LAp*?z7u}( zFm${@EtQSM3jPr}r4lEK*b360eUmBnvvazIHHM+u3vS^uS;zx$zOToe{h zL`Sa_wQtMuTks7b2;)|(jRJT8EqW2hP!%}GzLX6TiHZPWMqMi=BBH+7qI!(T;a$;JPB8e9q-5}qv_t*2 zRy8rnWzgzG^XfTukq&n0>4<+uSOb2juu_;Tgw)tz5e;ikxpWE^W`ln3 z-{Kpo1|PTf{J_8nkDW zhh*U~H^Qr|vg5a%k<_aMyjw|_?(;hUa#i$uS`8NkQybJ+U4=I;Kf_hoBHkWDmrzm8 z=b|ML!V%F>jEg+Jv6Xr_!%gzA`(hE%E2vYY!!N=9vud4dnS`KAr!je7_HDqXH!_(kQ;= zoMZi3*Uv3L*c-(6HDH!@O0QAgb7T{lT)-vAmJhfpm+cvI3EVtLsN0O^V5t+tU6Mv7 zHSD$2FI>5K@jrAT|?2?pyU0vG_w^E`58 z{5?kAxUkJBT03O=uhQm~c}=oY=SPL3tI&A7rp*Ovrr*&7mWm;G>6%nHzAU+xOtO$T z+CMBTf=I)kTp@5)a2UpISbp?gqgZv7e?-F`qk&{hEORiYr|pP${FyAY`m^s(yW#Rn ze}$uu$dy@D&WMpjB^>QbypOMZ_bFbd+FXJ-MvkcAyJ1Je(BcNQu%8i?+UVRtyCpf| zink=h#Y4FHNUo5#ZM9$DNOPwZXtoN)igIM(;+Lmb>N-#3R z8V;KtDY|(oc)S{dx_7Xs#P;UEfk&JPkjZ4^ zfn=GuIboq`OZ+^(6f7;MLOG^{1E6c1@8Q-wxD6K3opn0jSh3qmqO|SN{CA)xbo7&T z2FG$48WSEW0gy_!kn58-F-E0aI_7Qgi#tfWBANQNP2xI15VCV{cte|s6rEJrJ$c)k5sAr_$8T^D%3NMtM!e7@Qsf=6D;I1w;DPM z8HvF)$sEnTL?|g#<(^`^e;x5H=~Ix2f$dx)X+Wc(xuICEDZ_k0W1C|4Os5t6U}-v@ zlcs6caD^3PPUY1ekepN(*7xtFWjbr?hzXj9i}!|y2k~y?4yjIlKyR0rf|b*tTG*XQ z4Y0JrwchcJE$*`hTHkr*2k3vjaI1--3yZRN{5r|*SjGXv?Q$wGDRqgf6vDLhffYUu zz`FVCG3iwEUpp|9Mk%kBoWtGAoq4v><>D5#iy~r-13xMma{oPjiVB^IOdzpn&>O88ki3^6eN2S&setoKO?^W9ZkU_bz7O=e2C#jdsj z8awb8cSLIV)fZ(fvLzM(YH=X&q|(i-tecdr5RaLUV$pt@bva$#*CAJR@zLn&(cDzP ze~y%MvE*`ozGVjhoWF+ZlC8{os3n4#@sp%zUOkcz3G=I6PDIEh*v~ zSeL1U=pr4N5YZtfvQJ;FdGm=Eg$62_8@8n~WZc@U!RZ)br{L=zzGN<~z0%FQe;gtS zXj8~S>$PPhC-2$QF0vS+sS zbCeqVoSS_SGkNFpo$Dbz(CS8}cA?i^zz6LoG!6C}zt%>S82>ByAq)LU?0sNZ@3y03 z`GFb640+|u)gD2F9D`v>7R>f3J*K9pqr%g4+Vu0MN>BWr7SiiqlaY1P(syxDDA}AR z^4oG*lfEp}cW$q49R>rPz0V&TPps$o6B2&5?d;r6@=D&_)wsg_X@V#}cgO0;fL5J27 zAKz0KE`9HY&&UYdN^?+-B+%NL>%JR4zLw6wBYEL=z*WW@-cZ!)aFDU~Vs|^36@KBa zO_;Lqh-5XpS48H-J1zOk#v|gTO|=L9WSZ#z71tS>F@!Erlf{p$Dd9(S+GdaTBq;z2 z+L|Kcr$yEd=^{%eiJ3JQ`8&cvk&+gj8Aea{u|AzP+;TcnGDB3HywT1qyfR|I3Pg@! z+n!7FYt?Ul{B958$eI&q=iB$x3~StNezFZ6m;CG9T+i=C{rMYdYFM{^@_4?C;QUK9 zxk>E17q+a+U`+duM!G2^GFBx0j`q?fxj>a~(N%B7*hfdTw6){?8fvnCvrp-mqB>}i zvW^%pgr!%LaO|JRX@TE|R#1QRqog=;q;(jPOYNs5oPBGgQqP+$ z7iu)ojc4+{m8$Y7zq1yp?&$0MQ_W+i=kS^xJ-_=0aR;~n@p7`xGD?Ca6hnNME`i1; zS}Y|^ryL3TojI<>eS$Gl*_Q8A(sS+KlT)sk(7b&GWIR2mZFoZR@wl_==0o7V;G!yr z#WhvW%zGHp2hq#7AbVjyT$cEGdVUtX;dnvwod;5LxSbs7U17T?*?JG__wTQjc)!pd zw-go^zmn^JBiy;mL?MW|f_^cYzaW!GA%l}tuzFSqsqK5f5nwMCbfX{?8;$982{7`fvX0!H zblAwoz9pcj;xnx(yk}|isxMqg{&dLc4?&MsV>TI;_hBJ^USjE#%eh)V1NykR=8-GB zX22NP8w!4n#FTU{pRcm;N@=Zh&w3jJ2MfQ{rKQQ5?I15~ZoRZdweA2~2H{mdY zZzU)aX_)cU&OO)4zDm_uF{!?Utp)wVF4+m~D$1Vv>%qQlwgJ9+Y*}Cr5D92gRTU?E z`y}xV<&V+WR$rNl$%j05Y^A6+WQk$Z3u-P!ku)iGYkVtD>t{Zkz3p{pZgVXJ!ws!s_s z3N*Mod}at^?p?dvfc>0!CR4`~^s!ly5q~}>vafK0@-q=Zp|)PlRKv>=W^&!fWX9=GFLny>W5eWpQ2kHe`o;OQ?G# zycqvg8dp{Lx4BTfiB8xuRjv8SICIlWmRf*H@nrqR=N4*oe6k#UqS+Boj+3@+@aXdQ zNl~hQsv5)1(i|Gk$g1h=HTXu6_xopw_>&Wb_J6dFZ(RE-SJ2JJV&zyU zd+un~2>v{!UmP%eSZu3D?>b#Lf9$Rb8=j8Je|BfN#2%%^^4>1(7Kf#M5fyL#B=M%B ziS%`|6)R0Q=*C~j;$$PQFRBjhrdA?~^o{G__ZCOD?VqIeH8te(To@#p7dx-+bag*I z;c0dRkPZ7AO?^Hj{u|UuocU)@w(QCY$byx`nJFE4tdZXYb{%fJrJU^%zcKv5(mfbQSC0@CVvFGRB=6eH?bEC)ap1Wdl7RUhJdz}FVC zX<&_1WC>K4*xTfpj9i>=KcOpjwgv02`wuTPQc}t`&oHW4`Pg{c_=q1V6{e;RLfNF? zmj|?$I>Bc1FEWrWxMJ;{Zcti~OgCvbV$&bpN@v%J;amj4#=`PXb};I=QTSMLHQ)-o zoAI{b!ieVv=5Bv@ZLz_@-DfC@Dt}3KnwK9|n4;2gakRnUzYHm`#E;I&E%$XInqTtm z2?ZUSwIG+atVc_@9)~8#_TBWSUw$DK9UV>{-Uu?y!JJZ!M}!gtJe0+}eVz*~M-#O| zw;j)VsqX@KUh(nl4YeoceI4A@A=1&&EB~;Vp#J_-UySistAilP&zwltfI!}kWo5+V zAkcPiXJqI=vK{m70XHOFJ$m|gRIA0W6U5Bkb}@}96hrdPaQ5%tiOGFOix6sR`qXy) zarwuZYI{m#+v-+wPgdNy8P|bik;Z!GArR;DJ!w+S5meC(S!ASik4U|46o*dFhBg~F zL?Iux?QRn(U$xlcKttiLunGS)$$u>E?trEL`Bvi^P~V(u4;o$S2jXo@;(gKC&TV{f z8Owe{wPgTk3A|^{sB|4zNF$NSCQ(daBY0aD5Gmd}Xu$h69u?!a`)0L7V(Fg6dY@q= z`YM_GW1{OUo!$vcX=Xf@o+pp@ycgN!D32*AP~oWcB<49}CG^(BW?Yx>qM{C9sdo&dFSNG{5MGz)NgNe= znWA>s{rlz~YRJ{c_d4xoK6d5;YK&O0+a$qfMtp)!CGWSCeJZG@2AzbJ%yxbImpw$W zeaaWiu`7P~4}LAc(mGaLqr#fMVME_$Mg>S@#0h1!3Zb(!1rTJf+XQ+Be$?q2(({%Y zcf}O2uv2*#hBt$?| z{2B4tYJYUXeEXj8UI85tO!4JdO(_gH)~HHJkc>{~rTF@?a&dCSNzTF-_+9KFQ8n-O z=|RH&h@yu@(u*d*LQDix#X~l7GlkvbADbt1J5u>u;-3gW;t}uyikL-1*zXm$bdg6i zyY~Mikc<>y0$@Y5-o1<1E}|#ni_re4zHFgB{UM&T zlZITIVf4B-%Mz7`tOWJp$d@)_$?rqqm*PaSTw==#VSS886k!_nQKNV@;m9+?d6zC> zzlLdW`wR58mS_S<8Y@+Y;yWGz?I!2h7wL>QyD@AC)YMS$lxHaafP7BfRVYWEZ){&o z7&ZMYJ|jONkaLgSLc&+%Gd|Zd8S241>Ly`d6e2+yeb$t+HI|UZ7VcNb`54&rLo<)z zSa)p$+0ee--sE0i#s1eX#ObC|O%HEpmLdJ(?9Ui0)5rgUW58kD0SAhc8I5%O`*cMb zG6qSq__;D}u#yYRK-4^o5K_}J#CAfT)Cd7X0Ar|m=J5P0V;A=O&7S=TRtz@Bo|8H& z*Tz>vKdOXCPJ2s+VcFZN84e+rnFZUdCZ1MQgNWMzbGiUWkYDG&5+6ZT4mTIIR3<(gG^{d@~kvSzYlbG$t6Q&E&VTDV6oJ|^L1 z=;TExKJ8eQv;U+LyF8UU{*?4LO-F|_C2K+v7VE77i&fPWh>FM&%_ih<%?WC&+W`@_ zNPg3-(8ab!2w#o0xSC4($jfU_=9J0 z;=tzWG{nhR|8rA*H?q+BmY*@Tb69&UW|-GZTY%K5({L#$;PW~+T|}1NzW*2y<$i^o zJ}5j4*D&pXru~T7Q&RDO=#5>QAl}!Lq>w6I2iR6kG*o}RV|q6F{5sqP6#l!SiP4M;L$j} z+gMm7w;Jvb@9TamyO^D>9UOTFQ23^6Z<6UaNk8K( zZP82)^)+PW9_uYh2CLN~hOXWJl(YX()X--ZP#|LTz}vQF4CBHHO*2(G$(?K!E1+kp zz!ZTN>A!K-&cxQ%f%DRjWk8rgh1y&|T&;%t8*6t7hPJ+eKa#}Vm&ShLwiQN%Lj{8& z7IsP*is!l8*NK;Y9*-Uyo5ly-Gya`K=S@m4Dq7zs%XwC_gg|tqiW}$ueC{9Pg^xcG zba_1Usa11=SMJs~zf=4WnD!-$Yd0M{{gtn{G`?Y(V9l;J&B;eiqBefrcZw&MBue=+ zjiN~qEUS0wjA&rgY9hO6dp3-74LqnUr%lFvg-!brueUJH@^5(RVblA`sV8QVtZ82N zZ4}`K8=pUOew?Gzmg_}Gr-6tFn$Jfw2I5?CCSs$!3)WwWFOd6z=+38@tJG2`rlbLq zq}BdgZmkxc59U|Ut;>k5+lb9lGkqoFZMVV6tjiS`+ z$4!b=H`XX9kBzpC9W+R&k-R6BKOQJEYSrc!Yjh&KC=jf~sjcfP5oRR>h&4B|p+={; zEhwwR;WaFZyfQ+Ae>Pj-!S6iZ$Pg*?aX#}8Q>~Eeumu&(x<-7gBT@|XQ%b0Y*8Wxy zpgJ7bl%}#o7V<@3Bdceln|k0~or&IBN8(c%OB7M%^>!d92eF{XyGHzUmHn)W`qzV| zub#6N#lk+tr34)@=@UX?$I|TV5I)2k9!(Bi>}VlnwnIvVt3t`kYR`^2w{?KHc@#{C zI?-i5xNjR3qMhN`f5;V5c5Tg#-ML2DRTIq&Li+jwQub^L=of+sJ?61>Qk32f7bFvo z$fHL7p*j~+1bp%0xWJd&qJ(j(Me|W;gonhssMVCpt4Hf-Aj7fbYf%18(Tt49B4$P| z^XUeK`ydUOq6Myq_-0@&&-Ka;{yYn{3PmIKto;WOvE8Q5h}JIKcFcC3S>3RYcp98$O24@o2=KV2up*{#eId};u>i7S{Od>5J~hxz zoFf@W8SOsOr7G^>?=yPR0J8qefb!K3lQyKZ0^-pcl`*jpu!FU(I83KR;XN+^5y3W# zW@98d`&;)Kd?dHGO-^Q(@|v(HGA4ASuDBSrw6s*#Hh{b5+b>iX^Tn-*8JDmPLF|Y% z{FWbBQof&DKIo^wc7)r%N^Ahpj$f5+z{iN(T`squEZ!>_@~%RlYu?f*#D@QBbZxG%F> z0Mkvke-A(&t6=ZV@4mwVS(nCB`MT16YWL}OfBoH^e*L3QRN|+TWhkXdR6 z1lH+Gy4?P#EdL{Xi038#x&_3nL7)Gvp4@M*sai}{499l}y+kG*8-Nk50jAIxJ7LtW zjZMa^;#amH`+5%*>QiGr;{1*)g@BWgx%*ufnx2!&v%!XJeeX0GUu1hkNHEoflJxn*jt;pcBt!Os188fUMV1s{|CW_` z=gF0coW1Ef-m+((m|~uB=Ih6^ZgG%^6Slr5A;e4?`NR9xt&5clgb{VWnWPL6 z>6DJpo4Gun%Koy$@6A2@IpCB!V9!hnI(HX{qME)DDl)@NnE9JW=0IAxgt)Y;AK^(A zvNVTOT}kEP&0TZ~4DZB;D7g>GiC2Ek(4{NWWGf96NuhW>Ywc@ z#gI9Dcf$#s(sD1+mS14iijkxg4*ufQj+se0TNk5m_;>x|P`9zMSU6d!+JSeEs&hX) z%|o-qo)e`^EZU70H+=@bdm>vnRh;P7TF#W4f`BG?@T?3iv!KGwYfOCj-?>f^BL)mV zSJ~otX|cK((=B0%_dZZR7T?1}olJ%g?GuLYn5+hK!r}q)35n73AcKC>ZET+`GBG0S zCFd4Bxj3upbu$c^Ms8VOBC2zdg)S5Pu;ucb%6O zj6cJ_#w8?9EhHfXasQD(fJIe9E`Gtvpz_$7DbauQv3LJs`tH)Qpc5!AHov$OWfn~k zvGS@ib$#YQQy5Sse#ka)LW z_4?~?ub8zGY&CECOm4Dy9P zxzLCA>Wg>peZ=+lW?*3;X8Hc%@Ti6MM?ru7=S$8vUSQc$QEW{$=<+-lYl%2)6S>J( z)_zAOG(vPsuuSf^7w-Z<#^>VRwTqyP9>b8$R%s9W`mQsi{%} z0=-m1vL9wGTE8I+;z?-P?e$LS#T=O4i+RLcP4W^3x1Ru(AHJW@^NLNExIjQ2;?I{q z$Xvu?zgBqif*BjY#|l>Jcz(^|A&Mv>trbeqW&sx#18?^xcgwbZesp3x0fQ8fDd==u zJV(r(R-=rvQ~KZ`Q}d`~_-vC6pIQ7kE$nTyJDP6|t6afDt-4e}H|Mpy7MG0I@vs7% zPlb7{26i8YYE9Q-Tjr%S6$HXFbTq#f)5w_$c9^_(-$i8mRPqy*4pvN>K{dQ+0RS-k zg)mdq(Za7ZIE)>1Gff}sB|FNsRv_!p421t^;Hmryy0X)?TKY?#!S|7Z4|^19xQ=%& zvqb~(D#3GnkIKk!bB=!_O^p+5_sgz~o9rDu60;(`+%gHcA8sN+I1u2d{3LOc-IMwL z9TEL8mQId_GS1F9mT>s zj<>_w$G(5d?kAmy>L2}IDnJDp($4 zEayGy`9l()KjQ{w(=ebo%B)J@XBnnufR;iQ=9Pe~oYERHq7Qc~+BGW}J7wKb&+R+- z;@3aUEMU`-=pTqnmTd1~`JpFCREWn#IUa7f#aY4=Rqt=JttpzSzTvLtjdJ~?^Kaam z{llb^2`f_XrO~xRt?;E%{^cS@G((P?F$%t__bT$`^`?KC@2PFWgAOk+NPeK3y?MF8 zKJZ1ID?nf&`j@wQKh9}Xc|4ws(AR;3pnJo=+goPli1maGE)|(xSHJTgG=I_Vd>k(( zDQgSazJ?Fw<9q)CaZaE0bdfFtGujACzmf>3=o+|0(LUD<`aDTX`Q4oiv~*np$I7!p zH~t=bvl=~NDIMkaESJSw{fpS&(IndM`)rLgbNYJlO3X+J3!|>}Qg}Hlz|H!ZuwtHN zo;{4R8xvuqY89=ZlQW5yK)y%Rg76ryfCoh;mj-yCk-GgxPS3sq?~ zQbSJwE^TaRYG~t)j*glOP$VTMqrgYJ^vZ{RAg}mPTcxPdwL+N3nCJ>w@mu0HAq%wN zG@wt8K5l~1riXt)K>}I2(^gtpj~srk+1FC}ghU83TcC9XV+Gw#qB7wq?+9@yaOVRZ z6JxW+)~E)Rc!98Hy>6ZrBsk~l;nuWJ@9dkwXM}Tq?cOCiRPx(v?q}|35B{O}u9nuC z2Rix}=DmGLw597XhcQJjdiR2&%AE;=be+(t>|C?~>BeVR5c=J-U22cdJq~)U|kPB`|hu z?E1gWl;&LJurb1c-E0r76l)Bh*qAjcR@@ho}9i^-%w|ky- zaO7*4vx)&R@lr}_DVd};frA4%iAHv0P6}8pj~AGo?@!&iMY}(K&oiWVAhS;?Z8pr) z^h(}9c64&DUXBHC#(zCF_8v)vq&C#Ajwo;)=~`PX^9}LC;W}Lzo=P#fpBYBL1Gt3E zi%fJCwo1NZp~YT9A-k(qHs_cGhog3yCb$XXX8(kZk848^e3T;Zt>7J~+Qx1uKim`U0mabYHip{j&HaCNE z>c|O42&b>45_R4OKYg%2{v4JbFSbbOF9J#XGtv9p)=LIZH0^7>2-m=XQl7Nmk0D2@ zbPA}LtyE;#6k2LnPLmX&GkemodDiR4Xas$vd_h9*Z7YG6F+5x z{MezAnC*jDc3LRKGIH*qqSXUMR+5P2L>XP8(EL~>_N8RH%UKhzJpDq5Usebq425fj zcG`2y{-{ajhZRTGwNhN0MZGF35DFy;S1}UsBS(?+5UtWcOnWAk!Wm@GT+{?D3UX&z z+ny@E1dQ%#qXm-aq*{;bOlxH%$zGVtF>Z#9B}QfVWAa&{_cdz^7kTh`%kY(pzbVVv zmI!ZE!87c^k9q^uMG4H-7HZ(YDLin%tC4k+z$T*S&QXBhwB|7R(vVhP_6@L(Nz&pT z*8uo<>}>T@bLwk}!++hZbpbjX33xqC&eh- z4k0YiB&tZK78yJ^op;+kB5vk^GBd%rz$+$uBz(Y|>Arz$7!7H)~ z%fBi>5r2o7&;`%n4j614m z3H_*+8cJp|R`P5~ED8OO@*EJ;APu=3!a$i>Ir%eNmhcxe24BKw zR`qu%a(IjH7SKfki=BMM-`P?|ti&X*dV&8Qd2cLCML}diblak+mC6aj44i6d%G*T0 z744PhQyF_9nYwAlWxmy*UUX&sTfC+4WDs>oM2ulIehUxX$9#B7sRWugElRc&N+k=r zW;g~3%TCoK10#bVn>KbBj`UZ6ig}4R;Jb9PG47A}p~bLun6>utpI(ym7}r1x+Mne^ zphf~$=YSYcwT_$flgRhZhAjf-FZX_%^S<|6-RpEE!*@9JbkP7hStL8pngr`2FJW-# z_uW8cxffRRt3D-{#*qDO1Lo1nZ|)OIhg3H`e0*wZSyVWak46s3-dcy_<2G}qlgr&nc`+eV`P zp;tCz8SoV?5YK;V)~WQKNp?4EftK*>b#L8ZRH!rm8;NT@5L_idijJ@d6G+d6U6Zg& zZ%{Vlt7Fm-ZGD4Kpf_9{jVUl6N@1>Lxx4cCW`)?7IqRVf;Gzt0VNr0_FgS7XQF4j* ziK6`%%)%bl&kdybT5p@8vpP`94)Ki?wMYZ-Rmplsg=g(PsBERvB<6_5sJYOx%NxQ- zUQN@9cUzFgTBmH(lK{|0+UIp{tMOi{y72jzZbl*Y@Fc?s0n$S{tlUf(7v6bH zallJsW_24llyuY^JajAP`nb>R&Yu_ynJ3z_w$AS-mj#isKcdmqqJ}Zx$1W<{z@wX9 zmDZu}xhWDu(md!@*ks-F0!`7+HxD3*;_)0rrQw(fkD8YVttAJ)U5?dqsU{*4O%S__ zk|(|-xOmc&>boOt3MBDLKz3YS<2z95aoVKS>DP6A@fpp3mYnQBdnhlzJK>0aom!e& z%BpK}jP+6-50E*=unkDCpw1`5oXYgv@Li4YVD6PmYs&o%M!)?pu(a7{sZeUM3S}`r zn6ukM-#JibxyX@Tv^P~Nf#A$vY*9W1R)70>>4CGm ze|Gl!6l=xL4;4(pNUAdUktt~&*iU?)<+%TA#r3y!f0UAKE`^qA`3%iQekZ3g!5Lo= zlADt5l%lU&*(Q@w-8A{J2L0UM^DTw`thfeW%jpR4SS2$oy`IW56vm4 zU2DhPcuLQPTAc~~Z;mj~-@G2-qP4Q!-wj4pOB0tRfHR$0C983Xr%+LH>Zjq#NaVsA zTWWO&wt4yLqV5QAh>!=Mf1Wi2z7=%Wz9*}xDRV^&>?aXc(z~?&IbMgmo`{xL4w5ly zjjGIvF>**H4H3>HTe47s{8CQq(6N$NIGdaj3(wxy-`UHTz$`Wu`?UKHsuW2NiEQ2O zVOG?7YZZpe*ehRG#kuCvqJ{gT+gKo5H&uL>Dq*}oeB>y0W+ds%Uog=|fI>zf`S3ds zTM-bSScD($b`0VF?)M19^P5@{3a<&GSMf$VWhE*JjnrZGBETAI)zF~_luD;rF`TAnG>u7E?(1t2*H?^VhRAy6ppb8USbfo`3S|hY`N^4$<6Cxg5XmvM?S6_E6=M5a zTdo^8Cm2<$^8ek=A7d100zornn!`CFp61_-G}#f1i{_s79Nf<6f70XV7Yz9Xu!NF?GKs0v->y3~O`CokNx_+#UPUOUtDu0Mfsl#*`o}-kwv7^F zI#N(+>^7`OzPxgmev*+qPdyC<9$U`{=OEb5b(ww{Nf4-VUsD5okMut{u6f^aIm+=u znb1?B3?I79!P1XWOEhK~sW#2z$z*J6P5oJ9PHV^x^br%`BcRk|R^@_qE-M^jVRVpz zDHH_2!9VtfHp{8-TL}8!2rWMYhP5HsUKB0oeCtDGXMlgN9}# z3nyd3e=!6#+zXB*i-(&Ct({?*br5YlBT-K0;Qw#6u31jxNw9KqLS$rm7xPpV8~l|T z203aQr>sM*`!m4?w1)3|AKt*3xZmjo+Hi)So|^hdxS;)&ye4?BB=cQqFX=0|xqth- ze-FnZ1#?CNLXJBODD}1p1u@(2Uzpl>gs>Xw#T(=r@RZ_qvwSqr%M!ayBp~^(|J?o# z(bOa`djDQqPY-&0d|co8EZ%A$C?czw%n6V4$v|4FyL4@cPflXgGBwcVGra7oLSZMlEUmjywP)oWN7N0+UvW4RIQ{}^1_P@Yfw($!;iVFrUr zxHIyNa^5?30|`||UITQDsf~?<(I^HMTaF3PwZKCg~Lhf*7Uf;T3qu?VCO zJ0^+o$F4Nm>Vx15Ci7&FW%9tSGqbY%8pdBNgdhlI^*&i<0wplVd^NJ$@me)0|QVt(=%!(v8NQX63V7=MSi)~4UZru!&JK1;a&{}t+CmB z6bw-pB4Sw3^ay0Ey^=Kbp&=c70kefROc6ueAJ&7A9;@!I_wqmf1~AL%SFbjtEAOlH zl>)Zsrf=WPY`%;3evQEssg!y1d&Hr!^XX!uRWp4#Vai&Ox&(V&A8Nno;uTa^aX+b3ZiGEfddVh{hPZQzeV%S)bAv>-=8 zAQ#U=AHqtN&d@C#k*7hU;Eb=9WsKQ*`CDN93^cMmUlM99IAYGOMDnv?d-vm$jfa)q zOWb}yIUax3`0+@e)3oD0_F;_Um1R=JOPu=R$E_J-jM`!_;WiEBf>>X0Ofv*tFj1-X z+1i7wol5MJ`Cv3LOMASrG9X6n#ml|~YD{5KA;h#quSman?2zTX4kx8X=jPxzVhmxV z9Iad49TFgkc|}f6-dA5q{J(HL{3Sm}OuHbpzq^YW_C+&CSetfibX3Kn!$99eT$h?- z=>PrE8<)#*S5)2w(U0d}6V63)2Kv8`zyzZG7dPo-!!bku8-TnF1?_(^?aQb_|L6N4 zkpLOMf0y3No6$!82Y3GSl7Rp2hW}h*{(tc}Hz?3Dz*z)(pP6kXd@%0$lH1R1KGSja zOl8nWB9rijn1avFMT7SDHmAqqaqc=7tKkvcAlMI_+?Oe+!7#Q6C+n}{j?Q`lz&;>D ziY$&DFNzq%Kl$J)KA@0!C=NA`$0>0}hoM@a6O)IR*&O&SVi`=DPPRCO6LWyVL#NnV0kR+wDy)v{$0$!M6_mbV_k5 z-$q@hCT`W z0546DS#4rpjb88Jl}!4VVO>$F^sc#IWXHz?L!bYm-UZz~7ux*bUtB~}d;PBX)PVcT z#8((t1AK;}U;Bia!}4b5PO~G{|M^M^C|*bMZzxLZ%^7qf@l_>vu=HnwFRRTI-kf8- zS5l9}rdQ*AI~#4pPEQYL*QxNS)<*PKIIc2np8&&}xN_9jMFB-5{q>vzXJ;^dQn{yH zL#^x6VRwJguBXAdNmgPjI^q|An2TL7^{4XpKI=Pf^R#%Aos^v&Gd8A1hKr8a^H7RX zwSJb{gdfFI56(KwgyTplfn7a|Yc^tvB}LwVZ??=T8Sm9|Nl8+{it!>^P6@?Py4KHb zNdMM?n%ev9$SAnu7W@INN zrWB77iza7sEwa(e`$+nFM@f~banRjWH;f`5pCeYIKtf#`jzRz?FO1F%7ysq3`dyqJ zPEQsur`)9=c0yTtSI?fRq&IZFAc5bpOw~64BA=ZWRyvmbnGid4XiTgATE@SYbYjjQ zp!Xw56AczgBL>@EoZXZS{EQ^A&g$4MzBo@D%m)tPmxtRj$FE@Cf!|FEd>`|xK7z-t_-ua~D83Q|&CD5NLpd0yELO;Bpxpq6Hb zUJ&@79Fi4!{_GjI<(|JCQnpe~R4-YO**dvka|`2*{Hafl-}K8O0W9nBK zg=*Fq#hK;;KRjknc@~8z-IEoCpwEsD%fKZ_p{HTO0rnX2-@JCpq&^e+HKMxC@5wGd z5#*4Sx=}602`!w-n8uS#yAe?Pf5DO<5n9IYj@`GVaZCXBciyezm;ML5jfw0X9Ti+P z2`(?M3a9MR=x2X6w}K-792#w}TQT?NdEp@cV&vEJv<*AFUQ2SU9Qs8Ty0Q>; z>*91;&Qxj2n7-3gS|*C292*gXf*A9g9Xb10hqvR z^u-LI!psVl`y843KEjmgMwXPXb!Cdtplno@P{MmX?A0`s%aq_X3la9WdSu)LTX&D* zh@aZM((c0QRKrFdtPN_|oYnfp-aIIm+KH|y7V%uzmD(XP`Ghh2eZr1Oo91u~ndk`2 z{{zK9I=_YMzA8O(=)0W_pKS#Dx2%ONYYLprd!PzRF`&x9M<(mg<%;8Q-3E+0jTpE5 zNBHQZ0n{BjhADGq;#dFsLlmyO6~?F*x@Zs;IxiF%5gdtEqp+X?P*9qWVEbAe*xQ9QhdOXz=Zi2I z^|(~U37#35fI;? z%^5>^29ZRvNHaz!(+ejNi9{ij%P{N=BbyBTr4?mH(KqP9zwVCU!Rb1@Rd0ihjJ7Ql z!w+vUV7EnqP5T|tO2e=lwa7sTMNugXX);vINXKodF?{05VK}r>=peykVa9UMluSdEtlBq)%|G0qUd3kPh-O4s0lIchxI zsKG;vRM4HX7&Q(j#ib(%6s1VfVU0kglp)V>iaq(wV-#-^VpK{J!oCnIT;YDF$4eZZ zFnyj#3}%f41Fk5BToGuL5*Q6iI$C#W{&q97eOdZY=O z!tuzL+h9d13=s$9#(emF#OCCzq@?FUmArSzgYB>W9h(O9_|Gri3+>4RB1DL|nsHSY znKC*o0sLvV4f_Yf7?-6)lRW~DGlXGx1d0?D>;oPga+0AZm5+3m85bm#qdcXS11s( zdodE1;f4$;lzJs*7U{8+2rY|9VS-tP$)u>p7wWMjUx~T7Y7}QG5hsEu)X2#A$5Bbg zS5)Xxs*^xTBve7?-ddr>;$jUnBzGn5FeVh~u&P9j6r&R3wNW%lbVw%!sik*`YUD(q z8kn_m=pu3C7V9w4Kp*p*d@g~S9EcQhEJA@8c95idvDJ_K3?+2*Y={oMYE z>}aF-Z667vI!6ti{G5S00}_fGosQ^CqJr@>nfumDPvgZMZK#?(AB)SBsO=bmwWkYG zWekUp9D~%Dg@M*4NZQxq$sHZ&3#Fnemy~;3BVJv*4>{y8$OAS!_SDNz7Zu^PpZ^Hz zDa&x=mB+DWX9Mj0y)dWhVaU!oS#KOAZz?0d3^y;E3#I%DYjY+-got;HtFp+Hv8B<4 zpKck!giH-)<|uGLCPVje4@$D+D9Y6$Mk>vvSE1G(g~1mgf>Fa3j6h3db?>rtXm%I8AoDJZ-k7!40A|vwFTukcw`7hvk_0-pN+JOG*r114f$T7 zpNPt=kwQy^lterhhlLbcM#`ntbB)@9_`%D4I3ASXrYQy#7Hcuu8N~C)d{~w#MJ7qP zdXj(!B5sL9hQ@wB=F>TE^hYp75=7PXY<#s^f^WSQ#Fisg{NEkvxFuDFpKch!dP-D_ z@^#p>*A5kZw+clBkKC1W2Ekn}e*3+z zk6`~p-@zMoUVL}C8TqR}jp(co`^ zo2tO%d^O;UVONU}trV}Nq_~E?Q5+tLVo{|Qb8?l~a@-Gjx*BGM910@I+*CPgh9V$+ z3Wbv5F;|6QQkVNk37SZW6`NJiMPn#1D^W^nRY^|FKMR8~1y!XvkZIBo3>mO|oE|=9 z1fBg}-15b5!oBA?xQx}vD=ftqzV&Y?%g@4aQ$5s1Gtx~4#C)R|4oOi_QI2$_5&!wW zpTi#?{VRN7DHcqdh}7J4_(>baLt_sVAwtA;jVn?ia`!b36}NARN8^ylBp4=jqbH*) zCDtMVBVfoC73#TCNjU}SJf%ynXboz4r~(_$*R!PAD`HFDoh-{i@_g^!%75@Z;+sMBt!(Jz>qfv6Ge=X z2$wihh#zk#4hIoox>12XcMLj797>%W#HaY>PCM?IVnmFd>!R}tNTJ5UQKac)@c1dN z>DPMr;7$O*a5gg0J%9p)4@<}Y8FxbQr< zl(32rA>zu$72T+YAKTsCEd)%dR3gTWUdF&Clj7qr#(HI-11YwfMgPbg2 zEG`iYGgnp7VFc+mT$iSxKYYG$Ke~yO&f%?O_irh03IF+e4$s>aVl+yGOJP&1)x!Ge zVZ0K-AC(Qa*XtF+${+Y_aGY`9NiJ?p^r1````B1~2z~`Eav|b5zT!gH5@A1GL;NQ= zD#E2>*Yke{$D@p{lhCuH5-B2d(b%DrNRo?It3@yvM1Oz35Xa|&T%n}!(w8ESg`ZC$ zhJrqHEJC58XGlneO39On(0V))CdEu)pijilR4Pe1(~ej;j5z&9=^B0xH^-uw5rQ7! z0MorCw1j#6EbuosnM}fRuDBE-Ld4aBE1D1kfdGE#+!+6?2use*r;(EQ{I1uZKic@EjjjT!ilsc5Z=jalj~y}$y1YHqs?K;%gaM{ zb~b!IpJ2eRM8lYTPovQ&gs-`|S%_bSLUAe%#&CL^32{oXA;eW8<^=F1{Qik^lgAU! zVPaykOneI=22Win>`Lt8bC_^We>~qa5{U?v*kxs97#JA96Hh#Wl$4Zn#w(wnMDl5; zgTo_X(u+pM!b9Jf9U>x184+nL%1!}=o$o`(nLOihc8O>oZF4JQzAQ#zN`(6q*rDJ! zoHuVC=FFKRI7K2vh`4%jMb{xFjbn114O7AhCylRgC}9Z+r^ezW!!>5R1P7mYk6oWU zgICx<^0u(hx^NyX!fnQWd7rS!e*`2*Kv)y*dGf$XB*S>IMYtEMrMF#^*uI>5UFwnq zhdV(Qr}ib0c<;n}3BP08!s^(T7qfHV#L(xM|FrzC~R$~zJFiQkjg(shYv zbI+MG$uNmzoF>C|A=Mp^lbU1oC)}LxcWRp#R&aj5Pf&jO`S}<>egY;TV{cxNs&WMkq!dhgEo5{| zLLR=r*rWjXm-nejSr|+yLU9`xrLn@1Dpb&@wa}>(#f4JgeiA5>j6ZfC8LtZqtB1sr z*dAN>IdT=WDg~5Wu1NRdb517}K99FAwy+^ps#P!=jI`*J{4IcJ3R;5>3gz3?8;3#0 zDrRh3z&Y-J_Hs5(f4}7Vr7VfKlObIrLxxs{TB{5X)yeSPJu>|AunfBgWiTk{xK2ju zlj7#IxV)5w!^55!uP4LFYB9NRdN^}Ad%sFhYP>IbzZo-TV9L~~(ChVrqIbDm2!%o@ zD9FdG*|SkvS}Ht?)iPh3y#CzJODxG_$>)d=A>#VL2U`Ajk`Rap49YO}ZCHzKhnk?t zDMoH;8q%|}kXKlUv{Wpmz z3-h2FLPHFGNm83Y3x<6e>OP3JQ^xorT=I0^u21IuAN6et3gK zXy@+KcTsTNoJOaEbGQr7{o!G}v8NRVBN5}+Vxpz@$T7r&iTbJJex+7V;Ud!4YlL%n zpI#y78&W)t-TX3fISPl*Q|I^gIi!0l8t z6g;7B@iM?+N`@=Bez^-19;-tx%4D_I)zyW*zCH{O4`XCx1VckZ!am;SB9V%U3V|&7 znseRnT+2yiDnf*a>jocK$9y(U`}XZaad8QZX*p2#Z^GYq_5ex~@+4i@Qqzp#_GWC_ zum}eZC=h6Kz@ z=uwgq#IZw%QQO*vy>G3-kv0c1D<%NeX1w(D%jh5K#m3FMpwLKgI+akY$Ms<6dvelnv!dbf z*=#nUIQnwb4VN4i8G)_+z*n{byPE+=fajRtx8jj~;&2W{hS2+S*#7lkDk=_d*MQ2mY<9suI@Q+uPxAIE3`Xb-Y~f$H$p8 zold9lJg%eW_~6DyeC%RMKMB5ui(8q)3EOBIWH_!JlY^Nhh{G5L1ks7u#X8+ga{EL&V?(05XsO*{fL^!p)@BQ zI{y&tJ_#~Q#$ocDIk;iLjhI$dh_d2bOe&s&l`B`GYR+U-PoIkX6csWGi!o{5GAx=s z6Eo&401wf*aLF93Sh5t8O4878i6N`B3Jd4Y!5q5RoGFzsN&JY(O_;UhMogbGAFDsS z3dPykC>*~4b4pX7m4y*X_RqLXB-(9~O4KP}&ex(pT!k;Mo{gJs{SeHND71!L+;#sF zOq(?Y1yu{Nbdnh+Z3subxyUu9VAZX6VBExMm^^zfax{r92W-OMF+X1dm?QFt*j{Y~ zHnkJ!(7IMHg`PWnhH2X$g)|h$HD=v|W35gpaPLRyB9k81?PX+S z2t}l<;J9v()gY@lR-N2pmDkzZV};DWR;yL;0NEQ%7KvUAVsWVm5!W9+ux=M@#D4wj zUt`IVCCJImL)d3Uk2M16P&2$CAKV2qF*DyF6g^IuQi09!xMnb6+&Ky3RYJPdWjcdr2!V32N|hmWbmAdq$Fb!HL|i&;k8>aFzP{C zW-8>|J24zYXTOEEGl>Y4LO(a3-!B-~tgI}d+XWZVv0*(gC@NzTDYRsG6$oQ^$O@T0 z1L;O728NvIuQ>!+K>@0!On?djwD$N&K{gTLNid|Ii`kh@1j4jMimb8AjhT~+1tRpi z-9lfx^F2GMdRQ6pIjya&C%au-48q5!KV>Pv$6p6tJP<=cg#wGqbqGdcXtRWIw9AJS zwG6L(Iv?d}N_=6>FxKz&;FhX5zPCtwA*YU0Pb&8AX-n z1E(2&#|aZA;MlQa!ZxcwE;7CAuDgVyVlIZ|BGUT$dZ7-HkMq4*Ju;y(kuom$9SNK* zxZaWLDQC`{DR#RMA>t~>RWo!OlTR?FMsZ#yil^OxaWfWUR$dAuF*0Puh3IeZMRrjk zWC1&R2CWzw>VK;a1 zsv!>`gx;P$jJU#NB(sSOV~9k_7%O!suPB94s}Kz5W$Obnpj^+#lOs4uk#zJ}pf#!x z^V!HyJE2n0^JY##S$TmlK=r_=51Axq6`FjglsU)@HeuI^Cg`MLxV>IzQc^M8-GPqo z-h>Jxwey~+7P=*m?$hm}a0h6cr1AJv1wJ;#h&w0h@qa7QaTERCJjH;f(GZUG2jFMb zsFI+|0}OgkjU05jU?OKHgX{kI_hJj5$Arp>mkFQ2WXJnBQ8USwl#~d4N4dcgUy~$S zc4(N0`CKN_v+sTO!sjHPCqjgX>jPJWLgbF`$&UGKz=V#}QBo2bozTGK4?p|{pr1xo ztqzUxaVVB{!!qPSJS`g;3J?5l4NPVujIwSVw$eS+`B-|xDp+ftgp&+?zea_0Z3fAL zETkCi=xc6)+&m3G`^`5H7#bE7+R0~AbR>-^hv`xkBKLWds*TY3yYciNp2d^fPT=O% z6;SsC;U;p{n;bZ_(Sl_kDMHPW0R%`z7K9{F=#@l(5m@^CNMD(W8Ewb0Ye<5D>?O!N z@fs{Slkm&``WlL}Q{Z%Z&e>4rpHhfpgvcEC<&D6bhr(EVg8^SykSg>uymh<|FCTZI zfE}62hHq>f#pWYEOw5hpe-}$}V;(TzyL^Q>I5;RMME2H_aeg6i{B!Hu>gsA7 zIB-CCS0+bRf)76UpwMWBof*FO)~#EG20Pp!iou>BuXl8G2%^FjJ9k?jV+HWsT_PI`WmLFTc&_e&=ClOR;0y5a< z6EkLLrNSJC$A^MK|IKcDROpmXX$C$X{e>SA0t$6NHieb=T)5G>?tl6sgozi5^KdvK zG>lobYL(y=@v?aF;`1(i{Kgw^6h@8_x}*@fu_M3>CuS}xZGB6yixTq9AdgR2mIJJ{KPU-Tz?GJ^z7B zxeb1Kn$QVftKeA*oM`UsMO0?Sq{;#)BmsoTc=>`#NbQ3dayg+?8j)L809n9^|8p!TzFupj0loVNZCd9;(&%os=#5m*%6{*z`xa?lkw)di;w+?sAz5~bBtws8> z`6wwULuElK_H5dW)XEg>Thj)))`XS!E``(|hSN6y+prI593Q?Qq>f&aHWkRtGSj=o z1ci1k!aiFecD1z%v$)Jq3#=>+tviJD$C_0H1oP zAKzJ;h8{5kBQ>iW z>n?IJa2zK|j$4j$Jt317Z}Ype^5k=v4Efvf_hLoL=kO4L+|-)S<#R6fyyShjev|vK ziXHSth`73OMUQ2AK|&;OusDGHYqyOeJu43ixdPU~UTDl2!i2KYXatcsy@XT(8NzV6 zymXBgdYu%c4}|;hguWq{1924@!#EK~C;|z+JP+f=o#^@B`HbV`5~4t>6c%m?86rdM z^ZSrtPKBj+5c=FqB5^6)HV1+d1=7uWxSd|arE(Yz8X-K~3x-iQo0-82>u8n#49 zmC+OE8LVW5$DM&BA?oSFvZAy0v?3l2KrXv9Wy2{zOQ*WSz}Gj$@b_9Nj2RNR12NwogCjLg4fGe9kZ;A&L-j_2a50L36rXn)h2esZnN<)d>mfbj5UxyUQEG)Qt7UaGWKvM|# zx-hVR7idMS#3N}*EA;B&dq*E5X#%5rEmM9_3? z`-wf+{dzsd-}7=E25tJQ&hq0u1Q3z>*2#V`T zYieqQ)}{R3yf1kl{#KmGxyX|Vk&#q~7X#me&t-+kT|9UZ2~mWIs~cB6Au>34yr0L} z)Tn&;!|$Gky}23DJTvUx6e!%yD4RPIsfCl!z3nMTJLDeyzqSeDU-KK@&j)ZDb6bfK2{9`LUBBL3}~~_eo~I0U}hSD z2PXjIvVi9rB-qeK&*u9xS6m90an!jZ$j?>d&mYgn%|$WP*0&NNUR)ubO=NsN7lm@& zAvdbw20GlRhQV>b37$up;d)9wkG~y*pTc(%o_2v}^7BN6C_==wgR8Dl&AGsakByVC zK!phtCPGFkPpv0o9}7V%Qz9M=pt-RPVQC5+BTeXYIB;<1Aq-e7Xsg|Wj*&3JE^fqP zhcB)?*;wbD;$(P)Fr5Xt8nVzRhT0EdZD9mSEFCIlogDAi$M!sD>S zfN4_-P?#FS-kmkrdawl%X#jcoSy20W@n+2+d?5&PK_--5^0~s3&I@6ZWL~($^n8nq zZo&(%v%(X$DIC4PZw>*qHVN*llHg~{B>3@768!W=3BEjCf`PCE4Z-^&>Zh~Jq%mz)P(9|P}Wr-~cb6c!d@+Vtr{YtX4vrwaWBCr_R% z^hf0GDoHYAaMVdC;a?;QMTih_9pZ{th>WB`WR>Xkc;T@OLTXAw(Bp$zN`$FY!QplY zvs8raJ}7gu5FVm)QVfU^5vr61L=-ZZ%xN$g^+Mg_g~kR=;#>-m!zfdzprZRlLIH$? z;@2dItfUI4Vm??#`_MWZMvhSjt7`-Xa~?u|7c_LeRG$Jb-CHHoq9jj;K){7#ZEj)m z+q_hIPeVSUL&q_ys=zo>!YU#vo=%D9{*y72#G?q4noEk+u}^qXAx`~4E9wTu6yoW@ zOM=fA>QiZ*BSBcmJEGI$L3)QEZEJzaW>SS3dM?E=6S9wZ<>06UQ5(rZJ;j5Lh$YO# zNC!DwT&yamK%I~6csD7;N>YfA+?$V^3NEe?c^p@6Ttz{E+vSBurxl9NBNPELQhpKo zCQ7v$65*S2{K$n#ii4ECf`K3ubZ_DODA&+(r15bIDqWwLaQfWORCJR}>Obj(VMvRG|l9IT2Vq zf)FXmU??mYQJ%c^e8w<|w-aK7B29vb*MUG(ftXT*bfb#wJWqxzgO=114-gQDDxuS> z1d(KkP$@?qPM4_|wV}^b>JPDLnMdSe$M| zWSm2UrXd+Ba|TG|0)zA?=;hAw3Ix2Q#+j)(ZqF6H9wNjXBEUD35A(Pc-#T{CaG{)EYN0V!9O~PzQIxGDUoOARH2K;`JOEjq6iV!4lacduYlPuiiKh?Ha>4ROr$=@2y?NQ zRvp5I?G4CI)x+~X_YQSiX0}6EDj&5L%~2(#MyhB@Yh#fMsfL6s8w{YSO8JK1#SHf zL?kNc6%lwy$;OGuEQ8&U7*gTx@4$g0M_@FjA{=nSxai01s4TB^-S<>-xHbOC^8RWQik`bk* zIEF@SLQ&}Xz5{pB@L2oMSYMCPAiZDE0zWD4fng^aTU+2JQndOdM3@~=NCU8Yd^mFO zI1yq8q!ceCC~=~t55t|U7;t;&UJl9>hfq{nNTixhgcv&Sv$<}T$3NxyH#xJ25Fz5~ z#ih)4aYYj%6P8pWhf+z(qhk-g`Fx#JME z`4Mxs<4{v0>i3Vp*}W4(J~F%^FFIgu<**t4Xza z@w=yfhpN0nv^DaOYxPk2TJY8}Qn{u=lxXcZw0$E^w0C0nv0g+iLl|`Vuzuq@ESNV9 zUB|j{tYa91UB}VYc2qFfjV->O&WuyX#OZECUU~Sg!lGZ-c6`8o|2l*s^Ue zx}|Ew`x~)!Z#PoQ3XnyF6eZ)G?9X>mLS)fL@w#HN36u0uR2Qf*>>wwC6lg}S7MY}a zCne>GERIZa~ zHBwkR>(OT_g`;*Yjx_nuAypw(^C}wlG-GdSHg20d4h`F1#nbzaqDWr~`@Wy!gl-mE zEOi*(--X652MjqO%$YO?p0WAy&WE=VB5f-aD##2bv~<-Y&~hAyYHF~72vH>o!Wt|< z`M45j1D*KGuYZC)H3!j`dn=qzeHsJf??P~R04tW13TnokQl_=M!v198&IFuHIdOPs{{_hz6>n9(F zDjX7ufG=4glBXe&NnudMvA^AeW7a5INY(8aiXc@%DmW0v-|F1x9toh)8O5G9ANCE0 zk*8O}ZujGF^?rKaI4naxIARibWD;yT;y@jp-(ZuVc{G@)OFUQHUM3-OouJP{j*r!X z7|%gP@>XLmz|`pz5p+c{XTfZQT~=sQQen^$X>+Ilq7oDpWKp75ks1%doLPeG6gi5j zX2BG50UDD~WNOeV5spO9`)rXAMTod|a4Cd%#rH$xx-OC$Sif}*7R;%}-rxTTd*uaK zF)tejj*yYeDaInH6N9yF@XVhApG^+4qXDk`a#SizkVOunrY#DYISaGLFQ(@@VakeO zX7xOHy{-#3t~t97F&GL$t%?M!;NCN^$gd|@+6FWE$=hXeMm_m$mh_0Iqg%79j9GFB`7a^ zAAXjeiR(PLj5-eJxxq|KAWW&0$u%)t z8&B3u8^QqY{GEfo03>uTg+d08+auH`pO5G`?Xd$S)**@zac$r#Z&bsLX}GT-*mp272He$)F*}`>aBNhoE&Mhd< z7|%2Yw~Ol;6I=XYFPRV-!ga)GVIY$fRH}}Mf)reso{>rG8X}zmasbNnwYVkdz^|G@ zD9F_ag9#L9=y@h32CQMB-qXvB$PsbA$V}og2~kL%e2iXFq2~7qqob(>GOZaoh3Rk( zS>O&y(9>K`+xgI?q$B3{L8Vb(c*H_Zf(|-!2JC(P$g8Y`hN6!LVo#)czV-Q^d%Y4O zk0!)}S8%$Ll5@l(Lx+-jM9$%K8n zRPYpT?7T5J{c#xIDL8$G13^S&Drgj!7mn){S4^WC9wIGicmkm)^5om~SMu{jWObfSA`1aGc60-ygVwyteM zR7WJ*_$q$!!T|O)bwClfKrU559reK@*FjBcf` zeGO5)4t{$({B9R&k2S$!Ap;$Vpnt>#44=TOkNq0n`F9}4)r;Cqf53AcImj}Gpo}}v zZ401l)8En1cmy5#5~zm;5HzO36tJMC?hx9V+R$bV!6fsbt%uHUIffCt1$z(IqOJZA zDke-3GDQ;SEiz5A)Y&g7Y|}AM6!*-|zz=URV`h#DWkhthRjaVH!iY&3Y8A|{} z*MXuPN9&s4u#cjqZB&>EMDFfKSNjPZt8d5XU@vU`QFM*C(b3S3V|8sPpFRynR<`sV zg>QbIXC`s|6`95nb6N1lwiDP_*Nw)u0kn2oFzTW-M#@{OmJ4||@of`V{Idw2ID+SP z^r0OYsLtlnpnn47=!7hT*jR6cnH?daL+*QlI9}V>2!mb?li`%}%W!)GXlxlkcBW}; z&lqBMym{0HwI+_PUJIIgJSfgFjvc&wL_BWndvzVwdvY-$PXqP!kUalMTuPDY`x1=- zZwOAC58X~b{=TgbP5wlQ+XX?HPDu$mO4{T3M_+}!=^5;GoAB(WC$R3tE!h0}HoUg! z&shJ~UTj@|0(JX$<9N+Z{PHh~9{+GYt$)}&j)-5|=2{?q0NB)9fpU%MPJIJUDE;GOA z*$ba2D9#wV$w7I&J%S@mZpzd_IOB3sw*l1l_|ZNTz#C0LQpd&+L$Vfw2W`x?1ii+Y~jGs`B{Nf6vs8uk)4vUY=cN5<)5ik*FB8Ff~9saPk z3H_9|c`i|}%ZY89_u^l_^A!H$(d}^aX^GGA?!fPX#p;ID_ilWTC|sRwcyw(&x_E%y z_Y6`z^Q*sM+lh{`?Nc~U5=gG@${BX^f)}&y7xGqf3tn;$U6k(YtN_^ zL!OwBy+yn`cwY!nEs5hqhXc>nSWr-6z_HE{xO(T}4`+oVh1=bM4v!372i}6)7Di^t zR7{&O3FF5X!ZF;3p59J4NGY8-)(Le=28_A@RJsiKon3H;e2^NlNgk&nKShVhm0E<2 zO4M|zkf%u`rpwRYGIB=M@Hkpv3wV)LITJTc$UtXZBR1?kLS*6;)Qp=ldc8G_400mP z5+4p8A4FE39@>;jRAxoddHe`E{c6lxI03QFR%|PIul-)f4Ocjxvr68 z=Mg)8{dzwhIpo0~4!QCFUKzsI)>-k716DYCT=)uYzjDBVPrfjOCpQe^wVn`uyJZAF z*k+&RyP`ra@aJYzcq_~EHLjE1fe97;^@dJ-?K zt3^en2DwG~`1Bp~@x2FTj2*c!&X*+RGRoI-j<*YDDG`^6_oogq5JtzK2mMkRCgp2z zxI=;^B{BT+m%qm1^VA`7uy|w|P7&6@Egu`o(Rny5!S7tU9Q zDAZ37$q)DTQMgiIH0VfygwQ)Q3Qtr5gI)(EXL3oD$UKCck^)3sR#@yVXice*Yqe;2 z<4s7j(@{EkJPZ=@_JVPYcDKUbcNn(vPhwS>L=asPQkT)F2OcP)QOJdnd3-)UqLK&< zrVL18VWCKxKjIm6h&@D?nL4bVYQP+Q48K3*Laz%@Dd>H*N*F>RjJo5Ig31ETIY+ADZ!VK5=p7REcV`*{`bMN? z*>1|@azsfL2Bcc3$tbAR8jhsIHFN@>!=uW@$&2R3HWDs+r)y#X`i2}=q%>t@Nw`S# zTu6q6?{{6*A=3Bv9C#C7+M~yp@1BWSMQ2Wm+`j(+9)5Bgiaz^q_}XmU*k0h^zN6$& zbt7iZ$7k=DCe%eU{DBZTF>#noDjeQjgYET0kQg)Yse9+ZJmw9D4sRz1ECS86`S|=C z`i^5by6Ye|A0I_rsl&=!ZostMMA78%h#gw3g7TPN*iM40%KQ2qC?tn77?wgogu!HC zB?XnHm%%#Jhkv|u2tKVDt8QC_DVbvdNFwCID{E_Tq{D?7i)Uli>|CfLJ_O{H#>P%L z1MORJ+tUHud&^vWe0Hj^%hu6}XCHYA`wioeJ?lpNXjL}Z0pSpq-Sh+e`*-gmC!-pn za8z*0)JhqG!3aX+G;#~+&FgmIP`e!&AA zt5}nDGrqhiT^N*#;Tavl`fbN>ygz`7s&cGeF&_M-xK4Oz$b*6$17)DG8G$B+a1c2r z14>e2*t6&Sb%?yq!*=m-WtqA8(5SS~8`4mbZ-U3;AR;oOZvUHb`H29g&xU*G7>@N0 zU}8=YBCaNMdE(HOl*8500Udd~v49f_g#?<^LS&_9qKp!TpNN`M+o`9X2@ccQb%-2k z2_Hg6;mSb@k)J|Nijgv|neLmHnTAx8NtnczTYaXar$G|%Lt!8yPtAhKpoNYIAU!V| z`9(!^u7M1?j`r)3nUzf>myPN&%1ERzRZ=CSS~+y|t_HP&RHq6GjhcvEPw}A>ym^kF zF`wqlI>i1U7Ou!dzE%oPw;wBKn6YfK9!t_ySWYClyg-e#0t0TZ*5d972E<9(O`nj0 zrIS*yKpuvg7^OyQ!1u<>F>_ibmZin8veJMlrFw+2wD{kN6rM~CEJiIpoD#>ZY&lA& zWMaNaiqr@&f2t9aba5;#)?xwO_pa$ixb0!Ib@`E+uEed?XVxLohakSAoEh@MMe3Wo zL}*n+d=i;37y{4j$ku@ySgANe%e1sk?@nn1A@a=WM^5LkBN8U!jm7EPN-2zLGNcqI z5mNF|g&JxiHkC$2-J99IOLqZ5Bv-zKE>%3K}l>iY51AHGZk zFpT3aHOlkMkh_NQ{YUnoVrmfzOd7-nx^SpJ21QOGX67s4B&YGGKX?pBgJw*v$RKhh zL-zC=Xjf!mT4@T})^EhxV^&DZN|1N5`Yr@VQysqi>;RUQ+4247I+2@^ikuV`9)58L ze*dSfusZ|D9$yTD--VZ-*$5da$#P1o{G~nh2k_;G43>e zm@^(JiHDpCvLlZ^ybaaaT1=mmE9}}+H-z=Od-1KWufi`LIfMspE{9U6v+lyL-}GR` zf-16K2K?svJ=m~s2sh2jM`y<VvYs)*nM*t=ynHXj{9%H)}tU!sPJPFwfF20XE$0kZTQ%&1I9Ut=>~+)#(i zS=G?G?D)U$J%+Lyry!l|1fzHB2K;{85M0`9j87*@j5}~-=V3f@Fpitb_4vy}f5QoB zIwqHApsl_K`2}gn;tz6_;)V9O{`8MEcxl5LoOtsY?A*K^d;8ruv3D&tzx*iv^ygR5*tQct`_Cs(XLDlB z|9%@!Kk*yc0-3(^lHrBG5f_h>`g4(T^LPX$8T8Sw*CmA2>7rj@ zaSPKxg-DTvd|vo{PGO(R>4u!tDi4X~rERyH_PLxSq$4opl>$M!m&XS$g)!s}&@)`L z9wY(}z~}J_!_fspfdqk^50t(;hJxe)N-(2Di|R}jCgy37CL>2dN`9e+RH9jhDXDT) z7$mS0nUrLzv6wQ3gu>Al1ah)8xT92q0`jnDl;}`ylwx*~4$F#EP|^3iz1o1Avt)3P zl+7+OU|~8DOeBhQBM+t^#hh{-CS@p4q>RH)-Y}~-9(V3+U6v>fkV2z1V#oH^ux0GRgM+;2zOG?7Y=h`?+F^B2{Mts)ZSg`QkaHqT*Coy^ zn#Yg=X<7+9jXlEFzBOy$$SK8&o9AFP8S4A*Uyh>S0BVjj2)7B1(E9EJXi%16)#6FG z^~Pyfed{cIIM;<|H=aNneO`r%^EhP%a(VzaYIf|#TiybEbk%fx=%#77Yxy*MV)b0S z^7pMc*l5G_#pP%mvQysg7Q(;?SY3GI`K_3ALq4>!0FHOrD8H~~q%dwcg0_Aa=H4^| zcP^cT`#wAy^Jiz_$A8#CYKYJ9;aiU$AY-40f4O58RxX~3kKQ%|2Ff{aZ9F1O^m1;< zFgL{ke~j{@uiyIPb|k<&+SJ0SUhihtqvRabm6lfUyR!pRpG7`Gq8Xhik|Ln zM96XF+KFgqEnYb4fT_F+AG>u1RxX;1e_1^bSq5?nezgTgV$AV6FV-{!gsK+C_S$|t z_u2vUb`A>Lp7wqmt8GEa)Eta@2k?uXUfjBH3humVIzD#W6y#@Iy<~W)cwY!H9E>1L zBr>jo)JKs59gaki!6lOs5egg3%se%A9PGe}n!Tt!a1dTnBJ!{ojkPDx-9JEys||Y^ zTG4NflN}vJe|s~IH@9H_*8R|>>ky2{Fwj0I)FUxbuzh}~5WESx0h1CFcS1q%!uwC{ z0Khh5Rp7(n6dM?{~Rmgkk^e!jP5hG|K$DYCW&W`?dO|b2s$~vzZZvF zJ=kXn;&(eN_{9b*9<6oak?jsVyxWE~`>c3)hYkPxrWFT!eOPnYjz_l+P2uIPi}H4m7tqv7y6{#}2yi*p?wYeawwFNCiH= z!-_x9H4p7~;E#K4cxcloju1gZBRglJda{v1QA8JpS^FII(L#9HiET=JbhR zi8u@K7&$#cD~=c*f8sC}FPeyw3?)W}Z1BkSSVj&McZJzvCnuOheQstd?z&|h#${=R zk~&RlCjRvs%Taf{AGOCRk#ScVVnh}F+8aB`Av%gLeDf~MC^iY_OG(wwS}+rH)FY^E zArj1-ghIN+QD2h?5MjvY!xM+X`23Or=oKm$)Jnl2V@Q=IESf(Bb4oIViCLr?6Xq>m z2*<(WkVZprx7MLvUW(PX&q5w4N`^Tz9e1pljHzUA$i$o%pInxS5q|`Gt+X-F344DJ zX5TR%Mo9!WS4gmDC{dO1%o}Z3KG}?M*?d(TMy(nqUE*0BmHGL3_{6Q%C>>Me=8|!k zBpX5?#7&sO*xPDFBxgKsnU*W0OPNB6`3tAx)+rf6+;Ji1^H08k(&?3W;GU_-80!aY z&d$c&%d3I*8gwdjxc9S*uy#WmIe;80KiV{Rs*L70f?h4=w(~Y30LCE8$ z{FQJJ%PaGcY9uHA8ppY8)4L8Ose?cuj4d^kQ8*LG6C`md5Y8i&$bF+y#@~P?%NC-l zxEOb>ya69t@e$0w`?FZMViqP7;Z0w7JEko95bpWtZ73_8g)e;Zc2pSESoqm5V&&~0 zrv#LTvLZEnL8ilZ9~{<8f3F0=oqoEoEs!0pkL`O$;PlRHFOTC`n+Jd1`tBfk(LPd1ZmetYVP~742q%Eu4NeG61nB?(|MW>jK~$_G!aO=0M!zSHVe(>s ze#nI*L~xr9IB$zTrOX zs69&e+lZsb+l4{C>$mN|zGJQE8tRA6-jDvM9NhlspNju$7GWr)Zb-9Iggkj@NP*E~ zjo7}u4sYzJ$7}13pxGyb%3y}pPbOEUht8afNy!STB#ae^xOs?0myjMfvbjXOdo+r+ zo(MixFm~Q)xOtihBVj4HZRTyoN|flm*d{c2CDq^4i1?IcNT=@>i-p0nm{9NpsEe{; zN;#|0Gax~cDh6pJjF#Pvn7?>345?=tdy_$l(&AL2jq{`WmN^(0^rE@Wie_>g>znO( zV5Sr@lNyU}9FNzw4ZuTT+1#(j1e1hRX98SClFR~Oxduu@7Rq?~wbM|XMP$icI-G4p zL~3MC7(aF-0ZA-|N#*%uE685Z_NF62%*$4wnA!0(q-%g#6HM4OqJ&|>Bv@(=K^i8u z>o^EiX({erS_DNbfId3c8IPbpmL<#!o?*(uf2_*H3oq@&6R*|6#*N~x1H3PUDAB5* zR!dP=KZ=cA5zH&3k4Oo2EX`g7OdN5c-=fnc#~rKYV8xyH;lp>{id8q>h8fFl$I{#8 z;nr0j#$ES+8y~-O6(z>`m_2EY(Hser^S!X2(9yVCORiYfrCV( zVFlllavtB8&n49-oWm9F-1m{aO1_VQe)-3aVa^zXIbRLk+wOD&j?A;%XU zm;y^chYfGFB1Pjt`n);9by|}SU-HQ@OquXNF@%p z7o&s2@cKOP_(P;rc?zd@_qDm6lN0CZc9iR&E?5sWcKlqYysPzBq`DFoBDtLY?#b=5 z&JoCz_A80RI8zE3yH0cZzSDkBIv8W?f(<(DS*P;u+rZzJi;I0u8}9hzf8(p)`X*-1 zUW}U;&%@2PEW^ATZ^f;*---oGZo*d{_!92C|8ww=^8M=la}gIB)<`gW*+=leH~t^K z^~sN7PMQ&JwE?MBOOS^Y%o&%9yMFdRSX4C=-~8xDar=Y+g|C0*BlzOyKY>qwY&hrVxs^ae{<-S&G`DBka| zq?GG0r4B@`uLo^~tb*!+P89jy1c=G~jeV*N5_jL-YLc&A$97kdBA~{iq`v(t*-1IRd_1o>Lq4FC z7mlNv9`LS~2|D6iWcW==8-ce=X?$sd=$ zkNjf5q8;P9okp95V*WE7piX(P=-dyHr1jfa^z~dl<^Yl4r;op*KYVVdJ8N60DD#>s zCJ1!SLhcQ$Mw+~lolDUd3V)Fnt(ijpeqa;0R3m;jsU=uBB%5%X$oII!)n>U?;_;(` zR%YXdjwBj(m{8OqLM+HxG1&X>7~Q#K1v!zOf|RnK&4f{PFMTPxTc4*NVo)h_H+h7{ zbJTnrcT)N!eLtu%h`0GtAO5BmtyA*U0g@bZ<%a~(q+~Y|L5u(XdHd&P+o1Hg(~Ld3 zsMBL(?@Uzewe8d3U-zZXYP9K|rO;_fP2si=2l3&!(^}ibLH5JgDcHjgO*zVsULqrq|i61hl=U**=@0kQ%zT`+(&N;8cV5y)?p@7Mc{$_`Y*PW@6O)# zNxp7(#o8(=_en5!Z0!$d3ITGqt8)E5soHJq0Khfai zgiR*cjb2@gIsLY=p#D4RRH2Kr{{fm$DIZRh6Y}))Ev}a2RwR!?tjwP_s{u((e*GAmULGc4 zYi7z0?hUO#uAVOJpr?^{Pk$S|@BZHA_sJMNG+JMu+>QOU+|-R&3)TpD^gIaM6%c!9 z&t39s!F>F*xba8QBy90>Tv9Ag&eTN6WjrzbAlvU)bT-s3&nW6cKtzX=3qs{*JkloZ z;wMsU#46_>-3}}s(B6c9FGmu`BC{d6{*Lh4Gw}$*TaKYPIYQV+;b&r1D%>v?G?b4g zluz~o>(Tx92DD!F$^puG=s6dp{#E56b0nV|EqFuQ&?SwMLVJ6<2!ht!5WT(Ce0Ij# z-BNY8lgTIC<$E7JrL^>LWIjm%5G_51sAizA=PGW(H9s zzXUh#qSc?^Z~^`HTGI6wI8(8JMD& zPW>d7C+s1hal8*y7v5t;T(%r)%=UPS}geD4i@&w0gPGL-Sv2S0uh+RD4%g!~Z zyOzo_)V@PU;`VGCl>`y~lcrxknN<}lQN{l-V}Y8^LNNt11-qN#!x9004A18MT#TE# zrTOZhND9`!JnUCw`57-|-~GXccSj;*ohEq5wG|l;uh6#@*7~ z(N82d2g^Nqe)=HFr~feDUf6&AG2&3g!Jb*}JqXYV6EzZ;CZNBvM zjFr$lFQVr?a=_)br&dzRfj$>sY2hngL~!W^+rUFjL72!;i~21d+O6Op-cNt}aG<;* zUXK?!CxI|S`ul{EUqtl|0F*~eJriKb6p)}w>-1x0F;T1hF^v6QnES8#g3aG+)*s!4 z6wAwuG`*>6wJ>Z35&mE8+vZW2Y_7RcS<3*d&)4RA$;%%F)El9h2?@l!|oBJ`a%M@wqbxhT@IJb4+(K`e60sQ+CK@DFAKF;nG1xFRCDgMF2fVXx17DT&b#t+cxtXhw9ZO&3b+~R8J{3;VjPwS%qu4?x zp89?ae-B}^dnk89elDh@XpAhRhuQ|Tk)r&@3w)Vqw*6k9gJPp79U~_bt#!WbL5qgu z>uC`Zyrqo-g5x35{AR@0aX<&3_xTLlm{W+g25Iv;Hh?|WA@L3m7&rhgUFB!Iq zgYVdUm(H*qM>41qyE-GS(EFLnZH1c{Uk*^k8v=`-b2C3N(%dO83fy;D z2|D|@Bwba(&K4fm z2J$$lCaR?RG;!*4{sH8ExjfdYrXlW*OrahoMVxG8k;>J@g8RfpXBt7>E`nP-B@Xk3 ze(x3&=&96QRo%&=W$Wvc9MwZ(&m0OnZ0Y)Csu_|X-N?yDo91|wlDpWQi1M^KJMc+z z=r&yPpNhaa-!qx#@Y07|2K};9_N+Q(6|3KfJ~28*T@mkeeo;hyIyWvHJVx~(l=B|N$Bhbx^2k)=~m$fx>}jt3Ye zC2QVvMFZxUk`6?h9KlaqUzpljjDW3Pw9H9X6+v%Sqt^O6TtD^~_dW<1ewY8bvK$}si|&BDk&YyRmg1t=?p5FlTHrLuz?>>O zbF5FoN$^XH96Tj|ENl$zm3Zd;<-C+25rwbQ`l&<2@m%uA(Sp(T_tP+&{^POd-H_EZ ztRSNxaM84-l`29|B(zuZJMoAgOepZ~4XF!@Y0%%#Ej?z;WLY9sth6Tn@V~zWXO4?+ zby%2zX0|gdx4u`i9(rtDIt9;SI4oS{>zQ;BBh1}3Q6@N}2io9yQl%j+5sR&vL|Pq1 zOU(*z#fecy4MS|<&OX0l1I;5bW`93hqFEgs#cl`lGN;^kXx$lDX?!2d`&aHO#*6sN z=cU8At-pavG*N%fbZTSZhLpegjKW)5KJ%G-wtE|#)B-LH*DH<;`ASiUo+fjvPB8R7 zUUm$#9a%gVi?p06cjsFuR*SG4?wrFbgXwSqQ4Go`El26=2&gJUD#z<2QqUpLngm zdg-%p&G?sOadFhGQ?{2=m+r#_JBVIoW8p8V|8_14orHoF%YdFDBo5V;SL-H1CYezM@`6@LM-7PEorvW~BBJ^u9#_hql z=Bs)595I<^lR85ZCSevY@>y1#y6wawzPG;S>p2LLZuw!55ip&It zSYq=-Y@Ng;lVG~2zu`2iW$!hl!o^O7NZD{EQDRlI#zq-;ORL>g(r{K~0>f)$-Ncg7 z2;Pb^QeF&pTJ9mJj0t8KEU(N^CjpD1V!c2-C8$xtyn;_v`ofHIi&QN zM1F;4)SL9`i$5N1sq5KcRP?EPz{s4wpl(dSG-ubsD|7FRx=A3I&at3jna7f}PlZbY zS`$ipz;Ebvn?Nh`R>ta<8YLD>0!4uX+D{cT;Lw_~hf`2E5?MD~{L=;`MH5RP?HFO1 zW<3@RQBlyyAe>YS>u|dM(J1~;EIVO-gQ+)=bTY{+;C|gjPHVjLo3}A5vzoSuP|Ne1 zJkw@e@*DoGcn$?OALf`{!RaBS36*e~8ChfUj#S#Y+Xy^{84|G&^hg=4(P-Tk!?zb+ zJjY+iX|(?qZ!3$Odfh2{$D98?=6$+D3mV!XC2+SK(c8f@xKfVgVH-iK=7=k!WNFd{ zL;SwEZP^oKcY9d-8*V672eTIy?F%ar;-oNTsv~Go3;d4X1PY>B$?sJ7H|#Ae7F2d2 z*}MuVbqLr!>CPMup(jN%gC9L(Shchau-}Wtxf2Xq?7gy$SVzOxZ9}+9@u^INQB1_u ze`E_%3F^vkY7zG93L#w$}fPj zJLJdCs<(Lq7EtzR`Dr^|SmHmJrW_C?$NIyerB-{Z&A~6#&Yrt{CHQ@c_xZyB2^L~I zr|MArkYo6c$BJaeXab2=N~wIh7V3Awbo=|^Yv%Gr8hlp+6P%b&RF1!#Bjhamoq|@P zuEt1(0t3)}UkvB}eD&Fj$R&|@!Z%(16J3^JI@r^X)73H=+DSUO1T+e*Od7BkX~T?9 z0$+W0?a%g}PAT>zXSDW*U;JL={<#`jSEe`bY!Vwk^~U4Dsj+b^f}$IZBOVPt(%T!7 zz3tyvScjdo&D8Mcq`%3axj;%*Gr=$kZyl&TcbzHGjeL0Z=n`_YKiA~Z;M_0!gHyt3 zs{ivF7o)@!xx-d&%Yf5PX-rq&JVc5qM$2| zV8SmsfuAX=_)*fyOVN{N$;eM?j8GA}Wa9b)XS`M`S-F zX2BuzI`xpX>OQFLO!pS=C_gWIrZengCGYX!Ii@EVP#daFH^>`v35=Cv&hz^7rn!ii zi7e700#l|~S#{!qT5s*57CF+&@MWQs0y2e*sgi2kj7J{18odgfhw0@LAdiG~{1;*BPz*zsySH*2Oe8|x=ZtDje9@w^z=WBcvwmJ~8` z#ZydqS!W4=wQago`ib08Hewuf32q`b;E@}1Dbs4hHHvINGR3EdMLU5i(g^`ou@zdK z(qGhy0DAF(H%AbpviWdYjE5&NR?^f;2lSiPf|F5c{kdU_-%X{=aY8eKTe9-X$k-qR zj$+|V$u-Ea0Og_z$`6tM0! zB4voK&=9DK-uAJI)r=CIKU2sHd=pQn?e(dZj-i}vZo(^(d@elDZEcDU-RUyPg&x-W zkYuH2UeJym)5MVZRoQ|`;Ddix4#XQIM^LRLKc%(8C%c~jqfU__yDAzemi}Z&apLqZ z^1Oub>N!mlH8(W@aBwt{m`fY7rcsqt#MxUwVe1QWaB#R%9Xf%V{~@L` zw#?#HfP15E@_-H+WDkq)`1j{uL{ZrErkgHO%6#m$fP!1WaafJ_Pgu|<;>PG4aTvmi+UW?ik6r=l3i=f4E7GN7Pfam1h zCAoJ6C&v)6M601a32akH6pNT%mXnw8TYzFA!@?xTt+r08n?D`8hhz-|`JR*)OVkPm zaZ1vs2*l5DaKs2G0ge4rWEL&_7mLN$WFxeq-~l~C%i8cUHmuvWv!j)Vmlr%blpM6e zeHyj2W3*+9tQyDHZz*b37g(|ROSA{H1ma2@J4p-~3(se~IirYKCBiD=Q8!EY$pH$9(xi;r-<)1mwgy|H*dp$6odrJKJ_{BE zrAA3wc8c9>%(+#Dk6PG-jg4dl>HEqve+@LGEje&*LuXZP-e@qwiy~w6GYboN6XY9! z3EFe-u)B8l5!1?qpnpV~M7L1|tFMHbI^k)1<8eLhs;vYZ#gmx5N6hp1dx4&W!<~iU z9o;g;p``c^`lF-nYNI8vRGI*TF^gpw-DEmMr3A1yQ&P2VZBAf;?p zM*aS6Odmd^zyDSdH9CLf&&scmAYpHKbMnZ#JVZ>IJAyBd+Qb4&DMlqtJ~nCCk3UZ+ z#Lbb_OIct=T`+Da;ti0FcxWIw0eGYS)83yZMdE zzIp`LfdX?KEcI|s>*3$>BhH)e34f2zuGiXb*FJRXH(3)BE7f&afw5Vnz;^_S)HInt zY09k7U(2MhPeu94*VTmp9MKR3S(WDBdIEpxWTYA{O6S1H+9bt z3E6Lb4txIADjF0@Xt-`!*ZVWYL$)i1l_MtDsN)LQd&I2pnd;_-@tRQO4B33+C@zzU zBazDUMz-3_-k+hLKU5T6Da?qeyTcLJYoOPFSl-&4x6hLConemZ8b3bdxd8T9NK&)7 z?FlcEOa!R5--@31QQ;Q;QKKgz>mQR* zvv&|iQFD=Cv@830a~CF5Vw6y~9zdwDqSf-WYXGWQ3npi!^J!!Y9 zDV^zeWIT#;JWjF>9oHr0zbH9C+WJCN$;zcTDZCPu5cX*C{hms*_@Z=AvvHxn3=m;K z$D;fTSYMPx?>V-4)#WUG>&P)^@Z*NT<;w=b@p3!1lf>@~81%RwKzl^6srrSx1QV1NEiMB}#=NT@v( z>US5$K-db`!A&Z4-`U=J3brJkMKI^TIBhr zIJH0iMU(O|8OOkH>?4ci7dhux&}PgKCj21%lh}QZYeAbBt_$=wG~&XEQFaPF@HoIa zHX#oir6fZ-5>SmOl19PVlvyK^rGGtCfeX+OM4F^aBmoBH%r3WQQut zMSf1T@B=k&*X+5qzcBtx!)TZ$Gs_yL4X?6;uI2D9NJT6=elMd%Q!$)b8nzpu0>Mjh zdn_h#mrt6;Tw%jvw!}u zKwXg0j3^Q8J=^|3$sB}XpEGrBQ5C|jzSHlYJZx91ergAL@%kDcb(zXFr(yb4tpBl= zhs({Dz!$*%h~8_U5TtMSaG`SUh@RBv%aUg!Lg~)>A^7&YXM9^f-$J+GM`&w}V! z5ECMyMyv~8?0*wPoY6!dj#CAte~?m0|6ubG1-8lDqo?*G5~p?k)4X>u;Q+9R-P@Hi60FY zH|La1nLY~6O*iw_hn1aYGaBv}G5lR>*f#c|ik(wnJ#wfjHlF8&6vZd&)@WdPUgkkI zJF})tzdOY4;zKYD-n_j(AUkw4-?Ro1l8kd59C*7WSM=+IjK;ppnU_L2bYbTyY#fDX=NQJpAzC!7 zdS1RMeGx*$^*xwD3zoy2dop*?pz z1JV2#SANoef$>^mMiOV*zHLT!*Xm0L9y(Pl6xOW7y^jzHfS-!3EZM_aW1a7gMKE7J z3McI@2;U8#82Frxv+HJpG%H*0rUmp?j7vwNT&G}<^^-&Uf;O9Efc6$$Xi%BcB4^{) z<I6XN>O;oSVP^RCPG=E-v7%e9#%_%e{9A2q=z)Hx&?)gm>Hleaa(P!IT;czTy;QP&&1 z;kMF=v;?F^RJsuIv{b$Jx3^+@G#9bv_SsnMc{hCo3uE72xzrbdRT}w<8)3NLXGDcC zeA#JX3YPF#l}N0ZbV2Pl%^_LBl+BDq1M?YXcmFK1wF-Q{ShCyN`6A6~7-uWlqHV?b zsjuM-v>YJYn0djk!8LFJ5Z*}>84p5|;9HL)-#?nsEC>&~D!<siE1YpG+(g-2 zKI3;tn)!4_uX%ep2(a<=f24gX0g{F^zlB8 zx^IsJh5dUvSnaUgmS4Fo=Au?0qQjI35XqZUqdydq{m;UDMz++lKJ`Cq6e{A+0ckN< zJ;$4`MrRq%x9-zj{88Krhmb#HmC7i7?Ej3z1aEzd;Ov5FF|CQLHo!wc7H8@23gWDA zS1Uz`@j*7FwV{lDFdU7T8$6k)=Resp{xM#W*5&R-f=ki1?T=MK|lTm)w0~<}7ye`I0%8b=86HC~fO2$0(QB3D{TyyKP`e8R}2FBu)mNvqo01 zv*fmQm@!w}I>!*~S;PlJUx^pY2^MA`@f#9;+3=53Bsf@iJR5Y?i^L|NQdPmWYl^lt3>>DY4D4RL<5E$MNreVPj9oRx(|BB3*j}UX_odQlGxIyq>>f z3$Lp|Nije=v?A$|Wgn+yYo9~ydm{DbMPGH+CwN)FE^jS9APiB*r3oU&!`fBRr$l^H zk3tciL)~0aa9gci*Yl=q)%rbfW)Q3uCpxh7hq5mt|90!U+Tepw?w;)@stnl68W;Use$_RB)AXR8To^2W9*k8T=#3W1^YxM3f;s<0W zjnL0nE!{~bflP3o%+00}VPph$aEhCp#UxWF9DSW8Z!wuD5_4JV{=?gO`8+UWWqL&L zR+*^iydWSp(dJ$6@0iv-^`8j5 z%6A-6$^gKBk^oedo=!h&6uW+-dOPy)Q++TKNGYSU_$C{dYN+rgMMxc4cx^UPS^@1T zfk!N82_bei>|>N^-wSc}OveS_>(Y1PC_|$HEfF5CCwd&MQr31csw~4alCkmSVYT(- zi2tIW5S3x@4s3Bd+A+aM8zZ ze={U_aq(t+l6|KF5YX4L=u0Y0%ru_D)NEIag4g*W{pCx^gv+}X5}Hj78DqNtq=Z3l zeSW$?H^S7AvZ2C&HsMQ^aF=JDri5Z*k4?l4w zd_o&4D7K04;$R)=c_G1phR+00K6|bvZF1w_Dlp?P#MH7rSwi1#o3?%BvZi5_9%j=^ zb8NKYjwHvlSyI?st)edzm)%-p-XmslYe4gvAynu@?cfNz2oQ=nOu}nZ7}Y2bU3@z* z)`-UlcK6Z_FbM-*`NOWd%)UnmJs$gJe9D-M_Kkm^`4uje_CEUeFlt4YI=ewD!ceEM zB}%T7UOo8aNnRDt{crqx{qN2+Rb)g~Yp~r8Uk3rQDi!LvoC=uvz~9fSIGuvwM)fr^ zhgE9&n(wg)4CaQRF7(xI$$*_=I_ZFy zZ1$(S0;HhcmB@NYz6b{wiBj-0JZN%g(uSr5+m8jw=ga(u;g#rnD3$l-l*Z?f%;38n zLTB`z_&13;bOX3&S{vOOV?a9EjedRw39|?pS&z>IG;V$d=^Tq1Vgd28+eC-ooS9jGP|lhjxDNMauF59 z-wbj2h8EWeWHUrVj-45Z4AX=Tbhi9t-e|-RvXFIdh@K{J%%`AGYM77b7Z9t`)R+n; zvE1I9a8D8&uH@u25jxU?DVye%lQdaqm|~N1Ds5yljiWK5z~{)t+?o-zjB^Ej2Sd0o zvvIH6YlS?eShwVhxHXI>J|NSqu0oM!4sRhkRK`ZLxOpMA#uC#KfeC!&%+ZOWIO?Uz zVyQVCy)<&7`B%X58;()T?A97Sy|F}x7vtUtt^m2;uk6Ll7iz3C?VrfJa&yq-GQB!3hxtY@vRWv@SbeuVMTYmZsEFujMVW(PhM5FuORda1~L6gzHl zDnHWq7+ike{NR>zH2i1F33~&g4ZcUsOInLiCjP_sUo z4=5{E1NJVzqh!z$wuZhuHn{$C`6}X$|Cm5Am{iPFl*?-Iu~uUnYW9WXd;8gt)X_V! z+baSe$3K+E;vHyc?Y+U>{-3P=MeC{FK@<;nv)=xsmktg8jI%}o)@9aGPG4P(|BnV!xu3pNZYXHr(2bRjKyAb|D^6K3kW3JYsaJ2QoJ` z@Cv`9x}_#k-8g#@ikX%ak3K0ETUtD1vdCI0xZ$Lo&d+@VrkHjTP|ox+!@OhcL`r#U zU?R3F6&G3R>3(SqXE>0c=!z%OC^qly%;H;wPA|{=TSSe~sVfOcr(1qxPw=}IYIxl5 z_$Mkk0PXpQBKFBzGVjago0q%Zf8q7dS2SYx&;R5Uz##-^ZJYa&UqEZ&WQA5aGsG8L z)9Wt+Hxi8~xv#XbIcQL*-JkLX&&9I_?=$XCU3ctTE~1~r?*yK9^+n|$Md3$L`Gfsy zwq9pGSiKMZ8b5cw!kUfH3QJ?60o;@9dYHlkg*nH4H| zTWR4c5B{GOTL)r+_>tp?gY&$qIO@_4e3q7jAvJM+;eMu4|KczJ)67L}V%BL3GEP7G zU;*NYbUFtuNJp-{DAh##FjmaTIv1w@ER$rdmjETVSzefWflQ~n#V^MkrAzzfRT6e;O#g46TG6Gtzg z8!gJL4i{cKsPcgKof(&3vnrLlBJ^$&_aAOy*FuNyDtO1{5SYMrXh4sLjRs`EOh@aW zC*bkvk|w!wWWIWLha(ZmsUx7wc4VG_N_~lIzH}&KRzf7mf3N}fsYtiN`)+xDQ7zJq zI%BSX91g^qeN^=O_%4M+mZ0=jM>-AEmhP*WHXrqW(Vbm8CgWgMus)FCPl4>mER;we zi&jn*GT_Tyy z{SO6?27m52v>V?f>RHVOg9qgTi1lF3+<?EDB_vHnF-zv+}T%QM}0qq~*8o;}$R9UrSJ8R3?>NqfkfB z5PgtbqSKEX%xWMeD4=xVKFe0Vj~`u<{v!o-K{3(oeq)wYS0*BQp(Ij*bmS$l_n>Ku zH@h784e6LLU_0W_OBhfWI?;N^wj9w<)4PZ%i#cemf$7%0SLGf zVQUNIC-z69wM6=ZVTZ2+9P+*H8PqZqQqyXB?G5XW79=jD^kc#6m>%ZeL3jtJ*?1Y~ z!#%hQ3+qE-3VxP_s3#n?CU4q=3oYQNwy7Q*8br!S^WgK#mw;kq@i6Z2019}RQPKa# zxJbZ#`_j~)FxA>(fWlX62*ubv9Y&S?Xn|@Z5D)<@;|?jHk`_EfzXQf3_i#tp`F^7W zpelY==1M6f348{m@nO6!r-84SR1%=N@OArl>o-Is(bbHXAt?6S6fZcT>bd^c;h4=R zw*_=VRCL8>OZQFdy>h_5A7)RGKWa}<6t>y7;W(^fieBNr1J93Qx*J*~r@h+^`*Xgg z3WvP(h1xUs1{>@3Gw=p|24OY)JU9H48+vthdUs2)=wFrejL&v;`GQYuBE!P_mdvN6 ze@EH(!rmA-TgR7@u_nvfOYpd{N=w=)DN)#AIO1qc;(y>JQ~!vb+ry|boTxbH6H+pF z(cJXpuNQWgE0W`>Ua45Vulns3XFFH#%aMT~r)b5e3A{5lvWv{J+)eLNOwK8U_*$c~ zMs%=TycbFA8j6$tj@m1MC^m~oL7`jVD;sS^2WSHC-VG>i6c#HX!%EETN`$70_jkX> z?UR#He<)FX7m=J$6E?@15EPM;qLadxI9ComZrK6tOcC$B|3+V`Qdimnw5EV|M5)Y> zCTfxu{?ra+6-dPvnc)&T!a^<1WOvHkzKuC$xDdQ8CK2xDYc;jOw%x}(q*A##Rwy*JT+0DI-$uJyT?n1^ViOhdzD?LVpO?_F>7ZQ zVh~Z1BC@x)H!~L(@fWQB@TSMD*Gc0^DO(H-c(lW{6a(ua8lbR}){l?TGZD}|`GnZ4 z`BKXpm+OuXp5g{fS&>`vm=0WGY1^>;1GamRRf;|y^@*JHBNOd9xvO>Jl$X)^wEcln zyoK6zxAaZMiXk@7mJMg~ic_AQ_n$&xHCu;oGjQ%OBDOF{<^k;Eb2LU=11*1;P+`W7 z8`GhWlo{*>p;c9^W7?_In;#QYvhk*aW1ZDu?33q7YF*3VWN4S{_%X9&dVaSA`CdHY z2rz1dDlCf_QFDqY#?`B;6>nbzD^sr0MZ6b96u>r2{pxdRU@s}WM^7+^vsJ$(9Y5#gi^OvKZ})Ey zWERQR-}6P^Ja`{{4F^iMgwz63M>StCwj^1qseaKhGAy{9E0mRq$c^ zH~!l?lUGQqo*h<2M*eFF!k=MldGh4UKB*(a#nHw7e-Gs4L;$DuJI+}cR3Zp7VyAkL zDyw?zWD01q5i++`Xqq|qU(ky4vWv{`A6d+q;EQqo-(_^h_&eSVzn%~( z3;Ewrq!FcQW&gV{kvfDLSoFVpBuXW|<}?0(xZP+nvc&yreNa5^^XfW=#(&;BPm$3| zarmtlQF*;t6>cwWhmY#`n+TvsC(Q}V<_Ux;KLGG}doo1G_5o(wTv$->Mp#&wJ4;oQ zHSH>3_rDM2#zOb(+v757%{xedLk}wt4u7kpNuv?CZ~4pa-7imurTi4Hyn=eln(%>q z^0AtK5!`H&v6l=9Pp0ZaPLUA41p1^xumF{Z+)GV)xZsF55&eb^w?|67E>XHPm5xXw zhC3h^s`QXSElHzd-n$HouV*-XCxktQJeHEsl9>n{(!Qehbs$00RZ)S^4HcI9^o8 z#BuiFft@gFm@&o3H&tEzY-ZdM7Tn_0DB`nD#Z%{7J(;Fg`}RQ#?!C~r$24$%*6lE= zI7fI2LASMiLXV(5e<-e~oCry-sgc!=jCN;g5yAHG`~hM_&6h+B3t?Aj>cOFU3oAlF zIXG>VDb_=e<&s>)s@03u6yo#}T160|2qcL!q%|hQ5}6g=jT$PE&a?)xGQ6h4DL_H* z)hJ6@qBo_{#>bmk8hMnBK#bj}e4LWH9t?;fc&V%r4KLOnDD%oFr5YG-J7=_rok&7~cp-|Kg{H|cX3lIB3PDTfPqyYjadOT`(wa?c&vWrv6{*aM0>Nn?q)h!9?< zubTt4iP@K2#YV8$FEv1}R~b#LO8g9uAf@lI&;uHUy%UujfA-)`IB_k<_R{xy^6u_A z$guUnX|vVzDW@!Cw5bVO$j1jS9{b+sg6pHKym}K(F*Da>-%XwUpyUR(oKL6SO7UH8dKx#5CW|kSFVQD@M+XS)lk38mxGhf1qDB2 ziq&LFCZM%kUerYK$*RG#AmVV}rjPgp1TGXbr0J`-mVy*hZyb*<3T7%2sXJqlrg~F3 zBm5Aa-zR<7S8KxG+lp_&7ZnlV5#tYs7135H9wGzDuu%Oz@P}dvyHt+phK8$<)aT>r zY(|iI6iK@1F{O!%bOYX}E$e^lz_V>8@@oRTXYH)uAs@@W>==uo1M`x2YdX!##sGCc z*bO-IX?I|)1Re$03n=?^S@2R4oIlEFI)Ip~N99fHl&(UCtuSbtsB4JCo%N8!dhial z3yRn=$?L02eHMzO4261w(I;_cW{nTx`W#f%>NwLP7~IM= z3zaa=wTqWX3%o8ALR^^znXH-SccVeO01+BQt(53e#-bT~pyQ~aH4GHUN~=Um77+@G zfy(O7pr_<0zxEc_Et*amODvpYEzo5~?zFKXGv{WOlcY29V3AP2hO=0ER8(+lYXvwz z+t~coq0`^SP$n4Sg7BbXmxjz$(MqP!tU4<>S1weT3pg>?;9MZ5&=~a-Ct;xo^%Lvl zhpPbp^V{b*$SEiqS>{e$>VpGwgg$rxQ3<=CO-pNo*`#v$28t9lM?)FM7$gGdc{zcE zh8lrVt|v*}c)#h4mk;mS;8`mBk@DD&@kXlrW_F{Puaq}-nC}l%$}QfBAIs_|XnZZ7 z9aNoA*c6gGyfo1Zl z+EfR7xd~RwXN#kL%9blt8C&i?+u5HAi9L6y)c9C5s;!o%XFjE5ks}1*#+7)_w5}iu z9SK$vW{%W6PhdG>_@mua#44d;X|D2DO?u^sENzf$(A(rxrcX}}XC%rVYDHYiFe9jJ zO%!^+Qh2G_V@V=yGv6!n+3?7*^v7xdG7z~*N|%6Zgcoa{l)npRFC1>W!RN<4Omfm3 zsMwR{qu{+BZunBFHNkx-uzjy1OyW(#eb}~j5KNgRf*nUjDJ1iYgdhd{TG{&TT_!^L zV(2d|aldla%uj#ZJY;d(xscSt zh0MWATw=;i@Up6i6RB>^^00|K?`ZEP;23e=1}es9UwaoL1_r%p)W3!xVqvG?SGwoefwhXrC?4Yuc=pe1E3`{-e5wn^N0=yPWT~; zhpH&|Mn*C1`u_u@KwG~GlQz}S|3+ZfV^89R!6dTsbCID*d!7gJSP-AP_c0iYvQV01 zPWxVbJoMv-FlDfzsK6#>OwD3!Xc~_{^a84u*Mi6Roq-eI_-!-PCMz7LPU7+HEhr!v z9*g+bAr7B=0RQ~6PTY7!DKfZ(k?>c63&q!sbfGHABJtn-^tH3YzsG-%UaZSS%JVcE5{Ja!T9EjkyMGEBRx~RfQ;i=xEkn_a+ zD4>zy$bc2^{;3HEhk#S#7Cf*sfenoc6y=jV$;helB~x2*{}uzjzg3G~rxCw-F+pUj zMEA4>zuOnZn9GJ=?usK6)?;0x8ydY2{3R=t91mHI+9*5}-9P-c5`TU%iZ!(wlovRO z$TRV;59+Y5+lYNVD*SY}3Nn=%n;OU94$JXx50~TjBtPb|;5YkX71w( zvLMRyrzw3(MB_Y=hx3X}M#`TH%tPeD^zeWSH-CK}dPcnXhifa~bj)D$Gtc1Y(WCJB ze1Zf=M@P}p(t_^pZb6LWqkQx)vw$jmG&a%_K{a<;kCJj^A^>KaQK@ zrRWi)G$NTzdQDIf>2f|Lxl@xtQSjNhc`Po`H6?vNdWwbz8Rh2Y3(Ia|ViNiJ`QQOW zZEd`m!KffeJ~Fv=b#z0d5%zxFM{v3ncSp65p_7(n;H3}iY3s>?EwYS80sm?f$th6lzG zQW;UqOHy6Xxa802>^cQ!=WH#vNqS`VchWDaom0V75KZWd3An92nU{h3b%jZ1n&5c zkK_Ay7ebv*`os5r14B!0!0opzLiJ0d76`eV=$-UIVX&gEhzcgc?E5=gsT&&_gFPfi zexVIns$neoR4X3&+;ynTH>Ly#j%hoFru;BxSjlovS;?%23oKsT`IW(iW4b064WOgn zj<`yXiXsb<`2`=;+ZGq6kVrkCSTHpYQ6{&f-c!m+wKfKCRE;k_*@!^EgN9-gMy7q_ zZ^Yr@2=Yx@l8vKfRE7_%h~ksiABQJo!MlIF2$McLKD69|QHK)+HVr1+QCRgVA{-v= z8G}+|z_#89jH)CmvJGe&^x}^BBtPZGiYnl)D|(@!n)=tC$i=hm1}rUABiV} zF+TEpBTQNyy(>|SdXrdCs6mF-fj~q_ByB_UunQ~7%s4Xa#g(NN9HV2dS&vFv1jDWn zR#qkPk5>;M?4=x(6T2q3kMRTagXbZh{apB)_fak31nJOf6j)kp5&lzCQ$+Z2(LBma z*zx(SAJ2v3e9~&Q2-AIdytzx;QTupjf(km9OuP(KQ0~2 zmYr_|-dRhx#Y5=t8NqWsaeQo3McVURBrrZSf~|YnaI9klr@ALG<_w{*JO?^{4#625 z?D1f@cM!Ywp1^3B3Db<>v2h&i3ZRBQ%31K_;BC(}Av4bg*I*xdymIJFI_Tt7+YJP9 zvbi05jt$~i>kv8z9nfTCA)h|r?a!Zti9R}mQG=dSy%-&v!o-XlyZ3jXseJ@}BTi^+ z8OSrAp}g*nUcB&P2b$Z*&_y4y-xq*C5W;{*i6Yy1sL_~y2GyA^A%X~3GwJPdaBqjzKqxp`R#xV&gSatc8z2=*WD z!l9ExXzLtBNNqxXmH}$swSe+1=nv3~b^^PP4WPAq0+aRt!f`*IJ08G$)>go3R3qwk zq3L)Rb{y#=nK7!6Ou-&Z!kUu-V=|21V=d?>t0K#!O!xQ3@M7}_W}H+gQ(?-Om~i3n zflicDI%8fZo_zjXOyP1Djk;rxPW;5E~P6GPxT?nr^4|e58ZAqO0y9^-WGv7MBlt8j6p{TezF1|IT}XWXaY8)jMC|Xf$qPF^c&Pl z93Ako!HSOYD4y9Lp?6A-dzSf-h;SvBF3^9`hbULg$=j4;@cODH89EeL&h*i8lN=Yg z+$_h1F83pHVVseX0li)?h>{7B<=BtGO`$b4HR3m4w^%G9jMZutO?`9w9?wn3+ugm9 zcxN@48gh_5zX7sid+?VNR4Ds+^xN6+40Pewzu$>{gArVR<4RoJn1QX2JdN)?H;ym=^Ge`{Jx3IX>tKJ%jk7@v-y{e^9K=)fR` zx!;{gch9b)_{OjHz^=`~oi{AR;u0N(CVW&FB=Emqdzxy1<3h)Q?R)T*Z#{sY@9Kl1 zpd9bNem-Kuo%pBww!*>fOoY%xH}3t;GdN*aV&nBIu%g0%gMWDjpZe0nc&Lf0uIGgk z*BPl0NqR8bu+ll<#jd_2{%&0@az{GIDxhk$fE}I2D*BjHALHH^4&tFlw^E&&YT;uO z_`$b+fp0u?5S<|-ZrHdCYx6_+W+* zhhRJ@miuCCe&hvw=MRVBH)i8Kx30kaTooSu!}Ivwlbuw~#4z1<6rX#j3p4(7jW;@o z&wc9&{NSWelf_eP3#Ef}`IxMX=Vo9kMiz^LSNbmZ4R}*2rTZZ>6QKKrujHLxe)KX=oAYs$5_y4pY%p%K-&22@abOqQQUPsKA}` zRajnX#437Us&n*cEHaaRJ?isKn3r$BKVGB4$JWcSwpNSs8VeQ`a9?ZcJDkls2A`cj zpT!m7&h|T7eij$k1s$ z7fI>irn>3YtJW;V`)^x~MsrN8{(m9dwW$~rJ~{UE@vj)1i6Gjwbtp0 zc;6ZfZhj1%G98xPc@0`$Jc^(v#cG|~d!h4BLR%n%@QF=B5gAAErmNxchVbXj$MM;Z zuEO$~T&&r+4)406knT+cy{vG)LgO{Nlp=EJ1J5Z?sc>+>h?~Bw#GSuYz!mi4#IO$= z>ZkF!n+LF|VG5@veKbjt=^9 zU?_+i=1<~NoBFV*d>VV(LpU|%L)&DKtV|zPR?Oh*cMf26H6#jKXFP2tJVSgLnj~9LRAWqWtc1qWaeF02*z4)(9 zBly6Y5olFz^tbp(hVNI-^p^gYAV&~+NWahHQi~0o>&Mef&i?&!ezWK2b92L7j_$3- zWkra90_BTWVcWx>M9#oLT>p_@;Q20l>QcB1J|YmeF%vddUG4~e{74)A{>B0nQ6(}IO_Iqi1NW>w zb=Zf1OOF4y{LFfXvuot>1LuCS*_Hv1Pf2=napS@>9d}lf21^>V(C$(ZVY#p+RD=at z7R()!T2+^i8`sncVz?0MZ(4>Krw7MchRB>9MYMke3$9;HjI72DYiqIfg?C=2$e77jY!-4TP|rN%uascQl{ zJsNIY3O(H@)f2Gg_j|BxT@BVLtAg=x4h!5|( zst8w6t^cu3BJci5bhl68mRoCJHpsDhX(8@^svmZ?q-Aodl<;665%jWxcz0f}qkMU3 z(^L|AdUv&XD%55wkVWrBhFOhBoUI}r45J}G6>>~UWa`x@plenwTl*%`XF#D@i9D(S za+78rSDJK6d{Y6ZW?MkwVvWEojb z1(ld)qK8(gg^|*eW7G(}xs(B!l>U5+lJY`P%VE8@4tTbe)@={mukHb`!3AOf2pM(I(sI*G(GFTUc zrWT5+0L)_p80~Q3MAsPp=>|5T4A3oHg02^jAs&k2(Gx^2#N;Xa@N6WKbVms)Y!qkL z+_)bkkw{s&E{z&4U8(|c21&>$ADBaV;7Rh7;2U8?x75i$ExX_56TqF6P?f=o5B=xAV8Q4CtiAI--2cK5QZy>z zLU?K2J1M3~81)LOBgvst%ZNN=`0jQq>OWtM%`FCO`Byi#f69Rcc?lvqIl3oxSn$On z+;V>o$}{;jRN!N4eK>Zn6TklZ0lfI1W7zj84<2hWqWa!){BoBW^%R!ZGc{=B$TZ6F zn*$as`En7y^t25s`p$BUR7s=?O=Xr0-4i-2`BE{i`+fltE?^--(kkW1(8=HksBzs7 z^6@u6%R|Qm5voFohJpkR-8+G&|IGn+L=F?h@%zIDEc{YF?%kXr`t&L?llbZuD^`A^ z3_sap!~Fb&SeKQHzBrWl*!mFqzG25_H-&Nik8-f$D}`8BlYswMWBBU3rs*4@kL+}D za2eLPB%FoIk`NgRtpW9G*5cNT0dxl@i6E$kT3m?hZeEK|{li9l=A$>@KmOr*eDn?0~-v+8}rU%)~37`m3K@$w7f1Mw* zg%gvXXktnKX7F%rvHAvod{hJGrd(dH@hp&nBoU@e{?cM@F4mSrkXsPNpY1vfx~!;6 z`)d>yEW-d1@-U_<8o;}mpAV_|SDYqsI1T3X*=zDJS;rx6TAB;W!z87fZhkq+TA`+xR`R)%a$Bq{VaOmN!ShBDLC5vmJnen68cM1WU7SmbPr(al= z-hhAp_xIt2|N8)%e*XaO`(rc4X1hf%Bb=|<>@~ZzF7e3t;fYF_49<`oGlMZ4A5X#+ ziV^8V;R?nv;D{rVh#}kLrx!YiP$G;;zDAXkAy*U=-k6Y|@I|3lhoRL3q0@R{($mMG z4#4S-qNh8F9(x?Fa0JuA2*nkJJwV}|aWoGm&^aB)l%I9R&}EOIc_M)h`b?X9lV~1^ z!yS#%^@vDI^H?1Hq-)e2!;~+MZaN<#9itu|C*UXRGk{5d9Mhz4fOMT4NTQQuX6Uyk z5=Hk^9EbW6=%J&B(lbsvIw-!L;W(1=Ff>XZy`w>)yU)(8JwduJ2XqQAl?n8wQwFAT zG4;;#_i)~PmfY)hZ#6DkLKKjbm6DJ{9Sf0RREL2PC!%8$&{AQVlW9gymKoWZCRljl zP#QcKJ^kLFg^Gqe+a6SWGX!4b80^>k%31$5UI|QMz_@+LtV7 zqZ)Uu%*0o}xgBLo<{_u(oC&^Ut<7R?YR>|BGyha++%T%9PY>P^pu)6oXA6Aveg~+6 zea}tvap2%2j-5Jt)XTs`5Kr$Pz%A>n&~oNftwH=$3x2w}4~q(vsHexWv`ml4cpn}+ zIF74sT9po&g5F|5L0K{G|Chz+?VG^96WoX^;U(ag>GV6z?-oD2D6TB_;E~S+@cR!0 zsnVrFwvjA$ivo)Z74QVL_~KK!_~p(VI0JfAXQ_}&?@e8fimW+q##EsyLyZ^OZTQkt zIr!DiYJB;rGJN;>9Ne;4hJ#;mVyg=C@|Dntrn>~f5z438*ZY$zP3c{%twF{hOV5<|I|02}3;tcx=m2 zw0e|8L@)n!8s;rUN1Gjehfd(;d#cjDROvV9u=x7<`1$>Zv7uUr{5gYB0=^(zlrBzF zG#aDyx)C{NVMlSlRNLqI{de8I5cw7vKJty7aMSN_z>fnv4&XO?hv0UFM6;}JKyOw!>|7QBJ7nbu_k-AEmeoL>JDu884*aP8j|O)E`r@n1?C@G@u4eI z3H5se*z(jqbd0A6_E7UUtX2c^a<~`w^1|GHzrWfEMQKNWxT!M|NfI%5sbVyPD{CBR zn~0Ki6hhBT6dj{s92$t@r+a1i)qWY8`pJqL52I^3fnf{aviT*o8%96O0$z62!R^u{Sx-Aa3-GLoVeQ0kV#DU|3 z7^9bc-KJHzWTeOP$YMl|M~SsyhT2*OxYjLK{aOa?3Rvd!?1ji9x60!L5up?k!G+_EB+ zWohB1LS*T(a@aBq2>CPH5{(r(xc!Q%RCy>MgUW1ylMJf&-&7B?=}aGGC=`Yz z%ZB>eGBWgHNKkEg{^EKV=e(>Dx?f9aDcz45W=kdtGW8hm>c@%hF*LW1z?Gny_R@M3 zXJ=tuV-|E84XW~th=ja2*)fXatphmLF%C;n0q%I$DwLVe^x5WXLon4X!t#bfWEsd` zMfn6RGAveXyfQT?ClQZ|Rf)DAB|UAFCoT{@-BuO8+BxDg;1HJMTq?K%~~ujOyJ7$7>aCK`lf(Vn+8Qz zx=s~Oo|+M)ic>?bUc^&urE508q*0)6(uU*1Dil~1xNVUfCFU?{3yp9D5*T&a&^n?d zt5b)POtx9&n08q(?$)4hT2Em!h=k&}vQh^heGg;K3^Wg@VbL3LU4sjS88br1whk+5 zbCameHo!}j$YrHE1nIpUr)$jvD*BE!D9MmfI0bqpEI2Z(MtOE>YDE{-F~{s#7@>Pw zSZJUMYXTWMJvP+)QB35Sh^TqIRx1C*TBcNBrq?n(e?Cj@^}06_uVxe%PS_$3+^`)S! zBAFyl%uV|+VxbUX{Ujy>N#qseW6iQsB4Zi+z7RB8wOGO}9Eu1V zod>DR>f^@|4Tq6bYoIwjY%-3c2U>Arz=g_XOR!8mjiY;xU~B2^`1;z^z@7^s9*aYa zi8;>{jbJ!V_nLYUW)Y2$RhytZpfs|z8V*OH(QD6YN{A6@#(0vklI}O{7xm8Iv8|^N z*P1bZQ7sk}>JcDIm>2fuQLBu2z>9-T-DEZRkz16HwO3Yw%F1()K!Qi~QIOeGQ8LAS z@JPTE5(v2**t)+5Gkz+RS1qA}`Q@9B->#TD2v59a z$EzE2aIn{jh4c;eIs(Wh0*%pgcLc&HqKez`p%83T3Elr?KUKCI_{H8zJh&%_`XVFR z#)8PR=)`yH4n&Yo6|0_UFZ5~|`J2(&@5ZWHBF-TvS$Srh8V$gtGvZ6PkKwA?QS9z0 z#qB?`5FwH!nPPeEy&*zj#-S_tU${@7l$9E)veg8%c`q zxE=FlawTdStMUH3*5bprU2z^VWXMojUyTpGdkx;RX~7vXWKej6PIUn?WRU+kWXMoz zwL~mu$dDnUg5>(^SK>o=T!~F9%LExR3`VUWLk1J0W)2xL_=Vt6rA&rgV9hw)RQxNj z?8=4s`@dO-_0=Zq+}nbm?sMWFUx5r63LY_gf%%F$BA9buK$Ti0$dDmdD8#(Pb6*mr zRs-!EGGwSsS$NN#>+rst77H?D=r#P3ozbt*o3MJ#68z(P*5F-NosSF|^ioogxv63v zJVS;IIkeU+yz9o5_`ADTU$$iU#v@gzClfLvjD%P?g10{6d8@p5b~H{E4{}O1TSru} zQqb>M5?*p)dO3s9B>ZF@hA3>1pUjCy2<%PAaP^N_9?pB&yG=_2_c=}$G_lMJOHL=`0$ zsSi^;@g$`ol*G7K4mZ^`LsYTj=6*M&W6UjsgLEWiF|l6ij31cv%EUbcNw2tnPAidf zD8?-&+4TJx>B~!5hABuSc)8=U-2Ulu0WTNTb@BxEoEXFKq!*);4zx9&#Ewo63KuTI z?F&+UqY^G(h-RGE?NSwtvzBfXH4d5B;Ubz;U{`xFppL;r7XFSC8pIPuT)!-cJC@4P z)vw3Cb_+(lX7m%WR9H2*@2)7;HH5ICE{1F8lf{>3z~Hn}41{^lstEqyrT~hqS~Lx* zk(Hr@B5B66O&TIW8xd0y>uOZ^;8h{qvLJ}7>!Y}PRRWcnDje-oqdr%GZ`_f@)eQk$ z-w?&7#bGQj<7QMj3>pKjt9PNm=ES5g1242@U|u%x^}9%CgC7Q^SrA=)o?Z}So>>F4 zUP)x9#M&wazIv+{S5zc1>a+?n=B8dBk?68wJwCYBjSsFOQl8M_=R1u=v^p%T@E{(c zJWP|}g_drU+{JNkB;H}WU0jafrXxMN+xzhJwq`uJE*$Lgpf-OD8ybhOpsW+?Y6noAJ%hF(HxBmsP@6Z2#=?GN8mH0R?nBeC8{gg* z!~Z-P#_rA#_MLKL((MvkF)gX+#_HNWEG->HhG_~d&3?2Gxlms)j%(|Ov8cQo>udWl zuV4yYBQ6{p@TLd7Xy7C3vA4r1K(o@bHgL=>T52nmHsYk8X zzMvU19vk*fYfzD|#)fLrKdK`COpMqKn0Dvj=%gA&nMO2_MQBzjFy_d>A-f(Wc}m<^ zYe4U$5@W7xj0P20RAhvl3W2gLome49qt#$pk&eR3&^>9zm^+IHl45a@2_doz78V;R z%}MgIQamQK#kGw|qf74F|DL;tiEuAm#vKn$Bt8Sq8Y+dh?pFFg}S zFJ0@K4#1{Q;u*5s?%k|F?~I!6!B6BC#olf+KKDe7z7I7zCcUIziIXFKv6|DkD*{I_ z3~xw<|9BMma}yD(O^%afIa=sj<~3RMDhy!L#g?yr96x<>8wL;UKyP;wzVPi| zW9w57;H#hiC_eYghjC;mfajjwOCQZi{OqwV9RK5Q@bf=Eh|m4cmvQjeVLbKtZ}7kO z{}hit{v`H1_zisH{vYG+cYhMQw)_rX`ROD0+1EdXr(ZlJcI=iQ;f;V8`Sv=UC}U_Qs%Ar!yk*;aUy3%XOu`wxAAfDhsOIP9l@ewG^+K9EW3htDe$Jzj;(@jxm7@@-tDIb=*8e_YkG{B5?&GF@@Lw zSV3vbw}SLhJS3wcm!$iOB`BXLBP>Q4vgy8zbk7=vLfjJ*ANL=!#4I@9&X>=Ud;RXM z#$`i@k#HEHKnT|CT>7w8*#5*H@t0r!1V4D_X&ipyH#j;phJ%NWVY<5&wKv}by*!E^ z-?IwS^ES~tZ^mT%UNj9kv486!T)QlRhraS)UfiBME1v}j<_si4(pab0y1CqEy+ z-cOHU_a`S1{fP_f>wvQVs==K2NPlVc_<`D!`7`g9JFj}}$g3KSaED731PYgQ8JX~|!M?VoaE z{JTzUYKSA#pcXEd7yG94vEGsl74k?vN2d`h=;R7NHFyzmy;h6HJQo?wjx*R>O+PD@K zOV**GC>y2qOHfx)K(*A%rfwnO62Xuoh_5}aV!uJmgsaKikU!!sTq4ug%AxV@b5SB=D`j;-8!Gl>-=^wBmP7S|T_rii{!H^g#@|t@!eDBx{W0-!~}G zGVZ|@1vcVhJ0dX~zP~Sq0;7(8$I&$%$IXo@Tw5~LWwaGKR*~kiG}CT#<8@5a=H zSy0gEX+ks*$!f`pv*Nb<6ey~cqtIZ)krp?)z9UCv(HI3FYme9Or0*dfl0jiGk-QDJ zeMN!HN*Na9>v5pni9`Rbz=Fzt9PcZ}oj+6~O1dBX$PCuiIk5FqJ~n+*iQK#>vUE0_ zYIoz{7v)${-;dt$0&MygF9Knt3TFgOLu^GV@!fm+;q+@!{rPIx2OZe;B@Nciqx2+# z#4o&Qb}l~qkRIRLCd0BC9ookuVgZ3=g&8=|HiH*FtHf3HeVB9~1%63m1NN=M*;Q#q4vQJ^rJ!z}Q3)=D+6aX!L&oJvhWzmd5Pmb?a|y2-Diytq1|khbYLE->4R|5P z15tG3xG7R|p62`1+SFY8o-F_qFcWbW6_`<-ZN!a@3f#3^34h3lq3H~a%;ce)NULwM z5TQ7)<`hA`If3hzt8x20B?_&2)E5{Kj94&6+-oT(JXeW;BYd8abukVH!sy7OCJ_w7>lThL^I*> zSz*!`QIo4jW1bFoFH+*>1{Ky;0k3vG@SR&lQdY zIU-M0LagqiP{iq(Q0^0{@+v@bIx3Y!va%T6E3e{{a^km)mrCRTCNX-JNvJ3fxoMk^ zd|gSpI6OOzmInqUNY@$1zuC#1f077Z16;z)W~meZr6baC1=8s3MM?{ubf#DgNo5wcCBz`uHB2sgF9~bGGBf_A&VQ8x!#1RLdbe z_G~NYoj;9O;OwoK1mau+pM#JWV{M1e+Q*QGvGct+$J=nIZ2)8EZgR+Jk6vKA-hh)7 z_^E)UVlQ+$fdWZh-s|*@OW-B%L^C{DKY>UL)1EN7$c3Fd3`Za$R%bc4QkP7G>Ctvk z_VP|68anb@#D#nket&`kNMSu}N(0l;gucH{jkUbMcAa8}ZpEGSKPZW<(Db z6gcqkKfCaiclppaLt!Iv{JB|+kNnbzhYo7s3G?!4aYV#OQYCj&!tbMpO%MDVciBn* zG>%V@{{ORKXNwA-zRihm{>=<(O%XU8sb$z0R%Hy|yL*u2XHb!54cIzh5x*v58war3_2!&fBd-xKi_SDBb^>5s|imW*~TCq{`eHW ze9sJ$Q6Ck)N|Dw`G>&jADUOrw1U4=V;qia5;~!Sg`^pRHa#o%GmwHXPVeO0~Pqtta zK9V(10na<(s1OV$i40XxYP4{=h{Tj?XpCmEg6J6}R77|>sP#JXGYF?PP{kvu#L$3C zjO=y0V`R}Q;2{fjawzk7Q69Nm5h%2J z1gXpzAN3*}mSJ?vPxr2XQmaFV(&(kaV%i?U4C&L5pO~QeraL3$A6HW5l(}yKE~|Nn zBW*kIKcD+QT>ba&gE`iP-#^`lqy24gb?ibDeJM_t6A>b!r}pl`j$_Y2PJGtx38J=8 zgQx#;2=4wV6j$e<{m^0Td2uIBjE$gqUmsKnEwb|**!I*Tc(AJi>aHEw)76TJWx+u0^K8iwA!91SaW4)r>cxx#bjkT{0Ye=vj`Kg7RD8xQEHYzFwT-Mc9Zn6pp^hu@nOk_fuNYZYBZx;&Ql+qk%Jm2prW*1m3q`F$ z$CwVkdR_*zF@}HM=qHQLg)Jwu@mx#ldjC`mk%Sr><|R;^LDmU{)Eg%eqgws9p38;X z*o)^sPPd2Bw^G>@nWYHj~hoB<*e6>eH&M@_*XbYxkDBD_o+KM}4(kX5B#NWafB`ZO6Ok{KtFX~-2^ z=}2O9+=bTmDGUzUiO~G;cu0RFg8l&~`8mXbA0BrIlVdJ%bW(av^bDVS;S}oYim+=> zFMYdxB8D8Yv^koVR$_cUAw049xUgv4?f@KADVm&g6QQZm-8%!PGfWjD6&`u)2!j47 z#>YM6KLxupgzOv>4mS;9Y{Y>cD)R=0oCr|`HB1#R?)o$uHFPh`@^2o*HtCeF3S}9k z+miOZxOhiR%#XSTF>q)zCiKOaR99l5tq1@5$%oJuw<9^;j7}=-oh~mrcAi4lWEWED6T+u+Us4|E@KGTezhkk*l!WD=PJ&KbjW$5!w zBhTK6A3gI7RfepXKC}f7Z$E_m1s8pkb02!bdB{>Yaft5o_gjZhwj>v2=3(6XyJ3W! z+tGUPL}x7_T4>ZVlx7iuQl)2q zrvdJ;0abZ!$m42MWa+VCJ`qx50&5y$L}W3nu8rf``ZyLBctpi(+-<{-ZYzqiWw26( zXy-{aS!5Y-#u6ya(W7TXjm}XU70@#L&6)_xtr|RYOoKy%26T?+VB0Z03NzHOT6|>f znCbg6peWOTOudY(Qx#TJD6pnx20p(QzujL)=_jiwX2WzSi8Ym4ynBTo?_R1vB&2~q ztVU&y4!vWfzukl@YIsCp7*?GIi>r8r9s>rZ<*M$8Cxrvrr#{8I` z31V=_jx5Tb-o9yg196Ho6MuQ?1X+oG(ITTKYjkqji^j%W?AXymVceLS_7IW!q1CFO z;!OaOGI}0H(#y@hbMNtub)waR-cg0JR3gNSf$2#P21X-Tb<;XTdiv2Yeq92#zjoJfh?pW!p*~q>#jt0c^x8DqvgJ(x_PVdo`3jzSb|X)vq|T5 zcVVHf8}^`%2(k*9s%gwPsCFvPpbvK%dafE5lweVPBXSFCvEk}9*l^2jC?Jc_t5Bly z`VZmVbRVYRG$KkXN|&z1O}E^MJC}VaK0*h++Pc~0tYuhwl;DIBvjtFyWEBPIp#xqB!(PIzb z=A~ME`i3~FvYHVKb&DE5FV)72lFeEc+*1-KQpzy;u%z6Miktwh{#G`gJRE?M3dX&? zF8E`-zNw!I;Uso<#PR3nsIbUT;P%B1PJB*Ty^NS0Cn#YG9+wwSI(6}aU``FL`-4`kNi zKp&+eH;(_ev7f>Qu=yy+DvcvV>Hhh1VYK!q@yU15cN_B~JJUfG2s;W)YJBbK5W0yJ zZ(HJ{Jn=(8dB$6zrSgplF*WUiEtyn1X$q+Voh(EqM6wXMSz0ES!D7)P7A5PG%7NOd zER>dHQQ<2WE;rALoNOb>XekXwvdYw=&$zlKM~o=W$}))EXjTzHs?b#QFJV)YWD~r&UlKdeqkBQsJ*gd3iQ{k2+zAmX&5< zUSk2wW-TmMJ=9b=GEjwUUPC_JN2)3K%>(BzTi|a!Azn74OjCEk9nZY_1Rd#xOmg*! zZ&XMCzM&>Owz~zkiYxH0)eS73dKLt(5pkx7J^}JPtL0AkrC$65ozE_x#&M=5H}eO< z=fXRs7aq8RV>mcghwH^=^(nn9$a+#pg*}b568;7`{#0KNKd7@VpN2>)IZk)Vga6O! zPm0!d1S4Pd&0;!Xb_>wTJMYu@0usa?MucGChJU1 ztmq<(r79x~z1l|vXTY$B3UxUtCTohVjkXC3zWyAqLc`BC6DLNUxO2W0r=}dJAq%t1 z9)eb(#lK%Wfu)rW?CvbY9Y3)U!A8geHDh0o8$bIS4I1;tFzwC6#~+oEb!bGEA%s4A z7@O)f`1>`J7?7_=Q{Lg%+=s8+&pSZ z;J|0SKzIVvehZN-??IY}k32$FQPPCZZs5hm?L>!4vPfMBhv|KnMaa@lKxKSCy`z+$ z;@eDtzrRExfLQnl-8zp=FpBR-P9GO?%6kG=Jib7&*xAb)?%EhpmJ|w(8oF>GBqsZdXm*>2&Jk=l)1*)@k`0|Yk z+(z~pM@R=5hI0<24A3pvV(M)p)qRkcvCL!{H7k2RAF0Q ztj5+351Rf!+L7|ml zdq*yA{(*_eD1!QY6AqH4x3nk|+d92iU2a6b!z=nMzj?#CmWMI$ z-7x8#!Y_AL;j^0~c>i(@zIsa^j5;r3Nga`k9(%gYSobvp7FR}a?DHNf3nuWLXBXh! zzeKUA(Tskl6ZMpzlinouv?TC>Ym<23?|KmS5}C=#WTvu1Z6HGA3dS5lq>_}br3o=c zgeW)Cb+RVOoA^tdr;w%rK|pCg_L}`1c_{E{Svm^6EKfgA%aNamoBR{xnW{Ob!n4q< z{Hz|n&c-cYpN(hs$a3PGb(F$3mKQT!X_cVD56Qa zmL#T*$EdKQBbbmv7)|S+@lu#L>5c^4ZaEgbZ(A=iLlERG?P3o(&UsiL6D zNWd2+vQ%Q?hns}_EcjK9g`S~W`2ZC_7P4NFR0xwb6fi)qh|_Pm*eEy86rl59xKvqt(&NddLNSgU zT@WfI>rZ`Kv*3a;64heDZ-PcimY7n8U?c&9ib#d5VXZ<&g+GN!C}7chpjZ15j+ij& zC2Lm^L7~-6_ZEXUVkL`I4WlMO@w+JoqJ6TYMEZ%8#=KT&$$~93lZ8m+?F-xB2`iwd zczDGdPCw6!^HciGBxf@^DP2^FAd*j#yvpz)s`K&GgtH-hnyPqDlcTR9;}#;N+MOD@x7SKj6mVLL-`ny;xhBN&aqlxJf$4 zK$VrC*p;KurbY9xkE~`RjtqHlWrYp9y6sp+$L^^BJ-;Yw>Ae{BL@5mrgRc6g{8(6M z#=$`sR+8MlUI$i`S;fvFEMK2(pgbY+r}rz%sG_*Sm`^$m4tsD_g_W#xJ64ujsiF`f z%Q=dMJR_$4TL{BffIiAt+-?(b~b4B9(S6qxi{_gF=o!VDbGY69{ifg&7L7L^pgd`0oZYTDaTf+MiD?+R$AUT zjpEE1sAOKc#!I4xP++wq+cZsXhOSM+s&x`+@%*?1U7JKH$!nB8(x1M!v-C3=1%>{6 z%M2Bs(!m^B+^a!Vi$9fMdp!9y%YTRt;A(B%5u$NGnywRu=m+kxXf|v`tql6U}^x{cb$O8-H#Se3@yzrc)O0{RM$b&E?x)Q z#IxA1F30Et-@}$}1=@#pW2S2yTTTok={Sza=pg>GrwzjgcH+Uup26WsFV-z-d|B&K zf`r!to_4XLa|W#=UKq$a5U(25;ziRby?9JeN~+HC)Cq+w2_0ED291)eqbSU31wOS& zjN}qvi;@jY-q==b5G)4PqzZLzuH^Y}adJr>h>;*x5d+1zQaIN!A;*Nwth^Ywk(TGC z$3)tnuk$rNGI{eL8*YB&u<=*YpAJ8(KSuJix`ZDeSqE#LjgzjYiqfQrXEt1FC_nq3 z(a+aX@+rT$@~nT>&BiJAK}4ADkC%a4357DB!lm+4Jd3pBK36dhF*!}oLn8*%xcp}9 z=uu-yp`NUd7z}C|S#Z4GYZAFe1&VEIk#CK;I07tt&-&9 zB0UE9!(mj@J#x3VQIkY(qCXzlI5I4Ri>J({y3JG=&-JC405visqR3Klcgrj zL%b-M8g-y$$00P-lKEd%j_r>g!wh}+?GHbOh3~!<-q8T;;{(W8wi?QKKC+!BkW00} zEvGVY%~CIZ_E-ysxBUfsrnL0pPr*OvLAQMfQzM<|?+zoJkU{I}#=#yZ7Oh!|7!_0n zMOmqlUJ@i+Wbm|$9i6FZ7ff_q0-r8`=^yXy$8O3Q!p3xYP3I_@}S&FnT#V`u$hw zKc73Tcdq}eo;iLZ-Z}0pd3NW>pX)?=N<^9zsv2^Yl$YEGdo~#|Qsm6jE_fcInjA1< zx8UcyBFHeR(KF-62w7)3s;uyW>)DKpl>E9tU*2LA0~MR$;YXT8@30D$dsZfH=E>-47!n_QxLzHfvT8U9Q z@+Qu_nEZev1Ow@4rF8M&uR|oy`)aa9$yT6VMfyqJ7oti=Qbzd@BzZZSNBpQDV!VFA z1QbbbMc_=8<{@4*C^b41)Kp^0>MK!Jvk0a6g{Ugb#jR zRTZPIECbaw3#p22MMGmF6uuy;8!Yfx=3)I6D{o)Apt^bi<}Fx()mP3(-TX$Z zx@H|VT(t~QGW|1hY*6xKRtXX=GE#(?vJkltIv=D1Qhv#;l!M&EbS6J%!3F8ud5FA{4U^Z5*MiM$ zO3|mrgLZhZO=%|Y?vaFvNHB*8#1oE_)un?y7(+#t4sIfjdXo2rdEHX7+A_3cc_zj7 zRyp)sd6Dv}ECcM}C~9*IqUnA&I&w80OIUF~0^YrDiOg-fQTZ?j%R}23Vs}?T0 z4^9s^y|PZ$&Hu_M?l|c;uzrIIVY1qbDUG~%!r~$=u5F+^iz~%Fa{j*6gm~HXAsXpr zDO*qtSgK%=WnkU<71(sm)!2CVyI|GoQCw4wrE9K1mDPgsEPA2|2 zb}d%j@Bw_}-Phvkr46W@KM&Wex*9iMcRjATdMO$k>ri*aDqMNxQdkW}%)6o%8mc)- zknqMJUGQ?nIo-1|+n0E{Pm!G2tj7L+CvN?}CVX#OAIQvLNg>ZTI}G=Cv775BxmR+s z)8`k+yL4WQ6LKk^)boiEvGE959w6i+7lOPn1O>e^Z%9?|JG~f6H*$5aPvw86`$umREv=w;JhoPEo+7K2xs2&UFl}N+}AM z14N3)hIljF)ZzxSI5$knrL;@#)j5X9v$OK>j603=>8v0B<=$Tfk8J02`orT6xJ`+V zEGLfqo1E~cU*bG{js18ikBrDz{3gdTeB^7hVT2BP@FFZ7IZipd^z~G@l)r+`gbc?) zejHXoe>uE3vTnXczm-BJB{wT8^re4^c=)=|n{wPmoJvz#2Or6E_BYG$J+Z}{nn=V* z$H0fT5N~nx7Z>5M52spt(!X8?sV8tjBtl^XeRFq%NOjqBb;f76!$&ona}nqHS}&uR zD?zU5X+*d^+VP3S)J zEwpG+$l6j3_3Pm?lGkmsd>%cc(z-YK;1*@n%X5v*;ct zIHzVXHadWb(Ln^m3TUlH#JnyjH5wu-UXm&SyVHe}yN0Y=ykf(!n+dQF-VOv zolcE1O%JL$AI|u4;SAAK#dG)mea{GpGkviE)pD_r*PuA zZBTEz1I|6a#BUyJL&$vsCrA2W_m3pluY62_`Z%nS@8zrcn+ z{O0@UYVF1L-Fxx;vmHcYUPSDz=sdg|f7#uIgJThB?fbFqv){-5+=Xb~{u9WwW=s#x zAg{O-+OExbEgpH`Ika{k!`MtAYI2X`$D0Q*@?0}qu^=XAj^Nqn zPhi{TN8k-kA!pGFm?K^s-28j|^!Lx9bN^v_Q3tWJc?|Pv%3v|^o^%r4DVRITRHIJq zEtnv4kPAFMir?orZbjgJ9ElL$e7uAZi88}~3eAYngXitP z3@RD24ZIn$Q4nfAkEtLlj0eBWBONTii1hQI8J?(bAX4NFnHzGAVgL?Xn`Ie#80lSW zBpnG(N3jK=cmj(_-b6Ay8n!XdAU2lHF_V6>_PDZEPda2oC`%|EoSu34Mr7+%$RgLs z>DQ=`M^++Rn7ny4FDemDDsg4G5m(iYKprPT6isl_pqh(@j0IO<`FlTzEqAWNm-p;O zRjvh39y^K~)|Vsh^5KsU{}TSB5y4P4GBQiBwA6rY-}?|wMjMf!>RfBsfRVvdD9%$s zpIL~mlUva;Jc+}HI}q^&QM-IO`n#UQ35NqCEyGy0aXqwyU3lTZ9t`>di2K7>yzxfl z5ZQG-^J6?i#QMnZJ8|1b?m*vxZYa#Pxb@n3PzC$&h2L(+FCTsgy67}&3apqI8AD5J z6fTzsf8M+m^BN10SGp3<9_hpT-?tGqixOe6e3pcF9Ejv1(S#VFAO=2&K?-zC4~`H= z`pwsQ82ntDQNmjZUSckZQ zouc1^4w9!M`*qn#hQm?#erFhMbR2L7gD-6T8S)qU142Jf z&S6P^*R&5ElrE0HgX3|8NpC70C&@DGbCL|Dr%l`og(XY0gTi!^ zd?(3^`=D!_E}nkTMV4m=IX>q!blN%n0U_7H_e=4&PI|?n1*uo|(s^eupC;3&8#BW_ z@E5JbXFm9DsB)`u`}|Uzn6SYb9za=TBNnZ?4r^8|LSqFSpij8a6qQ1NW z8&)iWN0x_m>zCr@cdds`pNYyPYf)WU0!zS-t2X{4uD*IBHr}=#RW<`Mye$|T>cUam zO47Xo_Lh?UX`tt{=qEmwb-E3#-utl{pJV1^Fl}w83b}L0&=5#p;cB zU~NqiJ!~Cv^NUedT#Vd;B2<vy; z330|}!CzXGVm@DhEO;Jg$%M$wmL{!2Ok`&wtE6W-6^NlCLkBxmr0aS8jF=!|smjrb{z4uZ%7bE}q+hRAig|@R4TI+b&IBW< zCc>H|0_Kg9c?t%nvB=5`Z$k_K;ti;I7nKrgN`GxOuS3eq-5Et1n4pVEo~=3+m1j1+ zl1L9?fQ^{vNbl!35jLlRn|`?opY_L*2~qyBexAO;ggfbrV_~5l*EEbm7C*C6jnrg% zu|PE<6_Jub%abN#Q1c2h3MG+{3TiD6N>PcS$0?|hY0JfuMj|a!I`hRf8D)-2WDY~6 zQiFHC=A(u(kVRy?YA->pR-<~s0%YeGz^qDTq(-Y3dztZ2Wu;07qqPLrUB3|-x-$ij ziVCe1WMWSyRn_;56`WP7@y)vwAOW$N4J~OO88vQ~o^sm*)=hLf9^UR1g_YigywL^4g&6 zX3t$jKD_29uXD=lee$Guu?A>5oRB38lh-)q-&|R;`(h&ejL^@!d(b&w<1iu|$qRkt zM`SDHNw1J6(q-M89=DKBt&7U5&+s~_F0vl&d@UTsln77PScb@yud!|p!}4}IcMJWT zE(+&kU7Q}$FZ@zzbFv-^EAk+nRxkZd@)lNNtTa2yJNo-p;_|T&Un4|q;0#awRp4cn zUJf!MF|}Hn)hOY$g9|?%RC8j~BPMg781dl9fE&k$Jz^QICOSVd;Kb1(4~`DHahQHL z(|NBWD4M?heU61VYYA@Kwhhlc_naU*t{t=g!Gj0U)YK%1v9GUB>;Uk@6Hj1pa8MBA zi4!Mq{P=N z*=L`{#KeT~V_h%4_@W5UI=j2O#kHQE9_aOY5y#sDl(!;($wEx8Wh$4Eg-DfMr{9Jh z9V*P{K`m54&`^QHtI_bhyez7~aPwv~np)w7n;yBzktgxb%QlFK>^u;Mr)uz=!CbQX zx%rWsTWiS@3y?eyi184?)X|YEAO;1=lQqZ{{|u@yZdy<9t`Vo(W5%YP( zxzC@fb-r4}qDgeM@J<#IBwQNc{ugfg;!RW!^}DdG-GSZRPVDbIlN=K!lPp`7(>(u{jzd%!jg5^70%Q_p zc_vb}4*9&LrA5ea;m%-PZwr@7t@z7F_G4>@S9+OpgfQU^ivcIS&XDLU9B>6ONawtz z5)UvLBfma64!c8QU<>b1(MK{pX+I9j>yvVGB+K&}p?xkodcveLAa=?aAbq_g$GcMu zkSx0qlH&n2yh{bgE%cK95l;kz6uyt-d3OySY{PPc6jwj_kEQ*1*)|>&Gs@|t>wQ$& z8fN|O2;D;{rJvK0*2U@TA^k(-&-yt%oW@}~4pDeMXFa1X3hxMG#w+%GqWltnXaB#Y zxNI!M$k-5$Klco_`7KELM-Uu6fvv~wC@ai|f9MDv+tCIs8Fb@AooJ(iBh#FX>5*~B zLLRD(_28SoY=+85q-ZeXeO7yF9IF@B1D=scZWo0F@v$Mr<_MFpDU0p5WVYhVYQlX29vA(`ugf|+E zsHmtA>14f}_O}E0-d?hnDOF4yJ{z8ESD_}KEIu-Ulrpl&GI=jW8LYfEsaXR*JumJX zb_7yun(~IoJS~9-v1q8$!qY7{7c%uKF*Smhf8)MDCq3`F9KC2x<$+aVJ1?@zN^RW7 zClh^?IV8^ufw0Br45chlZoaI|)r)1*Se^&yuzo$uvjssRCPeOoZGbstXlAHl^ zOkO;*y&d|f1HXM>H`Z)gg$yIVAQB{8T=42MTzKj%8Z58Mz}osOtg6k#>Y7YkMMrU- zcH(zkCYDxY;<|-7_?Pu%D58RhO6jvmg^7uYhYJ91!sNmrFE39J6Za4nDFxH+8Ze-guSCl!=YQaGyI9D9f=PE_~R(q@+X; zA)hmO@-FTg!Q*Rx2+Fj;PSBsVbW7c0Q< zUW?r9%6-Y)Z^t8F)G9gbWUcXhK;AKfSBT*agPDjYeG#!E1`{*u=Rq^PIWjlFW*U_k zw1<#y)u3m>FILVGeVJqkWRQL@9a)~6P+dfryzuxa>F3pGdM11@>6Iewte5q3Gb+D} z8p;zMJ!{n|&_5GKRgMPNG>$N>Fb8voQ1kI*Wd%|YhckBp||9s zsxSu%l?+Ix2u#A3p@F_411jr0yk}z_a?7cvs#c+-fNH#r zS7XH$i=Ye+<3!ImN-OJe!xi<==hvf#YPvP_Fgu3Y5lNnDo{}KpVxpRA{`cM4fbYG# z5%=BEfN!#+-|WZ7Stowewfo=Gh_BsRhn1BXf=oma!-e%Z;KG0jhzo*QusjzE7b2lq ze(A#wq8F1UG?iE%FG#=`{2X%Pe8NS29|!D)XxxYL+DP5bdJa+5b( z&e3R+tfPdOD;g*3j5iNvtC2TP=5yYAF?B5^!-T`~+-x2rKbB+C5a+B%giVe7jM0(h zQ!XW&3P<|bkF2tkKlyQ3N|%VAW!TZV@Tc=A$4NyR?>Q;rNH^U_SSEcg^vs6gW^r;N zee5^uSeB2JK9(1HSTEnFIFcWkqcW-)um#E1p>S_8BV9HYqDrfTsUR2DjAE>*EkJn% zndOC7prNz~3yY}+TwH~D^OmBjyaqYt^Kjj&TZrJ6q9n^e1%VFv^H!nSq`-nD^I$Do zghlfgqoKAKi6E%PTZ!v#yPay?Whm1|QNMg8a&mcVm=N-^a;P>h?Rp{M(!$FY+~>jU z^>dH2c%|^K6|W{eZyQJHJ>6u=8wB&T3-WgdGO({#E2hQps!_m7#9}6k zlUJuvD`jGe16z>1cy?8eUi4@3{MA5&n?gA~ApJ@))k8`0W|lW=p(a8q&megsvpPzL zhpfoDT(Y9b8ssL{%4|JZdU7$!nb$<+QSuxo6D1Gs@kQd|w^5~lo+>&ObWgmERVG=M zIlL1KS&1Ac&rMuZWWcKG5hxPM)Swz^Kg5d%Ic2_5o2v2ZjTTsQD^XXLD>kcCD^+w& z3zg1+8jP=RCd*ic-MvoH%(}NPwU+6N{VuU0Oo-xY8}o^2 z4gn(1{p8OCxmT=Bnp!(lO~iS0*eh0#iIcg-YmV~37%!1i^N3gU$FX3SJe57aZWdADc%!BFW4;jv zwG0Ioov@@B3kuBO=1#uGY8Mq*C~ZkGHG>Dt@UHXRugI2Loc!nKn}kKiYm)LbjfI6K zu@X#{PD56m9(p23-hrajrV-@XDCFa$*DMwYUszy*maRyG3U%2Av5S8u%V%iGs#6Gy zkefOek$ztFhT~zKW^z1mhSyfjB8!zb0@jh$%PZ^fE-Q6 z#l&-rS`>47DBfDq5hnSSWd^LP8v)|-(}QYc$}%D+sSoj@As&mR&m>5A`-4AJ$-Oa- z$xv*5OO{k>jo6oWEXR&X@hn}l#423s8gnG~-SOZR9*{B}h+xtm7AwF^^Tc#tYQp^# zU3b$p-ua#<(ofMfp5V??5+?kq3G&ki91nVnK|z9m1cV z+6tyb?%3tJ8~^1wiqQyfq>@5{YD=@k$rY1WJchpZP9$P+^!1Fw=kM!H+U zYk6>(WIO`#O(f`?{zWN_s4Yr0c?lBUR%jdZV8izgV*ZzQVfi=q;fk;C!}6DLOTM}r zi@v-Y+uNqn8qUSpWdKjc7rV|=c@ZSbN$eCKOMoe3DI{LCdZZ@Ut^1mtt{>% zqBp>l}jIX*t;-RWn4r*v@m)HMztruc)LhA2e8B#{_hX_kfoWzBYXRC__z1r$k77`jH61x+6F~;>Jz$b79e+S%vC+YneLzR=m)y#r%8&Rj?CcT0?oZPBf?TRERu_P7nz< zQSv-Kp6|!263xpq5OE~MT-4G`o#@l!K{dQlFBw;2r5Z1h4G-4gemoxhLgFd;EY>d< z3w!f43$EDnBH&&kC>~V9E5y{%kw#oWaGBGtH$4KcR{pB_t z+z}a;6s1?Hk+y%j_(+5UNCf?u4$1KCFa9Sw4)4Lk+jrr&KluelXQIf}IMLF&6Tf`u zk9gr|KMr*V@rSQ|7EOm+#3-nwdl88;6WVY?l9C;5E_XXbjp;|Ucm7+ zo;Rq~$}vIV*aA8mZ0DR^oU&y$;s^?Po?X*c=PB}lnPFF0taLL#@)JbT!_JV<$#JFR`8w;P_(^`y85ZGL zp5x;cb3_{GI7;zw7+wK~(_5fRE zj~*MxBo*dLvS7GS=3bANE1G$}9CwdcG)nyK>SAOV&WtcmCS!=lhUsKxj)iE$_6`l^ zk>$jlH(K%((-35GWEoV*H)}=nXnhV@d~CU~g-Dj-ynK_`1Jghx%)6VA?Q(i8Q*M4_ z3(*(hwM1$rc-IRXTcBj|C5iZ}$!heIUS7kLC*wCzcrGw?sCj#Ts7kR7FgC?D9rx0nN%(5)zlXTKa$4q;7d&|tb|L2+Al}@rGOS0JWk>*~S zciwqtcjr6LU=2!(Dsj`wIhZkfK4vXgh$+?OFlw@^SV$z2%N-WPC-;q#wL^tx5;-#F z(u34_KspaNKZ#3{KW_Fi>6Ccrnrake1Tm3tAQ3%CJC<~{8#@w@VTT#N-W)*z2|<^` zPu5Wcda_2@V&ciUdEVKMF~6wZJY?}BN2kJ(QNO5)Y#H~7IY@b;f)PhZOaiV@DbYgy zd3BQ(^3UNO9P)_XqFpw&?80KKAX|IhaDv1qg}#ZP=oNZ+)Qfy0`=>3%n-?nPxkn8Y zCeKCc48_GVP{Z^rUaIM^#V162|Dapk$Ce*kb$YFmEXFXnV-B}r4ms$V8ig2Q!OKlG z4!EHqq2N|7K6gIfyXd4uc0m0Y7X;@z+|A8RcWA6sZmgn2UAXts3&LtYAq!SeOb~_iKn8BJ`yUy%$R}N$|CZk zhQX8rv&krykjgRgG;Inx)3$+R}kZsh<$Mly-B&UWuh&-{+f&oVmD;x6h z;iVP0ae4t()aT>cDFwJ@l3PXY=9xuUT4%=24ktVz4gPxdEEMPX5sNe<89j_tVuUhP z&ebWuQ6z;ZI>|zOt5Yi$bLN>}cu6{5q?ZS?bDJ8s@o{IC8DzP6Ng$_|q!$lnON%?% z9BV^_m8%V6UO^~0Rr&oz7;gYGOuAW3 z2>&KAApj4D5N(L$Ki8l_Nltnoe?u|PrJ7zvgL{Osf1YcOo0b~L`cskR$KuVx%{d;g zun~$Ugnw>pL_D_LrN6CoTKh(fK%!H1U^ zP-bW&i*P$xh6gCHG5Yz_?_ZHE7&BZ2OBN>y7*B7;?TKvV@fwNgb3FZ7#<2xTiop9~ z`Ze;yJxaOPCQsU(o(3(wFQ#_md&s|-%8kO}Dbn~JzRo>9dFd#=&OP9HB_E!`O@zbG z;H_}nQ}ozzG|tnzaqoMcYK`w@%a_AXPus>lLfJou&(9Rs$ZtB{>G1eH_&MqLbMI4n zu83>KA77(15c?bko7?A_NnaqY9zje*VIS(np50BNo|@&!+Sh{C_HinOg{g$(ht(OS z5*>RM#gP*@_Q}v^_BQAc{VP4CB{Z2JpM>Lut2z+|D8V zcGDn!`|=?E@YWbc>~?(ZeKGv#BMubkHX;`6pfGp|=UfWSOx74zp=N${WKppY@Hj$V zX@VETwUXmro4k5GFRUxZ8`3%MDaxxv@Hj)UfG+u;pkp3GXbh5u@rXP= zP%JzgN{7n}@7gF#EBSL$SUlFzPS?b9>71LxV1JQB<~h8LruXSyo(0DdjEHJej++?o z7>J~w!_OoCyudKWhr@S}KN~p*T^DiVWAQ$;k$i# z#t{0f<2byt1;s_hh$%y8?;Js3>v z7*fD1MesCeMuQehXBhF&O)5P6u>|f|;37YMvUCcNQdB^xDj`<`g{q3m#5}DVcdAiA zNkZug6<|ZJ4)ZI`beyiDoL*vribS|LM~BJ+y|BK-oTL;Vu9^&z)wF=CSW`)ubv&0T z&jqSLajp*4`8tG1WM`M;z(>~DT)K}%a!xtVWeQP^$xA))+@##TS(&d#lAb%A{0GST zn?vD><)vuL{&|t#X+egu`Mg%Ax^T?lrM0IYtNi652(^CA4jiL~d zYvfKrI#GSf9dp9;?(-^4Lgc0v8^k=RMy(Rl$iGUZ6z!HgdrnH3?#SbbDX_HGh#O`M zA6p=p(oD7?o+na?IL2%)jE~t-Ta>_y&3;ryJJ8`R!-^Sk>=|+4z@ty1yT2K)^l32k z#!Kkj|6Tm}bvu${&G_-3TJiq-uE#SkJc4NFUi^CF^LXOVJFso{UL@&@v8=iQ+h2SF z8xMBlwRQiCH(u(aFUdH5z5a2$_Nx}$dHZd!+IHdpzW-b7-~J}7;|H;!gMM7eA^1s{ zTDyy|tZW1R?PV|e{`_4$yLmG~6K;h^G#&!HwwK^&7k~FdbbwH>TOTux+Rj&;9UqbSIox_rJeD ze&rNQSuhiFrd5gL?MxO#?s~uimabRgs=}lgE6BYl@0e}Cx9?Ts{mWeNhP`MV%Ek7M za@3VCLyl=7W#CgtP%0@yrA$0IfmCvo1d=mY1r?Uf_}01riK_hq#wJWPVAApZfld~rl#O6=(MK&w<^Yqu9B ztrlC_d9G0{_7C{cJrSh1v&9?4s4FIVt~Lz?pn(codZ-Ysru#aaBxpJu9Q2{n8lsm~ zqIEPR78Le`Q)n3pK$Rl@-5wG(4Yss6L|=(E3iAlXJC#zR-5SP_gZzh*I6NF6%UD72 z@*$Vvv8mOGNK!#@AtQwRD<~|UA9YN`Cxrt;K1wGAc6a(nfHk;(Nw!lB*RV-JJa1S! z_TlMY{V(iO@4<)fxeYhWuR&**4eme)%U8`skUk7oa}Q?Uatm&{_fwdsi9l=YL;jr4 z;M1S{5PDzuJ#KvPF0{AqMl`5}KED(zZ@v>NZoB~trZiyA)Lf{wL-_vAB7APS8S~!v zF^o4hB5q7z&Du}n`qgux?mvi>Zvxuci=nQ*1_il=s42+91D}2ft`-;O)&`Kf>_e#W zH6g61#^?U|qi9$<9s63Nm{Uu_J+Bsrc5Q&VvI0#_9xCm5F{EsuxVFQF0%!|n!lcr| zp!A`}tign08j5Gu;GViXjK&qHGBw~Y|LPx6AK8u#%{~~X%*PBWMM@-+<2g)~8UFt43WBNtK$1S?I|kjFTm%CrwCTQI&z> zlR%MKNmiqlEI**Gfc~CR}9^qu1!Z$#tN}|xD#H?~12_;aT$Ak3MB!awp zh89Wkzo3#=rHEl+rJh8Q!p}+jH|kO-%~hd3p9=64^sF+r zvI&7q&t*!2q`I{0Au8w#AR50OedG~*>NB4aH(q(96O+D`v`K%lnRq-Q%yoXzGiBZO zO;|B!0V;}$GiTDchuYA*cOwel_eIRVz%`NF1zB{MO}662wpv^_#S9)gbT)98YkKpe zNh6U+j^PT#aQ`p%;lO~GEI5VeLCJ8(5T3-E7rz~4E6$$;_*e~SRNQeSg^C@8cC!D;@c9${ z^KsTc!{?an^%J-6n%XW?@!AN=&}PcZJGid3~pPLNNAVX*0=7)bayrfbpNd;sQ%QZ8LFtf}^8F+fQK=x;q{d_1dg;Lu9 zsFzTn+%sH38NL$HxQYtdX*YR)^0|0sJNY=fKY4qi|H=1Vk^U2$x$($H{#QW8#)=Cj zhG)uEVj*5wvZb7};$%0SQ$Xhcf23zoO?