From 7c8677283e96d6a80c7859849ac10ee5a9f2220c Mon Sep 17 00:00:00 2001 From: Baard Hermansen Date: Sun, 17 Oct 2021 21:33:28 +0200 Subject: [PATCH 001/420] Update set-up-mdt-for-bitlocker.md Removed a surplus Notes section, seems like an old version that was supposed to have been removed when a newer Notes section was previously added. --- .../deploy-windows-mdt/set-up-mdt-for-bitlocker.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md index 481df59b4a..e41a843bb8 100644 --- a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md +++ b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md @@ -42,9 +42,6 @@ If you have access to Microsoft BitLocker Administration and Monitoring (MBAM), > [!NOTE] > Backing up TPM to Active Directory was supported only on Windows 10 version 1507 and 1511. ->[!NOTE] ->Even though it is not a BitLocker requirement, we recommend configuring BitLocker to store the recovery key and TPM owner information in Active Directory. For more information about these features, see [Backing Up BitLocker and TPM Recovery Information to AD DS](/previous-versions/windows/it-pro/windows-7/dd875529(v=ws.10)). If you have access to Microsoft BitLocker Administration and Monitoring (MBAM), which is part of Microsoft Desktop Optimization Pack (MDOP), you have additional management features for BitLocker. - For the purposes of this topic, we will use DC01, a domain controller that is a member of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, see [Deploy Windows 10 with the Microsoft Deployment Toolkit](./prepare-for-windows-deployment-with-mdt.md). ## Configure Active Directory for BitLocker @@ -174,4 +171,4 @@ In the following task sequence, we added five actions: [Use the MDT database to stage Windows 10 deployment information](use-the-mdt-database-to-stage-windows-10-deployment-information.md)
[Assign applications using roles in MDT](assign-applications-using-roles-in-mdt.md)
[Use web services in MDT](use-web-services-in-mdt.md)
-[Use Orchestrator runbooks with MDT](use-orchestrator-runbooks-with-mdt.md) \ No newline at end of file +[Use Orchestrator runbooks with MDT](use-orchestrator-runbooks-with-mdt.md) From 6ad2b380099407d9b8c0a0cc981e7c6dbaf0f347 Mon Sep 17 00:00:00 2001 From: Kim Klein Date: Mon, 18 Oct 2021 11:20:55 -0700 Subject: [PATCH 002/420] Added formatting to the file. --- .../.vscode/settings.json | 8 ++ .../understanding-wdac-policy-settings.md | 76 +++++++++++++++++++ 2 files changed, 84 insertions(+) create mode 100644 windows/security/threat-protection/windows-defender-application-control/.vscode/settings.json create mode 100644 windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md diff --git a/windows/security/threat-protection/windows-defender-application-control/.vscode/settings.json b/windows/security/threat-protection/windows-defender-application-control/.vscode/settings.json new file mode 100644 index 0000000000..ed9462b7e6 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-application-control/.vscode/settings.json @@ -0,0 +1,8 @@ +{ + "markdownlint.config": { + "MD028": false, + "MD025": { + "front_matter_title": "" + } + } +} \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md new file mode 100644 index 0000000000..e966d5669a --- /dev/null +++ b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md @@ -0,0 +1,76 @@ +--- +title: Understanding WDAC secure settings. +description: Learn about secure settings in Windows Defender Application Control. +keywords: security, malware +ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb +ms.prod: m365-security +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.localizationpriority: medium +audience: ITPro +ms.collection: M365-security-compliance +author: creator of the word doc +ms.reviewer: jogeurte +ms.author: dansimp +manager: dansimp +ms.date: 10/11/2021 +ms.technology: mde +--- + +# Understanding WDAC Policy Settings +Windows Defender Application Control (WDAC) Policies expose a Settings section where policy authors can define arbitrary secure settings. Secure Settings provide local admin tamper-free settings for secure boot enabled systems, with policy signing enabled. Settings consist of a Provider, Key, and ValueName, as well as a setting value. Setting values can be of type boolean, ulong, binary, and string. Applications can query for policy settings using [WldpQuerySecurityPolicy].
+ +An example settings section of a WDAC Policy: +```xml + + + + true + + + +``` + +### Example Scenario +An application that may want to restrict its capabilities, when used on a system with an active WDAC policy. Application authors can define a WDAC policy, setting their application queries, in order to disable certain features. For example, if Contoso’s Foo Application wants to disable a risky feature, such as macro execution, they can define a WDAC policy setting, and query for it at runtime. Contoso can then instruct IT administrators to configure the setting in their WDAC policy, if they don’t want Foo Application to execute macros on a system with a WDAC policy.
+ + +### WldpQuerySecurityPolicy +API that queries the secure settings of a WDAC policy. + +#### Syntax +``` C++ +HRESULT WINAPI WldpQuerySecurityPolicy( + _In_ const UNICODE_STRING * Provider, + _In_ const UNICODE_STRING * Key, + _In_ const UNICODE_STRING * ValueName, + _Out_ PWLDP_SECURE_SETTING_VALUE_TYPE ValueType, + _Out_writes_bytes_opt_(*ValueSize) PVOID Value, + _Inout_ PULONG ValueSize) +``` + +#### Parameters +Provider [in] +Setting Provider name. + +Key [in] +Key name of the Key-Value pair under Setting Provider "Provider". + +ValueName [in] +The value name of the "Key-Value" pair. + +ValueType [in, out] +Pointer to receive the value type. + +Value [in, out] +Pointer to a buffer to receive the value. The buffer should be of size “ValueSize”. If this value is NULL, this function will return the required buffer size for Value. + +ValueSize [in, out] +On input, it indicates the buffer size of "Value". On successful return, it indicates the size of data written to Value buffer. + +#### Return Value +This method returns S_OK if successful or a failure code otherwise. + +#### Remarks +See [WDAC Policy Settings] for more information on WDAC policy settings. From 371c645f32e0abf8712d513e98504e14c724c195 Mon Sep 17 00:00:00 2001 From: Kim Klein Date: Mon, 18 Oct 2021 11:30:01 -0700 Subject: [PATCH 003/420] added new file to index and toc --- .../windows-defender-application-control/TOC.yml | 2 ++ .../windows-defender-application-control/index.yml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC.yml b/windows/security/threat-protection/windows-defender-application-control/TOC.yml index 6e2bbdd64b..47bc7d1ad7 100644 --- a/windows/security/threat-protection/windows-defender-application-control/TOC.yml +++ b/windows/security/threat-protection/windows-defender-application-control/TOC.yml @@ -22,6 +22,8 @@ href: understand-windows-defender-application-control-policy-design-decisions.md - name: Understand WDAC policy rules and file rules href: select-types-of-rules-to-create.md + - name: Understand WDAC secure settings + href: understand-wdac-policy-settings.md items: - name: Allow apps installed by a managed installer href: configure-authorized-apps-deployed-with-a-managed-installer.md diff --git a/windows/security/threat-protection/windows-defender-application-control/index.yml b/windows/security/threat-protection/windows-defender-application-control/index.yml index ef5892459f..152d5cb75f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/index.yml +++ b/windows/security/threat-protection/windows-defender-application-control/index.yml @@ -69,6 +69,8 @@ landingContent: links: - text: Understanding policy and file rules url: select-types-of-rules-to-create.md + - text: Understanding WDAC secure settings + url: understanding-wdac-policy-settings.md - linkListType: how-to-guide links: - text: Allow managed installer and configure managed installer rules From 0ff09040b4199de166bd4486c7a9d05545432945 Mon Sep 17 00:00:00 2001 From: Kim Klein Date: Mon, 18 Oct 2021 12:19:12 -0700 Subject: [PATCH 004/420] removed brackets in wldpquerysecuritypolicy --- .../understanding-wdac-policy-settings.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md index e966d5669a..6f583d977a 100644 --- a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md +++ b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md @@ -19,7 +19,7 @@ ms.technology: mde --- # Understanding WDAC Policy Settings -Windows Defender Application Control (WDAC) Policies expose a Settings section where policy authors can define arbitrary secure settings. Secure Settings provide local admin tamper-free settings for secure boot enabled systems, with policy signing enabled. Settings consist of a Provider, Key, and ValueName, as well as a setting value. Setting values can be of type boolean, ulong, binary, and string. Applications can query for policy settings using [WldpQuerySecurityPolicy].