-Lq_QbhZ$#pry8Ls5~!tI4T#n^p6Z^XU< z4_SyxF<3s66&{7#79HNGSSPUko3~)V9>nth-bw{y6&k;OqZsg>{d}^`GN}|iDb4YB0zXi^l&`)SBNC!E>xqq#(##@n_NJw46oI8DM6 zh)^LplaVKnr6Vwkj=^3uQ-Y){J$U0+KgarhA9@G-(LFqz@slQ9YLtkEe(BDuqf`}T zM&7bZ|9g8{^EF=0K0+4ZONXp@;m|0ee2y%~OaPPoruUUfBUw2mP^pTfJ0n*toKjhE zLB;S)xoRv#_h2VFcC3S|W)+@#Y7^!Z1<-9S$LE$ez+6&=0qqjxbnHRYb{M0^1omvT zplOd1|M27GxU;Glzu(ye@1Z=*S*?QmxPbsiw*Y99?W&_6Z z!l-xkpwnH3zx#(TVtoHg*x1yJIdi8Y&=@&A7MHLPpd4$s~<5Yo>< zNqHd}lvV^vmLL>#!1l#=(d2%Kz;{^eg{~ndU)+D3e*> z7{h+#Bhur?KYaBe)HYOQK3$3A{Bm5U8l6H+SbZ|MEs=9bo_{kC<#qg$VxsNMU%3WT zCbc0-E`QF%LcD5*UFh>o2nRy=+J8TemD6K5)a^o3D2$J+y&mg+_G_pM%Aj;a;c453 zkey663PV2OEP+qV%fG`)t+TWpwb z3S(>62y!c?VM(3~-~G;a@zP!^rj>*-F%*KO_b`2iRy_F0`><~BTNrNH5655-C8bqZ zTpU7AYa?Fn4#BtiP4t>eu=}@<0uWZSlkiOqcmgWy$zO0{sefI6|vj}{Woh>_={`P zt6j*?=lqhjwl4(lp^vwH^g_A8f`__y>DXGiL@Cu38GWvkfn8wV^-@ z)E7mdiRqv%Tmo0T6HDhWLfhUg7`MkzP?QU+&jVjli8%&4B9=nvZo3_eO4Qi2cN+=~ zMx@+H%vwAjp?C;`9Zm4Lt*`|OpfnbtE`JDPmVD$;yd(YHh!iH^b{Md*P>bQ10(Em2 zquLO_`t=*3E}n!10TH`dpZw5&!yV15*5?tp;*~V;`Tb;GT(y5 zV~1fWu0fv9kDxw`ni+Fp?;J(_%z2nMs|thd9XQh6j0tB5t}Z36xxX3*HtfN^m>&Q7 z(L15@SxGGINYxgjAmW9W3LW9%daRnY1bGT4c5QzH`r5g$w2h)tvjmkTL~@1bEAoN=VTv~R;V zfZhEG)Yep?s^IJf5C)t+BzX#@qIWw`l-tuTUHy36Zh_O|glg)16lKo669I1&W5YpA zn{7bzmNzkBoQl;e=A31(*KzC{Ey27p6$~fuyepAh5+)D3(Cd`YQ08$uY2&Pg$BqYL zak1L{=8Papt{mP|ooY^5urSx-ngvsZ7@loe&QxeV4`Rq%+GJK2SE2MQ#E>!NYB6mt zS!YTe7T)qc+`8&)#gHk-@=7U&?*=ZfN_T$UWH{dlMU(JH5(pf1@uSW!wh3`P7){Uz za;zGaIa$1YWmlU`xOH3HU5mRr#i6(s2=4CgRvd!6Lvf0`y9NmE6faubr3CGp=RNEE zh4XE)RwgU=+%t38zV?PJ8TX8&Gv}qMnyw-XSEOr&WFE7>Z^0B3&rKqq}XTW#XP>i|1nI+!)O@`p> zbUZI)ZyL(B!HNbc=Y4?OuEYC#Uf{mIoeKJ&Wcc}CcIk0)h+zl4G|)S}U~4)ZWR>Lc za2+)}ny1dHc&&YJUQyY!dTche*op?9E8`nwjGKNFWtXRh15kCwW#=}^dk2zicuOF! zF2%y!F-_}iss@knKIs_b#g;z!>Ijy8m^{60tf9n+J-clP|4Z=ej|6Sm=lvgvNF+k| z1Z^%pg`(uLB`1S@Yj?U>6PE?YRLNri=IF$yz~8s789u^nLpzQv_(GTb$#PMSzr?Pr zXWjYF6G^YQNoL27*a^HVlS3Jj<$k9ko~V`$LnMqj;DdP3jd_rq`O%%D{@R`$InwlA zp^V7ws_mdx5*Z30$EsLc)92*m>^#0SI&X`HOHe}5r7bNjQ33c+7?xE+qXTCogzt^eX z?u0kH+G1-W#q8d1Q!+-cI_i9!JrEp85t?96NyfWeMAd(e_+96Nj3nE zRc_3PIS{$Z=71k{ISvzx%r_Hjx4axqyiDygVSWgatgf1ZN4gf@_ ze|$7wYqFHs(OF$zUvIFQCU#{fZw@Akm(kGH-k+Bx$D`_U`=h|~<%`+->yrcopGAja z$m-)CqtsW_HuTTL#NkP9i3<2@-+p{SI&+`R7pbVOmNYfpwY(#p)B_X5a1%u`uu4TA za2-lmVP09P-LnsB;bcdH>NuWBO;H6T329cYD6D54#?ewf7v4!;BAR)q@C-7W{;Z~J zF2K+a&TXvIYgLFM(6`%l(b4&?si{dwN(uz+VrE}sT2A;+eFFcY(GPVPcP-0JO{E?> zJ3bCpD8*g@gTcTZbX3%+GfPX$JtAR^;CUOKvFT~NK;0dkuNWl!6tAwMvwLHEUPkTMCb-e%A{Gf2Efy;lGyjBY72O(07BIE;3w~z} zLqpV`qa&35Txt7OJy(nZb1{}0mJ~cZJPD4;$w{E+*wC1Zr;Vc{>%Cv^HTY)tS|Hbi zgJDnK*qEK==Ogk}WylkDw3OSIaQV&OcJ0(8DrMGHrmPcod-6LqDFldpo?e`{@nEe< zF{1NF2bTQihoCl>Rt9UxmE}(g1sdp7iJo$+s$@Cn@L-DqdQ$%zN+1_Y{Wl25{qLek zmP2HWf_{@K8B-0D_P+t;|IU>YPy26Xc+!6-iv}Bs^8fq?3_gh~Q6|TkAK9RG3k5{c znep2onHI3-cjk{`#hAMXF}Qm$rPwq}&)bQ;|E^#UEh4<4ZM3I=HD;lmv6iRd7ScvU z(njpA;XH4Y!bB$dSErkjR`wlizWVD>k_%5Zl{Sh_A#=Q*xR7T{lyICRFPE9c_P@32 zDSBoP_0GW{8!jG+9T`XY7LI#D|2^Q?-g`(!z@=Iw!pQj3)+Hg!B|}e|wKE;%_r}Rc zg<50;M^2qES5(wU4*YL>bE=r{;n?X`v|m#CwbzHf=1L7@2fGUgyHLbw=OM#_05$d~ zLw{lh#b+JPQ7ACK6?J@t`9{a4{mC_!VB0?4WJL$Hlg8gGh@=}#-4Kq=&x1*crC2yu zFEEMWSJGS&|t!-1xMRettrrDE8p9q*2e_x1#1Ppd=Yw zhSK8TVf5ZOjQIHphRLiBVVyX8PM+(zH%-GVu{3|>KwX%!167Dm{BWac$x<23KyVK_G=XijyDk_ynR-nrhP1eZ*c zT+{kfC@u#N&&5{_V$q5%-=xfRcIRRk4R6;3j}p^j@v&;oM789nMkM=EB_{hE$a!gh zUy~_rM5BW3S8=FPuZu#o{V8fkof6Q}(ym7!W#AQ_TH*eHUL{^at$##aNyor`Xqwkg zFEN5a*z}buFOe`cnl=M%1 zKFC(Qy=Zt`q4!#Tg7n`NH-_9wngwTMJ!5M)#zJuc%6Q2fipfhI=3toqu;7@Ln_h!C-oqu&77x#-q- z5scs*FLRUnn7R9IJF0|QXAlt?1{w9Df7WDttx=AZyi;sExP}#-#~!Wqgy%_+1*Ara z8(Vz+j7Ni90c)aK$rukMf$Jn<<>dX8M;4cb=JOnay_989T?E~sU7aV4=N8_)w=MZ9k@5*LBzZ0n7G=iBkh;Q9SR5ye z^{oi1(xV%K|6`m=Em@8b#iOHF1C3l)l5~cUX(CPsP$k~CciIq$Fr>sK$J=c6Ph#0h|{WzsfDAEK*NeM!grnCL~80%vB-xtAjto@Z-2tEbNm)f!Tuc zRnVj;+ECt_)4#f=W%FJ~;*3#Jj}R-z#2Hqq4iQ9^)P0Q>4~nT7$0bHyCcLFfq7Zuk z5?A2KD<#1Zg?*x{#lDe37N2?ZWFlPtun}U^rBb9OQL>X?D}Qi`H)mhxZy&V?B8Z{R zQld;#H4!Y8%}p@BzjQJt`3)`2QY6ykI<2cD2jQvBsZtJAXq(0<6QAVdV^^)ZASp`! zXDE~TaZqj+kf=Hp=QF%3^S=vFFaCGsT^Rh*EVKUc5rNv3|CQ4XAXR)MS}-v(0g>Ip z;z9Fk?A-v8Zjq4?UJqTyTGbgDtM4|e{?u^*{l76;N{hA>Y5iA@fm6zI~O`z zKy1H5Tvc$X>o7NqU@aG1hvgCQ?h}9Xq6*^O-ZSx}5dutlgb(vv;m!E@k4yMvcaTRh zX-s!#B!z3FYBead>m$|*CBB8Auc*w1X$3rKY|EG-ou51w`|^K1Aqy!$rWlmN9@oIO zOGoa6=Z#Ua(>OeFIeMi^JGA5WhMM*9KeLvGmVSagMf~ev7(#01$#F?IIgJ+KJ~nP6 z&Sa%%J5f<>86tPbBC>}O_$+xBHZ(>Ol3Q~z-H?Db4u2XtJ*Vyi{#4A{2bySKo@8uj zK4{Lw3Wzm%Hl3yG6siCb5O}@GJ>#F|F7;iFjK5HB(F-Lk<2kzLwbjI}zxRBPxc2x? z*)-)|Nzqinh7fBv-QnrAORMA#T^<2!V&WRo4Xy_!oY$JUq7d(u@Fg{O} z$ikFRov>Fyt(f$9cVeJhhmLHC-0dggWA!gQN=O@!kBSePxhZ6zFktw5-*t00jo;(9 ziuAeExKcN)%0DkE2)$H5NcqaluYCQJh*H|60o-f1qq&d6EPt*AQb7V;Q&x$?x*~K{ zEoUrgqc&waS~q}X`bk_yGjW~Kj9W-jAMp$)sqGadix+LtkSQO4Dr{uv*em$4 z|iy=d3&#HF!bmNkId2 z;f*x1FsviMeQz$L9e4k4C2B=oU+H0A|5yn{7i$}cVYQ(mkeHhGKB?RoT}1@Ikon&& zi=(cCDheSDCe)>v)gdkh%{PArUp8a;lryNyziam8!x}}G%gqHfJL2XqBL3w@sJZX- zIe`5DH4;rnDN~kyTzfRCKLib+B%bwAHCXszE!U;of28On4^M?DlO-4yv%hEyH0@_Q zozqk;PA-I9jaOG(ngikiknWdp;#fNA2RkMrS>qtFzn6~T(^fcUnVu|usap_8hYL%R zRyE#oI^Nvry$w0ajyyITy4dVbtmWctn`nNn;)zu6V~M{cpun|>KiS?go2CaT4caM| z`1HJHH#ZY<9d7qb>)6M-fB4*mkuYZI~a)&m8SX?tTJZMTZKp*&y*h5LS7>TK}3@BwJ? zr6$YBPKq|V?!RjQneAVv5`AOsB(M!2<~F8~%|gn8-slrr^ELfAYiK@xbkQ+tvope& z1|^m$asG#~Z3I9iP?r^{Re`Z4>k^6_I%q1UB)F@dK8d9dDHu$s9m8oKm--}-mLv?f z?rrp0ia`dvnJ_wAY|~uW7wti%_3+ z66a}xdRRn)BeQ{#8x}+ zBE)Lkm#D*gd4)$cxjB(RU9AyyWzxCiFSE0McgEyC&~_4=irgL`@9L=0JXv&jGilem zwVs2u(|7BgYJSe{tsc=rO&LKLbD8?Lc3zqq{I;s5hGUm*11zM8$c*%&shW`vK4e*n z2+arIjzB%id%g4qt%NGFK`Icb?tR)KiflHgGtgzh(<##<>BAN2bqv$0JEatnSbHod ziwS1`_R#FL?=jcT3rg$=J5nu{qFdy7v4l2}eTiWXLgs<&;FS zt?Fs*`}3xcMI_u8SUqcxPNRCx`yHw0qgD)+N!(zz%Vc26^qHu|6;gI zf=nQV+h>g^F5j87=5TYQE7RYW+9 z+p96Jg4hDY+Nd6{Ywz_pOnZVU@ zGNrnF?WV7Rhx=w0U+ovEN7Uf^e~v(>>o{C;ZL$uNh)1 zCtv_3cGBhT{!`k~DM!B`!CloSYMFo91KOae?fU%EI)35($vp{Mi+N2UQ2%cd|jhP^dG^p|PgW)$d-$GHggSLuoo z#95`0a=ei@!2fMo^vAW7omYs%1f!H48h?*l4$%@wIe9Cnj!rE*>8|GNX%f1jF(rrG z(UMvYn>J}V{ZJ2Q-!xzqoNJK7PnH{{JL<8H$`~?FUK2YWsSwJYX`KCl@6wjvF`C44 z!?5{F*WwrDY=umMQFPTO(y4WiSz4#+{g6vx(d6B6Se?~{j9-nickj_`DCHl)nV{V- z-QOJ9NXTxi>+*><6+Om?@ULcW_Kt3)PV-eiIW_r!d$0~vbKG06Qr1bPSa?%RP8dGLfMl;f(jaI9S#z4vAS8ntxy;V2fo^Pj*(G5MB#4-9?gB zGplNbwam?pcE0r3sr907^X`-`C#s9sM`yO+&x1Mnv3iQF-k)bnm=@`-dA#wu$jD^{ z{4?%^IZt=lIS-m!Db} zuz8Xc$!x)`kDtzA3Hj1Ayh@d0;}9ngk}o+P~j1<19ir5^t+X!DtQ<%JNP3z2+7 z{Mg~?RFoxssI=R0%Mpw75=P9UfVw(FNFAFYgvbks5SuyU;QYz9ZxQgI^s^dCUpDMI zd|%=~AdVZ403R>kQC8)u+dqb=nZa-dz71YCPN%RL<_{h+lTSm3S{6%k&n)+mONdlG zfMN&^hsk5uW^&S@F?iwM{_i&>tYSI7CQ}{bpWvZ&b&P=jT=>{&=##W*G=+ZgJW7HV$rijS1uOUv@)`0VQ^Oq-zdDNE0cqB`wz zavxp9h_eJORt)8EO(buTO$105`M}4g9W7wTda0RO3_CL3TD=@~z*fYU4ZO6E%-d^b;;@xE zfb`Db25Pp&d=tbYGf)c^NEbLk`R~fgcF{%LL&X*#lNoI8Q~HJ2M$+kc)(S#*xO6L; z#h2Q!!DQ!CiPEG+h4yRaCjq&iYL-VYVmC)e6S`mAYZ;7@q_KyP^$g7Mwe~s(E=-!4 z-G=Y5X*%L^YDC(0yiyyk8=~ZRX!rPJ%zkr{VK(Qh`jO#3ur&hxO(DuK~z)N(j8C#6%a09YFdi-hq?2E2LW_*k;HPRJtfVkV3 z>M-2}<7&DEf8vuhoc}$>Z8x;`&pE>A$$+G#Puu}O7Hj}9@nNCXR^Jw=NAzZ8z(4vg z#pbrxl-=dH9ZY}#FCro3L$VRwkPa466!>RZWbskKx)p3aviI}V{SlT-ckm3KLMkx?4 z8F>F#KzOJo_5S^w()8omiF5~RCg@L zB{Y`oFaVrUx|PSXlCpW|!$?fcc=@rnHR#0Ip`dl-)gFGB@3k?Sc2PE{Nxg5H#Q#0ukE57L{wOWxczr6|E?oe(HM4A6SelMaOv5aLeF$X8( zwaX8pgcGXG39tDi?FE4D{e?Sz^0+?`Mn=3rF211D6=WoSC&-LamJ>E@Up&E0UFgGk zB@-rRj16>hs>@o+04u#ekPBf&jR2z>@xZ$&;`HkbPykHihO}>$P*UNXV-{c zBDnz|CMVQG(^gxXfcW!g;6USQ9(savu2dZTqfw7fBLw@pbNYhq)ngHHt%k+Ju4vUi zkSmuhb@rR6)mb7ija7`S9a8VT6rJs(d_eDvwmTw;{yK|LX675G+u$k#Je9J4^R;39Cu&Wwc1apn-d*N^pwG=-| zxmmi5AW?zN@ZFq8Kg!D8$5;R?7M7jCW9XkL_G7pXY0A>GUH0Q%_u(NbbaEN!+RgdX znDN|{mY$z9O7W%JEr zK|fM$P#{{oFUrlIjWcQS=U1Ge>mpJJgxgN|uAZ-OYAd4OZ#`mms~>f;ysw)Mb$nz$ zCVTTcm$Vg{)+`H!HUo>m1xpS`9ITT6{12NT4YLi2^i>RhK`)iSZuF7wTmp6HU|F2u5w9#1j?PXV= zsY(SCRV|@9xL1AF%H$0g3fB$BAG#!K*Xd7!6LQ>YD#$DDvaw?Al*|^~@=1at+n_O7 zY(YRCtm_)K|H1n*|N0vX@u<($2SHx6j=(DXsw6ypu+kW*aGZ5}iWKh3N3Am_(!7Zw~DDbU24KI?>J|E&QY|5r-Gw zZ(g)9iYAFAo|bGOkjNF2X%ER~s<%<2fOFs1&iNS5?;kJ%pT+&p%NTb&J86$1t7S0j zH5MeL7k*Ld%M%n&{Oyr21_GQ>y@F5!n_xTRQ~OCtoG&@lZ8S==F_g>7p2j8DH-Rnnka^>BF<+sNR>$nRJ=1 zQNukL+g^X#L$;Ab-IF__$bG+0v!bU~AZoHSIquK}6bI4|-AoA=U1do5ZSDYrf#Dl$ zi<(LF@~0>dJKhxHwtS*J1EM(M8>oM3Pj5a9#x* zdA!NW#}2OLW0%>#>&ChV3Sjy_J{f6zQ34T&HQ@5q=Kv8zz34MkSV7NXHRWf-B-%vM zvo3H{QI;8bpU>N<4-|GUg);WbG@D%?4OjN-^a*w<>4|r5WXB>&6Uh)wel18trY_tY zbB6wH9$gLGcVWMtCL(++zz}M`08Mo}4{MvvQu&0B08I=Oc$HNM^ZQfAX9i zzS0njFWF10{NwN^W6$-X_d}4~$vKw!_Z3AC{c<#8lsYPW)5huZR|ahGdvE-)jaV?2 zF=ocDDTK6yuqm#{)>w#NF(F*!*#0bh_DsUMA6S#eZx+bxpv+fOLVbL3GSD!I23937 z3h+9!^&CI*DtsFgZSh7Ma5oDqAOt7zg^XFW((TO?4$Z5_`oAO_L43y<-}~+wqU9j` zgJNWS>j)0lH&>^qzVvzVfSmTrt3jO&r#Qjh<748`Nr8_)9C5qbz7$ngq8V)v{w2SZ zmb+1;nQsYV#~Wi^?e51Rb58m#_Mv?;_V8W#e7%=QQg+61&@%cU7r;>T%WgPM zOBg#V(vpXTQaoEd>*j;f^vX{D2ENJqt#3B>{W5Qwsi1)><4I;F;qZ?)*KiUG$4f_W z7vGPDhk*|{2>ytzR|M~!@wW^LYzI|?_N`o%xl{(-c4TFE{En0{wfHvJu0Qp1 z=192*1%+cAg)r11kqyyp?Dli7)Hgh&#)3Ywg)#*}{{kkvpiAsL3`u)61s*xr{p)(d+7} zSRxP+qb5&2-?QVPk9Umdbfj6udDz*=iJ*E0@pq*Mvp~H8m$-&KPsii?j|R_2EQhV_ z7`tYCwst(_ezdCaPe#Vrc$#o?np2=xDm<^Y#G<|;Y{6RO*g9S0Jc-!34mjjmVo(BX z%l(KhSN$i$T2jIm)S?PM(cFE>Icikabc!%jyqf(I#5sbN;-AP?&s=^(@HIM|XD!hvM}bn-*6}rzh(wue$n-2Pg>Ri1OQ;873O!y7)DZ+FtQh;Eb^D#;Dh~W^gX@1j z!MN^Tc{JY{sP-`fp`Sa8hR#TqtoHr!6@D3V_jz6;xSp_|-R~?n0_o4bBVBxR-pLH| z#};aH8pa5M@XMTAQz+aI5qlC=HbFz$S_T#k^Pk(|zp7#udf@+l(Cs{>u*#G@dAhK< z8Lm*R8EpC!Yx?la+0UeKQZbsujJg6LR4c-@D^n6Ty14;KLU+IrO{v0sU)H-vn_E zt{k7F4m;(M`LnZk8Br#!QyjIrRPy3XPH!zCo8?ynneWf&uanTLc{}j-%j9^Ph~9CbTb@lgb525OXq`K>)q6A8_kosB?X%0> zI>uh#hG-0MWp*fzh&Jn*cZb?ObASCsG@LxZ15Z#0e)kqQuPR8|F6x5uOSl0ZtyR6j z<=ufrzZt*mR&9#awb1G>g6rF<-sWSUirM>veT7Fw7$YCSN^Q?a@82E>TAMB?8HVkI z&4)jdD=M%Sf+Ij?>NfqK2S6NIjGkW+t$??w3PblMQdpxC=^yl4-W zu!5viFjs!1o9^z>R@Bsq>yF@RWHJ<~s*@;L;jYY%?7{KkUJ)N?%?!V4PBvQXdJJ!o zNjWI9^d7NIjcXQnvqw#&NZ@KJgLAWKD{8Z&^{@Id$e-@5uls&n4t?`T?E6U!EPd!W z`;D>pJMoRzskWTFEa}%`$)Y`gTQgD1UZC&aGKT3*%8y19D^3UM{R-VLaNExXiGx3N zgDJg<`htv!P6^oY6u;sfrR}`&8ARsQNoSe=GWFFYD`U@3d|CMoY+cz>5PNP{5ur~u za8T>Xda!sf1DHBy`zw=_(~k|rWgnlNk5(+QvYmL^9eW5z!vR5gdt4;ijuYkFnLaJx zXlhYN7HwLo@9);;xt?;EeH`(w;$n$jVm}d}$}TNkH4hKuJW~`X!oC$>FV+KBfBtzg zH`9QpBa`tia{G;~+1pf}F1507_6M>|#Z)N{btHn1~a~usty2>D3!uD3-tfdyPmG+5&!)0^tYr#Q0-zX zppx?FCPcMG4Yx6^+ta#=9aG-5rm11pfiRle_pf}EbsJdR*1rrk)U*-piE){~5j!N! zaw&zl5ni2B;p+0QsNWxxiGAy!=(GZ{b}63pI9auKRi4xg>~Y``g7K5r>30=Jxp=Dt zIAwdgjoF~g=SlFzeYeWby?r6|>VHq^OEYXLqmoR^f1f{B{(HJN~2*Peuh8Eic%e`p5G24;f*rhLWDO`Q4n zI|^L$>Eq8Q12b)~Rd$NW>&5Zj>Q!A*4cKc_5Pp5B z_3=~Wb4WuFdD--G__@6lvyoZMzc-qiC>&PcL^yE0!w`6XM+$k}-i#H>OcO`%;)j;z z{}%;kmJCDYWXhGDFta!E^jDfJGV3eD&H(c)DpmbL^sdNDQ62!U*A9K+L~)JW2^^|` zAp=Hk>?DF@z7!u%)(`GB3Tlx2M(`}fK=^$=aN7TmzwONd$0{{gyEe{zR`GL#&j>;z z%1$2WL_4~;Q01#j_|tV`xU0vw_5N-_cY|5 zZ~dmZJ`mRPPkDX>%RyO3Yip6m2(kyy6*$xvrBIR}KX5YgX;Rx%rh|wYi4_&?E_weE zbm>)+fh~rgC^@okASaBosiVv^s>y5Diab9EYJdl+&KQN{SV&B9GW|@Bv~|JIc=s7& z)DUjuY=_d`0?1QE3yLvPj%-BikAGj=5O_KJlLR%efr2)RhZ2%$lr(`lp`5Qf<8%kJ zOhXf)PlOsTF5XE9XAfFDnQcW_5A*WJ78?5~b%QP%gvH}0lAf~q{re=a{ z?Du<-Lje_PWL71;cf;Xbw9?^Wg0*NN>_(ku@6u(7A5WDoZAXuhrp5mBLMmqh-1hrj&w&#kFMQ3&Hn zFr8)iL>h|pLOfPCa(WIYgF-pwUTlfijf~tI&^g^q4~v) z2x>{IENzyrwGSM`R@0#HD%9`ew^f~1@Ju4;JYM%Z`9W{aEDL@&8{{Gg)oY0hHf#!3 zOX6qeUzGv8G4-7=(X91@T4`Yc><{J-k!Ow33RyXWSW2BQ%DCxDVSYCBqwokjk?*Gw|W7Qr4K^OBwo7p+vmtgP`@JP&xoE++NrVn+!bv!d`&mRWvm zWKv8d3S>Nu7#cO?Kvz5@b5sDfd_0u|ey$$N-e+}&5!l`G7twX_^Yz$cV4Ox*#MLp{mY?Y$?6 zL?eE$g}~p(7PFC|5e8~;577rize%RKCXwj+cXznJn^y{Gcht_0MqGj4NUM3EVRmkN556Nw$)8f?e^&p8a7i%m3LV3siWai1pNRs8Rmfm8 z-&~|V0s{h%r>O`6A8AUWZYBB!$@tPjC+#A+`ak&g(CrX$t#5=)RH8x8OOgC@;jb)A zwX;G+U~(Ki7H#s1>!%-as_e&zrCVFB#Ulj{3J|INJLmQi~aQ*2k)J4?^Is5J$Hfc5J^C(_nk8fVni}%1> zFX>4ZZ7C@DUztswA4j~WBF~Oa#!=_-hjrsljx>KqJ(el(<4lp!Do6_oH>3ujns5+C zS{7o+7@~&lJCUrmBE{qi`v`uXCtm{bZH9Wq!i>JERrCZLQ;VOG6At>Q@JV#}qn>Yv z=5vY_TRib2baCL*tf6dRqAL~N1mh+2y%Ca~4Tx8hJ;}4{<@>@L3ZN0%u7!jTqJE=6 z$J32P##0#&5EjL*pP`oJa3q`cDUzyNgH?C>So4v50_E1U%qPcf%0qNZ$9~Dqw2;+% z{}3ru7QUFFnpKuEy3cazlcX|w406mc)2o0L={-%_B`03h+4O-i8jfz?^Mszp5dr0_ z+$>je!{MK=DrTi>c1a*0LepG|;MT@oPHDTn5c-9{r^xzGoQn*n?#$Oii9xY{6Y^Y$ z6-?K93BsJ%H!1nL+AbuvlhAOygo=&m6^>X3R@>fO)*ToOJ1|-G^*PE%L+SLP!hdl? zXAaVG$<&8p@iO2dg*5ZRN2Hc-EaFeY;w{e(Q8wj;RdcWcClS!%S6Z%oc}^^S6el@L zSP7 zB@ScI+;QYozPj=1+6dMWL<4d1@cug>{w^b8@wV3E;&COh;)DG@M}htY2r$MghX5PuZ4n~$ zg*Z7@zZE-$iIs*~zaswq=Sz<5X{Uou9$Z|3DfGp|{HME^j03exN5ufgT*#IXMp3mn z$;=IYi^r-eM=M#GI!oh$XCh@fPcr7LY#;!$^a<_w#0D50-r7?4$u!2?vz2W9)^9jK z6x)N^L#Cu+rY=YEaX9RHv>4INnC!sBua!6^rSe+Wfq`*>ny+0>qw$dNxMu^#nF}>s ziD6oCP`TJhUkokXVtT>~3wkIRJ8NJ$&%Fju8j8Kv3?P1==YQmc%=DSa)x`-vHSph%yfqx9QKIuK;&(uWmw7qY^!20TTWCCAfj4YoWKfn zqZig4(&1)47tx?BF5m+zSLMvGpee;DyNP>6RPk^Ps3L@Nh$vUgP6wGlv$fgaCQ}yu z`g}Tr%r`?;H(7OyWQo!NWl=%7os(PDUdXyV1(rvvAWHOyr-awkT5P9Ryz!-t%u{)@Ro%*T?g zFRPIVbAC1?&tE^MNF%j)2+aRlzkS+n{qTV;LS9N-BjgJG=&#L6KQi zODpbm)Bhm-2&4m0*t^6{Ma;U3VRU48i{+`v<3bqel*xKP#!X);=^6_TJq1?qeoy9h zr@Tdb$}&=!rLoul4;@3Bx!iyvrfdAJiv0)Z2kZB1_a?)v=jw2czo!Tbj{A(Gr0>(S z%Lmf751&FPs$!tT1Gh=#(3H12vdV_CkD_%^83n<*6tdMi{JCKRd^+N-@Zt~L&k2-8kUF7zC|rM1@WAj6)>k}4fpTHor`26X~s1EvGWfUM<#?9V_z8N zm72jl;us}Qw!dH2cHO0uGWDaFxK)jCMiuo#K0D`!sqJr6`^@I?BNc`X3nnZOlWN2; z^h_Y*65}SNHp|nbFegtoW!iS>$8+6fb`!;No|K21m#fkw#oQ@ep!ay{gp4ds7P+=i zI50^o%M0j6e;gh%^&_J75Rm5w(P<@=D`lTav0#Gq z11ur0VC_^kMR{mTl{T3*RaAL$F^cqa@)|;c9;&(pqhCXR^2WHJi_PTO>dS;V6-I$NnfL{6?xeWf+riA(UjUFo;zvV`z(AH&02U zB%o2V@>M=VQCyeE|1T!?ApSjExyeZivWBz-Vy4z$#qzko$Jy+fPx-Pq_gu92v4eK4 zF;%Izw{DG4$d)!jrsiiVu?TXHFKc#w=mYnLl@=t(oHz=C;TBXgWXH6}IzGF1J>=3X zl_6FO9N|;UeK7Z^UDC-4RF#EsNlv>&&NHZiTF-A;<|@ipH|h8O?AF9a#DV`TQZ5gD zENAkZo8-AWCmtY=a@t_4Mb+0*vD7zXIY?tJ`kr~&ES+JcIQ>%(;iUKpsC<@2RQ77O zVWIh2DS~zQ=EfD;V2VpXfCBh$Lm*_vQ}{``o|E4fTT?NVX_rL0{r1osmik3?N0lij zUTW%FJe94TTlk{Ml5h}RPGBxpX%Wf=r4CSEXf@CN8Tx%Psb5`0r6yVC6X9~sz#GpI zPaujjzGxKE9m|0<_(V{}%FB*FLf(%Jh2ZFSrPAT_k*|?Ngb=#z@}|kl%vBz6L(9EI zLAXlU6NG zidMZ8JV!Pi`aBthk3wWAT<)4n>3(RnP?2P>F{n~Z9D9?Zc(OTDXo{skMIs-3>u3YP z*s}S>j8(G9sl2k+@&``Pm+lz{G%MJL4>$#m_+Di6kEXp7s2({;75HM&d9C4F|ib5Z*{V`_iNAOM$aHBe-t01UftJ`NDq82bs2k_n1USH-*Jp!g7Lqj8u1yHcxUTc57exa@Sp*AOFSOo z$CFL`sQotiR6^ir{m%J_i;9-M!524-s$B!j{HPBYwnn&>|DHE{rWt(<`jjI9<5UHQ z8p3%^(rOUQSXmh{A(9~egPc~=a?Z9zVhK&a%7zynH^-CX;7|hVhWhK(#3v#;tXw_g zXgPiw=yJ|WOr@b!nhfw_^+>6H&E4lzq>m~8Z)rOmMk$|%kVpt`i&t_QF}aUa5Mt9q zr{WEI;o+OosL}xL;UF4ht4lxmm7z4O*xZDf<~ch#fBtQ?RGSDnhCK00yzIJLApx3P zru<|&;8|P1N6n1*DBC-egta+sACX_*{slE0P6cxwVr6WP?=(|RxSYj4jBzKqq%Mz0 zu-F;O%RPO`hyOkxjgLf{E64_x^i$bG_jgx>#pyv5)sH%Pecl2^E1qPuSD=y;Hw%K=u~J@ z==_un5Dx8sx#Q?c*PB0k=oyIq6KjT~8)e+B6(S+~*&iu?(-0`&URGFJilJUz_BEAY zIEys~I~A+bSHa`kaA8a(M=wJ{pkKKw_P3j@Xerk_Pn4ZIAFOz_-E&eYHs#{+jDs{r z^`uPiQ_I2sY0=?1r=nF@cc^vEp9$JNF@7d%%fR0IO%aW*O>H-hec;a`QCva;SW1Sg zEJf8Rq3f@tF-u#!6Khj=@;$N6-y;WB%Z-jDeu6=Jq&BIF;M|jvQxDE4UUspcEKG=8 zFiqM{6{u^nEa8=q5IK(;*rip>VEI89&8wZdU>VNHW&oTFRKXvOPIw~?C~Lsi9gs@N z6_eeCzrZ?HKwDk88VL~%|`IsGxS>bhlV1 zDqj^9+SPMRh%!{TAE7A9{GOX~4^22FL<2`uvg^b_R<#XJQlGKeiAJ;ttkeDTt7#VZ ziSeS4#ScWBe1*~OpOMn>p&6Sp)Sjr5$e`$eC;Ntyzm!-irlfsgw1e;jD7>*$`c#5- zeY73s7}Ao6bo$98$%~`3F#STkOm3dY{zuc8RN{hzzHWl`qGAmTRXka0CDH}J^5>$X z<^R{*S-wT}eScpXhVJf$p`}YYr39p5Ktj41rMrieP$WgVrKMwr5Co*V8-|jG-}w3d z3-^QjJU!R7_qq1jd+oLNTI={`v@R9oC{Sam%~wtud<^;{y2sD2j9g@3 zqg)2)qazw{2kg+W2E0p2yB*y5aL20se3nZ|0}+k-EY5mUW2(o|D9rrrcRbgTqI%@8 zH8FAzf&9DMvOgbn2XdGOwtOu=2_n@a5n`ip&X-!r)9dk*3@kgn?LNH#IHgo53t2uF zy{phInkcOWaC33xPtcg&7$6S)*=8bN9a|DzeiKIhqJG_c^_7uEh>Uv7tQ8-ZGG0Z< zbgWsie=53{4?BsWf$zNOsC7zCl>HNxB91r*-9jwyFRA{QAG54^hc(Boy3wV>d9cqo z>Vko;0T7>rMIvpOzc#j0ZSKl#)d_`}Zj;E=DOg6AMNj`X1GlNh0Q!P$5JQ67t?avX&@zD|x2y!Az|OOxZmM5+UJ{9mb__v8>3fyU7Y;WtQL zR{E8oA+$n$F1f-_A$s1EOzUg{2~(MoP=fP2NPrMDvTM&Q{L8m+j!#)Tnia)2gAu|* z>-HeVt?}eV+zyKx0)?j@Re^NXYCPTw5IG`p5!%%Ws8c;_|HMnyUsop}Al8LY)QKxl z^d$A5Y-H>dDhR=+vxL*w$;UEL#P;}cjj)h~jZn+q9HDf!6?i6(%Y+K}5h##J9)&vW z^k#3Kd$pxfekhB%KO6k+n*d3$Im}>oII7=R?vKLQ@$v_`xK#b4%SywP%o%RHor5a~ zqtTH$ct#YY2tt@E6{{_fW+Si-Gx0m!NhTbKLRCqEzEF?pP`H+0fbI!=6K>qyRYN~2 zP-KJvBH2ifym?e9|IUSm&+QvB*Ob1v-3_!jKy5>J`Muw$)Bj;EjQ)wj?@^VB3a^h4 zIiZYy5QQ`1r-jko5nK=AQutG(pVkE-Ld*PDFIl~xKLCtj;YDU0aEcV+<+T`_087FoSDf#--SGL`dqt&Jt6PW8{?zAM8K0P z3Z9SuMDf?~n$_fZ*+;nTC7X+mUYYdCq}-dL=+jTM-A7!gsdkz?stkIjiD$fgABiw@}Z57e@IhqY2nrk&WZ{_1c93$Tl$D$4Fd($zo3`u#BAvwjD(x1goYEc zllerj)c^WEtXc8cnc`cm)Mwv3&bV&vU*1e&7#6lykz3v;;ljQ+DNa|KZ22Z7la_^R zNXA8Y0H^?0Suy^})RXet*FA=XQ2UcEdX4f)n;YJjob{S2Gj2Tu#k)|tziSwxVBIE1 z&UB^57GBv+HN+84&`i$YyToX=F>0dVi{{~k>E`O*<&hCWO^#$!i}>+XVe;!`Aye;K zoxyZf2QT;8h3%HWGw;1#z-W#|;^K)(q+kbO;}{+)hvLcCav?|ES)KS+1G}wn^xh^d z&cCJkkt{~3u)O13A!JX8MkssyGqr)N0mpy^+u* zKtQshfRsyHY21D9XPO`FMGi;Tzb|;5eKz+c*OT4LUSm41hON?JGM5ewKoPk~?bTnk zX7yk^W6=APF3RgwDN^A9bdGeYtVDHSiyfuw7sJ?FpUBc2;eV9NLHpT1`9H+)51TKG z!)3XlU$-zx876X;IqJccO9*iSpUfVTRV!LWB<(8Mx9u19cp%sqeF|N zRNgn)3DumjiB5U6VE!nUYdp>GR&3Zj*{V!L5P27?w6~#P{sfLl(3lV-34mEsIT<3T z)uF{2W&e{{H?FVic};1l#S{I+qT^N0$YA&oI$@!`c~hm%nxA{@ya@- zV{)SsQRW>AaEC+p`zxhVIEKe>auuoc@NKU@doZ>wbqeVzT*fu9Qi20I!*3_)Zm&?E8W) zTWR+w>o=(_J7vA1)OvRC8C5F63G^BcSSv)dXqrq=s+ zBZ`g2nU+Wapbw~5<&3PK2hIvP?GnV2Yb}yrDUc?{WLF?eSq)Uw*WdSz_EBPup*hGxP0) z@QEfdyHh4~ELLL|EBEqegBy+HwO@ggJMzfx>^kHNS@Ne*>DO8TX`_^P7g`=LEd_Qq zIRbkzbGBn_VbbSu;(dPcpyEioi3#@C6f)0ZPd}J3ipIjh!Nrv0-lh}zv4x7+@h)1@ zWPDY9mPK=Bt?Is;Wfwh{KQlf$sDOP<8c)04k*NlWzQGig0DYLTD$+c3!7U2LL z_+(A#;F*VJx5uhtR&#Z@9TNrIq0Cy^TEjTIIi%f&q3spJVS0r$OtJk)>H8 zXnvM&lBjovd~jHahUUHIjbmsiPdZabMO`!N6Bh~ecjPF4FoA}nxw7R2jH8!YmGcr9 zUUfdIkq-YNpOM*W`P#+R<2SxdmM66R0F}h@V?amH5;LAt|C`+#!2Z}yEoa%u=)gd^ zOB~5H4VHo!b`Vf7&43_m+&nB|0Ig^uBxDxDZ7!+qg>hn$$jvg++)qM91-eUrG;BXCEp>NWNL%+-UdPvjSkctAkef^KZfh3EN89w{T3DW&QBeB1 zm$7-JM{Ux^4*r&P)Xo#5wNLL<-}>UM_it3%5fv+Cc3>E~hMQ2XTW)t$xE2M9NCJ8) z+@xym=RO0Twr2j}5ZmP;(ca}e=ooI*f1<2Xg7(@U!@b{*T@J?@Y{^Y^Ea!bvpFb`e z_9&T?CESP;skCc@MUR#fgdcQ%PUxVFK0z;9AgCR>f=5jvA+1@?A9bhVk)^nJg2}js z*-MJsGa+@3_T-|sRF83oPQ@mVSgne1rW$Fk>>B}V#bYD6Xg8g1 zK~p)!W`+Pxk_5ruDELve;m>K89{o?q(a=5)!#e?ox}s${*2Y@eU(qVbI*vNY?3osb z`E;5qlwG!Sp51mFf`~RtB%tc=?fGoXyjKQ?V^z{$$j?gv6kIp~=pU2YK5)v%f^OQT zI)uG0&UK88AidVIWuO*IoMYxF;?3DH=SU&EJf6( zmGym{D$g?pJ0Dsi&!CcNS=fnHx8{q_W3v z`>@r?B#87exXc5!h((X@(SsSU9XYGn9es3}7F--z-JGP?_IKk~RkRg#ZJ|n053I@V zNPMF|W;{+bPZ~2CimL)*bOgMP!S&w!61=;J)6nCpf$c4e>xMFnkJPud#~v54aM!K5p-Ml zUaaNx#R}L4U%~_kF6aZ4pi>0;h*~s65FEHbqi9`jrn&LN*gwNBM~*qTYWg4c2eQ)< zVic)fyKzMQl(tltS8cjEU!qOPwB@waWL&#^sQ?DWMr}Gt8+Q`GRuGo6%18c=0wg*o z%mp(ZLo-ox%}7IC-7s`dA^V+z((h#0)SkMQ<~RmiYS!<=WF(`G&507B0`D$Bh6XZH zAl3|EPAr;Gx$c{^@Cf#pje`K7Q9E)ZEc^o)N2%gKSKe^>0K={4Wfe8rEt=6wf249M z&C<7G`4tr*bp?1+p9D~UIPPHsbj|e><}bcmO|^;qA!paM{2Z@nz*(*@r%#r_So8Bm zTyiFAE6&I+Y5w=0Bm=j%Hw?v7iXhz4cSFSqR4j#nt;~$|C{|%3os#G&vxtwciR643 zcQpCBH_!&a$H~aHCVYm!Dqmq62R#h?Ff}!o?uBq$(sKbGzMR#IY>KB_ug> z=MGmmX?X*&pEo?B-U+;aSzcsAGH?%<>2bQQvpfU+j%10m+OH3$Z5PE@>sJkrV%k>JA#krB+kdN5OD&y=@cfV zBWNMk4hp_Nrgg!ctn)LGH)6qbzPr2Rl0 z3CiChEC(N|wxmf`q40#8wmRsjB;4!fVn+=CZYm(*`#8idj`!XT5&J!_ZrzZWerND` z$XRgF1{sRDDBpI}Vu~6S=t{ukqn`U9uZgb=(jrr^J8!tD(W@c~OD27_Al{@6KLC_# z4vt^f?K!|we>q_Mp=7j$wlPmeBe-<;K;;L`Ga!Jwxqz zypo|eY4lYV%)Isk$%JRcHY@ePDRzo?=98z4xkEt%r2il^V&A+ZhNh9Q)s(Fu(MlXV z5NH~qCS#ah5aQ~|pZfn_pxggrq}*GI6L)0VCd{TQH25D7eo#waY>ljJ+%Ff4e!a2; zzM*-h|B!XOLcOspgMl72bV*iT+Aor5y*DS=@MmbxHdbd7H#No+*H3e4`z)nhdP?$Y z*XZ+TdYXe|V(f?TSC~J7H=J^lW@Xsr(zo&djl8?mLk8_L{D|Wzx3Y6Qc`xuhh4A6m z8?peKaNN~^0MsPcCL5aua`OyK`E?d6JrrT|bP~q`LoUIB7b#!>#7fG`JK^jV^19e^ zCZm#}ZI0sHPErw64m1cc_h(NXB8gfSIHCnGY2A|(QFmwnQ-aXDSi2T|>r>~gcQ*Z; zXz~mR-o%PAEm|tPdnAr=4kS$B*%Fb7{L>^#aNs2WWtWGBA_)0ckv6uU!zJetQ(Bhm!q3MKHOZ7P4; zkV9eF*!%NqNi1;X68h(}Ledi}`5dPrzq@T$QM#4mem-9@eut!29+g0MtsFywG$i`o z)f*z@;Clho=j}(#r^Ea8=Sh|1hwHA;%|`n5`5wLva(~&V)uTuLpv4=|LJ+F#!r%Am zOTV%SR`4or#pyA6>V)$3ez4u(vHFnb*&6HhKQ+ne-Fd%-{nBINGHqio{XG+*aq z?DchN*Lt$4-O6_ckI9u|$1EYnBHlM=()H@tLz6&Jr%A(|#c<-BEEnn@>T!icy7fzA z94fLS&UsbSnH<%Y0Uk760lqjB4kq5Rf3wgeF_3S18zaGG^U>q7;#^~0)LPszfKTXg z)+p)Q5*#B3u<6v1@WO96fMbNik%*YLFNKpXNU^WjVgf&ZeR#MQmoZ%Is%jhBSX%DzF_#$mohXT?kLG0mwM zw6uH^LrtxDbA%filT!TCo}c4H{H+#W%;gRz>jw}>zbta|k>r$HAAtZ$&i4*U^#xnL zhWr&|{Py0_vDdHb-u&m;Aa%A76ns<%g@@BWyx`5m9+$ZX2A!wn#XQENVV}DNT~G%c zJ6ZN=@O60W=M?iJWG6Jx$s2g2n1Yb`7NkYin&~#cY4Hd40w{HxzXbY67T`UH}m9+iTk`9 zD@%Wl`FyzWv-HuIeCMeae^yE=q^3(e)T{&0`tDa#3g+0|IPcPRJ0tMUg6|~%5T%+T z=x1N7X|OQM$?4aa!h?z`quJCZJ^JO-{;rzl^)3<3wN6A0= zUAg3ya>>-x$&2MVKRyej5&PtS|S&r>#JjAxBI#WGw|U3|}*e^+MQ0 zDyG|1=8g7Uf|y2d()t;=)&`2_yzqn5i|w_kDK(?$hax)ekIxTkWn*!5`2I5sYIfwOVeEUNeqjWu9(6^HyY z*oRQYFOc!+piMqtY~O!{t$0l1HZIAGHQ3_CdVQbOc@!c&x5d*y}Pd8!PtgpC7#%}}h|neos(i(_LS z;O^C?DycGE9f9~{>KX9Y-F^+;byfC-c}g1xe#7lg4LIfQ+?e%-=ppS@I?Yi&c>=Ig`n*8ed z(`69zJL%7t>RayjoGB`X%=-dng@I=`*RubXbJ;uOVI6`v2IJRqHSX$NNn^KVsKoMO zghW@9N4-Cb{cI1#Qq;e|j8lhL)HO78b#+5s7Mo%b5H#ePt|y7|iV9tX^e@D?5?oIFinh#6)8sFb3UN%ujflfO@5Si)M)&jN{`$6slkhY zy$6tT^%3{@v>CN7SS(^yNC(k%0=!+dCdV9|FU>Q5P&Rf)-?v~ z@UOC25%FWUu&~WQ_G8JpNI?h>p#=T6Lv}s+!t1pq8Y#JrJ5!>0{1jOBP`!x;6B)y{ zzhfS?dYg8!K2vI$=k`PL0NZ#zQDZYs{1*r+^!1tbGUq0qEGm9Ge;T+BZvfUHqr&|8 zWkac&N*Kw>r5>&EcjbqV&D4C2_h%`QtsE>)wLZWEV^Z`2;)y_G_o~~}{oKv~IQV8TJi(lTj#Br_gC1xA=N<+6fGV+|217t$ZwfmO;#(y{Rrc0Id7v;9{I z!NPufVpzqkR0-|YVDEMm(KHSLdS*F^CHnp*SJ@rI?-$O)agoJPGA2o~xk^$tiB82d zBQx8Oul?8fulEnM*s->*nO8>r8rc3mBq!2EGGDIo(OUzVizB8PS4ZNKpDN0g2X@q#^;js-E^t|iwteHyU5wTH;Cja&B zyKDlj^h5))Qhv_EkFQs9p-8bUvDsb#>SVdSXvM1ICE1S z`&9_lJ=vcH(X_>gvKeW9rJQU6NRL4QD=TZ^*W?QId6V|zrp1Wg9{BoE12GkRt*JR1iGRin>K7BEx1Bn@SnlEOkJklH_Lr4svawrnh+tz02`djBh&23Yyj zP`*Y<+pv6FeGdmv3?-gj_tng5vQQLFI2D4n5aXo=$h+TK;fVL-S45k4yNTI(c`nw%o9N%|iMxAE4}><0F1SC_N5KoAQ37PD8zU9*lcDf? z9q{aQiP9}LH@17S;zy5ct(a|m(RufKK6H3+yIGb=^?)GJDv*hegq<$U=xfQq6-jiS zbJJ#8FwNi{o~%sUj~8rox#zrMRSbHLFE)Lxz{mxxf*mvF&6AzhhT z$rpIZRi~`&w{tgSQ3J_UvSgx7J1w}$N%KTDBgy{0^#pbNb)>Kiy0>p#m)i`M#`}cl z4mJ;+&Fhuk8XI#eHng@H-%!%hk{XmdM|x6kDd0=9R6m%WWTy!e9snj0wNb zfj%K!G;QMd_M7vJDkDhre|W<%Gio(5BIUj<7@%Hh{k&h%hqYxhrgY(5kEY~=^LI`B zSTV}mkF1@++MGd;XoicyFjQOWcaZXxc(s|?PI zg4@;>rzT^w`=fKIfU804dJ5t!Wy5vt6F#VA)hKx%N2jNsxM3>ka1^)cm%O%40zW>@ z*`{CIQ=9nom4){g10F5~WY4F>!bZkl$YdHU(4?hnL@eXAfn$B6dR1cMS*ozED=V}( z!L#Q(^Wv8H${{REnmiWJ2mA?6oG3g4rqWxGtihN+=L^(_vwHbkAK+g0R1TeJ6}X0W6gvmWMm);(Fo??!=8#P zS3jh}>^7^aqy3~!qd#17%N;C*6HybmL7Yb*Kbo;s)x5%0so11-8`Nad8kn-ljR*>m z6Qf}%7$hQ9P-$ja+9+bhj^Q*Fp1(wtS4C{2^Vv38oJ^>OsrI72rI{TQ-pnxGX~tsq z3oGOPZOv(HX7Y*2MQt+g!?pyl`cJ%QDwRTc_K)eu~gAr$+^%OPH1T0svx%tCZntk zC)TD4=P1Tbwwi;_hS^{9KO|6U4(S#Q;OZ9zkCxC4_z)@L#%w56ij&No+Ru^Q-E|t%O;rH3U*sx7&7Y?9aCs6lu{`)1?Mo-x73By4GiiV7=RGc15AQ6SP%+R-=%8kbU8wu`3mL&etdi^>_|pSvkW`s z;pQeLqi>cw&ybv~H5fV$2j)17*T3>y+`^E(kt1Y#n^JFCt;Yidl4Nk*+a7+}?3u2j zk$GEUSEaDB>+~EP+_kL?(Uc4pafm7R-%WkdWbZuK~Z16Puyoq7IKXzB^YRM~hEE}^h49G%eDs=~A zzWHM>!|Xb`0b#3q;1vCsqYn_U)lb3*`K)oa&3O+GF87D!2bvfNhV__7Lgs$>!1LF;=w2O+I6#6pSt zvOK3_1KP3^Asd+bZURvILqWnJT!uiD7h2RP^0>6N&5ll&8~|RueO)cH>4+4_nH|C2 zT+SqAnZz*2UBVR)-{ouNJ~DjTFh)xK&6s=w z7BYVO#ygxVX{ntWAK|JXEcNY%xoHg0`-2H9;0IvKF`iX-nY1 z8pwog?d$16mn;Knh|RX7@omqV1hxay5QYyCfa6+9OOH%ymJ-K~XB;>FN~#DFutQ5J z5!@7){~%y#@iMbSXH#4;a)9H13I=cafnevGvr&7gVs`E6p@xF9%N$^;3R((UQe+Z) zlb!C?P}7IW!%82R*1zUcxk<^SqN?O_s}p$?$P~z6M+?m=iv-35#xLgeMoppufd75} z^s5>5chFuKWPqPL1JT$JfWd7Z#qzWFKgc1X5i(t#&xBo-{DSPH{gp55_|y@JD~Q3K rR-Bo$5y+|Z8};~~&ccvC@!B)SHaPo1+_jkZ1>#Xt(o(FJw+j0|NG9TA literal 86882 zcmcecbx<8o@Zgak!GpU565QP_xV!U^;O_o_5Fog_>%%p;JP7XY9$X*p@Gie^U0vOu z_t$OJ*4FG!_w4rebWinsB2<-S&{2p{U|?X- zSe91y`A5Tk5Be+WS|um6cm(eA&35n$>Qmwky9t)`gb&i zSFbfwYbJ(;g_UZ<8nWtxt*xzX8Gi$3rl;q%t>69$l~+$cOG!#<7!=$^{p-~%aY}%W zuH+E9$VyC{xr$N^_#ZWR|6c@aM`hzw{7G3$qB%NaCQ8&xR0)jH71>lOGq4hhIlpvg zx0;7wEK?f4S_IjV05nLk-vBavB@rRB6)IL=}P z?3a{!XTO^#`eyqUV5`UNcGNO)PNF18TcDU3h?iK(kx2EvoW(IpH+i}{MD=n7;-G8f zn|oHy?&R&w7I8asj9krrRZpDE-cuG)BH|kGuJaO{cV|}Cg9==)SJMJCY%&8Am;;@P z-fBm$h?lTM+^8}dB3=Fta-y<=PIW%hy$JusiMul&dQOi~+x1)A$x7l{82H2ez&K)_ZE`I7ejMPWQ~v=^{j1U) zbwJkCZLJDm1WHj5c!$aM{kuZnMw;1Z;c)lWx4GtxBejWwAy(`%p-5_8NdrtLIU=mz zJ}Wh891Q5<75rP|a}rpYp9Jl1o$A&;Ec?iZB&>ye+1D)UYWDyK)FRZ)c`utw-^g{C zs}4sF<)`B9o`(!|A+iQ<(Ef={Ium4h**9Sq{(@RMDI70OB$W?-_05s*rapeUp@{1& zMf+v=u;!_-RbJQkZHz|&KR2?lfl(|a_p)zF&@gK<>>T`;>&4<~gyR$^)XlQi+(-Fm z&R0P%K+}T_PYM85u7FCz%BikKl&qP;Y0hTgg4SpL2TJ{YWAE0_z}9AwQxDZGDg~3J ztL@(}7#sfF#*)lzE|$<4#(J9Ksbk(Ft7X^XeH|;MmDyvrd#g`T=?0A`%H*U;lN+mda`xGPb0CjJ~Ii%_P@c(fcJj6{ONkpdE8L zO}RvlgW_Nkhl^MA0Qb9lDZ1zGf%g0&#oooeggD)AAngh(RX{hrfsO9WDBwzKI z^nKRTz!+F{!WTzRBM(THNFSe1UuK5~hYHwp>PfeA6SnU)|KJ$!7x}SlPHsy#HXc_5 zQV~hFRDQ7IE;z>2K~>tKWTE-qgGr#YvQHi0Ow^Fu>^#-zPJ}Yv*(!^fHxuF|m64Vi z&nFO*S;vgbSsDT2g(xlGPA3CImYQGD7v6mOo_G;_i-?{cspfni+d=zUV)(m{6$`3K zDGZ|wd4f>;&=Y2%=k(`HOjhHNpVYhvBNJauCXZ}RYd}7{nN6oYENr_;*W*v-f^j(k z9Anum$_7(ZfuUL5+P;)~-HXXG2?Xw#4Vi3#Q#bzAGnxm7Oa{MSv}RPYaXzm2b9*gu z*4x-<8!C3BY6u;!vomvI2SO0RJD8Z|yK|buso<8G=R4EIDZsq19;F4LxG?jO5Z8vu zkaq3E+f^$4+)oBL>3ij2gpwl@G&v z(^jOqMwYC`?iLn^w2%?VQ{n$fBV0776Uf|TrL^oYY!jj8rNopg3|5Y^fPTZZP^B>v z_;|OfLL~KVBb>MjG@GG9xfP>HOc@jW0mtc3Lz~FmBU=U%!>on>yJoD;VW)({Mg*oB zKq1xprl7j3lnmR6?7Y#ksZ7Ll@H2Llz?XJH;jt9@H-rKj!K-tB3?9I;`0| zh!d1r+2#QP(NCI}vSUR&KM+3wXAWojE&A*28M@q#GchXj)Ca8+5kFd{EsYyw-Uwn! zyi!eo`3+`wxZwQD_Txrv5Xsl=_bRMPkv_?>MS=r0y@fGNyA~)S~=H?;Wd&Mu)~| zgd4#eCtejGl#a_9$kd1*>(>W66{3By6Zh<$fNJ{6U%uq=G%eHF%D$u{j{FN__R0BH zH_yKC%0vk&v(>AL*Tq%Xl*Z=7jB$vWCn24Jyq`bEmS$bU60zp;HTHsPFPa7$@nimzHI=bR6a4zj1njY|i@-PZ$elq>md^2xD%M%VA z-#X8^(%iee6P-dSGo-cw{UOzMX8{ql0s_Ijz3d0S$p^yj?d_G*`u`q|*C8bM}US?onO%TFns*vU^fEG*`1wtJ6L z7w;Q^!sOEb`dMsl8BE=hw5%3fDK48vPF)5deuA2_Y6S0QR2mq+&e=Im5s4a46mleS zPzvT~?ef1OHu?;_e?SL69XQJyQ4#rn0UK-ZWv=b+CQYss+UBWX2uewcLaaPslw zm2TFma#oSqq=OL7gO9HY$v+{`n1Oie_;1S9-)?56pYPNZ374;q95h%X*L9}i@r$A& zrf=WRmDf>tN(=KW7wxtpEJmwgD8=?YSHdaHy#mAv^ru=(vgT6qXU*3mbl)7ZaDSJV}hAUN_z0&e@?1#vezw=Jfy&J)W}_ z#Ig1LFmga`vrh+qu;l?M!(-<0`~j%frV`D;`8dmLu@dc$_P2Vypw zvY`LTgDG|UbK9CKFW6ABN0XgCo0vP$+0X8NAwq#RfcMI}9D^3Z{_VrPUP{fxYV+IB z``g-L6R4A=1SRmHNtE~n1HMB5kF?eF*4l*j6U`)2(A*buw>^hxA^K0l@zjgzT%k=qLK~Z?x;t!R9%4&jJj#W~H)W2HlU!&ySjFmS? zBv_5Lra4hMd;u#(G6_-EoYk18XGRXw$A@o2o`u)h1}(`*A!XOEDTg>isQ}9`$&I65 zDK3JT1htR!%Ig`lst}QCdB0$UIM+{}K4~d#jh+>2jd9Gvaw`^m-Um`0L~rsPVk;kQ z5gW5}ohS-psTC^O`3vsR$?iVtfY09ggWXzz_X#My$1T@6*Q#tRtd)D%n zFb{PoFIV;^OD}Ge9;tsKp?r*aX5vN|F*@jSmVB(p2sAI`D5ZmExP_q3FrTbN9NoiS zc#8ow^gzJ&=gVgaIT3`Gb#Itskactmkg1TEIaS*%`aTX}BTU2BCm7z3d$)lO$^5P?pklxPf> zr^~9lK77LoI_>Ze1tINB$AS%@UXy$dN^8h5z=_$oc~4$#xA2q8viTPMgCihaY2~Ya z^l3cscu`HMamP~=!{lJw(_o3r;Z{p#lqUfTmt3priv94SMChTki_trM|~$YhZWlH7Vq`|@waWVyHjl`EK~$v|D_tFY4km`G*) zw}VAP`m>{9u)XvX#@6k`wRutLE3D7t`mLh2^A#ai>o=q?lG^q~Uy};HM$s|}aafH6 z70;W0vm^?O|V?O=j@hfYM535TDyl}&If?i^;S2vh48?h2sAlr-U`{v@quil*#;S|Kvx4_O2!`txPn^C4a`YY$l)y-hBH7hsW()gf*Uo z*5|9SRvGa@a8Fu&oMaNT>q)LMx%emLZQ_Ur+ zb^k8>^ZM~sUFzqzi1GwM5ixBuiNw7C_V>QLJ5F!US4wJ=yAoQpvBk}@4YD^SGCe!^ zzm&t4@<~*TS@(cV_Z}4Rq^QIqHHo4?X%YSsHb<_+bdY#pnCby|Eb-%(n1{C7;GtUk zs~LXaSMK6huoN!@R<#IBU*s7H%e$L*nWwi6)ekm!p+-7*yHi3PebpIR zzFjYk(z#BZ9?eOUr`G_s&g=3oOf~l@sE`pV5nuW&~a(y*Nqqo=35w1^l zE;RYDw9!B0@-;aLqmDlE`m{fko=#ub4K^Es5Ajp(_+PE|Sqn|WJ)I1WX2+70xi?9C!MpFA;c4v;l{u?VLw(HX?%AnGlySsq<{qh9? zR7iV*z~L6mor zLS(CT?xAjt#Q-VWP@kww{xMEQ z)Y0&1J${U+Ta-JT(y>ns7U7ijP~*v>)&13MjzzSmCMo@W3*FdT4oUpe1I1Zuk_0o0 z*86qOjYjFDzSWK(x@Vp?XsbOSjv=e=erJFraFb5>v)yeG=ukp|!hE6d%}I$m0bvVR zx7%DVgvn}@)%CjfZq>F@8v-JBY++3ei?g7}qTk{6u2R%h8MAOrhHlcDm*-1Y5h7kNl3TUWG>TG#vOeOFe8 z*UJff0?p6TZilUNzhzIuEp*n2r=YT-Da4rPm{Vc&`}Bjwfc*w@sT&k9?c-t&zEN}< zFX-x39Binrx`LZ>wsYLH24EF!+g0=2S(^sD^KtuK6?9?ZG}nl{_O)}mD4r%|sl3%) zKQ2XKI(FQ#@{ah!YHI0DfVT0zzi331o5@{YYz2x7$Cx+cTDdP}cytTg3eE5-Wz?v? zuDzzjL$K?8h(Zf3dT5~KGI?KcVc_TJl*xn|FC-#;h)fJ?ojwS^x8Fu)irg>k9>OYt z9w!-jrl{pS@5sBK78%!q08ZaX!Y4*lV(m8ET_2beXfk>|GhWw@Wp|zFeD?tgOX4w0 z_!MI$MK3{JQk<)$ND}DHG8-bHzYPPPnp~`j6u%hpKzPe~AtjbCs{(=axOHdCICIf9 zWe3;wsL{S#6iA%H*g3XIrS~LT1WoX8w?s!c7B+G;#Q^8AcT7 zN^91J+1={Gn(yoTawlB=wZuGMln$gpJC%0Ggh%pZXIFKMnuyk+LRnnyY8TJtLrG zIL|GQ<`kd#=4(ACSo8*{nwjMruDP47ez@?=vFd3{N~iuK?Oyazl2R}T}& zXz$kvrHL#aU)DkkKhe?`5uOvrWd&TkX~t5oDTZafTh4v|5r*(sS=6Rc(89w_c# z*|qCX9#fbw3Gg4FU;zZ0#7gA@7%7MXyUAgT@VDqWHE87~Pk1d>KNhJ52$uc?rU)_b zrSgle#j<8rHFEVCD0!Z=JWGv$uI55I@}=$MRq_-PMbYxsz8~X^Qa05r7S$wcuuxO9 zAYEU?ZYZUR>=-dB^ z=d!E49yqv2eu@nZjE&p$8e2DFy15T^dp__AtT1u@;_&+LLL+`SsBXy)hpDvQv`1(m z7Oz}M@i5^{GRm~w&^{R3>+0jwDN|=Xj|m}-7C+kRr=1xLW+;jT*?cSCs0^z% z@}1AV%B|AzGhT5b(b*aIz~!$!%;TUTB~i|>=wS~D*ll)DnCC6P32f_v&L%d@={N{* zLnl&;AaIX=m}2ToGl;$^`R|cal11W#&8DGCOSJ1R7c|@-5y-`(*m0dAXSmHjrUlZt zFV)T2@qRw%#n&;}jwv72u6W6A}X*cPw4o?ZOrmsD!o$MU>K5XujCiLB?S z%kuIV#q4;yFrka|I6G1xg4B7mkS`b9u9s}arjE?2d*DJSU49*M4yH6jS}*tX#y{5Z zeAyo%X1wf%(WS61YbUA_pa+8+g)AEd?% zFZNyc?En0s$W)bPmv*-!A|z8FvPc(d-7O%2Fb3UccZr&MF9pAmWD5eg++vE{JiL%*c3AcjnZ zq0I+l11$bjk5M3{Oaw(){;noGK2Z4kQIeQ$fAkeD^h%||^JIOIh5AU79qCX`Q9HbJ zzXOj6@nv_gbzDj2Tam$3i;e#4-c+N_z0uG<<_!&=r;9abP4)ZgjaS3xwRcsnF$&_1 z+NTn`+Ht*)hsMj%N00O|<}}L4>!TTs$ltpl*O%h=uZxE-02Nh4v9#7#p>``^o11$Y zCEeE=gCs8vxHP2LPaed{j~nJ&dmQ@7qE75Rpojolp*uUHuI}sJiV|QFMtGLYeBjU! zWG65}fAL-S{_k41z4Nl%oMshPvHEC7G&%LhC&s6%yn*+{FG9MEN}>WIeDtF9GZNZ( zqC`ysIbS;dtT?tB_Ny`_Gx+I{EEFrU43||2T1c&4Iz~w}DVsbI;asZr8@AH6;7<|> zY_+|ydI+*|y?Z?C&0FRyPMS?6Sk23C&)Y04u1ES(`6v5|7uSeQ`nNEW*Msz28L2Ln-Qt zutvw&tBuHG7Z*paQOtyqN3qNoYqU6qrfE&=dbRdbM2na)k`v^$hue*oESaEM*xg2W zO*b1`qLI97#WLZd>mHSK0@zofdZT6QLCij6o4zX z84uB9GtajcyOKwFbHSWL_gwo|v}h(2ZSa3Q`g$vmszwXzPeQWQu>@2AGPscvF#sWx@F3>`&g zX)ksHf9lr)M!(VT9Wil~`2BW|0~<{y{~EAancUwgk{zX!gkl)a@D~0H-MW9G;L?D2 zVYv%Z8$9IGW9hD^dB&jc4TLGm=M}NS*U8+068ynb9TpJ8Z}X*;6_d>h)Gc*~B`>WR za=#QTG=aD%l`P#y=P&zFCj0)}?RTecgHJsV#=YQEWu;2?a=;7cLr8w{VcR)F7PxT)Vc>re$ra=MRf$X+JS#wY_B3^Jz%k4-Ul4vr4AWw}WFb$xjYrX7w!iger< zQx5o}*8+*F#~4wFB^io;tP)PnU!64LRv){qJfkmrYqO`j;o$c2utvffyPd$~LexKaKV1$-A`<{=M zE%A#z9Gq2)NkVH5=&fL3i`Hn20~#Ttr^nQcH@;Zd9R7wuFM53TS*I^A_XL3#{%=z! z;+mV`gd!bI?=v^GBJ_qhJlV6_`~g<{)xSq{l)pZCkf^yE%VSUXD>Jai&|kOtW7c{qgm0)PkF6@ovsI)Dm- z^yf%ttn{uYm){z9dys`5?*58w<*3ljq?5Yt+&*^wwGw<$y9bYzylE`O7`oT?8;C9s z8!NPCO4=<#oL|cIyt=k*s1~G%zJ`DCPUS3wy@oOd~D? zYQC6nIe~2wuk!nx;^^0+c>?#QMH$b=m0?wg47?7ebPj+ z4WIQNmp^pL7DwA|pQa>1s#osYNAgW6pl8?%;MQ5NM-<-i7rY%UcZ=H3q(V)5Cx5np zU_CQ2mgBX<%_Jv)FmHIn-4iGexAtAtUL=*@UzfV^O3kkf22-@siq#f?5O_YrN*dyB zQ+G@KXyR$p=(YegQb(VMjQe=9J@x!;5YfNsEu0$!0=~3JZP);FJ`^o)>A-WfM>pV z6j2T@s54?qzw<(yfkiVd0i#4huZ$(2vPi#L|9-Q8vAzH{w10m=FW*=8T4bwju15#S z_YQ?{>HBLeg58v2#tp&POO_=nf#Z=?EpSOu4_|BgZpg(`G<7NOXQ5*_4^KJjJxxaS zrdzit$Hd5nqxyr>J+$-Ub~u8O2z{wqu*)Tx_IuBkVD}d=Uu?zxfHJ(GkQpO%gueAX z4ks-)9sDZ06fD{oquqgd_SS0)p?}L9Dca-oOR=6KTi(zZy>il-9nfT4Kp1_%`2Fzf zlY<-i64Bk%AFc50_H(xV6b7wNgvIeXHT~-KiUq7s*1Pj>Pvmo2;l7OoxjIy^>4p7MBiL|M?0C((yrF>G*ZkE{z@pVQ1&jW+<2}WOMzY2UU_y~ zG(_Klzs;v04nxKwP}eCj0$aRaec7VVerktWZaO&`joTDqYn{C$Is}n4YzEXGOj4ZjTYjeheBh{C znrgy>T(;HX!*2!I-;Lk?370x-dl|&DKRN%>E1Zm~o!$YNB^jOtuE!swQfTZv0VJmY z1|2JxyMN*Zl2ig8K8{`!DV}lEY-aX>Jzif$NV&KcV1)x6s->Gx#76f%E-)IaZl0R& zV7OUd6_zJVKWm{P`>Nf3Rr*u`n?tay^4uOc&}5K@{B&uWq2vGk*!X-YcJ0|AgV*IB z67|9TRTp*n?Im-iL;X4WY`Q!FbuK>u2S4E2)_p1i2U0_SrM*jV{Z{AH(j6=vW4kmv zw3x5m?M>|YW^=z(3Etu^`r)-^^f0UIB_oKIF_gthfkTWapRN+a^ z`b!(gsXJy$o6ScEjJR3ky8zmi&LsXvEByyqwZG^7Be3u#|9=ozyZ;KRui*SkhhdAR z2V9DgcU7eT#=j1U*wT-8uK~VX^z2qf%sky?~h4E z;qUM5skUjM8$qQsjE+>Z$1GJ5C!hjtZEfliy7Y|RIAkF8awe%%<;ltV`g+1JX2aHa z{c`z&7nNyEYUtW?3JzJ1M7H8`Q}XUitMv}>Lr`XOKGPfLLo`9M`u3aw{+9VNei=eUAd)a|2p7^9*a(f{y5~pCH1^~4pJqOmXKHYH(CDLf~qq;N7_$QyDzm-)m{&cMs zS?YM!McF&?a0{O#TZn0>#Qo>r6`%CM6(l*zd5NjYg_*^B$-~RvA{5o~IS@n4%o`~s z!?Wf`m*u+tMBbku(jv!TFt>I@{9lsUkI85u@|jsVL_}!}I>U*sc%j4+_V)Nc7ZCHc zwKP1mnq=`#lx}1u31|O_Vf^m_yW^9iNmDw-zD!`oL{H(5;nHd5Tj7}qAFlc{&>2&K19a{TVLDzx<2NUb;s%hRCwXB8p;+iEJGIcvojMtI9mjAaHv7ExNh zhCdog=yWhXru@RgX#BW*WJ<*rAx49i;2TZ4xqh)6F^3#wG#^uh2!|`pq+ztl)}fOX zrm2l5{y#>%4t*}6iyx)x?r`At40^>JVb$C_IQXOQqwDVP>KiK`MI68gFC&eN`zr-@ zCy@;qQ7IPh!-uH++v5PTR5b$U^p!C!kF!-AsyvzfMcG@#s+y>c#sILY=l@a9Z8dpM z1XeQtIz)NTf-xykg8c)nt|dHP->@>i^6sAp)fpr9qYS4QmNRp)p{jaPO(J!t;O`{W z)$ii{dJA&0@T?st(Z0|rAey>fpl?_2zI&ppQugfx1M*BD3+|>t_eDX0Drv*9h=>{nf z<(X$GjTrv|U`_`SdqW;H(SjCnoD`qraWJyvOr)lkyQ$9dQ(kJ3hU}NW>%21&K8X@B z!O8iQgdc1z3VtxV{QNi6B@(!@onuTfr3_s;UfJ`rfzRIVB@IT$L8PEEmOz)d{~_yW z4a$F!?Oo>-lGOM`tm^mmkNC33Y@vGXxQvRLRuprojxUIA$Qo?Odn1}oQsr7#6_pGh z*1-bNq^s*Y{UaJ^Upu~bnEaL4Pl?&OwLVu_0igX$h6}^cFrdXRJcK8obbWmMr1*r4 z>X{-0-%{NDVYy)J`q@6Af18`|M`8TfufzW|{-l)q8a4MT2gpkoIcBNR#*G<+alW<) z9fr)&y+r*3n@fqyW1dr3mn;tVu=Mr58>-9OhRGKt70JSmCgO-yGcD9juQOTKv_GrN zR~Whzve(t0A9Gp}Rb`(3`1C=qY@QAtT6)I%UtB0YI89rHvG~4!w3m2xc6PYKUZz|r zVVbWU%BK>lTVaAqYDrvK6J5JSSc2l8$y;TE9gI`lB)c6-`)@C{e5A>Q@@Hq${+jYc z0R79@e@;~L||e6C#>G{tN%W2~g5 zqlMfWbw|iwSASQZWYx;uN~K=C5V+8>u!TCPexIfmavMd198GDOer408o4jJRiCrYv zs%FVv1Mr=3v+k(KL?Rpdh`1Z##+@-(Ts%t=Bkp?^VK4E}p8O=*A6NsRZ*#RU?dB6@ z6%gSEF!7lD%-pjf!bglnAM~QsgTuBIL&h--*nV#O%Z^_0V~E|1B}=Vup~6ti-SP|e z^6+L@zh#~70>|cS8vF${C2z*kqS}2L>}{p=cwVWG$5PuNg$8i-VWHCjy@Pq_-FEb$0$wNzo<$%#_aA7YXd4In^6sdLl2U4^O;RXm)4tM)V>FcQ$O9{D>PNvi zh|J4OWy!q+AJ_agXy2~}>WJV8T69I|WSzGem}4|@iZmt=RE6Rftp`5aJ?M}plMyU$ zQv{4}1&BO3j~;!EO58jn{FVWg)U1T2fcmd*T(vk{?A3jx^~02FXRw*jnZ#DK`KDlZ z^^=fM;Vx2Km=NI%_qQw9opckN5F9^jn{`~G9Rfij1P7zGAA{MpQQ; z_;=<}-)8ASdO)L@HA+9#Cn7qF6zTbTg~@82WZ3vl@ior?-?csXOuj&R_i^N1WGV{` zBq?do*Mn2KBIFznuFp*{{x;&rtBX~?tCrYTlCSEwoj$9pqcAW4t3j$rQYCwc;ZoVH z-gXlQMhevhMFz*xYBA1x1C76Ic){0SfBQWN-3Q`TlT{a5E7ME3ax$Uiw{;U)e` zf8?ask@|}O^Nwmu`4j)M0ctb-Xn6n|k+W=Op%IQKytX^<0v{jKL6?q8^3}jRZh|Fl z7S)A%ylGH*@ZVa%qTwj7MTU19bld46g)+hQ{kBu1#Ojtg+JDA%`I*{_8skia{q$DvMDKB;-6e3dILQpWk zY30U_zfk$$&8x!eX1M6n)|5jcS)zi47znbb46)CyDmZc;dS9=<1KtMF2j=-;HTmox zbXRUgZPbf;dA?n|RuBD?S-)Lcp;5T#fEcIGdQ6`*4TU(a12^6JN6%TKU2dO5TdIJD zG%Xq3fSkfaEUqdjaekDp@AuP!KqDY_qw7_v-v!>A!f6v5}Sj@tykMq=SZnF z?{?>TB=7vLjt_U2f+OG1KvETwTTDx^94)y5L->dZwBvhlyr^Y($cUe?8Be(NBlJ^H z;e!hsxI+wlk5r>aE3_!ts%DRv$b{Ld4pQ?b%!H8Nwq{uoLo$dcpqD=L`y{MZ{*4~1 z_jtyo{%G7mGFG2x!idJjVS)=v$k}wYD-7 zkYR&BvaYtk`&u`|T>h7rN{_XPI~^IILDYSox6fPamzyv{(d*qt1xyz#uVmBb_@LcG z`Vm2A9iasR;?02zle)GVDn{A);f-Vl0n#k-n$??==K_e%BuSn5i&-A;VGRM{4K*vN zpyF?|bxw=pb@3sL*J1RJi5%n4q0OXqc84o~7FMG7)7ONDNvP-Hk_QzZmzm<2#$jHD zcF=4M(wEMdlnitw`$9WOmJbtI;J~2)05EF~x}7VP1ZV5`Fc1k7nH67z93$WE`w#u< zh+}>;pF80u@gxsDnWxhRG0n=AMrX#x*udF)IIbXlfH{$2cpOE(G^w=n-)^+_Y34;}z@DJ(hv>qR6yDJO; zV+=|SV1VWdwkF9em$}MPIq;c=X46 zOB|N$geXeC7My$~@*25WA@I&rMA3x%YZ`Wrw z=O~P_>3ezB&=gp!+Xj5eh3}XY?Ig^6K)jQ!KhL<}$nU9+TP-QtEEO544Ab?7v5r&r)nW`5-Yy}|w&wS%1mktZI ztLZE^R(D%%E}Ns4p&`wLS$jc|0ejrfTwhxZ#=P9lGwSLs(%NBMBvfU-mB4-uRz=5E zP8oLGleEaFtJ}lg7xD7}DmC_LVd47SyFe18cYW+Ux&+-tOX&a7|`dSkGKAoO85SBZ3=RG`3m5g-Ej1R1k?>|~b; zRp7!*QWi}d%w^^^p{Ot{(Mv86JE!iSnd(pknrL}()s8D8@&j!AQ3TFi4}@Ycy?FB}^y-#kx}zx47*Zt$5M(_;l&9WT+`7G(ne*2wHtH;tR zFE6qY)z_gTB@MjuJb;H*C=5ZfD(ZsQr-ebRS#PQPJLP96vDXXBo@sGL7?zKVMI8AVeOVWq-oa}J)FdIjcl|fCf1`L=DvW6>6}!;= z?yCZiR8$h@Yg@oRr!dU$`~yULME`_R$yJlj z9ZisNGKTaxcOB0lBum+`)hH$YL_{#oy_)Ns911dTm53r5DE|TfL!+W+#q+aq$+OhS zU0FG9Jgk&j^tA0A1?y7&xO~c@?)_Av>{ocXVY(Tg>&9}TXDRFkxD5T0$&s{Bq)@I5 z0&i;{f_Py^iSUUrj0~L-znAMr^UyXRk|9djN)#1xSMTH6!!z*gX=_PFbrb38&;8t3F7$t==d5}f5iSz4Pxxb!O@&KiFi<<1{R7F%J&X1Ip$J;=g{EckF$AMX+Vh?)PO z=^a49-pI?r+4r4%-sd#9T;L$%8>Uqt#1T(y zjPzi7gd=3suF6k@lA*z&`hR-c(|YYAVE@Fw*X-c-I*uo^=t%ZKZ*I|8&`+2T+ii=B zx`)#B*2~1ywrO&;Btwwkk9(W1Xw)xM8O7I@y)xqF@~JS& z@^1%Q6$w)HKZ#NdO?NeFYp^P|3WNp!j{G3=nlcQylRj+qD;z3ukNQ-7R(2=<*^Kx( z))Df!*|dAZX1_ihR2W%PSXB1i)qny}7s#0|UERo$y3+0#vRE}w6i5i3pWt(!THQfV zFEqfhs#Aut3;$5g0|ac(WH7QqXm+eHlv}*Liu@u?ItHr^youxboExUp>q`b;DN{J{vJqb`jP2Opd-c~PDBE;e0^Er7Lq4=a zZIF?@Y8w>M@h_{7D_*7W?{N#XjX&Gn7;j#G*=je{+ovhqp9-hbE~vKwbo8)TX@gSQVQcd|wrD*mp;RrXt=V5`duh)L(RmXm#I z73iXf*`8uAt1@zHyJ;4L$*M7Cy*X`=OMNj1>QYT0&IHoNJRn%zOg1 zvhrYjp=4>Cb$oxwXok!Rn5k1+orr(OSv}jhd(>`@H88$XCA~PP=yE=!Pt&*{=_%F> zGhP)%(mp-7h+2F1NIJ5k-3U|Ee^Qwqp;wNI6S5ONu&e!r8XDtwxB*_VGXop(Ht6s$ zo^_w>q&lFoKsuVerEiEpO@8ePf&P}@B2fF%-%9{y8KV`CJp z%(hRmfwGKScatWE1)y35o|)SI0w%i`Ku>A(}E?Szin&o;;j5O3SN-gsmV+_7pn6 zNKFFblq66udH;wmUM#)XXHpUGbPa9(9&I@5J0qXlil7vNSt+3+l0%Yh9H8js-$qS4 z*f!|=oPe<>(xmXO>0f&fldlk#tRltzBc&g5mvY+p6LD-BjDk^fN*ogBypRr6udjCAuW693- z_fIR_M1mFlP~Ks9Kdv)j7y&(kC}6nl-ft@RJ}m2sL9p=h!I|&zfrs%v9R2*DFMcGi z>sQy1b0GVgTW@)PRWuxTmd{g@`-F)~b@_D*Q~ok?6hLl=-+u3^a&KEOF4hoT9{;d= zL<$f}iZx}JGN)qG+m%ECRZ@At%+^hwr$(V72CEkv28n<*fu7ZSUdOg z?mw`v$1wRZ%x zq7sAFxt#iZV^Kyzd6dl!l!Y}E1BV=hECtA$nwKu5?d|MZjI}lYIhj*Gj6ex4pckVL zZ$NQ$IA{ugh;o4!{4u-&yA*|}8JxH$ln5U-3d~V5^9;z+nyuI2?E~NJfe~R!53irc z3T&r=LZSx?^`r@gZVC-pm4To+Vgd&2kLbbaM7?b3Fh(PR*arLr4FeSk7&WWI0>ndk zA2_A=L1ckz9)dcW5c()1XpHTFum*9Kx-hO$#vlas$x#-u6yuXYJy?Os(akv~gM^6m zEeKVMj>_R~PyE5;zworXe|-h2W&kk9=#V_g0mS-j(GCljp!P$YQ0+a09*k0AMwK7m4TS*%Hu)sK4IaCd8H8y1?GR$59d#lUtBMg zn>NGSo34a^vV-aP{Uk~VDcSkX#%{X_9dGw^oe>DxXfmZhS=yZz{67x5`D;53q_91G zZ;5UijkmitEImbZym9f({qC`+ng5D9n#-sEQf$Bki4k*Syx}ud5%6$%35$xL;cW?x z=Gy)uk;tyQtFxsQ(KofMrseFZA@;W}RSH|FG+r7Cv7Zb|a%P3eySk#ZxEKIM^hv0$ zYotJ=jAh*GSH?16=k~+Fa8pUGxjbgm!5ozo8T)%kd#NQKj3Xg$oeFBUSZ`t`y$DI# z8HcEE7Qpqa>1uB<$bd9`vG%OVC@qP}5FO*5GL8Wv#_(|=(_EBOXUSW3%qEeODqA~! z6U5?0z@J8EhYLUOSZlnnKG{%Hc{E4vW(B{TpL@R>nktpe-4jwhqhRw_jMj@@TvTi= zI77+I(%?WNQ^19asz*w;>ctaDtnT8?EB0DLooI#4cFV_rWHflFNhf7{y7e=lWjeIg zB@v|y_9K&7vAQ$M_z3~N9rHIa%?iS;=kJG(TV-=;oGiPmcOYim-;HRMQ|maHShu9w^9e%p;FMPvWoCA-I-_ZRy32f}&9ezjcWq_=op zq~2DmXV+7Wiyn_3z3A`hW4nHFlLRY4Usg`QK6>!#y=Fhu8MrNmud&B$k;#hU<*>Vc zExeQKW9#8{qt3#9OjjhiSo-S(jCr7Vd9E^MCr8RjIjrja{_#*#xHjkOW2^(tTRty( zp2$!<^}YS%vXaC0PxBJo40&gT@Ym*R_(_d2KY!;%-|%EcbeeXmu7}Ibxo>}bK$H8h zhxcjB6bW^*X76onBZX+GI8SdvVydU%3_G;>6t1V)!paV9FV?5Y!5#*c;PJu31%X61 z3WDqxH;lNlT#cT`ne1gm_et*G9sivf&VwvX?E}`c+qfV-U9acg>J%$$%8zCtb{{V` zUR&9X6x+yYYSrt`$2x&*wioQ$&{LS2Z+c^X&>pyX2tRQK2btWlCF5TWx(pvZwn}S$jb{#bUovpxumiGIM?xLy92X0E z0S@ixR5&~Hp|Sa_to^Yw>rm;X;YV~{riT;pGSf#P1a(D)1d*{@9*(z{9eBS+sBWhm zWAI1v!8hxK(m9^iRw`zpeQnZDrgtxbVK#T=(K|ZgzGNzr} z!~FPB^Yaq}PBCxoznb&&vx`K*xvPtZS?z7i>$K0@78I3820X8ZqOl1TllBv$rkHIdhY3 zQY^`PWaQpKw2NDk|A&GNyx_Ff+Zx+-a~j@;A9<9j zd>=yW4=Zj5NCMa>>0omNr?@|hcz=e94vKpc;s&5<-lhFN%+(h7!kN$lb+}oZBcdpd z0nQw^U{oH?(<)=H5J6}Lc(*6@>ZW2;Zv?<;p>2_qYxp#6hw-um$Z@UJSy3bu{Tmix z=xYurFy;&g5v4sG*yCfuIjf^I1Y-W3n?S4hrc{9>gQYpKOi)j*nkypuoq+ zmA}#FYf&16Q=r}^1I6tX0H4=2=Gv~*!}GnW)5}Js8N_Ol^*{9az9va@Q$~ci=#E#K zQeClRzf{P`j~I1qR=oz>#mBYKPmVU4EPkP9rTg-!9UmTXP3C#CYhKy(gE?X~2c3iZ z%uiIdaMF+`4gY{c@p{Jglm(unn8O!=> z&F>7}ESlse9e|(D-{^hbLOj&vK4g{LuVw$T_yBPbfn1a4W!?TPp;d^kQPY>bS;_Ns zVsfi>Kd#!g^|sW<7Q}}MmNwBEDP8@T-;ag0=recjDB@^2Hun4ycW6Xx$V6J{`n$05 z<>=+zEtRbZ^5*da1!WjN*A75lJSDTd5r9POKG~ktJDp=XSHJ+L6Cb_VB;s(c3K_y- zSJ%=Klwl*0^ouCxGCv#8Jhm~6ykw0j!v_JZ+v4Cu@L*yj3YAOIguz-F|D)x}>Ez@z z%;qNdBP6ksp7iP>zv3ybi(0HDa8_p3H|yac`Vq{NkFqQYQV3H)H58)u!c5r0v?8Q9 ztq~>^%l`UW+f&TP@2?S95KM4i%9_%UXt~6&%_fbfjZj%|8~U#IX_Es(PQN z9&(3}#D-87SW*oh)=x|XFzdsT{ACkptUTNOTkQ5LjnUvaJVy~-$CwvBvm$+55e)=}~pYBgCIPS@IT2U~%h7&ETiy1vv2^v=I z%*n%-KDb*kPb>>l_U+@O{#p$jWHuNi& zA^9Zj)%EKh?NZ~F{l5OtLkx#M_PE8_>4`|TbBL;*oVoH!Zbfv?@0?pAqj)P9n zEjMxG0ykiuwK)W_b(s|~cjJ<6poSe9GH~p7awPc58lEhG!Ilchm#O1s`Ci$BLM&c@ zXD=;Ygr7nG+k5JokXfnE z@&yj^WqmmFZ;{tDg;VyCC(moqcuV1!w9*UK+UdXtd}R&+2+ zcn*X{48*%t7cy8QOm2w)nfw$E$%YtSPAUJ|S@7Yp+|On6ne06$!6x-#qoCg_vsRi_Q&3GS1>31ccxE&e+#j1LH#CxTCT`4!(K zAG}REDfm*>)(Pb`)RB_Xu0oMtGVLYo?A6-yYAUH``e&wQ|0vZw@i39-xxJ;e$@@`% zY>Hgs({AEuGs9SS8unz*p@v|GaIrh%t&S|DeIKqI@HT`>jL-7wZWZRBVI@>59DjOa z%mdKCkX>_Vp<7*yu=PXOB>U6A2O)k}JZFL4{>kHMf7~x6aF4T!r&gU<)|ME#wVR=^cVjV-fq^q)(^@9xN@x56t}Cl zov#-I(Plv#++Gzd46|!H1GY&g<2OetQ=x~`xsP4w72>{$-`p#S<=?<9o&##YpEP%+ zDK^5dpr*u>4xlP2Jz*od<6T{cJ8WH!irnMz4` z)pF%x9m*GTz$BgrVIOpb3JcXC96LS24PF2{srm(#dwBHL zRJM+~TT2E{VLLU7V>3GbR|$O8vb1Y-JMSj4|O{LLYgHZ zW@BfkFLO_Ir(U;(n>S9d|MkVI%?ej#hekzt{b(h~9}v1lsYCD<% zsYqDg%s1ON*W=LsZC~-Y*OSo*_tb|ewYo?9&)ccEoMETSEc-Hk%_aGYW!03vK;{zz zT}b=0rSRu@hqtf{&I7T-O_^2$sBPcfx$`XaZ0*_~uQu8%c7I=~iO`aJ#F5`Z1 z#Pv&Kcqn0uyY+H&r~fBET7C^ferTjc0 zv(lKvU0l0<&8cIXKG%t^dHXlCX{+srwu?TlAb4u4`q2_v(fBwLtTP)2<9xa)=jOTM z*(6BqsZ=1_6U_Y*C#QJQwLCMa!|}u503hu$3j*i>wX83ZZsfPQJldtI6`W&ndT#Pfl3& zz7%1z+9~Q8-Pg62kJIYAB?K>uxi5>k#;bcc$x9dsT4!x=t66B-2;keo>2xLd!jbl- zg|)OCle^H%^QQo6uM8syu@XN)k*4}Q?GHi&<&#KX#qE={*`91!+wK!`c2SdT5>t`^ zZv~L9P=M3zQd=Xd%~eTZG`ARaSA#H+)`@X{i$THrH^$uHkxgzlQo)h))e=u3p(dHI zPUblwPnE81bCH$QcXaI6nqVpTok4))%+!{#DzdS(J-HY+2Fd6x4H_Pxh7 zy9KL4k0mP@WT!d<@}mk&vh#n^;3k@Va|AGHJ6?&&8M>$Qb7Xh6v2sOTIhF8oiGO=> zS-tI^%;IU(3TFZ#W4$~BrTnR*nyaE71~Jd>Q0BeUo=`@_dKHXjm6n8LK4^s1$(a4K zvc;i(uc&>l*3~tE{KUAyqKCWlSdUS zVIe_9X^O@X?fR^R|0eW+ScLh4V>)#}Pg}%E$2Id2inQn< zJU$yX+~bN-GDPBnabO)m4p?f&ZVshUDL?ncTmA7;6*wg_w5^?# zVRLmnBZ8EAc8H?@W=N8lu8y5{%ww52RvoMJ+tIB_CN|3b_F+<5rq2BdByz?y0d|}- zmTePE=+xA{-gu+MG6{M(LR7Z9no$%OZ9uhD+}RioG$hRm!cqt}VaR|07D-kh$8q69 zdGbxp+>VXpLCcqvelX6!$nti-OfW)EEq!!7zjg1VS4Mr zaE9jw#Ndgf*C9~A;_8s>N)br}nlxlUgfeHqSP^mnU?8GM4ShBgjR{|5B*goUL8*F> z02CKo+7(H;!)4M`m|sytj*0e$hV%x-rji^&L^VqWHc=q#c1EQD;q*4SQM8-G5UG<6 z*K9)3Xbt)E2SV}6d90K5mwo-8tOmJqZ1e~;g_pA>Vy*l}q$;XjUwHv25C=sk0wWHE zi5w-Vg(3wn(rUMtoA9{Y(Z(g_nnnOVo68OhY_@d{uh#l65n1rfpD;m0fhtcVPMie% z{%vPsR7ZEHM=3H2l_{;FXaPndwIc`^vpG=s%ER8!$Ywriqa3!S71X~d0dpFJa=Vt` zGGN&dm?OX$L6|m%og)>X2WXR5lX~UrsM>V?|4nV#>K4qW%LDZDX$X$cAOXH3rrGuW z0BnbtT`1Xa<=0WR@iBZ>paPI8#a1D}8(f%!V}RU%9F&MO9I9OQOS+F%dlrb3O<3dM zQhf)~>XDJvNm*+Ws8y}eKm}@!HcuT8rGB<;2o=VO`?qo^l0Hu=`{zb&DRHXwB2l;`pzMTyjBM@}&vUA*mO4P9HcM3q@0 zebk>{8EeixBiCG2n!EaoJ`h}A29fNslsl&|aPUv71veo4Ebp{Jbgd3oVl43v}7^%O5gi@ngOPm~vD zKfQM}CXe%ay6Q!1$gq@__o(9zQ;1mFK)LCc z7#X%;{9~$41}QywhZ{?PWsz z!sW6FvJt#jpFU&h@b8;WA#RnQm8H!4k=; z8d}*5rITH!n@!1mB&{cJqwLODiKR{JSbd|>*GIf|$pdW2UFDRr1qdks6D1~8iw~*p zhKw>+%PrdUhC>w6#~B^26l&mSTEx~;IR*-T&&m|4H6vu+Hj5)}e{Lw+7}Kw=ANyu_ zZM)kVxIYY7LPhB^Pa;By>y-cDSrhxOuW_DUc5Y9fU;>)m*_;LM#$j#cTnw~Dsap6$ z>~ixE3850Gv2L-5B#T@-+UEuAmmf>Mfw05Ls=BB$15cjK3;vO6s+yJEy~anh1?R z%tac9=>|`znjoNc5HLQ;RB`~IJSN!;@M$RodIP788WdlO(%LwX*0t~B$5iaDKq2C4 z+=$ieBs7HBCRv=l;YBLuefdk@?3tmI9x(*|>$!LOyWO43>#Zcl8UQXjSRhkR{!2a~ zfi^XY8E)t$BqW4JY1W{DAr^k3ad1^_gdZyI2WJ#tg>M)1=KIXDj-%doC8?#YOAm;E zKQzQ@E|+hprgD&YfJkXayQf^)@x!k-xc~J%xBGwj#o_Z(9_WLDM}`XhdijR@h^o28 z>Lfy<%GM~<83N4i0)j#vZ3M?G4YZNN83C-#PMP5H$Ry*XGnXIk#?Pf#?iIYt_cRyH>@>J0%hGc$Ri~jI5 zEGTg`rDgijtVCMJfWI|8TdFZzeCHjX&r|u;@$kO0QrmzTeG(=ysZM${=G4fHmbmE? zp;4sLkj^lUT*w0*Z48epJ6dP4Pt@_iBvv@b{1XN=5=x!#Q6y$C07bU@vM_IpQsEqn zwVAu1{%&&k`mBel{2dJBl9qXDY{iO3;jQ0sW3y-86I!WN6CB2(o$3EBrSIzJT z^d9`Xj=Wu)0~gO+S~W`1WqdgYH?WfG;$7Qzs|w?ZbosGPsY0zh1U;~tx@TVNh1(%R z3Ox1Zc=yUzt3dUfU%bU~(XFS)u66k{^5u2A&4J=%y!}M6z;jtIF`lpo?cg#3PHsBO zl4+>;hfP?isrcwIl8~;Hh}>pnrRB@Yiq0eUT)z;P-(F^dueaaRf_pVKE0;I#RBB2} z4A)u|;HhT&=RK|s;meLTdxs~7$jRxV5%s=yu@vuDbaR&JH2=Z z9;}R6iZ9>u%5B}=x3jm>Y3vcxGl=z}l{E+o?!zo!brvEF(}7T%mkpMb6gps1432p zcRfaDi?dR4Nl!va*(Ua^|J=N0ccGJ4%QnR^hRt50H`P^bi_e2G8$$14gFo2*v}%1) zuX&B~&K<+iMgMrW^U@$vS_)YkH1-Xc*GKe)j@}F7akeS!EXVw}bj|6^R-^xCdf*dZ zX=NsNEbcwb6X??GDc{pRoRST@68FhqeE`LtVYp^*%hiVW`esz-EWYpJ%CR}R_jz$5 zvQ^o-`t-TNPDe>Q>ec*+y~bjY;aK3UYOpR4`1@fUmF20pov6ULQRm*;3`bYOH0 z9t~C&>fuALu-fcSQ2k~}rb85+ezTNU-BC}^{i#nU}JPgWj0LwDRIsm+M*5 zLT4+4u622K_|n?-xi1ah$L>xq%}$fM=bwlZjVGcm3iXtj&CFKaRAq-21WOArO;Iiw zdx&0(!t(ozP%nqHu)_-~i^5NvAtOfxh4`|vvhS#u0&68WEi5kJm9uB5VkTu4tCUDh zoqTvGNr)SQ6bn|bAV3U1q&^6?_?%h6c*x?5jRRv9TL^kmSzl)BcUTlmV+r|}XBnp9 z&Qx>d)1j_9GpeBUSwEhNJ!-{h6GZ-(SyDXGe53JKaySM}Er_?oqW_RVnwRXmjUrID zuWwscBK*wSK8*ErD{86*k85Urd_4cCI(x6`?uv>yv&nKF$?Zhtw``c#`{{}0)J#kc zk59+2IIl6+Gv+=@XAC}Nk4KH1bZ?Hg{Zk%Og|K%VO+{ibt~kKv?@A9|LP#^V7CY}s zSq5#VA#bdFTEewYg!>7f@42RE1lB^2tq<3n7KJyT!JGgpxo$Hj_cfLH6y|(EO<6TB zR%YOHtL4ebOk;>+Xi&LkE9mq^8^>bB%J9a6no4+exn0zV-RCDQvCy{6%f#QQAb>w2 z!AVOsc2Y$@mJJ;>+Wsq>tMDp5o(oYLTCOa#yWNq^l}>HJYz#_S$OHC2JO0&z8pxj* zsS;X<*K^2ZSZ-k5`mKuBV2(k02k~PY6*d&|szQOLD5MY7qTOz>uXTW_0$<+Q-HU#F z-7NKfOzFH30m5?SGKBCWMbzop*|?Y(S!wCX>1oK0QWYxLz+DH9v9c~BRbK|f@JXZR z4y{(Z-R%m|AUiy*e;3R3qW8xL*LrN|I*2_p_{eaok~JcsD5S@NTI9hfNL68Lm_r~D zPqn-s?nGtyVe9R??zv(0Ybjm#&jiMO4iwz;1LGgxAf$?4pDVp#bnG~ePA@KBT!#aE zD|^iOfcnNx-W1XMGfV&!p}9cs582ZPFS@izqxxqbK8Lxg>S|9O{AMdzFftw$^Si$p-%NPFqNz`g4 zFBpu`%1)$>k{eGvG^_YQmf>lXAp}n(!)ipt9+E9E|F7;=6_n6Kv{3CR(yZnMTP4r) z=ASEmZQ=a&m$v|C2MLP`4}v-k7=y6GMq)*Z0V9A9#|~0F=mO9} z`LOs3m9miklBF9@ktRE9hoovoFn3Chmw?qSmyHY^j7D~P9G(XAiay;nCwM#!)hMW} zpN<7t4Df7U<=beDZ>R+O#x7bx6Q0wcc?3$JJX?qYDUdjS)Qim8$)c9Y;NxO!mqyF$<4Qu@DnIFlK-QMjZk?%##bT90oSluw{L*627s|OLMJw z)8$RC5x&~?pN;@i^`GCyd5;4pp56z3v(z%YS%3lisw@a)tF^!d9K-wOcq)i_xGEG9 zE0d*@n1_u*&_mjO3`xNX$>m$rfdm4R6Li=bv!ag2O5TM0rmI_^K|;n;$DHk}8k=8l zHXrgJzEON%e;Jh83TvlE!PsiA+0GgU=rgA=;iQK ziGPpwKA(rFEAZ!kjuhnlL~_kMpP2$*Ro++uY4Q@@5Obxo&z4?Oh5ipKKhlTNW_jHA zZSEf-V8I#3kD$)Gmbz!&6<49ADM;M>gL`Bu-P2& ze`s6_K6E4xuo4g;MLaX16?ROi$}VhijMf7`a&3=E6{1q*am ztEDeg)IlQLBy{v1gt+AK;*f@cw!^ARFvy!3lk#yv<~}Yk!!9^ZU~GoSmGpy5_0p5w z#_sb3ea=Ze@qY`iFk-XYeExXaIXOHWJ8~kl+WlmDvpDWsSYOZ71Q&CIGQJ{>k;b2I*1Nn$?(Q>n6e}1PpR%lkN{Q-lg6UL$nVmx2O(m!T- zgkkeEClitb57qwBK40d~p0)I!_p+!;dU<(SSy`RT9w4gJijGl7c*vcC0oGJhYACsBX_^S>oWl0Qt-!R1q=Oc8hl*Ds6EAalR294w)N zfTVTrn_c1Qs{>$`JtEjysY$B&GwMlpc62A~eu#|ihy;8t?(R>ww*@T~O8+yZ6c{-8 zMvE<+N@znRHefIy(vk(+`5-{40>TLjM9A#g>TRc|837`#Z?0*v>GHB_Dw}6l5zHR- z^lu~@_3t7?hW{-db}r4o-LwAm=zD9yid3H-0ShyrKL=Zv)97@uk&qZ{R_o4Bucg0@ zFnyAg^2^n+(uSBvKyKy(%7N(!5|~KMg?){`x3%agDaWR#ZCC4vOw}pA1KgYs z@#|%VH2&h*W^%O8xNxv9Mx5$3*JtwJOqgv(MMj-IwC=02(yzW35j^QAkXZ8m*d+W} znPuX#)Th!%1!hVw&+niJ0u=;$2sqVJ+}3|H1sXOMo{-GdPA#6&nlNa-}eVI@q9iJ)%H zS3N4FoY#<|CnmsbAsQ4+=baXMad88v_~4<+Z2OLTSQXzg_xak8pnhN6{?8ZHtM3pqucZAE2EPJ2$7kMom84FXXfAr zX`(3YMx)^in+dA@KPloP{wC`wqi3anZ|N*hnZyyCN-sh)y#x(YG_A$fqdG#Us9RFS zt+I+37FAD8Q95^VIa6U!S5BdNy~7#rkCr-l_Ex^w)7{4N<6yQmt=&omcUx;u{saR{ z*EF;t05#=uAR^hsDB!_@wh%!9int)Y+0uES3uG(v)WaTsZqA|BH!b-_SsdJM~kcx&^$a-mXHP)U8qGCen%(ly@7 zyAe9S_t%CR(U8AqroVsx24|_zY;)RvNttU+4_=*Bye^5!XV2hC&q=bhQJFmo#*eUqWNsD{krwmR6$K6G@_={(OrgT zk@Gp?F@JBqgC*g#*);@YqQs7!yZV z@8(#an2{cz(|Px7?d9%`3bwSk>OurbVdeX0?~6yP7=oYdDH8=n7suScGirveAY7x^ zS`hIMNgLYe0Cz$^&Vvd$J=gOA(<35HDUeMkF;F(b1|A4Og9+9bF!@1yzjrxA!Gcag zF&~4i6u@T1IMAXn*qrp2mqcuH(bIm{>9q5asuLtvNv0JMA=9WAcISm`d#3u=BAqrH z{)yORTq)*kU-y8;PA^FNH9uKDQUpy_-qW4vO*eiDj=UC9S>&pWXu2gWuD&yaKH%UKgXZ}@vMkjXRcOQs~%1tO#4wfC~& zJgfZCJkL#V{I$N}wET+0>*d+)nT43D^+OaNspFzg7&RsQCB`5rNZ`)7w=hrz3Q zI%By`QMuswqC{*RLcs~nnfppeaBQF4Ytk^plj5qc$X@pfMeHWAei1e;%XBwZAIs*_ z3cVt@wsvKX|0UMJnQC8-WB==6m73b_owyXJJ(ke#a~}S8j`AVyE?kao3W5yPU^E!Z zqyW7|@J3y!5QwKN5RVNZMMnyTt8v@T1t-mhLC(p6UmJ|Q%9KHq4%)wWre$wl6EAsA z1VOWuP)91S+;`+rM|9ynWAKy8(MyQ#*tF7@y2V0oG;z`l^H8(*gJat8eJKxmRpS2M z78jSPNEm?N$0mbpR!57JgMNw9(jr(qt5?=yx1y7cWO{T4&dkA61#+~CjNQ#euQuRR zchK;&1v1MNX0z38Jmr$z9Z?~yxS+xlRUkWAdyQS)^0L5Tru47 z<8$4*3p4|ULlr#VkaIE!+i?c?dyB^xeCyf$YFE5I9LSSxFIsbNjoTE*~3t-H27 zuXH?ZQs@vuy0=~ycr@Ga=qYvj-H~LTj3#J3WfdPxW2>E&w%d8yBG4+#>UjYjxZaA0 zZ+}b;9Md0cG;Gj?$>y^q=2)E$H0ur0BighW?wA*;xNGph9a+X}s^cyD13hIRvau+L z4h$PcfW-S)G6$!P-$s)QOMxG}P!@hh|cPNHjYaceo#;_~DKpgZ;V z)Vw#c4LaWZRo)0F;Q@m9L|*Dvz2MTN4UTvDf!nUn#f};aJ`wO4+*k30OjLW%9yQwD zfy;kW({Z{ZidR%0GFeuV$GrIPd5qL)+5nqBhR&2}Ina2hzP%qrP_TdL!XMNOPkxey zl%lE8rv@nUq7@v~WNnCYPnxziM|WPms5xYP7#YqQuTF9?GVf_j(oDj|0Rc@N%4)Vv zXVToKvg>R}a-1UMCTFBaG`fGz0d3X$1tsD^H@|r1`<$9xbnkMk<|J?5o9)WF!O#-q zsw=N2m3;0)^(c!+3NMIH{+q(J337dLEy`Vd{6>wk)5Y!Tzyi}>5S%*2o7}sYXEqD3 z2ybinb|lBAC8`fy6fxSZ!0q*C^u;32WXnffcU8j`P8XMt)5QL`za1B+$6efa9`MO} zB-54YY6Eh^53>r7{XP_&`|U3tju|3$$NPB%`5`KMDOE0R~(A>R|`;7oA=}M@l3Hhz}$?x0q4p zHO3t zp1**>92t}UP+g>IW-V^N5!w_bom3&u<#B9Z$|ieKm-U;p_-h^G-)zz!bdW|wnP+-L zALETr!pN~2PDAuLk)k{jodrz-pjI+Jn2DP$c@z^?wg&lBZ%(Wo=`T}@0s1p$V8e;|6HJ6Lu^0s73E`arqWT34q6xoc>L8*SY6h8(0ss()f!rHyKOtleniM9(ySL;j%T3#VxnDpU}^_NYLkKnFPlnSQ1d_Nz1dWk%V)qr(71vSFD7 z5d@7$pL>uH6nC&~EZ!mXvq8+E*#ewZ0ChNQS<^=KeOPP+-5fILIOP3?{iO_15xX3A zT%=P5431!7eR=gNNE#voyYVAQvbzwgM3M%iQv!qs{1Bsk2f+0rSO+!Q?~jItGAp!{ z9CUw_YPt5CEp9rUQMinH8M>K^5fd<-$+~dypjC~|W_8#L%3-XgrbhS^9sL^%p8et( zfSl(2IC%^%>Ez}HH5-aXt>%-M4+0Mc$@VoNVB4=r^&|q6x#t=dRBZabz+bI57ujHE zW{NCbV6=6X%4FQxpQ|5?#Pr)j#cEvJYT~7LBgcn_hd+~k>@yIufiVJG!HYq|{`E1w zo;oA`o1CAYpP9Ly<^MvBpt=N8$5oK4ONohrSK!5ugZ8rs5lYC)s#L2Ktmi*=0YVFp z#^PzW*hsFiu&_p)SM`dg`|#CXZf5|XvL=lKy34KM;2D6)L0xGA`xqmrr0r zc<9QWx7TzKQoNwSj4IDThk8?OC^;~+-T~NtXqlcETp0E)^&TbQ{Z!!L7(x9O8!gq} z8F3XVSs57_IXNgN0wkolaz&CU%wK9p&fggd{sOOSjo@*Wp_&)psBC*?L_Z~iVXkoD6 z2`F0O5JEr&7&r2|zI}Ys{5(=a9wOtv`+4qoo#RjiX(5oSoX^1h1ZJ7@FK*`oxfK=;6ci9hjk45!D^2Y$RVbIWwY9C( z>PwR%$B2P%)=W)JrP1qy={L(}vGrM&kVTiaC=Y+AgM))-vDron1BCyLFN9QwI_257 z{UkT==s1hT`QdJTwd%cDbS zu9I48JFt@Sdfu+qUep8M;EcqW{vc!G`}nhF>_q-Gp3!S$6ZZH|NB{=PP6bI7ND0e< ziUutL6ISHmA9F0R zOZo5;C*4OeMa{p+_f1UED5!x086~ zF#MO5zwCI6{N#N84*FknL0L`H(47tnc~Do4P7B&D*UwBhSoHK6^KB^H+>b}ymGaEA zI7mMx16uG?r=H({I@05N0>_~Q@BTcv^PSqtQvtq-CjkOe$>Ar4j_b*b`Q>8~)e%{@lot!ai%vfq3XbRrEs2m2i_EaB zy8>2%1pNVSI=oW}=F^yN8K|n{;(36%|KeZ1j@d1k6O>4c{Z7w!fMBk~%$kmkhyZmY z(|};G7Zp~|(ZpPX4q|{(0#{b1tU4dnVI?y1*?V=i469!*cGEtk z4@v{+Xi7$h`Ay@wXcF+H%KI9EB~jY9GOE0Lxv;vCG-%S+!R73^{0V=q1xFhq1RUE2 zm5ri7U4C$EJ-QLi#jhcj=9YJd=F_*Z{i{+|Q1@mQ|_&{=B!lK z#Rrhn+Fpvx)NJo+*pLTeGgx7ey?A^W4Jc$HuM-$0&-I3Jd1^I|us6$4vamQDX*nh6 zkbUy#Qm7dqq&l#(mk)R>4N;t>)z;ek`0!9>Y4*N8{hc+c-`w03kdu;%wJ?#or*Aa=7jjKPiQ z6yl_iI+tsJMjBSG1-SQg*-P>6G|N79q3q-RG6OIbOSTT2?y9&}>CT2qmi_7Wx_UJ& zR8p1`MTB)X~vi_eN;PZO%_`WV~N`i6d^uFIsR%^F%xt=FyW_q2>;1Tv5 zcZ1@|NJx~61Ogvj&;FFyZnPxJ3M(g-e?AfHM38_3hp2>kL*E@0^fpFvi&Ng}^gbHM zU`aCf-tw5%SDLZ7dYWyYBr~{I%CuK`I8dJ-^!f31+e)TS4Gj%v*IO-xkkQ1PQwGf% zYj%D#QAzZqR$Of%^*FFMD$DOkr?Cd z_PKPb!EfHuUoXV{R3OnN^ccC{B{mW}D$pS(Ryi#ShCul0swx2l zN;VF~V+^za$gV`EYl+ikxv$w zbxIC_U1pgy8lW=w99nF$hgYi}zQ@jm&eZA1SL^>22n}Y7^`Y*JyZnc^3=04(TCfoE zKtQsY2P#8=>>piRT%4SQ86K(Mped4O{?A*V)prQM+z~iX^Qtww4DJzoXQou^uI6m2 zO?7#=ujR%}%>WAC|rtNb!% z*sxGhRWvllOqixApp$VWkYR8>K0dyACaJ={tBRR24=es?gEYycfcCaE+qdhqEogSS z_m9nMR}x`E`cO5=zAo>TzY>YYE4D9IJGOro#5xXk;ogevv${K|^}{~UU@ zWDd0n_C1gH?2jt_^g2B*0Oqi76sgmWUfL}5I}fWbd_JFS*86`>sWGQVM=sv*hJqmh z{CDZKL36y}@S+2+V?)B;1|QKG0{evMHmA_|xNz-kpyj)NM5L6oQoT{62>o%w|A7WJ z!!}pt_I-V}m>(D!37tKGg8(x(KatDfVzrptH6Duk?|muzK|uwOK_XwsCrJmm9$bI4 zJ2^h}fFBH!q!TBw@lF;N$m?lvblUlHkY!pchYgGSV6*OFg=JJA?J9skgSNq@JbW3| z?NvdC>5r{LEW*Nj8l7w@WaCeoMr3EPAv@S|xmz$B<*U1h*lE#SUj?>avj483yA0{E zW%rL#B3VTRE$-j+-+#h+LCOfpZN7>;As$ zATeO4f!z|xB!VK7g2HOJG0@Ei_$cG?DI_`lKg^wFR~${ZhMxqN-~^Z8?(Xgq+#$HT z+YsE{o!|s_XOQ6T?(S{_%pBf-ar$eoUbVWrWY?~HU$=oUV~4DylVFs!x=XWM^$h|Dwe4VX(zT{u||b$`{j4prh0pJ$BCg9nXmDxlKwhtQ<(5@9dXTNePFy@f&q) zc{crABYk@zd3h>&u+fy;`Iph=MMTuAvqsAuCjhBnES|lkohe`9hSyXC9De3*cNZSoI zap#$t1w`=R3%bQx-CWp|Ae+BTZ}g5+%LpGYA0j#ps?z%MFSqgZY0Ng6KdOwK-b^8V z8WzJ+r=MrU#?y$hNN~17H{Z*1Q;H?tBS;k#*ll-noP(u-v2y(n-Y^xlD1zJ%R;Tzx z56GrS!Ni-Ed@r(vc~^Y?Edketj`_mq`}*c<1eBw3%Je&UcZSl(2&-o=enk2i6lzI{ ztg`O!XR!8qgoBmIPe-x6UuCh+bL<(Mf(rJAZC}x9yMD&~QabxJKaG8LL7y^G?*aH8 z3GbQ33~WU^U+DL#%a_DNt L~M*%7M99)^lZS`#@m4|Xb|2e>i^ED1Wg|^nO4#} zQUmzxM7^$!je8;8ij%T&t&J($-FP4>e$I2rg#PN#1N($t488zxc@ z>7xJn)P({2M{Vw@&Z)NzSKH%uR~rzV-2<1z7_VgYknte3fDb>`=|#5-jwL8lB3c6- zPXt%CGPb*v)$C0z`5FTmwjP#WT}hw+#Ti}8k_rvD9RF#Y#Fryj&YgB@rd8=yM`uCL ztOOF5z)!JvDa__f|D);Q*+{OpBvQ$x1=-bjV6vzD|S9ceS0t!JPwX^tk? z%Y|6VE_HYN!>C{UM*Sk8sUBd(aIy<+XM50*%wgT^G;kk-PIuB$v(9!7tgd%XE-r9C zK-D8_t9@bnDy{Xu(J=M(ZU_sW#KhGqU!Ko^JcL`3^KTvQHqOq2M-yEBZ)?~W-hKGo zy^>vzS$;C~L2lUQJrkafHe+>*Hnq?tZ$2+NoK0tmvBCtxUWH0VfKc5E5VMeSoi_x; z)WXHxAdxFD=Lqbp&Ru5$bxd90t#?&X=CQ}uO)18kHH$dAOcs99Cm}0O*}Gr3A{h3o z|FuZF++6V~RX09V?D-v|1mklt$aJSn7`9pYfFI>i*)UA^O(;QEzF@pyTFzd`-zqTD ze@YcwE1453%3q87sJ#?$g^hQl@WMO8MVgT1l*R1k`A8?(x~*Wc6_mVDQ{&4aUjcaG z!$^RaHreMIJ19gGXL#1QC&WC$a;52Ctj;+s?t)O>usb#QKamO1j7j+nUN@&tK>u4~ z7oQ=zJ$|nX6>8&)pEy+WDobORl-k;;EfwP`>&$lJ*m-uXV2j_hA%weto(lzwnnlhURiCPJV^$-b5Ov%pdJ!Bo1gA zJxRY1K<2K~YG&ju&-&Qlq;8sC!NR`vtYenj72W9fPCh*gGubwV{;|PEQpUx;@o+V3 zbAnF+0ViI8k%kduu}Y`0;n4^gmY@37Jqtt5*BkZu$}R$c#dzeqlC*lux+*6|t)zN_ zwX6gT+8L=FF0Afa&1`*Q>>3rPh<8qmCjXPb3aw8{X-+dA@YR^TafylNYN6OcR24UD zpW9K`)8%`2+*JJ`?o?GKvo+@&&UAp&Q@s3N6h=GOR2qD|+#J`_X{YqGi38-^+*rZC zUg*R*X$fg$+&qnLwMoTi3tG2q7gwQBTVF2G`d_+#?*$ZqE8$c0*+<-UlmmbF5zHqn zPOO{Qh({O6o;=obSt4os>LD4NMS@sog*FLI3eE6D?&)W1Q5OTcp)A-rq@Qye&`tV` zoiSt`oJ@XHB%iYt84V9nNKuV*;@x^jJ+v)o{c!%a-n66f*QmJ!9G!AV(uq#|Jr$ie zIWwTn{JSn(*^F&f~eAbmVW@quV=8wnZcB^4xd1 z32vJqU{-Upx|^)zpE5KB*g@gN^tOF5H4+YZJ-FSpe8t~=tx!srKk!S_s}kzEt|}P*0gEc1u5Odr4JLCAD<^iu?Rj6l9pj@9O;K>= z=YN>W7@WsN9L6waaMEG*(mi-PZK>A|04(THxB4*F=@wZ>)lN_N-upSiO*?He{v=bQ z+8W<|DL~IRf^|LJbyg(T#f1a+W+IJ$;~F?>7uDW=Oyq(;ya$F%FR8DTz%%qZ*nzaz z?NNyQESez9wqyEfU91y)-(Ew~E4ci)y+rQ44Gj80*jDdJK=ENdd z0WbM`^83=VNnWNQHtN2eCkkdJuA-8+AZ_amLKMql=Sy3`7azM*=}uJw_!d`Wx!rdYMj-20v62cfA@=4UQ7!)&+YWLRUz z@p}79t$M$SCa}x&{jy1i1U4UG;&Qt*P)Qy)-SNBYjx}7`RA=x9nsY)ZitD2r#Zt#G zv8kjU@n?*m$@`RZM<|jEnDenKe67*kA9fCR*^m&3d95}u&?~-BSGv7N>?xoRhyA-- zEahdGT+}XL*eQg{_u0UW4#G|OC%d4I1DhA%qvptb&qvw>lUtO9)#c%0_b^`zyV~~K=fWITo$EXv^Y(nD@prE zl0)TMC6uSO2UETsd;aQDNpKHEW=fW+t22a)wv-;Q?`osXq_gEl z;xN(}*@KQKXvI*7O>F6T0`|`ZAfg5TUPm8VWC6*IQz5C-p|sW~cx6P1!4_5le!#<1 zh&o4o1oeL5T*Subuj>o>Lf*?qp<nFQ<&B;u&r-3+sGLh@St=H#U{@{*WpNLZrDgEp zYG;pWfPa~hIdC~Tee`l|iIaH{i4w0)k%->auQUK(Wv0F!DZ=3S8i<)%{bV=y{?-R5 zm4r}g%mirEE(ph9UHj2#rhCzrFceEgv&r~7#1YONN)1vB6QNC?yNJMc30vgt0plUbS3^_Ya-z5CcFLnpMEuG0bez-OqLW>zif$WnHIf< zu3(MU7dUtsqQLW1I?jZa?@)Yf&G^l#73$Vb>WgkKt>CY*az!u%MY_4Vm6Y)Mm5XN_ z9b~t3v4J_WgEo)ftZRMJsHyorW=B2jNzRRYS0HR7uVq3WW#PO$E_kkQos8wC7q=+h zy3@{KnhNEuGjQOd{QWV9mX>c-Je z@gEmLad9PE)GS{@WYe;fbRzEB8K|NMf3axWaaE)e;M$=OwE2d7;c9?gl+WK@ z7B5sYc!5-^VAY2z&Gqh1@wG9JujcJ%faV)<<@_Ylmbg-W*PfSV zz~xfPfY7ea8K&zEZd+k&lyfm+2EOz!81qsefy=gh0dm|9fYPz93*eFbW3+i6-s<3a ztI|_VinNCWD2S%)vA+O^L;?3q# zyFX#$ujySHsv!R;uhdePST8)Iy%ONC|3R-liStYwwEmRJ82S4)j&h4y;Yl8 zYFT`F+oxQA?FaAG{jvTjY4ziJzB`d&>nRh1g5jy@vuFsSXAF zunY^-8W&)Avb*h%HO)n*Hiyw+bXavlp~bV`9#$*MTWi(Gw<#>l{#hOlhKGf9D@`e& z2E21svk2~qIuT}n2>&qtiX#<9_`coqYxspRddRa%ZFte+<{#@m?k;sKH#tShU~jJU zB*D)0rNeTA?Xji2KNSSsPX8vZ4DPACQ$bg_BsD&~JKu5hBRrt{W}S->T2Wu%?1f2= z|39Fke}lKTuZ*(p%>;n8k(9x9H_h6gptG%$uWFn7dM0gr$j<-lU_MJ)PnzSY;rZ|R z?QobQ!ytwQFC%M=Gh=gELkun3Q$@MI9{k?(4uw>9nn4E|pN)jC8b&>aYHGiLj_P== zrQ(VH@W86a(%$vmv=Q64L)#O`{roYtMf0<3)&3R7^|7_kguukhoc8NBQX2^pH3zR3 z>vS6}w1KRN6?y;UY4CA>Pwpn{OB_x;sFBattBv1Zuqb@ixbll%1%UQ0)i|_Gv>K3N zc=|F-<)nVi?G>T>OIq3O#+SKx!bVYFj3XpzJjs9pweGN|DbKI5rudTD zDSozJRy=HMzAKpKXycn!f8Tc4y1TAL&h~oQI&D{rU+oyJ%~9U)G|#u}J9J#u=X2V{ z4<1Kf<0a(np6}do>BJt+xv+O}xbV+L_o5MiOeotb8FmpSefPB*j!Z{2%;WP?_IN#r znNPo)B8eqygJ6EOAXNx*xu~Bq$RvItd)kd&p*E(~Y$^1OcM<7HQ#)SQyw0XIc=L!4 zKo|Y=oH0<)W{-_3Q(!4||COfzdCFs($T2T9;`VG3Xa%g*eW#w54E(o?DVj|6-|p|yhg#p4G?i#be0Sr2b!#gi zulJ5C15cx0#?GGM-*v6zLlOPmef`}%y^S_EL(^0@Ha9i3%{M)3I|qA`eVOZi7JT&& zN>&yyJ!1lWi;QN&*)#Nn<#(q2r=c7Od- zJC}3U)?+UPG7@yTY`7E)I!#~>n3FtPN}4&!mye(i^{`pPRleO2lc%}#+qHY7r=4~( z)7tbuC&GDtVf+ZnnJ0JzA#p2Zf1D6ZZ}9EkS=M;(wXE0lJZw*YJUo2X4)`p)&kt?i zy@+!QI!^}>LmpzymYhB~1>XaWtkc1dXc;UZECE*pI=3cymLCenV%qq+;@T@wFzbZT zJ5N*tFupLiuR@(SAVj*9Q0VMBb1QHQhZ(tqxc7jdFLl2ukHufW4Osce&$(7~-PR-k zFqst(UKEz4%jjboo4;$7{$eUAJ;&DjkQP~dJ&aT89G94?!IHY>rmo?pu1nig z{`_?uy4W>O*+Nb^wCd@tta?AQg9k0fKz$K~)cM+aXwRmll# zSS06EmhOH=O|#j*($4{pn;E?M*gDgNif&50dLJ$Xn=!hq0*Xf-5UD@A8xBUlOS_5V zr;nf71(An+^`Aso;1L*b+}Z^M!rFi> z?;N))$%wmh+~wVWEH<3+*BEGNgS3nFIl3>7HPBwJ*@oGR0$7jE)f=#ClifYq$P&>4 z3xwaxz%b6HqhTJFxwUVJSRc)E-=4o^@sZ^?eWlifV~sdBO}W(crJxPr7YQe^ z%0Fs@W(9hroRw*s0i18vBq(0@{=9KtFdDkuG*pI%PojxEKXpQM-Y;${nS5#(lOAwf zTRZBCXF!vhj8!RjXcSvc|pzotpqMErONv_*BtKeI6i`Z z>D;Qi=K5>D<+UobYLBh7O1R{Ax73si+SQxMF(2i}JbT5NpPa~-z{Okt`DwfNSXn=uRaCF zUL3s(30U2!A#U$uuK=3q0`0C71On>T>#zdO9PMmTGnWFu+{3<;X#XBRvOKI$B9EEd z?WLAVmYLf?VY7)mLHfcO86c@qMy>bK>5AV>MV|{u%^GfG_>0M@sP&0EgC$SRYGe4v z%MuPa=Zjd##7JEVuw&g-z7HY1T=CpvxVJa#Uc7fo6Uak6h+eaLVJm!V@sutud&o9= z>#9qa{Bfrlj*(R77!bqmhkWZNiA(T4xGrz9Ng%X_DNtu$lWNQ@0Im)F4z=g-@d7T3 zt83HUd%vl^eqzvjd>nhc@A0aw-aKIV0RO4g1h||(rsl2-Z*R98^6?W$TOF+gHYAA^#6-D2V^~GJOJpyY2J5zbdqtThd6jnXIgOTjnT-se3I=BDU+u2PD-7It`%*_mEl z7--zr#7S5y$A(Tvsr84ANm&~HWlD-8b#ESunUK*^Kiv|K_TZ*9F}d!t7&&hh6g&(* ze#_t4AT0a4m6i?YLMz{q$!4Y&C5m*fD6xGN(NptPm-B10t$mbPe72?IEqQ9lBzJ+g zr2aIi2hHbPwXNZ=napAIJ8xZDl^n`SE8q3!zNKHDC(K;SV?yQ^E`FlzFppF#SH(MtLVrfPp4=p0c^e zD^&k1p1PHlby7AZr4H-QM1Y-O4in8)0;mE=U=Oa0ij8d&$ zYaQsmB>(JdO%2i7aW(vgSuzJB16@U2Wx_d1c;QM|8S+6^sl{t8ByeV0>q1yNu z>8*)>0pR%Mt3VhxKwcD7cW=CK`&zP;hMQN89Iy*nYFMErJZE+tZy~nuH90TYrk4 zgYT$3E$ywvj~xSW=zC{HJ>U8c->Uhw-e*EA;+2Xz?%g3eYRS}+0Nt)CV@Muqx!;_iqLwaFI`fu_IOe}v?y4Owv>hc@ z0{ppP{q)zEt{d6H#tw7%9cTn$SQ;To6`nEQkC>DLXaq!1=(54f2SZS!X#VCE3Jdrs z4JF7Dr0=4K>YgBuF7Mi%JW#MZJuez(sRLc~A*$p>$yAniwKyGvqOI^%DH@_<{OJmOUXEe^^qi6 zqEF*_{lF9`im^2eBgQ-mV7M3&>U`>^?LKQPgI zRX$yHfnwQ0CRPyZbOjP_o8FPr`CCwG;QJf(!@{7{aBREX(-aY`LaC&p%p0N^U>@4{}T5ihpA65 zxPY@`h;*<>Jkehg&_{{LQ>yL1w4(0O6dMWr^ekQ?hu2}@P|k)mec>+%nh0z~(ENjQ z94-g1n2hZD{((u=jN*H8CS9tZ*yt5MtkOslKOIe$!{2gERm5J^EZHTu{?qW!!e2RV zKvO?^Q?36MoW|_zkqHi2b&d7pSX97aDvs$M<^hJaxkjVz5H^XB7)`UwKb&GHYz=$A zf}+CFR>$MDmx(-#6b%}1%eB#FXW7-Bbz-{&Fj~?m05ZbeY~<%`d4aJ19f1AUZ}|!p zu-5D*KHI>k@nJFLXJR8~7Cl0;N9YHHT8q!l@`vs(8@6S4dtrV97PGCkIs!ch4dxv( zA73;)Cw1O#!_}_3jFoNsv(qta8Ez_|sv{QGnkT>o5^>!;w@-)yD+x34($}%}P zoG+QCV-N&a?!1LTrTXhyMEF&`wFa-QvM?Vr!TldIE7oz5q2Do&UEV0L5QvMnKan!d zO0$5F7Uqg~@2vN_Y*+&pV;Q00+6vG3vH29dOwoEPlmA|a#_8~LNHm=89iyt9V8+hd zzE#6l(ig9+(&ujS- z{xUXfd(UwVfYm<33-@6p&?Mf`6>^wz-zwT4^hJsaim_J*h5Tn+5tJe9JdJGp0Q!NG zSj|s4CmNa^4*qvSN!lVey0BX{j7(v)1H3F_?;-6?GFjP_To%1oWDpFE`d=*)fLQKt z`_)-CcPGQ>#xAMMbb7{LbUleCPf3Zwe%y`bQ;#H+$aFKlYpCB_P^N##m2_Va9HZb0 zHpmH{B*QT|xA&^>WvZRy{GsbH1m)`S|FhdjC|`f{9_M$Yw%6OyK0Kg)QjN29p1A52 zI+s++w9VlZnj&>Ck$WWZsCz^Rv}RCUR5B-a7|+3b+x5u<=5;vNZikv;x?r(h)?`-N zB`(){%rdtptv7VlXqn8muH#mg@m3F~dVaHgonn*fe4P~pUzxI}bn*xB*3(IkGnrl3 zx~dbjYDbjZw@^#rHI@OLB|S|>kFeSBmqCpD3>_4?&DNK6HvNj)r}#!T!Z5W5dz9%7 zagKHu=9rcgBRb-4G37>N$JECnK;3cvahj@R75!93>f3o>0QR8M8lb#ChcLQnU56?H z+w62aw##*vU|jbrPWSsMe8-=&{~%lNtCtnh+GC6#pTiRvqK(4Ow5hYb#ECXQ0*jr2JjEISjL7ADia~;JH5So z9pbmdTIwgRS6Nzz0+t|&eP;)0*Plf{(DNiql4NgJKsEshVo(fnuXw7V>w+>lh~uiJ z{JJa92;uSx7QQEf3%v**&selSc;XUdS>neTljYx$|4`__rUwrH!^Bv+E-FqD{_Uga zuCAZDKPGNcG6xyIx`V(R`}j*}8Ky%tUf>n{NU*%zQ+m zjyUS@$xEWJqOf23<&srXejpPgXRvKECO5|h>LT>peBt%o0^bu{=}MgabnI(L+%5DHF6;Fn^#SswJJX&pM*|gjkDkP%kGM zaz~>@%)G+9Apr#$ysQw>Q~sk(ke5NI4m9n#Jk1j>qzN<5iv#uZ9iRMIl{CM^!*eDi zfnHQ(86gfhspf~U^NUE_FG)q+RMk+_X6g58^Zi}((~%9~B}HgyIf%iBjF~+v#_&3Q0Jy!;-b%u+sF|} zIR6#wWbhB2Q%}{Cx=q5ULU$x| z+oBtAF!cOPnraK+(%}Zw3G~9kpKe)Q~ zf~A)^GNQHY&iU^fzTRhD=R$>36;gKtpyJfu0a+v79$$%qhDbwQ2&Dpt3WBEUB!vSM_1*LwB@?7~*}nIfM;k+rJ0lOs(ah}& zt|B11T0rPyR7*Mn#{QiLfX?czJsCEdCb~?w0)QZi+>g5AS3UJyo|Cog@ojIkTpy#u zI~XlP!K=pUv^e4F}l>l$ObP7+I}5Df6Kkl(03Jis zH)yTSZZvPx-P9shm(|nM#R4lz_Ohp7V<{0Z;5tM?JR9HLuzP;2My%(en0B1TZ{&S^ zdA!k|ei%m%`kW5gj|)F&CR*XMw8?}xYMzln?iTQoSO}niYhP4A5#Ymj;{=Y&!TTbK zAV43q*a_)S5Na>5(|GG5N`-h|oH0%d@L%RdZdcVk0597&6j2#jY^mb$o<`&0&YnL` zoO3tw5byaPkN|pLwF+hOCH_v0QQ6E$!6_H$mx|8)df?P~?Q3r!m-6|=(Nj9a+*PrM zoMQ<5)Cp5X(3oe8@0XdmU{Kfp#?A`Yr3}5b`#nJWHLF-V!CWMnCN$`_13v1`t8aUc zHsp_Y*T5V)4mMQycUsnv|IPF4$6`RQr=PB*@&m0fCEl}Qwh!^A%Ov})Cpb!I)trm0 ztE=|SvDP|xRn>rjp0&Q<@D@T{oMqc4;G>LZ05Df<`mze)!>h znN9syV2#nPv3~zKr5FaRFbh08N*vVz0$#}5NbfdAo?OUWd?b!`p6bX{xsgGi)7*mU z;nl{+;%-cM4Zc}bb)0N0J#)<%3FnZT6;4)y9C}=3sTsiy&v{@OcvGWQxK8TpeXlp67 zMWAa(7JsWtZri}atNs-&&s)*5^Q3X6xTQg*JQfC8PRG5|!SiL~wiD#Vj{y$olpS*z z!8=#yTMT3Mzbqoe0>s2Bqp&vO1}|<_JVF%xd&eTh4UNSM*NFuxlc+5?uIHtZK#0%cs zP3n{$26B(zocw!XbtZjSxZihY@2JSjCh}cwYg1Con`YXuKj^HDi*seTpC zQ=ntLtVJ^9@b*L0Ro#tNoE*z%b5M}7=>Yl!bT;{lid~%Ov`TqiT$%+8bkU$E-e-K~ zkZi-l5Aje#Q#c`@x1#tTJh}quSS1qb^&}c2WsDZo?-K&R{05A$Chh8*mMGyqbaE$# z9Tt?gz^(NN@*Qsxa^xJ8oN$)m!dAv%fPh(l`?fPy8B~$e)~F!AM0@j)r#I~5;qDGL zOv9Ea$Q+5zwNb58_D|o+%3ka;{d(+H2#*=L7?@u?4~?8LLaL={e)skX2!k~UPxhb@ z$KdH>MgfiYtEo$hsd>4aTb`{e zZ@_u)aUU*z-mB>ZmY7Fi*TA}+7uXvMBYl3+JU=Hi^%-1 z80+Sg)qxw1aw9agKj|kPS-rHOM$6?V!WTa}5)w%t)%H&u# z0k&y=tN4~iSpx2c(+}LH`bBC8(9^TF)+tL)mZKpQ7dQIxm1qx&gSju0G`bFeI_yfE zj??GWYUHus9j{1)cKqC)Ye>c6Oh65@~`p?8C*`ph_)c8*mE;z947wx)m13 z?%M1A7fWqt3_BeC*=G1U-pw=D_x81krce6&0`K?q7l!IQ|Hm(tf_1wiwSo}>uu(}g zkU0WnS<3gP*lfGt0P|7y}7`QJFJ`K~VsVmB34mrhd2WsHROuf`cQH}OO>0)#`8b2!$2 zJFYeyF6?W?f87f$5~zvGy)))7L=^mkh0CHZ&<*=5+e35 zwT!@RQxVHl!%_P;FFIQhwyo`FQeY?JGa{oRlU9!Gy}a)#Ixn4`wd zdr-Hr(LPR;XN-d?VTbnsv1f<3cR36LhodipP(@s+{J6%@`o+cj?=J6j)0L*Ga%WL< zbo5zwNL(9SrKQjI{8|A*z9x5vTHTvN8jzPMknRMp)Rx!fx~+eSZ65E;N@vU6c#=Uy z@!|SmYAMQoJpDFrTb0|2dwROVW@m}XIZMM`$1&3IH2x=&p#Q#UC!R9S2%Fb&wbOHZ z6=Z}+sp4q-6aSLf+kC$kvm~jzeVE{ut!sl?i*o9!I&(>}eyzmkw~!*%HC4fgA>kPi0Q!LZdj;ngxqgs8D4|p<+mttH5=S>b6!sOc|#fHiuX}` zYTZaGUXr7nK)QSSwe8KbOc9qRtWOzwvT4cnBH1nMXqmTq1*4TCie1@EHXHW3uJr_V zd1|3KCjdfQeBQ*;Ct|1WCwG02iqsVT3| zPB#3L<)ifWGn^bF+G6&+f6A(WbX5HrboJi;;%{MyFX_wXi+WL1mWB;esz|WPs5B6= zDF46FL>OblnW;aHvL61ZJf>Cz$M%=3@$2|#1cD}sTBM~<)3w^d zibsqLZ83z1r0(AX_Q!12l(XnvF?Mf_NO4cxOGajKz4Im4aN(wu>=mjhe)!p8?zFqm!9s8gfku`VbBKGk{1H2f^UY|IAGS-*a1*TQa?9X(5vU zsIWhIq}2L_0{JBLtFt?tYt{&XSps&gxO5yXm?;PsfN<&{8WxGjeCydA`SY2~&0cF! zbOfK}xj0DG35V~ByR-lrxMqeHncF-;MK)qG@W)>xv+E8TC-awFt}-Zb9n|i_h|WQ& zYul&V)pKpVYukoKlxRnXKhl$LkXjxYIPIcz_fG9-!M4s=4{yBe?CMLNSg%~fAhNS4 z)HLqQDtAh$Z1-~z=OsYae)LOY{r*pTX+3k<%c*#|Rnd$x_v<`=rnOGMBYx3t+`vO*&H?f2);qNF4w z5_x!ph{-SEdexdZm>*_`4H(DadW=-m!O%0E;bbH@;aeY0Pm4kS!5f&<5XLQ!Bf!BJ z>%S1&XVa3}eGR@LEA~Wy4E;r*^?w2O)U(H_Ph9_&*qT{62|C?7w$Uf3(@gvt8O&A zuXcRLb+iIp6lSA%+X}z-h&?^Od~F@s&ixD@tN^e(Yo0tu8i@8%ZU0rw43{al${;N4 z-)^zX{6OXokH(gy2FyOJrDQnPDtVc9KFUNZpWxiPdVW*oHE?hmQyK%0AGTu5g|2gv zR$3r@7=BvqVT_?JqVq&7Klqu6(cO*q%(T_HBEhR^k@`G=M(WM%xD1R|&f>0?=>cOS ztI5=H3fBfRj8q;6&7Mjl7A>i-N%QkboK6{byGulZwRsJ;vtuiUQ1qw{aZ0&T>Hb>g zQAe>F;Eb4q7=7r}82NN&L+7@)6a=;5czM!bC)ZCf1%!7U%)EA}w|yYl1)$>d@xgz* zmd?-h8zkg&Dt(P-7)F_hYImscl@C>Z=@;U_9msF`kM@gj=urt<(<8Wz(Y(6thI5GB z;QZ=8L0^S($obQqQKlRb)o)~Z@jQYcKg}>Z8?h?DuJ}iV&B3<6NJJw461>A&tvqP9 zrranW=#RqN4na!A0JrA@YOXyOOT_mLIB0kMx+F$H2IUe%Z!kFVNh9c7GcC3yypTd6 zm6Z8i6*yF8`>FO~k;}(d*~qWSH=?N0zZeGos3N-Ze9$#B>^x#(ojoHdCk%p_6Yn!! zSpu@1-|ilLXtHHwPRCLb(wbzIS|V(wc*iJ5wCBmdDK={;$LQZO*!)scTuswStq ziW`U2&0CnjcwSAcSb?**i;Vt@MZYG&K=uRL{o;mnTa&b;8lH@|QJ46zYliv1 z)G;#wO!yf~AKWMmtSMML<2;@*axV%Ox{$~NY6tX3`2)Wr!iQ~4Hr43*Y5^}LXovtZzFW|KAXAQg;RiRdY?3wm~dd_C7g2Vyy&S$XH z(iyUj^P}CuiwKJ` zkCFkDpShYyghzt|X4fkL=I_hA|E2}`$)7S+Y#v(1AO>%@Rwb#asg?l9GH=L!+h-kX zw;@SnbVQDFPB6GO8JF$cL0LaQ-%I)d^0hPn?d;Agp_3PBt$9v(-uyf$f0z20ruL$w z!^dzP(l%G&{TFn^rQlU{3naxwjw2TA@O{2YY>OCq{nx%+TQD74FB$}I@T>oXG0)tK zP#P}{wR>5#{9BUFQ_iBzGXjywn%b23`~1y3A^ez;>S-o5MUGxC3GuKXCUrh+n(Gvq00-^v0!U9*>vDLan*hPQR z2%Td!VQ?1NU1A{Ct%-fC`7C#a5)u*zcCTt{@$QpKwF+sq;?)dFa2eXz#!t5>jpK}o zM>L7}1nZ0{xHMFs?casJHiCek&q#pnz*S&o^v`x6Up_ad5fS?35gEMH(x$<6Omwf)Y^Z2oAyP+ilzAYw!@1xzhmY@L3fvp4g@mZE#JUR z@nJ~@Z(+kPN0CZUoL+y8hgK>4orLmHW)O439UB5h`+T8y&UbJlisTFFGXfTIaSB6dB zXw`An=+p@id#TD5M?&FkNBW5vA*j9g4v}|p+mJ^6mCx^aryO|f*L1Cir6H1G%$s(I z7v}DJQjEpe{~1PSuT{+=_=J?A6XHCC9?6ZZsUCTzqL(owIh?h3;cxkleM-oLx-4bZJ*Fq4>jBK7NiQM-xQK61_;Dm_)24 zQk#D6##S^6GiO=vGpFXxMtd91OqJ)VHnvWVp12Krf&;#2oR%^n`%I|_46qK;$cZKt zMqCF7{Pb({f4?rCe8Jzm@@99zl?uqm9D!0i*!`e`3;$5;tQgTw2 zHZkw7u=WC?3)P>S5_)+80(%!q4K2%!P9QpT1O-C1W{bD&>yY9%n*N$?^~|io+A5pv zmPR2e-DY!NciZgqN=FY$s&dbZzsmB9j%%85x-Ay=I&y!F$Ct*G8mWba1NqO8!46*d zWgzK(GGJ`C?{nldi6r=I?>Qt_q=*sY>rcc+{w~<=LcLZiWPBg^E0?!P3+5Md$-!!> zzUXJrj*wDJ_;>O(IrfT-czM8M80B zV-pd?{8X;fJz;?#$wW#<-jdRCNldN2L7L>#GV_XA3zgjin?Of7#atb_AB%L6Qskct z3df|iItFxBMF1{Ohw$C!kC&JVYZS2)j?%|ZJrf>0^6>3w(nJTc# ztiLzOR;Tq-MfIDjejP(^xDl}XYOhL1sT-?)Qj6*>jTZvn@;4#4{wG7+A3Dks zO*yLomM&8=h`huH#w$OXg9M?i{Ck56x)S<(^Uo72tS048W6Jboc*j_YIE*+Fb`(qG zRBz4rISDZC|AwRef9R(jA-uFcF{Y=(X{I?TfVn&Q4hO#PLTO)fQg96=rv5iay$kNh z=1`l{(2DlkijsQ?5f08IQ;0_-sXk-~0ycib?aOpUugjhmmxjdZ)r*Y`&W8alDHr&XKPTD{Iim>?BT3kJT!Lp zcC8WXy0BXsSysgW$=aH=Vlffr2yNmCs=5Lp>+hT{n;i4U<)immt#7N{(M*brI`jz} zU@tuZy0e<8r1``E;!ZU6`c|c1p4^pcPh81^hM~^X>5L zZ(N9SD?MEC$O4eW{pGj&%cw2cJDSwyV$P3Ia~1oge~upGo{Ln9Bi#F5H{FW4R^f+=keLXx^o4vp& z`$^pNhCLpX;Cfft@&~1gk9{d(Q>qA#OWfb;*{iudlX*bBd*4)E2{+U)h?EG_F}*r> zUvFBGK^DdLc=rFZmpJab;eLpDMvHSyM?MOS13r#=S9>asM@v9F;Qf_=NPmoScTY@y z#>mLQN0~Y046A%ktfNOgH`G4ab6VXnID!p-*g~*?9yszVT6O7ld4^W4Y~B@!#|&as za)PJL2Yqkp9JIerruSHJBv$+DfV6ca>5vFKc=L1SHp)h!L(KK;z-!@ytVT1W4_=Fvn@m0_DCPEDD1wVXNaA4 z*K+@_ITBAj75&=}r4`oIMe%hf;^O0#4^DUxHb^55!d9S&xxJyMy>L5HvdLld3Pco!92SLYPvP@QiT37Sp4@VOqpYCmFCFKS$t*WD9Sa0rv|x zWYi^2h~Pfx#5!J#utptg&H!y1hbTih+<$eL*5VV38r@a#gjghnODxItNjNW8@rkym zY5%tA>>*HG*s2eJM2g1FW9#Rm-g#DgIbsz=A7tlnxJM6CMk9bR%PMvr7gkURLaK$K@As_g(kxq%Apf`yoN&{ETv3rAF^N z3e^&1u~AWHpV$`*3o07)D%qrv^1ffc-8D78L%X=TiZ+TAhauw?E}vs!V*cn>&KFA9 zsx=ahq;S#A6VB-dyM^rqSkJ=6d#a3qo`d^M>#J+F^2z!W z&j7wjKXHw9{jK5H-mkx2$;K})W(wcED4cTLl>47p{U$h3?aiI~#PMG|iLrX_U&Zq5Go-nmh&ZnxdX3`*DT zsI*+1AHQOI=O=fmZyj4{GNr}*+dr9&@cX7-I=RMa*g*NzcC++bfD0U9Ve|f!Lx%~L$@Hggs8UGc3(dhEI zKNr~}(PKEv_l~}2ks&v0;-HlG9(m>MJt2$EgIC`F`7LiB967SPmf#WGHu#FKLgr!o zqptoE+8Fa*|M;7_NYedx{`b?pjuAt}r9OD=&LLyy>NfUwiP)AATtHPZ-mS zs@XN*!FAzu#M?6L;x{`K@sme%tJ$<>&P}h~Keslr=@@9rc%~e#k}w}Ht$FCCN%H;s zh297O(>A1AxCQvc-7g&p1x{NX;-5Y1`7LJ2#8LTpec`oFu2Cu?(mVIHkN@>aaY4Vl z(Y@opdg+7z%oBE_Y~lR-ergRHAoh~vDPKgw2sinv&md>vqWQOcS3iDqulPXQhH{}d z5bKNUs^A9G9&cofFkJSv@w-Ff3gcYKZY8(zT=V3pc6aD0qP zGAPdg#@7y0U)obXIZrpWm#$y3dUPleN*I);x@wquY_5D%&!~%gz)r%+a#lXbFZqXv zSD5qUz8qV*=&BnpefW{@OCkvZ%*FR_-1hzL7Z1wp*C+4$pC144v5-zlCA+q_fAPxY z!~5p+NRl9E^6jb3>l~pR;FxS&nSaA92vBmFEaaZ7eES{u*c;xzXVjox=~JhTy?s(D zB&yXiVH<*|6kdyA_^Y=K@7F!$hX34@U%93*G=uG)>)(I;yQl7&(!Fob^!pyXp|3h9 zgA?=@Tz7Hm*O9tA_7FKL1i5Sw_d}x)w`|$jd-BlGCPb-Hgu87{SKar|zLj~;120_L zuU~%JH8;(;uN&FH2!3&}Y}*Uv@$28Xd{p1`LH)ab_}OFiUwu--BV%rzv}xsbAt!=t zo_{Dg)?E^wcvrVeH(?z7`|2m#=e}_X)N;jjm(0wM9PIf6c>TWTZXpJy`?(CVA)dZtm^daX|$KLxx)HY-0t4p=s05Z?rL5*VcS_W6i-9$ZLnZ z+v=QAa_bMbRNp$HV_TK0q}_d}#kr@^QQ7I;-)Q&J41)1?Utn*8qs8w2?&c$pUDUAt zh`tHdtCrbS_sXcri4SFs|S6UJwL%O9|-T( z2~4|U$l|3tA<(p9%aBV(L*T}l{pT+fRQS7Phi6~WLon*XDXMD{0v~T=pC2K-8754> z%Z88vVKU0+-)?>2$xFhCVV=1<_p`+oM4Fr5USbWUe74K8`H`NVF6w~rf_eL|nLP{w z7mZAP>g$To_VW?+cLQEZBouO2xRiLRdn^&HpyIR=4=qJ#1%XkC8cHuG6ExBUHQX=Y z_f#aP$Rv$KCnplsltx%f)KU_R5nh_Cl_aU8F$yX{E1_8l!pLP5m6Sjx>xiUC2?~Uh z$0~&qq7)RYrKDiy@k?U05~w;>NyV$FC^;1e-WMiA7^Rey#)Gk(LRe_$%96B_M2!^k zCaRfIxO^`xpM1Bm-(}NU=B!=M_s#hS-uGAVHNmNSFmRC)WPxJ(6 zJXMc&dn&H?bMetiB*@|qjd#|)WPSU}n#Pwc_m1$YA56OXXlOnWtI-_ERpW(`@ z1}$H9pmO2fi?0HQD>lbb3vF0)TJK|?>A#=4eeb7N|M1NJeR9wfNjh%`wH|&Ck!;6) zF|5|i)L2=&pD}xAnq~Y<5JkXa^@D%j=?yykOn?j0T+k6&ut3=5q%B^? z;-$?#I$VOo$F{qLu*nNyrqaSR+xbp6(*cPA#^|9tTx^w@v3cP{2>KbO(#+Ob;La0( z#TLqC_c0wVD1jA9@U!hM+TvlXP=%LnbFj^3CddlAC(NOwX($2itTf|!Tg{zXhIyOt~pl2aJ&ffv=VxkV+!@bP_jTHTbo=-p-jSG#yQ%?TUT|_sog*Cr9;)txnkhEZ*L1HhI!@Z${Q~UIcu52iQ>I)@A2N=OBe=u-DutI zPpqDH)hJ=pF_eZy|2J{&lA=iT!sVEN2|g^!(YE^M+?7wbNQ_F+NurfxUNp6%R(