+Windows Defender Application Control (WDAC) Policies expose a Settings section where policy authors can define arbitrary secure settings. Secure Settings provide local admin tamper-free settings for secure boot enabled systems, with policy signing enabled. Settings consist of a Provider, Key, and ValueName, as well as a setting value. Setting values can be of type boolean, ulong, binary, and string. Applications can query for policy settings using WldpQuerySecurityPolicy.
An example settings section of a WDAC Policy: ```xml From 80c417c09fe88702e1623c22c5a1b7ad7468123b Mon Sep 17 00:00:00 2001 From: Kim Klein Date: Mon, 18 Oct 2021 13:19:02 -0700 Subject: [PATCH 005/420] updated the author --- .../understanding-wdac-policy-settings.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md index 6f583d977a..530c147315 100644 --- a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md +++ b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.localizationpriority: medium audience: ITPro ms.collection: M365-security-compliance -author: creator of the word doc +author: Robert Wait ms.reviewer: jogeurte ms.author: dansimp manager: dansimp From 000a26dc6eabada6db05cb2334017c03caa8c551 Mon Sep 17 00:00:00 2001 From: Kim Klein Date: Mon, 18 Oct 2021 13:20:20 -0700 Subject: [PATCH 006/420] corrected the md file name --- .../windows-defender-application-control/TOC.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC.yml b/windows/security/threat-protection/windows-defender-application-control/TOC.yml index 47bc7d1ad7..9cfa2e9982 100644 --- a/windows/security/threat-protection/windows-defender-application-control/TOC.yml +++ b/windows/security/threat-protection/windows-defender-application-control/TOC.yml @@ -23,7 +23,7 @@ - name: Understand WDAC policy rules and file rules href: select-types-of-rules-to-create.md - name: Understand WDAC secure settings - href: understand-wdac-policy-settings.md + href: understanding-wdac-policy-settings.md items: - name: Allow apps installed by a managed installer href: configure-authorized-apps-deployed-with-a-managed-installer.md From e1834ca4c51520b046f39208eb864de39340bb5d Mon Sep 17 00:00:00 2001 From: Kim Klein Date: Mon, 18 Oct 2021 13:24:33 -0700 Subject: [PATCH 007/420] Update understanding-wdac-policy-settings.md --- .../understanding-wdac-policy-settings.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md index 530c147315..28eb21e297 100644 --- a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md +++ b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.localizationpriority: medium audience: ITPro ms.collection: M365-security-compliance -author: Robert Wait +author: Robert Waite ms.reviewer: jogeurte ms.author: dansimp manager: dansimp From 6510b6f40162de8281c7ecd928b82e0e0bc1a6bb Mon Sep 17 00:00:00 2001 From: Baard Hermansen Date: Wed, 27 Oct 2021 23:49:42 +0200 Subject: [PATCH 008/420] Update demonstrate-deployment-on-vm.md Aligned some PS code with https://docs.microsoft.com/en-us/mem/autopilot/windows-autopilot. --- .../demonstrate-deployment-on-vm.md | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md index b47dd4d0f2..01cbe2b0fe 100644 --- a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md +++ b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md @@ -161,7 +161,7 @@ After you download this file, the name will be extremely long (ex: 19042.508.200 The **Get-NetAdaper** cmdlet is used to automatically find the network adapter that's most likely to be the one you use to connect to the internet. You should test this command first by running the following at an elevated Windows PowerShell prompt: ```powershell -(Get-NetAdapter |?{$_.Status -eq "Up" -and !$_.Virtual}).Name +(Get-NetAdapter | Where-Object {$_.Status -eq "Up" -and !$_.Virtual}).Name ``` The output of this command should be the name of the network interface you use to connect to the internet. Verify that this is the correct interface name. If it isn't the correct interface name, you'll need to edit the first command below to use your network interface name. @@ -180,7 +180,7 @@ All VM data will be created under the current path in your PowerShell prompt. Co >- If you're not sure if you already have an External VM switch, enter **get-vmswitch** at a Windows PowerShell prompt to display a currently list of the VM switches that are provisioned in Hyper-V. If one of them is of SwitchType **External**, then you already have a VM switch configured on the server that's used to connect to the internet. In this case, you need to skip the first command below and modify the others to use the name of your VM switch instead of the name "AutopilotExternal" (or change the name of your switch). ```powershell -New-VMSwitch -Name AutopilotExternal -AllowManagementOS $true -NetAdapterName (Get-NetAdapter |?{$_.Status -eq "Up" -and !$_.Virtual}).Name +New-VMSwitch -Name AutopilotExternal -AllowManagementOS $true -NetAdapterName (Get-NetAdapter | Where-Object {$_.Status -eq "Up" -and !$_.Virtual}).Name New-VM -Name WindowsAutopilot -MemoryStartupBytes 2GB -BootDevice VHD -NewVHDPath .\VMs\WindowsAutopilot.vhdx -Path .\VMData -NewVHDSizeBytes 80GB -Generation 2 -Switch AutopilotExternal Add-VMDvdDrive -Path c:\iso\win10-eval.iso -VMName WindowsAutopilot Start-VM -VMName WindowsAutopilot @@ -237,7 +237,6 @@ PS C:\autopilot> Make sure that the VM booted from the installation ISO, select **Next**, select **Install now**, and then complete the Windows installation process. See the following examples: - ![Windows setup example 1](images/winsetup1.png) ![Windows setup example 2](images/winsetup2.png) @@ -250,7 +249,6 @@ Make sure that the VM booted from the installation ISO, select **Next**, select ![Windows setup example 6](images/winsetup6.png) - After the VM restarts, during OOBE, it's fine to select **Set up for personal use** or **Domain join instead** and then choose an offline account on the **Sign in** screen. This offers the fastest way to the desktop. For example: ![Windows setup example 7.](images/winsetup7.png) @@ -278,12 +276,12 @@ Follow these steps to run the PowerShell script: 1. **On the client VM**: Open an elevated Windows PowerShell prompt and run the following commands. These commands are the same whether you're using a VM or a physical device: ```powershell - md c:\HWID - Set-Location c:\HWID - Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted -Force + New-Item -Type Directory -Path "C:\HWID" + Set-Location C:\HWID + Set-ExecutionPolicy -Scope Process -ExecutionPolicy RemoteSigned Install-Script -Name Get-WindowsAutopilotInfo -Force $env:Path += ";C:\Program Files\WindowsPowerShell\Scripts" - Get-WindowsAutopilotInfo.ps1 -OutputFile AutopilotHWID.csv + Get-WindowsAutopilotInfo -OutputFile AutopilotHWID.csv ``` 1. When you're prompted to install the NuGet package, choose **Yes**. @@ -615,7 +613,7 @@ To use the device (or VM) for other purposes after completion of this lab, you n ### Delete (deregister) Autopilot device -You need to delete (or retire, or factory reset) the device from Intune before deregistering the device from Autopilot. To delete the device from Intune (not Azure AD), log into the MEM admin center, then go to **Intune > Devices > All Devices**. Select the device you want to delete, then select the **Delete** button along the top menu. +You need to delete (or retire, or factory reset) the device from Intune before deregistering the device from Autopilot. To delete the device from Intune (not Azure AD), log into the MEM admin center, then go to **Intune > Devices > All Devices**. Select the device you want to delete, then select the **Delete** button along the top menu. > [!div class="mx-imgBorder"] > ![Delete device step 1.](images/delete-device1.png) From f66a308a843f25803e92ccb07f21d6047c132d09 Mon Sep 17 00:00:00 2001 From: Baard Hermansen Date: Fri, 29 Oct 2021 22:47:52 +0200 Subject: [PATCH 009/420] Update windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../windows-autopilot/demonstrate-deployment-on-vm.