      C%={W>dO3yZzjzx)EQrQExpa7Amm^ZucQoe z+5O{!oiDnt?8isTrAd0i_@ei#>)Q7{=xTl5qm@VuGWo+3>Gl`g*A8L@11)KM*;(|s z`?B{_W`2;`%|J#gr1y_U z#!78o3=9V_u zTH8!NeZAthf2{Qi*KJ@@{9KDhar?{_w}b=vlC z+dFSpCnUODaHAIRxV>GwwT|VQ_vYwfmw!^&Xl?5-fBxPNb!Zfhoch&tx}n3j&D(YD zHOD*M`dl_>$t50~HMHj-I9q?}?{?8!v zM?EXfi}7Cw?OnC@!210SUY;5`Zs6=u8Ig1ZsV^$|cxj2BkoFsxKYK!+;A!~n2U__4 zSwb7CE1mTX!I-qW=PgH!uO|wTOtFVIy>ihKnYd7bG<<=gWQIC;sWOD9hD?)+Ct-nX|L-?6Tg9IWltFEbJe zvFBj(;C{)GNS9j9P#tS+{l71_x4V(PBL@C!T-x4B%b+}=yARm5Zu`QWO&lSeaMAGT zeUJB)c{)qbxA&p~O|ST-c&+}y1&B_Lq(;dLn;hfw3>&JyM3|7`# zj0x)4pAWbu_tgA*{8j`vT=8xWhIt33YByEet{$jrvKkXKaSIMQhG%MctTQ88y{ZUx z1?bsBWR)Fe6&bgo(lItizv+l|M5gYci?`GMQ|b7; zSoQu2^UT3Xi}tn7=oh!RxMO-j+_F6#y>p|QTyARz$Ik^%yzSp}d%w5RI;DT?>Y|P* zed1T|>ln~Ix}@C^2rz?kbbCw9lX}OmJ=ig|f9$G~j;n{p|8Pqog2te?s1VdQDK}=V zkSlg|q4DAYaVv`2C*>Q~7Fqh{M%8q&yv)*Lon+9z(w-p-5q#jLom z2=P-vVG5++hVVS-*X=?F*guK0biu^;-=CI)g{7E6rb(I;t1~`DXXip6Ktgz$p!$ao z?4LvAZ1|&`FY|}aLkc&oe|i29LP{}#fFeHi-KVFW{d`H0v*A?jM>OY&jOsS?)PjUn zJ37C+PkQaJ%BI$w)Vl&B2S@L0u&_Ro|Hg$NW`scyg8N}x-t3QEH%~NtHs>IM#GyCo zNQpl`L0?#5nK3AC@t*eY?oeJkq6%R#MChl8LT^+fL7JaSBS;6rf?jfKin6A>;+s7- z?)zK7#fwI7(IRdi|07&MjgS9S@ZXiz83W@NA8Mb{GkSHYDOMNN@%j-2@r`=5-?s9O zi+jhcIB0%*w)Wo1C7eGKzlz0U)Xb;ne*Vxu2hsmJE%E7@vo0QZ`Q(1EzI0Tik6h$j z@w@Muf`@YQ`zLS;*;k*TRG=fXv@RT((p{CP;GO>1tww58mL^KcrNqdtERb3qB+Kgj zeudE;SMDH2XKVVz(Kv6|R;S5~rUs;{FewU&L4ui(r-_mAL0acfF*@o>qI|5z)oUF09+HS5a>^huj!#ZKGD8Ph9f{Oe-iJS!|UE65A z*;m!!X|?$qE$&Zu@yZ94Pb?>!t*%{l{v~%eth=wi->Zt4MsZdG`;X$5xk<5)OQ*cAFu7bthx6i3q%n_4 zZ=Rc^dqnp6cC^{*ZZHPr_o;@wF7x=^oes~HpUagGD)!VewMJo2D%(BHR)2Y$CqVnt zpH}D}R9f7=s!mUf%~xx3uP=w4RNOaD+G=xE8{tGg+cwlcoby7z);xD(Ti&$wFW&ja z;!Q2vmLE90_vX7_+_mWY^?OU_zj5;w_dl__**0(9R)jBn>xUziKYZ}Q*WW(%z=M^o z_0K+h>!&MruX+E`Prm+W)cD&rE&1SqH-Gx%>3^**IdRaZ$azM%`{VcU%WOh|Fl~pz zC|DDioWcxBL?*nk632yi^+6*Li&vrXT2v$BbV`)MQD~`=7@DX>W7UY1#H9q7p(uv> z8Nr?+&?p^ZP;yB+BwB^Y2wXzo8W|F$MD%hl3CfY8QWBF;Xrc~@RihFTmyuYsl7|B2 z6bfPC9f8mo6u$P2@hB3n21^un5-P$_91^7@nxGZt3_v+hJ}5HmZs=fyr5Yk5HYsu z?ZsBEY}3ve6IK7Y{9etpn>6l{wTC*FZ`gnF_`YvG_i|fJgWuh+(`{){|+QE7i$5QY$5*6%wtCFepioxCOVn&2QOy#3MSn zP!UuI2C&x42`C|2L4swBih{LTCYhYam|u5%Kc~_3vTNyGb`%xH*1{$QC3$R$-~5K{ zrlA3)L=q~2gz_UtBl1T%FZ65Li(jgXmY6k(&;NUlV$8oDymZu@=U>17@h6{t`K8M) zo72N@cP0PEWAb76>pN*o2@Cg!G`Ozq&bCZls%Cfm&+- zL3{}6F}j)BcDmV4H#+>C9=gHq>u}SD+JY6$!O)x}cZ(xndUEUnD_yP##K`1vOg|?xu!5(O|`>V}Nbu-+f0|@G7xBwW#Ucsg& z2h=WdR$K_rA8j><95H=E@9hiI+R&Vsc6@ZG$c4pc+na9vvQVi$(?b!46{Z6EKA0Mb zgJ>On{)i$RLFy*HuZ2b&&Z{@oIM>`E;rNbNC99UYI3DhEEGakSJQbCo;c}woYbsrP z{=+30YBrYUytI+Mq^ItZo^=|je!>Sb1Pxx)L%yrt@yf+YgR13VQ|iOZ-81u}R#jSZ zqqQGj+2UuIceke;Y_z_9sY)qnSCFJT7{u|!@$Y$ur7PV*rqv!8m7!Z)ZvFmRd4i_7 z#+35PM(6Mh^}Z%&-z4>p8oJfN?7RDkG*dOHr`F^b~tE+ecqIg}{>oNoy~$Tv>)PAkK63*|_(HDtC!VY0 zxmKQQ`5P^*TyP^DER7uJS#Um%p9l)KIAH`%7@DTLMo$An^B5jF!<q-r4@%-6Y}Gg&rZcB_hl{a_)X;sqbqq+g~rcD zr$reN4)2zvzhx-FaM3yyk#30IUInTc8^ozGxyt@2%?PR}Z%GF4?B!|1lzv=*joDbL zO4b{u_oF9vQ=2{V0V(<^y;_hU-z_#~QeU!Pibslj>aD3i?TL2>OzXk2nX4_)N}>ASN4|rIkv^VHw&x z$NFdWmgdHoLZ8SL#;^YJ{r4_;D$PSz9XYKB-Dc z1-!1trjDS;#z|CgB_Nd_-oH6{R0g$e=a$X}XG}&c!eBvXhli6(@n8@kkbt+dy%mvY zNngjKpZ_qvSGJ$=Y+PEB)lFw|(h4c%v$X{1^R} z(&%sp%qCJU@3ebWa%%U7k2dB_kb6C7!0Mpoa;|3Ck{^F8m5t1gr5)|U-jYabQv)W^ z*xK808Rl@DYNlS_BPhuSVAcGX%pRtowBVWIcp7YqEN z@UQQvet`{3mofe=a9s)cQ6480*SzaK+~WQ8mX2;obx$nO|96SC)-C;bwFQwXF6r0K z({z5KIU~V#(|7WHl^sr6{^}BQ5Fu9_XxC}*nf*)%s+{$4puEBP*)8U7Nwsfn&_DH^ zeN;Yu&G2$HhX3nBXKRqZe}WmI`HYyho~b4Z@xZ0Mu}Xi#`%VW>EeyuD)Be zDM{bfJ;nIJ2K8e`Jv*LSf?&jH3Gs8$dce-hj`~dc6UsI~WKu zN~L7S?pm!@ZnAg^i<=0NY-+JVeJsmXRd;%Q^pRRqQoM#g_uWi9ib!zktoo_X8~v*L zY31%ZWA{t?kV_`rwZ|>3-~a7f%l5YW8f(^mzsH<(`0Ixku4wLfDtC^Cy2c7F~`)txZy*~PUZGFJ7{NevpL@5GW>$f{a{njhGj~_f|r`;NF-1FL_5AD;A zq)H1N#uc^M7ni^I(ypyv9Q0Vee04S1FaC>uSylb=7X07O(F5W(@3XWVs2nytAHicP zH~&z(t1*8<^kY{(;^;r1{J%Fmw7BHZvv;*kzUi{oJ>=Hp|;I)eSGL{&Let z+c%aijLNz=Q&RZe!u?GyiR<9c&pz?R>Q>9F!KVAar90|AT>ReQ4f9@pZ{1ERK(Bb^ z&9`fvL!+zix_s&7x92=I`+)_Hm{~)zBEQ~+#;#iXx^nZ7bnQD=_L$l;=F;AACoMM& zNm_8Q)9YlOosr8ijkJF)!q$ZR0=RVx7b=cPOum?rdEnY;%?^1Wm_SO%F{4OPW%%84InQ*92lCm7vm(rIL%6kd-%zR{ze*i9!P@xIAX)BAMtG*@TI zu{zZOIv!N&q8{43L~cyB7Dc2(({;V$sXC)BR?T6kKgh)EwbBt8Iu4~qWN3$Fx6nZe z98Q>1%^v~}-@9LfuLWg6es@{ z`t{Q{8-`syt!~5iA)}|Rd*%7y;9gUE4oFo+`*?dL8ocLHb9ye`x-;tNjaIE^jUHXC7TzNyZr@E!CEs&TwX6m(9_VB*H$U5_q z0sA)Y9`mmUqT04Q8TITNZ%VA8h|(YYRb2pPi-~o>@ry zi@>*lYnVsCi3qo$QJ(Wo8_+Sar#b)m=oc1yWO8yzNhd~PtIJF{O5OF1YjL^m{wbYo z02$e>WlC>rucVeKy{rW(EmM12^W!@>7Dq|hRbQ};4*SL7<8|T#{RWW)?VT0<$Wp=HKTzIgv!;L&J(SZ`dQE#L? z^^*%FiRHz{OZx;Ln_kf?9=Y~IuSA7By*%*F68gC-qzvQ9jWkp_LViCjg|?qi&w}!T z%Y}N5TCky!lpHU78#SCHtXU4c2qFJTShmh<9vs?Ffv)=&2=J0qe@^@Y#41;{1wG*(k3tYBg6R>i2|$2g8r$hCc5R!GP| zw>aJ22HW)RhUMkP$+=N0E3GqoXnT}H`S#5Yp#D* zZ^Npxjzq0??Y(UX>!0&o9^Bd{s(N#v&cZgl;N_Us z0ISAP?m%P8Rp0t&73g2TtitW1WRwd|gwVkY@1F==i^Bf^I4Ml9ilcXg4qxarC8ZRc z4Llus6)>DU7>0y1hffL&3wi<+MFfKkB_TML$4K1c^x`(w$p46j70inUUBZLVSOY$X@{H*Aq*sG~v%f z9VN(eK^mQ&ulV>XzfNc3{d}uKlNgo8BYG6mp_r8CIok6nf+|pyBdJ*FJ(}bwWMqbP zMVYhdc|xLSMR+W9a|rdHA$r-J@otk`{mD$DO@y_|bn&AH(8OV@{NI z|I-an?X>rE4>Z~jJVYkOv{Vjh1$8o}pGm#65*VffNxwKLvi_D%8 zT8tRlD_(i9#cgr16opa*ile*(8k3(M{~AkZ{OUI-s)Qhh;(l5K%`p^183v(95Q|`! zQv?h!Kdr@34ue)0hfstUMSU!%WLOEbiiE+jC?+ASU>RhhKyE19i=dz;T}nW(0HXyh z!Z4I&h0h2>-KJ{W#oc2z9x=%!WO|frU%lr6iggtK42|pW4H)s@ycAM-2F+Q}d%&LpeE72OAymC&-UcZmhFT5MEtt zxvWR@f>P6^J);+w7{_Htm3O%O3_l=Mz2S&$VxE3|rRAbL!-`7tv>q`lN{t1{s&+>( z5M&3YY1dSmuE>vFP-eU&&#<`Ma#bJwyVvZb{h++i3RaWyv+Bb=U;Hn|W2z3?i{Z^+}d51&Y;E=6avBoS9sX;s4ZOMGPs+;c@Ghmqot&Y z#4R{#mQrROTAKnOMBxPtSTLZ#05eNTGs62gLF?QQ#!$0_v{1N-<-iP-$RrpbzLQJf zSqWjH2%!qF59bQ6Nz4MJ2~`j#s2z3&qBv%UForq>U5e}jCm4`m5DXdEPAG@4P=v4# zAs8N!!XbtuM-k%Tq)_{h3348e_c5H8g~LI;4CmnyAH#e3qlvKQc`qx3k429f@LoOV8?{XSi&(KTc0K8#q-DS9)5B6*3S>POy9h=2JIdFRsZbr-q{OZ`PtAvcGDiC zwZdns{t(Zak=6dyLUKUElUIIi>(f~H-~9&_6_$$Vrk!stsNm}NJpam9tLs~5jTgS& zDsn!vtJc1`$|5E4P|GL+4la|>@C2J z7Gc5=q@28*(jbx;T1QgOP{L8mU#`0v9JTKnjx4`4I8`}l1t?lzZ^JOio2#vz?jW>kchuPu)RHw7<~S9#w#urJ5?g9*u`0=y zBNmgFVR(LTtuDlZFCr20TRWw)Y)`$YV#3mqDle=@oLH13X4`s7PdGV>;XB6ZLYED738LB zYpk4Hf5ZxVvaZSux1vg;x6$fXlK7@0=0vr0b)_XvK|i|IJwKJx z3>)tMI`I?@_jLcg5RUKU%Mcu}W8)_%oUONH&iaPBBww?u!7jn^%ourLlXHA-)cPvR z_-x(A8r$Gh&7MZb=q&x7dYhCYl62CNX6HpcqE}X!CuHk4R9na8=s~JRWa&zpT@;C> zMad2}J4a^ewpQD~V12c9bhd6wjcsVEwzR_q?f2X$#hxbnkPO}Kdi#W|sCCtr@j3c+ zm6jpt+FH;*jt5t6cY}R+hIU7teN={aOPzgeR@CMiOSf2s$sGhQuUDdKd#!zPj(%;8 zb!?_?eYJf`H_fAycLe=1M0g?hIe7kfzRVvw21ax_t&g6mXxC19JgH}V*ya=`vM{qs zCs#&WYvg0C+%tEKqbQj=CrtS&JIc)qB`eWcS(Vc3Q;qd`Hf zfV>i7?O{`lio9%~k)^>G`8&-Y68R?)>i-hjkKt~flOS;{+_XHZUy<~G9O3pOC$t|i zl%u)mDu-cWuGXNWdMBy}q^M)ml2O@FN*OUaTMyC$o|Il88I`4rR#JTu)%}tMgV8xr zGAS`8OQ)2R$IRl@RIdbezZ7+}N-{E2r&f?-vh@l%33)YgYGg*pAW_{vS)&&W^w8vl z62M?|W)ze&B2$;Bk#>($3{KTXsi+Ydf&t`JDc^%?~=G*y#fkav$&3`)~#l@z#y zLS9&dS+;IKYW?4>{|m8JJ^S{G(Ia|CqFrdNuh-~K{!}ecx_J*x@M?_)VH(Tq+87y9 zwCLv}WK635_^f7k%^|lwKJ;Oe4bWx2W1 z=<)m6WhI?Fjx8%{S5U^*#C82=-29p{w=%n1=+!`pZ;WbG*|xZ z_9CUUhtszDv*#Cj$$jrU@_pQxOPcm?O-@hy;gjcTtIgm1@Y9|xO;L$~rkyJb%gW#S zu`nt&xbv?2cf}7{^~J+ve5S3kAt624vEjXEHr1K;Huo50*t)53>7p;HZQTkCTORzP zj@fpY*70=}o8S3*PsP>`)diP;0-6r3dh)gJiq@=Zb9R2QsA$rtQ|PJ4*(2)LZ=|b! zc>;#*&B`&^8WO{@4f39eN(q4vP1n&pGCWuab}$xL1Bw zFkn$+SelkW(7|b1C4pr|DSE^!DFPpyrU4-tkpY{KA?aFZs}D-mDoH%UAnO^Y1Z^6U zszot$M7l1BAj8siU6s}(P zg(`MzMRCQ9nb+-ldE^0K9$4;m%j!$FXJzTFUgE%(&ktMFJAeMF??tyXSO0LZvaM)C zVgE}f(Fb-fDLeo_H0||Gm~(UK8&6hQ4n21Jf-4@lv2IH#qVGO)bXHT<&YNCezG3Zm zIR-VwId<%+hr-|c;^&-fOr=8n+biTo)97|uttu=rse3@zb6XdN*U zISTw-MeXheo4>TvQ`YIJwfIZg-A#7?;SP7B&3CxdU27HAjj--;mm59R7VlxfARr{# zg~WOX7`y5PV^4+2U1#-{bh^Tupx9&O)LDIHoo;aP>O)1x8Wgt+87qu#*oQis zA4&)n2qlEe5!TgaFYEvqG}`?o9q#7iCAeUR&+X%v^FqIzHHDdT?)&_{7vl%^d*j+0 z=WY&6$ZhR8`0-gc^t}FG&!_c}cN(VF?EVNW@452of8TwFE@8ln|2KQ~EzjrXrCtBR zH#z2IBSt>+)XGI~KQn7UVnLeTtZ-C+(SRgOyUDp~@x8lOS8cI=x8{z8|M!2v)C2@c zoH%;OCAZzS`t952-11_^;QnK$UVr4hml_b{na3W8P8o95bv>TCYWffJHy4)f3-6xD zIVZ?)L((-XG>Zi6QDGCfY_JwSXA)in1HncJgvz0C z;ZslG`axb2!-X9P)gCHJSi%*B@(P>6OL+H=?xaxBuld}+oAaXmDA6Ym>YJ<8$7dz! zHSw9f(&OT@yJaLKD%7M_7ag6bj!x(?=ZcHLQm@uvDnqyIWNnmMqf5-p&Wepq$nV)b zN~w&=&Pa$>#l$2uyY;iKozq{7Ao7@k{BCNMrhE7NC?)6g8fMQPL?VP*DNpX6s?(_T zhD4|_IyraJwbQ{IQ^$1ANhaj_q>POI`RSQy|LDfcp9i!b*B|b@V|3cc9DQ!AGR+_# zl&&jCR_Del`lM)bV&tQ94Bzi<1&tHikH^}NHlJ>O5z#kU(cucJBt*PcYW2`P6O`c5 zS2f!M-C`A1FQb$~2@
        K>t*e(V6S)~Z_hYIlOtG=s2Ja^_3zex z{590Qa^fPv-$37iy&|EmkkJ#SjFU$qB7ZG{Zzasr5oYiRb8T1%0T34cMOgSB{EhIi zFJXfK1ncXCW`0Xci__^01Ois86{23R*XQ%q*4A1q7KUMrMkA#A{eHLG-QM2Laa=GM z1RJmfv)0yDFoQ6dH8eDUrO9OK?CkV-Jg^CJH8wWF8fa^4gId50j3aySzb5nxghRpv zOTOJ1uzBcCSD@1sw0dcf6;P-SXAstqXz@V0kkaWC49s8&_Chph53PkP&Vbd!7+pb= zJ79GSxr73tgz!34CK!MoflVkeQi9DFS+_$u9@-o>@CIR*pjar!9w{dXVW`>^F<_ts zdnhmDf=v#u@WR>9u|?Kri8y{jxyrn?#=5!6 zvaQCtp~CD62pwU9{}mZcfP!GX_10Sl4<4i_Dlsu}`}XbY*RO}f!-o&|?Ai0R*It9` zVb7jDhYlSoDJe0V&3pIm&Cbr=wrv|2R905z=jX3nxe|nI$&w{d!tUL>!MLujPOsO0 z^UXJ)VqgjDMT-`JsKHjd-3~=5mCE?|_{bjouL+NzI68kQ5VgHZGALCQ2(s}iD#IY> zX|7L_#_gl~C8^zhrXWEbq}e_RDp)6|h1owS!wpQ)fOv%s`X;J9KBiZqif7n3r6k=T zV;Nxvk}tr74CsPHwLidslLa@DSOt}3kkbs;D*l6y&ws>SqR+Z8*Tm;d!Wq`Y_jg{Dl&-O;gjwWYuyL(Hcy~60;*5D}Z@N8>v7PY&!LfGit+GyX|}+)GZgG}`swfU^D(w_1 zDi2jx+~L|K?1Q7EQz#*lx5FJSVOxX!K%0A4lM`xzM2MCP^}8JnZIbNdgk%qyEdVc^^k9{FTJU6Q>1r4N=SM8_5GJ7Dh&Br5km_(7$m zbdix(F8u6E+PvY_#iol#C9nMYn}yZw`{#XT@w@)-!yT7Q?iVRnFmkUHECnqN(BLmi;L^7ES!XP~m1wRYK zC^2%N-giRoJPzXp^OiWCAdOGBSX6A$m6TrT2-@c$$BSwq> z)r*dfhGHQF+MXb1=cJ|cdx1mdSYiAsT%;Jv`)NaAyLwcXMnT}Y206G<8j2W}p(Rjc zc!ril(IIJCIf)NV)yN4fFIthGpwvo;5g9sAi{a^762pe2YbX>QoUT=qLJ9ftDiwtf zN!Lm+3=9Y;AzdpCjfc=kh-|1LUZo(3!KrGvSAYThv4%o9P(rFEN=BsVWqp#=3R19_ za97b4002`)Nklg&Ernr2({&OI1urZPJVdRmPqOfSYauU+!mh%4XohA;Mgz-) z{4a$1n~cA&KiE2EqVCBbcBxzCqme3f%CsLg?S3|nzGBtFOL8Xc+w{;k`}Rfm|4;vJ za`Uo}H)w~)A34Yb_qE21RGCehT;E#{FTDJ6^*7~)kxBUW)w>2Zz8L_Oe1DdnjYOUaWAw06C%tTVy>cb`}g{?Sj6e=q2baUK+W>;yu z3;txQ4|i(hT@#OOI?3j@bIOd6_}37A{&;Nu5F1@x|HG~nZm%!<-T@zGg&t&AL*p^H|KqcU}|3bJpas(+FuUQLb3j#5bQQGx*h zYmJN;nWaxulD!jD{ZrJjD#?gUolcm6q|-=+O?o*2DM>1-01T4UhS2;WgMu8LsZ&dd zQQ3O6lpL9im~;qNwoNUqnyIwm?MF0;>&f^-N+YjuQ17Z;P5ootATiBiSJhh8B}sZ@%b z?%kqdVsi8H)G}pKQfjyEJrffQID+Q&?4gj#^Luv_#Y^PxLD%sUO%~OE=2~S+Y(Yt9 zh1u((xs|2h77_CfcE}~fPv92e=#mnnTtb4u5v$MaXM~B_N^0(bb|pppRMa7p5nF$`Z-VXiX!{6Tg}sSzXa#l@X!3Hf8l zkDGs}9l@}T)z-pxH_Ic7OFF@!TU693Bk`YM4HXr3xEOACqqDHp1&-^Y;tr5J$O~=T zp9?#*3S#DfbNT)p@%f|3U%+41DEsRO`-tK2X*lUuf%c=5U&8ap)z#7wnHq-W zQna#eaSE^=oThUJnL%kZDoG3KS8h6FCCRpj3^AW(TEeJwc{_ ziUvcF6sASefK;`Q<_4!}-9dI>s>aXo{gTuKiX>{K-C`6pkMv7bLqihsfvC>w_xNwEiHMAFtF%2*Dsh>1U83X&M(4o}vX^8Iwr$&XPusR_+qN}r+taqDZDZQD&9k5PPn>T%qIP6e zWn`_Dnd{E$7L8s9g^1lkj1txeL`U%(EK3AFxNR~t3_>BAm*e#%2JLGIms8Yk$CIHV z`sF85M5~*Wk5I0;x#xGP>|jY~X!i(V*E=Q;1MUqvdJh9pU{N>(O=$PpFdGh75CvbM z3(gpv$Nv=xCGh-7K3{Ow%*a>?D;9d#rXQpd4^pu}Mt+;*Uf8>S+FT)+wLg2?Tv1_o z1N^v~N{{ByARA)b^(4S6B_i!E-d1P=hA6U4JnC*RkFOVPlIA8HdN;xk{ncOrYQ)Nc zhM>S}#s%e>DG4pYr3zw;0{1%+n0^Us<1hH27vOJ97YUjqd%A<#R1v6EP}oo(NDMTO zwdHdZGq|Q_W2+3a*e7BicVp#<{+Ba1LmB)}+nu&Ocf&U^=e^&vWfb{5q?Mi*@d-QM zE0*(1S5Au%+1BiF@=(TIjDIo~>kahC@qbr2 zLSTi6BwHuGh1d!g;poWQ$6Kbropci+PRGQ2$8s>Xv@rR4bIMxn#n*EyRg2r>fEwp&AR!s)?XBv` zBE2$7u|i&pe|H#oudG^E_4;xB`J-wUUmS*kS9#a)b@ipIsIggj`M`NClJaMo_$)H& zuOSFvNi?|F!AY74-py(CfdXx+0fYH7tHuFsrV6I;l|oKU)l9Guit2ij$8A6rr>miI zcrSv5xM$-OIGX}@3BhInXvGjo+G$m%I}sl)6ofZaw@_}dbJ{6>N6<?soF-K!^+F0Y%R;IX#p;Z4x)xfB*M4hYLm#>ux0bSx1v!`prpCD~grKPQ z6Yg~=$})TNAIC}GOJ@HA7XosUG*F4tmXH4%1j4ZF4ziL&(lQ^)L@tC4 zljAg_qztffAkpQtED}#PLE?G+Agjj8BE+hy0OTtm2K{8|V551MDxaEUBjkz<1iw?L z?pEMJn$A&bH8f;WN@5|_r0xc2cW1*YYtQG7$G#cFujuHI9c7fX4PHia0rq+edzR98 z89B+*#d?RF0i;@T0HKFS-!O{CSUiD%SYpnZT2Pg3*GFtI&4dj<~ zYgNAf>73O#d)l$NM56G#oy63fysnltpypFeBdZMEdKan2SiYi~siP-MICRZp9JeZ! zfqxzPcln5-Hd$L`qcSlm+s4jr@Wo<&T7nLTyQ6gwtu(QQj@24%DGR1aMB28xsf7!a zD#4b|SZS;RKFvHN86<=Xz2m%r>6eK^anHs+DYUC-ni%!ys)jZji?3X%SUHmZEaHcI z`;eZ={h(8AJ=1Un8SR7|4`67HT8(9%Jbs8`p1wk>maB*b0|;yU1qO4Moiz%VwWP}8 z<`<)f;%<5)$Iut~?k!?As%;66u+T@Reuw5jt5%fUEl zq{ZXM7Nn$nO~d8o_l6e2m@7zGnj0WOwxg=3z`0pu6q44);Cf_(5oggTu;6Fsa1X&e z#lfLzdUOHPkCMowOdjmi#6s9vs_66(hf*Lx*d;s7PIdZ$0U;4#G4D#lf+#g5ZonK} z6$hJ{P7V@6kxsIyp$zKwSh-o5=`_Dc38o9os}UL78(KBB6h9RZD$aK#`aB8geSIKA z^xGmzcJoO4nfStUQ;u0ip=XPJuzXMP_6N8vybwm2!i^g0c0^H--`Iuv=LwTVXTlsw4w!glEXy4vQIz({V4w zr>spl%hV1ZKs(z=%K?sL)>Noa6JwyeOP9U^wyxnuSJbnr>GgT2;F5+Vea)hj$cZs9 z+-XW)_e1b^;q5D1G1`2%@(jGzekH!%qZFt9%1Fl&Cdb5dYsd0;NGWcg249_y-baXw z)m2=hh72(-Ru|Ug*mZdM_R%@|_AvP3@>tL$5607e`ws5e7yz$Zj)=X+Xp`Odfb0oX z9pIv?P_;j2qE3U^xVUV7SCgJNFQXngGa~1kK%rv$MDEHMu!0Pc(lamqRd|Sn0S@ho zR=1<4(_>|y*(s5y58=GBvLAa{m{i*c91O>fs7%kZvS z^JtcHGB0}_tJWG8Oi8#~kvo{Yup;k-p2&!6;_dh8R&JKly7nAY1LO(RlBs4{9wm~a z9TNzuxv>lwA&mTKHupQ?TR`fvlkF3!`J~kpmIU{SCyDf6MG2#G1wF|r zQCgN*d298V!ZUcx@}IW5&Eg> zsl1$dBm}(PcZSyNlHT++J`F8kbIQIxW^3sG+$cAn4b^)%MRwH?)Q7$Tdhq_N9O z(bF;uyEuqtVrM1d($p$B!@zCe3ky!$@f%Ai%V4787Mm^ID>n%X(+k=zNsiksx4K8< z8zsf5srSU{s+l9;o*s!{>DJ=2x2ks$nkBWUVYH;`YS>4msmLH^7o(G@mY3Xu!pGyJ zB=pa@4PsJ8wH#seq-v_!Gmnj-n^ELR^e@)1dy{juc242dC(_ZgW1IesW|1k%>VC|5 z4#>s4DwrkguofizXLpM3u+398n2s{MO7gBRRS_}J!usvDsFuPIlQ7(M^xXIU{WFsO zbsFqm+H)0|Nhdj;S5)mJhM66+8=Gmvp!Nz@&MR~I+7+{mC&*9d3i&C*U(;D1+ zUUo|B^5Ejdc3h@Ymysn0RsGv#R&QL%R(+(O6LV{A>g84|Ou@}iKS1VVW*9Qjw56}I zLw~Eo12Lt}6j{R}O(ctKu>w7mgpxIB?5DOH|p0(91vQmO}vm)&z~j9KAz~ zm(ua}G45J)If{5EU_8Vj7_5JTaHWP|xQx`w;M@c-LFT2NoJo{OrBr2vq?6fEa$_YI z#8Kd#QC7UMLrbBpX|$yVDRSXfP?!SUQXA66sUv@}qnD>+^#e&K9wfqYki(dZNT`reo--{!b%4^1~-f( zAhJT{^4iQj*imTr6DCS3oGtb{Ni02oEX&mAIzxkLB7E10Oyqgh-yRTPqtNq(e)IF2 zk50m&LJ^@<@HM=24fWJr1Y9mA?J+c@1f{@67~JT}h9JH9u->=m4bwA>&nv{c@Db8e zUI~;94J(4l??XjBII?&oq}_P={#t`D3|7PI!51raghpj4ya?(Dz)RctOrIgWP5|5^-Y-C2 z`EW}12PQIV7!lzVB%I!-g1NJ2raZ-*T+{kNq^gSj3l9B?ON7Ug0H(+nks1#}`Nb^M z7yna0Lh{49TlY3g>^w$Ez^41RL8xD*DWww^P_he#d!;6xEZz;pC>4Kza&jg9!GOhs ziZ77*yB?+S8+P~yML;Pe1lA8No_BZ-CVkIwe<^zE4_rLz9@7vL7&0^=q(8(ShNp67 zpDg!GI{b%%$ zKTo>>ZeLD=j8?B7Uz(1pj;R*wPtLus20OlQpcMn3^{a0naF~u8b_9|oUvLUOTLVNx zV1j<9xgpD?HH6wT_y*lAz`|960nVs{onZ;g#F9i~;k-OC2)0z4tG41I|1+E ztVmf|K}2a0Cw=S(^U8gRz15b4SATGF1)zK`>1R_n}PeD6)Dnr*lX=sC*EKZ_yNH;@xJBbji6K2L#4eh`{Xk)2IBI>nMB?39A!rv8Ieb=~ zE+D>0p(Pn5B*7DtPzQ90aaG(3T8w(_1#oi&yt?SzWB8v=q!dxHknKL zdzProI@DJ3G*sTW%}N;L7j*}`#TQ;0_Uc$nMMu|{49uHc`@LOVN1yCHm4*zq#-yV1Agf6v@O-&XFPXYqjb9Cb%FBa zlaSs0enF$$|J6k{`f@mgw&`{Xfqna<;6+mQ>G(t6^Jb*-CCT)SI(h^M={~4k5fxY4arusw>szQ$M9v%&1}_o-TfqHD_Lg)iUlCno>t;_ zH5<8krbjy=$vOG_^HWW`O%xM>gG%`n5S5epF#NL++u=489o-c{iJ|MgbEOhd9@}m| zO?#s!C@E5ckjq@A;NCas(9MQDnkn}1LPlY!SBIcXoFO*)c*$9pZKZ=9{Ft5lPyW$4 z8`p%LTMEMevL>4qC6w}a&FEF)2!tJPx&wWB;vf4EpRU}_)m~4nqvn@<=OM9q?A+lH+o3z0!o_f382 zNO;BIN5d^XdCKB;*b%N+_V?EmV-LX6{e51OFFxu&K9@*UAHZJ15e_?{WQbH~pYf^g9;)Jar+BDnv$pG9o=)%nIQN65p>PS@VCY zMB=dqw|~W6obEqDGo~Td8wJTBlQw?6`XGHVCiMjdENMl+98kJnRkR4OFp~c zkB?6`S*O!h*V)I5hQB3eYq$z(8u-QFKf($dhZ)altYts@W$ zbXzaeP@&QoV-*7H7#QqqZu;)_149`g=@#4=pm#L9mA4S~t*x6rG2_xqHPp~^*3)v< z^4aRDS!*j917=p*21eoFLrNjR-DalNucJY_0N$&WrKM(%_fwjNK6RQjr~M{Wm1(1< zkPQqhtZ-|d|NB{LYO3A8Rz0U-bXZIVFeOmC;9FdWZs7Hoo1K7lvkbqdWep;iL?~?z z%Q+${)1?X}BzK_}P}8tBY>)aoCLNA=gq-$xWAIe403fUwJQh>G zb&E7v^54I|5*wmWDN(=*)vJY_jE#+zRaA*-QsafMkV~Sokqww#WHIY% zd%~YNci@H6bwdNKvtYp?0sX+jN#3IkkNz)@~ z9GZ0_uO-+6xY78>_ukh<+%Iq`-&oxdDkh62UaAyGuYjOf-92G*+BMGVq`@DuytBpP z|9T`6VA?zik|&Rq?Oc-EI~BMN@>!DvF^KK@j-4ZPMszXSNXwo>r=)#7Qa??$vv~pW zl)5h|pJg2gk((p#-!Ln>8#z5RPWF3w=vg-P*rMv2<_-je?q})obVyAg_8@is51m1S z0gSmCm5~ZzUOZun?y|fAPTacX^WC z6>?1e-Z;bn3>Fe|K5iWP8at0Byzm*o3c2%weng|LIZkL`gB$dC`jJYS7C2n=F9s0^ z_P7X9H~v0cD?;|>n-gdnqbSc{w(Im-e>vxSy`I$igE6aV)@#o_`!zMpe&Z~fwBX?d zBO&0|NpOKRsu=t_3>e^k?z8{s9T-Ut4JAa9VW@Z-y?=cL$y~;;JszJ>S74E@IB-k| z>+&=oZ1^)XDGj=cxZ>M7{;@{%S!!*HwO@UYB%0DV$2d;ukkIyU$Jy4mpRa|ZAC(YT#h*5V=u@)L&TGFrW@ zW%aZ6s6Zy;RNy34go*xW0h)RN{a*bM>8s-DF{`z2${t|`3;RI|J@TRs8n&r0($dBb zi`6-u{px&l+yRkQ2(uczyhK9Cr;K{^T<1iSke1ic-^}GTTSpeE$|NXnqOZZ1DKh6Y z8$C4C2|V<-f7h z@vhoZ&)C+Y`IR(wGkRTI|5npIjxt9p$u(tg4SWeyB0*ho&oP@*Pa`xAjQxmNrIun z1wn)7BN<|u|BXcU?jdkJS#FWz;RcS{E1Chq>lulSM1lX&Rfb>!T^D}v*M1rJc;(#Sj3hyPS8LFE$l>c#p!!{TS2k# z7&`!#k$SVOY+l}hCdNhz<)G833K86U>FSwdu&1+=o+hRUIP6n6Er`u49x$0k}J$NL8KS7X=5YwfnFLW?&bPpxG$p`N}O2VVC6z}61J*J-(sq>T~;}5vobho z2XUdP|2j1NrUUH0zptih9qM(C2>S{Nc#~0~vZYdvVQ_T$0b`gJRfmELZ+Bk8>Mk1s zVLq?v>Z#Z8CBNHTRT3L4|Psg@GY&7gR)lmCz%HTjIb&5ZxE~ zn7Oi`e43LxbqY4|G^g3%f0?f4sHjNsUvt!B8#*E%%g-h_yJg`C;q+6fOoGO@^UnfB zMl6p2h7K|4zbxx(CuWplM2JL3<_;39{;6&lM^BGs+NBH{Vz;mqiPm4Ryj!FTF#B1H zwd4lt)IUTEk{UaZX}{2xH_EQE?du`6_3Mxm7q1E*9GLE~aZLu3z!x|^i&?ZM%mwwoN58QCq6Y3_?BOXvs)y(o&kXU>1;aOq0NSU zmnVn5GTYWRuXh|OEhSq{)Wu*rCbvvG<`YmAg$0N@u6qje^#~TXnnTESI*I^)w2|wI z#@T;6>y&En=g-r1&q>_cw~YSFZy~T)kCsk_%qW7Sib+EfqM-D6;C>*8jO5ZZRHQ-p z_HG)@Ub}$p)cfg1 z4zLx?oSb95AtLxP280q+T14(2R#1N`EPf_~R3_x46z-SzqeoW90sJl&;a~eLD2c&C z^!B$lLa_x-5-z%cgB3!ZoiT{6+Cm8hZ(bASp_ED%_hDaUOu*sU>_j+OrL6BGx=V|5 ztV-Oi*#d%6&=Vk6?Ug-6{oK*N^9U3X=ZaTX*(LTZz}$gCQR4CO>d10UT}o?@R_H;mUiOy7)wyU0 z9WHJNMZ9SC6xBs*=afT2h_<KS21h*>0Eu^Lizl;U|IegTWBm7!=<=?5edC?R#^rOm91|c z0U0`9!w#JRh&A>1RUJa&prkG!7R}Bv8l`$+Y6WVRlVX*Z6>Nd^jwh2Gl>gHXSo@cW zPJeT`FvZ7O0IuZB!g{RXeJ9M>1%r}`Z~rpz^Ew|?pqWAX9Y>(p&RXsBS&x`%p|yu> zp%F@zz(fZrfH~x}C(kV0WvCI5;wcW~ASZ2PGwHttjgI_w;&}ZeQ%)rEb)Qs?svV%t zcm=~m+SKBo6#|RNm-;K0j8nd`Zyx))M36Pum+5oLzfT~%zo4YERibdKtx)&%ePo5^ zUr_j%PL2(apU*|;?Ypzi>d5g~;6{(Iy|0I!{%5@)D7Z)cBmxxi9R4dL#+)3NCf?{^ zG!4{Cl(mn!WjZU>cm!p+`2K$ru5f=~YwGpoj>M$3S;$!I`9JF+`{Ku^4A*Au%^p+t z#;EONg}rC2$mt2x{KdC*@rzbtu}SlTM6r@vik?J|<{FY!2rc|Qz%z$1e~9CPmV$mYL5v_{Mb@(eS@Phf&jrtm-9U61YNPfx589-U-llOtvFr0{YzP&23NLC-oH~e z2^9%$S>oyU?y7*p870-pp%j4pQK`MpnB@ZZdGQ81e0bwsUrh_=OY(?FGj{(~Um4uk zB1Ww`0f%%J44S|KMGXoNjrAO)3~}^DYl};cOSa*F36We(53a#-ljB+Sa06{rLczz_ zFhTMG%YWmVCk*AS@lCm8nC3VO)kKa7Vt=k%WK^;@E&mlql~ZHdUwF zq5T@Ezde?D(ojgo9L?7tjrNteR7^eT#}GWtgJ1FdK=$sN5M`y62=L)QbOJ%SH}`>i z!bhCr<}F+ydf0T94jJqonl(X*Mvt!Y&gBh4h7qq%k`NrK`H3E}!k>ZN;eLItp$GtZ z1m>z629oRcMn+2h23Ws*X+1<_)qJy;V%+i$k~o|1E(|NVKJT_m^8MYzc)8{ottCYz z)>Tny@_stMh0Ajc8eJI$88EzEkYS9Ai}N$lLzO&a{AeA7e4pG3+R(}i@DexI90ZzM zc`{ou8$O==7>=Dl7uY^^?;1j-51TFraZV;KXtugZvpfPDLq($?W^xgmBdxO(>L`CAv5^(+D^32HPgFAWi|N%ox$4DIRbgumpI9OEG^B#$R>927;p`!1F&QbW_Y z^t=0qfU+46J3Lb`pjVZK|HuJd9xOXJIM{xxQ`pn4@+dcszRwAS8;D$!Z)%d2^}Da< zAuwj&^W*heExs7Phw}`I217NPeuZo#xu~+tdS8&4Im_6ab>uH+`Wgyq9DG;NnqmpH zUI{5)525Zs{Dsc;dY9M$1}qNq17NF#wTZRMXLRc(&%)iEVsJ5;f#qIQWGn1^1~mp^ z-fOHFCWyK@GVP6jdi9a;@cSGS=v8sO1%@NVKdbZP1v>{bXDu+PU&6<{9rd>F6o1R| z@l{X3jtbP-u?PXoiAb?0Gcxeu0E}H>B$(O$dzIfHQ*t5)Ya7}chl&$9TA>jPA z_)hb-O=0mNb(7p}ys#R+w3u@Xh=i%E%3lGPahnCnBLP|KDJdn?h6;17D}#4XBb> zPgM>j#^S)Ge{J+rA6$lVPZtPutrZc@u9Aem=^uG=2`K5Ornmj>hDKLwykqMZcT323 zYB&V@0v~^S;fDCwi!HvL#;v^(j#%SVeKSa4$UYZO61N=+pJqU}AUGsl1V#gE0qdmxvZ|UR7x5FIUC_*f`^6<2)*GQ|3wlmxq&y=zY_gZ#jBBP1tvfd z5r#uZTQoVKW8W`@FVCgvxE(OXKZWnD`4yg^|Ka&Ql3(=kOj)nfcS?8o?CJRabOZ9M zNvbN%ifI@6Zmpso^yXWxGk~8O{ST^GGEY=`r=TI4B1Q`H*cQpeEDuLuCpXZU1fAbg zF(qeB?9u#s{ASI8=3KWDN2F>yN5;`kRu@HwQmF}@!IyAslkxn=zpz}Mp3KGVI7a=< zkh8-X(F>FdM-UHq+|H+iJJosguVnRa$N1OFGa{rm-^P~vFG=I=*-8jd^J{$f(+{hW z6*OFRJ3(c#0cPLV)NxvU7*_P}#`AhVv0UxA?gU== zJW?5XGotUrGRO3CYKt5NJoX>e0h}u7R54dSeJzt$?slP94`r3Z^=SpeCoheNwQx^-ktt~XA3QufCbaS3$lNHMyfA?@7kMgDT zTrM-JmwNoZe3I$)zhQEFZl1=qu&-fD-y4MJnD>0t>M`GP;}?C2EP6IvAm8W(sZ>36 zTR+pn%9YTjfjw&W>Y~ya=FA4I8C6`52p(KgIhvN{F)69-1h&1Rt8lVw<<#P;D?9sB z@hrcCKGp{pGJMz&`vn3P1Q+G)Q8HfG3OG=z#rHgDXfg^!=~>g&FsHfQO*guCvw9Xa zNNV7}MRE44zT*fB&i;kUtnwGqOX)nXXrd8g--i1=pP5=&nU6pRR~7->>&)zAyj?8h z$na$CA_3=?sNt*E=8k?+M6|$4y}`;~xqPM)CUybh4n<{+21?>;vX8%Sv5%=HT`Dov zI@&aCm+~OXt%O_~s;PO2TH5J226Q#LeftUK)C==U=?$#Cb*+{s1Ez}QJU@?b`y;Wh zg8Rxa8&xbC-|a)5;Wpg44L7Qvd6(AjCV`+ysQLd?DkN@ct)rl9tOwMK3$KZRnBY{c z4Vvze8r;B0>g$#jhewj|G!l>McwIAFrEb?tzFFnlM88PA@jiK)+12n`9Roz5a&RT~864WXjPjX^L`-Mb?5}Q?&bQBFgeyW?c$j%j3Qsw*T9)E7;gc zcz`*XmFdV9&!BjTIPzD?Ay4^OvZRd zIw?UnBZJNDrIIV!zPB!}AKNI1aarE3fYm&g@;1Ej#WQD*n{fudJ`Wpf^dwK)#r3{` zt%eufCK$X*mxuBjU$+JzD;X^xs*YV_cX#jQq!3zxx7&Gj{m^{_-?;91uC2@Yd|O;bgNZR#SCo?z+j)|{Z6C^Y4IrvGc-&kq z?Us9*db;o=87(LIeUX6En`|o}_l}DPvyer&i*oKb2Yw!E<>r=4r?Z&yAC}*$iQ55Y zBKMhu)E1Wzz+lk+>{g4BXV(eMGOSL|OJ)u#(}G!oM?D%88KrbZ?z|9crE~&6A2$OE z4sQx_N(-a!Y95tb&dRdox5^!MyUCP!d+!KQ1i@yinsS8b7y|D1jI5CMf~g2q;9iKh zAFinZjzk&5_&Ds*2m2Q@bbGw=v9V6sEYH~0fkX_!j?-^Sq9zgW2{>2$jmXLrqY82 zF1Sb>-)F0}VU)vMI%4sFx??c}zeuS~l;0M-Q@^;cTp&OS)~n9f~mLQcAUCopWUz<l4(~=B08q!EF zsj$RVY;suD;nkt4X7+n59}(~*g;cNk?h`pLHa0#!WJDJ~Xq>+(dpgy}T#2gqscY`> zPDIFG{}&4}9m*_-^ONBN_Z|99HjhJP2>Jl0gF zfvzy+t?Hl8y1gq%cS0Ilq<@-JxHuOm?lpWl%8pW+$_rGCQ+)3yd2C8z$3YLJ!{ZW7 z&MIx!Mel%f2_Un{J-VXf zRA3COe4dE-byQqWYGe+~>PG^i60WUUT&-*QvQ02i2a_Q^J2&8G;NK<({mKHWQ|kSrM#ohVBs{&uwqbbb4>ba zn3)Xktd73!IlE6@trHHqlG*j_=tI?6CzE^DWNZk?|W|thN zRrFFa>j8@Fd$Usb4kc^0UR&=O4#_n5>@IrZ28LGKX1D@&cK>eQAIS|$6f(!Crbf1P z-WTF-q(unC&Z}`sLe~?4BzOW&QZrUjk5>xyHAWF9baZIRUn7IAUB3l|2;&W|bRX8A z*WO%eN`{?#+i+)-##bsgWRhWcDCHtsEoj|*^K>1it*E-_(zIRhgT=wyFfsBNQRDEA z=cx|j36a;9Rt8m@)v7KxvDslR4BhpNLc+?+)z|DXj!jlHOB+1?GFHF!KI>zG;+!U2dA9I|52f-{acFcR-TJ){5BdU7H_=ABfSjlMIflY#E+m zs(LlDw3QwsywG$-uUQwe8+t9{H>)=tTGbonUQLzej0o({ki?4-fE|l0YCt1t*qwr z)NU@bjdxxpyH!~HD+PhiMzcQg=d*wL{-ece0q@v7z^agp(3m^aGc&tPfz11FK< zFr~APGF6G|+R&$P;Pcx0(+@9gXUwFL&7!tGCkD=1GT?himZRcXGSaT`dA;%KkMaLN zB@*)xVfL_QO!Ynv6D#HYji39ak~IEGY2_@TF%h?)(9d31Ja{u4<=N9&?}sJia{cXA z54Y|_QkT#PlH|7jjR|^EFO_ z>9>i+c=+XlSv?)aZTQ5)c<|imM0d@ALeH*C*G0T2(GPc^|I_$q^*iASV?rLX8_9QS z{B-q1=UjnZC4Vwy+hK_rbnV#2ggf2coB^HAzfRb4hVkhm@H=XF%~znd!KIL88u9H$ zP-mC&NsENz)D>Du(FZ_T20ezHn#RGBtG910-OXPkdSO0O@6UIebC+<&%oT;LE>h#t zro3ZZ`rn&)SQu7*Sn(%ya`O^|+gpz1fhTW>6m8m!tf*i#%6!XPXdr3nva-DA=jY<{ z#FChNwT*3<{Gj-P$6I8Y+@6I(xVrR$VX3?#luob?HTZ!(0D)29rg*OKYk8k-n-1IDsq?d z++}BFpiWW1o2Is$rRs3>_jo>)BAqEGH?AFQ7v-)^%X};1*faAw2%Cn^v}V^gSTz>> zTW_XeoL1Cxx^&HYR(dx){Y)YyzLkFxDzABctryxgxuM{}u8}`gSzF2Az~y;ZzojGd zH1T+FqSF%|`cJuy*k_=v;pzU#$*HBKsqw(`A9z^o9p-5&UPO739(0D1KZ7^yDo~!V z{RQE%ZJoKdR}QbM>EBB)gmhip2qDIj8M|A!hjg?SxzO@!mTTta#w$D@$!7gBd;yl< zJ`x`AM2SBreyjnmUSfKV1s)&6f-7cSyF)UJl`J}wA|hv84WE!8 z3u;C>4MaRMnjWPZv)|Nn_*JP+0?1S<*+kdSytMiRD zLnh)vHo=j@)r|ISj&mAK;c_1K70*6T(Ce*ipfXAH8SM&DN0(iu{7VMfeKh|rYb^zA zglrai6Yp3d)>mXcLF2!)c5yCa*_rjTMEzg7tgo|GK5MR>Hwe>IC)!#{!;MmWZK!0C z#sF3~UoS+x%8^g%&*tsFY#W;T#3XvVg(MN4F^Tj@YQs`0^U72Pn#y=vmuUWero#?n zoMeQH%_;Qj!&ZvURRd#+6OD`?A?IpOvzPlMJHnY{L3r$84YJ`x52nZgtB6)mD?MuS zLt62tQs=W@pVv%-nHx5o?!iNVj+^hqJ)@aZs4nq%!zXI7Jb7K^EmFY$=@UQ-6C!Gp z%RgVORa}K}qm$|AF3Oq4_(?@+IHr#X>8mB=`$-uY#ObJ*n`Rd`bn0jratlr2Y6^cD z(LKi=mx!H?cz$bU#x?>|DE|6xe?QE6dqjW&bJhU*>TIPw`8LeU_>quml#O;`C@p16 zQ_ZiW3Glx^-B@uqQ;!y)gTOq-NPD0-tM<1c$vb3A-*s)0h>9YW2#Y7YwmKO^0ju|7 zEz^Gk^5?ilY1!bS!UOR-^7lC=F#h2M(qW44L)p*{rT?yfAA zF_EkdgIk~TL6;#<-(8CerYTQUrF??L@C_Dx?1hVe$^T00U&p`$KfEsB&Vqu)YAfhZ7OmS><}H1^jM)hdp% zFK_lB!pZ5n>F5dTg>1WEQne~FB*(hpx^i;l11Bs`5QAB>%2v?$;VL37sA0s46#oix zeD|pt>XLu^IK;2b5HTGzEpq}5NeN2iVQ0^8R312CS@RciCi=^F%fL@uWE}TG*f9Kg zO~qjD(qSKfVio*XJ5aOaeH4!a>ZvF1`7=QH)-b5m-t<6KX*g)gIxBl&A`1O)HqBwctg#Dauo9NVR3hLL$VWRb* z*)Q05970F3+axqjf4J1&8Y}0O5?0+}Yh#giJ3evbeO#MY56nZPf;+V)OO%D7o8BM1 zyj|G`|8kK>EJceuQ^;ByTqpn^!?&p4kj*yX6ptQo;ySt9#NX>Td|)MGyp6gNP+C2h z+is3gW0sPOp>SvUIpx>%#WV ze|%U3VnP^8)wZspT_KGP4fUL3I_~sq1Z`~NDas|F?#iN|ha)c;N7C@u4MW{lJGhP_ zr6HuE;(!vb8jm2Ij5IvuMyVjs(s#dYJS%rKegvn7XeMua;HP?4Hh4!Nc*=w z|5PzY7TIjVoRe?)iOfIam^r2%Y!3~3$Tt(FvUrjlHDMQp#GMjaWZO2sA`qXIFR`P> z5>~P2!#vLBB^lJDP7BiT&~RE`uuF7p{gMJm^NIA$(NtYSU%5G>a5l8N`eW=--6Rj` z5YuavV#dgG`-e*P52t^e%lhbU`+WWUrl-D-M(>Fevz_YiOoWSB$}#>X{Om6M?ll%t zsb~u7*e-SwPEZm`w;8?(=V5MNJRt)5G++ z&2BqXJh*-2)ov%P2be!+Zc8m=?m3g3>wdHw;n6j2UeQ}R$*N{nJ{xC){{{fDYU5q7 z8G@$d$2osr;w~F@G5H)!vz2;|UsIC<2(AM&TVNiP`x|5WiN_Zjq{TL-5 zLOx|)L)Ayu_RUnne4kysiH%ZWGW*jsHfqlG>zg?qWu`2eRlSdi!ddzYfuPf=YH{-P z-7~x>u6)cTW!IQWR*j+>zDBGy{}m-dLxqrCKK`{d=e3S1d380!jA~8_99FCMWTV+b zKD09no%cy(a{UuNzO{iK22qs-9BC>p5t(%8oA?4 zZTlQCQ|81OpH6X`*wtR*hjRB*FI2Zcfxg^6!gQB^F>N;P6yTAzYG8D|5hwdD0ld|+51Q1QOAH9q&*u-_} z_0#bP&ijFwoX)yamr=m+>TqEw7Q3B^W5_0#uXO~^t)QR!Fm1o_E}EPyfVV#D+K=s^ zeL2d`lZzgGer9Jhh3o{If}%Poi(jr+x6z0+!p9f1(nNVz8hMB zl=$&sDDH2CALDg3_09=iYF=6f!H#8j5Xl)z1M;);W)OmNCzJ?6yPa_(R~~~z#&|Z! z=>;%(--7)IFHA~u8><4%(>J{MdAfxp`EwF{^*Y!h!7!?BF_9wOpZ}&{PQVhm(~f0 zSHCd2AxoFyr-wh`ojM*7AjwrkB(IucnXW);|3h}Dbl^XlkTt@PCvl^cctsB(q0z1? z00z>b@!#_6J%KY2sqMStN-=z)m!e+QYTDyM*#ahP-OVkn+{}x7{Yv*EYbtn>r~A~^ zUD+u+)Rgttvc-972Ff38$EWn^Qq)m{w%$2GJOQ-fc^Lm~&#GMS3N< z7R@Aobv!i5gatIUs3}|e3avlhg7_WhiqW(Q4kkl_?i{pptN5=hrFOCsF?qsmECRxK zXmftq3ORk93tlBI^&z^V_un8HiYNcD|G7V^niu3l<}%+;ey7eCZo5K&yg4j#UX*Vo z8njw4c&)D(UzheUaz&DD!r%sHs2(t_=dU>~eDA)6GpbJw=%@989|)wBD?7-~8Puw$@=K20bFtmyw`Fh;D~yd8@>?I$r!5 zVbe?X?(#jBbMMLVDw($% zQ!& zWz?u5hyYM5xQtA#8dz=gh@#*yv&?mITzS$8nr=ZJ2z=SvDN0H@I~Ou}uhFuT`!MYg zikpC;DOkzv9mG8}6o!<8~L(qO&4I7a~z^J=zMAh;EfT zIxE~nj~;hez1!$@u~=3M!YWH_5WV-75YdH*mW0Lgd-I(0{0GmxnltCjiJCOuk8UO}PXvx|cery-!oUP+iTY05n0*|za+U6_^Kp4obw4GN`}4&5t@t-wib zZ#W6(m26L{NqeT|ac{;lOQkvNy9EmD=Q8;6+atvz&4wHsnmD=FRPMiV7uGTR<}u_x z_x4%6=9t5)(P8BXCm_wfpq2n{FQLzBuAk%Th%OYM9n zMX}#`HT?hTQMXj?-}NbIsSfM^%2M!Kj|MXKI}_osfMqG8MblU{3r&TN6SuJEgD)0i z>k%Z*1gU^L9pLL}bq#)j$4l_4Hm$^1uMK8|v)*kd?8MLSo%wrsF}SDu-lj>8sd{!N z-VO}J;n1{DcanKk|LWQa4BBTN;4(t!8{rp38g_Rwa_jpLoZSx;>+p94qe1o<>0a+v zZlR6ARXbZ@hjD}(eUnaZ-UGV0M44JE+>}G$>rc<)2uhQjQi8Gf+Gu7-m1Xk0TxS^> zBHoZ*$Emx4KH66@h^MrBU2a`g-HS@@f#ZIgMlD_V66l ztbSfWK`ZNwv7#JwDuR77Y{SQ0Y87x>a}=nf{Gg?cQM^$Pa@WlEe`#~e8mn0QvM`Gg z&Gma}Ln{zGSMiJq25$7A@E^YFyAwSRJ7i@*kLtf7g zrK_rbEuT%;p=1P3e_*YDa1LM`m>wGT<<%>C_J9Wlnc3f6;|@A9Ou4No;r^qwn-;Cb zI2QO0HGE)X91*LTG?hc(Z#LThQ*wCP)U?_K+Kws1Z_=qL(VzRj^}fEjU1lqi78TBp z*T+UKKE$xkD&q@;p!MsR&(!vkfBQz<&<7ZKf78vdfOm8T|^O4W*Y{{?_T6?}WO`-y8NZP%p=g%AQQVQ_`w2ld$~|vNv1f`=vic?WzT^ zt=J70s&$r@_L$7yC7sUM0$voApd-P$o0R9WKsxpgDi+Cm>ig(~+>pJl!`P>+eQUq3 z_&_j(y4I5Xz#MfYW`)-*_1ZMZ7i z%U|arNYM_C7fJ&wV7GVa*^|{AmakRQJnS9&4fEh^=?x<3(IU2Qv~CGGD;=|W(lvvk zA%z3>#V|Cd($C$L%iK%~Nu$z6y&KE?;jr`-O4IwNx4$7gh@v|=ClRP+Rfp8}N0ncBmzS7)w=5{y5MLcV{7-17wKW=uCo!TDr=F^Iv*-bbw>?N=5t!K`Ne}~Il-8|o} z?P=3vQx_mLVFuCGKgJZRjMtUae8h7^+O-a4{$@UbiY&2KEqx*mp}r z7vOvh{-%otl~`*&czmeXF?~kUags2wv6z_W#I1tVuV;CSGGy5MiS&?$SZ!q+$6ja( ze{&VAp4xF5L%SR2pPl&^Jui8ZB1aKWu3un`Ga(v**JPcBvjJxjSpH_9bDq2>Jp)75 zfFt02qPuysK=IXPtu-Nx1Ef7TGIF^Z!NA2;5wKp<{Kd!DH(%PB{_qDZ%Dy`q*&Q4d z6crU!EJCBK#K6F?OT)|9Z)zAh0#o#Tq(CR0uxKONYCO9Ax#rre^fZ|?YW=6tu0!q- zSwq&IOoa98Bqqqm3hGsVsatkBHgOs=97yB4&J~0ocff7F3cv9m*hJ^ei^x>X8&iV9 zRJKBrcH{WcEwiqYe|>;1gH@}Z;;?Kx;)~mr<7gn|mU2ToPes|lJ2a z9c?uvE+=>E*NnY)U*JSvWa#+hs&i$>%J67d(2wJ!Zt*qxMtFqL;sNhkV`C$*XIM{2 zkfCf=UxC<4j;F==TdkgvHCa4hRDkp4jZi-4)h-OZQuNyRKswSfyuq4#7XHs$GFQ)@ z^#x=E(Y~3nKZ%zqkzAkYk{h&=x^#tYzb(W8;4c>BHg%;z7qW;gC~+Z`B1DXq-nF}o zts6Z?jycn9d6C#m(N@&ImN3NAJ8!}HOYVwu?aErHt(5h$rG2-Y5q`;Zuz4&XIub0} zMPuZU^2g|&%eA&*Tj}?A%cC<>1&K`}R@Kjg^BcF`n~nKttcX5>X5 zguQgch_sj>z;b>nbmCwK1Kt{6a16#0Dc>(BLM$5`7yzMJ>(t|LjBd!xPrbdppFRPb zXl7>SGr?&NmQ@wxgTsDU8W13w@Obcko{WpJwl=lbIQsQLYi=&*YB<1d%~uMbmsx1@ z+iUUu24h*>GYVxc!5{~*C4kPkQ#5MhlwLj^$7ij8=_Q;9Vg#P9O86ykhSe_RZNRyt z*}-K+6C_5G1NrAAKl|e5tT0Fy(etiS?z6M@RaHgQWRbwTmbAPs!UtLlRzx!bNT`l} zj@GzhepZ&j2l?*8BZMgaC8i-NyZ$O?z1IuQ*D9V!5-L4SutAy(IfI;dyR=YR6aMSb zUOpp4+{a9;^;|dUeD9qLi+Vcc(RF;I2*Glfs>hu8dco~Brn(%hC<*H6yJm^h_Ctc2 zEAV*#;cO{luXhN*vh?={a4*citpHwSMP(&e+*DJO9F+$UF3CRKQu4pg$j#^(92iJN z4raW4u+%J}qVn(2`T)@z($MtgGT4h)rjxZeKTpS_%GHB*9z#>a1pnE{`Y1{SsgwG* zjz2OnGcywxG#>rq7X#xJ&P=So4o>|xXQ0rbJSi+Z@6$ra;S32d(sVPHN%R>Hs~zF- zWN5$Frgtp}++NKcr#x_7b}#4p>Zik&tb16m@=}`JMZaUW0=ey#OJ_foECk5WCnj;H zTJDR-O}W2HDA3?V#ocnN3sMQFrGOJW5mqD0^p^_NQfa!=sqT7Gp972+6~m?WdbAp8 zcKxdq9txFU=^#niHM>4FYsMl~xP&!`C_V*Ly+=7+EOhQvxWk2!iu@=n?05_4c{SMd lQ-B [!video https://www.microsoft.com/en-us/videoplayer/embed/43942201-bec9-4f8b-8ba7-2d9bfafa8bba?autoplay=false] +
        -

    +
    - - - - - - - - + From 9fd8576e3fb7a85c9b8636e733e5d2cf69a16a6a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Akshatha=20Kommalapati=20=28=F0=9F=90=8D=29?= Date: Sat, 3 Feb 2018 03:37:13 +0000 Subject: [PATCH 085/109] Merged PR 5687: Topic: Set up School PCs Technical Reference policy update Topic: Set up School PCs Technical Reference, Changes: Updated the article date and flipped the default value for the 'Allow system to be shut down without having to log on' value to Enabled. --- education/windows/set-up-school-pcs-technical.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/education/windows/set-up-school-pcs-technical.md b/education/windows/set-up-school-pcs-technical.md index 0deb4b8fbc..3999707536 100644 --- a/education/windows/set-up-school-pcs-technical.md +++ b/education/windows/set-up-school-pcs-technical.md @@ -292,7 +292,7 @@ The Set up School PCs app produces a specialized provisioning package that makes - + From 3e7dd425950de32768da8492f912ff47e15684f7 Mon Sep 17 00:00:00 2001 From: Michael Niehaus Date: Sun, 4 Feb 2018 11:24:45 -0800 Subject: [PATCH 086/109] Update waas-overview.md Changed "about every three years" to "every two to three years" --- windows/deployment/update/waas-overview.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/update/waas-overview.md b/windows/deployment/update/waas-overview.md index 3452191682..dc565440b6 100644 --- a/windows/deployment/update/waas-overview.md +++ b/windows/deployment/update/waas-overview.md @@ -98,7 +98,7 @@ In Windows 10, rather than receiving several updates each month and trying to fi To align with the new method of delivering feature updates and quality updates in Windows 10, Microsoft introduced the concept of servicing channels to allow customers to designate how frequently their individual devices are updated. For example, an organization may have test devices that the IT department can update with new features as soon as possible, and then specialized devices that require a longer feature update cycle to ensure continuity. -With that in mind, Windows 10 offers 3 servicing channels. The [Windows Insider Program](#windows-insider) provides organizations with the opportunity to test and provide feedback on features that will be shipped in the next feature update. The [Semi-Annual Channel](#semi-annual-channel) provides new functionality with twice-per-year feature update releases. Organizations can choose when to deploy updates from the Semi-Annual Channel. The [Long Term Servicing Channel](#long-term-servicing-channel), which is designed to be used only for specialized devices (which typically don't run Office) such as those that control medical equipment or ATM machines, receives new feature releases about every three years. For details about the versions in each servicing channel, see [Windows 10 release information](https://technet.microsoft.com/windows/release-info.aspx). +With that in mind, Windows 10 offers 3 servicing channels. The [Windows Insider Program](#windows-insider) provides organizations with the opportunity to test and provide feedback on features that will be shipped in the next feature update. The [Semi-Annual Channel](#semi-annual-channel) provides new functionality with twice-per-year feature update releases. Organizations can choose when to deploy updates from the Semi-Annual Channel. The [Long Term Servicing Channel](#long-term-servicing-channel), which is designed to be used only for specialized devices (which typically don't run Office) such as those that control medical equipment or ATM machines, receives new feature releases every two to three years. For details about the versions in each servicing channel, see [Windows 10 release information](https://technet.microsoft.com/windows/release-info.aspx). The concept of servicing channels is new, but organizations can use the same management tools they used to manage updates and upgrades in previous versions of Windows. For more information about the servicing tool options for Windows 10 and their capabilities, see [Servicing tools](#servicing-tools). @@ -199,4 +199,4 @@ With all these options, which an organization chooses depends on the resources, - [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md) - [Walkthrough: use Intune to configure Windows Update for Business](waas-wufb-intune.md) - [Manage device restarts after updates](waas-restart.md) - \ No newline at end of file + From a542045456bfd20b44f9ea22770e8b1b07368d29 Mon Sep 17 00:00:00 2001 From: Michael Niehaus Date: Sun, 4 Feb 2018 11:26:12 -0800 Subject: [PATCH 087/109] Update waas-quick-start.md Changed "about every three years" to "every two to three years" --- windows/deployment/update/waas-quick-start.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-quick-start.md b/windows/deployment/update/waas-quick-start.md index 8b85bf57aa..5716edbdd3 100644 --- a/windows/deployment/update/waas-quick-start.md +++ b/windows/deployment/update/waas-quick-start.md @@ -29,7 +29,7 @@ Some new terms have been introduced as part of Windows as a service, so you shou - **Insider Preview** builds are made available during the development of the features that will be shipped in the next feature update, enabling organizations to validate new features as well as compatibility with existing apps and infrastructure, providing feedback to Microsoft on any issues encountered. - **Servicing channels** allow organizations to choose when to deploy new features. - The **Semi-Annual Channel** receives feature updates twice per year. - - The **Long Term Servicing Channel**, which is designed to be used only for specialized devices (which typically don't run Office) such as those that control medical equipment or ATM machines, receives new feature releases about every three years. + - The **Long Term Servicing Channel**, which is designed to be used only for specialized devices (which typically don't run Office) such as those that control medical equipment or ATM machines, receives new feature releases every two to three years. - **Deployment rings** are groups of devices used to initially pilot, and then to broadly deploy, each feature update in an organization. See [Overview of Windows as a service](waas-overview.md) for more information. From 300a601fdf53a1083d9e8f306916093b29479eae Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Mon, 5 Feb 2018 16:34:32 +0000 Subject: [PATCH 088/109] Merged PR 5694: Fix link in HoloLens --- devices/hololens/hololens-upgrade-enterprise.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/hololens/hololens-upgrade-enterprise.md b/devices/hololens/hololens-upgrade-enterprise.md index 1e4fbc3f9e..cc97f37aba 100644 --- a/devices/hololens/hololens-upgrade-enterprise.md +++ b/devices/hololens/hololens-upgrade-enterprise.md @@ -12,7 +12,7 @@ ms.date: 02/02/2018 # Unlock Windows Holographic for Business features -Microsoft HoloLens is available in the *Development Edition*, which runs Windows Holographic (an edition of Windows 10 designed for HoloLens), and in the [Commercial Suite](https://developer.microsoft.com/windows/mixed-reality/release_notes#introducing_microsoft_hololens_commercial_suite), which provides extra features designed for business. +Microsoft HoloLens is available in the *Development Edition*, which runs Windows Holographic (an edition of Windows 10 designed for HoloLens), and in the [Commercial Suite](https://developer.microsoft.com/windows/mixed-reality/release_notes_-_august_2016#introducing_microsoft_hololens_commercial_suite), which provides extra features designed for business. When you purchase the Commercial Suite, you receive a license that upgrades Windows Holographic to Windows Holographic for Business. This license can be applied to the device either through the organization's [mobile device management (MDM) provider](#edition-upgrade-using-mdm) or a [provisioning package](#edition-upgrade-using-a-provisioning-package). From ba9777fef37b3d23bd58474f42cd60d07af9ba33 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Mon, 5 Feb 2018 08:57:45 -0800 Subject: [PATCH 089/109] removed Enhanced option from the note --- ...windows-operating-system-components-to-microsoft-services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index b4b6298953..543b74e677 100644 --- a/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1437,7 +1437,7 @@ To change the level of diagnostic and usage data sent when you **Send your devic - Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DataCollection\\AllowTelemetry**, with a value of 0-3, as appropriate for your deployment (see below for the values for each level). > [!NOTE] -> If **Security** or **Enhanced** options are configured by using Group Policy or the Registry, the value will not be reflected in the UI. +> If the **Security** option is configured by using Group Policy or the Registry, the value will not be reflected in the UI. -or- From eb07a5f40cf364fafaa923ffa33d20546560c6e2 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Mon, 5 Feb 2018 17:29:53 +0000 Subject: [PATCH 090/109] Merged PR 5697: fix broken links - Surface Hub downloads --- devices/surface-hub/surface-hub-downloads.md | 24 ++++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/devices/surface-hub/surface-hub-downloads.md b/devices/surface-hub/surface-hub-downloads.md index 838e8452a9..33ef0f983f 100644 --- a/devices/surface-hub/surface-hub-downloads.md +++ b/devices/surface-hub/surface-hub-downloads.md @@ -17,21 +17,21 @@ This topic provides links to useful Surface Hub documents, such as product datas | Link | Description | | --- | --- | -| [Surface Hub Site Readiness Guide (PDF)](https://www.microsoft.com/surface/support/surface-hub/surface-hub-site-readiness-guide) | Make sure your site is ready for Surface Hub, including structural and power requirements, and get technical specs for Surface Hub. [Watch the video (opens in a pop-up media player)](http://compass.xbox.com/assets/27/aa/27aa7dd7-7cb7-40ea-9bd6-c7de0795f68c.mov?n=04.07.16_installation_video_01_site_readiness.mov) | -| [Surface Hub Setup Guide (English, French, Spanish) (PDF)](https://www.microsoft.com/surface/support/surface-hub/surface-hub-setup-guide) | Get a quick overview of how to set up the environment for your new Surface Hub. | -| [Surface Hub Quick Reference Guide (PDF)](https://www.microsoft.com/surface/support/surface-hub/surface-hub-quick-reference-guide) | Use this quick reference guide to get information about key features and functions of the Surface Hub. | +| [Surface Hub Site Readiness Guide (PDF)](http://download.microsoft.com/download/3/8/8/3883E991-DFDB-4E70-8D28-20B26045FC5B/Surface-Hub-Site-Readiness-Guide_EN.pdf) | Make sure your site is ready for Surface Hub, including structural and power requirements, and get technical specs for Surface Hub. [Watch the video (opens in a pop-up media player)](http://compass.xbox.com/assets/27/aa/27aa7dd7-7cb7-40ea-9bd6-c7de0795f68c.mov?n=04.07.16_installation_video_01_site_readiness.mov) | +| [Surface Hub Setup Guide (English, French, Spanish) (PDF)](http://download.microsoft.com/download/0/1/6/016363A4-8602-4F01-8281-9BE5C814DC78/Setup-Guide_EN-FR-SP.pdf) | Get a quick overview of how to set up the environment for your new Surface Hub. | +| [Surface Hub Quick Reference Guide (PDF)](http://download.microsoft.com/download/9/E/E/9EE660F8-3FC6-4909-969E-89EA648F06DB/Surface Hub Quick Reference Guide_en-us.pdf) | Use this quick reference guide to get information about key features and functions of the Surface Hub. | | [Surface Hub User Guide (PDF)](http://download.microsoft.com/download/3/6/B/36B6331E-0C63-4E71-A05D-EE88D05081F8/surface-hub-user-guide-en-us.pdf) | Learn how to use Surface Hub in scheduled or ad-hoc meetings. Invite remote participants, use the built-in tools, save data from your meeting, and more. | | [Surface Hub Replacement PC Drivers](https://www.microsoft.com/download/details.aspx?id=52210) | The Surface Hub Replacement PC driver set is available for those customers who have chosen to disable the Surface Hub’s internal PC and use an external computer with their 84” or 55” Surface Hub. This download is meant to be used with the Surface Hub Admin Guide , which contains further details on configuring a Surface Hub Replacement PC. | -| [Surface Hub SSD Replacement Guide (PDF)](https://www.microsoft.com/surface/en-us/support/surfacehubssd) | Learn how to replace the solid state drive (SSD) for the 55- and 84-inch Surface Hub. | +| [Surface Hub SSD Replacement Guide (PDF)](http://download.microsoft.com/download/1/F/2/1F202254-7156-459F-ABD2-39CF903A25DE/surface-hub-ssd-replacement-guide_en-us.pdf) | Learn how to replace the solid state drive (SSD) for the 55- and 84-inch Surface Hub. | | [Microsoft Surface Hub Rollout and Adoption Success Kit (ZIP)](http://download.microsoft.com/download/F/A/3/FA3ADEA4-4966-456B-8BDE-0A594FD52C6C/Surface_Hub_Adoption_Kit_Final_0519.pdf) | Best practices for generating awareness and implementing change management to maximize adoption, usage, and benefits of Microsoft Surface Hub. The Rollout and Adoption Success Kit zip file includes the Rollout and Adoption Success Kit detailed document, Surface Hub presentation, demo guidance, awareness graphics, and more. | -| [Unpacking Guide for 84-inch Surface Hub (PDF)](https://www.microsoft.com/surface/support/surface-hub/surface-hub-unpacking-guide-84) | Learn how to unpack your 84-inch Surface Hub efficiently and safely. [Watch the video (opens in a pop-up media player)](http://compass.xbox.com/assets/75/2b/752b73dc-6e9d-4692-8ba1-0f9fc03bff6b.mov?n=04.07.16_installation_video_03_unpacking_84.mov) | -| [Unpacking Guide for 55-inch Surface Hub (PDF)](https://www.microsoft.com/surface/support/surface-hub/surface-hub-unpacking-guide-55) | Learn how to unpack your 55-inch Surface Hub efficiently and safely. [Watch the video (opens in a pop-up media player)](http://compass.xbox.com/assets/a9/d6/a9d6b4d7-d33f-4e8b-be92-28f7fc2c06d7.mov?n=04.07.16_installation_video_02_unpacking_55.mov) | -| [Wall Mounting and Assembly Guide (PDF)](https://www.microsoft.com/surface/support/surface-hub/surface-hub-wall-mounting-assembly-guide) | Detailed instructions on how to safely and securely assemble the wall brackets, and how to mount your Surface Hub onto them. [Watch the video (opens in a pop-up media player)](http://compass.xbox.com/assets/bf/4d/bf4d6f06-370c-45ee-88e6-c409873914e8.mov?n=04.07.16_installation_video_05_wall_mount.mov) | -| [Floor-Supported Mounting and Assembly Guide (PDF)](https://www.microsoft.com/surface/support/surface-hub/surface-hub-floor-supported-mounting-assembly-guide) | Detailed instructions on how to safely and securely assemble the floor-supported brackets, and how to mount your Surface Hub onto them. [Watch the video (opens in a pop-up media player)](http://compass.xbox.com/assets/ed/de/edde468a-e1d4-4ce8-8b61-c4527dd25c81.mov?n=04.07.16_installation_video_06_floor_support_mount.mov) | -| [Rolling Stand Mounting and Assembly Guide (PDF)](https://www.microsoft.com/surface/support/surface-hub/surface-hub-rolling-stand-mounting-assembly-guide) | Detailed instructions on how to safely and securely assemble the rolling stand, and how to mount your Surface Hub onto it. [Watch the video (opens in a pop-up media player)](http://compass.xbox.com/assets/1f/94/1f949613-3e4a-41e3-ad60-fe8aa7134115.mov?n=04.07.16_installation_video_04_rolling_stand_mount.mov) | -| [Mounts and Stands Datasheet (PDF)](https://www.microsoft.com/surface/support/surface-hub/surface-hub-mounts-and-stands-datasheet) | Specifications and prices for all Surface Hub add-on stands and mounts that turn your workspace into a Surface Hub workspace. | -| [Surface Hub Stand and Wall Mount Specifications (PDF)](https://www.microsoft.com/surface/support/surface-hub/surface-hub-stand-and-wall-mount-specs) | Illustrated specifications for the 55” and 84” Surface Hub rolling stands, wall mounts, and floor-supported wall mounts. | -| [Surface Hub Onsite Installation and Onsite Repair/Exchange Services FAQ (PDF)](https://www.microsoft.com/surface/en-us/support/surface-hub/onsite-installation-repair-faq) | Get answers to the most common questions about Surface Hub onsite service offerings and delivery. | +| [Unpacking Guide for 84-inch Surface Hub (PDF)](http://download.microsoft.com/download/5/2/B/52B4007E-D8C8-4EED-ACA9-FEEF93F6055C/84_Unpacking_Guide_English_French-Spanish.pdf) | Learn how to unpack your 84-inch Surface Hub efficiently and safely. [Watch the video (opens in a pop-up media player)](http://compass.xbox.com/assets/75/2b/752b73dc-6e9d-4692-8ba1-0f9fc03bff6b.mov?n=04.07.16_installation_video_03_unpacking_84.mov) | +| [Unpacking Guide for 55-inch Surface Hub (PDF)](http://download.microsoft.com/download/2/E/7/2E7616A2-F936-4512-8052-1E2D92DFD070/55_Unpacking_Guide_English-French-Spanish.PDF) | Learn how to unpack your 55-inch Surface Hub efficiently and safely. [Watch the video (opens in a pop-up media player)](http://compass.xbox.com/assets/a9/d6/a9d6b4d7-d33f-4e8b-be92-28f7fc2c06d7.mov?n=04.07.16_installation_video_02_unpacking_55.mov) | +| [Wall Mounting and Assembly Guide (PDF)](http://download.microsoft.com/download/7/0/2/702485E3-B55E-4DE8-B5DD-3B56F90DCF5D/SH-Guide_WACG_Wall_Mounts_EN-FR-ES-NL-DE-IT-PT-AR-DA-FI-NO-SV.pdf) | Detailed instructions on how to safely and securely assemble the wall brackets, and how to mount your Surface Hub onto them. [Watch the video (opens in a pop-up media player)](http://compass.xbox.com/assets/bf/4d/bf4d6f06-370c-45ee-88e6-c409873914e8.mov?n=04.07.16_installation_video_05_wall_mount.mov) | +| [Floor-Supported Mounting and Assembly Guide (PDF)](http://download.microsoft.com/download/7/0/2/702485E3-B55E-4DE8-B5DD-3B56F90DCF5D/SH-Guide_WACG_Floor_Support_Mount_EN-FR-ES-NL-DE-IT-AR-DA-FI-NO-SV.pdf) | Detailed instructions on how to safely and securely assemble the floor-supported brackets, and how to mount your Surface Hub onto them. [Watch the video (opens in a pop-up media player)](http://compass.xbox.com/assets/ed/de/edde468a-e1d4-4ce8-8b61-c4527dd25c81.mov?n=04.07.16_installation_video_06_floor_support_mount.mov) | +| [Rolling Stand Mounting and Assembly Guide (PDF)](http://download.microsoft.com/download/7/0/2/702485E3-B55E-4DE8-B5DD-3B56F90DCF5D/SH-Guide_WACG_Rolling_Stands_EN-FR-ES-NL-DE-IT-AR-DA-FI-NO-SV.pdf) | Detailed instructions on how to safely and securely assemble the rolling stand, and how to mount your Surface Hub onto it. [Watch the video (opens in a pop-up media player)](http://compass.xbox.com/assets/1f/94/1f949613-3e4a-41e3-ad60-fe8aa7134115.mov?n=04.07.16_installation_video_04_rolling_stand_mount.mov) | +| [Mounts and Stands Datasheet (PDF)](http://download.microsoft.com/download/5/0/1/501F98D9-1BCC-4448-A1DB-47056CEE33B6/20160711_Surface_Hub_Mounts_and_Stands_Datasheet.pdf) | Specifications and prices for all Surface Hub add-on stands and mounts that turn your workspace into a Surface Hub workspace. | +| [Surface Hub Stand and Wall Mount Specifications (PDF)](http://download.microsoft.com/download/7/A/7/7A75BD0F-5A46-4BCE-B313-A80E47AEB581/20160720_Combined_Stand_Wall_Mount_Drawings.pdf) | Illustrated specifications for the 55” and 84” Surface Hub rolling stands, wall mounts, and floor-supported wall mounts. | +| [Surface Hub Onsite Installation and Onsite Repair/Exchange Services FAQ (PDF)](http://download.microsoft.com/download/B/D/1/BD16D7C5-2662-4B7D-9C98-272CEB11A6F3/20160816%20SurfaceHub_Onsite%20Services%20FAQs%20FINAL.PDF) | Get answers to the most common questions about Surface Hub onsite service offerings and delivery. | From 1acf6a3c7c861e7fb005f368673dad6402258cde Mon Sep 17 00:00:00 2001 From: Benjamin Howorth Date: Mon, 5 Feb 2018 18:38:13 +0000 Subject: [PATCH 091/109] Updated educator-tib-get-started.md --- education/trial-in-a-box/educator-tib-get-started.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/education/trial-in-a-box/educator-tib-get-started.md b/education/trial-in-a-box/educator-tib-get-started.md index 1f647b7dbb..125ea5cd60 100644 --- a/education/trial-in-a-box/educator-tib-get-started.md +++ b/education/trial-in-a-box/educator-tib-get-started.md @@ -40,8 +40,9 @@ ms.date: 01/12/2017 ## 1. Log in and connect to the school network To try out the educator tasks, start by logging in as a teacher. -1. Log in to **Device A** using the **Teacher Username** and **Teacher Password** included in the **Credentials Sheet** located in your kit. -2. Connect to your school's Wi-Fi network or connect with a local Ethernet connection. +1. Turn on **Device A** and ensure you plug in the PC to an electrical outlet. +2. Log in to **Device A** using the **Teacher Username** and **Teacher Password** included in the **Credentials Sheet** located in your kit. +3. Connect to your school's Wi-Fi network or connect with a local Ethernet connection.
    From 132fd01da4ecd95e3f1241e86e54654c79228b77 Mon Sep 17 00:00:00 2001 From: Benjamin Howorth Date: Mon, 5 Feb 2018 18:38:49 +0000 Subject: [PATCH 092/109] Updated itadmin-tib-get-started.md --- education/trial-in-a-box/itadmin-tib-get-started.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/education/trial-in-a-box/itadmin-tib-get-started.md b/education/trial-in-a-box/itadmin-tib-get-started.md index 29f0a0de6c..5164c21a1d 100644 --- a/education/trial-in-a-box/itadmin-tib-get-started.md +++ b/education/trial-in-a-box/itadmin-tib-get-started.md @@ -45,9 +45,10 @@ If you run into any problems while following the steps in this guide, or you hav ## 1. Log in to Device A with your IT Admin credentials and connect to the school network To try out the IT admin tasks, start by logging in as an IT admin. -1. Log in to **Device A** using the **Administrator Username** and **Administrator Password** included in the **Credentials Sheet** located in your kit. -2. Connect to your school's Wi-Fi network or connect with a local Ethernet connection. -3. Note the serial numbers on the Trial in a Box devices and register both devices with the hardware manufacturer to activate the manufacturer's warranty. +1. Turn on **Device A** and ensure you plug in the PC to an electrical outlet. +2. Log in to **Device A** using the **Administrator Username** and **Administrator Password** included in the **Credentials Sheet** located in your kit. +3. Connect to your school's Wi-Fi network or connect with a local Ethernet connection. +4. Note the serial numbers on the Trial in a Box devices and register both devices with the hardware manufacturer to activate the manufacturer's warranty.
    From d4628ea1da12064c05c60daa5b47560d5c101754 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Mon, 5 Feb 2018 11:57:12 -0800 Subject: [PATCH 093/109] removed 1703 references --- ...ndows-operating-system-components-to-microsoft-services.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 543b74e677..6e4fb6acdd 100644 --- a/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -73,9 +73,9 @@ The following sections list the components that make network connections to Micr If you're running Windows 10, they will be included in the next update for the Long Term Servicing Branch. -### Settings for Windows 10 Enterprise, version 1703 +### Settings for Windows 10 Enterprise -See the following table for a summary of the management settings for Windows 10 Enterprise, version 1703. +See the following table for a summary of the management settings for Windows 10 Enterprise, version 1709 and Windows 10 Enterprise, version 1703. | Setting | UI | Group Policy | MDM policy | Registry | Command line | | - | :-: | :-: | :-: | :-: | :-: | From d9ef04f50dc6b2f05933eed67d1a240d6c0b6647 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Mon, 5 Feb 2018 12:15:28 -0800 Subject: [PATCH 094/109] added restart recommendation --- ...perating-system-components-to-microsoft-services.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 6e4fb6acdd..9a84d910aa 100644 --- a/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -27,7 +27,15 @@ If you want to minimize connections from Windows to Microsoft services, or confi You can configure diagnostic data at the Security level, turn off Windows Defender diagnostic data and MSRT reporting, and turn off all other connections to Microsoft network endpoints as described in this article to help prevent Windows from sending any data to Microsoft. There are many reasons why these communications are enabled by default, such as updating malware definitions and maintain current certificate revocation lists, which is why we strongly recommend against this. This data helps us deliver a secure, reliable, and more delightful personalized experience. -To help make it easier to deploy settings to restrict connections from Windows 10 to Microsoft, you can apply the [Windows Restricted Traffic Limited Functionality Baseline](https://go.microsoft.com/fwlink/?linkid=828887). This baseline was created in the same way as the [Windows security baselines](/windows/device-security/windows-security-baselines) that are often used to efficiently configure Windows to a known secure state. Running the Windows Restricted Traffic Limited Functionality Baseline on devices in your organization will allow you to quickly configure all of the settings covered in this document. However, some of the settings reduce the functionality and security configuration of your device and are therefore not recommended. Make sure should you've chosen the right settings configuration for your environment before applying. You should not extract this package to the windows\\system32 folder because it will not apply correctly. Applying this baseline is equivalent to applying the Windows 10 steps covered in this article. +To help make it easier to deploy settings to restrict connections from Windows 10 to Microsoft, you can apply the [Windows Restricted Traffic Limited Functionality Baseline](https://go.microsoft.com/fwlink/?linkid=828887). +This baseline was created in the same way as the [Windows security baselines](/windows/device-security/windows-security-baselines) that are often used to efficiently configure Windows to a known secure state. +Running the Windows Restricted Traffic Limited Functionality Baseline on devices in your organization will allow you to quickly configure all of the settings covered in this document. +However, some of the settings reduce the functionality and security configuration of your device and are therefore not recommended. +Make sure should you've chosen the right settings configuration for your environment before applying. +You should not extract this package to the windows\\system32 folder because it will not apply correctly. + +Applying the Windows Restricted Traffic Limited Functionality Baseline is equivalent to applying the Windows 10 steps covered in this article. +It is recommended that you restart a device after making configuration changes to it. We are always striving to improve our documentation and welcome your feedback. You can provide feedback by contacting telmhelp@microsoft.com. From e772d0f717eca40497caf99493561743d62f5da1 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Mon, 5 Feb 2018 12:18:49 -0800 Subject: [PATCH 095/109] removed 1703 references --- ...windows-operating-system-components-to-microsoft-services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 9a84d910aa..c1dc0019f4 100644 --- a/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -34,7 +34,7 @@ However, some of the settings reduce the functionality and security configuratio Make sure should you've chosen the right settings configuration for your environment before applying. You should not extract this package to the windows\\system32 folder because it will not apply correctly. -Applying the Windows Restricted Traffic Limited Functionality Baseline is equivalent to applying the Windows 10 steps covered in this article. +Applying the Windows Restricted Traffic Limited Functionality Baseline is the same as applying the steps covered in this article on a device that Windows 10 Enterprise edition. It is recommended that you restart a device after making configuration changes to it. We are always striving to improve our documentation and welcome your feedback. You can provide feedback by contacting telmhelp@microsoft.com. From cc542579a4d6d2a59b804f6b4f18568089483f9f Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Mon, 5 Feb 2018 12:21:11 -0800 Subject: [PATCH 096/109] removed 1703 references --- ...windows-operating-system-components-to-microsoft-services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index c1dc0019f4..9826f1672e 100644 --- a/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -34,7 +34,7 @@ However, some of the settings reduce the functionality and security configuratio Make sure should you've chosen the right settings configuration for your environment before applying. You should not extract this package to the windows\\system32 folder because it will not apply correctly. -Applying the Windows Restricted Traffic Limited Functionality Baseline is the same as applying the steps covered in this article on a device that Windows 10 Enterprise edition. +Applying the Windows Restricted Traffic Limited Functionality Baseline is the same as applying each setting covered in this article. It is recommended that you restart a device after making configuration changes to it. We are always striving to improve our documentation and welcome your feedback. You can provide feedback by contacting telmhelp@microsoft.com. From 93bf8e46cf8bccfa1ce166e90d6d43eb614c33ff Mon Sep 17 00:00:00 2001 From: Maricia Alforque Date: Mon, 5 Feb 2018 21:14:24 +0000 Subject: [PATCH 097/109] Merged PR 5708: UEFI CSP - new configuration service provider --- windows/client-management/mdm/TOC.md | 2 + ...onfiguration-service-provider-reference.md | 30 +- .../mdm/images/provisioning-csp-uefi.png | Bin 0 -> 12134 bytes ...ew-in-windows-mdm-enrollment-management.md | 4 + .../policy-configuration-service-provider.md | 25 +- windows/client-management/mdm/uefi-csp.md | 87 +++++ windows/client-management/mdm/uefi-ddf.md | 330 ++++++++++++++++++ 7 files changed, 453 insertions(+), 25 deletions(-) create mode 100644 windows/client-management/mdm/images/provisioning-csp-uefi.png create mode 100644 windows/client-management/mdm/uefi-csp.md create mode 100644 windows/client-management/mdm/uefi-ddf.md diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index b214cbdc2a..83ddf2f2b7 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -281,6 +281,8 @@ #### [SurfaceHub DDF file](surfacehub-ddf-file.md) ### [TPMPolicy CSP](tpmpolicy-csp.md) #### [TPMPolicy DDF file](tpmpolicy-ddf-file.md) +### [Uefi CSP](uefi-csp.md) +#### [Uefi DDF file](uefi-ddf.md) ### [UnifiedWriteFilter CSP](unifiedwritefilter-csp.md) #### [UnifiedWriteFilter DDF file](unifiedwritefilter-ddf.md) ### [Update CSP](update-csp.md) diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md index a72cf5ff8f..5a601e0ca8 100644 --- a/windows/client-management/mdm/configuration-service-provider-reference.md +++ b/windows/client-management/mdm/configuration-service-provider-reference.md @@ -7,7 +7,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/05/2017 +ms.date: 02/02/2018 --- # Configuration service provider reference @@ -2079,6 +2079,34 @@ Footnotes: + +[Uefi CSP](uefi-csp.md) + + +
    Read what's new in Windows 10 -
    What's New?
    +
    What's New?
    Configure Windows 10 in your enterprise -
    Configuration
    +
    Configuration
    Windows 10 deployment -
    Deployment
    +
    Deployment
    Windows 10 client management -
    Client Management
    +
    Client Management