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md index 01cbe2b0fe..fabd6a01f0 100644 --- a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md +++ b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md @@ -177,7 +177,7 @@ All VM data will be created under the current path in your PowerShell prompt. Co > >- If you previously enabled Hyper-V and your internet-connected network interface is already bound to a VM switch, then the PowerShell commands below will fail. In this case, you can either delete the existing VM switch (so that the commands below can create one), or you can reuse this VM switch by skipping the first command below and either modifying the second command to replace the switch name **AutopilotExternal** with the name of your switch, or by renaming your existing switch to "AutopilotExternal." >- If you have never created an external VM switch before, then just run the commands below. ->- If you're not sure if you already have an External VM switch, enter **get-vmswitch** at a Windows PowerShell prompt to display a currently list of the VM switches that are provisioned in Hyper-V. If one of them is of SwitchType **External**, then you already have a VM switch configured on the server that's used to connect to the internet. In this case, you need to skip the first command below and modify the others to use the name of your VM switch instead of the name "AutopilotExternal" (or change the name of your switch). +>- If you're not sure if you already have an External VM switch, enter **get-vmswitch** at a Windows PowerShell prompt to display a current list of the VM switches that are provisioned in Hyper-V. If one of them is of SwitchType **External**, then you already have a VM switch configured on the server that's used to connect to the internet. In this case, you need to skip the first command below and modify the others to use the name of your VM switch instead of the name "AutopilotExternal" (or change the name of your switch). ```powershell New-VMSwitch -Name AutopilotExternal -AllowManagementOS $true -NetAdapterName (Get-NetAdapter | Where-Object {$_.Status -eq "Up" -and !$_.Virtual}).Name From 59eed88aea573972a8ddd291da37330535aad2e0 Mon Sep 17 00:00:00 2001 From: Kim Klein Date: Mon, 1 Nov 2021 11:58:16 -0700 Subject: [PATCH 010/420] added headers for each parameter section Also removed Robert Waite as author since GitHub doesn't have him listed as an approved author. --- .../understanding-wdac-policy-settings.md | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md index 28eb21e297..9a9fe9f38b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md +++ b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md @@ -10,7 +10,6 @@ ms.pagetype: security ms.localizationpriority: medium audience: ITPro ms.collection: M365-security-compliance -author: Robert Waite ms.reviewer: jogeurte ms.author: dansimp manager: dansimp @@ -39,7 +38,7 @@ An application that may want to restrict its capabilities, when used on a system ### WldpQuerySecurityPolicy API that queries the secure settings of a WDAC policy. -#### Syntax +### Syntax ``` C++ HRESULT WINAPI WldpQuerySecurityPolicy( _In_ const UNICODE_STRING * Provider, @@ -50,23 +49,23 @@ HRESULT WINAPI WldpQuerySecurityPolicy( _Inout_ PULONG ValueSize) ``` -#### Parameters +### Parameters Provider [in] Setting Provider name. -Key [in] +#### Key [in] Key name of the Key-Value pair under Setting Provider "Provider". -ValueName [in] +#### ValueName [in] The value name of the "Key-Value" pair. -ValueType [in, out] +#### ValueType [in, out] Pointer to receive the value type. -Value [in, out] +#### Value [in, out] Pointer to a buffer to receive the value. The buffer should be of size “ValueSize”. If this value is NULL, this function will return the required buffer size for Value. -ValueSize [in, out] +#### ValueSize [in, out] On input, it indicates the buffer size of "Value". On successful return, it indicates the size of data written to Value buffer. #### Return Value From d40a2d17978763a90dad4e3692e0e9c201fc9186 