    -
    +
    Manage applications in your Windows 10 enterprise deployment
    Application Management
    +
    Windows 10 access protection
    Access Protection
    +
    Windows 10 device security
    Device Security
    +
    Windows 10 threat protection
    Threat Protection
    From 8788bc28b8f2b6442441e9dcfbf9e78a424221f4 Mon Sep 17 00:00:00 2001 From: akshko Date: Fri, 2 Feb 2018 18:25:00 -0800 Subject: [PATCH 084/109] Topic: Set up School PCs Technical Reference, updated the article date and flipped the default value for the 'Allow system to be shut down without having to log on' value to Enabled --- education/windows/set-up-school-pcs-technical.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/education/windows/set-up-school-pcs-technical.md b/education/windows/set-up-school-pcs-technical.md index 0deb4b8fbc..3999707536 100644 --- a/education/windows/set-up-school-pcs-technical.md +++ b/education/windows/set-up-school-pcs-technical.md @@ -292,7 +292,7 @@ The Set up School PCs app produces a specialized provisioning package that makes

    Interactive logon: Sign-in last interactive user automatically after a system-initiated restart

    Disabled

    Shutdown: Allow system to be shut down without having to log on

    Disabled

    Shutdown: Allow system to be shut down without having to log on

    Enabled

    User Account Control: Behavior of the elevation prompt for standard users

    Auto deny

    Interactive logon: Sign-in last interactive user automatically after a system-initiated restart

    Disabled

    Shutdown: Allow system to be shut down without having to log on

    Disabled

    Shutdown: Allow system to be shut down without having to log on

    Enabled

    User Account Control: Behavior of the elevation prompt for standard users

    Auto deny

    + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobile Enterprise
    cross markcheck mark4check mark4check mark4check mark4cross markcross mark
    + + + + [UnifiedWriteFilter CSP](unifiedwritefilter-csp.md) diff --git a/windows/client-management/mdm/images/provisioning-csp-uefi.png b/windows/client-management/mdm/images/provisioning-csp-uefi.png new file mode 100644 index 0000000000000000000000000000000000000000..6900dd0c83edda695a164865cba396f9f9528615 GIT binary patch literal 12134 zcmb_?2Ut_hx-|#_DvB7ShysEJ5D<|rT|)80fGE;y5DC)6P^2p=5Q>O2N$3cu5D-GI zqM-=VM0!(tM|uzcB_LQ-@FgcZ>FUy2bGthhEflJ=fZ`Fe7$e1pC(r{F51s9YdwY9R)xxp| zUcGt~78V-zT#52+Xwcpkg8oZOOYq|N5c)^P?aAnwnHkCS85Ucfh0yXveDcB^XYc9~ zZOfeWn%R3~<-;9=MKiOI$2^Ic1 zp9#wacryv>_}l|8)DFPoFeOeqAB_;MN#(4^O@`Q|oh`RYMG+Ja0=fvXp6v^9yU&&m zDB7)?Z)ObpCN>vS*0X3r_DYNIzw@}xwiP%a>+~aDEsUf02`!gaJ=DR@PDj{mqZ;ja zVT7Yhx-~zsLbW7?<3gY?hws|Wxt*=8(p?zEC`}JRX8rE5+orc^ycr{HY@=5^ujsRR zjdt93bGKr5`<#mS5*TjD!1Jh|3o9idZ}=s#a4HvFFx{!^@}Wo20aByml&?F`-=D8` zLQ($VU3d4A%N{q`<`3qsL$m3lBjcYrZ+vY_OFM7PM>*zHp!gJb(Pr zv1Y=Jgzt#>5?sjmwsP@>}#};Lh1cGPEKuXe^8Wsk8NsdYU@oK_Bo|*9y&|>mW~0Xrlm#4%Bt%alf8=ciGF zEmiQyAfzQ&^dYO}SqZ8rClN=9Ena-ZUcU#BNMIOXhD0wL+279IXd zc$~f~F41su^+j^$J0qhGN-Jv^X49^fd`DgfY!l(|8}AiFw-~+hvi#}qUs3)CVg@Qr zs)&48)}7u`1@@^wAdn}}X+9W)%G<^^Wno^I+Y>7n+d=ql^~B6*-I~Y527zdWol&tF zZZN;rW7D(gXQKK1Q?{9JB%Ho?w?|zM^NLkWTdfj&&UX$RJCHs@+s2fXd`#_i&SRZTM*hqMP~ zckG-!nfCNfOj%FIxxQi^jK|7o&HExYp-pug4I&rgFLfUn&w_I4UB(!7!rVpYxPpVT`i~3y206Az9ax;#Xd{>cHTo(_eeDNX zlHwppMBR4n6)op9wDeQxbiFPF7n8ltoDlccJ?BmjoiCki(EzNZB=ks7JBN5?*iQSE zg`1B((eb)BoMZ0I#jGx_nwXna^?8r^m_W*QqRM312RNQV$B$#)@L0l`u2j4~r1RO` z!ZZK*GvP+&+CGHc}pJlW0*jHbutQ*(8$1lUldq~-VSg*yEdMdyDTQc2Ih?p`w+EN z3-dmmE6M9F(x7Z7awSGCre99wjkO);}%8mFnw%se!iH? z_IUS07dtz4(5s&WW0elQC@2_Wl6}nV%2wm8oSp9k z$tbO7A5-{iAF&?dG?C&~J!o|ugc_bDsDp!p=3uGo&W@3%mTXS>rQi2R~XCOH&$$m7T_|ev?l;C0^gxCGczY_txaW#S(oQU@8U`e zZlAf~ikVPs_vvIG3-aJIdLD8+LDn6yXT?QYB5yEK?lZkD0qcA`gZfstFz2l@#2TRU z7jvB5BQLt{zGD)25|(GCY$S4*Q14WG{M5!XmjUd^_H9)7~|9^z--W2i%hTc15b z6^id$`P%(#b=AfCoDw(aYq*$`lhb1A5w*x%hdi{Hh&cgn%qGY$BRaFV>?kA%`{^oS z#|g&kB~;>6=%=wRQnklh^=WUG*ZH)zu}JvJ=>synwrSU_tIGUW6K9RfSNW#TmJG2J ze0BabxZ-_#fTQM0U5(p=;Mpcl-}R}mg@LLWugw>9V%l}#y{V2BBC8+E+}4gZt<5f? zMyh0^(h{%fOt+WXOV&3B`Buf?bRWg3^SdmY=nl}Ieu-~Wyv_+XY!mtL#Qzj+bC!Hs-A1B3iTUMe=X&7N8r}1^Nr{Ti*2H8lJZ#ka?ZGoW{1a zA6fe8IhL+W`f?3Pm#Q5S)0VztHBe^B9I5a|pVQ5s=iCAKH;bHjhUa1#96kehJqLL3 z$rqP9;hmXUo(|>EcltQ=YxE$YU6M)&38~qGX8;C~fKaC*{ zP(9jF`yzQ=X1Q`*S6q}Q|IBbaXUzc5!c5<6F8ZoKu!O;p;YLnbNy9Qim4_xP=8JL<8RzJFE8)9y;W6q^Lh=E(bE4K zVhKE5TU`5ndATv0T8)YPJ+Jd;K+{Mp-*E$`y*=N}Clirf6e&1XcEr=;1SSxvxE)gz1q0uWunfwYAkKvP z)I5~ZalajMH2TXFXq3nl{n7RQ^)aw6Zb3|cV0uJ*-?@ZijG_C`m2+DV#~^H14)QDlelaDoX-NbAo&q z^dmHAuO-+5=S9IXymp2?6>ZTtFsW7V8ig>xdqtqgmJ zFF0=fcsse3>vB67sQ(4e{LA|H`VwD@F`ffGpM??|-_ka_a*h_EAH3Ah;g_)o6v!*! zUPlICO72GeY1-LGn;W0GrW$KYRBRVAkE~V1#jj$-g;q7!5@RPW@At49zEfAEFeE9~ zm!Tlu>VXC}3F)GEn(FbEmTepv+$QK{Ou8_S2TC+fQZ;!G0 zk7_LbQQ8Sd`hv!Lv>-;dKcYJiiG@S&f!25op$QhbOD=`mToXftlX&ZzT7*QlQh6hd`0IfX=hoN4hfBfC#;)8uN$XhpQrjH2B zfGr1~s|8s5)mb>XMJyebq!o5+JJ4HF2*<%nNugi3sdX4msAjWf=duTACF6ty@FWrx z$N>I7DT3HTCMG7>DJt^v^UtX=k^y_yd&EWuZft5Qui&wEe^Z<=I4a8ZF&Ta6xCLZ0 z>(VS4n%61F+yp@L5Ld#F1>#g8zKvFlaXXR(Wr(8er>oYf3`p)Ze$voDDc~?=^3YHx zp`lW({T{tw>k5Ycx;EQrxH_dvEuD(KN*WW;baz;a)oOY@!X;_0_4(_+ip!#^-3>ks zj78x*aC4KIe{%(&Hsycj^16ST`kho`{*D@q;RS~>w<(W$`;_wB%lZ$Ri?V0?z7&y` z+$#!K$oBdePXup^@0*Y%;~6YR!=Y4msgj|&_z+A{-n>UWmbXEYk17U}IA}l6T(y4_ zF?%%?IUK;FaxVpczff{_ajD?u1?y+HrtAPOTkD~;18cFgJkCB{dasM_e508X<|#mda7y4?}x3CuAA(rBVuOw55;BS-{YdP znVq<_EP2_Y6Qegcxw{KFAc}5?RH5Uj@2S9KlFNVKC00|f->D^)bt!tBL;it`xF$%fd_grRE zAQr=~KYD|qI}Ubm@Rb5XrwZ7AD}j1rVq_geS3pUXAQ1DRRzWy5ilpjD54m)h6jcFo zs8j#jqHcKka?EY8L~fIo2x(pc516x~dVQGOBG)?-d2DWKlHU8{i21}%$89o-Z$mce z>1J=qQ*o29z$g*ka`=LXw#|d3J0`<6cb+5nG&B&B6 z;Ml?zl|v{^FE1`&d*$L0rU?nA0kzreQmUMz2fc(|C47+0o=G-G&j!JQ;4^c4S%qukltA6;Es>L^d6r)y7O>cMr{dE7hf)Eh}0X_aF2ty~1VG z^R~Y8oK8af8jF|#X$(Nmb`9b#_Wro#+I#QV!J{UOmN)jx#k95KPa1g{eCU=>!W~unL%Qrqd__pa56wv&|J+z~oDIvVxr{Dsf#_Oz}?hF$o`4b)W(>q&%NAmebzNp&i+ zd~0aIzl$e+RvXebWe6-JUCZ0pBTk2~s-Fhed!a#G2^_l{V+;wmOlbmrYUudGeAJoA z%I!TGJft(tzMi@b*~|Mm zIa;G+)yks3X)D27v~1K@CIix-y|R0n>(!{LL@bJ!@Pd?=(Sc`~ufHt?ZaBj{@Ht4q$KEOa<=07=qe`Q~} zEl>7YANvA=6VIU&kD=4=u@CRRmR|iilMuhN(_FnIZnpOefK_jEoV_)h5{(Sn@j@F(Jv63s1Zw1P;8D9OT-%svn%bl8V&; zGFNx+pyY;P>^j2!j=eoxKIR1znBsGACIDH$wr=`+GOvm^wj09xs`GB~y*Wlb=$fAq z!MrrzCZRnk?~v`c5fN62+MIs1yzciJbSmZEa0IWGYVC!FK(%i&UQ>LDm$9;B&@h1{ z?^>qTgOvg65QEB*IA&1#6yD$8p9R-hUdu@k;aE?2=(EzG;&V-7Kgpo|zO>Y1YKbn9 z)!(Cru0+ab{&NIxbMfOlKtZM0rb;LD~T2 zhs1Kf|0lXizLcn!V6ne#*EZG9SX=HPkk$tHnv56w5yavN{&i>^`lm$sbHn%4uK!|oW?1Ai}>{v}11 zd5~1H>YQnXe|@?}KJ6E8?<>?{aJ{kO&L<%&dyA5?B z`YU7bcvF0O+TdrRD9T8cvl&p=W&d)#S z(c4^MfhWs(f00ae$o?ac z2nApqxYqy4Fj;Kxy)B*_Oq)4dgkGv`F#jw)RGQ}~T1TGr1KsdAj}4bS(?pxo?EE?q z?{;Mpk>p)3tBBCvCz8vsO&Y83H<#PXaDCD-fpT;@kV^i2cdWsheY^F zXJd_l)RFzZ6Bp-NY9eOsR@AD284%O_72AIBQ&(Zu{KNVoLT63Xqj6&r1h12|S1!v~ znNLH@Q2kQ_TT}Pc^>xSqTzXxHgS%z_%~}bAIw$V--HVf}ia^O_+RmTT?p}T2Q61>R zB&++m2gtZ~rTjn-ye|fqr@f^&^FE zfGCiq{R+E8`|tJBpDOFo0HGwOGtT~z4#{Uj>`!X}{^*Mf|3$F{zDGAUHa0659h^i1 zlY3uwkt9@2wa+NZiKMUo$s7D7|2JZ8fvf7u*tWi`=xQwQkd7>ii-YZ0M zAO=~2ujG_~(jnZ-9r)VtV?)(#_Ba~^k=*{X6zHGHfqq?x9*xG@U90=@Uj?@~<$}F` zD>+>(>?lZW6;2lvrph>3!$V4q#YFai>P-62B~;ok3Dpf}@(r3O(b6)hTqmlJV=|SA++% zt5*I6#HMoh#UBc%E6*oP5dT~g&h0MD&1>l_!s2puqgky(InM*U&M%oX#7GDv&7W)b zHa=f>)d`-&QzpmZh74J0triK?3NW_jHMph^S?!+A7=1oMV+izaAbn-xq;Pziq}h>l-b-OK9(?-T z+ry6|cD?guCQlzWu8J5$#6g)^F|UMxNo97!uwhug@%Hbm%y zles4iT}j*UlpJw{E_cCvVa7(G_zcTA4Lyr4<>`Y~C@RlL=+<4|t1<=I9hBSiLKP*+ zMM>Gm>UCW&e<#X|_8%K%lg8+<6}J;VH*JH!GcC|{PU%aDqej4q zl7=G`xdUdtrFuIH?QD`S1j$@>=hs1n$-fRNSg$CO1Q5vVczf@HVdn%-%abUZOe^N5mk*rFbZI!<#Ura;7q4qr z^&~PZSR9NeQR;If@(l9kM=o6xga=jOgiTYz!aTO0&HT-AlUHv$FM^{j-BgEO0;v@E z8g1si+L6)05cwlPVT|6%>ixIEDi&Z+m+I8+PJRrpsZsgUHp^{8p1xR>93EMw#QbfaZ z4$RbIz!3%&$o2|O>s^)XYS87*<@EF$k0oiJ&4+wV;4NI+)|%-g6fRUaC&rEwew|>s z|CA()5_amwlfz4@7pwSgRh=;ibWgcEciI9HEUCq`CmCPr-OlzL$UPC)phcgQDr2Qo zhZKzo>WRi*=V^Q`fc|8a0kJx&EdnsZK__v zKYZBOzzi4`W_Yv$L~zG_v^IAI3H$)t%wTPGS|_p})i+UOs&5 z>f`M_z@`k;naEkGtQMhJ;W34H7Wj!OaHw%rztt)Yv>l>8v)5?+agme7LpBAa_LLdB?>H^urgysCks zx?D$*h{IVp9DJZs+AxztVXyP?kC-)vxeHm_nm&6q)slq72I5t+?;KNmF;KfYpgtXN z1dtpFefI1bd;2PS>!HQ&E^k-mYOT;>Mqbs8AQ3Lr149T2Y7Cvt1Hlxn%d~-q!Pl## zv^@9gLvU)~IlX|2F@kjcRSei-kN$P>^VHk(Z3Hlhjw4~;te zU-f=B5-v$1lZ_xfUs({R}xyxWyfe^auys=bp3jS0KU5Gw%5lEJ(gtYr$0# za)VjA>ufsuh5WwW(OyH6)|W;agTo6V?CTNTSHKlw2(HEfpe$5F9xx7eD4Y@>%{F+corH{&TS#T51bdet~KhI?op8 zR7m;N{~rMO8(9Aoo&V(`Y>@C-j?NHz}WR23mdoq+PrH@NA_{0FcC6d~IM>Y)&1c4ygv2b2D9<39G;8TsRaE+ylTS`X9MIxnhhViqwl$XI@q{ z=lky6h$XJKkYvZdb$&{~jUO<)nmzcMUuq@j8_fELo#WQXm~EO)^I;>b3BzV*bEU?? zn^=?$H|yhg{M!Jt^@Y_~)#T3RPQez_14YivCEgNkM#3!CKLlT+&8ay~82wIzTM&2p|H-4j)+uN-s8Vr9o+<54C#7m!Kv=9#xkz84ZAU)`p z{FX-@r*cuWNTB}i`-_<&P|&%3c^vc(#ZvsSqE z>N#sg+}x1E(2XmCOTWbl9Y63f`9Q#=Cp$bZE`x6S0W^^{2_3(sq?7C70!SXcYlW$^ zm7ziGaV@00`HYM=62B=aDWOr!5fm0~2a5u9;{E#@B`b^IoN1t()ctW5FBFhivF*OaJmFNrujX85x~v1=H;~ zI=>T!=QpvlHB<#5Ym!p!ut#)B=&S$2%&CzlBNSP1?HlP#ZKkQMOew^zlklcd1wzUF z2-=`&uzBB6KL{q#5Os6FU?Qk*-lUY{fyOz8%VE_1s&Ys^nG>0YPQ{b!EBF=XXlaC^QxMx10Q;o zdE^fbgVVMp7aUiJJ}G7V84m}Q0i}@|DosyE#5dZuaF>a-tt-a9fLMK{pUhI{lVhE*q_b1g!w`!=bz8JzGs4gEqA zc-uVir{!cd0V=h@d}8?51gjdEmTG%@G0T~alpY8h8#L*Nc`J;9f&oKE@m&c*Ng<2m grceyV;r1A0TM{z_Td-Z=Y&^v^6-`+7Rdc`p2m0zXk^lez literal 0 HcmV?d00001 diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index 820cf5dfd6..a3df920a18 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -1530,6 +1530,10 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware [Defender CSP](defender-csp.md)

    Added new node (OfflineScan) in Windows 10, next major update.

    + +[Uefi CSP](uefi-csp.md) +

    Added a new CSP in Windows 10, next major update.

    + diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 715c403580..07dec60956 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -376,30 +376,6 @@ The following diagram shows the Policy configuration service provider in tree fo
    Bitlocker/EncryptionMethod
    -
    - BitLocker/EncryptionMethodByDriveType in BitLocker CSP -
    -
    - BitLocker/FixedDrivesRecoveryOptions in BitLocker CSP -
    -
    - BitLocker/FixedDrivesRequireEncryption in BitLocker CSP -
    -
    - BitLocker/RemovableDrivesRequireEncryption in BitLocker CSP -
    -
    - BitLocker/SystemDrivesMinimumPINLength in BitLocker CSP -
    -
    - BitLocker/SystemDrivesRecoveryMessage in BitLocker CSP -
    -
    - BitLocker/SystemDrivesRecoveryOptions in BitLocker CSP -
    -
    - BitLocker/SystemDrivesRequireStartupAuthentication in BitLocker CSP -
    ### Bluetooth policies @@ -2822,6 +2798,7 @@ The following diagram shows the Policy configuration service provider in tree fo
    SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode +
    ### TaskScheduler policies diff --git a/windows/client-management/mdm/uefi-csp.md b/windows/client-management/mdm/uefi-csp.md new file mode 100644 index 0000000000..1b5c7e6231 --- /dev/null +++ b/windows/client-management/mdm/uefi-csp.md @@ -0,0 +1,87 @@ +--- +title: UEFI CSP +description: The Uefi CSP interfaces to UEFI's Device Firmware Configuration Interface (DFCI) to make BIOS configuration changes. +ms.author: maricia +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: nickbrower +ms.date: 02/01/2018 +--- + +# UEFI CSP + + +> [!WARNING] +> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + +The UEFI configuration service provider (CSP) interfaces to UEFI's Device Firmware Configuration Interface (DFCI) to make BIOS configuration changes. This CSP was added in Windows 10, next major update. + +The following diagram shows the UWF CSP in tree format. + +![Uefi CSP diagram](images/provisioning-csp-uefi.png) + +The following list describes the characteristics and parameters. + +**./Vendor/MSFT/Uefi** +Root node. + +**UefiDeviceIdentifier** +Retrieves XML from UEFI which describes the device identifier. + +Supported operation is Get. + +**IdentityInfo** +Node for provisioned signers operations. + + +**IdentityInfo/Current** +Retrieves XML from UEFI which describes the current UEFI identity information. + +Supported operation is Get. + +**IdentityInfo/Apply** +Apply an identity information package to UEFI. Input is the signed package in base64 encoded format. + +Supported operation is Replace. + +**IdentityInfo/ApplyResult** +Retrieves XML describing the results of previous ApplyIdentityInfo operation. + +Supported operation is Get. + +**AuthInfo** +Node for permission information operations. + +**AuthInfo/Current** +Retrieves XML from UEFI which describes the current UEFI permission/authentication information. + +Supported operation is Get. + +**AuthInfo/Apply** +Apply a permission/authentication information package to UEFI. Input is the signed package in base64 encoded format. + +Supported operation is Replace. + +**AuthInfo/ApplyResult** +Retrieves XML describing the results of previous ApplyAuthInfo operation. + +Supported operation is Get. + +**Config** +Node for device configuration + +**Config/Current** +Retrieves XML from UEFI which describes the current UEFI configuration. + +Supported operation is Get. + +**Config/Apply** +Apply a configuration package to UEFI. Input is the signed package in base64 encoded format. + +Supported operation is Replace. + +**Config/ApplyResult** +Retrieves XML describing the results of previous ApplyConfig operation. + +Supported operation is Get. diff --git a/windows/client-management/mdm/uefi-ddf.md b/windows/client-management/mdm/uefi-ddf.md new file mode 100644 index 0000000000..59d9673ff1 --- /dev/null +++ b/windows/client-management/mdm/uefi-ddf.md @@ -0,0 +1,330 @@ +--- +title: Uefi DDF file +description: Uefi DDF file +ms.author: maricia +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: nickbrower +ms.date: 02/01/2018 +--- + +# TPMPolicy DDF file + + +> [!WARNING] +> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + + +This topic shows the OMA DM device description framework (DDF) for the **Uefi** configuration service provider. + +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). + +The XML below is the current version for this CSP. + +``` syntax + +]> + + 1.2 + + Uefi + ./Vendor/MSFT + + + + + + + + + + + + + + + com.microsoft/1.0/MDM/Uefi + + + + UefiDeviceIdentifier + + + + + Retrieves XML from UEFI which describes the device identifier. + + + + + + + + + + + + + + text/plain + + + + + IdentityInfo + + + + + Provisioned signers + + + + + + + + + + + + + + + Current + + + + + Retrieves XML from UEFI which describes the current UEFI identity information + + + + + + + + + + + text/plain + + + + + Apply + + + + + Apply an identity information package to UEFI. Input is the signed package in base64 encoded format. + + + + + + + + + + + + + + + + ApplyResult + + + + + Retrieves XML describing the results of previous ApplyIdentityInfo operation. + + + + + + + + + + + text/plain + + + + + + AuthInfo + + + + + Permission Information + + + + + + + + + + + + + + + Current + + + + + Retrieves XML from UEFI which describes the current UEFI permission/authentication information. + + + + + + + + + + + text/plain + + + + + Apply + + + + + Apply a permission/authentication information package to UEFI. Input is the signed package in base64 encoded format. + + + + + + + + + + + + + + + + ApplyResult + + + + + Retrieves XML describing the results of previous ApplyAuthInfo operation. + + + + + + + + + + + text/plain + + + + + + Config + + + + + Device Configuration + + + + + + + + + + + + + + + Current + + + + + Retrieves XML from UEFI which describes the current UEFI configuration. + + + + + + + + + + + text/plain + + + + + Apply + + + + + Apply a configuration package to UEFI. Input is the signed package in base64 encoded format. + + + + + + + + + + + + + + + + ApplyResult + + + + + Retrieves XML describing the results of previous ApplyConfig operation. + + + + + + + + + + + text/plain + + + + + + +``` \ No newline at end of file From f4e2c1925790b4222aa3fa8f97ba528e9825ea36 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Mon, 5 Feb 2018 14:53:08 -0800 Subject: [PATCH 098/109] added enterprise edition --- ...windows-operating-system-components-to-microsoft-services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 9826f1672e..e56adaf302 100644 --- a/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1445,7 +1445,7 @@ To change the level of diagnostic and usage data sent when you **Send your devic - Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DataCollection\\AllowTelemetry**, with a value of 0-3, as appropriate for your deployment (see below for the values for each level). > [!NOTE] -> If the **Security** option is configured by using Group Policy or the Registry, the value will not be reflected in the UI. +> If the **Security** option is configured by using Group Policy or the Registry, the value will not be reflected in the UI. The **Security** option is only availble in Windows 10 Enterrpsie edition. -or- From f939495173dafa0e423abda0a7e1ee7ddf2da396 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Mon, 5 Feb 2018 14:55:50 -0800 Subject: [PATCH 099/109] added enterprise edition --- ...windows-operating-system-components-to-microsoft-services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index e56adaf302..649b0054e6 100644 --- a/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1445,7 +1445,7 @@ To change the level of diagnostic and usage data sent when you **Send your devic - Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DataCollection\\AllowTelemetry**, with a value of 0-3, as appropriate for your deployment (see below for the values for each level). > [!NOTE] -> If the **Security** option is configured by using Group Policy or the Registry, the value will not be reflected in the UI. The **Security** option is only availble in Windows 10 Enterrpsie edition. +> If the **Security** option is configured by using Group Policy or the Registry, the value will not be reflected in the UI. The **Security** option is only availble in Windows 10 Enterprise edition. -or- From d80aedbdf6016a2ec7cb94772b19d671a53a0205 Mon Sep 17 00:00:00 2001 From: Maricia Alforque Date: Mon, 5 Feb 2018 22:59:36 +0000 Subject: [PATCH 100/109] Merged PR 5709: DMClient CSP - added new nodes --- windows/client-management/mdm/TOC.md | 4 +- windows/client-management/mdm/dmclient-csp.md | 40 +- .../mdm/dmclient-ddf-file.md | 516 +++++++++++++++++- .../images/provisioning-csp-dmclient-th2.png | Bin 86756 -> 97563 bytes ...ew-in-windows-mdm-enrollment-management.md | 20 +- windows/client-management/mdm/uefi-csp.md | 2 +- windows/client-management/mdm/uefi-ddf.md | 6 +- 7 files changed, 572 insertions(+), 16 deletions(-) diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index 83ddf2f2b7..1ac5a9f388 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -281,8 +281,8 @@ #### [SurfaceHub DDF file](surfacehub-ddf-file.md) ### [TPMPolicy CSP](tpmpolicy-csp.md) #### [TPMPolicy DDF file](tpmpolicy-ddf-file.md) -### [Uefi CSP](uefi-csp.md) -#### [Uefi DDF file](uefi-ddf.md) +### [UEFI CSP](uefi-csp.md) +#### [UEFI DDF file](uefi-ddf.md) ### [UnifiedWriteFilter CSP](unifiedwritefilter-csp.md) #### [UnifiedWriteFilter DDF file](unifiedwritefilter-ddf.md) ### [Update CSP](update-csp.md) diff --git a/windows/client-management/mdm/dmclient-csp.md b/windows/client-management/mdm/dmclient-csp.md index c48d6ddd3b..e69e71e093 100644 --- a/windows/client-management/mdm/dmclient-csp.md +++ b/windows/client-management/mdm/dmclient-csp.md @@ -13,6 +13,9 @@ ms.date: 11/01/2017 # DMClient CSP +> [!WARNING] +> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + The DMClient configuration service provider is used to specify additional enterprise-specific mobile device management configuration settings for identifying the device in the enterprise domain, security mitigation for certificate renewal, and server-triggered enterprise unenrollment. The following diagram shows the DMClient configuration service provider in tree format. @@ -257,6 +260,11 @@ Optional. Number of days after last sucessful sync to unenroll. Supported operations are Add, Delete, Get, and Replace. Value type is integer. +**Provider/*ProviderID*/AADSendDeviceToken** +Device. Added in Windows 10 next major update. For AZure AD backed enrollments, this will cause the client to send a Device Token if the User Token can not be obtained. + +Supported operations are Add, Delete, Get, and Replace. Value type is bool. + **Provider/*ProviderID*/Poll** Optional. Polling schedules must utilize the DMClient CSP. The Registry paths previously associated with polling using the Registry CSP are now deprecated. @@ -690,19 +698,45 @@ Required. Added in Windows 10, version 1709. This node determines how long we wi Supported operations are Get and Replace. Value type is integer. **Provider/*ProviderID*/FirstSyncStatus/ServerHasFinishedProvisioning** -Required. Added in Windows 10, version 1709. This node is set by the server to inform the UX that the server has finished provisioning the device. This was added so that the server can “change its mind" about what it needs to provision on the device. When this node is set, many other DM Client nodes will no longer be able to be changed. If this node is not True, the UX will consider the provisioning a failure. Once set to true, it would reject attempts to change it back to false with CFGMGR_E_COMMANDNOTALLOWED. +Required. Added in Windows 10, version 1709. This node is set by the server to inform the UX that the server has finished provisioning the device. This was added so that the server can “change its mind" about what it needs to provision on the device. When this node is set, many other DM Client nodes will no longer be able to be changed. If this node is not True, the UX will consider the provisioning a failure. Once set to true, it would reject attempts to change it back to false with CFGMGR_E_COMMANDNOTALLOWED. This node applies to the per user expected policies and resources lists. Supported operations are Get and Replace. Value type is boolean. -**Provider/*ProviderID*/FirstSyncStatus/IsSyncDone**Required. Added in Windows 10, version 1709. This node, when doing a get, tells the server if the “First Syncs" are done and the device is fully provisioned. When doing a Set, this triggers the UX to override whatever state it is in and tell the user that the device is provisioned. It cannot be set from True to False (it will not change its mind on whether or not the sync is done), and it cannot be set from True to True (to prevent notifications from firing multiple times). +**Provider/*ProviderID*/FirstSyncStatus/IsSyncDone** +Required. Added in Windows 10, version 1709. This node, when doing a get, tells the server if the “First Syncs" are done and the device is fully provisioned. When doing a Set, this triggers the UX to override whatever state it is in and tell the user that the device is provisioned. It cannot be set from True to False (it will not change its mind on whether or not the sync is done), and it cannot be set from True to True (to prevent notifications from firing multiple times). This node only applies to the user MDM status page (on a per user basis). Supported operations are Get and Replace. Value type is boolean. **Provider/*ProviderID*/FirstSyncStatus/WasDeviceSuccessfullyProvisioned** -Required. Added in Windows 10, version 1709. Integer node determining if a device was successfully provisioned. 0 is failure, 1 is success, 2 is in progress. Once the value is changed to 0 or 1, the value cannot be changed again. The client will change the value of success or failure and update the node. The server can, however, force a failure or success message to appear on the device by setting this value and then setting the IsSyncDone node to true. +Required. Added in Windows 10, version 1709. Integer node determining if a device was successfully provisioned. 0 is failure, 1 is success, 2 is in progress. Once the value is changed to 0 or 1, the value cannot be changed again. The client will change the value of success or failure and update the node. The server can, however, force a failure or success message to appear on the device by setting this value and then setting the IsSyncDone node to true. This node only applies to the user MDM status page (on a per user basis). Supported operations are Get and Replace. Value type is integer. +**Provider/*ProviderID*/FirstSyncStatus/BlockInStatusPage** +Required. Device Only. Added in Windows 10, next major update. This node determines whether or not the MDM progress page is blocking in the Azure AD joined or DJ++ case, as well as which remediation options are available. + +Supported operations are Get and Replace. Value type is integer. + +**Provider/*ProviderID*/FirstSyncStatus/AllowCollectLogsButton** +Required. Added in Windows 10, next major update. This node decides whether or not the MDM progress page displays the Collect Logs button. + +Supported operations are Get and Replace. Value type is bool. + +**Provider/*ProviderID*/FirstSyncStatus/CustomErrorText** +Required. Added in Windows 10, next major update. This node allows the MDM to set custom error text, detailing what the user needs to do in case of error. + +Supported operations are Add, Get, Delete, and Replace. Value type is string. + +**Provider/*ProviderID*/FirstSyncStatus/SkipDeviceStatusPage** +Required. Device only. Added in Windows 10, next major update. This node decides wheter or not the MDM device progress page skips after Azure AD joined or Hybrid Azure AD joined in OOBE. + +Supported operations are Get and Replace. Value type is bool. + +**Provider/*ProviderID*/FirstSyncStatus/SkipUserStatusPage** +Required. Device only. Added in Windows 10, next major update. This node decides wheter or not the MDM user progress page skips after Azure AD joined or DJ++ after user login. + +Supported operations are Get and Replace. Value type is bool. + **Provider/*ProviderID*/EnhancedAppLayerSecurity** Required node. Added in Windows 10, version 1709. diff --git a/windows/client-management/mdm/dmclient-ddf-file.md b/windows/client-management/mdm/dmclient-ddf-file.md index 22082b40c3..51a46a8897 100644 --- a/windows/client-management/mdm/dmclient-ddf-file.md +++ b/windows/client-management/mdm/dmclient-ddf-file.md @@ -13,11 +13,14 @@ ms.date: 12/05/2017 # DMClient DDF file +> [!WARNING] +> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + This topic shows the OMA DM device description framework (DDF) for the **DMClient** configuration service provider. DDF files are used only with OMA DM provisioning XML. Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). -The XML below is for Windows 10, version 1907. +The XML below is for Windows 10, next major update. ``` syntax @@ -28,7 +31,355 @@ The XML below is for Windows 10, version 1907. 1.2 DMClient - ./Vendor/MSFT + ./User/Vendor/MSFT + + + + + + + + + + + + + + + com.microsoft/1.5/MDM/DMClient + + + + Provider + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + text/plain + + + + FirstSyncStatus + + + + + + + + + + + + + + + + + + + + + ExpectedPolicies + + + + + + + + This node contains a list of LocURIs that refer to Policies the ISV expects to provision, delimited by the character L"\xF000" (the CSP_LIST_DELIMITER). This is per user. + + + + + + + + + + + text/plain + + + + + ExpectedNetworkProfiles + + + + + + + + This node contains a list of LocURIs that refer to Wi-Fi profiles and VPN profiles the ISV expects to provision, delimited by the character L"\xF000". This is per user. + + + + + + + + + + + text/plain + + + + + ExpectedMSIAppPackages + + + + + + + + This node contains a list of LocURIs that refer to App Packages the ISV expects to provision via EnterpriseDesktopAppManagement CSP, delimited by the character L"\xF000". The LocURI will be followed by a semicolon and a number, representing the amount of apps included in the App Package. We will not verify that number. E.G. ./User/Vendor/MSFT/EnterpriseDesktopAppManagement/MSI/ProductID1/Status;4"\xF000" ./User/Vendor/MSFT/EnterpriseDesktopAppManagement/MSI/ProductID2/Status;2 Which will represent that App Package ProductID1 contains 4 apps, whereas ProductID2 contains 2 apps. This is per user. + + + + + + + + + + + text/plain + + + + + ExpectedModernAppPackages + + + + + + + + This node contains a list of LocURIs that refer to App Packages the ISV expects to provision via EnterpriseModernAppManagement CSP, delimited by the character L"\xF000". The LocURI will be followed by a semicolon and a number, representing the amount of apps included in the App Package. We will not verify that number. E.G. ./Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/PackageFamilyName/PackageFullName/Name;4"\xF000" ./Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/PackageFamilyName/PackageFullName2/Name;2 Which will represent that App Package PackageFullName contains 4 apps, whereas PackageFullName2 contains 2 apps. This is per user. + + + + + + + + + + + text/plain + + + + + ExpectedPFXCerts + + + + + + + + This node contains a list of LocURIs that refer to certs the ISV expects to provision via ClientCertificateInstall CSP, delimited by the character L"\xF000" (the CSP_LIST_DELIMITER). This is per user. + + + + + + + + + + + text/plain + + + + + ExpectedSCEPCerts + + + + + + + + This node contains a list of LocURIs that refer to SCEP certs the ISV expects to provision via ClientCertificateInstall CSP, delimited by the character L"\xF000" (the CSP_LIST_DELIMITER). This is per user. + + + + + + + + + + + text/plain + + + + + ServerHasFinishedProvisioning + + + + + + This node is set by the server to inform the UX that the server has finished provisioning the device. This was added so that the server can “change its mind" about what it needs to provision on the device. When this node is set, many other DM Client nodes will no longer be able to be changed. If this node is not True, the UX will consider the provisioning a failure. Once set to true, it would reject attempts to change it back to false with CFGMGR_E_COMMANDNOTALLOWED. This node applies to the per user expected policies and resources lists. + + + + + + + + + + + text/plain + + + + + IsSyncDone + + + + + + This node, when doing a get, tells the server if the “First Syncs" are done and the device is fully provisioned. When doing a Set, this triggers the UX to override whatever state it is in and tell the user that the device is provisioned. It cannot be set from True to False (it will not change its mind on whether or not the sync is done), and it cannot be set from True to True (to prevent notifications from firing multiple times). This node only applies to the user MDM status page (on a per user basis). + + + + + + + + + + + text/plain + + + + + WasDeviceSuccessfullyProvisioned + + + + + + Integer node determining if a Device was Successfully provisioned. 0 is failure, 1 is success, 2 is in progress. Once the value is changed to 0 or 1, the value cannot be changed again. The client will change the value of success or failure and update the node. The server can, however, force a failure or success message to appear on the device by setting this value and then setting the IsSyncDone node to true. This node only applies to the user MDM status page (on a per user basis). + + + + + + + + + + + text/plain + + + + + AllowCollectLogsButton + + + + + + false + This node decides whether or not the MDM progress page displays the Collect Logs button. This node only applies to the user MDM status page (on a per user basis). + + + + + + + + + + + + + + text/plain + + + + + CustomErrorText + + + + + + + + This node allows the MDM to set custom error text, detailing what the user needs to do in case of error. This node only applies to the user MDM status page (on a per user basis). + + + + + + + + + + + + + + text/plain + + + + + + + + + DMClient + ./Device/Vendor/MSFT @@ -622,6 +973,30 @@ The XML below is for Windows 10, version 1907. + + AADSendDeviceToken + + + + + + + + Send the device AAD token, if the user one can't be returned + + + + + + + + + + + text/plain + + + Push @@ -1221,7 +1596,7 @@ The XML below is for Windows 10, version 1907. - This node is set by the server to inform the UX that the server has finished provisioning the device. This was added so that the server can “change its mind" about what it needs to provision on the device. When this node is set, many other DM Client nodes will no longer be able to be changed. If this node is not True, the UX will consider the provisioning a failure. Once set to true, it would reject attempts to change it back to false with CFGMGR_E_COMMANDNOTALLOWED. + This node is set by the server to inform the UX that the server has finished provisioning the device. This was added so that the server can “change its mind" about what it needs to provision on the device. When this node is set, many other DM Client nodes will no longer be able to be changed. If this node is not True, the UX will consider the provisioning a failure. Once set to true, it would reject attempts to change it back to false with CFGMGR_E_COMMANDNOTALLOWED. This node applies to the per user expected policies and resources lists. @@ -1243,7 +1618,7 @@ The XML below is for Windows 10, version 1907. - This node, when doing a get, tells the server if the “First Syncs" are done and the device is fully provisioned. When doing a Set, this triggers the UX to override whatever state it is in and tell the user that the device is provisioned. It cannot be set from True to False (it will not change its mind on whether or not the sync is done), and it cannot be set from True to True (to prevent notifications from firing multiple times). + This node, when doing a get, tells the server if the “First Syncs" are done and the device is fully provisioned. When doing a Set, this triggers the UX to override whatever state it is in and tell the user that the device is provisioned. It cannot be set from True to False (it will not change its mind on whether or not the sync is done), and it cannot be set from True to True (to prevent notifications from firing multiple times). This node only applies to the user MDM status page (on a per user basis). @@ -1265,7 +1640,7 @@ The XML below is for Windows 10, version 1907. - Integer node determining if a Device was Successfully provisioned. 0 is failure, 1 is success, 2 is in progress. Once the value is changed to 0 or 1, the value cannot be changed again. The client will change the value of success or failure and update the node. The server can, however, force a failure or success message to appear on the device by setting this value and then setting the IsSyncDone node to true. + Integer node determining if a Device was Successfully provisioned. 0 is failure, 1 is success, 2 is in progress. Once the value is changed to 0 or 1, the value cannot be changed again. The client will change the value of success or failure and update the node. The server can, however, force a failure or success message to appear on the device by setting this value and then setting the IsSyncDone node to true. This node only applies to the user MDM status page (on a per user basis). @@ -1280,6 +1655,137 @@ The XML below is for Windows 10, version 1907. + + BlockInStatusPage + + + + + + 0 + Device Only. This node determines whether or not the MDM progress page is blocking in the AADJ or DJ++ case, as well as which remediation options are available. + + + + + + + + + + + + + + text/plain + + + + + AllowCollectLogsButton + + + + + + false + This node decides whether or not the MDM progress page displays the Collect Logs button. This node only applies to the device MDM status page. + + + + + + + + + + + + + + text/plain + + + + + CustomErrorText + + + + + + + + This node allows the MDM to set custom error text, detailing what the user needs to do in case of error. This node only applies to the user MDM status page (on a per user basis). + + + + + + + + + + + + + + text/plain + + + + + SkipDeviceStatusPage + + + + + + true + Device only. This node decides wheter or not the MDM device progress page skips after AADJ or Hybrid AADJ in OOBE. + + + + + + + + + + + + + + text/plain + + + + + SkipUserStatusPage + + + + + + false + Device only. This node decides wheter or not the MDM user progress page skips after AADJ or DJ++ after user login. + + + + + + + + + + + + + + text/plain + + + EnhancedAppLayerSecurity diff --git a/windows/client-management/mdm/images/provisioning-csp-dmclient-th2.png b/windows/client-management/mdm/images/provisioning-csp-dmclient-th2.png index 88398bc1c59a57def5ce1263fdb5c512d9e17890..486779f0382c7a657cb2f1654c88f19c5f6de399 100644 GIT binary patch literal 97563 zcmc$GcU)83wl4O9f*lnB1ySiL(gUdU-a7=8DlO6p)rLru4k8eg-h=cKiZrE0dJjb) zw9o>f!<#`-_q*qux6gg&-S@}-Wy@-F%{j(5#`wN5mzTV(*vaFUkCTv)oRkn3RwN-g zAVWfO{Or;F;4j9mtZd+CpN*o}Lz2wqE0f?K2aO-dJRl+Yk=U@aY5SMGn(5*D$TWm!fj?=pO$?t$Y?%e&{6C*Vfj0jM*@f`WRDu2*guRw0k(YFPCOyus9zgo=pgS zgJr1FDz+V78j+GK+gzplLLIfPJwKCU@{L*xA5{Z7&B8typ7PZjnF;~8% zuE%0vtdQwKSnkR%D8MZf=k_97D7JKs(CY5IkoG)1U|=*2y)zksNA?%nH9#MO6Q139 z%s;0#O|v;4>VEv5$Bcmg75Aaa#i9|~1K_CdSsc8tuMf$x?UGw={)yY&;kNsAlNrvE zsK+Om%){dZcfO>lb@?=$1n1u7%-wy|U<~)UZV8*W>EyGS=!u zoG88XhWUw+p-e%;GMZ{Yp5;b^PksxTLyH|*GiILBr=3+KkWFysrZGCY$ObEGRYRP_ z+A976*q}fOH%)R~RwFZcrxEt}d3H+7N68@jP#rk5s8X{1g`!h5C0FOGsEDx8mquC< zQMkeMj3zN11i!1JjZGWWn)s@pp87A68(w=JeosvBSdP>6fv@pZ1qmg$=vCE|yIXoF z^XxF(PQteA zT34vo+}bWhT53bvUzqf|=A~kyGMh5R(LP~!$#EBau4T(wcucdmZhDJ$e1_eVN|n&c zspFurTU*4tXFs*X>$8A(Y=2|>Fn=i$uC9OFE?df<7; zy?7(ek>LoJwyCukZ#W^*!ER@YV)gRtLZNK`w>c6ip(-!Vhm~~j=3yepK4K##L_hjF z6$X~mezwK&&*jyqt-@}ATUKyiT82Y~Gon}+CQ}fvo;<;yNC}D0#U2tU5JHnuGM&${ zOFbmaFZYGHj62*Y*lZ3Cykd>1fM^=BqMKVN`6B5V8*X~_ktf=#5VWCx47Nk{mU82g zE|T{;zZ_(9x*AXIGP~_zV~nFG`q)L%mCg08^6g=!!Q&`lVM_ntYY7}3XG<7sy-_=& zUKYMQ^1XOp&z^OHm7bM&L5ZSf#*FZ3bQ)4V^&RFyLOgcTqCm5h(Jac^ksp{snf)fI zR5)w56d7?u7iRD5T&!h!9{%PiT1p_6J?Px#5mnp9?!^QP28)vj>{7FBXCGpJFK?(! zCxk8kph+%7e(%vxXHk~g{7DNRH)oBlhBes?zYT61c2N*NC z!GkIszadr@zR;9s-=^r6VA-}QlxTdFIe&z0r|L+#CJQSU@tp2&h@{n;4W_~Ep19{9 z0tT?ix2{GDl@Rx~3*d0A|1zWopiJD>k>I*4$ZG!wt|s+oB(VAF3x{T<4&9iv1b0`rx>-3gES4>U8D?pT zDRb?E3WFDTwnaAyKij}mUYH4)D=)Y1m?c{8{Sy#!@N-pep7@f_AfNHzhh*^}nt1T* z+5i6spDd!LyO79?44v&7Es8L-jO^RZnb<{?7($nzdiQJ)tEPze_;0y9F@g23=>D|Qh=4;OS9i`lPnt)#B&t^4q1YYzw}-BKsOaBqvI zW4Dll=7=cw8{f`lZ)_G&l&=%`U>7JZfunj+Cg>8o>COmzQqqDQE^zttz;eU~t5)lg zM*mEm5>;(WaMH6+ANl9%H|Dn6`Uel$w@T!Co-`QuZ};yMwjc(8L2lmf1>J@6;vS_FwF6=$*-U)!L3E#Qaz;~goz8i=Z8CoL9LPoU zesw&*9M|ClPE|7dG5BX*K63vh;@~#><2Hpf#E0m05@zL!6V7qlEF~|p8=9-c)WAE2 zzj|Zg)*;erZk;O8%4JrIY-~FtEY5Yifu@pwu56`QFly5jTueVAXCuZ{FXmLEuoc#+ z#+%^k7U%Y^0A<4W_3QfMK1g2<%yFRV;XonE1VK7g_{BRL5ADII#q6|s;PJme7~|qR z30CGfDn3mZA}1cn&)A5za7NtZTlIn?R`#p4Gq}j!N@NSqv$K!#@Hq5qAi$>htv8?F zmn@cSj4?$RpGbGKOUr9q8Z5$kM0eQMSS~=2=DJbg~^l5 zg;!Rk#&s4mp6^?8*3!{Md2-y*U+KYLxUfdP3+3uX*hMzXdTm|#iTL=m_AQBmko`B` zUJlkm_BX7c;yvr^OQKy?3t|u}LpCdHQG8}>JmAh1>V?J@IJH6dNy_KpwxJalZ>4h zZI|$%Fr(@;#foouTi=QzMI*gNyeWSMngb49&gY_iLnR!MyZGeil)Ttpx!tU*z1m0P z&MAMk^-+ifQw-}bh%HFkNikTIvvGGA+j97wk1!CYe`k9Vx@F-jfNenU)B%%SV@oBz z%<3nE!v+DDLjm1L(~mg@a-SQzPJ}iaW8LoFUPjit#B;bmA(9Hgm^Y`9+XJLAq(pcn z7jP&KLM{7oIJ@o|jno+2TdTk_T9eqH8rCQWMSR zAh6nzY8`S@*UjZ|3~pAv$94sX_$g{zrLGHD1Fx>m@75I5bYaH=?O829y@Z$c& zcUn3QAxG2k9|xKJH>P=1=?bc5t>onz-2=KwmCFJLzHd4HyufS`MK}GjWSYH+rK)Yf zPa7@phFR|ym|-J|;wYyKWWp%S#2kWN=5UGbe5#+IvC=<8j8}vM5Ev~4X{a#`f0P$7 z_F3u*c#5+B~3VdP{zSEzPfkEVpa7Ve- z(pO1Ah@4=fR%A4ucgAKZs2#1=@OW{JmROQ(>_Zgjqm@?d=&!6V1i@>^8^o3^tt{+C zFkhSE=$w;HLRhj3&C;)bc&AgIa9%R$awy@DUy4^4#aYs~&9^WC>q4;&ZJ{Er9ka!G z@0iLUJvoKki7$7A7=krBdS@P6(V9`FzC=kT=&uQyDBSE-Ki}1&hOxDwu!Oh%FsCnRP)3v^gQ{f{4mJa?d1`BVDLrN5f%(*O% zB^(LqE5nN1T)dD@>ABR!R6tHP=36&b$Ig;((X_7pX}E4Ibh@RFH{qKjIfqt8>c#13 zaRp)N;SL4d_&LQI+%@OPAhkMOp+)&`EE5{d(@lyudM}dhE@ff|-pFmep@C-GG8~TA z-NyPDgFw;j=N)M~;aaN$rREDEh3Hgbp=o%o|}hmswSMl zAG^a@1hG2wf<4HF-t%U-+73hVgoq@QX#pdAax}oyJL|1PwxiWoomxk$=+{j0RL8^K zzgKg>Qx$M4!+eS9%EbA$DR}hg=bM8N0$%^KpM0X_#n_saGw@)tbBw4jOneN%OOTc? z@yXhDIUH#muMiXww-^+?wjWZ(KfNA)GxPpa(UWQ)E+e#|TS9ZFaK|Cs{fpx@2TJ2wOfbgSz1m>W z3E2DxwfPOW%$!A&U%nHS5jCceFZsfu0yDBu@USXE410u-Q3)z=S^$CNkz!)}(kOb_ zAESD{ejpcHae8m`o} zGBm2In<3gn)6!@Eq2+V-j`t~sF5TYOxRl49U85=Q+wrJX;hGl~o)rqQq-XtjA3lg} zz~4*AZ=Y}Nc%2ju99O4@?1Z_|YO1-d6*>mh@%~!Ac*jMCS^w-i6iw36t0yL^$!o$i zV+zz=F7*lS+2lOx5hC1oj=m>hF_iXWT42hFAE*O?uuR;lH#cYcOXf=T_plS< zp;*fDOu!0cs2h_lSW{a>D$4b7pJ-t<*y!8b= ziaZ5?mjpt7S0qvo$Ytv$mOxb2d<)dv5q^ZEu_OCyPh^M^XqLY2O?rSO% zNAUmdgXk$K=*$)pnKJSa$|9p^JkRXRWekECU8@6{Z*59M#ZOv<+HKu043VT$`R;XJ z*2LBeXBy}9Ou81Kj_3AUOt0q8k+z()7oUNo-;BULzQ0hO_&GO3OiQIxtiJYw@%8Bq zv(xw@__@c7M2qE z_3)Q=&dNcl`^J=GU-jC))Kr$ukk6+$QXg$C+vIg%gc&n!$lP4l+McV7~c ztfV2hBc?q*8ryO2p_zB!nF58Ye2HX-aBqn>OFyE_e`f2v$ne=%hfLh$Y<8hi-)pD3>s1j2<&hpuWvR*3HDK_(EBomd}NdvT#n19rjy^_)(GHKi&$I^GZK@%B-& zaFzKbQ*=s@XX=61*`*(qz0`dN>53(#6x62VT1J*(Dn%EQj;SW|X_&qrlN+D&vhp@< zJ+o6-sp5}L)>;6dQhE>_DUaT0Y>QMo()R^n@7dXG)^=R0Ii|Jm0o8ZoZ0ym%1YYJo ziQaAg6Yt1E#vg&q$(a^E~pq;HKFnjZ`qcgXjh? zCjSASv3$iLbQfShX4N zl}azQ3L?l=C|BW8TW*N1QTW(w3d@=|r(>3y9g~AyRPm(WeBh&Nrn5cJsq;^jGPTyKlClWFWb`+0Y@x2EVmmrA(!9i8`WdcV+Z~4Z5Ih(M_eg--tK=#hB|bhOecfeL z^@P=F{pF3p_l*+hG*KKj7)85xGO!hc_|XaYI89XYPQw|#n$424vDyoB8ml2Y9lUVn zJFj*ss7NY8USfygN@pR+(V94(z=OGZ7X{B@D;q;J6 z!61Yh)w#-~WA;*)efE)5oO?#RI@omuHNP)>PKLhOw|&@|hEL%NgXiQm`ot!O6cefe z$Dvo0mriFNFOTv}vGDg8cwA-R4sI;Fd*kdKG(MM%r>T|Nz#ekVIzt484ynH5d7Bye z_LBC@J9~|L>DNw;?H?V*NME+fde?M{?H~zB+kssixiM5~F(hQ9lzS<}^n8gO)>~Y& zgJEWtuzaxNxs!^-VzNU;Vbsh8#LEZdPu>Cexe-(5jM=P&CpZ}}F1AK=sbNlP8}tj$ zG>a=e`xKXKa|zz6o{`GyF)&bu_`rKAV@muAhuJw?U6IRs?0%AGUP)buB>B`MO4Y<_ zTF$aO%k5@=L;gDpe^IH{Bg@IDO5FpvISk%5t)N=3DMbks{@|I2GH2?FYfmh9q8P-u;!z{V(1OwEjJ0v5Y`tqC?`2Nv0g3fL_or)u0BU1m2OR@w>9 zxeW!?qZ%@kW@}CG@Qb?x8d2qZ?*z}>n^oHG^U-zPh~~oO9R}~WK&(z}u+2R+?9N+e zaIwxK4o6tca%>)XQjHDG_z_t#%?$%Mq8@M_y9^$Y5%vv)I%5FKsvG6bIv>;=$B#Uh z9TA%MRvBgrncHA<)dv&{!JA09U!2UtmX@z$xO6uoE2Mb+mrz1zpnn{0@abroWq*WN z`MPifko-AnM17)G9LW!xZ1n)l;lm;N=$pfEQ+*5jg^AZIce@}7fUC+#n;hnP+uS`I zS_?PCdh;f>OAf&U-+T3}T-SBmmb=j0)W<}m#`O)>A#ynLHQvg$z zl!1-7(52*m#(nD{&N3YhJ9_$@;qv{3#|~FrS~j*IfeUbqgF7d_LDy9exwn#twYlr) zx#e>6zFxd}oa<-Cowpg@Zj#uJg?iOFW32y##hUiFWCXt{??f%Qo{7|k#(ncs=?HlI zZBZ~-@0IPbfw}E;)<^M?n_FH&u(DDEBnNQY?U)6_k-xn?qyn zg`2bVyNnf)S76?;!FLJjzN4xV^bd3`+uV#naqsj4y>TX#NDjO1N2jd<{Q#}2?YO?= zkX0Hz1{8_$`IH@NLVpAxzWdCGa_`0w1jXX8=X5=xnHl8-xL?3&-+B^EQ@%b54E}Uu@C&<51HbBHQ@t0Vcvyohu z3}`;vC7s_7`#;=eVaG-bj)`%fqbeykE_Cl(0X#i$M>^+da<`(?Ov3p1I5CW%!4vel zhTuxC7a`|M+Bkro8t%T(3E=arvD*@^M@)sNGXnd*Pv8X_&Lg|L7=G8)#>zARjY!>c zOZV&G1|?uh?h=}bjQ(Qp2)Z2b*5ykxN#y)CG(E^oKutPZZ5NR?U>)d(_?XMCb>Gyhz3G@lOzwtTy7=c41` zo)wq1H9`23;UoaW1TkO@w`m_O>6vWq5^mJ#!J&L^-fI-nrAixlD?rI@$k1T6s@`qqzvs?G~64QBQ;ewmCWn z+f01wv1;0qANcm*`@J!sbpumr+U^FguL)M@5|tAM>Ap2hQ?{6KpP@DYU}nk72N8Ka zMOjs3IovczP6u24YK^7iuq)A4eI2GM7!)LI5TdU+LSE5SqbgT22IEaO3DFiQ-8;l;`>X@1+sBmlGUi_{Wv)Kf5 z(|0Gz&p1Hm`Fi@he}K%5CJbtC&pVXVEwUlY@452^czvqguqcwO9Di%s&+QcNC^3~Q zt);hC*)E`rckgK~OAHjndn&}WFPj_l*dCbT4Mec46;U;i8C`ZBM5<~ zd?SOv>Q{Y|mYn-!7h&Z#lWd6XuIF+y@c4j93p0hz##e$7VNP;$`?M0YC08Y3!3TV@ zRokm=vt_yM3M+@K;;6aZ&>Nn?x~?mw{5uYQ`$(>`&!ZT=$3TnL*XDLcfFd|F{Jo@p zklJ}?XQhf%*JWJykie&|Pl_tF{ETh2mr3w_Mn=H``oo^j4e}2B1 zLOMfA!f*-DYVb;~*Dm;)a=804|Hd^iYLg>~E+xx>VmqVZj{7%i1FEIuSRNrD9_0mC zrf4g+YmX|2`y=}we@N4>W=(uI+-~g=*zuZ_QmM>gsvKJC)UiDeZqoZ4yBrSGV;UeL zSKK6UZwuuy&ZcNZ+)s)xO|eLDSj45e)Q*#gQBjm`pQcoC@0__#kupeKbC6_u&>{? zMiX(_707hJj|ew``++4umTQ;TSg*Fg37^LFNZxa5en>! z(do<+TOucUz^$yB)&mx>KqqnnsnUi%06~+Jh%U1|y(8=R-6wFvN3-Ak1@i^jf$Me- z!AnJZURuAYVEigP7Bjv*3xu}bJ-2ej?lp7(rxR~1H+K#jY&<~nEc!Y2^H6I&WisaA zI1vn7xAJf}iwzslsB`f&g#2E)=8hidLvgp8VSjEK;9B<*J>b6D?p~DTGE2bq5pIH% z?l!L@wR(PjJ^=TPnaL_$zHN{Dd|$g`l{flq{1H43PRrqQeKeqOuaNzWuh6%#u>mPb zjt?GC@$YJ{xG#VC0_EZ4qsf;Ofoi#kq!7wo<}te<30_%`VhDa}7(7X|z6EHL zZR_vueOoCnbZfxyEkEP0GLccauCNa}IpYtbtH7GiL%xy{+4YL&*axb+SWgBa&)&_K zpANwT&J$~;X9v(P(|6JTiX*kbAtJpsQ~_?a3-3n|M>KXt4{mTPpacB#Tj{_tAVRUR zmb*P#yK>FoaSjM>IIasMXNb=M2Las6K{r}}o_qC`v{BjG$l$GxoI!OG@n>LYwi9ro zm^%@%ar9d7r35EO>I(VY2l@vf08MOiV0RdRrUUO_@ndigodCn|;pFa+#l+Ba7Rr1pANf0q*Kd0lx!`$ zA`Tds++X8DNr+eCm*VoqY9b6b81o$kj1dJrVUqE*iX0BMba$%-V5BThtuTBBQeMwh z7R2*Rl~J;$Ap#s$FH#5WNU23@Z_?BK`LGv*Xe}snFKN-ITDqo2wPZ)BCklz;@Z>X+ zEC$U9wlTdn+^`R(_tGSlef-Wywfc=o)DbG@kHd2E)oj~b8BfZ{N{Rx?@*60rz`94i zx+j2UatQXXA7SaltM)7Lcd7G_=2)unueE(j*c6S-YEd~$dh6uf{OeR!*+w3xckr_L zj}-4J&O@GY?ivi{x`7-7`7KUlxtwt4qm)9M%;iQ)DTy}g7LM;7)%$0@bHOA&R|N9Q z`EsPNl0KpOwMJaWdPvc2EU8ATx23D87mckFVh^-+n1!Tn)3zrd5e?Uz+N-bBy4lp z{i6|$DAfE2(D8a<%p})|CSJS?fwK_{Y=7*N*;N-oL-CjuoY$uTf3 z-eml9J#C)EYzu^iIAwD5fs4TA0C4<0kNtCopwtl>8YO%e-!#&sEI(-uwBzYd(<9G7 z7dDH`!~+KnVJSB5$@qA+C;azHLt;avRy)6mU-QYoCdJm&$XH-AKRW;2`|)p}qwS?%=t~vP8o1rk8$l#wHX`{LkGjc>5)`g?vkLMpiGv4|>nb6Xz%PBU|ZoZn%r1*>~v zmdU{Ui3>t)mbJNL@Kc``Ho~+fO^ZKz(ibbEuxC>{1h0mAd~v-lWDEIHi}aElp&Gxr zl3!e-nq2>O9MpXSAi4eln%g4`TM*cG=^%7ByV@LEo@?H|U5E_$WXJ}QD|q*QBmjQ3 z0NQb>4zK;7N4)mJp7WN+gp1jaz}d0cj9gf+uncm92dgU@X(;l z%~#U0)I8f2pvh>@bB;s)8v$-Tgc!^ke1QJ`d-gH5hDL_CS-q=w-QzoNM!VvFO7R_p zX1V7xkY4}>D~{!#t8IzUbS{zh#fJ9TJ7jV489UTre%r5%+9Dp(myHjmwE&Fs�Qn zWQEp>qVTUa3Ogb@p4;8i6{neT9Nk7Gtv`QG#x@g^km%V+HIU`ED4+ZF6q-H3F}?u% zdzIQkhgR_YRXi)=(&`}!tdG+RI%N@ZQ$cn;t?Cwsi9K)u3NEJu)a@r2&Vk zt@$MF*gZA7HgIDSUi&GmE7UWz@?2n2F7|v?gHTlr_7a-ZAoD@jdw#is>!YEz7k~Or zjV>f12HRA=(nr+UxgyF@+XFo`hgZ(G!p|U*EYbsR4oj=(w?H@DprmMavaT7pX`I!i z2bUpobBniO%zHBkl;XC~k+JkQ`K)c~mm^)`7-Nc`m)gXVV&H#``KU1kdDq&}YBN>G$O~ltdc$kM|$5juagCzE* z@Sl3xKR4UrMU+`rCJRZ00lu@Ie#7t3vx6W*6Hy~(l>z(yZ}Q83-z!0?YzD9Zlp0Nc zV1b3DWpngeU4bzTJ;*~5PLnhs;{D@9Gy<>=&#?PW9NNt*|BO<92ab+IU?Vn93AK9g zJ0|Tv>gcogYJ<}6JDuOdRRq_#2@hpqdQ-CpmFbi3@M5{%HQsrMdk-UC%+$3v0iIGP zo`SQyv$Yo~_M<6n;*pK%>3Q;{UJDR~!FQ^Z5*bN!=xL+Bp5!7H0RkXL7AK-BY8C{% zer{emO~O6veH&%(7*77m2Pth_#Hatq;}5#e2c;WXD5~`)#j65VmX&Q$NNjc9i#h4^9N+Q zuLbVC*$`Y`cIX!Etn2jV=?s%r{OELxqzUa*998B-qEhkuu%vg`9-+tLEr@wks@D8G zvu1U?y1#qbyC^~(jwvyVTEM<7UK zLQ9JegH*V)GwhG(3hLsopn>5(nF{}d>Ug3aFR(rl=TVabl8euqBU|VHK(>OSqBT(K zdm@VbPu-1xgA5ror}pe+@$-;>TB!ch>6*5?fSn^7_dn=&y=~9V=TQ=M{Vjfb^EE z>ScYh{$|cp%Jj-;2BB83+8}<@XO0YP8X2`5=xFpBOim0Fc~2Uo@H_P1pk052al65#prPZ*f3{29Ar6Jd^DQ1^uaSg+p`(6y5 z_HAc#@bDDLZIo6B$rc+MX~3O^$ep_$_Y0_ss+j8W_A#C@Zr|&a95I$k^Ess{UROhq1~?o2lvQ_#serOF>S>5ugTJwUrkIudpiQSnmnTvSeHl)+<3(%px##@hF1Ak?|7! z9|*Ci$iHwVHjW?7&e_5<48KEjymzG=Z!0A{)W}}6yxN{EZu8)->F>Pgy0FjNvzKv- zpN#da$|d0MEXl9eU3X+nPPcME+*03_0Rf$8VHzIJG8DD<}1g!YBW7my|bw zx38%`hn;Q(!u!u68OBH(tnLR?x@!x*^zZTOdG8+Terw;N)t~a=O6^&FoQx#u+29feZ6$T5WRnvVc zmRF(~$Z)djB3tuIdbt83{p&E=W3xffdYo08joF4RnZ2{CwQ{wL4ODoe2Sko0M z%_s^(yQvYC{Bt*FZ>YreYd^0L=`ug;6lz#7u4Ksrh_aGQt*lhHy|nh9rx{E1URcE& zq5_h-47k*9Z*PRBmKU(_-_^`AXAA$BR!4AhFB-2|^RqkOchkad`2w7_Gr`-=`%rRx zr#5#2HT|GuS7KXLwCJ3{)S~oq`?lfSuQDWt4;2f6t-x0&xd8i)?KnfNC>m>@7k&`E zv%lz$XzW0ZaIysIL+`vnveS*O?(!@qj&S&G)y9#oJ1Jh_H?=qpu$L@;)U!UxIab%Z zy*z0kDPzuM=g5mmF8lRbHAHPwjU#fzLjRj!KxC^? zdp?|Yj9R{iwAWHa291y1YC7j6$|1j^O!^I1TpoNqve+?{1!uri`kFCOZa8{*vhuhi z=ItIy3TiQ431Jy;lLre3oe1Aic&D}bj^l&S!)PA@8(E3~dqa(|>DP5>26rfWy$9Tg zpY79YMyD++bZ}C60~Vg48f5Xyk)d37SZQ&>5Eguf2$0ofXZEA z?g(|}VJ3C#j&qHNmnP|Qesok}q5G=pdJ>^DwcT0qLTcCL<N?)CZ35pf1NAqcf*^lq)pQz1&}n#MM7V|!QI|lG ze(ru{Zhe~U{u^jmce_4_n*tteG}gbjEVr_)g`wHO)}i*g_sndaZ)dNA{Y}D|Q%74e zJJt80%_x55me|MqZ0#?8?FC3e7c1WSue$+~%^aa6zw8D=p$`!Y4GD?Wj};!SZJ}e@ znul!NhFRD*PiLW9q!eQl4ezYEoc_yW6fgR_Nil`U0y2;EGLD^b!!76An}@ps>&}NU8sft;SPmNc)MKakUW9Zwll=$?s z7U|y86HKt;qLYzRQyEQ}t9K~`M_Kah*B=)`?R#crZ}xIq>`l;S2@NU^GWStGjhtpj zk87>Dzh1C>Q~0TFM5a1bAUe0+Vi2E8Q)n!eP<^gd@5of`wXHmbo+F;twXw1c_a0*& zwnSx{4Bs;C#Co5UV?}EFV>%f;YMqmNOjT;s=Y+j!A0J1)HRVbQV6-IfkqSpiZeI@a zyj<)hQL0fdOqq21r$cz7sh|pof(^*#5~UoXz7p@d@7#-6*pBESm$i9C>NBFTiURf4 z1KQ?0@AIn7MMZifKBaNgbgYa@H-}yU&G!@V8%}|(-n|);P+p$+_q6HyLCnxAi;c`i zwSH3ur#QbnlKKzYGW-6Z0()xi2ASn0&*QRTD;7Lr{L z@MXn6S;Fys>jZqafB(`McQ@6V|I)($Z4}-jAp$!1V@$q>{N|L4#J{)n)mIQZ^DpU8 ze#X~tr@myG5b5&r3QuB?KueLyvC4%rs>Kp}^Is))qAUV{VJ#%iIRT_^kZlStq8L9+FOy|)0bKO81<#~Ij^lCK|)XNi&skYo*= zoqru8CS+*jx*!gF20G|LU^m(o0c_nEBxgQm~KU`d`_~id~}5& z(9un3Jg=Wuf~8+s(zL&oxI6?OIP%K~Yr~33^6Ux~)&Z#*n#v`BE&;8iv|971V?-AE z$4dIK*zLRAF|4?-0otFAb6pO{X3(gdEfRCGxX{n*2wegA^PbrJFpv6_z03kp%SZV$8=%xhN54l8~5a`X$Af+ zBMN`ZSJ4tgdY0&WBSS0hAAiN>@U>Ypni2TPmi-2$!tvIHlKx92U6f+R{kM9O+9~jE zoUy7#VX*_#$i9a6pKV!QpU{DJd^B$n^C5&_*ZT6c459;-WHZFV=oj{;X}6j{2D=bS z!WU4lSND$=00CtlAsB&Gl+B;HH5lRBrfjLK9%szM@MW>UPCKPKfU}`3+AhxheF}%N zkJ`d(M>DA?YioX}#u*|g6DMmy1pk}3Y#jH~a)b)G>|4~zEfiO4V{j4iHC=*~XG;_y zx=i7weY(=7ClLW~p=eT=W#qf(bkxD>`#JdT~T_00t?DgzF#jm|d4K){!97{RJ zwB+PXX4Klk51W|7dJVy=_PiaClTrh3WGhNhC~v*o=&v%P~3wvEQaKc?==O zd-RXvV5jSY|FgCK;RX}^cp%@AfZi4xqv3ntPDDu&M2ONn>&ePR9^iN5tz%=vZv+7H zuYH#$SSD_?NcjP`022PM8f^ZR08+e+YHDiYAbF?9$;mm>b)Mw$4@AOLR#yH{I?Tr@ z(B?2$-`>!8S3tKkk(%g6<*yPW*AIR4-w$bqQFOa|ejn&}@o+oqXQ3|M3#!{QN3gj= zWU98acK9`6SJnrvt+^Bcyyit%A}t*pF^gK6l6VhN!k@uRDUg2=B?O9t!=Oz()6fWh zyHLyQNqZrc6Et!;xb%&eH|@8lXZ#c2B#^@!;L8*Tc?68LVNBTJC8y}Z-Q<- zs!=3p?{(jvA3V5nK6~Q?9)gdO7W7t1!Blw*q`qv;8?lOBsg_+~&~2aUDx7Ao*|{LL zY`=V&i&ttG9$3%ogEw^N^U-KkP%vKA2(a9<)^muiN7SpI2Z5HCy2C*&&`+LTE+0F$9Ja)~Tz^Nftv=b4%L%&4EMD;2ky6Biv6tG8zrAp5 zBZPKr>q4}5Ap6{!Mkzgyl)hoO;&%ud?{NipDccuBdc+*W zw=>iSJA|e5%v&^+zxU3>E&lz+U5SMHv^H>0YBd4(}2_kTls-wrf)C0{kToPane|FsIH!H&t;ZIKjZ_iD8LZJ;!FNS}{-(dJvlDh9ujls#Ov|LwLkCfC2 zp>@`#$aRm+GQ}evA&jX%c0f_UeXDwB`Wv%xarqW8udtJd2A|AwjvT#o2?Nuje7!Lz z-kfPp^W2@#Wwlr6gx=-jAjbQ|)dY=DeC~eK1C4r8>Jbn8dAG-5wSV~h7}$$G=(5pD z5mP2um=|!hH!SLXp)#3TQOFYKAin)nnn|(TlZQqnsTu^0;N&^sZxBe z9qN1{+lyHv;}o((Eb)8OMnrcIq32GOX7%(EX^dmf4qug_lL76dE2( z8cGz;n{MZ4b32_nG3*xOM4GZ!TR+G8@gSafuwamhb+23{lkT89(r?>g;p5jdUSi>4 zs@0{%9r`tV+Ij7<#;F6;XFA`Zj;c(tcGr?Q)BN@MPZ;hs*VG40#PPi;7u2eg!ReUN zt5@-(DJ{1J%zN>hhZ=?x-*<55kd*4k2AY!d%hB7PUNTJ+9Vo{rs$2~Op!1_c6!iqa z_XE0X#PnjXiG{`SFD-_-htPChW*7IpSh^6 z!iYda#t#~4^?G-6R*)f({QWN5{|X!bpkWtCsS9(6ebU_EyKwosYCl_S$KYL=I?fiu zw)1m|XCL0U$;O6S9q*IcYefQmOaT4xzx(*`Ketcq72$txO8$l3X&<(`C*gU+u1=9j z?2P~#rgVm@_}lbI`i{fBhju@DG-pgyEGVABKbiCoYedc%nX~P2MiqGb3mG!a5xz*< z45t!2>htDlq^pre#{6q_{Pq{-I_N#S?3xz~DE_@Q9l;N}gMAr7UsQjHh~I3~%GRsY zUTjF#f)4~`rPbX&krNbG?+BUGj#5kGA3?%n;>H|7$O!S(}ulcyV(TcvQY;sRx z2H&a2L+|&@@`_#7uc~oY4<1jL!oux%2$=@)dR9e^>V0RZB4@+24YvO!N`(3s$Mv-$NerHfH^86Q$qFLXugaKOw{wM+wd6Dne7Fz7Pw)5t}3A9=`FS@FvL&uew2F~~BOw$qMVKll1k9z+or0;I;?dss` zW0$OA%*Nn#8l$&zGLDCpJZ`ERR*7{}z2}55?o6*|3_n95d|eT7mRRwF|YdYk?! z?@0gIfgqn5kv|4@#u0Jvycy@XSD*v~t?Hb#&&^x2*Mc{l3!8vK5hLP+C{NXE`ZQeZ z-eF?w%Q2;x4@%>j`e2iEryE%7%c)8%ikX6{x34`N?lve`qQ(F2{pgEXeG&A)SI~>S zclnq-RNj!yRQ6ZIk!;UW&UUi;J$`QLMu|Cw$tqV55{ zgE`fa2Ku}{n_F1?>bd~K1NG2fX~yq=^j-e7W0{C_U?F##P5wK=tYOU05{Pc{kN)*$ zcCg{eCO>V z%JXf8fXn8~fzglHOqXR(Zj zsF&(|;Ry)%IDvYsh|DR#&AqmZoo>N3<4|oao%C`&p=Z3c-)Y$Kw%kl9(Nu)}0ZfBaK%(`Q+ax!6u8K%ClWr34pjx2UdxUH)stTd zPbE^7KTStV!Nm*n>Sn{*|L8*}i>0c0@7YE-DIrlO-Yq)$mNs9x9;=AsJ&l&qc*_&m z8$aL#wKG(Xmh5_wA|rihPP=|WwCzjkFl%`G@0~3u)>x`o<*d3)2hp9toMd6pS0;<`JU zKhkhW_=!urwsf#-zdvv@_G)qDf_PhbR0D)?){b`XuG4TtCmraRvnVn9^4>C5wnwH* zPAZfqnsO1IWMP{ie3>7aTcyL6La}EVLvX&g_D69xp?WDSF8^_(gG^Zlcj65gSfus>$ zAZ=x`A~hxS3s9je5@j#?U0pOTVPwUBcT9G{m#P@&{0xBT@U{7OW>@@HHM5tpF7pL8 zFq%j%{{0O@U_Zrp^XBM}YLH#7bjknc<|ATb_djkS{eK|g{)0VMzjWkv09>yEyqb`m zf?0dX7&sUi8A%kN!3T+-0daS2+{Zmm8U0IW{)pvwUZ4M=To{E+4gbXLf03U3MfA4X zYgi33|Lrm_Ou8-!+ZzA+qTBx>?yKXX>e{t2QB+WA5D-w2RzgrpMY?myK?&)U8uBq{ z5D}0bq+uxO7{Z`yB!&(_aA<^~^IJ3MqwhIyJSX1o{K*gYX0N^1y4Ss~`?{~ItOY>x z{JqAo0%yk!?fB3w(LYoU9P3xnxrjoPpSO$iT@p#&9kn0{PB zc*wTwqD};mXE8ep&~0#R>kwWl8iQejl*Sl_b<(*S)L*iZUvF=FaJw-iMM~3o5(dKE z7xu$&w`LMWJgGaVShz#P)D@~wyyaxu{44Hkl-?s!>$ElZ>B^G4dg)$@Cy%i~6V1VQ z`g;|AN^U7OVs1<-xg5~Lc&8%If|z;wxX(H|v%|s)p}701n6H2?0m7%V@tU(VgM*6J zkd_of3r(g#t0$BU)K73$uxfx=buspK^AD-Zb}6-&5Ag zi0{!2wxKk{B!-o8!FuyzH!H{zqc+D-SIj}18%g5;UR) zP36m_%dOQNi-_0N;daK5MKXmY?8E~iRe zikSI%kT{AubFs4H?Vy4?T=V!7>79F>2BG{3Yng@5ibI&317(?2eN{BLBxgh~9DE)L zmWth<(sMhvPu3|uUNN`OU$y*%TdG2ClALeE*nUW%FEk-P=yuBYTC=aYvR4*h_s_Lz zq`gVyanw-zbrz=tRH951I7VBXjl1>Ujoj~9SRQ;-dfSFx=F zv?-b=;$^`fT8Aar2KxpmS}r_!oqySddQ82F?-JAPUqN)i_L=F65pYueEw`zWWQQz- z7_)r9O8=tx{g-JYAc*0_P@uYkBKW$M@wX`-%CU0C&Of7AB!;z=;9+5fQ}%P)J9oiy zc|}f#FS8Z@`^#*gXBFs2fTHj%+g!chOVJ?k{%Tgm^$6HK+KT_l{QIkb+dpi9641uU zsZb5;C!QYCxabF9IY;-%E#|4Dm`Hw@8EBHBz;?Qk=#%L1jBYy%W5Qn%fRrrPQ1&ZGNU1ouOGU_oyWxu*2TBU3IsTPwkseh7;}^0DiY37V#)#|Qjudb zJ;#Dlcv~&jCH6Lzg}q26=4mEO;zUphv3=5megUHWeSMicVMvrd|w7>PoJA!h_vy3+bZUeHJNf9>&8d zS#@W*>Ya4=QD0Z6KDEr;uQ1mv-5$c0WG7RSoY9_=-Okc*R()%N7B?fD+af1l zt4tF{B`SshY)?tDXSH;}<|DC8+^>HvBYl}qqHS()Yic#={(kVD|0$9)!YI+?BDk@9 zHjNo#hFHUB#=_@Q%nMZ4aMBj@;2AZzDXsMd_d5kAdJemV@NoNIPn!Pc6gdVUz6iQa z(fTjW^Au?BP3`=KLjiE?@-cvu{nLK)zl4PSowN$PwnG95uI2R?-DC@=2mh0u`=edm zz;lnbkqZ)34)fbz zcC+59V3yGzM$jd1!-`2L?RIC{u&W9BBli{EbGq3k;2vB1JB?xh8&rJ?%t( zZ&_5%oc%`hraG>u-*$o}x~5WL&uC!*2NgK1RpoP7kI|idP)eV_W*!EZ#Tz+q3Owg$ z-hJwrh|(BnKD}*P;0#3%oY}Zjk_MTEP^irXRTaS&Br-!v#P;Um43>x7;d#PJ$QKn) zE6)Xua+hxuH0~m;R+OFI>K_o(F9$2uF!4;ava**f ztf{5AnHVR`ET$`=SvUS2B962FHO{nyfz!)*USnlk6*^p{(o?peGv>`Rm<)i(ZJm9ASw zpGBlv3Cj_J+s;WYX`i+^Db$g4V9#nc(0B!)vgfeT3R0p3yh@Q)NO#eQ`6WwP#~gZc z`v-d$)zGXjD_eSBJkyp>t~Y|Gh9IbhN?ldzgiUhT;_6rw46eFMuCY4W7b%vhJjfff zo;$at*4>AQPMcvmE@p|&EY4p)A|0=?tXLu4Sv&fgCY!t562ht|+zC6{1=_2Ha+TCi zPuk2Xr@p!USy}dS?2yF^k>vgB`X6kz#p|HSg=1m^i%U@@J&D^SPHl@C`i|b>UwEE9 z3~ZoInLe!mD|=LWUp~yN#4b!DW74oHJQ(71R&3TFUj5+P9sFn$g@$7=d$qNsrSnF? z$nv3FZ0-cTmBa%r9~&3YRm(hWYcVL~(x0LJMwUDH_yb|opw=S^34Tjy3DW|$$exc? z3p_rf10fXk?RlcJG1@D^u|r0XW?k>Jq&v$`3NGrcb{e%muk5Lsx~p9={AT1e`R>)3 z9^FY+*VbOjUQwwW$*WO!PS1SAS_q*0`KgQ>dy?Lcbm9iO_6I^Lxi3K6M zxnQ`1R_Cj8T~HLEK~??*UI((Nb$gNsAyQRf;Tzc$55=&L%3 zMhZ+38QTVmw@6JVnrvSwbe>0$~nEof{fWE$3IzXk8q}^CT9ec^X$ZrxIVJZs`Eo^`Q+ zs#dD|TumnXT87#3b{Rr1xcfMJPXY&j`w9zoqfStQ-#oxuZyeER+LK#yLM!mX=q2