Mon Sep 17 00:00:00 2001 From: Kim Klein Date: Mon, 8 Nov 2021 12:21:00 -0800 Subject: [PATCH 011/420] added settings.json to gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 9841e0daea..3a642828d6 100644 --- a/.gitignore +++ b/.gitignore @@ -13,6 +13,7 @@ common/ .openpublishing.build.mdproj .openpublishing.buildcore.ps1 packages.config +settings.json # User-specific files .vs/ From 89d1befa026685fa1423ad6f39b1794dd044c12d Mon Sep 17 00:00:00 2001 From: Kim Klein Date: Mon, 8 Nov 2021 12:23:08 -0800 Subject: [PATCH 012/420] Deleted settings.json from .vscode --- .../.vscode/settings.json | 8 -------- 1 file changed, 8 deletions(-) delete mode 100644 windows/security/threat-protection/windows-defender-application-control/.vscode/settings.json diff --git a/windows/security/threat-protection/windows-defender-application-control/.vscode/settings.json b/windows/security/threat-protection/windows-defender-application-control/.vscode/settings.json deleted file mode 100644 index ed9462b7e6..0000000000 --- a/windows/security/threat-protection/windows-defender-application-control/.vscode/settings.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "markdownlint.config": { - "MD028": false, - "MD025": { - "front_matter_title": "" - } - } -} \ No newline at end of file From 305a3a0479a7b601a621f64b5138eddfc2c1c13a Mon Sep 17 00:00:00 2001 From: Kim Klein Date: Tue, 9 Nov 2021 12:49:43 -0800 Subject: [PATCH 013/420] Listed jogeurte as the author --- .../understanding-wdac-policy-settings.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md index 9a9fe9f38b..d54ed1b819 100644 --- a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md +++ b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md @@ -10,6 +10,7 @@ ms.pagetype: security ms.localizationpriority: medium audience: ITPro ms.collection: M365-security-compliance +author: jogeurte ms.reviewer: jogeurte ms.author: dansimp manager: dansimp From cc9e3d5a617417f2fc5ddb8dabbb7499f73c5a7a Mon Sep 17 00:00:00 2001 From: Kim Klein Date: Tue, 9 Nov 2021 12:57:38 -0800 Subject: [PATCH 014/420] corrected Jordan's ID in both the author and ms.reviewer fields. --- .../understanding-wdac-policy-settings.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md index d54ed1b819..d68f3d6a3f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md +++ b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md @@ -10,8 +10,8 @@ ms.pagetype: security ms.localizationpriority: medium audience: ITPro ms.collection: M365-security-compliance -author: jogeurte -ms.reviewer: jogeurte +author: jgeurten +ms.reviewer: jgeurten ms.author: dansimp manager: dansimp ms.date: 10/11/2021 From 33e1161180590e27d9459a6082b012d5df3b82a6 Mon Sep 17 00:00:00 2001 From: Snrat Date: Wed, 17 Nov 2021 15:36:27 +0800 Subject: [PATCH 015/420] Update index.md Fixed. --- windows/whats-new/ltsc/index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/whats-new/ltsc/index.md b/windows/whats-new/ltsc/index.md index 28bc3db429..0d7830f328 100644 --- a/windows/whats-new/ltsc/index.md +++ b/windows/whats-new/ltsc/index.md @@ -36,7 +36,7 @@ The following table summarizes equivalent feature update versions of Windows 10 | Windows 10 Enterprise LTSC 2015 | Windows 10, Version 1507 | 7/29/2015 | | Windows 10 Enterprise LTSC 2016 | Windows 10, Version 1607 | 8/2/2016 | | Windows 10 Enterprise LTSC 2019 | Windows 10, Version 1809 | 11/13/2018 | -| Windows 10 Enterprise LTSC 2019 | Windows 10, Version 21H2 | 11/16/2021 | +| Windows 10 Enterprise LTSC 2021 | Windows 10, Version 21H2 | 11/16/2021 | > [!NOTE] > The Long-Term Servicing Channel was previously called the Long-Term Servicing Branch (LTSB). All references to LTSB are changed in this article to LTSC for consistency, even though the name of previous versions might still be displayed as LTSB. @@ -51,4 +51,4 @@ For detailed information about Windows 10 servicing, see [Overview of Windows as ## See Also [What's New in Windows 10](../index.yml): See what’s new in other versions of Windows 10.