    BpM;%s8SU9#-Kn>ZKhcu%NU6H%p_PY7iCVVT-5N|*9UB>G zWG5tN^!5G)|8>NZ?XCr&yLwp0sBojFHX=fuq2UcB)f}2Qv-*2ywthxFoCQwlJ1Fp5 z*QRmbObSL}WoJPB=RN)sP>sX6GxBTpLyRa-gH(k@5ekHUes(E<>LB#kAI;x@X2SnT z@&)upd;~__fP^#--Qw=c|4sS?2j621YBqt$5ib8a*s8etw|XO4iJV!gfIu9qD)N{5 z7G#ProSd8@po^28o!yz?ZT=yjgHZ(hLci8)uhn3Gg++8ZKy3Gun6TsY=T`1oD-wcL zT&Dz(&3PF=ScyB6>7T)!$>P`TL=U!5+?<>P#|ZWgx8`)FmKPoQY~ZY>49;q-NTGhw_0?D6%;`d) zk6R>_HD%vx6gXSpME{h$R>BiE>saVLS5-2^F<@Kh~{ng2glG zXOq&NR4Gi&+JkDQA&$|Xfv{cPX&ByR5f^#PPsaT(h+$MTg-`b+;kl_kj$Pfg}vkiLq+YL+be0dMa#VjQ;fDo;57{Q&&|D@7CT`vASa4MjWNe*6918}L5Q zRo)vrT}AR+(mCU=WFNp~=PU$`Z|%mW*#eQ_0|ng?%jX)+OLMAUrdoT0uihE^&0u zK}94#&n6(MzA!>SxrCNdUNhYC)sVBmBR^w-0gy2Yy07P`R%77q9pGsIVF5Jc2sEEQ zp6L(MM>>gmX1=;%B*!$dto4bJl-X2+@KLx9m!+cS!mL!VvpSk8|JvaPbDxC;0wu~Z z?}NRnPd?^^_?!?N6V?Z@L^Zop++wSr#hnQs5*>07?z_ESc7@-E(IW`EfjPvXa!+tO zmduZsZX1}4*|-p-gVPxJ+<+rNoq^fg->5y9WD#o~d+%e8;~3))gbg#WzzN$ggLHq) z{CO;Cn1=f$Q%B~fKUC02uSbEUnp_nRnOdy!wI`j;UAKO zVEvRZN%{rR61+s({Dpu0k3fq!PWKH5Ryl6b?S#;s`FYJ@Ei%KaG*$Kj2xTOqTi@nv z0ig72jDKQA@4Fl&M-!3u@y@92)Wk zd}EvvCrdf?yr8!i6>8|w#qDJB49A-Lp=`X_gVo{^2;#1Sx>Cpo>z zmANY%)AbY+dFEBxZlTTkBu`Tl4rV+2o^dbcd$ICCm?tLuGg^j7A56@ErPt#jqwKCQ zHKgmBNs5;srXhAlHm#e|xamJ!NtIi`ebr|VXe|wy`JL&04c^C)D_nLQ%GI9DW1p|> z6C)vlIvcSdq3uGkLJf8N?M*zzgzd>}-tX;`D#T-cKPK1C>%nXbVO!L%DI>McJUBb= zts?bqA{&TaIFAAs{asZ96skywHV>q~;4uM3=; zuf!7N@J_#x6I}p3g1C6jfbm6!mcPwAal>RIk!CB(V}S?!=hD-J2N8v$s<%o7nYG6Z zf}&CFDd*K-{`Kb1Mh5q5aDxR6u1b4WGLcMx`a$op(q7{RO%k=~-tu3jb$@%F0z;c6 zUZ_uDd0m4sxM7u>aBe;GipH^)tOut{W=@u5#_J?maT7-fO~uCo-w~0wOqE&I14%~; z1bqY&(@i3m4+SX!0JgU#%z06f5gQxquxX!{c$(72KEoX54d6V+W*)LBm5^BK7198 zwV+Ajua^!Oy8enz&F`7BlsM~Cv)*F}`hfkw%f@F6gJF{iQP^h{|POVBPRW2%!t4FPYOod$2~R-%VK1 z(G$ylFK8x5;3UuJ`!J@co=4h+t*aYLkKQ}J<+DA?L4tbT26THxR1qKFWC-LFmxhWg z5a%ZJrIVM&i=~x4ztey+MqOZ%bJBV<&jU6@9tb_sh3U`Bo=R_VLSE`K=;>D)l29)o zbu3wP*rAQyn|(Zm>V788T)%>pz(PP!L{E+?V%2gOT{7Vvl;VaI)&Z6p#62xkRqp3P z7J4-8uj}1a)8@fB0O9un`!7whxV(_qYbp1wPcWlSYK~WcU*I zrv4MpjM2#}Bq&{d{Sx#M{HlGnQQ8eC%aBF*;Ol&|=Y;MWWe$+Wthmur4Ad0K-{1>r z&?5qoks-!QpWJo-xP?n^aPQP9j7W#*n7iJd?SPi8NJ?q&oBus_3ZX0)0^u7H!qh@b!`OtPKFqH!`wD`<# zj=UGW$^h>{)0}E@ycp2TkvJe+L@guTPIf3R8$z$MA(kO2qQ~ zQueA6x!V*vbk;{YOS6DhFp7!ETqENha;T3~op4s;>IW4O^|s8=S&?pzpcj}MR7ztU>odrRY|H0li{}$>~ND-02OlbN5!! zeYN)U_>{M<`3z`b)2bz1G|_DgYb8{D8klhF$MFo_MzqOyGAI9QFSHi2b?&331dN`HRQ>HZGLf2WJ!<77kw$KtX z!QpMT9AtR$xTy;qlejYSVZ9(@fos47M?5@S^4D(Z*yE1zy>KZVAhp!IaVHq$%kPzc zWa~70H?YAw+a@Atj6#*dXPNi{?!b(@I#}k3O6|Bg^#C+(|Ya`|n zbst28O^;MU?wb(nves#t?iM*oa3;7xhD(eMJZ33BBml(%EXyd7P7^T@s>&$!=ysr) z+9gE=? zL-D@GY%k5j;5J#K*TVHd!I_HaFg7}<37;nIN)eG+vKUyYYqC(zfMX6O^kcwP2VQUt z?C}7z8+>%?5!40b?7p}|CqOmkse;%>UEMlNGguNTunFzk@fvbK2E0VUrwUGIM@EspMhx(g!y;D5m~XuEeuEb+S=X9h5*!Te)Rdz z)3P|;4wM3r7F-sG3Z!NLD9`}PA8jF*2dng5$*{5LtjgdcokT?m3ZF%Jw67ys>} zZh&Gd$T<}>LU7}3CG44=^wqwx72M@uZ$k_eX8{g^IE?2!6}L;AaIRvXwNl5=%a{to zHvn+99>4;BCq&SVR|EjEDIQLCE;q`Nl@!I^Cg!?j24lN{V{lU(BB$6pxtlfEx%>dB zGfAjo0_;e=&wfO`k2LC|?Yk{9V2RqC&p3lPM=H=~oGVFD#DT$bD97zXW z--XE;@UqIR#o@H+=k!kKDE22<>cg?86H~TAfWA8nB|8BJ)EBL$k+Dgmw*P!yTFff|3U-hO1ik7f@=1ls53$^ zY#|$GfEwv=j$uymo`FRXLD?fU{k#Puxtg|m5{Wq}h$=^k6}Mti@5QyMmdTI%YnF58 z;)~~fFxFO9!vLmA-0sQ91BM=P1nGcwQkYx@;zKuE*`9k!vTa@Z(-0T&)pq4tKMLRM8 z&7L$leKMUGJ;$Osp@<3YXA|+Yl1ZKOMdTtMchsa&Lu|2 ze5R&#krhf(OUn{KOHx_Ac=`BABcq+ZE7z_Gu*qr$>RWU2Yx5x;@+QAet|W6MQ?g#o z8bM5^W&0M>Stbi1=P0r@FIfmq%_`@5eUGHJ2r(5TBVe#ZfKSVOQ4QaX?L7q ze;gxr0HgnU?=kLQi>wP{h$3lyHe9XG%06#7yH+Lb{pe(u*faRG^qj?|SE@ z_|5MWQE8alI5>U}lPql~G6lR&bG;m{mKK@YGf|a-K8C?O$aEAQwc|d!RFt?kKRb)C zKG6g~u0mku2)X`jlRa@%WOVu&ssD=dAa-Iefnr+ym=i{p>_OY>7Ml<_C7oy`CWi3> z>DolDY~wmvcL_sWjwXATT?-J-t-N?aWOzxf^encDC;7gTu&t5N*CapskKZr5gVh#z zOltJ>;&Gvl+5-mL1MiGBY+EVMI|qRUn9eoH<*LHkS>^DPr1~t^2;n8JM;S4)zsscr zXW->hAds?WefhZ!ZY-(~LizKugmy?M^-(=Z+k>j?7dpv3Q0%(EQ!(>${=y4WQ@G2@ zq|B6a%l8P(vQo@FfEj{Ux*x&jCs-s|4G32H#Kq|BZSFnpuJC1)ll$1oIL{ zt^1)^rCaH^WopV5{{t?@Zebz$&=Nq32F~1g!~&#V_en-HLUhNJ!Bg=cV(>py%cH!?~WiA(88Xo{LPg_r7{x-Z_g`?$CX>K!~52g|%$ z>@QSsd&kOp74Gy*h))uCAa6>YcGlYSHy2>v0L%znuR9VEbR(biZaa^3%%v?C&N0Ls zU=d~WFkjbE#SY8+T`?H*B6G($k&P-)p%l6w<7TVBHrkliFQRZ8WfsYw0`KJdtmgA1 z=7erT@!1d4QQ2YNk54s6Mu?Tw1++dskQxSV7=_88wQ97euY=?yB;OV@3#*}u2?s~( z(#W^-C?mvr-mPMBwG?ohE6Z8z-=9qfmv&amiA4+ zJ9=fcKW-ae#;rvBxv`==b#O%iER`FPSWFm~msyhv54 zJ$^o?==hTpt)uPQ^8(=iWD%DNEjJj-;Nl0p>uBsRfv&wM`+5;*8GsiO{bCy4znR^u z7D(NHrDcjuRp@~%*c-XW%`J~WR-G@q)*(@Mq-np`WhgN=RVI04&!W3iZE^C@}b%%bOfLFLN_ zp!`0#mVdtNyCGxc2jYN$m!f*~tp6KqBkYZmg@SjwR?+ifM7W%QK^Wzpu3@tS&sb_- zbm?n}bFu$add%tTtNlT-`RC%djZ`vWF-J;?p154b;Tmragz z`IXvdqB<`TYZ08ItaGsJie$>#8hZVt_2)$kQ>B+8@2JJCWB3^XDJ0OnbjWdI{`)nK z#dlfaqn=u1IB?HqKHdAaR+*GUGL5q0RoP4hflLX2Pno#eza3`9^u!C=Egd26RIqL( zKIdQ0TD8UZ3E}_bd_px(@(W>p@ti8Hu)jHiA8~N7y%r*<)%Mt*k_Mkp0oikxvHM3? za|efg=QgaOR$gI_pIcf1Qe#5{1yE#Qmw(HB!;WzjUT91~)Nz$5Z56m{S2?0zl^SKg zkR#%L%>S;&wR0k|Fup_g_1qghrLbAv^YLN2&=q;>!Nk57smD;=0xB*WXKnH(7CD!C z{~fF*;I(-dvRdhbdH7kJCS4X6j#fWmhtHK?^!bckrPDW8j!6Q|k@>c>B~r2_@M}(I zmV@sdil^yETFJ8(d^8(SRv7kK$<0J-MXigf8&sLexWfltilWZ+k#f`sraTm}5rC!N zT0mLeFLX!oZa@+R^)-A!vrmQuMdVl+2TV* z;wsgf*rjUH;nU9XM%=Zc6>!L~JtP~~4F1h|aj|hKsTfngGsntw>#dMG$yv6G-aeUmEeu_zgrJ7pzk3}7{c@B*jn?>XmMLm89of?K8Uv%JJ zvepo8T^2#fiZAmu?K;VMUT0Me*e_I(qLO61&Lu&Ix^E$u`%U&N5RHos#AiJpQnJRg z3p?wNC7Fx#rhXG=lMDzv&NJDYPYU(x8T;d<{%(_7vY4P}W~}3!ef7e(5O`L*8HWGJ zKpIBE_5-@Q=O6hk(}@3#-||u3)BjbX(#H@1OH29-@#V}s7J|4aISLo(pn7`#;`vIN z0Z)$-^6`l>dBPvWBG%UDjQCw13h6{J!pB~GyLU%A1!KRgdmJ@)8ZtQ~hja7-+0Y!9 z0{5mgrHmUrWi1|x`OCQhPzzZS6Dvzq$E$u%Or8K8ocMFgAyy^31~QQNP_g}fTr&ec z&?Vt~NaTSADZbqN-!j?yOQdJe7He&5Yv6%h_+ron@G$jWvE7oN{RxL9B#-^6AW(?D zhO4_+K+Yl6VPsnd)Eru%&j-Xaj~j zF~2PYl;7{41$h};FMkc#x6jW*mkk*Y|J^FxeM{WNzqeBLQ4v^ZFY8EFn5T8eU?Pdg zNwYwmA&{arqowz2o+;#ZNg6w0RFgr&OKfD?0li6w~v^xXRaD(sfRQ-;Fv`6wIX#@*I zb$?iu#m0hcQ*7cEZjS8C!Mgk^kxT3kuBXJ0r7dlQo z!=8GfNDdX$P7A$@29^#x^P8#a$wotzIUB?6hIaz=-e(5Q^kRELR^LAbV^mJ`6<3+q zlj=D$qCbi~Lw-tEzPhvCq=$Eq@pt03WUZde1j{s|*UJFXsCFT3T9C3AB;r7T7i}Xu zNbpdg@_v(lX_+SSVF2-3y%hVr@ODMQO2uH-IbF$C$3++&eE+4A?A1G^o*y=03ywDv z9&kPEsdt=#Z7*ioz}G_sw{7AC`|Yl`WbS=Eb?^GdVs1%!b?5YBAMtnl7u(1=+yzVv z#_E(lXWWUtv;5H2s01e*TVLZg8tZZCs*O%fyK899s#-EOqpgT(NAPoX=o1twa6C`x zyI%VmB+R5NG(nY1W0m`{y?D!XJMU1cB|4`YiKjD((1;CIp#GN2^aRAY;o1P0uM; z9t~7{gH7dC8&HU>*;%sHpHrm@_D*pslVlVqv`R8FJi?_q(t~(GRlitXna(v^cV!i3T(Rv!5ccnfQuI0=PXoim)swKUb^nma+{xpc-Z}}grnL}q4+UFdm>xW z_IGR(mmZkr2VZAYYCq4;tvQLl`840{4Ryx)wK67oXNuS7L3$m-$&KA_SIN8!+~jYKaPh2eiXNI# z8DA=xAzmc%f68{Q^?M8Aiem4T3D~F!#6E?I{j8E$e5HJ0y6lP{J+kx`x{#Dtve7qW zMg#4)!x_NOlJ7BlY0BvoF?j$ttDEyVTvLN*&xk>N0>sKB2r>fw#T^$(;Vk{BcFQuQrb5yH|Oqd z;y$|Jex^L{PdtP0oQ~^o(=vs7$d7|FW#xa|DbxjTf+AGEO~)jz36(Y)4aLs_ttTrj z865@A6@#4k_s{~kw`dl`aR&jX>#D7n%&uQO-)_zSkzU0+qRb09Lvq1ApvCLJ7+Gu3 ztLi-~)^igHaq8SVXU=~*-7NlQApCQL3+-d}I(%he#%?5ZI(k*S?xrqnUj zEeyev^bR?GMZnTwREhg!$hl=3mF>Jz&k{EkbQUHiE^h=qv~n*<&NU@u^q!Lu?FR== z3Bn2jRA!*e9=avE_2QPvJs8EgRx{5+HfA>{HS%NKOdr=nqxMOXYG+lAGK+zL@DMI$ zEBSocja9B7XsYX*n4bf+j*C*~62*P;rhj*uX;0LyCV>M~*AJ?5U)CJVG}4FBM%R1_ zaEH4{tp=)>H6+JYcgFfXvMIk!R>9wEQ{2E}tRxau1A+sxG5&% zvrpQWH~Gn^kAsq))M%Tz@DMj>L61YZL4`akUsy`Xnam8W5!t?;>|D*O4;ts*R7H-a+=WhAT z#oRG=W-1#8T`7i~m1=0_!lsM53YYTAiV=XtVdHY_LB>(Fg+E*$WqT_q^|(yG9Bm>h z5PTj3?TC)AzE8Jex*mAyW3zCJM4+M@Zz;h@38Gtz-%GuRO$P2NVccVf+sd22S5;C( z@5FcXe%*dWN(Ux6`SN1nqAfR~iS~(ou^IR4%Fe+Cgz4KeP9J1lZh0wR;u-z+a+ZIm zFUgEGN_GG9-b8Z{ zD?8Gpj)DT2nxzpybZ6?dRhQ*U1MmWxl&+M37cgy_!kFL+UA55}v2A~ov>wj}%e?dO z`Vg&bq<{UU$i&9(v*f(04N6Yvfo5coee6S@%J8&rRQtyJaH@>VYn;oW?0RdP!Ik`1 zZ`Yr)eL3rKw*KY_YHo^~saIw-^YI3ka<#=%1Ksh4xDx)*%x|wvR54?KTc}-N0GDzs z7C%lS+XPK3s`We4{j@6~L5mola*m2hip3Ja=`R$Te!#lbM>a0juQ=nM5ynW5&30gvw56VzU9`*+U@l&dbtFTz}j<{j2uV%jl;z`Ak>l0nlgSZtB1+ zoNqqcnY_mC)vItbrRqd9o_X1Q0yU%otQm_3_$u4s?xWxX(G7t; zEwL&nGs@|#j}>jtIE{3CAFj6Y135E*RYJ>DzBzjF@4x48l5Tx-N z9MqKMkt=a@a?y$Ju@h>cu?a9}lR{XT*+@rhv(sqQtW;&+Y-I7yCJ=I22@VH2T z&chp!ck?6h5)|{BQiqf;x^L`qLq0j>A-DXP0*%foiJ{Jr3`Ap0*CjICJ0OCusMDA) z6}TNBJ*~2uu`O9aBTXDhr{45VM_oLY5`vDkHiY-ty?i_rAK^M0GkXbn*;4@n&(Qxk zEIaa_iEoS3_4gg0(_JK`o0EBrq*C6^H^0F-)u|b|7FJkLPu;w|uT$q?L+=yaBF>>m zI^Vl~Z1s_L#Voyk=^c+HBbGqssT(4xb;Vn1l5^7ykHp^kiWbCHrp&2v+;a|>vj9^V ztWKw>yZ2Hx036KrQj>I~b~Cc3<#8ZY2CJW$eer}w`Abf&7xL@esZ!Fq7PCDZZZd#m zWJ#J<^%PN^r4utK`;loX)(Od_6;&l|-%Vd}c~1eK6h#pO+n>Pf7Kj(VG!yAnuuG1^sI4_jS@5y2q++G({&BEr}! z*#j@wF9h+~Q`W_QeT}%*QEZCo2p>RCK?6(6FylND>N4KE2Dj`p~xFp^4K2!ZK=N)hA@gedE|B zrfkJWE@k;FnZ!NW78gBVTe6q74{aos=;9Jfk4{%83+!9ZmZ&?_+=ywaJH=O=?ZN;e z`?XD&^AseUSiLXyy=|-rN+BUW&F$eeczl4WN`fqeo#!0!eoQ58PkmL7b`DE2^R4@Dr>LL!$0<>lmB&B9*Z9#a6}J@Zm7zJV3lxXzTFRbD zwc)f{H)BGj)y$jk=TbD^Y^(8!oz6YI4T^mHP7V|uc_= zdj~GZ*;mW^BUO&89cMr7oYF69_-!)ty9e05H4{EA+8DH@`9l;|W%6cGpzFrn&SKk9T7!F*8|_@7f~5Y5^`f^ zubVjg*zLBF!#a^uQ{n(S(+$3kz&Q`FmAMbOR{SV~QK(;&BeJ{U6tc(R?ej!w1wy1s)?5R*x>e=<9O-{~KLkqBpi4|y;3AG)9HWK-CVY5}V$ewTHB?Nq>^woVvCUYG_0OW( zzsHUmFhvLm@DBA~m+?Y#eYN`~doEEA^?=G7(0ps$KTAOH_5|)Y1$P@=Utgaxs4B6u z*-tBC@!o7Hs}b3`PHp!qWh@ia(w8_F)(nqj0&bw#iqPY4QXbA{T;c|2EX?MFO#;U(p;QqD?4cx>AGe?Wv zN2B0-tGg4HI2BQ`+XMvHaSs4o$*-O>rNkUdj1Jt)yHz9%v_mwdQevD@YPapbNdbw` zA~7IoivL?8RGjxxS(MoBh>gQc)WOc`gxphkd5JE#i`}}fd!mqc>U{p|rBH*nmuEk?I^jzv@rT=X06H=C0YqeyJE))2$XT9Y+<`e zIump6yUDzga;#5+u=~8iOP*YS1oes?OdAPEZDLt<^&YT8 zz}LxsQw9+>$Aer4Z`N+W}syYV--tDEIFbJ18!=iiM50!;i-VvEooY=F;{0NtOi* z$+f^!&1&G~?KCvkR_z9r&HwfVGX%Zu$8EiL2i~(aJ(vP>Z+mqjD^9?6Fp>Jlmje*= z_SzhGhZv>*iI_}}4O8Bwy;kHp;Yk7lVBLcAgvfC9UTfJfaO1E$!^4R8rX1Cq6aWtL zs)utCZaC9*Lf!Ug$`#x33F>`qU4la??CS5r^*h-RXuS7gHtN9qEse3k%9ke_45DiW zTpWqwD+Gs1-0MwPvc7x+13|HaPmr25prd$n;j&Sy0o_hp8HQfu$>QoP_gI-26#;=X zj=T!i9{Dc#(lzfq7Qt&B9-vIW*=Vr09BOd;mHbMt2N}ndLtunVZnL_go-}^;`xdk#EKc8xnl&M0W%lm zGU?QLBm{T!@yxF1$K|2~1l9Qb)+ly-o8Si>BGlaXf9-M<~1xrg0r{7J@Ivez< z_6y79;0_xdItc&~^iu<4;Ma#v9sl~*wr79JxvjHp6P;BDZl52; z!E@a_Y?^2{o`;1SK^(58Ek{t>`vi;wN3Qt^V+@etJ%KY09I7{nUV2jLh2{Y+G;YMV zG>J7uTwaeP>>U5?9;?IH!PNoJNe*QE&6^&4eak^@9FW4a*)|4NWSXk(^SsNtMB&*H z_V)XWZ`ra#N5LYQr>VEntbPPJ3uq^Ygcr+`DB9;tP1?@4jabgC2X2xK4PMcDKI$|| zVXY2lx#J4&n+W!Gj$Z#Y_Lzz7w%?66Pp=E_HJQRXg`K-tiyMRq*~aLJ!e1=_8zdU! zEu>b}nBI^wUFv`|0 z65XGeZQa*Wr=C^spM&>3zJu=fP`C)`LY|s16*vO;lx?_~=L+S;xq0NF4vmP{x=25q zv+`CWJvAp%SzXn=6R5n-q5C3?irQgRSvHuKY1Cb_>uX@EwgoT3HGGyh^6e(J!LN1w zo%gD}zE-N^<%2!*S=G%??LmG1m}Z!UXOiaHM(JZ$W4U)S4PV#~wI= z@MGVHx%8}U{jF6h3>Y?T&lx6(zqtR9o^D2ef#Tz1$9t9%=6-f?M$^tANkrgutf9y? zhrEZQ{dRqM8K-tAIX`f}_c66jhGbj5VV8jtdAnY<@S6NyiP6ZoG2ytbybw!9_gaF9 z@{z+c%!la1X|oymqabNn^15iz{H<{(J#$i?Ci5VTGG{ z%6zkAB1ZeEb1yWLt~L6j(2T`HfyL!#5A{I)VD1tbQNVZG?S&#TBfdse2 zYI49@wrj?XI&2$J5KLFG&qKjbBAN1$;csu4XI=PyI@9m3h1uBqw+8@y2?O%hG zqK`rmmEigGJdbJ*B?w0Lhvcw!M<>t4;fkUY1VZ;cJ?AM;KLnI}oXgJthgkZLqIG)q zTv2s(wd2f3yeMW^a*g2ZoKdYbfjiJk#;t{J^ctWO?>1YCxq&3@#jC&b7r#kk29vGT zgEbugV+{jR*bZ>s`ZZ@R6xRN>#Q)W=NBe*Jz0Zr{Z4cQ%(lyS=qw@PbpnN`8fNjaD zPOs_kA{XF&MP8%CR#c?WCf6@%$NNJYY&y(Gy)uQCe`yQDEV zK5UXKti;`LTeDaN2A}@iJn@_fjwy*t4mX+nZLO&3CH`(e`X&L>-jreZQN=?A3y+^^ zv}z6d_9)Ktk{MiO#(IOIglcj7c&!*_JG-e6m?3V*#LO79P54H1vUj3aRjp4TzhyoQ zXn5x*M`{KX;OKVx^3H!mW1Lz14yHfP+ zW*v5zQOOcth`F*#<&@dK*0Qa7mC3J91SM@6W|*S|HyE4m^&aRDqO;7*OaELlsePRM znT(T_U&GwzdV|gAoZmL7yga3swTTez1W@E*yEoI1jlVq*E&lZ438cxS>?|B|S`$35 za#{2V^%`=r3na5`R~@>qqL?zz-##tM=!wO-}u!)C2#C;MA;0+Z`S zN%RY-#&p6>VNWx4)Dv%1PZX~^0QFVR2DnA*J`YglN&v!APz#L;3vRAwfz;%#aO$a! zt8Ntce41neuGX`qQrw#QeUbdn*5NCBkKvM!3wf@fEOisHQ)7wkets1mWamw@k(W55$M)CoDKK zsjfZRUrFlf2W-RFXGxd^kA|437TbvQ;H3&3auillS7~8*&2B(7T5l?-Mr}4l;AICH zvVl8J!?r)I0ZVZIFo*sRi6TD`&@RlT-oxnbkj_Av^H>C3s^_XW2Q$B2q!UJ2+Fx~X z%3=XZPd`(UZ)09A{~;_{?SHtZ7fE23lp_5 zhK(q_C1GvwD4N0UI2n@o7jQgOm&EC{0Ga{L}>V+iKMZ zGhlO1*po7JzZa5ublh`9_(&I0=faEs$K9I;Liw-#lin6bxWFJiSFlbZu$)0UQ7z_quAI$eXmU7N>&hPs@&vTyh$M3&k?s?z$ z{a&u?b-k`Fbm(!bO(XA5r|b0zg)fdVHHcQYEB5Pu#9b=R(FkwOAz52T^Ere)<}}*D zYA;b`J!ELxE#PQHcpwVSQA-kw%lHht-I%c!z?{=B2Ya@5fi$ZPnX4E$R zK6p}AFk7G0<-C;GyDC-}K029+HmJM46il-62lY~!;%0udHnn*9n(fGs<5x?1vCoC| z4~A*lh3Bh~A^fTnD8JvFrZ30)I53N``jN{a@$XA58o!PkpCJ_ZHefk#wtQ)si{&b| zVNz|ckBP=qXsQXgcQUDDa%V?Ywj2#moop4MV^nV)EoZf+3PJPy;JdH-l^#2e{==l=6-kNNlX<2bxAh(gnyX>U~mKtckUrB+}{jN-*{H`Ep>lfdIc(d zg51sxxiXwdWD3s9cKmLw6Yo$`a?1j(9jy-npaShGkCs{^1Fv7;I)oMjY(V&!L4TaA zVPl}zRmM#SvI&k433`3DmSP@GkB!@lNUwIsGAVMI0R^6aGn#F(IsD>Djokp69YEsh~X8kL_~ z%_nFf9Sd;x*$UdfJsMOEA-E)K?sxUvx(&XpY1&Sg#@(2a&8XDdxXwJwms^H7)rnDU zsDD9JE9Hm97+4M?W^_yg#90xdk2xEhk20s&V0ora1Dj}rDml_-u~OOtTbXbzsbV2# zDJ2n^8t-jSC?$rKw0ilY-QTwa+>p+A9XXe2=O!8_Vd_(v(;Cl-=8o@7)0B_l5s<@i zDAf(*W6WawK7Dn(Kq&Hs?|S+*HUK%ryN{aOKlC$xTEKol14~WV>3hI5ElK5<;%cT%y!84I>7)5*!d{ z##103>3qz+!sq&a9a#u;VAKs36)QoqQ}xpqc3XxO4(&fw(swl|CdP^`QX^9)o3IgH3I zN*E(tNza?WfoDH$SXm&x{L>>w0#tPNhgH3k3<0ff{z#gr$ZyI|(q&Expbx(oMJS8b zDkzF|olGBePK$ccz}2pfXL8dVR&(ELe_W=pSszxyYdt8M!gHdguNalPa{xH8Wo|J(4Bu-vAWu5vYzSB_raGbwu*j7B_NLujSV7{a_#-bB_ zYTtN=c+$UigvAd1(LPZGcQy`2kkIqz)&4a@^#5Cku9>l9S`UG?z1`uYOL1xhtUg$Q zzvxTwMSu7K|~shy9!K&L>RC>_oAl=?IZcW#-G z7YDk!8WonJ(wvgfbUzZ*1UbC}&73TQN75RR#BkKL-IhltKLT(O4UqH^H&|prE0Iu& z6o;HY-1qCP)GbH|IE#rND4*T|IyVl`xrrZ4{-dAs@+Ek3ZuHw0gtxg}-jxdh5#&I6ptcaQH(%Ff({2aOVZw39dcJ;U6q0>A!p1V}R#v z2OKXC;AH_p4+@jtFb8}@GT`~-9}&HQ$d3X|Lx0a&4SH^>u9PYkKf6~x1Ug$!p3O3x z-Ro075HL3L-Tt%epB;r8H!ehJusZkijnG?$dHzbZI{Bplo>{Tk% z{(V+5jnIoY4+8IR?S%@}DoP0DZZAS6vSG~Z-pnf0<`(n?T1T*4IcQ5I>({dh&lXDW zASI7mNz1^gfiSo$_N2y_oy^;;|&x~xRIYU4;V z-vrb|DMqdDk^@D=3IlI@sSZ@1{XESdY?!Y-u0MQ`xe?bnNDiRF-rK8(FAs9Xj8X-z zfxHDpK+6V$P8gII5mJXpaATuiRbo;s+$dMOF?PI4Go`j$S59=={`1$TwE-h+yb^de z)i2ox4FJ)L4OJJzk zS1!(ZA&;P>58>HjvzHuLGxK~{==Yp`PsOj@)9K6Z+gEZjr*R|u(uRx1(@PyKynWuk z9PGY?GQ`C{ZDjayo^s)p$R4dbKm=8$C7N;I86%*UVGb>de<*lz@ljQBFwbCN2p9nOYC`NKI9;4MboLvJtz zE(g60kJ^Wb8aXG4GB>8uCpul7CQI5&bxz2|?gkx}Cwk!Si740~5wH_avcZ)K8d59sHtkF|n2$Q;XRsomp*MEP6XGFZ&;od4!2M{s zN*h47Z0u#Ag>r#QYeO)Besr~pSeI1i6G<>NNU7iu3Q@_FtQ|kSwCah8pO^ z*NDxHll`W9t`OsI3z`TG|5gi}5z~WBFeBS%BshB0isa7V6oU&|+2FUIm4EYTj3y48 z)gFKoVLdsw(J+#pXdEf}TK|smLaoou$0ZNB!8+})m+ZR>Y|Rb*6txSVOKyS>B2)~S zn{o$3ETtQ4b%ed<7Mt4NXngQXXG5n56ZAk2E1>m(u|Zd9QKiIg4}-4Tb#-o_z`yd> zTQ|+#yxfm@%yrxrRug;r5}qXigK!J_v;E8uK*^R=E!%Ea1Iza^bd? zvH%ZTbb@)E5-XVsPcHNAwxz|@I5OU9!OLDynyQSdB=l=IGq~4ZuS#Wc=-HQMtp~&S z2e2k97m&l|?BjF3hQ&3{{nRWtYw1itS=8bDbhHtyZ7sMf4BaV;%X)Xls|7CrBe`8_ z+h?3#`x3>`dYWU??7@2x?PKcQN(!)GZ9xRgD>a`B!xKYdv2{^s738$1$xw_hd)^ky zE@=@~?M383wNGB)BbANcde-C-dFUpyak7!MPodVJac05i=2yQ)mNlr2T~`7Y+l1Nz z)liRIiafJHBf(B9ymd#4cAeM0k>Z>-?tq>*ns1UBEgEDuDJ~DaOnimm((G3(N=i9v z8Atm%gpTMQ9;j<9$!tx1h&!&G9;8`kYbQ2oU)!hQGUP<^k7g=Cv{OPcX-Bfo_xp-6 z_a%N+wQ94XU9IoRxVjSCoy$49pCtI5Pbj+C)oifqy-L(b;p;3u`??t(YhxGh4rS92 zhcaKkKZjcmhT~|pSb`!3JFFE_a4bK{Ci$gtgdPRc*qCfMCQD>bi6730h3UI$3J!^L zjr@l8a~ngTB{d>Ul>ZVluJaC!E+iqW4lq#>v)i3UdR`Upo4(3(fK(z3x9dt#oYA{e zvN9fBGjH#%`lc)-BaAm&=E09YvZnSe)`PQ^_~p~r5PPpn$}8ht9a3oaZ{?Vece`VFEb_y^=ejkG%GSSRuiXddmC6rxn zE@*5=ygBr0T&c%tV66OpmNL_?==r&M#UrE9j{GXZBT#(Qk2_pihQ6=Da9%ZNBJ44f zMSVj2C>0U*_NmbK4t{=uw6*a_f`3+R+E-8iX50>EgS5T%1L9=gtk*29E^4O7nE5v; z$UzV`3ky5`u=rJtI>^-RdLE~|cj2I`86_ZulhCc*ojb$xD#H&IqcSO}I zE$+wdpgJeXO`~?kiY4VRUXfP4U&u-?^0$r>MD*}nB0<5pPa(HwWzW(pas7s|SJ~{h z)wW3rFZ@}u{phxZX6X0RO`!h7KhX*QnnD3MJRY^OK#d@X7cOo4hd4Y7e*p6Q>B{ac ziXeHD4s1SyxDY2$=Qwz4(4PO~=cd-ht|GX_%wia(ZC&B{1_iC0+M)=ijs9TZg8e(6 zpxkNVsO3Sie`t0LA$mN?NhbD7hgLNVFq15S8~6WiMeM|LnHKy(JIA0x;W!UCd8IC8 zjQKQZTJcAJi-p|M?i3j=hu358D1V^H4vh`xuPpbJt~jOP*tUqUOHn7ML|y1P^|ehFkXf~@fXK?oXvmx(rD8? zdbBp-`2aCHv?MLvbsLv+wuDMqtJ(l`PkwdWSsA?~LnbtL%|1LlkKeU~7mr~v*xS|G zVUmLzx`O2*wFTaIwn@^SL`*)r8?QAr!z{Tt8}*qW@mxbzCsbY#?#N!>ApuO|xa>_Y z?gl1z*rFrV#wS;!_M$^ax?G`)_LNPXNvkImYvFc5ZAF*;H*<${jB(({7k1a>f^*QZCL%%l`a1W3Kq0l zoIkeIMD1B1iIrbpauJ70#o&ckTf)LcPW!n z&H;9C?oABHP1eiQa^&)`8Y1MmxKGjF2yxC&=2<;Q(p@Lb3cp86caw^P3ykOZXYTL5 zBBIo#BjIVF7oC;t-U-ezdu!52;|cNbwmoR#CXF_MGXW?x_!)Q0$62;cz7rFf!9HwC1#oiqY_IvCu z5SF0pFao2Vv18!9Z8)_U-e+pnx90_xXXSlySyPJU_(cZ`%>hJ(ZhiM_zGoS^g5mju3md5ae{A z#>6zeAZG-o9d=7j)qv-^YT&>$wj$N$R`H#d21j)^h2%7%W{}w&<20^u`z#3&kGcO7 zF;Y5O+B_p;Rnn>b|gn9ySbwv9}qxn6aOF;4v1FVRNTFHq-N_^NXk&)iJ6(z|k#>5Qz7J|kUn zW}fxJ%tEn_J8B)%w5+@XuDWO!e~FIKZhszz-vZhcuOT8OpL27RN{?@s3kChuf6e}} zij%j2QlLR|PutqcH2&=C;fKUmdlIK!xq`}l>m&ui2^2v*F7SId#vB0V_1iy3sA&t( z@}Ru?x-z%F3e4^2plsMWBvbOiOVO5=707XV|41qkntyD0`06`5$HO#`Vgn!r=%5G6 zkpqzfLT}HnN>Mftg9{411BwxRw|`YqfgbSpK>QI8XwCqEfCP9Ti9!8~W2;s?=`;G5ujeDD)V4YzAx*$jRll!j(QLuelyJATTSZDcVx=pg>kUZvLZpU0uxL zi!G3c?%V_(x@(37L~IL!S(7P27v{L9iS$$x1%c7slobce%z z5*1j=g~4I^{+X$WQvK=aCSPfrT*-pha)dj;Ii**X#t9eaX$$Rl8hoFd`cwfCC)X1<|pO46LJugh)KNPP1#;jQWBvpv{J{Q;)cF%9!Y=Q zQrgF$S5U~q^Ym3Y4OMvnSUQzf`=$QIBHGfRm_+X>^?H=<{4cVhn{AS7)VF*Hgi3!X z#Y&2B*?eCBK~6hD$Z!dq+0u!6by`mat&Q$M5%yk+C=B%5ff`$?niHfAO@$2rVWnSw z1_C(Nc8#avJ!eY8ugH zWreQGjzu_MUet1250jodC`j}L1jDU)r=pRBrf-6V7ystph*5UQLnKN$%6`pTz+Imu zHB-v&E_{KOEud6Jz!RpXz7ZDUvK|t*T+?4wCa_2pYUGb)#X_s6_+1Hd6la{%bCoF~ z^fwJewNwd6ESO0`86bV@^W{O!(~l1*pC5Z+Nb`!-$2ow4KuzFWqel2`eH}}aeEtl7 ztSnv(^mGv@&0N}Irw^)OUIjgm)?Pt&4rila&j5M@MXu^D+<7;`G4!0=xBAjDZ!m(! z`U3_cVHQB5H~}5HhP<6Y0L(Rzy1(k-bAyTfTfU_80>#dx!_pP4t>Io2$ZLhQ+y5s` zmd*D9=8J`eg&ggQfbY|f_g?ovAw!43X{UQ|GiMGpPIS+~rdIAsMs?!A310RxEJr}T zpZOneU|saw5AkwfAGGtu%EHQuTxo#4?uCL5F|y-|D~PiL z{X;fR(7*EK)qVsp$2&Spu#U@)!#3YG9gn8tc;w?LhA zG4(H7I5+7VMQx~x-QWy3LlM7#pb%X@IVrOgeQi4Y9sc%SxPqr-sjsG`#nfnWVs1)C zvk6zvM+2ZT_tOH{c)z!i1r&S!-O_NTqUGEALzm%~^fM=L(FUKdY|@~LK2Vhbpxtsx z-;~93^I;^4j3n?2M}O*Xk|To++CW$Rc5DMx6@Qt+rE+%g;s~?72n%KcN@{a7i$C?O(Z%P%Jrabj*?ONX+aaTs@&M2kwPn|Iju`B zc1w$MCWC!1Vp8zsBUN9Pq))^g60P}=_@TXApw|uE5ha4Q(1zCvb$;MO5Ij)YKsBwe znHcLJjf!Zjtya;fQ}5{7N)eh!v$AH+CxoTz;4Os8`0>2>keyLX)kj#oC?Ga({muj@ z-+{UFw}9gM{SQz${Vv%KYOgH zw>48Q;uJ4vj5qxU+5Arp#MK&z|0Y{=f^Ll&u23wrvpi2b4o?jzKp0O^w@}-;Np$By zDROR_fgN(~CfJ((e(r>O=kJ!`a@>q&Xz+r$d24q6rK)}G0lm8|CE6K&gji&G66GW& z)#vc>%Qf1Do=K>KTOiNqfj5yaiJl7s5$qW-sbxDdUWLQOwBr!Xwa=b_n{8sy0tx1s zC{A!K9mGdIC60}b;%L{&La^oUWiy9`2YhKkll3Y{G1M~4GJFr@Jjn1qEki=n%lEJg zVRK%{4RWBSK7F%~B`=eHqDJDCArF_=jZJLX;z$Z#TiMK%+-zz1%j2@CgvN>%p|bfK zwC7tP+v#`(n56ME$6w`w`nlws?y9O6rBs&XDUt?bgD4x-CrHq+Gz%rWWzDn}aEHx) zX{El`L3=sm z>S2%>%fi9}{40%g2n#F~ucAo|v8*T8E^C>o?b4SqkK97L13vPkPp2j9kq>Yhl3t@} z1(LQxn#+anI$j9ZiXJFB;39gaZwx~)#4Yyj!kE|&$4Q}9K0MkM1f8l(Q%@NulwuUN zoVr3^tfLb43r{dX%bt^UPy~goGxgaK@7|DfVt&rXSazbI*OWp4nmYla;n8SC*C>srIKdDn?$RLi1 zmgKWAYrDv0zRfHXr-64FD)PJGFjRN_Ygq2oxiCrwTCtR<*+%;%(k^bS20Ko@?OaBA zOCZLhvQV&ZCP*Z8ffz64Hu3WbgXB4w?@iCGkUqMdI?s?I#Z>q~I~+y%+Vb%-V!3gU zq|j=AuTnfabDvB9^7~Je^yv3HPbG{GApD>h@=%oT5A4jroWL_KggJ_S{P(wdN~3m} z(M*gFlB3Jn9JQ3=!~I(8s*fuqyX0G2blTV zX#;&XTjE*N+-!bkrob}1=P>Bm5hS@d^k~~I<=D%Q#`=Kj40i~|Q zePi0;N>P!$q-qewEUe5|D4(?DX^KXucuLL@CJ&ugSf7}%a;*f-UO~-VUIB$}t2VsL zk0Jy-6-Ve;DCvHN;c3vw=GISi`xWaoHQeHAH`VpYs=TL7YA%y=zls~o9JK0SI0d{C zxBTtP7X9Au07+P`?hAvtJ%uzGCONLI<`IR~+ufrA+unI6Yw5@Kj%1qIN#O4W23m>c z5yOa4NnQn?>uvAiF|p;HV=r4q-IS(TxQRc>MEbp!VoK|jRISxa3tT6DeypgFG1v|{ zv}$J0EaSSnyXV5OKMGqqVq7aJqc;$=S@ATc2#(A%{>#viUI}c1bh1~$O>Ct2F6(re z5c=yJ(5aJ7i#gum{;R*%GYUiQ>Ypwt1uz>0|1osq}DaqAnEaOy2qc2;93y3YsAC6x{N%Uv* z4^^abUdL0i65R7$N6f*J7Tu_l9J?}f)|oOVyI+ehLL8kEEZn)px>!-} z?=aGw_GA}>ppX#B1mX+YtI!E3x|mc!Pp%x3HQ$2((MiR&HKVbih47>UYC`_ii#y|o z18&K59?Cc)5{4^Mbh%xhTb&wfN6}b&l+lbO?+y#Cuo_OaqK=kaR(HGhlZxCG=%}Vd z_mu&JmNvYE*SJ)tWMAnGGEVG5xqtMPROsv+y8!BeCM{9f`^AeFH+>H5>23N3Ik<-| z5d+YL02{d(wRGvoAFhJp`C`pRC1j5GL}Dmn_An|Dzaj&E7XX+owkwYPU;G#sk3o!A z2@SxTv`NCKDm1t5vhv_ckqESft>R*bc9@jZ%w$E4Ho3bb1*Mo0FagzIIK@fdPA(E; zKqU|(koASrx4NRl@%yCWGizChNZQr;_(cn+qbJ2(Mx!jy4Z9%cL8ku8BV+F9pD3>t zlqXGstmpo;mLKm)TjVCOET+I+fcWBCLh?aW>85txIO4IPSF0iJU3C^)6apscy1e)z zo)ljbl>>-QaNwtcG9k56;DzZV%e!2VVLD|s+-AQgN{tOQ_SuzCzKDs5S>$#+;5Ha# z5y&c@%mBFuqYL`8{fNgxI{Al`hiT7~JyCbqsMH{|``bdG+p6<} zK!KM`)KTIysrhZ=ry!IA@oKmHs}QiSapJCCGeSVQVGaF5%H3u@OCfrH#V={Fe~Qgr z`q-kO*chM9JUR-X`yjhy5(ogMd*}Z9Kc>6eX2&`s1PxnhkwRZSfTj}DF>P!h zGj{27%8_-{3>@oCYKT66Q=JuMbLecfhiboJYg#b?Gc01ciymCwBNi;J6vrF znSW!zg;6WD{_GhH^o*JFwAE>&2cdrlDf;URLk}Oh7Vu~3=r*DNK+)?zjy(VG{&DUk zt}t-rBl}5D1@`ybl{FjlR;Ht9$3JzgI*T z6K~Ka7wi#hE};+&YdBWP|Tr59872RM5!8lJZ#(EWU z7jvri7kRhPZByLrLD*}d=6+FLtHs-foV+f%tWXZZ2`-Z%AMb(f1XTSG+xKb)xk7#;gXoS*e3{~yx8?+ZnE=7P|R zpmXI7+`>i|%2Zve1q;RZIceTI{vthIEPNm=SmR=)PfqbcA*Ht*?pZN!4A60v3{w}* z*t2@hr}}Ct;R^V+zdOtQ;A_bK_Ix4%Q$lW zdziN-Kg$tOs}Vi!sYkrGPiyTGm1wK`Zk6^fDBx0GSO-^aeI$pe8K&t(7l)~dg|xl- z!N2|tnlJ%9b5t-&%gx_}y)`awlbI0{i>6w0GxLy0pH$J_;RriMQfjhAp_gqD zGIs9F3LlNDe)w&Ie+D*HTh!k7r|&_~;C$^c@a5#eQTD_{?a2Ga6S!d6TS}^G#xT<# zOeAH*z_V-GN42tT?lh;S2~}S8s!2BxJT%$^@7}-srrV^uT~97Ixi68*`f+P}mX+Cd z!a;%}?&d010I>-n!9-T_7@?<=FQ;LScQnKkYVT>(Inrf{e9(nGejO;)9+T}~`T50O znQc|i9S^;FPER=%v(;KKM@{vuaqyL5F_Ke}X)2mzey&Do8%FKf$XM#k2Q4op{74Td zizToxql%|_V%9hR?PvYRj?k^0>PcxnCCUS1Y32c~pdkCW=2x zIQZAhZPkvHbP3JaJN*NXvK%w2-iz{Dq*X2E&v5fOj4-soTb29j?r1fJUaVoQmB{JX z<9{9AMcLYfobk;$f)Ai0A^O{85k@$HKv_WLDSkq8zqrkQ+eE}=AWVbQG5-1O!eifNg7!FtQlofVxq?wZ(LU|=HUBaqTjis zCWAD>w1=Wkk$UtYKHLNMRhn>3H7MRjw|OOov_N0J0KqobEPku}t&`;w5uiR`fhy`j z!cxQ;S()YTJ(!YFvd;T{npK=;R}UZ^MlvR(PK$gqAjg>q|W2ahQCb`^Ryo1AkQ4@O$C{i++~az%h}- zDePXenWKsX#YHe@KIFu- zwpess7>BYWExdHM4C8rfW#(f>On;e|5Nz0evSy1v;{eRo3V)S5w5Gjf$@)&^*+*|) zTdz$49d~V_e%jb3-C$weJeE^;Tr`IDZ=+A^V*GD=Im7vPom1ABwMxB$8N46X7C3O2 zZQoT;^O!E=>8SAO%#b!EXjZ(Y)XC3%>|ow$gjxYF??Ox6NA&$o#o>lU6;_mkg zt9xZt#~uzL@+=_chg20x6VGT4-}xTwn4iO26_NZ1`h7&SfT-g+a2YOm!mlsExZC-< z+^WB3RU6;ZN2lafGM-A3-qBtZ3^)4=p3bWys^8;?xm;@g-gBQK^{N5pWX)Jg0+SOU z)7BzHuLbOW`yC75_3BRfUxl)NkAp!{L0lZ`vV}Uw;hj$&c~LsHZNiVM&c&3TF~6)^ zM-X;K`8{Nk7*^sp$o{{fo((SjpJ7}_WxLVto*|_7jE>< zn+{ZMEE1+ubmI1pbJ@>c9w_X2(1LF3sKxKUq$i34uA5CKtU5{vuh&sjUI=gGI|)*a zHh*P#`Aa{Y6YBcgZ~WRQ{reOi(lP9tcUj%uBFjt*-UU;x9nCATl4h5xqzAgalRlcm zde|0A{>i_n>TK~BvMs3L^;>`p>R~;B4<>A&2j}2? zUiqlD*TP6ql^gmHYe=nI|28GL;Lv+!1&K9DOH7g}$^!+V$Tx0r?Rt|o&02X&`AwPp z{72N$!DtJ4be0MJO2Bw4d$yO|C~zIt{1bfLJD(kf(ctX9h18s^*<0j1yx5qUQFrN= zcYE6C_w={M4AJE-CC+6cDatd6{VmRFypwVn@u1}gL}1;90T5iT3$G`7qCx9%fyO9O zhvl9T9`4#UopuzeGGiW~>oypM)~@9ZSaq>t)*s^wbr~9_7-_Qy?p;d&&3I}Rbtj+> zw_~DfiA6n@21Vg`H~+VblGqZ3%BcrM7^$m1jCDkwO(wo-Smmn!h|f*Cal?oH zkCFf1`C9+xJOT9lAF^2g{+RzuciwQ%wri}pXK}M29BbW>rf1U1-TFN2icH`;EQ8j& zJ2ppMtg~kLZHUv;ON*oA-GDoO>L!Ck;s$H5YQ~C*?7@q>P29t_H332c`&-e)SawsC z&rNTE)Lz&?kR)?JC|6We$gv@$*&!c1*1;Gk-1J|h22ld=$=Eh=r=jn&vjvhnA1Yq1-69ohXIS~+t^-u~h^w(J&r%Anw zBXg%eQG!w{;={l$JM}v>;3s0>;>m;nGI^M}wc9fX5EiD~F{Lw08Wl?z;=4SP86G(u zog7S<_;ImcZUjI@vw2K>%(cLe0IqB`odD!aX0}N(kto$u_JsFWk8ua^m3z!|nL_dJ z1Le<31hUBUsXY!GekB+&r9B^eHEf^yxObnkxqY&3CNav+%;-(zROmD=xPLf0FrlUH z%}}n@bcSur@j8loDFG~&Q-9?vK)M3{F?)SZR+iI5sk2g!XefLvsSxY#{VRq4s+OPA z*)h$=Y~ejMnF?+A*{{u{gup9dth&w`>54UDTD-|`gZLzP5H8$0OABrF9LUnbBHIAV zih;tgWHk4F@1M>iP;m$*CerJZw^h_b#Nc)fh3gs@PVZ-N)7 zMy+4({-8{;euR!_>_exx=k8Gc7LOV`Y1%ygt1QT~vuXnEy0WxTJK=U`-^-n=gNd=4 zPa}^-CA1$N+#6Mj8YCx0ftba9ox@DImxdD$1GHbe(7x%B^Q3UXF&`Iy|1u@#7wIQ{muP;Gx$HV@$V3OhU z9QaPDm5@8ymA90t(QTv|G-?I0(qQs%JvV&#JRd&SYa7=-w3x;-n#6v{Ex@D!;0zvR z3To**E~Vo`{0qRd->$pJcDSCf+9sFV7JLAR6inO@LFL&&SWoMvea?xtpX&Zf2xIqVPCNUJ_Qi0MqAnfxwsnq6-(>}d~UoHH6k9S zdj&Yxgv#M#lWmemwjB~KItkoYf$?Q4uJ(pV`vw2`@}q`cRf3|BiyJ<<$qHs>Z7teh zoi*KmHX9fDa#(uFFkoLq*3zmY?H1%=FMZ|C_9FTQi=7;1vdd|eW#o02+}8y{O8HXQ zO3`-6v8`a4K-_1ECv{d_YAhSLyQ9Re92E z^3zCtec;OR9gyAY(Rpo>EBzq3drXg?Lj-SvqBT^6wIJulhuPKF!&E`0XaMluHB@L) zS59cJO4Qt(2HLN31H&Knu=y~bx~Pxlgx+ek;nB-c`goqfBz9Oy(Sr4I$X>`DdO8G% zH}ouCsYxLWwTrdA=aj%}7k@<)T^bGBJ3B`+F>MK$xDZ5swt6?b<&1`Dr4`SBo)F4u z__hiyaVw;mF3j_W5H;-jFBV;G^s?Dg7>fo9N*;Vo`>t%|{*|&7VZX4K<|PanrH6$y zgcJS5Q{M-56t)bhSxRXcp=459)MoQ8x@IKBjaH@A&em7EtmsM?1ee&gc-k=p5`DfQ zO90Mb&EiixD_rn3&9)*zPgQNaJ^fc~PK~RwmUhjv`VkA}Fnfus%y(ZedZC)Vr+^DxIBQ z8dea)bsAZ4jd6FrSF6H(Q{x;)c<&!L6Zk>%T=4frau@9^N}A8*49w_XDV87o z2+f5+JZSRL*EPx{SOeJW<=ka^IqtxTj&V6;#U{n=;CwdCQNe( zHXqYpW&ZR+-)_j2Dh`G=Sx|t9y|Ck|x2iXpxaGrY!1hvEX4PGEL}z3Mc8(aT9d$qf zecHO(Q`khqIp<7`l2k%is(M?lMDg=q2rG+vH?%>fQxp@ru-vX5Iq#_lIYtlvevFdB ze{qbf{uE4<|5&ZBBpa`0bw)vhuU%jJoV;2q?%0KQY2iiM4Vkx`@#90Bjk}fd34yI8 zYNFP@aUoL~CyJ-G{@PFTVuS1lafbAbS+O#AJ~?jQwUTo$=;H`^MnB>7nARoF&R&z{ zojap!=BWjc^Yla*5GXx25Mfvb+~jx_Pn#Yyc};&q^r?{gKJON~T_m!1Ejsjm8)ZAF zU+zUrDV0KOY2kvuiohGtTI!URoAyB7vC~H)p}FVVKGO7y-=CNv6N0yMuHe4{M^608 zl=dR=FytPnk$%fx-VOZ|9K84Ma~6Rw$;2e6_B3iC&YD@!;1Dh1CQW)PWdAPk5*Ik| zj9q^tkW{*y*imCQsh3WwuGrJMg*YftCbWr$$)+~i_?R_Wz;I#0BHnAkj4IUvc}ah> zihiijFATQq#QvRq$;g2Yxd_gFJ)xQuyp%gFNAlT~!QYZF0L5?|BD*TfKr7Y*|FbBh z^Lom0SDpL5?D2%0NBp*@&%>V*S+6((Ag6e2!{~+7Zc72zddyD%(K~bD!yU0mC%~ej%ZK zEuBApeE$Yvr2FJn*^#Hu!@@_NSReqq*IN-uTQ%XuW1yo3q+N*s?|jp0B1H@oVH> zEPvM0R0|w4cr@}Zj!cYtalsOL+n9f*3MWU3vx;mF;>FKY9+pedpAK<`^{P?x>S}Wc zo$1L&VG$#wHl`+wxSpb72T?M}kFhdT!rsK>*T-G#{lfy!*Aw*?3}HBuT z2N~77?PgmkQx`?d@QkrnokuEPaV9|6GMaN*PSig)ZYzXoD`LlO zoS!*-yez_qXM`>ey#NN0G_9UpB-2m z55)g}sR0c{fC2Eq-sBqB>XXr_#Dk)Ay8ysqkD^Q9552u zBt1a6lF`+ZOs5bb#y;4g>zf_~&|w$!m9TZ2In!bRJ zJ6A-0@Smtwtu^aIaQ%K+A;oBPp~PhvZ@j+jp-^5tMPZf%4>r~yBNlwCQ(`b^c&{5w z{3qi3?u~u&B3^ZS(kOyu8;69sf_E4@m%3{G%QKS0!clNeY zD}+pi`p>DO(M_6KC|4t%7+AsXoM@NJqGK6_C-8h?%xTANU1~d1%wBSnW7&X@_nfxGnjnMOrkEpLdQy;Z3Y#gGy_W0N>|)AY;!* z;(QVUrKEZd6nK&Nfcs z5@wf}cYT#8}{!Itbzz=(6E#-7?M!uby&Jd$$`};G%F&R~s|yx58&OBsN`%N*=#9 z8F>RA!u$4?s+$c@Ms;HAuxHp)waWP!npB%!nzUCB1VyGa<6KTTTcPlLSr-)uMWb?I zmvf^**)m^Hm4mKDo5IMz_4DX%`@y}&{2ynaI@jZbg>oE2q8-0^J+sjR4(qgTCCX?{ z*5@4Os^|p#%59egP=N!9RL1`WRS7*OA}Bj2*9^F>bZnuoZi45CB51F&8ifS}<1pv} zZZ6) zS^L-PJ>W02;EDcA{0k)+gm}DIHxzn2X4JDKvHY~b7nmmwIq#=xwDFnIdOxSt#}JK} z=ckVw9y-docfe@4DDg<>5+bRT&pb?F3jn%j(k=C%&fNw>VG>w!o&J%%W4U`SHX{Ebnk z7POE_qH@7BfeU+MMyKp#lCfrVBy07f*nPEQ>4V1BHD;#xq6?i|Ac!Gi1jk)H#<4WS z7CYFQF%qt!)S^y^0tWYns4z~rYAPj zjsShW4l^RBB~*qVFA8Y<+Md;Stnl5L&&o=OD$29_dPGE&xlTE+9{h^qpeCAlH(K$6 zU0p?Mc#Q@UouPh_$9%}(?elT{_7vyz;$2*}1^s*hPIf~$EfQI>4B19x-^LQc;3UaD$dWzF7`x0^vj6TGMCbcF&-eR0zvuZq zzdxrDGoR1>x$gVAuJ`+O)k9r%0(3E(Q}UpvxEG6L1_;RyOd1#mq+rUvr3|d+>t{04 zXKIP}h1R+cLqw^9+MFQaB#8H&?COk3f;R`pToiE6r^50s*96>(OdV^| zSDF?Nn8!^{H+bgG+>x);lonPj>7=PW!g3%KUd6(#Bv?b7PrwWU9Zji?ibHKw>SjLG zSZ19Ff?L@0G4b0f@T)Ky#ER<0JJKn(KuQ==WVJ4(U2l%}#*cODyX8NUN}p4%(KcBs z|KOVdpAL6H#;Z1lb!X4KXOF0-9k+d)rLkzfgxgoZ@!Xr@p+> zhE6uJcU0WJ$^hrHRPzkjHY?)8^$m5REpUaHwd&=;hA`NL zyZf6bA8tR8Uku4I`Zt%^oJ#np>)n0>jiChG!}n%}9O9Yb~>+TVvHzrqzhTA=T_ zS+d_oAaRXaKBo5ePUWju`M(G?Ct)|WC%W`GO!Kc0ixCI@+gG@L?*cmLQEOE5V40e^ z=L5&5jo=^z^q{7GT*o5IHB?Pv-Jau$K*qHfxK%um>I{W0CX3=1p0GyvrF?p>%8dW? zqL@z$+YXzts=aU3E34CR9MmC9G1H!W=Y7T3`>V^ejtHS_7`Z{OjmA6?E$IH+)V?Ug+OG>4js21J^2AfGs`J>X zyxPMyZZyTVADwjCp2R6JGvV3Q6Fy?UD;X1d0=iw|yA^8fvPQXmMIvWvwDM((9M`i& zm{2!h4^|ulW?1wy3CLTf6vN4>eh)R?o7SW34rDpI+eqdRCOj>U79JFQk0Q@SQaW-y zHAM}NzT8{pCq+?)e)UBe3G0Rrn9LLl&8ceAnY|d7u1X=1gj{iZWxmtj)-dAy9p}ZVoH(&1D!lUF*@(Et^^-d9~ieLl}L2D?`P9T zoYku85sJWdy66kgl;_!>KE^| zSr0{h?Ad6AQI~69x6s2S)?eUI4ds7vb`)Nz8&DTx#n}n}I5jDRNSoo{8qtg?lV2w< z;MVG7OU>+(UDEA-^2#S)mU$=o#~z5nXWWtJ=qM+D&Go&&(GYmY@=>6d0Y?5KDf+Wo z6!9L2{_75IVVoGseCd_Nlwv|deVzC5tVWPUl@3C!v?^b%XX|4#tT0Z4{7dWAh$tH_ zdr_#1OQxe9g+^)M=R8(eBO|Je)ww$@e*XfPwTPf(Y>fXE4ZSr&j^O*6bi9gY{HEl-pa2U*VEWhcJz1Mj}D+DP#WozmfSez{Odw(FJtY`F&d zN=NSlM8sZ20lfK~c90~X5Elx=QERMkR&M>$1X9e4dqM<=xb#oy(tqY9`g!55^!8pV zsAccpBZS~!Uqw}kxhbh$5>C7P)a`tWdgMG%U}Zg%@)g_aTk^Gq>h~a^is0JrJr%!W zvH};;Krx}ZI>y+UnW2IZ;hDb!&%9Zhi9~#fKHU=*E zJ#<6O96UNVhZE6Ah@-KYI$n@^T~G@?bK(<$hz#1ho$mUknIaf?zon#=m!ZzNOxtVG z?F3~#JF(TGh7^jP&cMr^Z=v3)#87YSjvOTPX+6k&YXL+J64ford3x#f_&g>4>D_2G_xK#?aRnSvEdC(;^fpIOF6n-<~fyI0vt z%!PXuPUMH5we-x4FJoK%eA+?!8q}&bu|~+Ly8&#OimT4srHct;-BrmO9AoEf%^eSgf0zdqW;7Q zK4xNU)Dz@mgAbmzZA8MpKtmstmRYHGh`LRp@fjfH($x^7D#F~=M&Z6^We{yt>V~;IUCXaVl{6lr8m`upY7w#s zP>UF0s-dg;;j{ZCH{woVD>h$M0dEGMFQmO_M#Y#q zLyc5@2s`w)Kz-FhwKTNPpLoa>wA?@BhK#`He4nT1LmF>LoVVpjQy+%66y5XZ)L!K` z2G9H6D*Ns|_$72XJgo91;OJ7JT^1>}zE0?@{l)YkGc0u}4YPrHKE9fP22D?^;(&Cw=Ve{^#(5nn-T9~j@*p1&ES$#P94V#~T-pwN22fw^0 z2*u2~BlCjZ+g38ofO9!-G zXB}#^0A{~@PE!5k@S8U!Umt7_;6P$+iIjp@A9Agf{*x+ zCUyD`cT2JW4pl+O3aMJYe3`BuRR1PDk>|*+P)9=D9~(~J8( zk$)+Na`iS9)7h*iF+h)RQKbImlN9ZO?Ccpc^QO}U1)Y}UbEgaP`H}<*4R=30$O~rs zN>KXi-+{aA*rXz0Dx`oKw5cO9t)`mk^Km7InGa=ZR9+dBk8(M)jo!!x#H=0ilHOo} zUEXZBHKOZWoasVwxrGoaYkaUiHG*F1>Y+A<#*vJb&hq!aA$g3Ct_3c>Hac zV3$e%MMPnT$!70bIO5il-;|&=%Yqpzhox)`_S87N*6eQ|UklE`A5B(xNNNS(?g+dm zbs+MuK;|j7zfn*GeF8pF#pV*X9A3V)Kod^?r&3 znlVI_hT-ayk0-L8I$ss5d|B~PPBt+#h31sK=Z0&;) zw(5_Y>{IhEv<6IlN}8CqyZvXKmQQAGOZPM#cxaAbV)?WeA*1F?1NCih%X@rux;$*p zm(092CVf@Xlnt)1X5X?TOQ^Zz(fp)BVV7jQQ^!O*v~s6}JhX4PZgf>q zY-2{JCmJ1X6Q*XU0je9-Z|tKZmru&R8xTydToSC(_MSn|ZpR+piwftpB3&aPi&8QJM}+u^UcFnJ->KALk^t>W zAs5*smnDCBj8&LZ80ITLh1i%H*F2>h$GT#r=Gi5f=-iTPruQWK72(^5xs+y*t?aa( zqwkUT(qH01C~>zZ#8`!o!Z#5W6(9}tsHn`Fjp!43@kp|$?8Mu&MBP@6imBYD;Yu3p z#Vce;0cI-KwB&jTLG=_TnxKNW>{(+lflrQqj!2rKp2ZYe1#7@(HMxiLQ;8xWQfpCu zga9dxh81pVxLgK96_{Pktn+fShM(XR9%=eeNUXsoa&tGcHiZ?TQP+BjR<(x08&QG>=XK4$gL#qPJt z%UcO61X*hA^O*Q?B&-kGtPV^az9}}vMhcm^D!JzRyvRE(5ck3F$JT%N309Sr!~YFG zLGD~ZQYYu$l0*7?m}t4nz?B;DiB0$44rV-yo=(U2M{}Ya8>GavaJl!%KWq5M=lofE zlL`Y)B&(9*=PjCZCaQ|F$}%ETaeBs^{YF5md`R_A$aU3T^_TG+lWJYp(lW!KZRL#&D=NDJsBR)CPtKk|uPW$=cFHqS)RJU%5KPV&tXB zX#-guHy<6V=~>#|7@%n8x>noafozXKkYCo6R?x+SQ+2Qr7&!zo*m#I1scDFk0vlhO zkiGRBoIh~_-t8hbg`V%8(doXmx^{xWlgS}P`bofil8hc52*oKOy-?w z)9Ya9(BAoZTr6%22p@ic^tlJ$t(Ls#ZUUd3Rj-kr%`8+X<#_W}vJ`rOa;NZ`+Z=Ovgu zw9hu8pkq zS9*CKeJwY^u&K3wZr!Qn<(z0_;MCV-O1`qX@DV{|QvAIy1Lia>mW#AefkThei7db? z`#D+tk4v5Z zd;1!yY9xf3q`$k7whB5kq8|`U53mOfU4Yy?2||zqs&T3c8^~&9@lcFpZH{zdofbD#6;arVqEF1+~H`=E0NEf zj4?T1M6+XbZYJfv8qX`wix9E9`8j>gb$ox-%bSZ}&Yoa99qm+i-1m33iaO6a z#66$MoN7YAW}%QjnS4gURRV2}@N)m5oH#W{3%JYbXB{1BDU&9DGTN#v~GN^+jBRzohI;e2H}GoZdAmGvET-yB%M_usH*VOR@F7sbh>< z0mTF?oOeo_w}S6?vkc7&Tn{SeH)*!WEPhPknz{pf6Cl0rU0z~3_M!pnr_YX9hN?m0>yeoPP+WH2xCF- zan1NSc7ePZnykq*jjD#tS7(|}^dO=WZKf45G0-|fztm~+LMyWf#$a4V)+so0vsXVU z40mMESL;9(Yf&M0i>7VvI?`1Nl7cq~&Gg1%DIQuup|0 zBQq^BY`5VbdUVAdlP(546VQtA{XGibD1I(`g9&f1bO|mC4idP9zFx? zCm62mWq{`WDa`JIrvJ4I`wu_tVCH4$37pd$mxSbmS5{mVJ$#c5_scqb-AFgHywVak z15@WT8h#c5;tBWz(+A1o29&t;@*iBbRk_tJy^9dHXXPi%vt!%H zOyP^@1wJ-RA?l#dBB8Qw+xTxxfh=;pz$&4E1a<~E|&*e zgRc=HM|0b5P;}-eti$5yfIwnziANh_IL7|)@!&{$`p3%Q)t4%?(ynPGZ>5X*S6q5z zU3i@dO;_JCXtvq%RpeO(;A6<|!7Lhltz_X6T1a6vm9!*WnTE@Gi>USU))?i=t~9ij zB1WUAEaenti2iM^IaI%hcTM>wSw|?LTTGDOzWKmurAgNl8L(EX={>(<|7AoUN!Jit zw*EH%bZ`>%$$0Vej!2Vwmxi+^I0~TS&)IueHDHd&kFBd_uXNJ-ofNXbl%Iwi70G^@ z7)LjSerBNiPZ>1d>gwr5TEnET+Upy9Dm5w5mfPPZnl?OPG@py3LBJ3ALcSoFPW%eqU$_p`XBR z|0OrVqz%DEWzmkd5tH(7XHy%Bq@`oK#FUtCMAa1|Yx)6=ivibj0wFA_&iAr}*^YAC z2A;7JUFA|-jO#_5sgFH6Rp))FrxTlV;4ru&I2aw9=6N`S2&80Fsy*u{ST{GlE+<28 zcsQ0;IQC;j)g3}X>N%!h99zOS2nL_&C}wAvlc9by`v!X!bmCA>GgqRhsW~sA(A_$T zn-9et`!0%8wx4((MRmHJW*a7~3S_+K7J5C^dJi1@cbGA{8z1fM0i1Aj48RF}%H2T; zP{$t~mDPNqP#`r)T{`N8$%>1TEWVDm%AEGYO&;q2Jw|@@mDk>0P*$m%8uXuaN*PM> zy3_-Ns6>ulO2;1x8q5H~qz)9)urr4Ba-*t7db{dT+&sB+q*H0>K2KRmc$=ru{eG6YhmARNk1hHlW>K3ZO@ER-u_Ny}aMcCXUl=`&VDS z0@fN&9E>Q|2jzXW7qA7$b5Qps$;SYOx6*5Uswf1dyZ-#;oC#py{(MyY-)~*~?QqTo zW*go9)GD@C2qMvLMU%KW5inv^c^mIXe4*e=G8pLg^!EO&wE|~nz6&Q6tNJMQ&a{W_ z5|Mt2`Tr?Z*FXDV1=gLQT~W;lsu`Z1D^QI{S@TcNFA2Sb0;Frxdd)c=8i|0RV+`5UR%ur}yj*ej0E6kJ7(%i^>=6nZQH9l-#N08S+q3w>H@j2I)Y}5*H zt@{nV!KWi@kvG^=oS9_87@?Z4d#)9_wpd+lin8Lps1d{QW>a$s<$FUj6B0rY!(kL!{{m5IbSRgtVYM~X;Tb;#8ohAuf zAAnQV7YN0ZKzt+GEdZ;#A5;GQ#n9mQrTI_wA87@)?G|E6kAzj1B;TB5L5?S;wWByw z1`4vh6E%J%;|qDB=gH^GxP?;CR0vReba}BSNdl*ycHm+HqPN?yisjXxZn6FF5V!wN z>t~!3f7uc%RxLh$K(_eL)EPfXIRMe45^(alRA4>s`4UJaKpj-1%*%^n9$IGBfROKlt^pM?pd4 zUOV2UU7`6!Z?eNNq+%wiG@B0JTE#JVEvo!1N00HN_ppG&wHSUmNdz&H$ZNlh`1%!J z19Fc&&3aTC(qqb>1=)J^mk*?_Ch0f2!@s>h+TGO!#Ox192VMDB)ZOMsUmJtGo2G4g z=@dN#d?6C*6x>}PhfDzQR9`FwHBUA;A#Z#iX#g%7&?|lX!H*(A#8U%&1aQzKmi|Cd z`1dF8|K3!Ur%QYV47otvZ*gd^L1YQmdFed;z`ya9JYs4uQB!hySC@~Vv`_FL4EhzPb zcHUfDe$isOYYNH}1*Qk@X6jmy#uFDX7^4ih6BXqd=U&XdcR(d4T8-T_ZvXmhmUv!O zZvzVUCYHPcbs^#KI<{G3cdchD5Vs7!sfX{L!n^}lOzVIotNPnh+~nauLwEaBd|xnx z<~LO%(~mhVr(}@vtmkPI?np0_3CTj$!F2>9a-y?v@8fT6SNV_NbM z@jAKZO)>i&nP&H;l)`ehj}vhN>Q@k7ch)WTK>>|rFJ;Jss9|cu8yH%J2HXv&dAJf} zp+-$fB!%J^>D>pjshV)VNznt zH%#z-=srYeUP0a~MDMG`@z++=7sp=Jc#F*Q>3(E%XF4$=-jq1QbuD@%GyZ(n+N+h1 zdJLoRk&koLVVX|Y`&k=vl}tsVc$#TS%BThSG7;tF-vti0q^oT{UDw*!TKY1AKMXWEg0&Vi($1}u##OkLsdt#uRNOQ@*u z0t8Uvb9wT|r~N7SUb}FZlBb~Dv9u<{#WNDY6%|&`^qQ4zZL#A0Nkf@u(6ot6)mv7c zpF;_pfp<=+Bx*=3>1tU#4i&~pup z^K+T4VHCD3@Fu!#q4ezL|i8k4J+?7p(XE-C)VL>W#eT z`b3Ovs~dW}{A#&KY+o_%HzE8WC-gNZL&4Q7o^>|o_x_^T?|0gurXOzGOPTmx#?V&c z44*ZgPfU_Tvr^~eLe7v^B46)!&E>#*M?_#ei zpUb1Bp}O`$7g8idZCDPBCzVY&=)0@`$E*_bL;5q9h+`M`7=@@WeO&b3hxf_cL36Qfg$(!$DeI-qkkR`>%uHZrReoxIz z+Bb+kvwOEX4PIOYDK8d_1>4H8`X^*RG%#laANFf)u_!*TdkV34a9C(flmJi!-~|Jt z>vy_XL>uN)9I%^Ch2EtfKF@PM=|FUDFT=&(av0h1?HL_>0}M9?mbYpG*oBDuJaNnY zdpWy!1P;JF(T~MegJluMHF=WfV9|}$idvmV=35qzqs~Ugw#d!^~$$Q=p9ZbQn z0-s-M?}MukoOmG2OLA2FO0wktyIXFc-!(LG?+57X@4elX#b|W4+^@_#W4pi&2fHtq z2XYwDGAKkATi-u9suVBu@q_NG(|g+|*oEb*3A|vLhhDi0cH(bMe3<*5t>Eyuv%M1E zZz1r4Z5kkHmjT8W3C;oMe|`I7NrAr*zKjk8R9|pN5L;}O0H}wuWA`C@i>CWWrf|8S zGOwbfV2mp49UmR0QBz-E6p*lq8(GM&wLiLH*h@ROK_h>?azN9tCpJsvQ*8nqJG+y{4j$}VUAy0^FFP?sj*z$3AiM|9ry=wK8T1_(24QY^wO1T~2k zlMb@RFSdyFBo9SE{h+~N5^yx!fkY!asiE26AcAR&S1Gbo$ArhiJ6-w53K z&Pk|3M_$B;INuk=T6Nu!jC2i%ZtR9PZ}d)!pdgU}OV72K$^&8=7R)t}EMEo(MFAQm z^XQx1hw~ptjT%%eB$ghLrUR1%s60Iz^c;_d`TD;9o)$rieQYX&v`e=(<4s;tjEueG zbeJ!vK+{$Vza^J;s1uAc?crZsZ|l|+h+KMJI-#rw8}u(xx#$UwTZhysNUn5nP9jc7 z{gE(SZC8hsH1jK32USoq8_&8xg~J`+AS2M?g_mS9ujfHZJ*a&(bi|f72CQ7(Xa<-` z>AmykV+c3m#8nd>ZFHVK3_WI=9G!zBdpfnCCvstTR?9!kU6d0e)|^#74Y`IDBrRD0 zQy5!JKyO!A@t9`IH!yA_Ri)^>W*pbsY`{{ellx{iL1CyW63O&JdLA9a{_!_POp}OG z>+}-%BLaLo`Um8B;P^%GMdD~avb6+QyjSgWL@@F{#bpR}BF&qXlfhO-rIl{3ISVf` zrcrxqlIy___|t$GkO7{k5q}mCuukuKS2%WS3)-~06qrFz&3 zK`Il+!{L0_Q%z}JJ?Bdw)wi-+ep+GOMrWq2frm6UWjE;iX6Dx{W>W{O~x*YZpccq*s&(i89} z=q;IK@tk0$EPrQH2+r2V1{}U`@7Y*MTLeca(tOr>tvAYOKL>q+3yln$A@r2(Hz{@n z9eaJ(|M+DpfQ}EYc78Hge+eqm9V1W(h0*Sj9Aq7CbN!_rv!fi{qKwJHJv}{b|9`v4 zb^|&HKxsZ}<_A==Adv*5fA61^GNq*%|23t|zjk5&cG*)Kk#3I0^IOtY8y+#yeu4+f zXs>eJ2Z3EdWGIPwOtXOFx<=&YT3pQ~kPpqpEW<6ysZ`Cp|VJ=_x!2n`d3 zF74j{)?h^=G626o*Z5*4Iq`mwn4e=-hWns$;nGx~>mw)H{hF=wdqVPS){1L91z&oH z*`MF2-uN|T@X*OwvwFYkq!`Y(BJB!N35-GGU!&|#W(!I6UBqNfD$C}vo$t}R^`@ba zWk5^aUa=$-QKs2r>(J@J<_vF>XjZp2Lo8+7ylaYQYX;+s_P!cng5&QUyprvO(9$C< zYMf_6T~+T%1R1jt@*4TJ^ZK}n#@u(d11$p`i-P@^IN#&f&vcuvyi5UOUYYNcWr=KO zT89o;EvV+Fs)H8dV85(dPAq~Q!}3StW@9wqN$=fEAovv6mp?e2$>6MoB;S7JbxTJ$ zpgT9igxTa~Zb5OidxxFcWu^l0zX(?A+0jpi5b3B>Sr{u~E|d?1ns~0FzItu8 zOlt<iRRaUqpXZ?OqZT1E;G!okdCK+E0~Wp3QHdP}8Ecp_guSrJ*f&#HAvxvzfL0+`KNY1XHk4wEg6*_w#Dy)$z>I%Os&>(g*d9YsMvQVEeM{y|YQa+Tq) z>+wI17OdBgM!Z-vvT%FGONE39{F*Q7-K^?Zx>&{^ulczpyA3cPn0pL23%mYMv8)r1(ZGw-@w@fVp!4jZ;iQ0*6A@DI z1vmF51Yo0xyQ z3lif*I6?)4)@y!d(Ft9m({$GiRJvO(0GMjAFs4xC)?D|D-F|?1f+G*z3Qz{@*{1|s zl3G7B=1V4>EG9OX|AVTN;3e@i#h8G5RoSh&sDeISLT9>oP(l!M?k#g@0Th(X| zj3=1I(-IOicS;p3DPraA=M$wb=({&Wqj|oq)*9Py)dQ0$2SL2n5_>aa2ve9k#&AkF zm(FK=>+$nvJ&7}hPC8%A+r*FpbWd@c!wg%)iTP(XC+II*?xYw^|8}Tjj?n%!a|Lpy zM|SotIP)|T3gkG#_?wC^*uMWrNIi_P-QjtV&WN+I9$I7omc+XYF^{#oG2BEv{d9GS5OPw3M6RB}nl>LcM9ZFex= zQ5rzG#)_}Y&UQ~8=nc9LK2V{5gH&la7y0I`j2SLjT?lKaS{KlujpWrjmtkSu_;OTd z-5qJk9UhN&&S@W9X6RO|CrI{pe(BSC8GhXooQx0*d7Z&V~*e<`tQoIz$S9k+{m zCS{ic3lKxvyCJ`0nO}=4ov3da*SBv7&2;~`jzmQ~ z2a-kVUiz~wCH`NREUlyzreUK2NFk4R>bwDrWWCYDq85IHT70U=6m;hV{ts=w@~`lA zrU=Vd=P$zJ7QPi?B3+X4>JCQl){aDeGocJUQYM3#uuxJ(75?6{op}fvmOz(j4rk`M zG!ihgHBhQK8tw2~m-4Buv8#iIlkWF+mJ(5b28MHGb&FOy&R!8O3nwDUfGh$OOys?q zTF(evOj}y=G*n<;!xRIJhGoA1@iF>_<}5 z_q&9-sTej@zTW+rf=*+!G}4M+eS z;c&u#!)$>Mqz}2H8IOL2L);Lz3J5z(VEmA)>DIs@@LO3yUV!P7Bxwb&J6#Jp8ncf6 z_qV|ppP-nfpKcixis7eX8JIstUFQnrxbp4UH?tACQ>5O(&PHRdio|&a{`JZi%UmFT z->NHK^{8nhnG5uOvy=wAmAX9d-4(NV?x>TUzzShnYIz^ppj<&$ME|7$HL0~pYa*3q z`iNi9_u?RZzUv~Xma)s_0dTST3jyLcIyj^(6Ec_89mGSUj+Qm#Gmmzq$E7e&cXuUZ z*JOyPW3+_*1thd&)Y>`SuC3Hrv9SK$?0`8TKi_$!K@~z#Mz;6+w&;JadDMzdS%YHN=4Uarz1^48P!R=?qo1^o%>Z}zlPCw| zO8*t@W2{_9LOkoX7g^q(xrQV?jg=d3B#b3oi4~iy+4rh|aODNy%gm>UntioBP&gUc z5ezNEHfsL7cEo1q_Q@-b^9i1_;0dS=1QCTLcJx5;o@iF{*26%BQ++LVUI4VMD8 zFD^4|&A_-wYQ{@pg!#VogXxoD<$CeBdOVm`r&<~wPFq$25oVEddDf`>0h&A#ka}jN z8W`oiQ?;K0TIyhWnd_=Y8(unI=S?a7tW|3g&u0>rqA#?WUfc7Cy+n9v{q%2Bw+3R^ zUI}&m7S~PKEqqNPf3%y6zGXJm*Dgb{f(sJblFe^mve1k^8ZI;i+NLwb09&c2CIUf` z2Qq8%3i`was=Si zhk|IoE%4c${S!}kw&e!%} zc!#x%X%V~7O1Y{pmZKo+NDNFP+}Af(%SjDIXt3J4gUO1?TzaUL;_8oA92Wv~rF(*B ztxVtuZWR>W1@nmiR8FKU>x6QN9os_vf2iP;ITZXMKzG zGP4y4Jth!t6I1J8Ps|rTyQi^;iIEvf6)y+Tjp3o~^*ZSdZh_*I@ zMolZ^aaY826jY}22Km?{>O2oWj$<7ear!D2DOptGM zo74UAVZ^$WgSz8ghuKd9KQSf zDYXO}xyCDf>{V|+aor7pItq(4cz5%cyeDW&^u9D#l#M-J;KX#L@#45Tw7}|IC4VZ8 zY-3Wynp262kK8`FnAMhT+a(btrnHQ>)jW`?6 zVS65C_?70C9&mYr!tt%`O~~YpTEbiJ(#)u=Kx?t$RQ1VV&ia|=94*Nx&$U->(4Nd( z4wmr%*}|~q7x^*sIIU1$M`rAa?hN`yizI7D3B7K}fviN20GYfbt>9>okCiTaVS2N) zq3*c!uZUBT)0%$1@6w+^d9P;L+RfOMQDaX=m7Mjpvg_3A)D4|tcWUMg_GH8If@!B5 z<1b+xp89rX8qJQr?V3h*bGPAEQ5G%xDbcG_b2u5{wsP6vAgq4U+baTLx~2uk&F(hb zXqujIq#80)_mlF~jZF?;^;UD_L?kJ?z@V^XQ#tDKW(0D))1%Y{%t)00shD{uYmW`# zoZ?K&P_iRuR^EhUikbiT0V&<&Yg|x769FyW{>LD5`q@vn9_AiU?*iZ+AT`@1QxqPnN)AnwY0Dh^_)RXw>V z;7D{gv1qB(*NUSnh9+658{7i=<3 z0{UB$*%*J{AeNyGo4B}JSq^k7r`zX0Ei@!W9vBf{0Bs`FKV!AW3CqEBW6bQ`!op4 zY?QOBO7ebG5msuqe0Zkb*3tw7R>X^z&exGr_361*B1);RtSoP#KGY&vMq2Ww0-Q5H zg*9_56Rc1-Dx10pFCiCpOoXwg$Tq>WX74~8*%1|C^WZ6L?WjkXEuR)0&OdpwDos2Z>K}B*?el|Xd643x|^XCPw2R*k&x9GAu`{Qp$34YUjZQ(u!Pe|r>8;ZzX;FiCU@XQVRaqEM?(aR(gY)X zd%y^Csb7qV#BMN^_*cvoyR-0Hv~}ko_SV+ZZFd<&K*Nwo=09`+REy)!&G620(e9QvDN5*dR8d0cSrnH$@LaDZ2v7 zO=91_J|V(GdkW26*#7!$_ecJK{H!n4SwPRu&JqPp-~KvGoEgyD8^e9%)df<=RDcfj zGMs+&tMMPt8%$9Absd=O=4S4r6F1U&6fufxnHR;vUxhV9YzB5MX8 zM`B_mL3X{cqGA)=5dg*;3%yHy{`}tk07U<8`;85(Q}=8v_hr6%037BqC~e{Ek2oF1 zqCWri{gW^B@YTm_qPy)wIz-+*fcIG!oAimw=u;=x`HdJ%EZ1ywpn-35zr9({;Om z5TBmt27-&HGNw}o#^)7lJkc0X@OB| z^d1w5=190S!{I<;Cmul9_14{I#WszFhnlP{ZaPf?V&JmIP3;inmb11-qI!F9c>zlqJIi4`=x0W#R%> zqi}IPiFxiG9ID;@Y_Jn4Cz`W$F@#SILnpRfnxQ6s#@L;SnLcxuEtN$s5Qh$qVDz;K zc79jVK8o3CnBHV`xu^o0W0^0m^j_^rF-R&-tpSoSa&}CNgpNjkBI1{f4`q(gF`cYN z22u2N@+iBlxznyD_R@`0G3!{ZDe7XQY;BOy9`~{WHq-bK5N$ye1;dLKh{3A>SNtO* znY7(7*k05ZuCn21PsPc=UV5qv8Da>%0q)>~>Y!3RUuA_+c?r(7`u@_1XjDf@e{=yE zA($?mVeIx51H!^U1NF>k=FmVdE8e6_4*+QuSF zz#b{}7@0O6?x_zYOySFXZO7qMur}$+mGD8LrxnBD{3i(B^bq$4wn0_T4uKBOA8gti zZctIpimme~Z;K(VyDcUVrQQ#s$TY>Ctzj=QOu$UD2l^e%dBpjZlxq@u)}W(ASd^un z_>*}Y)F28H(PE-hTfxXt=~=HL&krZ-F`0@H##$vVzCbHC%PM_fXw1pbFF&tY7T`bt zfo|io9LGjtU#`QCwmNCbi1s4dU{h|pYV&^5wqk+v3wE(Aj;Q=H)hep;5S+iskt8;ByJlR`VH?|0*{ES;NgX{v4fI}x$PTBQL~=&3SwFSy{~Z|pdOQT?)Dkw-C& zC{5P#R{ijpe0h$-u+-!c_S%L~l$Sd&sI9S3mDK<-&noRZ66J_E(;MH&!=qc)K4Nd2 z{Hh6u77s1MkB7F5Sr|oFuCot5L;AV2#u9U^8n+vaGiaT@1Ws ztN$?}VeR`Sg@=K6Pp{Ignj^@g3PhEc_6iyW#=)d{|m9!S6gIfgdYLxL+8^I`YKuMr1AjF`{N4^}P@;t_JN?<}ErK+Xz^bN2%L zJ@ji~244IZPOfckrA=3%!8Le?_wmu%;=3*vCAQp9kH&sT@M8C_1q!Jz9}a_K$wy!a+IZpu&6iYVPU3|2y6U)c`PQX7(4rN;gJ{{Za_Fnbh4P6$#3rtGRWbxXaVk zhw$Xu*x5}{{51o5qq`7iAj}Znv{Q1H0tsAywN=$nH^ZMjU}GeHc@n_qKLHT?N7~r4 z<~=^5-+mF`0>r)_u&L%|2Vh!S?D4jIq>y@jHsh2$kv!&BEq&$gg9jXKz<;j+j3jf_(SW4ImyNSM`IK&) zIg`=Z*7HGuA1>&C?BFYWRBA2=x*7=#RTNHo0tF2&99pW7Z(O>vi)fZx;ur$D%z8$4zyAkHXhhUO9UR|O6y@`7 ziprI-y(xKG)6-1$Psi25zy`MSl_`sg)Lrh#d8Ja^DhkR`n8PaE#QbLZOKk9}bvI$d zA3NHM9efza%w#5>?^J77LgAv?5kai%B(y5;=%aqJ&}gHU7vRH8f&~N5B_M3kZSD1_=ffX z9Mz!N30;-DZaRVd5jZ$@*>HeArh)FjfBS}B4zrJ4_0)rBHuf!`(UqTLp?Bj4SS532 zH__Y&>Pqf|w?d0eOysPTQ$B2JJsK5Z(@{~c*A*&K1MnQ*qe@>VQ^5Hc!A zr>&5)g#Kt>e7Byl-%nl8rZHD0qj`Ha@^&nvbO>*_8r#+Sb8~SKLg4dZM@$j-+MN3v zGYl-!!Au9nu9_J~z5u=wPM7X4h=a>Vj-~xW*%qfu%)U#?-;HQ6*9aB@^ z)Dz3@^>HG4vizv*uN_7Xf*p6k_A4!A1-hGT3A0@wks$=qD-J1}280E~kY2W~Xb zgd@dEpo#@Sp* zp7(@{*dK!mwlYqc?AC#7V%mfksE0%&Py%bNShfQNJW!dy#xC9}ncY}M@h(>kMFW6# zs;N6D|9`wqnlr6uyBx~RKVAgm8m$q*&~$`bx-C?E*s!%4uJ!{%PWB#`c077Z_A(Q1 zQbOt)mVEXS_iX=ApI~%C7;(k{l1_H^RmxQ9XL>casYr(;B#t7+(plxR-oyE8RS&_y zMxULa3dR+)=+G=&TS zcYTg9x`=RcYHYSrS3jjtp6bu7tEF0Q!8=Z4ai3;7W`BH}$gh81cBIX#hslxOQr^IbVJ&PR5Qxg>A*BtYioUz-3nHC}MYE>eb&&z+5XVNvsWm0Byu12u0Uw@PS!G8vKB=Wk6 zA~Z@@FIPA;yrf0r6#I$h8H2%~T?YE$$&JvnjV9Jj&a z0e>r~e0?V82&Zq=_d!ES%;&TKKv%avjqDQ#P@b3P-1T3<7a-zB2b5{w{%@e5r2oqT z*nJEe@7qciAIW`HXHu9}N?1)8-ZA3o6ZH(UCtx-4AwUotl!5?M^%#X#Tjn|VG)A=l zb*!Up&-4dO?(`KIQN=ulZ5*ims^sXZ3MinM01+PbomPmJVD?_hHSA2!b4QqDAvY|7aFK06~ zq`#66H`fT;kha?0i^}-lr?=QVctNWP4?iiNOG?ydlU-LYN(-P2Kto!g!TdBO(pXM@ zt*YWJ6DGyYM30tU88l6UY)qJ0>66mC8p3z3TLgRR-}gY#t3-~#TTSAUOn<*Z#%!mn_RTRI_acx~7U0>zY`1`@s z-LY#sho-?gi>UUyl>*oc*UzRgcrWM7$Pdcjtk1Z%r^%4>{GF+P?vnb@TATqFNLhon zn~#!;)j;48iy=+Ti!y&RA8-2#0Es{Mwa9F9(p+~RoVZ8MJ7|2hj+#{`$Yj>5=>If# zwb4+fVfeLkDZGINY3gfXfyD@{HIg=y^l&O1~;I%m(>{jq<{ah{pyz2E0~-{(BfeO>o;J+-#D zVJuv}!d()2igeBHeyVNEv^39ZZ3$M*OveF#Lj`axj({=Y*Zwm)_^; zU4Z97EsiZ~c%6M(lR`Nlrgso#*w97OcX0QScT#jrTpIT@7Md4lWsXV?7J4SV%;RZi z1cwqj4fa)BVHt-mrao3L)~lFV1U|DvmQ6O9Ve&fr_tz-Z9EJ3H^F$^yOyShw(U2T% zhLgC*@hD5H1e}}EzAZDWHO}GVN(}sY9J`&8{Jn)IpCqd5oK8#c22U%zj20&)#-`jq zHv}rj4@GOwPF`LV$t}s4^}&mJFI+I2F4}RREU%fAkXb)zH7R-?C0j-5i0Wc+pI=V1 zl_rwL;|Rw_kIuHf+OmQLtZLi0z_AzJO$n>)JPy<-evI%+9yey4+bM} zuf>OLAaQ!HrkY9oDchnKyJ|90g#m{^cdF`eyLSu4IeUhRjs>EZ#e<;hr`YO0uWM6< zawgjr1jS#^(W=CoX1HoK7Dlh6Obq6jdl7Uh465YKrCQfZu7ymC+uPXkEa8pzSY&=# z;W_3G{4ld@F87ZpX-{+LknhDvymgsZP&gXIKT5RGXf60ne zJ?EbR-2d)hID0hd=bTw#4A~Du68I~Ro<3kzfQ(ax11@#z&tN7Dpf!*GqqD5~tBTUrW3m0GIBY=NZz6paYcwbGl{fxcMG@LU(alxFO$kRuxEiww1H^Y=>-6D8NdhQPyr#&C}mXhMA0IL!w6AH2Y>dFY|e( ze(h}9m=Xgf0*pd?`3cH%ouN*(%a{}I`eX>~{4?!ifob&YkV6oaDg$f>a1P-UWDWLe z0a_SfArOGJA4yXFL{4mJLm6m+P#9-uXvms0YYOUQnm7hc1}r$zMFoYcr9hG68Mpf% z#P`$m+pd=V(ANHV+$4=EPM|V#_6OL%~k(?kBDv z_rm=+b`wX;p!%7i-r|5gluKG0D&U3yiDfc}!QBxpCq;qJ&qyqt zoSikC?^WO(wo4dHmY?(_#J==gs+%?JfD>5a`&BVvzVCEk2!!Z5l2nU1iUzN*w+4fC zk%;$07id_Bo9I^9QiX<+9ssr_fOvsO(rurVaIVposKG z@d+RYymGtzAbo7q0pZo-GeKJe2j#8#w~xsbgL0@)1)2wJ{ISam;-x)ZM&w>i|(c^hT)Y|~{3~@&* zWTBcR&e^}+|CCe%d4vgkxPq__;%JEt<Z*!mNVrzhm* zalGHWs@}e58-9x*T-w{YYx5oo4((tm+JTEN8PBfYSUOl$RnYp8#&+AZYB-EtYwe{h zs!w?#1O#U#xdTCXSoyMD2H@bS z8e?}2w!Wu&t|D~0i|?UV^ngDe5z-2PHdOPI`Wwv;lMX^Dj#}u(w|m@~Gic7S41Rd=1ayla=`gGCaS>o&_;5@_`$Uj~ f=ry6SQY0ENp6hZi&4A2$k2Y*@-n=%)X?Nt`Uqsd@ literal 86756 zcmd3OcUV-Z>C`b+? zIS&HDkkgRk*Mp+oy?b|mcX#jZ_lM6sa?a_~U0wB7)mzoa@2;ZsS%S+1czAec@5o51 z;Ncxpz{5K&eCjCpOSwh<6!JH~JQ7NfAWZ^RN8BdVM~{HF_l4L)`8{Da4{*JQkdJn^hXFerZHTiYs<@o85qqE zBH)Q$gIlOFkL|S@=hn&(F3SsXn;ADvWU%hr8yKIta_7yEk}TZ2jq0#Sono6MAJ5`A=-Fp|Nt>(GF9iJ|-h$v0gH%2!Ni|%dS)Trm)ti#Z_W3$xl1CD^} zwK7w1SY`3v2KF3&)UD?zF2(&082>QDnF3tAuX_o#J((D!e-BD=N;Zz2YjBE#isZ{B)t<=i7CR>r8U)*YdcNMVyNDC|50YfBr%k6wro_%fga#=FGZ zjuWk|tGVdiP|rxM8SCa2OHx%@q-qkw+3OrW+!*JuF^Wh-YI>BZEV-1?aOz` zHxE?c&*qR5SDUNQ4u>g1Cc5=d0TC+EPED>abW-xFS}1yU91{ z`i7pXz|QBaD&XT5d8{29VPLRRW)w$=e9x&;6JyN}qm)lqS!&ma)QT5>rEG3wub&=~ zJWkX`m&&v(+i*2`Xm0F_L459Y=hzy|&Am>d1m?-Pox)K#ZjZaLY`^C$XGTr~b%lLn z4!?NGO*0SpP=U2uvN9~ zweqocN0d>a$^kt+D)ja(B0;-2Yq`Yxbl+1yRhQM2R`FCsJ|+1)rthVTSWe!px>~jU zmOP1eY)ng~26VxVX@6~WfPCebZ1#3{ooVB8Hlw-UFWsZKXsSBj8?LPJeHS7tZzTV; z9gzZU?t~0H*$T5NPI|8w=|_jq)Qh(?TFzH(T!n7-Wou+NUP=*$%Cw|isT9~vJSVnu zch~{U=<)R{A}}*EGtZ^SPjWE=h&O`?sv#sh_!`EYy`xFiSFQOFW~+*h5pg0XZaB(D zXS(QH`5*!Xk1}1H#ZVB2v1}KN!gDy|&_hFAKLsO$BEGS+&D{qx^+p*^rUEmJ9vCl4uZ-Int!yao*Pu{&A!2)Bf z+(nm`G#y+`SV0aH!?@yf9xks%+(0=ix{nM-o3(J9#Enj$ggNcx?Cdk0o6)1;DX=c~ z?EC2_{Ojc4+WnU<2&VHY%e6k?#5ucm?<%i8J-#`SGaqf>J~1kcX|cwk?D$P$AU7(9lqSzqUwaUY?Wb z)NEDzm&Lgh^m)X3Xeir+%TWP0n>&L^kYVlJ#p-h~G}3(j3Ru^ty$kC|N{G#=ayQ4# z6_kPd>_DB^{@0~#TBz$nJiW7$%-%NFo)Z4vcrX_fuJpAc2)9eb&QronM7yIaLHatb z<2zeXAB^oGI3!zp`T_$yK>Jh@Jl^?9(o_dH%2g`*q$BLUWuY!Faf3liJsPRGH~_N^)S z0hy)xIy9F0@X_e-%*1c`y&_O_ROz z2X|47;gFI>$kXczbC#s*Jyc88$aJ57YD*@per+b7S20mD{nDrl8UQu%wEO*Xj$=asxG3XFHQ8hF3i8D9n)zUvt zO_cKnfgw8G9uZfl&J>=azc;nER`mPH>CN!A-JWH-y&Ga>>Q+-z`O6$xiM9#K592zR zA=vJSmcA=C9+>?80bVZnoN2t3u8xMzQywRswmB&4!1mu^dn-a`3+yMr_AE&#YKh;z z`?}b6$qIDcit#!MtN%@?BGsc+S>Aw?ZN`dsSkQK|rC8$+&(O;5zB*}eT)$nza8GRs zYI1+8E31>I%WDBazDC|LB~c!yS-{2hv65WC0_8Tju?uAX8#{mdl`P4fhNTb7nYr02 zHEVlljc#Xjb$aT^_SE0|jKuAr^cQNocZx{3u(l8 z=w5Jq?;7tYD=Yi$#rb%IK~Y-3xM?Mc@iFX9BOjn?7{>*`Pf$36`iG1OlIH}UR*pkfs4HIGXjcX!~8!( zqA�N87R5sy@xz>%;e^wD)@Qy~^Be#7`BJRN@w7^aTrj@;W5EkT;)e_r8Od#BK8B zZ*6W~tBt5(cgyftoHy*{x`pb{Ey*i+w059>&Wco9z>3Z?m=0ro==bX|`(j?iHxzGG zEU$gF5f4oF`g^kBW4DW zy3p##8tjZ^)nacg2wxt1FipWjo6jj3TtGN)%~?+1WQ5214UYSPdt-2>_x&^iXa295 zTxh`0O~n7<#db$jnd|EG#hY*LdDz$N41l1!q{9(4(A(?cK0ktsn%@(`7bnX>aMN75 z3+62BLW7VNA_39)JJoM+7n-TNAVPnv_yjWoe=mWH(uGbSd@;d9CqNiKN#cUO2Zg~$ z6k#KezRC!NcUB%7+jTznUVqfI8)Ce@+DB0-f@((D z_ywqI>14+Y$q}{c(e79}(pQf56X1mQk{SwAf#y8W8iPM5j4afL&1~JyMqq}i9CK&z zyUa$+vSivnAeb~h7HMsBi~-qmJ1rtvR*)@PR~daKQ(tWLn4JTrg8goat{p`7Jcy%z z!%$(s6403|yR|qDvd$n!6p;6JJ&8DoxUaBs+d%~$3BE7m)878ab ze23D$X^YiZ0e)<#OzmOBzLaoMLZFEU1stOe+5XJ1x^Q!OIPg(n!=3TG04EQ@u84a- zC46=YKALOsQgZisjK{?c)#PX=au3;}0S?+?moL2j5}M!SAuI$wr%B^HPyveHIqvbV zO>t@3@DmMDgf`jdsCn`8#g?cTS$3QD7!hT42t-FIM7*b~b0tp*5KwhVk}NBIrsiSa zI9U2!k6@qrMWN<7;!xN8R5hK82isah;)bTTuN2J76EU7>MT)$~XhGV~P4!|c25+#s zMtv;(ra&TEBxPcM&mmORQao6y^QM6)k|bs41d|4%;g)75qo?Eea*XhK-QZX@!6F;$ zE||C^XS=p?K4V%~aVxdD;)Mv6JKa4gvnpdXCMwRK%2d375KJI-wuu}|I1`CA^cTqq zcVFl&33kzccXvMC-Gxw?C1eGf66Bw)>%_~~#P+jZ z{r(Wwb6+gy?h#V6>T7q2H`SaJ>fwX^W+kq616OTP+(V;EmMPJ8M=>ZDR|I(+^PI}k zo(8q?sOEG{2g!mzQusV|851hsKsui>@@*^nc#BNoQRlCKdSll zv?75Yc2gPGgIULR<`=osC-cK*CDi=AMbuJ|_(l1|*Gl`$kRGp_L=hM*xsGrn)3M7z zJM63^zUHWW;v_xRegg;QH{Y)nLX}jZf@~PsK!u!^O2K8G^1Q7*h;~RI^T)!HZ%CM< z=1lm-ISZGBib_S&K2?uZyXpGMV+~IBjat^z2{H8q6E0iH4B@|Pb}&Agbi8hVkir%NFe@59$EEsa@E+7U34FO6(xpybNG0V2d7GZfHlGYH(>o=@*ZE+ z6{$A9FcHOY&=c%@`lgz4f92w}=#_v7aC6z>LXqvan^}XMsi=1v zBnx8i0vqPDyIBm<3sPN)XW*_aM`4_O+Pc2mfa18V0EBF0H0D;<>Stlhy1YC(144_5 zrVMfa*LTlig9P}dc~eQx_KUsZa-E*cmTjUTO^YR6`z)Z#t@&a0K{g1tPaa2AW0P6V ziYS#n<2k$i`AQId`sk&=X@fHnbINyE@kvw#8NWyir#{SPiPnxE$W|i3uZamE#-A6uGU`AaH$=oo z642p-y>nUP2;O6|PuNAIxhy>@l`S_F?W6WlBi-#1>emEPcFnT zU-K`J@$Yu%>m(Qw4cWM~bjO-_n%9Y}ua70_Q`{}0HPbU1AOofUv3dollAljdxBpGs z!RpR584kyUE9hoh}lTl@f9$8)ySDw zNtb2unWT{SDBdTT&j+(RhRS&OtdoS1aqVgC+*={i0v!ukL4g*#n|<_c2JZ;t9=U4j z9G7~6n_P9;u951(mm?x-F)LouA0%G|3{i-4OMM9Wb{=f+X+&`xV!d}99ot0N7J;wf zys+X#L#U`X;Cbbta_qP-f)e)artOSVeGA-3-|IL4N4ZBwnBBXINmLcDOF)? z)izGalQs@MksM`T+OI;EiW9O`ae0j5W%b3!*eZ>^Ch}Q(d;dE4>*xVE_1Ik~aH*#+Ix8s8H6;%j?U}_Y6EVJULr6W;O<%s8Bq0&WX>B?Qct|I?)+Ej*47<`F<=DY;tb&c^(E5_~jm4$1%l`RE)Qu{LQ_~h6P!wDX z$%O+XnMgxOw!6Bvb=u1i-=qO}WgNNW3epaaku|jZ zP&B)Dz(PC(0a+g+g`*{(ZAc|5@&yk!(?~=#jp5kK@C7e69*nELphcYXvICASemwCF z4stEyuLogu%MUGog-F?J^_w=}%+>5P5E%*U@JjMgTB6OiM=?HM9R7F=@2%+~6bg&- z#&j9(yXHCw3P#&P)^n)sMFVIw<_AHx&FulgUGxo~^&-AYETQ`{uKMuy3!--(-Mgy; zFytEWLa6BE*)og|rEUd;^d9fUlm*w7XQHZSLL~^)q8C)!gz}a?ofhVyGiLM@Jf}Vo zLs(Yxykr*uF~PwU8}}A4cc}BC7)4~LU2YlcIKoh2G4^D2ACN*8A4KoY*|dFl{#2Fo zQ|w^$oza-ie3nrkz&ptvKuqItWbs*d84rhkl3Rr<54uX|LNuHR$_9)C#o-CsU5xN< z;dtHFIWqmHw}{drLH*!bOtu?(ZEfwM{Dmen8^E4aAU)^|on@nrhEYq!$~A<3d8ppU zGHVkwetg{Tp}O2?rgmZnBBm+D6G-B%Rp~q&@0ig}t1VYYf~Z@kb_kS3Iy|;&e$B-N z6`F;<_>?b&Gycb|i_phUE-c&kJURBt^^TnX)ZHvbQj2ki5ZXCB`29}HhbVgsQWr~3 ze7}i2qv=wxA|XIcos_mvzH(F6Pj;om-+t=JiCjg+bHl|uocij420HiaQXDvh-WV|P zfQ2NV#Oc!C)d~L9)D>6jkBkt)&#!^X$;^zsx(de(83edFj@6#E-v%?ffAkaf*0W6H zX7}{ya+NCA{>oB`Z>7f$_8fI(TqlNBQIvVU3vhc$yo8$BR_F?kfk9Bq!Rr-UL|%Nr zL_RFYWjqc@DQY1*NS{Q7>k5~t!Pe)|$R5$HNqT!7kVW2)`-DAHY%`<{x8L-&-={xM zp67dNK)BFhRIEts1_Z}St{sCa*=?`QfutJ8R)5m0M__Svgu$wg%I)2vk{WOiNQ|Hj z(Xgz&9J76XZc-lOXVc{cH|l6xag*U%M54PgG?kERO`nvLg_{VST?u`k*6!9ryc~!7 z?BynI0|@x!0wSfM3JOlsmtx`Uvk*(Q37aTEI8W9$Yv&Xf=_0JfLchc5ez3!Q&QxI7T3j?Y)m)Wo(C^OxRdVlr ztAiL?)}Kh%6T&|4`4~mz>ETp+hKsM2O*m&JRb?g{BSmm6nMU2yc1xPpv);=H(5CkX z<#RDDh|R@O*gm&$L`1|<778idtD$j$usb96gK}ToNOji23^9J+06Et2*})0F)TG>d zIXri%X1bHUdCdMC%*yI57fv^8Yt&rP!(#SYF6c$UjeIPsa?9`vW8w=Qeo9MCl_Dhh z$B}J~fp`buLYP@h4#;MdYr9YPn}~bdi*ya!L^o8HZ>*ib0xyF1>El~jl+JF;>i+hu z@bE_0IE>oM>n*5nEmyT444J<)kz9fa*RgFy#HjLLnuH@V-twe>yC<^XYd`F||FmhM z2}e=bUJpm~(8-yRRRYfA$(sVih)7OvWGJPZQ~kGXIKR;#pzBAEUqHobKu zU|4|OiYz<7 zi+h|LJRTT0yn`hi2E5$rjWuY;Lv(JbSFMKRd^_9`nK#bX?^C^;-zA>pIuRzsMp=h} z8^E^^HRC-t!xh%^0$`Ar0YFja=jSt;xI6&6deZ4uf1_B-{%+Db`g$=XPR24lB1%`- zB|pmCXL=ug>WQcI=6Ey&7UgypTr@h4nmJ7fpPQY+4?F-HpFnetn1fA$7w!%wApNChyJ?A&{fT zaTMDou4X5^%~P2HG2WZ+#UONCwgBTFjB`Z0Cs5draO?z_CLGYwL2+?7wwdtE^Um*V zO2gQCKd#;B@Hno@3YWQlK6?qAQSX1k(#_7#doD(=qYye5**UqIxkPyd1@{_rUX?q{ zmiT<|ptW~3*GH%E24H%6JomSUqoZ+k&+W5_9$!$OoRhy8B(mPB>A5!%y}w5bm~z0N zJulG$w{YM223M^uepR`TD;6vjdvVu+zv7(+%*Yt6K`#m5tE@eb5P?5!J;o?dh(SGY z*%RL5Yv8ey2T9P`&)DQM2Y`Fo8{Ba~U)=z)5RWNp$9EA)&o*#CcU?JxfS8=BuEqr< z?@qg*!=B(WshbkuML6yU@A31$8S!NY%zzlNUfrSDymV?~V=O2KAOs-&H&<&IFHxG2 z)rfcjY&9sWrAj#gzbVd^YIYzYgdPN zx;$>J_I4cu?|K5>MeenYKLQ^X+N%(xi2`r^5DID7Z1v*;oM`4|5fIPGBS3ont4N@% z6-7JCm?|x@nH{^vwXc3XurpOQlt9j zt=d@qoch{9_udCVTKX?EqvM7yKO!rs0_^{qeTjCkPqimT8S^=DowIzee{P_-r3W|C znI9uXv~r&EJ(X#AMi58DnS0XT)lw6l_}&;vKIQdPVI=$Ot`$*TwktLOH9I@|HU}8f zI|{I!Z3!5Ul{RTEcElNXLv}#{=knr0&#zQOoDZH}oAPS-$hM-%Mn8OXn}Z%D7URAc z>+EG+Aqd28iWBPEYIGHrsHMW_mG8G|P$8_DqCFvcJ;J4uLsPbQXSRE_uX>9yt&7L} zNe!WDe%i!-UaW`aOl1s*L6Lr3?0`d|JW+8t~|jOUvu1ovywv6Ko6E zl^e%^K*KP40*^L&q&13sn}ZBoFkYhAeIj>5DqA0UPku6!=H?})E|s|{>kr|LjL&iw z`JLZ!T1vJ=wq_A4QfG7b+Jqgen}y?i8NkTqN?h5k1*diU3w8UIsNKn|qGiZFly>9G zCBygWFNRn{YfT}&#@>MiDortS1$ja2GdH#hb{A8z1WJ%C5I|%DZOZAG zt@aW_1#?4k4W6n7)(Ce`Cr1s4UCLfn42-fJZYVubE|xl?IG265#MH5V1KbOYYz+_5 zV~*Z$8Tay7qCJ{)B{TxIH(imBIjAdebGzuLlz_Gj5cA-|pQE`~h)MT6L90S9rHg*g z=Fmd15+~K^FW&NsdrKww!&|G-69Yi7myScvx$f_ME>l7l(C&XWZs)?;WD|xA=S(VC zf#k(MVQ((4xy_)ELfar3qI5agSGNPA9}O8?F{1em*lzACE;N_+jJB(LA`Co1$?xdE zl`#}9<^h0Gx!KJs3^FF}GcGh?gGe}bXRAM>Da8u}54a%9_to%zc*??Ql4mcOz4n_8 z{3!RTOJK43QDUH3qrcE{0vEgWvboSa!@>NU!rsa&pufTm-dScMwKm zaq-|8d<4FhEvO^JZMW$FM6RI%_~~#7dM@uM4oN=%4u=#6!;ep(o@O2tb=h5Lj8EXu z`u=C^6*gQ#ghvR*IDlZlB-az*@cWZDMqJ|{KO*~2hLQ?E6a$*(7#?wROEjb^wq$WO?RD}$66R3xn?p3Gw~cEKe4M?VCv>Pmd;8aD_ZyiDd^ zZrYxBeEeXB(lXM3&$@BsVBV*uWI&<-91U(YSE)gL*{F zh2|#l!6IN6dGaf4Q+n+49(`<25%q-(jku-V{r+um6&>3WDeD$DdBQ4-c18PS4k!vi z&jB}t6AR>YFv8ixDY+dXs~+!7W}-)Fk2UeFrD(+JR(`==vpfei3;`rV9JLyT5mo>n`}1si?2KO4@$nkOk8=1( zrP0--sW2zK)_N1-!MgnjeX}i9BRrLia-97RKNnr?T$)U+qNUo?zlJaG(v4QiGt3)hhu z`$H`C%uuDG7f~aoZ;9<2<7y)OiR3ji?)BG3c=V-9wkTd-@ucZ9`nA<)24gM+W__LE z4((+KPnqRf7-gHarTv4Z;bJyf_%W$O?K^o7XH4KAWC-l{)7v5oQo5zi#f0D;pi-(FaFk#g#) zv0;8m;R8?IBOp*ZxBwtQ9u(I8r|mXBKmQ1@+dxW4^B;B#D!9H%B3m1S)z4m^ZYJj1 zx$jdsO!kfzykDveu@35|=cr4f&+|NigAz9owZVbC1-*U+lIn*?51`~id+@J4|7)Vt zr-{@W{@5`is3o8~r5aZqJ^v`jTd+{jNOK!