-[Windows 10 - Release information](/windows/release-health/release-information): Windows 10 current versions by servicing option. \ No newline at end of file +[Windows 10 - Release information](/windows/release-health/release-information): Windows 10 current versions by servicing option. From 9f2b333b6fc788ba3a4947892684dbbf13371fef Mon Sep 17 00:00:00 2001 From: Maurice Daly Date: Wed, 17 Nov 2021 08:35:26 +0000 Subject: [PATCH 016/420] Restriction Peer Selection Update In the documentation it currently states that peer selection can be configured to "local peer discovery". This setting can only be set via MDM based policies in Windows 11 builds, and therefore clarification is required, as although technically the docs state 20H2 and docs here - https://docs.microsoft.com/en-us/windows/deployment/update/waas-delivery-optimization-reference, state 1803, setting the value via MDM policies in these builds will result in a policy failure. --- windows/deployment/update/waas-delivery-optimization.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index 4bd4c62a37..f5441af767 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -39,6 +39,9 @@ For information about setting up Delivery Optimization, including tips for the b - New peer selection options: Currently the available options include: 0 = NAT, 1 = Subnet mask, and 2 = Local Peer Discovery. The subnet mask option applies to both Download Modes LAN (1) and Group (2). If Group mode is set, Delivery Optimization will connect to locally discovered peers that are also part of the same Group (have the same Group ID)." - Local Peer Discovery: a new option for **Restrict Peer Selection By** (in Group Policy) or **DORestrictPeerSelectionBy** (in MDM). This option restricts the discovery of local peers using the DNS-SD protocol. When you set Option 2, Delivery Optimization will restrict peer selection to peers that are locally discovered (using DNS-SD). If you also enabled Group mode, Delivery Optimization will connect to locally discovered peers that are also part of the same group (that is, those which have the same Group ID). + +**Please Note:** that the "Local peer discovery (DNS-SD)" option can only be set via MDM delivered policies on Windows 11 builds. This feature can be enabled in supported Windows 10 builds by setting the "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization\DORestrictPeerSelectionBy" value to "2". More information can be found here - https://docs.microsoft.com/en-us/windows/deployment/update/waas-delivery-optimization-reference. + - Starting with Windows 10, version 2006 (and in Windows 11), the Bypass option of [Download Mode](waas-delivery-optimization-reference.md#download-mode) is no longer used. ## Requirements From ba2224e322f231f819743869df0e66fb4d1385c7 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Wed, 17 Nov 2021 15:48:36 +0530 Subject: [PATCH 017/420] Update policy-csp-admx-terminalserver.md --- .../client-management/mdm/policy-csp-admx-terminalserver.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md index ed42ebde3f..1ae14c6f68 100644 --- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md +++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md @@ -33,6 +33,9 @@ manager: dansimp
ADMX_TerminalServer/TS_GATEWAY_POLICY_AUTH_METHOD
+
+ ADMX_TerminalServer/TS_RADC_DefaultConnection +
From 2cd22d65d75e7333f540416fbe0c84a32f23413a Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Thu, 18 Nov 2021 10:14:07 +0530 Subject: [PATCH 018/420] Update policy-csp-admx-terminalserver.md --- .../mdm/policy-csp-admx-terminalserver.md | 72 +++++++++++++++++++ 1 file changed, 72 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md index 1ae14c6f68..2833f7d9f9 100644 --- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md +++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md @@ -189,7 +189,79 @@ ADMX Info:
+ +**ADMX_TerminalServer/TS_RADC_DefaultConnection** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + + +This policy setting specifies the default connection URL for RemoteApp and Desktop Connections. The default connection URL is a specific connection that can only be configured by using Group Policy. In addition to the capabilities that are common to all connections, the default connection URL allows document file types to be associated with RemoteApp programs. The default connection URL must be configured in the form of [http://contoso.com/rdweb/Feed/webfeed.aspx](http://contoso.com/rdweb/Feed/webfeed.aspx). + +- If you enable this policy setting, the specified URL is configured as the default connection URL for the user and replaces any existing connection URL. The user cannot change the default connection URL. The user's default logon credentials are used when setting up the default connection URL. + +- If you disable or do not configure this policy setting, the user has no default connection URL. + +RemoteApp programs that are installed through RemoteApp and Desktop Connections from an un-trusted server can compromise the security of a user's account. + + + + + + +ADMX Info: +- GP Friendly name: *Specify default connection URL* +- GP name: *TS_RADC_DefaultConnection* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + +
From 0edb5676d1c8049421660938ed10936ec6a63b4b Mon Sep 17 00:00:00 2001 From: Maurice Daly Date: Thu, 18 Nov 2021 15:57:21 +0000 Subject: [PATCH 019/420] Update windows/deployment/update/waas-delivery-optimization.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/deployment/update/waas-delivery-optimization.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index f5441af767..21cba9fae5 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -40,7 +40,8 @@ For information about setting up Delivery Optimization, including tips for the b - New peer selection options: Currently the available options include: 0 = NAT, 1 = Subnet mask, and 2 = Local Peer Discovery. The subnet mask option applies to both Download Modes LAN (1) and Group (2). If Group mode is set, Delivery Optimization will connect to locally discovered peers that are also part of the same Group (have the same Group ID)." - Local Peer Discovery: a new option for **Restrict Peer Selection By** (in Group Policy) or **DORestrictPeerSelectionBy** (in MDM). This option restricts the discovery of local peers using the DNS-SD protocol. When you set Option 2, Delivery Optimization will restrict peer selection to peers that are locally discovered (using DNS-SD). If you also enabled Group mode, Delivery Optimization will connect to locally discovered peers that are also part of the same group (that is, those which have the same Group ID). -**Please Note:** that the "Local peer discovery (DNS-SD)" option can only be set via MDM delivered policies on Windows 11 builds. This feature can be enabled in supported Windows 10 builds by setting the "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization\DORestrictPeerSelectionBy" value to "2". More information can be found here - https://docs.microsoft.com/en-us/windows/deployment/update/waas-delivery-optimization-reference. +> [!NOTE] +> The Local Peer Discovery (DNS-SD) option can only be set via MDM delivered policies on Windows 11 builds. This feature can be enabled in supported Windows 10 builds by setting the `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization\DORestrictPeerSelectionBy` value to **2**. For more information, see [Delivery Optimization reference](/windows/deployment/update/waas-delivery-optimization-reference). - Starting with Windows 10, version 2006 (and in Windows 11), the Bypass option of [Download Mode](waas-delivery-optimization-reference.md#download-mode) is no longer used. From b80bba8a2be17cf1f6121473999157f966d6a945 Mon Sep 17 00:00:00 2001 From: midoliy <78302178+tatsuya-midorikawa@users.noreply.github.com> Date: Fri, 19 Nov 2021 08:33:54 +0900 Subject: [PATCH 020/420] fix index.md Correction of typographical errors. --- windows/whats-new/ltsc/index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/whats-new/ltsc/index.md b/windows/whats-new/ltsc/index.md index 28bc3db429..0d7830f328 100644 --- a/windows/whats-new/ltsc/index.md +++ b/windows/whats-new/ltsc/index.md @@ -36,7 +36,7 @@ The following table summarizes equivalent feature update versions of Windows 10 | Windows 10 Enterprise LTSC 2015 | Windows 10, Version 1507 | 7/29/2015 | | Windows 10 Enterprise LTSC 2016 | Windows 10, Version 1607 | 8/2/2016 | | Windows 10 Enterprise LTSC 2019 | Windows 10, Version 1809 | 11/13/2018 | -| Windows 10 Enterprise LTSC 2019 | Windows 10, Version 21H2 | 11/16/2021 | +| Windows 10 Enterprise LTSC 2021 | Windows 10, Version 21H2 | 11/16/2021 | > [!NOTE] > The Long-Term Servicing Channel was previously called the Long-Term Servicing Branch (LTSB). All references to LTSB are changed in this article to LTSC for consistency, even though the name of previous versions might still be displayed as LTSB. @@ -51,4 +51,4 @@ For detailed information about Windows 10 servicing, see [Overview of Windows as ## See Also [What's New in Windows 10](../index.yml): See what’s new in other versions of Windows 10.
-[Windows 10 - Release information](/windows/release-health/release-information): Windows 10 current versions by servicing option. \ No newline at end of file +[Windows 10 - Release information](/windows/release-health/release-information): Windows 10 current versions by servicing option. From 769d57be92be5b607b8ccf2aff46d27f2f2f50c7 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Fri, 19 