>Y z;|}S(2#C}n;2}SFs&DjR_E+a{d0xHyxF4i)r-|!C5E%~w*yqlAQC^K2a}&`799cZn zbGW{ZT_lu;02RuSo@_5`U2h%Xcybx4^VOQc2x#F?glM97TY^@4y)#+m_TI$mJz(t;hk%i(D2YcFp8k zk>~n{fkt@G!{qNRO=jDKBh34@rGk?WbqqwI;U6&^Tmm|Vyp|$t_A0Z@Gsw-=V z^@L@7nJNA7$&j2Q@6JR+O#g|O`xGw>BOJVPT-rEdl-V0>C84m&r$3_yfub$p5xDg@ zY;QHrTbj@uVvgd~@h}ZiU`VhnL@;q=4YJIR!P|C`@4WqK&~?~b;tceM0mi7$YDN`G zbUz2?HM6lTG4Z6YkZXTg?sK9~LG*hJOP%%r39H5_RY}D3I;K%|cO4ssIl-fuXt|1D z(z&=St9|CD9K457(b<4&B8ZG&s*7yAJ(TSwmh%L|;+wG!T`F;+5VwFT(d0!!A`Y!| z5jo}WDL5nP|Hfj)so%f2xHUUkEu)|q9uB%%3v2mixl|og(>05t_u?_()V&Rq0EG|Z zqdp1u{4=Dl;`%mvNg4>Vc*Mj{HrvzdrH`$$C_Q>zQ-uaiHdd?L+q8cPBy3T#o z_$c-Zp%{oNw{YR&53?A;dwd#4?(BR#dh;ky^aLqf9Qqcpi2rP4`PYmQOdbyp7o>t0 z;aUQZJU%@!(GvX!1fcuE$5jKECdlKi0vpuVb)65yV*ZW811(GIUxUj|UnPDE0`$r} zr`p5${|6!FKQ>f96zHfcFC2fTJn^$N?~+{J(J8fG8-jjIKb~ope;q>Wl=|Ke(;#Y& zq3p))@CC3_Wv`e=Y&mwF%z@NT7>+D4CqWT zR$6_PH~7&%BZw-)O?&l@#@7`8J*V4k_C_{vr;JJ6)pQB$Xl52M%SC@pTPaT#v-<^Y z@T-)S_b6c^3^YF@BcC;7j>sxHIDGCZXvwy8(I0+RVW@UH<6c|VC|skpGef^F>FBE8 z%qvatHHRIP#_Mo}GXAQMMx;w;_*5kIy_vjqX7FpwQo_>YT3|7WLCM2n(l5;UE#1`*G^ImAg zT}B0zDtiG3t370KyeVecluJ$uKRKhzz^a5MgyGfs?FGD7PA*NL2&)Plu~;#j)a6BVgW7q zL#{sSmzsoJMYEq2^*es)*nUx8d)FbYIMol^=QaKcAoGbZF^+?9dUQx)CD(+bpj! z0#{m&rVcMO8FKki7kSx}H6(z5?Rl0<+>K6z*QVM3~9%=y{j(!F8&O}ZDrRph16;ISCH?n zP~1429~5@Wuv7Zl{B4!z^7xTeqK@(rr1fxjI|GTr>EH-cZV^^Xs?2XM0?U*zuHx(xcK z{)sg2VH>s;S>a%@^krw17ne{5$f3$@_hNq8Q~+Wf9L`$6`*hqMJE4FbBLD>lXuUs~ z2%w?v_y3P@RR2B#WL1>p9S7-eO)=No|20}Frv`TtYl^fl=5#Aj81UzLYB_)$=bq%= zqKYZg=X}?^>ciJ2I@lE+88^hrn!};l8lv$VAG8~rqh6ENc|OCQWiV^M5IfS2%|^9O zN-#=n$GcwJ>kr#69D^?>llCw+a#Cr`ea^aKeVAT8!4zIhyQa~!76#5vz*Z@`X4?%Q z6BE@=P?+TJJ+_vdmrF7bF6Fwp8WBEOdA&H(K#QPlY4|m3P1-8bLcHT+QDzaTiLRIb z%KA*%wuLjTw*I5W#^a;oRMUjTq5jHF**Cu>SZW*-NwP2NGO(*olS&jQ81hzk1eE3v zlbVAYxJ{RXT9CxVcukMcG~CaFg_M!jCx^r-sW7oMDSg43Fz6*2dw+mQy@iciVP)CG zxKEbCg$|~BcM2I7p_<5Na#M~%gy-*MX$dD$jaP(cv)?2tzN{BRZ9F|HJKnixz3?m2 zQp&O-L|HOobCBK`pVLaG=`Z-U%X#ls-n0n|mT^|L?PSou>%M55IvAQUmoq2ZoWx(d z!tO~Oe&4z^-ubFN#95WQhwvzOTh5?5?u3nVBjmF+8_w zC0WL-p6Q;T;$KI8x!hR4S|@@k-?_Suy`04`@XMPcof34v6cU>iHy4vdKEr6`5<*ef zw-3cT^t;*hn7Rxk&-R76GM%eoOx@?#|G*u56B$!|#5kk$B#Onv%jo{+tVI!}R)JK^ z(l%V^aQ~n=(lY_f%roL+vZd#z@q$Y=bdI1bK~D9P?=&-la@~0PtBal~r&Nvk z@B8R2tz7i;e<>c6(gd1+OO~Kb`9k(1kF`Zt2vo^t0-PCjqh1rVyHnNmp8eW7`4ZCf z_qOx*yL{KtmY$MK{95s@ZB{vQJ-VNv;6?o|ch{v}mBPyP=bf|{XEL4oW4028oMwbI zEv#*ntliR;+!wO6H5|}yb-FdLS~gNnqLXgrL&F_rBq^KZB7&Xu9rJ1B8_SBX7te3# zrkCgSe}8Y+CskGvW6|VrD4%%fLRAmKb)mj-?KK>}RCor88t7mZ-9|9&ewybXy_lHv z`OHcnQ@_FG@ICJWdLvlVGgDX!5t`JZA21E6Dy;+=CgqG%y_DnV+{VDw z=kK}t{{0Sl6V^kg1>nqzYD`)2+YW^i3L8du&xlzObflw))1SUvpjD1syphz6O|M@6 z4(Ho8yM_*tmsf(-+W9|>HGRWw%XPiZo+HZ%}_pz26$(wnL&h06k5)&mwwL=DW8++81=Bv-#6`rw@x%+>$Zk- zA#P`$GjaAAr1;OKb*d`PE$~ev(hgeP4OJlOc2n;p&*55WGcnLx9$o(d$A=E zyNV!RSm1AbMxcUVJzKk$#@@9WKMnSRRMeQDvC;JYl^b1owkXwA5uas^jN6fPCPv>w zc9pM9C#Tg6m;^{{mV8W5b2Bc?-OeO8kX*|t3L{Mhg}KApm4V8Zzv86Dvw~lFCZd?@ zXFt1f!Eck<4(pYZxOMxVL&pR?l(74B8#sE7<0KI-BlzIOI1(SkT(~CpV|drz#>P_r zuSH_nnBBTHUvO6L)K%i>0GI){ST^4IW1#E@S{c63e`mt(W5JOt92->hR8(53)8HC78SL*VrNt3bL?+y(*u1Ms;sR#9%~czRyTa!{(X zj*BhRx0xD&caZ*Z!}CRCq(l?pL9H+wK;^H22eIEVU#Gz#CJ1%9V?6_iuv77Y09+pE zxu9z*H{TRjI_~UV#RhR%Wmh=TprRwxb~8tv_;ZJALv>u2->d<)5R~`s0@hUvS4F_p zf~`$FH>nU1j;RIsbvOI|mIxXIL=R}rG%liEaT|y<6Z^O^AXac5J)o%cK29$#mPO}% z@#<~|seW01`v9x{w~(|`KgayMfN_L?#I)7xG-@{}<;9I=?v zI=arJ>7kdstuyu2SS(B+RQ zw{_}(kS8UVIHxv z@j04;voUcmU zYlSD3>XBC!M7T<6pgCSYS5E-=2&=UIdwmye?uMV1Ob@$cCR3Ov+nBpH0rz;5vJJBm zgsJJQL6e-9xl8_h4tns|w@06~Vm~O2K+-@XW{4g8g((TA7gX~*H2PLx0e+LDt|GBS z7VV!!auyaaf`Di}ln5Yci?maS@I|C}}_78TEf0!QVf8p->VQT-% z<`__~9IFjHi}&_EI3A2^j`@OX4*?SceokPyU5Pf%?JbzGmbNy}FRwR*t#Dq3{iw13 zTFZX{I*~8!UGkmH?5{nv68?z@w|Pnqg|moElj-V>63`tM1uhNOw;f9+_#M;-zp7{& zUqOY&O6MTnbN<=|2q{G{hB_*4Xd1-u0}&t@SWrw#(imHtge!C_-M;V(?xX!*He$nE zK!yE=uk3aaE61xfb>7#Q@Xy#a90P#!(m(42pwU#!y<#n(m}X;K=_v-Z-R?q_=0Y2? z1cH}EGCQOl&X*<^&mgIV`%+w#*$l>PS||6r%*HXxd^QebbMW9s-w1O5)^QSxJNb&S zdz#|?fYLgErg)Ks{k439fPHJm_5InTZzZ>$2X)f3-R1|_Q1m@2ash7mBA9!jXZd~L z6e=%huz^j-*vAmY#V40wXGs5*vq39bahX-7>`+t%7?1rVHe6|c#D2NiX92OHy{LP& zI>k^*QSQ6*Y;!!XtacdIscSb&c)O1%v#7HY{4r4#GoFe?}rXm9dz-iy^q5P zM!U0WBctH@ZPxJ5L#NL0ueIl|T$ky}zrkO|U}nuam2qY65H)}~(8ZIMaEvJ4qc97D z8SS0l4O#iHF>L5>A?F%lG43CC$KZyMr3jbjAMbGiuW7}GnV&FotP=H+39pn&N&MbC zAeK?YV3wAZIVKQ;fuq5PXmY#@DF4{FPFKW>2#)AwC1ny1W8aN9e-7WWz*0u;qDl4y zTO*r3mj_ys^CNwTB(4ZKR<*nZ_18|nJ;u-rwbVsN)+ysdq=M#9e#X84l;}@);Yja7 zbNx`He@UGa98to*ZRGG#U_7AA_xC1+Yp6~;38JQdMVH%e1`#y2bwM;E@a}uVx62*> z2$Eso8zfJq7epMs+u$k(Kfcp*9a!~iyn{*o^CbcptKClnrm|nldp_9 z=g{KIWub0$POH*$M-fZByx1V>b2<%W(qb5`K#2%XUk=MOpKgkB(%~F;`g~d5%N#~( zaARmNO?7VGjJi0*p18`-kmEi7p%BmmuLQFNeK_Jjp2FwxwXNgvXpW!pQEVilL(lrX zNjY74rrR99aTW9ic6wCFeNcVhzdPQ*0P~*JQZ!aP!EpeIhtgbUj zc3>^mI}KQ3uYkk0@BBk>WPESgxE&(ytihpiJcEPbca{d3a7iXDc&4Le5~Ey!5tLY) zhs$PJ#d&VSm3i4BsCB&|Qkmry+N^dThg14*u>#Hi+2CmO%1rw~z0z^^bsK{G#>IAAr1w)K{oa^hkwaDkG`Q<5Li6f=snW+YyqREZ326@( z&s_UZIpOgtYz!Rjk`<;<0M6h?(=HmJIs>;bYCr}%taUZ^gn>^5VC?WSTrAU`WnLQX zjL{;NEy(oMf%u~mq}AUr6`)}9>?)k^9`?j$aPZ`gw7T63-%4uSMW$1^IrFI89p>cg zE>NrMUcJM`gFT#~3#<&IHau|KtGan=qR8?@TWw;Jq*KHlSHxUSXjIZA#y4u0tQu=Gnc}>UZTUf~ZIfXwEEsNK}n8HOCFRv~ke8l+-EgJ+xf+#vVCYl`7c7Bq0x06boIv4Iz<(V!k>H zphTdhi^6J>W(xA_u5nS0zw9E@X}kfxra}p~yIkJtD96V!PB*k#N03aN4Z2!5esB09 z(j$P2mO^qf)Lu%$;Qq`BsoTo-+JDHFL(3JB|C!=)*EjR>clFE`ioY8|(G`rXMk61bi+oNU0ljwV5UcU4A~~ZEBxJ&G^Z>4|SQ%X#&q0BjIV4JJz_-#= zUG#M}t7auWCo*E{TaY)kv;#A_&L~}Oetr4I_vc!a+t&QqR2ec@OM~D$d_R2`;64{B zcQ>lYy_O2UwS_po&pUpUA-o>WC755KOl6^`Dq*ZEuI8p(I+S*;E?r_6{elU;vgYU1$2nN*9j(+qDq zfAvPYz=YKZ2ACnK$n_8v_89WABpre5#C~co)}r}>uv8RSo2E4DyQQ~kWiK7CNIy@& z3We56pGc{qd!km84f#lAt~bv(VDXC1l9!E(sWfz&ou@E;C8QLWjh#NALm}>AYH*$h zgW02I8u5*9!mpbI2hSmRODgVlvxu;CaT-ylhQ)Ux6*J8R2}}&Nt2DFY3&LlXT!r3@ z75U0t>{^L;=BQz*%TjNYx~8d~|6cKTk9Q&Q6mu;!lSWWjh3<5NOz-WHSBmm!VJN`X z(;?pEQ8`}y{NCCPVfH#H`-EynDgnBXBsefVNV$3?iP1)Rn&>+&_4qN%9+meJB#j9* zbmw!P8Gl*tVl`ED!p^L~-sBRgHQsg5@4H7v(dUVX)mw4yKCc%dKW_6eIDDKLngja- z`RMuT`;{J00)pOm(87+7j*%j7sQbb(leib&^)`+4>idSAg>#rrzk;TF_^c+(LOB?? zN{}pyx6JRF6m?e}%cw)>YKKY^C#JM)*!;3J9}}p0^v2tpr>S>wvHamSAJ9?X+R|mY zcdh;EQIoXbGvkax7B3RnO$Z!29B0o9!_xI?$yV5WvHq!A{sc3GwXehWOMqG^2KyIu z$%G@AH>iaZU5nmP(4{Owm4?xDTWZVgQR!xTzoR_*JIkcs7ne+uyo9e_`yE@61V^i* zCo}>+W9w;td!^gw({#fjA)w4p?{?TM_h0B){0rxGz$qVLTwxOl@A$t!wSN!@7CShN zfYXaK;2b=z9~FGc5q$RY7v}x#nV^5zu=%%$KltNgxu-ARp*h@?hp1@y+S7o_-Rjry ziScnLRH;;vD?#{IAr;LG=yAi$LzH`w4gV^DaDFtuwRmD(Uo!i>UBx4uO6@cT@k)q%U9u1>Ml1R_dMtBmvAFebI&<8JLf|u3aWSMZOL@Q?Lx9l zmwoJy2b$W~BVVf%jLzNa+hy8}w-B?VOVL)=or$_kH%5@a8>^~7q~^Q!)PIt_HhKDs zQc1*w`zwHsmv`-S36ol3LMo6A4J^fIu!Uf zc-N(Kk02xds0xfZ<)XBp)99w;1IqBTtTX5HqJ%P9stX1zlFONy`vcNqOi{l34}GHb1;+|OOE`?`E3s_GjY zT)e89g1ZcjPiDb}{cdx)L@&g5Bu3l<)E~bBt4?y7%d{)%O?W|&9ny|Ne!V?rwOID? z;il3`fd6{9C>@nlVm=3}K8B9IU;oH+el#P493QEYt8DX3T@{<WJ> zS{TdPF-Ev>v8A4|oI{&p=YO<8E<1()w*Lrbnyz7e;U+|+zcam~~lVMxLs zP8JgU_7oyA^3f$RKuug0VI-J-ozZ$0{Q8ZYcJVB{#aa8xP0BC1NyA0_-Kq3c%E!KY z-e)&){$mWXtffT|Yw<##r+cClPMIAVXC7o16Dj?Wa-SEIH24wb_rjo|pz|55khx;r zzH+1ynVTAoZ9^IAt9{t}ipN%phDH?e+uXvc%2iaB28MhFJq$7yzpbn`cjC+vrnU$t zAtIliLN~c%lQVr?3voy0Ag#Q>^0)?%mQNbW!RlDnj>nS>GG>20EAZG0^$8UE=2Z(5 z(3Dm0;go83F!QYQjBHmC;<*+RpJ(=U?vTVvVX@`a2=$a7x3xZ#TH|EUHYEHBwJ4FS zZc9r)#XJ4&I*G{i$^f?%Nx8AABJSWrGTf9mCA(IE@$IME==dQO^Yzd4Y|Cx!ncjM- zX6BGT-#t{#*h6p5;Y73WYhS!4tOzKU>2WZ4okojQ{{De~G$j8)2P1GD=^3l9q8T7K z9H8n1z4O1|r!Ejl$X*AS?fUc8zd-6xcFP2+3H~3?Ze^?HSwdhusKfLR7!S&B{UhxE zftrB+?-sTH$u^gN7(*U42qrrNxXVxUi|D13TCEu9M|;+`^hPhATEzoy4Hr{A`n-&H zpEk1TpZ}G3Pj$FW8xG_zhJ3>oDNk_(}=4iV|l-s_P3aAz%tTCNGTI zv%3f>oT5Ws)1|fiM&?Pzm*Z_-3knooJOB22>FM}co^)@u`<3QZxH46--#EpvHta+PD2JMqoS#;9dW)<&LIGPh0J!zJ`Bw>n{-Qi^KPlleN3qb5i9_WGYU7uN$5r zhGWg!DCHE>lmnH0uL*<&cxIb;Ay2G+#b{#ou{oWc4c;RBRPW3`~LX8B7 z9k;OQs-Dw-+PP;?$2=UgmFNMYXBm8aVauUYvFc8z;;4s78x@^IG0)*&>Gi%v_`(^)<2!Ki zcC5mBluX#X z678WlvYR2!HeN~sVZnyZ-(Vxph3fOqMTN^u|LRW7Wmz@aDpXjeC*?uxS zv;au%zcO?j>Tti&px>+&BseW(82Xdf5Nlm^rdRi6o$zP)PNy;A&TgKmJX?Kll8uEL zs^F2;V-ZU?54M)@p3K8L<_sl;*LZWNk2SPgju*Jt^^PuS1)*DwJ8tyWyw3P8OY~>^8$>;%)i|^|(_d z<8bfxnG=JV{%z*O4dn&)T89-3FT;S8R2RF-7)*hF_G1Tg>7x|sy9zBy6b~~w;jHnY#bAG6CdSmsBvVn$Db%ArHxll1Z zJ1*a0=STw!8<=hb7pxUw?9|owZkROLBeRPy_;Z-Yzujs&U>GFqffK%|kRqa3l-87{ zGPx35_t{&{)K)4Xzp$Z2w(al^xy@T1{kH`yvd1=WQeT~D_1ZD;fyKz))tP@FD~~2| z+31K5xBm!B+33c8Jq=dgJ(r;`g|wPmv$QY2gmUD_R^m+h<@?P!=Z;48DRa&`crf)2 zcZW?r;A0u}USvqiNXGVIKD~IRrj%5#kG>ip8DycPsVcAGZ`ez>AkpsFsHt$n(>o`x z%S34M-As4F_-?sQbfv-^c_%7f>hV!uKuGMaKWei?Vt8q=tdEY2ihaJsf;?X}KFaJM zXC*F^@r|6~3E#iyBL|e|zfdj&eT01x^ANWVW1m^&IQ`sV_Z<`C4)gAnmgwXHKYU(B zpAw*Zob^{2dy!SS{aVm7133A?;Ir*n7uY!!J5zVnb|=6mcTerHRsf{Zhg#hzsF-wI zeT7w02mifmBf|Y?tXKj4`GP_I=n^ke59M}vS*@UFL6~zQ{4zire=34anSOd@XKbuY zm+6U0@OxCnMZ0l6GGUxqu1V>fs?sn`h1Af7)TwYEO~0GEgLg@EjeqJM)QdG=bJ5VgfX!nelpViRThI=_N^qsO z4v-W~T;7Sm=%R5al@#1CE!tmFhSXG@?_vEozR)VJTtAg&W!;`T?P3#Jo-`JIZ9Zh{ z{Ie_h%l+6D4MKJGSf%V)Tdi?P4Dr;6b7oe3--F^*#k&#VgXbitmz1pMz6ctNWBmmA zrNrbD$iv;T#xfUQBt6PwR{nPV)4am!lkR_yy;J49ZYzByA7(~j(zZaSw@K%zg(E*7 zqB66Jid?C9ZTv|2i_#mVrb!+JdzPITE+-k}4DWX^&KVw_Qn~nYGivpFmVfsH?`LoD z%XSEkvbW+3Nd;>I8BV?IRL`6IwG?Qw=XFkspS>v&}>PVUIvKO zO8?43?zH`MUXgyx7|ayiwQhslZ7C8D(nD#79tyZDPyyCTz=5J&Pw1c@@DJa9bD$wc zS>mf3vEf1zraXO&3Hc`2H z@_Xehcd{Nqg(DGew{t|ClmofU)qifAxGq&>XZD=QjqaTz*qP&zG*u)`RDeUVfX*08 z7Bt4$M>VG3L;Q-BPIh-tKYN9lePfXP_jYfw*7ZTveIt#dUbk^5nfm1j1D{c2*$Pae749U4K zh6-)B3sucmZ=#(>eS~%vg3@5GUG}T5S1w5mZ&#Xi=bq@_Yy$KXLhGSIWjM4;opGC9 z%K3|lqz_`9L5XAv^s>H8O7U59FNY#Xgcdg+sm)YUf^^~{iy5&!rTOm@|4^@@A zZA_)lSIk!nZ59fV^)U*@syrdxC-_00eR$89g9Lr_nYYV#N(8;CW@$<$E5>B7m--Iebo zcS$I3D}KY@e!%=-Ieof0bIv>?BuR^we>q;zF!S+i$%2dM($gkwgj>#5^CMogw?7l9 zK_i~AT}ko=k8_)k=3XJF2MrwJ;z0P3Yv^&O(@l_v7f!3Kf5=l?ix>>>vuc7_*~r|D zw<{JzQxMacTzTVy{sw)!YR!i7Ll-|kzqAv&7$_(J{3DIBh8o%AuVavBZ9~{hNUmeM zjz{n@@T}k~4KpX-+kqx$`UQ|)(BWnx977S_3pC&k7&<|u>%2!M1rj15 zH(iD{Ha5})mzlxsh~KwIA?6pyn-aFh7@H5gUxKC#;E;#6#;Hct?){9?7XC1#q}8i zI&Nr0v2|DF(g0#5#gc-p;QOq zLb!J2gj=vLk~g6%S+NDo!<~Q$_wc%T;m%-9@CB=XjSbz+YxRwh1Oq>fde|XQ-FGw%}G1|Xla;E zR|{J6pDyR%GS6dizNWeQu!L9?I;LvWI1N$4Lg{EqWkp=7VA-y|GDQt^Wz>n%Kz?e z1oVLa$(EOn#>Mmg@R6hDeMstRDl0-+w7V9)1)Bpv-#x0bWZeR|T#U?{e*XaiJHok} z$S|wQu(N`u${_G+J^Zr zH%~v(FQ~}2$3(KQWewFiqqPg)$4Zr)?;deSQ~$DA9}c6?-Ok(+ZD3uqX#p$lXA z6S-ovZ>GhUlu$`(yXVB5mhKrmr#!c*?$4Nsb$+s=)A?H6w@_rfuVB%jZRnftz{ZYx z9BV%E#8$7Qxv|XS2Yl$mP~HbLR4shLd`O6==mb_bDsOA6xqFz`3QQfg&Iw&YyVw9*E)>x*9!`fx1I`lQsbL1l%cIhcFq_9Q<4+32l4|Zy2#ze}mK^sz z2)*7*#NJ~VZ>nHBLq80YpJqT|8UoJYM$VqQLPeN zdajaB;rZT7{8=@Fr7k-9__xZp;WcSE>4(9Ws)8AYI1igT zJAN9&L$#Rw^W3hLaPPBxSW==OGs~t@BXazNNSih?>%E%)Fnzh?^W2%~Aj^dfiX)~? z)7Bxno&^bsNoqR=JHcGC-@X|9z>=6RulX0i0967|qUt038>$y-oCf?GxIIY-9?A$W z++BzPmPR$}V+3Pq-jYKQ!bHv@E<6oZ5{Ft&vqLwEUxi!QhmXOGr3AuK;b%KK0ly8QAj+TX`)VcRDnr*ViBB4R?slNK6M{g^>`EpfQfvRHMs4@gsnyoli1EqWv&D7A3;m@ zPix!BXhxj}<5jb3?O1|uEmB~PwNF<+53fRvd0-z(`;qNFo2i2p$1?G|+?;-KQQD#Y zgL`D7pyHi|P!1+mFM5i&wp02jr^LH%=8=8&O)gtWOMEXIf2op|8t2fT)7(T(Gi4y+ zKNG3APWh*-IaI`WCi8(`!7XgAos@|Y9p-)93k^$W?*J~9>fJXDaWklKCWplpsH1To zQ@dAch&|dd%%-v}Rkz~1!TO11d`U+)jd_<)XPLdL8ow^x;?e3P{L3jkf#x{{?EXq# z@NyG_(c@j`-Z33+*3U+HK#gq->W~Dys`kX+O&4j=9m*HUpT1{sWf#0H@N0h_#+t=H z9?o96Tx??W*66D2@bcsdx3mk_yvQ?d52q&C8+?CC=3pS)Ah~7JseeDz(v&SYzjxnq zL&ur+rZ^C(Fy#3Fzf$m~ywq5-h0jm_f%YZt2ecUurH>xeeqd%);G*G`$0XBCH(&M1 zx&Afmw_p4W7eFNDj{hw0{lavr_I=smvl6TVo`bXbaj)SDZ>G=1h2M{-99Ki7#0=7n za4*GPWBv2iR7X_2CAk#8lD|I5oF!SH@USQgPwr6q+2+}za8VWmZ#Ljcphyq3rTl2E z2DOKRA;NXB@9_e3sjTSqtK!?3*iL2>iJQyB@lDC{tm&a!kB;$Xar@)S><2uZ%}9@x>GKoq z*%jbSPX^+cPZ66-njn1yDeQAY9x$ehF{=l_v3YE7zYi9d9ZI%60Y8F2`0EILeII=c z_4{D_m+td_eqjGgA00#w8X6h^yqKw3W;4Dr+duKyzV6q5u{jU5w6sW(7}q%BsjnDt z67Z~fR#sNA2|Z_j`x`STMjbvzDC@u_2e0w{-B9?#4x-fAkHLdp%>fwM9_cAm0E!1& z>6e#Y4)u+KIy)35tuXwqz$gG@;LrPIoKj9N`$`8~&;sTSYpR7M5$c}_??ru~6nP2Z zpZ3WWW51clEf31_wuW~~tvr6l6^C1obWI1@0ts93zi;aiuZJA>R7B9NC3t(tyxRp^ z;M(oO9*0syEhpj;uv>i@rwV^Gr_m%i9FVD)ov`%b#z(~Ht@dPEEadsM_fAo^6+enU z0H3#&^PTGXYWDj>$59kJ9J`x(Kj1wY)oXba&(0To?r03)WK{L{7c#N86{13hxnbDy zuMJi*gTw+`-(Wufh#p3{t!*WjbkZ&*MP#I0Eq+*LeRnp$|GVeohLW z$?vNb9Dzf&q#)<)iziWZI~{3N)2OsIyX?srJEX0{YR|MRJ+`n@xTnz!f@c1g7K}KA zTKY}MCHrgC0Dg54Dhfj{0lI))Oh)jlf$<=1W`uSdw+HJD>fZ*P1{L-*U4TIJ_9(7n zt1b|Pe0xqaxNr!f(f%I^ZvVTxa}ovg-8B&&3(Gt$P(wVcl_sQz&@6}d{wqud60SHM zjdh@LdKG+RV6~H_i%b9Cp9Ba1)-ikv0ig2`HM*|+a|ocUpa5k$4guvi)+0SkNQu&* z;_v?7V{sN17H%NRbbi+?@W4M@aGT&t;6p8@@DW9^?Av2$OWE0hsag2>TfQlM5;gvx z33DKy2c;=MQlk$#ruipP(C(gEp3@vU-bedjFnqSVg!V^2;Y(=$C~IVQ|4ckWnNI*M zuI1-?)^G(Van>9isyP%HsFkfXret^$2)wi==6P(-fFC4=k`v`Ks6;07xY^}gO%n9N zy0ErAGwZaTDn};vqyCC9=q8xLkE`p)9>o%@@F~VA=+ffiWu2WSkM%jn8t8+7;VDQ; zMmwT3;FTnRwPgCS#b*8w$^<$1rQldp#b@*qzrTRZDL`Bz!oWk$_>r)27~38PM=iD| z>@4|lR6hd0u}4FhjV?V4ZxI0`CTrS(sG7|BdoDf$r;!0q*_1b3AnDKi7Sr_ROb$Tw zU2U7%HL=p6n6yzhn*vdoARHuhJad?>Ub{p}&SV7!oa{~>d!s_~7Vww!7rU5uE|e*` zq`2ErI>(DtXnCaOPovO{sBOoVmpmoZ+|iVvF}lKGwt91J^NX=yZ9=Xmd~c{{P(x^y zg;WjIrx#`sf!uDn- zHAe{+n;ge0S>mCr1;O#nRgy#J9d)y+oTDDRfrAt_#w0V6Krh>$z+w1j&7k!sNNG}llX@Az?F?_22iy3*3SzIAnDqQVWnf?-{X z!6NpPEihW`(vpn829fd*a*i1`iPTE_@mEHw26O^0M(2?aapwTo+I_pva7~fQDrZOF z+d#SaZj18}82hy;kpD!x%sr%nyx-?JlW%cqT1?AKuAih#&RkSV0o-#N0!H6h#9NUf z;o;jB+v?bCQraGZffBQ^XJ^4sh#fwFW&S}SD~s2$c>CaQ?tQfYajhd%cCsB=e3)*M zy9@Av_tZQ`J1&kj?j}9Z(&CmOqJ$1*yFNk@9k0h&yUQn5{kI1d;v_4SDr-6qQtF6l z_P$L9ytZ-h0=1VfZ%CG5<@Hmu+ z?@s(;CA3eVVH6}pV}Ib-E(1PvsO>#(yZiI-#_z`WVcv~7A#BxIxazeVbI;Y>&mUEx zPD99H>Mo;Imnbf|nlRDL)NQ>lJdeFHP&QiIZq}aa8{W{ggi)XJiForU+Ly^`d{Oqt zM)5qXag78StRHTMY1x@bnu|8&NsrseG~^A2fg|A7?d8g(8W(*=As0erQzQr2ayq+( zz-`}4j=K#O9W;Pah!E|>hfv)p*VP{NR?erH4aoI|)98goc@|Ia4KDPeQoL0CMnwQ; zVsKcxWMaM>iy%|$xw47Tq)+0Y3VSBmY>Qrw>9uTR|4 z)V!C4D5&h=Trvd}(fm)}HqS}1QBbpu4)>hE-a$Lg_7y`KQBX>Dr%}#b(TS$U>)0hI z1O9i*{m{m@Rpi2uLmcz62;*apd!J&jp&i#34HF#`*1s68UuLSRHI+u|B?i#pfKN)tluoXZnXnixBNO$qu zJmNQR{fS162mDl9RZ}lsH8!&P8Ru$OnY!y8xD1U8$Su#}@!rRLprq^<_`=pS5O`nr z*(b<=qLF`nXzv|Bzx)`0=yu{OwoNZ3JZO!Q`ZR`OBy}AnJ0=@-C?N)^aCBD4{hEg- zq|ad>GPJKYsXgB^9`JhmX{T1NyT#@Kpd1Y^W2@FeRaFi3BEt*mzW~I~mr89@tBNhm z)_is!XW!ClWtC?4i)P$T5bZTi(psh}b5JJF_AYRkD|9MSX=H?g|m49~UO&NO6x zEbDl7N?-kD?YGkGh#voELi4094Si;k?;;foGJ28!_zL4ps zRh1%0aug%w@D`7Y}Jbi+x$X`ao52`~Fph!^KfR=VKBs)^N*Lw8o$!%3AcQBi73lP@Pe@)Va#7dd&> zFkAJ_xw7@P<+=&B&vP^yr{Embvhf(x8GgBYFIVB~;>uXr{}*xBpvON!P-1BImdOJf z9?H*6nOn|>n>ArVMO>b<+RSX4S?AWtGW;-R&5!5)@Nk^>4%&e=axl5+{Jt1t^2^4Z zBO;fKF>A#$E7dx$J}^@xVPb6`miF8z-F*U$t=12?m0b23-UaOn?;qA;r5W0Ywm6FU zB)FaG5fyOXQB*7a?Ez!$S=PRz{uPrkon%#hXJy_r5%_q2l4 zn|H9zxb*(1`q5iMt|9Kql}&Hst2ku=>M^9)4~7!y5U;plk72vWjFb<{9&MSIxn?ap z-Alf3@6?|EFoK#ski&3CFsn24-Nu&^W?7W1Jb@p(l=m*4a;DhtcqkKF$|&`8YdotU zFzD5;QQ!zaO7_XMa6fs>hi@rSNKMZ(4cXc)5J47( z`-m27EF3za);9A~<}wSaO(#*IjT1hkGQB`ECQROY?z^;HDekeZnP<+d?3|^^OE<9bIJk1>V)o^=f{9)@HEyZ}9 z(6~??pRJNZ@HR|2mgRU_M*L0RIQj5W+KzOvT-4bL?zLxHG7O1`W|d!U$>QdpwQuL^ zz=lJd2Tm&=J&wvfL*Qb?hBitgRiAy@4j^1mIX&1k9@;~IFY}fLjg2bxrH*colb@w} z6<;Ounht&JYQPmiS2=XLsEBltw4}eVobe|kRcNx*eGKF_s~ULCNOSu%M3*L1yXd{b z*e3i)*wc5LIYPI(3_=|BX+c!2OcQ(7O#a;^Wco7)DJU(hM#|)Jb%Vt2;rgag{ko~& zYo=H1vFZ3TN zjoI%46p_11iL=znuDJ3S8)X2X{|W|}JdZ(N$SUMPh;9es(bI*mo{Zj@MPV)+{Q+E* z$!{lo19Hg7IIxGlemZjrtsR>u2??BcsV5nJH>D%iE~~Un#fAun7=71@_b)dQ@vG2v zvm(hy&YbSjq|QRthm7*n6rk5A*o4;lS}VAL}a92E><=m+XZ#w8S~A_deE83 z>C21cxj^+fN5p}}Mfkj$ZWdp9Hk;wo7?7~WIP^D7r6?RZ&C6jvo;SsZd|)7EW#ChK z@@dRa{7pU=AKq~+9%g-$gYD)8Z>yZLSQaFWdH#c`~+Atx#)YR`!>mr-s~sS_9La`Y5U z*@cxYxQUCY1D2H*Qo{wt|eoe?L^!$A#uSKQh@~;%!l$3yA zH0ax+TGoG*@xJ){A2Z%pZiGJO+-;y_d~C$IhC5Q?>?+!;uJ+_^(2ohGJh4P(tj;o=1XVY_`z&`Rj(FAdNZ<(<|5E zxIu;cjZy+kDgOWg`YWFj_@|Ha-_h!6=pe9Ps^}7MVR>XOv=_JgK;UIKcZ+lbXM+=6 z&0G^zC)SP25-VW+jVyup@ki=4fc58mw7bBy&idjLG@P50s6N@;9PLH*i$X=F?J+nQ zF^nt|)HZn8+~tDfKbvDqY)r*eNG*eF{1G?^E)5a_8AYeb=FvrjW>T_sE0Hpq*uL!C z9f97Vnp7A6iYHIcw-?|f3N!6vgI$JF#pW-*mM$*Maqdoz{1TiJW&9QsayReM@iC`;8C8srSka}{D%Y`ULAMgo zNELNen}z9V^&wp{ZmjmoweUm`=2;lxZ`6+q29o!B#1aA$k-c z(tc=0+RW)TlV6qE<%B#?pz|@>mWpG1r|oTi;do^@5hG=X} z(MsE7Lx6?~YfK>#mFi$!7WGYEgteiJa$N;=d!f8&CzC*fTk{x4KOgLwpncOLhx`$> zOIA78X9nXQ2M<*?W}lG=SDvkB>eY5p7-_!VH;73J5_&70ia_Oe63a?8$5cIQsggOB z=}sRIG3GuOy8@RJDx4MDJadZnW6Ss3_81FCzs@igYnn;Wg7=_AECE0MM2{u?#oD7| zux4&UB&%Kjvd`%2D5TBkd#z)_ah9Wn{fRI2tS?##O4P6n8TPbjQ>MRgF=_0p_pPKe zP0@|9Kw#Kbq3ngdl^eJ#nXrzM{3fVW5`uDL=Eb39CSDagfDuQDr%CTa- zcJNB#GjHTZD{FRn8Ejxh&naGaYK_~ET+XdboX}E!oz+X&JxIpkt>b%2CdI;&j>Vil ze#$2h*a{ro+^YsUGn{?Mbqzv**!&xbGJH=;=F^8R8+zHWxQL~gP)9-Tx~i%V%<*d> ziWC=Q%z*QjJVfY+i^K<=TQ!O2hZQxEO}|YGd)|KiSQz5mc05_VaPWDFwiw`xB=(D) zqoo(jY-V%&)Iuj9AVRi=Z1^zb{{fT5dkO#f@vEr&v>Txez!^E>Rs{*9v*V{i;WP2C zU{#ha+zo+8cAD1rI8CtHYuIlO-{QX1*cb(&(`npCZIc-@c7>PFwuU?&?*xPepSaXl z+#s`OacWgTSMbkC*5RD7wzMlBDotP8lMm;Qb!2HU6Bj(cl&!zneLZ=q9&>UOH6ahX z<+sEkWW6dJVrW*qfT;=?{32->-4J=sLQcoL_*r|1w(Vj|`b(v`2Zao&>^EXc;Bp8Z zw-8Br>NHsq(@Zi5y*`n4@gY>24{|58(JE4>Hf?M-)xI7SV#oM+U_88SCo=GKo2*|= z&q*r?=#%p$vRDaa$bmFpvAO~9myAe}?kSRh7orcDdp~ z)^Wcq6@(nZt~qfFZ&}py;&k66nbPgsXRr4s3A`iu;V&sSo!2EgNLJk8d-$EILZSaB z3Rce7I2iMJN=^4=%c!eOU9R6d{a9QgngX@VO(~(-HI!Q|$*@1~5)N`e3q2BY`ET*_)ebAP@=*QvXctk@B}&ZiS<+#Uk?L;*m0MZp8Ho-CmZZZoOYG zvFmtPYV2K4{Mp0E!>lJrlcNM%zBDR~EQj&3-irTNJ(tfFd09*OoDi!<6~j?8SmKkS5 zJET`0rh6nF!L1O9JgGD|kZr4{b;WheuOa(JiGr3Ws%K3v8=c;*=D*y;55C_aV*sJ1 zLz9NVq((?Ba`dvIE2D?%eXk_Rnf4Y8s%Z??XHDUyOqb_FwjEy^HD?MWTvXf^4Uw{; z&?$RWUi2Lm{5j3-J-?h@@3prGWO~Qlv74FzH=^c;S6cDDUhrPYR#sI5a}e6-VY4NX z?GnkvG>^4=FgoqFX>S_>hZ@dVQ6A*36419Ond_UEm_gb14Y_;%g_s)qc^uL(Y{yhjb;IiHRF|4v*Z#_r|4TUHap_&*( zS2Eq14YADp6Vd$t9hR9t;U z%+o^D6uhgvQM2}iLw0v^q0Fn%X|bb82)62Kf?8-URmsz;FscTs9~ls)^g=vt5C{+B zrx$&?-PdQoCkO#zy#gH|j(s1?24^#Oadhl<400 z=*%}e3pw0@4D|%nL83i6-g+kZyikddtL4a49^6gt^+f{@LT9pvwdqvd{4T+9!Ufz% z3?@uu2EE!QMtdT9Z4{Ys>gsdpdoNsTDz~;E=f9ebi0B7YZvxJBf2kD*8a10OwoBJa z!pVpFFM_6U*po*>!`YF?{)3CjV$=q=*D&yMrmJu3H0_0n@z)!TcT-K5a- zfIq`Sh@eQD3wUE!3~}?i_9VubtisDu9UVTnS`ZO^+e7wFqPlanT)^AkVZJ7mo86pa zbxWZN+!h=esq?LLiHHbrb?t>M0`of?w6cO1*6PMSI~GGsIu>PcDw(6`RiK5gS@yN1 z$(iU$9F*GuX=b33-oBO~EbB4^G|N`p=01)j)rcQOGx}>fm90+zMQ@0{&}n7MgBa*& z0Er3A@TE=7Z)Bmg-JN5`$##;9bhAURrk3Fk$38YSLt5DKKVOzn$9+7urkvx4Ph*e` zZ|uE^2#PHPeBR9xyhl8l*O04O=av*$AplZraAe-%du~JpZei#=(dD0zoFi?=lL!(SC z?%Fz+O#rP}b=Pg>tEY+f>ePC|XvQ9(FpsF=tXcEFaZ>yHoND#r5@K|x=B?8rkeY@h zsvUt5*b~udL!pg~jm0i}`ns5OMlcwneAjQl$|91i*1krISnmpLOwtqFh=}g6fjOwp zKw#-!$i2O3LG89Y3QFWI%K=goPLl6z#(k?tCgu(i-Qj{vPd;iWjBd{VozN(Iv_270 z1JDxy)-M}CG>9h2p}9n>0$?gpD>Jwm&_aRgI?-z+v@)Hv0sAY_o%Fq;NToA~Z+}%p zK)g*v6c42X-V>%lrk{u(gux)J?*xbgB0Hc+{m&1O(?C0JuFSHk=0??opCr0S@BX+h zC}{oe!3+B|@T%YjNS6BTR^NBq(`5IKVw(Ioe(-SD^6mlIE1ki@SB;dT-D8b;4K%6& zfaTXEkR4dzaiZ}De2x2$r8n>Zm!p3E=fApKxiI#Nh&#TaY2L^DOS4xx00-;ubCXUt z_7kps&K(FR|B5tt5Bv0zHm*W&AiM=@2|Lmq!D<{^uM?GQSKx%=Evz1~n}K+A2UpOE z93DD!P<_3$ftbDEkqcop-&89R7X<5lGv>mQZY1JbN{{SakLfjN{Cu z(8v9=qG1;*fPT=hm8H24X>M*fX-oIYO^}A|h{Whf_=sMq7 zSJgR5qq|9iTgXe;4m?kO+C}HAFIvQpo(>+G{3b94`X-|Ewg4g*; zFGN$MMch>sQ|Zn4XB4b)#1jFhR;RtT?WKMQJRVWbZaC5uQ!g1(`jK|7EQU;=avC+h zVdi@4rqxa-0Uq$n*uwLANk?BgKjdy%E_>{RAq-H899^!| zeb;?qr8K})Lc!K1scU{M+m?-`yg&%fpKPn3jOFq&ooBP3IU1ddm)~5@yx)D0k?!xs zP7)yIdr#>Ii}OQg{_t>v9>Lt*vceZ!z5v4Q+u$?SDdLy0G@MR;;w58b3Wv}XYUh#} zKX}b1QqZedf9ZJtDnM`j**dKDb;1^$$~g?F6hLb@BZdbJI@eSTg4 zKseqz{J(t}v|2?(P}Gz8o#B)}A4%~8egTw(Aa$C3{ZJnP#yUA%clMhnp-LtKpr^%hV59uETniKD`%i@DF_$22BbdztUEtZ zsjq+>CeP6J6Afu_7d-DqSroPzYsm+4jc!+LC~Gy_zHGeIXs=Rr!MvS`258zVDDZWhySHneH6A4?nFd{o9=0!iXDr zq8>O#Gl7I%ejv<(9F4PkWVmqmEKvBAX~S?X0xaC0^^hU}w6X7+KGwNPhcGT1qi*p)wnh_<4xxITyd!M9dOz}9T&K@SUS8LlGfSKEz@R{G|w3wB6|tZrH0ngxuoLJ+fqTTpHX6zX*LBO zayXRV*lfPG)#ID~=(9g(akaoMm9^=D8~z02*8s!kKYM}yV;1gTxS0fsZk4W@${2|mRaC_6)AlYd*i>dKF zR#i$S4t7LoVWGbJDO=nJ=QG`e zz6bsu_gxc0mt~rO6>NV4Y2Rvke^EP zRMM6zpHd*p9MnEov~jAkB!3Uv^DqZ<_dU!`kfGS8_5sVa80Hv}Xk@oiy292~byP?C z@hs$D7AbsDc3pwz^;%F*tH_Ch!w+;jK!;z@N@Xt>tu{o0(&#y?>4ut0{dVB?OWq(< znQdW7jzf?^QGCX1+$iET{b9?B!Q^xLJQESiW|#oBwhyo{n|@~gF0#NEu64(b5?Y$Q zsB}dXYvWf0DIWE)I!dIv3IT6)ZWdR6o?bEjqeWZt*pG&OZ4}pd$D%0TwizOC#BMI$ zTv1pgH~o=g%~Jk9IGa6&)*dghppnaCr<3COv7QT~@cL!?0aQ7~Y4cqPou%vQ)TON} zNcav3MgIK`0paxzzJ3~f%Vpj?nRt2UmqK~siI-Y5nmS@?3rsDzZ9yAV#TaSkkeBYw zyB=1wEfo&qfoHL{r6)wT^>TnVLyu9r@_b776$OJIh$bMi@Y^H-gBJ_YJnHP!R}Ay- z?A!qPkX3EX9uF*Q_`N>?UbHl0shr> zI|LA3|GeG+fk-kCoA2dsd!h> zEcbY{^q{6s1^G#zh+;oxL9s3}ZI{un0~@1-GpLC|P2)xMX-=))D_X**mDqBR2ZBzJ zUx#>lHk!gMPWAeSB|8>Y)wgb%ySBzBjLAXQp6M?^epA~I9dslQN2P1|# zS8|)8BxmW}V&VqRGJLRiR-U~vR<%6vl7^|6X|r|(Q}%Snm+*2a8}Axb#(pxtvl4F@ zqjEDQmclM+MxHbD+d<=|&_=qoQFnFh4D?gA?Inh92=IWsX*4Q{D-XX+OSBD_l~dMi`|3%f`7ixxDOHZ>K_lH|BlD{ zU$*U!Ap*hYhi`y5AM&5U2`6_MtqgipFN^<~k^YKpg6~KCp$4=%+g^gT2XQbTtqM@`1cfE0&Ae^j0QP z!!31xZCASi!T?*w2|{HwcRt)0p^nBB4DCeYH7CQO+=Ny-4`M3>1(N&2pR6cXx%1G1 zro~e~54U!7DIY8T151N23a#m{ocbvF2MacJWpma7Lx>sdS+U%K`YnE01-pKNk*0vP zQY}R>rlq&9pwFDE|EX!VgnLO^DsX3?KK|9izaGcuDyqA|ll;rg%zdoB@W#K+%V7@*K&EM1!&gv% zkPfWg>2LSrICA=}gzU&E$%|okZmm|1w)O)Q zZmoiZ*RKPbP@FzQwradaz16#p({a1$^hCx+GXF78qyHW8=!^xp3#Kr%AXaGL(z$7G z-qh1o1uhG4*c77cm7=XkcteHg*$VX1o8!~G>Ar@OyoN|AUzGOa^|bp1qCqFw9p z`s1mg=Mgnm=Hys6Q5r#!)IyfPeeme9ynF!}$V@PUe(_l!-<5bn%`? z6tAjbAI{)fdoz%$UAbJS^+PD_%4amG>Y8Wcp8fUHxx4OY!LY!BeC6sh=ADGFn5g^f ze5O|td)J1(-%>X|*DivPYu0wsHqU)j;TS*%;FuZT<7{*qZdYu5bDlwPXeat>O4JC3 z0?LP91M?i0nPHKx-8&lBSs{GL1+9E)`CL1xYB~mG!D5uW)Bx&c#Fbf(nfW|RPY$wi zM|QJgvQV9d`~f1?y=9tF^tR64DCI0ws%7{*duqg33zK3Qm0_@fC#Q_&O4*?IOOXk13RxSm8wn5NvAC2uLe%3WE7+bVNo!XU2wy{fwi$D?2U8Lt2C&i_w6 zZeS+oCz@lMnxu%{{y)6Ec_5VE+dn?NdzViXl_V+NB_yG&VTO_=d-m*Qmo3{c*2-J5 zCHp?gzRSK1B4nTJJ6Xp*7)8B6JTe$VIgY`^DE?z!*#+~=I@x?b1oS`HC`89s_5 zLjW84S&={!1FZaCrA+_Vz%qdjAZSjX^+vv9A9zQJ3<1miJ0d10OZ|;q&HWt^yJ7wf zto;|L_xH=~`e=SsZ)q;!q=5%kFBTju%y^AVqYjQo(xpG{D&5>51IoV+VI}$p%))A} zLDO?DO}!}-Co8ij)mulA@@ zZFT~6+VXG^F(mfYL3X9O9k$1vmUc19Guvfpg3Rhn-Br!vxyQvG(wjwC!)S$6!|lN- zb>3_%!&={B+isjqN^IoV^E2iKIddn&|R^jV*1S8HHe__YZ46R8)B)JN7~OYmJe<8P#bH-o+Wnqywt z-)Nbol}?Z4yBf-mPmGPq-&hq6jS23Zs*7lGP#h?JjZo^fD&k1(Z77>PgW(cSN7cim zR+hRZ@p4S8seQeP;`;uhscvwr1hq!pcftU+uvNPesN8yDt4G7bf7l!W;2kbQ>YyW1 zS>C76ZIpl?{OYQq)4H?JU4{0e`3S z>&)BPn-9jHOe2;^#1&;UZNDuHj+~@qx9_d22>m|%_oDYg#U&mq`t1#%;NS;PtsZDn z`w)LvbW)b|k4qQN=@t^;@%oS@cnp+d#R6`txNvxiu zMMauk&#F=P;ikX}30o@N;c^^Q;^%)`#paz=ul}i|r`r9rB76}mvMTP{Dt(Ktf|e{#3Od37K_jmioKEbp86cRt?tK>D~qTWhMrmCd_Nx$d_Qzfh|sey&a<)B z+aK8)|0*!_&%;W6%Y-;OON{CtFJGx@Z4jzD$*Uu&0q5)i>Uh!%%D@gRL?JAcD0bj#Gkl$Uf$FsLm3BI+2{wPG49%>igO zybiUnR)$K<#WF+)*QYC zm3-fCYSQ>Tx7m~^)tPd=w_K$2i&@NfJZ3N15}cPXKqSAtdK>=eT=98TY1U4~J0>!Y zqR&gpRX&nmHJ|O)G!7JSm`zKzK=TDU3_pr}WaFL9x;8f>w|e=< z3O~nB=2OI@L-FwxQFm#gxZ~($yjrNFy^x7-^I5~YY7bDkms;}mTJ@gX5P9`SWbCn1 zPf2dvU!%S7vdZ=G$&V*nO}Ud;a^wCymOOtyZY?U1kpo>Xn3Q%aHuJK~u^4K9{Hxj53mJnb0T+b#nx%w=osnB}|Bux6fd<}WiOsUcY} zgL$Dc1K>JCzk0M4xhd_}?~eAU9iGJh^=JFeB-nDN%+mDQ>+ zg(>OuytEa*Ak9Ll;`V|c8)-qd!Nqes%;#&AZ_Yp9Nm*u*0u}0j7>@mntJ<=_4m|Eo zazHw-wr$cz*A0Ar<7pk*$>WkA&BRndyz4SInA-l_#k$b5+>nv`sV=F$IWBzg-hxyI zycRc?$s27`Z-^O@XsNo<{;&*bnCP#GZj}0*hzhK--WtGG&*mNsrD-5)aCA0He&hU) z(6T9tLW%~*w`$?%RsQqw`0gG?t=uMFU=hR98R#o^F#yvb7ixDZ^ z7|JrEW3_xI$~u}NZY8+JCyw2avsf!nJM%g8wBf*w;(nCniNZu0W;!Z;WT=d3GU4O# z!Bc!4vxpt0>ZQqazPo0}k5eGykQur1Q{}H0)*}MF$ap8*ol}G0>Q>vGa8;E=nZ9aA zkv8IzXU1g4Z!9Y{Kz9ysFz4Gp&?FqX$WVN09i+)ugI3~pWht#=bo}y1^QL;VOsbyw z=g9&yvJ_!yVsl)}6)AR!aY^}FjwZcWOFNp(@!K{&@uFv%{X%OW77@$GYCr6>-01d9 z<7G5wyf_p8<4T4{xF(iDQG5eWx^CfFHLKibw!W&;o5Bn;s-*rLE-Odo@HX#GJ3I^+ zbZ}_)*%L@ggKn7LoP*DJOeA_~+`Fgbq^ zPXvL7!~I3j*yg{!j)336>9~g?aT@6N1)$%5-G8kVkl2SecT6Dg*kNsfvOghlu>$vI zV#L<~je^)8S|TeUtSS2P@Xe6>X`gZTFW74VH3a#fv@dgDmqWgR)&hiY0h5OJR^p{`__eJ$`3D zEAGEHtOROdVq!AAGP+a~LoOuRFuMFlDp5PAmmoZCW*OyDvD>=r;W)hWP^j*aTx$31 z>Kx#WKum?89sb2s{HuBF4nnQ1f3L)B4xYIVj>|pV)0H?leP8EEab>@&XyrP_?+D$M zg5ACux8bs4K@|ZBBy5e}C-=?KRqYQh%1jJ4`3Eoa5^9?=sGm1S-+@}=NkOT8CC&hZ znvXsiq0-;lL=2O)z}RGbx)aC;_3Hr55Dr)GJEAne3eDlIw{{9te_A>RUq>^atDbPT zfAts-f7YA6zV2ru3C+@58MDajuew3GP(hV@3mFzVq`h5Bmg$1akkz)w z8U$}OmsYF~lf`U%7w(!((ufj|IUt7$~Qn|ep2V{(FQ#k!wI))lepJ*-mij^-W~$bMh^%0DMQ zbJ9Q&O#&!{r%qGN@qG0j0LO-K@3wG zaSOv0u1m}7xs)0?_l<@fEm(uhF<#Yf>YXiMkydqL{J-MA#K&w~+a1?#;J3F;Qw17Y#;bpEl|7 z0TB@fKEY2bfb1gGy;d(8l+H+DMj0gR_cHEDrj(SO;h-*7L^twX-%m+eoj#(AOZp4iK0>LgL3uW_y? z0%qXwRYdQGH|zva%gu!X&Ld@!O3OUhok@#f0X(I}ZhsTZbducjb#Ir1zn73F2Su{1 z+9>|1&I)}d_NGic1J%d+=Mr!Y_2JoeCUmE)q0%@4Uj69P+_#cox@YDd;!#4ox4mQ@ z(6@{GV}hgo7hJdda!UrV&;^d)$G}!rk(w#1xsHq3Qk|sXo^4%wUl$T`(uATsI>-zo zafQt@K#5lAT3;uZGrl3;*P(z}$#X;4#GpP(sV&nBlY;r=hDi|HZrMIHE><5UQpuED zlq=7)h|1wu&P4K{i_qW3BY#bFR)L7_w9gEpMwfnjZX8j3>QBcO~QX8gFhJ4 znvI_1E2t+t9B(ds?eXI;jPCj?j<-~EIu70!xPJQ;m7=r`kaUhWG$Ix{7 zjJUsf(wyag8n+>v&$zlj<$u(vtNlbrkszh}8o@a}*qzfaG3VH|{^QFZpxCj5z+nVd z7AT*I>Nd6|Xc&+`fFdJF!9lX2nOgT8M>v7%iK?(MH!*1hgfIhe)&b4|xzp$OKoJp0 zgWp3?gs${|?kQqWnR;Unl7Q5SzreHs@B)4gir2t%L3Z$?J@pH^h1~z+Up(sWRrKae zT9&ek3Y+E_8A^st#no9=6W81Pgfiw{CK_CvL9y7dUzdk;Eb+>;Pjo$Gf zXxiQksNE0o)myit1XkH920vw;fk1)?pU5zdP}yB?Q>Wdz`i6&JuE5S_#EgD;jRK_Z zUk7tha|4R)=E>Zi+TNx@|CRgxA>-~2PmJ?(ZIEAGM?itk@u<#xvF|k_c{=U8q`*l4Nnr;EdIXgF!#_%dtKL^_mlXxwr&4^==m&d_uC3oXk zwWeM0bwfT+nhdlyofe(-Njk3w`vLlHIIM*g9RaOqOq5P*ln z%3Ws6(5=DftzEye7r0!C%?4n6!LE*d3$@r~6DZwNA!8hpgr(vTxSMMULp!OkEf-s% z`FAEAy2foLgt0b^YC8kOxsjpocCx_g_m-amdy3%fHQDZpAhcL`U1mC5?J=%RKdPH* zi!=lDT3J7Va;N#OESL$|^q-Ww2K)_mXsvr@!=O4~?;BlgrL!>Gy@ER%?s#+Mrfksa zraxvEO%)T?`vYwj_;)7@?rlLO5?@B=ikObzqXsn>gbm9DNYDoriX!^A(bkQ@Gh975 zt(}QNi}Xd0yAVhYVJ8AqpR3M8y@F|xfTCIal(AkN%`Pfg;8D4OyPvWvwQImWAeeSA z%bX|w`J zP`!`Y`)SO&-43mX%+B_DqoF_WhJb(fR!0c@a%iX=VWK~>l2RzJRq5)0MRQC(NDRc% z^rmI*3Sl}ZwVlkhFF_zT38Ry0!CeQyZg(P78_pK3$$mw93z54ln=}-?`E+4Q3~SI} z2(3_qUe;U$lQOfB>q7*&bA#}rHe~3>ZcZ1c86I?*%Th-$SLyIs^Wk!{ta}j9Cmw9X zupA5*sjYs;s+>was4;kH^uO)rSvWg8Q$#$h7%t4Z0?9k|6Q>4o-oEX+^+lI0Ky-YN zY*;bXP#X#{0)5K}4!lAf#yM~6*`yyjAlz3T23q8SHkJDxUUv)7r5Pvobn3H36r6DC zAgG@p+yye82#s4!_C23V(5z_Sma2iQ&wa0S9thqyU?~WGY~lnG--mG{a=VfC^&Mph z0R#@SXjiP6=9x&2#+@P5i5>j%BwF&e*=~NP@M^;x%UXqd_W-~FkO+b*+VgeaCCpdc zxuo%=B{b>ogayr}W=XsU=Ggt*1An#-H}qs@d4{qgD}W@%Y-j6>A3OWqO{zxR8dg*5 zQOF8#kc}?x4<9#gr_!;S!tA;>sjcUvQ#+;>F*H;^G`ei)x80%)49*AD{YhwgHCEWM zx<08MQ@%LVd}}?@&J{Nw1K-v5*ogr`ymYBha@2K}m8H735OA6R!=Wp$bppNlrR?jl##b;b zVBH97Bh?7Y%Kr~%{3P1M5cGuXIzaaJTKs@N$OAq5_UVH@04zS_|9>trP!{eJe!;N! zdmE)12k8SqoiO=;+VEOkwM`)Xb|EODUxgIX_vgU{Lf`c}n}<*PU#BmAb8Iw`g=J-B z1qBAXZGUjSBG4I>WWPo-f!K2HH*l}8AUWJniK6Ju1CPd7IEZjs-~0i+@!#Ifq9GXA zp~W;F&qouH2@J5l zp=5+33wMQP;Cv15eeQ5o;|Pw;)VC#`?yH?&aG=}c!CI5UWH%qjN@zt)BKWzY0QdHD zWzVcY%feKyTl-_eI|ZVF%T)GoslCm;8=frq9JCXGaDv7^gf;hsVw>BwwYEp`N>(Ge z&2|Dm?$MExd%AQ@dxb_ms+yC_knT#pZjsx0C7QUCjfIV!Tcvei-bs9?*sQgh0px!k zZkMJ)jPjn`>;wun{t({ot;e+`luw+nt7q}lRnuRUY{-3xt@vK@eGzFGdRz%L4W|6g ziG4jV`FTlwX2S{FlTnB^SFBf0>aN%|$FL3U6aqoI4|g)B#+D!rm0RR1FAw9QWTaxB z$00y5d06^9;UN_J4`FaH?@z{JPB`5hHxx%W&mxR-keD9z4)x`S`Ov}>F9#2_Rm2nm zuGuViokiBc?h=|qQ1dPl6TU1&fxFOr8sizQ>w&~foXAebi4)p`9O$(6N9gvu4Z%>s zdqxV-zSDDNHf!-BWzsn;q>-Z160~M~r04RN9IMBAD1e&pzV9EYtPVlHu z0ZskirW^rD2#zpej?sVu;BG9jFi@;})Ut$PRyVf+ws66e3DW!4QCDnOY&omHgdgZ7 zE{7qpM%o4EO)_!1Wni7a87BW@@%%Tck7XGJ*gCS4WKyiRG4Bd)|1w!&UG_r&Z&m`n zt$8i?s|#Qam|W*^m2PM}f2S9RUjE4=db#}~sIEZ(^JUn$1dIsvz7c6pU4;&J5;)1t zODc@8@enqYvW7HeBAII_rBt&Xf96&x4_?eY7qsI&lpiS*C>z(OAJZ8!<{w+gi^h$L z)MgO$X>T~diX8ri5O;AMBMJqz&|Uq8JgMUu?X!Z=k|2LiswO~x)ULhRa6x98c8$LQ zDMRWnIY3bP=dE@-(}^Vlwi9UAWkVoUHDR_EEu8#Ug3c><4W2m_-qP2FjcJsCfe1eZ`lU`l|g(K1*CH!4f8*Lp+VyLqEOZ`mW z85>5o*M_`}(0!`*eIO=e5sFT4qDNwsaZPM$pBoWFrmiYvKcys+G5;FN0R{t`uLB50QCFGHDl9KgDk_KUD>hqo zFe}9*k&%&Wn*RW2l7QWcK&;z)j1TeldZSA_;ppO@o ztXr5=7c73Uv&^+ga{}@Y!Wd>&QLg3L%VouD0@<)4cKc5`Gv;+NZZf#CKuwoFC?RhM ztN>7@4tFh5aAJZ@tdqvnm#V{$vGjD$C*fMBuQqj3vE_m@C{TS|$V8s`2d)c`3xsOs z9LK7Py;bJ;ZEu$hE_9c#u`D6WWN}{uD zvlvUi#KR5SkcGwBY${r?dPS2MYXOmm9WV058r~)GZrQ#txqL25b+toKutQL&Lr`Qc z()M=HNZF53?}oLtxn5iYbJjqq9U4#;4*&olIC|aP7N{Qu7{tb;W^eKvJNIjJow(=4 zeRTR?+pp~K{ou;~1fOh=%O8&>E7f*h4R+2|9;@~wmxZl%d?6FuYT`iOW@YV@hnxjx zUH#?__lzcBv?`_sRFB)u&RR#dd|cPsSX8w5ipFv~MmLYEYK9TxjNsaHX@+{`!I4+XG&J?+L$6A5@ zIX}lSY78gt;RTtTPl+Z883uRZt2YMOY7s6*y@VTu}Z5QKVyzQsr;`QZ5Ho>(X zUB|UKxk*FGV;@Ec-yah__yX%rF}59_QBLKk_FZ_`j|7^P>}dg+6s5t=JOs_Rt^AF; z9mF~R&YXO!Ik|~Qlo=<28&#C|n`z|Q|1qr?==;%d!ge;yXu3M;nv_HqyoPyF`m;vK z)_RDv08jnMbH2ci)j+(shL~)pfZtk6NgnPdTXVF!re;2NQ%x=)Ns+Ao_OieJ{F**$m;+8 zXWN75R*y)fHMJDwR`cmCfum%OH*^q{bzw7z;I8zBJrFwxm}g<90|sDR4NOF zy9o%Rw{>eshnW-ryw(4NoFPEh4sfWPHRY--7eisE5BZPY%Cx5Dp}Q}Ic)XauZrgu3 zq1K#=p%2m3RXa0}2uCoSlC}>kJ~NGQ4@65_{fH1}mtG-B!aV+jR2f19@eEme`L*$a zJlpvu(-o^wj}sz)L}V*UYo+Y)$Mi?e2k6Eqk)_TBrBWROoovBr(r9KX9;Qeqmw?KM zbt^QkDOjZ}rC48PATiH6Sa7E`*nOe}wB&Wpl|g>-AOjr%;s(vT7mnY5xW~9SAWJ-1 zZ^txmx8^>&FdAR@%(}m8`f5j^wJw<&TU*20N!n>|FSAI_rhC=zMJehf2Hf89#WSiV zD}`4q{0;}pNWpauVc}mDJ zH8W`2j1hgU2bfN#a1by=y_nhxmd)(9o5_2ks@j`th;EG&n-_p^f_5vya&Z_Y0qxCE zT9@9T3P*;!{uq5?JC1O!nkZJvaX%OPb+;O8JM2)tMLQE=hQ|YCV;vx82r*$0;rD9C zux?HG4GzbOU5*Z4ff_2Yr#XwPvk3~iZu9WWQ`^h{RYPdv{9Ppz!U+m+h2=^Kpe;~x zP;f_XO-nK&JRFDm{H3?bX_k=^tx?3+Y%w{}J22n`+KsG#DT4R{SCv5Mcxh$fcZBf0 zD$&CUVs+-i;zL#8-W0p(W-KN0cxk%8q+b2W4kh1>Y!)0{8g}I zS$mk@b+Rg0^*!osnIoR&-iyx*kk9D{_QfkBBLkSa-KR@)t^xzw_=Vy6zw`pu8)>z- zHnpR6?bn+u%!hKYHN8)*t#KbcXmUX1MH)eK)FZU22TScNwk9Xr!WXLKF;gklzKySV zw)GSJPdvErg_$@tr+aEVmF2o zQ}Jo@PJfSGKN!`qCIKgj2Nx7@s5h~hJ|zM(w|bpl0%r}9OBN%)AGvqC3^0cQtw6#) zkwV1v^RB&k|8pS9Va`8-UhgL%bbvClJDZD4C-xzG@;Oj!yG9ts9_#TK#K%9+eM!1- z5OoAbolR?fylGuBo+-TAVhn(}!#7E3BD=A8Sr#}j#Mh05wRj!iwzi$+_NxF>><`*r zi;xd6K1$U|0j@{z1Fj;E{BW52e2=><(@}=!=Q#E`ox?#7J>uOnwGm9F;Mk9sT~+(z zGfu;3#`Ir-UK-B<_K#2Ty7k@%|NNX!$WVpC4&1V`$6g}C;lNKLDIfDdEfm3%dOZ%` zA6z%^2LF^N^SdHEW^0XW|t$M?TPGP-bPgg ze86y-9%I|Xs)x&ox(Y?_j%qsHT;X54eDnhrQ7U2Un?%(7Y>&MEH+zW; zD1iUoR<6W-02Pr(*873)k=KGOn|~ogdUjB3UAyZdkt}UCzrd@9?mlX+8%;Z>pG_W; zl4Q^It|OD08K$_&@u=BhSEs+tm-B72{9JcS2HUI0e7bTCIyh3n3FrJF;h*#++F$nV z-$}@fadg}q4VG<*st}F{(8@B@Mr}OiaV=G%ZQw?_@ZID&wo29MSp!mE8(4cnrKB>z!HLuJY4W>fGh(@FBrJDVdXkFE6 zQW6UWiI0uei`b7DznME>K)TOGRpR=>4eXH@J%w*yNvr$En>0Foj~tm;(y+n%Dx@;m z=I^_1reLqUCAxL9wK`#9Fr@igMjVrQTtO52Gn*S!A}Vk`mP%S7o;A^?rqh>yQp597 zbWrqLciDIfsv1kXMpB9uebPTmtX_DLE3pT4sPxdyxMmagN>_-ZRE9FN1qYjhHa9Kp zW_CARXTk<0)224wSSdB0K6mBZrC5a`c(?KuVPVs>*qxV9v}+!Ihsi4vHd&mpjWw+h_nPXHh1KaSWe*(P#(5E0xd<$g8Cji5Ab_+$w>Q$6>X@k@+8Ow>QjeT<<* z%D>|_KZv4)kk8zz3HQzn>be=G=QH2T8^tEh{|_5=?uVMl4y#)tVWcr|nw}ZZiTUA; zDKD+Y3l^7&IZ*sM(^Gdq(FVZ``Ea5oGfeV1E~VRMl~Ta#zReAIKXTkoj98Q@cz{)&i)Lbc%@ysn^g9NJ%^!F_j_{b^I<>F7e4e2B z^FC@Vw>VjKIM2+~MWq-JZ(3^t(zND^cGFaxL`$a^Uw2ne4F3hCZ{FU~h~0W@W*-fb z$kuXu(@z)C{CeL&kRyg7lPXXku9r5xoRKAZTD90e8OXb6U#HtHo-j*I!(&ezi(V?BMExB1*eDGzP#1{=r_U4fe>Zqnf z@{CLoZ-ghhxbsS3W5?Yk4HoqWwhJs{8D_UOrNjUw|J3f6y_g-|UTokQ-dG_7`|9od z2EulY3ZQJxHtLgza4SQe>0A9t;w`vQit2myIGw?PUCXmeNV{0}0yaq4>3vd(99Bs2 zV;dTL6~>l(0i)zSGv!_;+!yd?H!ez;{E6IPB1N_15V8TFs{X4GDaihQIyZ;tOP7LzDjc|iO>$Hw&TKXB4paE423NmDZf~&|1{J7lZd52g{!hjJ~I=I8AB;6 zq%&q;XI7TAmii*Gh+Cr5rhRSqE! zv*cR8OU@qia%iMf&SO;49-T(2@Jy0f;BqeVGM-E~&^G zBSRMPh2XhN%*62`RrKscBiJwT-?Cw)lf9g#WSn5Ss;5o%p62Ep*T?bX@Hho6z7Sda z+eU;?|9*h)*v;8&^<2MI{;y@Gp1o`TPzw-9R!<1d=?vVSK_*F-F&Rv1z==n)Kj`nj z7I4B`Z8y*y%eWuyvivg%EGdsXUWZ&r3sw-fU^uh#PARJaiCLi-YvwhJ_iFdj$DCj} zuuqH7WPbw$vNhHRLPam(`EDYL`S~RU#rl+y%@FOHS*|Lqx_=&9dwx~+mJ6}k1IJ&c zTA0dx@Q;_OKhfuZ5e@w35%ocq?o5>C>&eAV742TiEP*391Rx@U1N76#4uEs)otI{S zQ~V3&{4+##7#aN!aI=;Gk;+LjWo1x_TP#q>JJn=JY~qbJ$xOvv} ziD!YA@lEXjzc;T!%SP^fD>omWyEQw5zN$7qh0U9&=rZWS%zZS9mg*$1JIQ!4`QEFX zL+|u5KdFDkt>|`Ds^Lr8@1#tITsR#O6PamYm#e7+QgnVkmd*784D0ySyv!LMCo#l} zt05u*uzbb~!zX@yx)sd{6K8)-(Hp?hy&Nil=k(Bd=2dn_o(J2ToMyCC(4E05MWI03 zhQvHVW{kD)dd+hS8jTD*0m0CXgV`h`!Ttu}(`i(St?2uF(^V1#v(BoAW@Py`sG3Tm z?(oIKqlqmC9*mh)sAEm6Cm*XwBKu`uOcp=z#=HSRkwhTl5AR1;_EqahTo)ON0T^ zMcn0ERWXQhJr+FhQxYAKa;$|na#&g9Yj@eb^+c2Au2D?r**YNShr?7~OrCJN*nH;5 ztTYv2=A-7wWwq-bi67ZO#w8eD!B^)_ps7K}sGn{P=KwCRlfEK{l?fzU?}h0PwuH1c znhs=hfuPp@Fn$L04>kOLQ2D^o1A2BZjC?SS0ObNVJz=6<^4pcJ?(TVS724muRtRXA z_|uF1pF;otys&>q{N_IY^A`hGr_^b-KY_k^_&h1339QMXo1O1Cq)j~s{zphy zIY_Qpbr=F9P>lWPsnX++T##tHPX?@C(V&7pQEk2ug4r0D{J;T1&#Qpi9yGT@BVmz| zO2a~sJ6HE1m_aR!ElYz=qUWCFn{T9r?Jp2$j*OGVrsi{!vvXEp!Q#aHt|K6aehN?{ zw;Z)1ymF%l>bph}M5I^jm+Kk*p)U=7CL##Xk+zDW70i=PTVRLEKpY}h1o90WcfFV8 zQH)IDiDLW+9Piw;^fW;`qkP?%kkt9Sj9uY;yT_r)5!=PFUDiWXwrUyPJiz!ZP%F!kZzg~y^f zw4;6$jYSBvv?7CwWC9*JKzZ7f_5NgTqf^hEV6#k_dVE_dn^JTpq@$Gy2bKL(p{Bzl z4>NHC-L-Nd;{~aubgm|+Lq|c24+hL5KKm<;<4j5t*u-Y%Ae^AmjR4r!TLcGfEOvD< zy((;1`4M~yPhf~vONl%V)vUI66yi@zH49wwxD5*0`RcFb&nmuE&{K0MRJ#jvp0mjx z*WZwg{+tzUa;)=ts>x;=|I&H>4eVvKQG25q4Dd5TgwxB9D6+O@V)AQ#suY04GQv z+W!3NxF2-6PS+3iX5`qTeHXU`n6jl>YVF;PZd#WgBY@1)Dup+P{PFU_-q-P5h0o(tjV7!lug|uv z8EmoT+8fw3(8$ZlC?{chcdl|YqAQF@sc1VDtjg_-QuX;$B2XAJbMsr-3Jys(WK)nV zCm@!45XFK|styO2SrboY(~G}>K+nQU!H)e-WPGf8zqV)klR6T!^{40ss73N=5O;(C zct==DX%Ee1sG03fR{9s*o1;-g_WOgwimKTGvQuP(7`+FIyT^c`R;JWLLqrHuUxvuv`^V`i) zpMyLl6@01hPNlaSvm4QIM&`8PAC;@c%|>+Uh@LBbk12U(K5@kGtI-F}s%j8o zpn}?ChU}21AgziJ_anq$$u35gg(bn*(roA)k;C=R4evae)#B+-O&h8#Qk%Gd*RUZz zL6s8`2Hl)VsA)Hx=cj;t0H@>;`20b&?JexPC_9TxUrCm=G27VCfemX96!B_&ydgB} z_6+T{tsOl`476CQn@{0Na}~cGarUk;pqu%0w|BukG~&)J2JF{+bw(G-4p>R-sS`w)p!6=qt&0Z_*NwJjJVZDVPa- ziHQl$M6U@CpGPL$vmR+EbZMK@{v-stv}0p-=Wu+(Ly*5f;Upm*L_l0XHEB77D#3Ch z*T-lz5%}?SYM%AMI>?kv0>a7jh!E2Djn2wAZcK+FB?b80?*vR`DSFWY>NH~ zxda*<3E!1Ndlxz47y9}l&I<%5BrcWNfxKSSnl}fW)*!fM;+=yVK?EDwDykPDPfZC5 z?*cTdHJLds)2~DVP74~b|12l{Un%MYcn$>g=8xsQA!Ilf3fzy|=VcEHHZ6<6B=ZWX z1-K`WrV@evEx+nDU9FaUX1v~q2&ZU)m@6&h<>X$m1fkIN8lh0*4MEfI)xBOD(}$uR zch)h(_G4#CkAI>*bo|BY?5WT=P%v6(h(^}bh?J7uu?3&JSC2}khw|ATfa~i|0Fb1v ztzEbYY5(c>^M+$#msUs(h&@^=gDc$tv3c!Od;=bLk&+TW*K3U(f`Lbg96pMgVUGZP z6}V*k{Iw-iR#Kg>e`nxYg@N1^(4wo5>P7it>&1jo^fT0Q12f2E2pT*VcKr|?pCO+| zL{e{BO$0XHOEaNDdq+}>52~&%qU01>aTmZ+!d`rT32rz@_I1OY2^4i4;&J)ZM|GMH zXPF=1!=Y2EFi7}HJm^47fG7*cr3lea0QD+yZ^W}P##s_w_2)xN1PW7#SIrl~Q&dmo zPAmj!Cuu~6sIypR1r&I2ckuULSi_V&bkMR?F()_V=O{F7Zu6Y>CJ&WW@lOf?%*qoD z4X3&6uXCh7Yi>h_RCwmnhMi{HDThi`>4#xfV=A}7s*xx;i%eS5gjUCWMJ_vrBDn0wP1~vUV{M9Nx312F zhzxgtS%7e|zZlJkpWf#Shk+4`Fkv#oXrpMWD>C$QtQi8)>s3i1wO(5?0R;tjEE#6a z%H`-g0}8~slwu3*R-hDy_r$ckq3A4)7m5i+Iu2(*M>7>3{RE&muiSg_6aX-=SUQKI zr($;<-FV^rtCT_9k5{L|Ky}r=GuU|*n#BVCdBKB>)&=-v^Q52k4hNLA@Eu`Re*>(3 zHM#5+m_x_HPf{54F{EN6Uq+c1Zh}qTclG6|Bg#Nu2$@9i@5q2}We1rd)VS=Wiwe~? zjzh5^dk7@qWb;F84>TJ{)l8{rvCh)I5l@fU9m^$OhSmUAwt;M@>hGV*3A?ksNy(}S zBjlv9)EAS4b_!a|5q&WKQK=qA(9i@f5|qT=FZ&cvM1Bw*BM@)nzC1%eHo7a!!9WPP zCwl_{{|4I)q%SQ_GQ>zHAM`vRMAbvUE_AGU#SDSS*NF>1P~1-!==d48fpCyia8NN2 z@^$v&=aAgfg1*P{f9mMZx2?Z_egz%^riAZs9?71D5V9J;$u8KzQbYW)TfctpgCiV; z4aWG19}@hNuY6iNLOK1QY=7+zD{k+b01H&$JS%&NW>Dzx8c13P`FeRMr$epX(xFI5 zxwz-Bl00}U`C!WeR&v{AcP}u1jm1;G3>Z;C2>B$aLUEZ4H=HBA&vmFeffkl(C*TX< zVLdB7{`kN}-COSV6=)6c-3p3|jO-w{j;?nD5%agaZiyyj-G(6Age=F6yr#!zsBwOlN`oOpU zI65?L&303iE}$u1h8IbRAo%uHHiZdE9XK5k?@`abPrP~AA>19uMGU<#XTBg|jxtgA zp4mZa4{V5@!_Z`HIVcrke-}3nMX$DAm5O1}8%4w|b)PIfeh0L{ z*#7_}^u2chOQ_&8`q27-q4!s1ntZ`ArWRXIL7Z!QDU)w0R>e>U!(J&hjC)4|+WX=0a;&Qk6cUDTVgtQfu1wtr1*Vs*8rAi=s-Hw!GNSwuECgY}4yg#I=zT&WEJ@;*#-5^3tjHI@$+01jE zarzs!SP!`&Ji0uc>hvrTivUTMWU!U@gU2p`tYCt<;eD~yRk1k|{Cl23t1+InNc}FF zoLuq|WmKN{CEgc7*OyPFF(iH*dzcNsM?4Xn<`UaNaz)>xz+aVbEv~Vh_>1k7igg8^ zdstmvF56>yyT3~DBWhikYc*v(z)+oH<-KvHyg*0=GSp^jMZ>Cmh;q~5dOLnkj`t|3 z&rkL@Ga<)+K)t(%kc#wwa89RM4hmg`>D>M%V-Y@CnGIh- zwc$FWi`t53dnwS4V1H}5tm}hiJuuiH2Il-*ZU;&9_{Ab`COp)-&f5JYrdTL0t}%B* zC$K%|S|4Ajj5UllAExLLZW))`UYbfin9FxL#+&NqcdelUukbfCb*n7VO>ZsPo85F% z9`ZYCIV8#rAR+?hs^Rpddqh`Hsa+OWkpmI%gvx?Qx}wj08|9$aH$uKUA~Tev&wk% z^2y}Q_9O^rus%H|kFHA;O7EqvHfRO>fVJ|G3h%xq-h~=uWycaB7eEs8H`Pi{k zx9l?&f$ zh0wXt)xjQXQ1vHwx>}G)@;2oJ>(+FpkOVBL!cDY7fuY@g9x_npnE@#RHOahUIexourUshjFGkZ z{H~ zIA0n`sIl5 zbJ-6yyjlL(GcrmXNli3p-Rg}vkr;ecQ$+#R{nry0bRWAI_AELQq=qRT_*$e_DiSi$ zzsLEfY^+G4T)beij!M_XJ#%i7$hkZ4;Em)-B)00>G%r~<?syDDmu-<{k}-HdRG{{#@u*ro1z@o@V+o!>WEwJa`(Z$f7_g z;<1g^vFV%bT$_L`HoCcQ1ab4l6!%FAu{HHhC85oL@i9E-#Do^wf&biX zyP&)X$JZs_6yKUm-eBw2Fq>`EnY9nZI}~)^aDn~OGmsD<WmlAp+s z$Hh5Zz|LKvyUp9%X4P(;-q<42$Z%6D5tqp~PC7yl6U!npRIUkCM7OUFY692eP`a;! zV|KPtb?@QIv@91hN2jKcW%rA*!yoIr+NNX)$jqvVjVxxO&fddfjOGIU)-wb)fF zTu(;9SKi6e29x+M>*e}n$$%V><~4J9xVW@)?yQ{vXgT}s@qxxH$53hB5qukA^eXF~ zr+QJqNaDT+!m@&@%Z{QAX0cO-;i51JUIt@l)U0w6CMJ+cv+>e%H#iuLboqJyxJ=7p znpsG0At}Y05`*paEDx(BCI_1D@B`uuvZTpGTm^zUt z(p=jpy^CobMId(5Kl2zhi}W6nDY0#0Fw^=Jo5)C>rF~Mi;KM*<7^Q57Pt>&dMXf8E zVOj~vn9)gtooRiWu~m)tS4Cb_0R{GP-@5zUM01b`S>~x1ZH(Sj(Ysd99xzMnzkOq= zudk{anqEjxPj43ZJXP4D-%2)VD}f1SCg$vOOGJG3Msu0VsGd{il%6D;&@&IYC~s32 zc#jObt7U9UobqH&SOk6ZpjC9yvjJ{c2Y)h~qS|Q3fcue&^uhR^?-r^~n$t6!xPDLK zx%?+6Z``keoklXkq!*!vOCUp;0}!Q$o9jEGjbj!`*<6jd+<&@W;nxjP%%JW2<^QaD zBBZ@`=wOPw+0M5Gpmvv3p=1%iv?ORhL7C-bHMvC(c$I~OG@v!tjuY65BbszCuy*)2 z$W#PeotxL8??&_uSlIv5i@@h7%+Agx{&pF-0`uyw;0TM~^?Fs?bm(NuxwZhOPv53N zE1%!LX9@v0#^g+3=H4OsJTMPHf870MWd9SDpM`9~)0}o7;&8XskB!D!WunbU`EcP? z2B3w_A@`Jv-Oqh{6&TJ*BUVG28HUJAcc2I$?;YsDgkqz_?U4()PXpp=k?H&TUZxT! z3bH{Drdo;vYH^w;_3S)r9P#5JT#i8jAa%O9zw(8ivPVYf8790jA2iVyhAV;++9S7} zMuy6sK^EqGT+z>P98CLEZ21CZ4SZ@+v-D|FlNYyl)r>>0W1wo&Q4t3#tlg^ zPpzBAj|tlRlH8{7mVK)&Lz2d(mpaScuz-TTkk|wFAlx`jD8aednkiDr7(*}J!9?&3 z7-rIK|6gG+kU0M(X0wN%tP~Fm`s-d@_^p5ln zDosKORZ0Q~3IRe9La*NwAcAw|%*;90TywsEXNcBFYSS_hR3J+o*PVFi3e z>CtvR%gbqJ3X1uV-S>t}lMsoN?X0JQa+({MzR7-2^%d`eCb{*-1!x#3r+gnj6+|fN zLJJ&#AIu6EL#GUczcM*33CpB(jwq0G8Ch-^>P!JS#XLZILb4r}7jQl#*Aki-Am2=c z$V%!>twd(p+FSmq@{;yb`9K=*DGmLWS$Y)9w~ABc?F#gczaR5rtVJkvqP^R`;7MsZ zF{i%B)MkzF`kaK_kal)=rc@@(xH#Z;&%=-F?UFPnIolCx!KEVlj~#zR2<0Azovx!b z*|Tm&tl+-fzr?EZyOjTZ$LDGEf+Y|W4L$+Ph1iVTNWMakv2@S*vaLrgRa+2TDi=M| zHCHAhTZloXscB>?O(06- zdKsXE7t7dYe`i52A4iG!Cf?#tW>&3dbdv<>!JsBj3jcY?B;^}jqt5rhUF9UiKmO;k ztVYi((uUpfaqNa>owx0AxT&PSi8fm0QhCPln$nHpvnCcMD_%Z=RI*I-bV}@fHc(Es zP*DHwT!S^tcK$Hh1{Wy%O+7+DcJY9voWQyZs$A6q;{i>sPYV6)-(_k6IF2VkHKHBk zE{vqfjb_j|;DnV(zlQuH?ttKwGZY!j0MpbAd-*~oEk2%nESO4pRq6NL5#__}Q2R(q zkTcwG3Vs&D){(QM7ouIBV;QZ7A;Nfx#7|>A1{_5~DppS{nm*A*-HUEy5%OwW9;cB% z5{;h!bxDY;4*rAd2|BYsU8}QO{2TH`etpWG_OYk)24F%fRcLN6|DMemFv%2>uSdHWPhA9#E6O9_^zrN703>~B z6sAMKzx6k(=rG7k2Xc%5=)zCZ?EJTz4QW@Xs4&|+fAY?ehnkw${{DjL4VGPl7f4(P zi>pVZlek?+qyPK}1d8n>tm7lFy8hffT8VNTCb6kYl0EGKirq)i>;BSHm|N2W< zF86@rjZxahlgN}kU2hLl2R$u1 z_G_=8p_q%a)r?;es7EQImeXEzZQmj0FAG3yXo6L?=Up-`O0EsA+S?W+YYfLIwc5x8 zQhPsrv^&FyF#-M7=GrQ=m1UL!N^PS-4ye}XW*_SG`|3^@=`ZC-|73`yB%+zl&4a3XJ<-kr!BHMKf z0%+J(Y*`e1L(khmFvL~6dA9K{DOnhaY0t!<`7&fei>3P0Ju|<`3Y&9Q+n0`4tW|LM zR+Ln%md0~IqQ@&H{|n2}45p^KdU9W|NaT(WzitMyd0)Bl;kgDGPdV&qITiwc{F&|>D_{N-H-QC+or2O{w0{;Mwm%S7{`;CdU5 z6#An&4ScRVyT|yGAcrlDB10GC@{nW>tE4i#JBN5+_)<|MQv7^PA`O6HMV{@zqaFcZ zvOiD!|A~t!t;D5Lcnd4(pPggY|J}MozyJktRiMsbTb%*+`J1Bxw1$LRt+V>Haz{eWtG!B~lx2lSv80YzpHiXgB%)Ui z$@3BrqV(fIXg%&dr(6`awIj|LRLH`%j0+Rr1&cybk&9<^cxsu7&|pv$C?nddKAN znl6BB^PC0L1p4W_+fTxIk)3iNk_eQl|JjQ`L<^*9(p?+NARE^`j{(oA1LQ0f>l89z zX(rncTVP$`{BFe5yf1jqw5wA=7vXQb%0T6%1&J%U8qWywOmX0h{~4vEX0}RC30ch`BD=Q z!gXYw->j~p;fT>B?im*!2?&8SAazm|su-9cEO=R@GzQJ~bH^WA?nG-z$y;VPLNnWi zj0kE?uLF5L634;vN^Tun|7t znY+iumhhM(aDEd@!E(3OoWTC(mkNq>D!zx~MkJ$e5zC8;&4N{1hNu2yGSnO9 z_Op$1K_U{PDOW5CWUHJu1N_DfJ}-IOn!ROcepx)YR%DeMnx=2o`cfh7J9UaFuNPPY z=ZXZv#qJj7{<-UX%KJjRnBB7Pgn(D(>nE>UeT%#vdQXJ*gKRo&VYa}qi6Aum?4+2> zW1G5Y&9|4PU(;#CXs^wE3064OS1F(@_+aE}vdDNDS6tmpvtY_MRojAcG*B{d%APde zH+Gla zjOF4Lws6g!m;KUlN(-zEr)>Aky}v7WE7ar@v`5Z}C|fj(H?NH3|rSRyEI@+krp zAP_1sO}*dhOD!<=`T~?7?ouN@K-Vi5!vyo_+Y>?AN{=f^CD8^1lyXYz2@+adW%yH^ zw8M@C9zw=SiSODOe9XdbKh9_+mZ9R>?SwdKlYd-2Nu}$4eN11EfZzruHQApxu~`EL z7_hyJbi{_gbUpjC)5xwjMf$fe+#JZUk4zf+mdD5BF49`8bUa45jQB*4F`p13KJT=N zP+UjPeM8;L$#9f5OvbLXTN$33g=}6;_Dqcs(mD^g59(eJOrI^MLNjq+)+e()yLzjY zWcV(?r!&j zw6#ySg#Wr*`^zf2AS(QajZ3ea-=2XEfaHE4G)!)-fBX{2UO;eXyjfgAI_G@{_&V<$ zJpw6h3@8ywfQXE8^-By0my?&tCvy;rFcAMIzy7~iHh=w2VETb$YK8r9AOH)2L#H*T zc3*FA&ZXxpTvjN%?_}=@jxg`?@2h#t#vf8R`R8QtXdW8%{0O$W!C4BE! z#J`&74gHzN0UQh(g9r`xpeNm%r)VC;C}bFQtkf*U!WZZ;!G0+c^Nr6a)2j?>(K4l< zcIc9%A`14#Zg}I+8;Nh8KAdx@{x-1b0uw(>l|bp47Bh5Ep67)2qsWuq0rL#Gw7f4j zOb*LPI`K>ibZ6W?8%kv%X12MZ6~!&-skjuEzz|H&Ra(40xW|#(wh!Yw!Q3O`RK4U6 z{qvCY&;{f%Yg&40Uv;4GkJ|R5J<`9Cg%`YhU3fmq=w+F~7IK)c{@R;qga!k3_OtY>^k*{z zf@sl#-hz*8_iGE>swugv5f@)!b(t>t?R}ci5Ic~#To{m8MB8^Q+dluab!Nlmg zPQBK#TAP4uDsUP`v6`Cr+GDu&25F2%#Vl}rIU)y~!}tG{c`<6}e(+I{vAyteMJN59 zZM!-3bg&(vOWuxqc*6x3y;8XmBWSqT##&PGPOFnkg` zD&J6!#Gm3hSF3Eh5Z?>oq%+Vd)QK6NgltA<-ce7@%V2MVaweV7Q1T06xNyR(CPyTE z)_pgy0%8H0}EiJC#MLGx{BWrEo3X<@@f1tJY3&ad?z{9 zu$MTe2lH=`riUX@YEYV)vdd^vf<6@FFrAQ<5_DlN$mx-cWGU;WjXR9sBtD-`jGP{#@>L)|zyqUk}C%Ag!dt>YCPBL`1hC<3NM zHx?nFM2j(LFDN#1J9b3A#ra@=4B_}U#IlJZE_dqPsG=j(D^sT4y#aF*l=%_7MYW#m zHU9D`ra{p2%Bf?y2A?yOg6X8F&JNAqQM=i!zjoduH}C#>$qG#{C|-2@MW5ItPx!fU zhma`4Ww&KVIUx^jWQ}m9gaap?Lg)|zFg43=_E%tN77WFT9Q6)~I?pH5b4* zT2P;%UC0%Ev=4$jly*=KQvU2o>TK)*35?BQbd%GNYDvq9#5;w<#~S2X*cau#M8E5o z#Z)~ve9L2gvZ0E2=Pclh zs4qfjhzZ$C3o+&JG%O-7ZJMyLzfSp9n<_nzok46KgH*awfM#{8?A5zG^{MZ|^##q! zs7Jb3Mho(Edkz_*qyJhvmly}n@)qXbG-^#);83d%RuH!vFL<_34pXH?St%zAN@tud z+E}j>&xJs!+<_n7*d0GMiY+*CAa~H-JD}KORZ$O_ZkW)Z5yxYvADhh39-Ql^FEyL_ zjgf;>-LEkRFd~t zGuu&yh!i7))b%SNZle{j?~Dgx6Jy;UnI;s5L{uMaB1RxX>{0NbtKSgWYQsX_)S;oN zeoD-@Q<38u>Qya=1PPjGm)YhZ$&rY#c0ZGG)eV+3>P^Maxu|lkzs#gL1KO=5Y4hJ8 zM8}&s9Qpw-tt{!h{O#rV$>Y70+d_rE;lNZP7WrM*+kNZV-)D|ui`8FA(k+Ca4bC2B zZ7mn3XSA5}7k+%9iVtJrqZ!NFvGB;nNkv_hM>Q(B(1}@LXjU;;l5o=I!qbQLFTDH1 zsmo0p8Vny=%lZY1)@v$HDJDUupBbP_*rDP{rpC1R15%V3H%mtm@{pNo?I35|KbjJJ`-p3RGYHyLEO*7EadTF9{Q{FOhoGHx<3W z?)+v{0w=@o&2l5{lZ*9WyErmr>Zs*XA0n(`GW%)1y|5B$Y2fINpb;pM0foP9Hm8IL z?1k&sZAh4HVG5=DpB+$N-c~zOAF@1vR-xB+6gRbOL=)x5$M`J4sCv5{W{TFv_hb!B$7oDI7FR@p-*Zv;HugUgujqHTd}i?D zkpZt#*hq_~gZS+mV~zL#)t7YqQ$6u^H`Kg30GoVwy3t6rfOD`LDL=la;&!1rD05xQ z+uKD7Wn8xT#lhlEJqx^g{49&;S8389F<*c&K4h=IE%E_mAYwX!N-^JZY`(1QfT8%azxYd{Y@8IH4KV5%I6A_ltDL6*B?veIi+e*6)s7Q5_uDe(EyQ zj*V}j;j-dsyRJD^^p?eLj$;L-^B4YH29J2Ite!dBg{xQwRm|uE?4ENy#QdIxQ^PtR z>P&`g|JCpiR!#1F5$&*zbWhv6N|oOS%|8>71>v(fSCn(&l9>*;6#x?at}~A54gA`2#sECi{&GnAi)xaV#EExvDFYg&#vooU5CIoc`gn`-8W+UL1;QK2VI25 z4jmq2mK@qdeT6OXhBj(0PD9j&>sv%Wa-%6Hwq4(gv1;kTM{m+Ge+O6(miS-MEdyn% zk(C10t>s4wASvd?raAJEKrfV7W$bs=hS-%9jROqV5f>-0nu^KD_3T4Qk`C8yxI-gs zM`@pcWEpah5y)7FSHanrE|?D#2-s~QL-w^PWa8d%OTV9}Fa!G<<8}Qndpv!h!qWd% zeYcY;WQln$8cH_Yqh89gH6-!7@A1TBJFZa9Moqm+~eoxl| z0mpb*yS01_H>3u~tSR<(Sx3A!2b{=_zR1>p{_T^~5#l zaw~ilqf<|vvw|4VMzWKLia;}K3x{%=(4|GEbBrPtR9GG}*NWCEy`BlWhd}@Z%hNQv z+JeRs?x<3~353Og$CLTVbSVBky=YrUY=jD_UQKg0DMl)EUNL7bsn%hNdQ=-hzGJ{k+oe=g0XawJIZFuW9$p z>rmkqP#I;X{wN?*yUvI90U@}RVpWTsPB{`UEzjuINk}mf432O`*wsw zJY5Gj(nu?bE$bcYbYrM>0(F{X$&Hk6(f3BG*HK=qGUAOo?w@!?dG%OT3<5!_Y)LtB z{wB5{P~!blFUi0c5kj`5RRqm8Q)N2-j^Pb&X4xpUCUy))c#j*)i4Z+dRG7)abn{03 ziM}u*W6!NZxONW+3-3o(I~$f?Id?VqXrY|MEveF+*1$RIyHpBqRYh63wRE}kHm-h` zPDQ}JuAGgV$0)x-*=7#SO{;Z}<(!F@aNy}S9qb8)RmmU<@E|xwUQCGfD}5kkYfS7O>@Pnub=DE9YWJo4p0amEK71;FMQ-AuXzKNqDYL`GkUyD=ec^&Pz1=Tc zh>Ks{FLh#^Rf+ja5cTpkWuH%U}vjn4b@XJ1HVMM9q^ zlyjWjKQkOqtE_<5bY}sR^}6Ze3bS?-PTnA}d1zAip#p^p3BMc9m8+-Sf!(&2RMuGx z410aa@w1Y9UYb+Y9W`TXb0K?}u5i^ELuwuO7u5N0V0mw#oCV29!Z(B8F~0IoUYdQQ zk$e?mtLb2y&~-xzH7T&$(uq}PQE;>DnH;J24E>#jMBvge?>r~nQaZ-2b>YsNh|%N- z6Si_*{2$ZS!@SDFpeQP1>+y(_wNI!g1zs~-bccSFuPWEMLL9cB zRIbU%<5obe03)n$Lk7)R8u+5CFkRF6UE3l1HdWhWHfqf@`qMmBKTTzGLBDT^){L&) zz~t)E)+erQb~;MA7ub9&Jj6W&TQjr=rlUVaoe+y=wh;4nuwwXdCg8J|%u`(pwdUWQ zhNT=wX*;;y9F3kXPJeGyy(W6CB*Wv3;7=5b=oX>>OP>0D`=5pA^QAY!Y+8i zwdIr9yowa_TOkYBa1Q_TP9deCazUZpO=Ijv2>y-deXM+~7BKE)x9wO^x{D@iC`+_p zH+l{L=<;TB-G=rvpWp-czSp&V5*@ABS$0c5d*%03FBfQZ0A!q&$2KN?u6 z_vi|U-ZaX#8V)3^y9`vEcqhB_({Enc@@qbuk9h?Yme@Di^+&v#W3&WU2lzK?D(K(w zlHa$L1MPxe3tsoS2>~h4ahG5&tM?acn^aaS+--LPUZi?ojUH?RD~FKchF67MHrL=W z@;?YkH%xYJ1Hiq`md?WocAQ208lV>ArgiEn=jKYVv)c>nodzVq)N#ecG!LsOc3W05 zekv()XDfT%D7NuExZy|xys)rv5_=M)HE)H}M9WcjD>#qJHH%~NPXSwiq}I{(h)}__ zdypJ*u))z*wZ~SEbu!B~06JmXZ8SoD$zeP+eI@wZ?adzz#F#8+-GRi*V5iv{4dC?X zQc22GcC?}uqK|0ubLjsVd>05eZ7Pfr{bY{9I8x3U!8H%D2~NE1w7HQlEe$VOh&~(( zCL}2pBUTJkn!mCZDJEq;_acaD0v1~nY&VAL&%W{~e*%~4*x=!ytklghL zxdB>1L9^v~*R`?xK>x#3KB13dXHryDMbY`AL~B|3tepv$mg!{LlA_j&&At$UJbk3z z(|cU%n40}zk6}SkwYW!88evgSza9-rpMGNjb4vT$10G{a;X7t1Cd*5|b^i?iJJT{7}0TZ7q| zW_Y?{KKSi)aSf)~OyA5)Wmb6onkE;_(vT)Wh8~U1^)6-4igC3KXTK?}^n_mtbx!$` ztgW{Cj2GWNecJ}KjZ~(mY;F0(o%%WS$TZcUm|d7r&+8;}C0pGiwXE}HpK>K$1;hXq zaz^H?P~b56%O*1Mox_OUQ*-BoWxI)7rYc-bvesA`Syz5lM&57dk0K6YNa z#gb*%8~=0zXzCwp826l?oijyqOh};AtWVpx&zFVlOb*fgl`&_g6VEG5nTjbPMJx&j zS2p%3R>Z%@5m8ZJ;)B=U*>QB$!;U%gxGJ`q@#M8@8lsF}px`4kjxYt{&}_~Tp$Pn` zC{fzMRRsHQ+hIx{vGp?3aIv6Zc#s6P>NpC1oU!-aNe1FNgt>$tKQnZBvYK$iXR2D6 zue`=HUcOzxL$@+U%}H?~`3sXB*Ty-4`jSvO#*{?)D-kl=JyCk%OoVrjv3{MU$+$nx zBwEP#{3i^y0F*H#&x;6GS5!q4v!p@tXABx`6P4L0Ujq_+S>L=3duVV|F7PB%aK^UN zh_*|TCQXyan(KZJgQ_Yj&mS$Ts_HApnwcff%>CD=< zFfgIg9Q#%VN1RjCnYwB8O>tWN$D*kw*%2`BfEo%UuyK|fjpfh>lWITCAnIsi*>JxA^7`Tv37w%m)+i-;6Y}SORLEa|v9Z@8?WdojL zQn>NV{AaTf66!pOxp{M?7QWzoXp&;5mw;Sc53qVab-KDt>)TBW!z|6q-DQ|b3v-|} zTzGRxdNsiP3waTBhj8jySy?SlcmSHjI>xIMEa)?U4>Qs4eJF*Ww9Jf~E-Y5w+Wa`w zLk!KD!OoHjU~SD?n)$Mq0Hiap)YJs_4R#K@kcisF{;^a7v6r*C+d0gj*}4<^6d;rU zRbZisa&rI94`i{2#VM$XXf;PHJbB| z5P(Sr{5^R>vAvj$sD!lTHogP+(txG06Rh6~QvI}pwhDg(mmyi4{!g!ZHaSgyd~0_@ zse5Rzn0ML7mprx&z)yQ1$($^`>YT)NzSRMu@&tA;|Buj(r zW>KZ%Q#dvYkr%?rHG{Jf8{Dut(ixHkXyjy@*$uDa18XFJV_UHN?J5V5=9N>`eP1>x z)70$Z#1KLSjK&@HGr+cK%=JEeV;-K*PrT7(N1uc%Xk#4PKhTk&i~-=X(Rc4v>boa# z%{JZ~cJZ>pA-tsu>-zkHsfU9BSy7rf>UQuHDXB}%Ho$a`hU++LNlQCsnznR)p~s&U zfp0v+e0z$a@WW}*$Z%U)cvIuS2iIK#6cEGcLcjj8Pt=%(6`&gLF>Pm6SM8t`3(U5` ziPqU;!SY=_WYIU<=v2leVDc2`U&v2LtSq;xD!1{EhU=7DPkaZd0gkbv%&l)Hs+PY8`PO{E#DqCZkqWa!RBe<*h3KnED_hoE>st9d1Q~jq9R63XUHIT zLPITTXx0J3nK?Z_(s5Ha*M{QAyA>LSd>Mmu3*mt+oPh4s7zLK zJB;`0%~4_BLqs-V3`?g?h*Hf^vOcr_lvDjXLx z|8{25QOHn|ZD+<~YbAX~QLO-s>5XM{`3b0Sh8 zds5L1PeV9eV=^uA0mnYX&rS|R*1z-Tt@{Cl=wo-bT(}tptF0U=GdN$4Z`DxD1s?kL zshUNdgLvN5!D_EP5)OS}uQCTy({^GcR`RQ4wi&E5SGMRhvD&6|rHKy3#%dkWISscI zFb&7g8(V9%moIG`8H~D(qI?hBrX+{~eLc}S?S5G;`Z%|O!{FRBqQA&0lX3pIw#zx@ zQG|z^g9qu$U-p&E{yeXF07Cd!P2`d~s=PGP;DTmYI$`v{JIf<1CT%g1UD6ga?{3YE z*2~O!y5`}Chilu!qtP2a%7eJI+3!#E*-A?fv>&(Y59d!a60CpR^1Y~{h0y(v37x;3GY|8u&uk(JdA{}srfqyo3B4CrrUd{HzOZ1jWE%6 z$s44-HAEtrT66E=0EHxb}I6jbFUQpiYTDazN zUW1_8O|K!AF%c11trLywNqmmJ_@dmEV94V5vIX-unA4`mOL@Lr==f9dJ*hw&<8c06 zVgai8s_Cdpb8Z$|sp+j9?bG)PUvhY( zUF1_BT_;6wG?DOj?XFfrht$>2nXj-!+p6OoO7FYv3%#i?*Bm5+mj9^5rp-*RDe6`N zO*UPOWyEfb31R7*`BM3$b~gfUwgHTl8Mc+SSF_4D*1WT|Ys}}&quG+japsdAvLL)= zLRFI1mW>oKcyWpmrKl@hf6dVDDgp6V!&xB0RpQ_%j2^8Q5`X63x zGCZDnlzgeD)u(5c@iB!$6mdIo_5qZpg}L?)Y}Om!`Ffmn1kwM_ zKc7^Y&WR^inpM9LGED%K)eGij0HCu~?hk|vV(|s$sGSPP4TTje&)x;%_SF{wpaIZn z=_1!?9;#Fd^Jh)S24DNjitQ{ma(Wr_q-s6z1PRLl7*V#R+5p0`L-V0Q&<$WBgWbPi z{ibn=vbeA0*b>j1&AIWn*o3E&+)w9i|~0d4aF>K|nj zS8|bd$&Z|mVsJ)P3Q`W)P)mvd`bs~zA!6wVKqiqnGj8}MeZMG13|xtu*f77pCl>#{o(6_} z(3LH_G>n)xP=ic^dQ!c(^c7=|kUbg*gB4UAmF^vOa`HD2@r765XU<^Wo+gLPNsy)i zA_;1iD@5^)9GC?ZKJeMa{48fv1A`g>GueqhlFXY>7RUaPkr5FpsQ!OJH`SR-c$Vxc z75C<`_ZU0S=`_2Mul`cGW=~9=2}6>$fXu+%d)pv@c^N>%EH}}UTQ^0aya&C72jkIo zrsmA#9_$nefA7yqqG@lFmws!!wN}iXyn`_!fw`h8`9RmA$*n?p;~O9e(|2WRgC++t2#EQb!ZEh2dYM9 z0SXV+`MCzU1wd4nO8_JE?CS>rI0G#VvTe4jgpr2PYkYPXWgzec{KT=jLtfQD!g#iS zfz{U~b{pr4Npp5TTH)*m)cq8I=&7iR`q|>5;!LW z@Z|X>U3AWK3NCOu84@xRV3a9Ir#+zj$FhiOZY5dzsS3&;ll2m`hed_Jt(q= zrG4(bjSmMKROcyE<1K7s74tVlLDe!HO3fV9?)*6dWq_h$>(-F0#L@i1W~am(^&m@O zNjEc?kF;=AzUv>L>ZrX^_@Xk^3*Q+HG`pY$UqKfh7Gm>PDFV0YEFcDw#_Sc8&7$29 zOgQW1+i42q6Cvxd@Ep{KVH7svE5arTlm$0&1AxeF-a4sdEcB2)Y~i(fy^!+z4KKVb zGmsb!4Gn?Ov@~-h?EF^alinuF;%b%##UPkW+QRFIw(R-#sJ2q^OU`q>`6jlPcDReA z0<|^?-EGQXvHDS_EzOQv+(k38ZuK_lE%}TZg;w`vT~EnRI}Biam4*<@G2J!9aXA}| zCV7T@$lDrPBpCG**`8NTE5p559~6;E-dNL4N_xh4)0EkD$aC^LLAl+% zR0?1qZ41`T1)rLmXMwQNzC3SW?_jAY?pSR-I4FX8hXmC9K>Xj8-UVR-0zh9B8s4QL zdA^*7DJU+JCKpLKAMMdKQn?B0P9u9Tq|(%I&ZvT{ixd>qpoe@Mpwq%-L}5~K>iP-1 z(DXVBDCY2bd#524W}|ojvT4B2A{9ZPcnhQ?VBqG110BU3U^9XRl2j{!;`zO;1&iOK zY+?E9NBk-gTMDu-x8HsRL!7;uPk7=1s{L*iUIcRre3atOb`h@rlc0{r_Jvk1jN?N0 z^dDzJ7In@Zr5jDB6GEx_21Hl}dvry8ie*aGpYNWHB*1iafm4^_&SO%;RTiyfp@~oG z0l<5i({)9wmN_wo7RuSmrM&@aQe&TtJitBM%nO)`uRI|L974q7W!2?J|3HILPQ!>HCY9G++{mc-0r8&b+@44Qji#58yY}CH#!V_5;t>)5Ul+o z5AFQHCcI!Y+roF7rwre74~tV*ss^`;0E6a1<52`%56e!U+_`BFb0f7WsbNpL;dwzs zd#khl#S3we>HOvC%^%&q`U}L`tPN6e57KzJW(dkIpNbFxyxpC_14b$Z7wLH@DD+8R zNI~%#Oce0vHSi3AKbJw}De&hG6ZioX6wmMf;kJ3f#_JKi1ht_a43Y Ef6g3TsQ>@~ diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index a3df920a18..8c40978809 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -10,12 +10,16 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/12/2018 +ms.date: 02/05/2018 --- # What's new in MDM enrollment and management +> [!WARNING] +> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + + This topic provides information about what's new and breaking changes in Windows 10 mobile device management (MDM) enrollment and management experience across all Windows 10 devices. For details about Microsoft mobile device management protocols for Windows 10 see [\[MS-MDM\]: Mobile Device Management Protocol](http://go.microsoft.com/fwlink/p/?LinkId=619346) and [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2]( http://go.microsoft.com/fwlink/p/?LinkId=619347). @@ -1517,6 +1521,18 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware

    Updated the description for AllowWarningForOtherDiskEncryption to describe changes added in Windows 10, next major update.

    +[DMClient CSP](dmclient-csp.md) +

    Added ./User/Vendor/MSFT/DMClient/Provider/[ProviderID]/FirstSyncStatus node. Also added the following nodes in Windows 10, next major update:

    +
      +
    • AADSendDeviceToken
    • +
    • BlockInStatusPage
    • +
    • AllowCollectLogsButton
    • +
    • CustomErrorText
    • +
    • SkipDeviceStatusPage
    • +
    • SkipUserStatusPage
    • +
    + + [RemoteWipe CSP](remotewipe-csp.md)

    Added the following nodes in Windows 10, next major update: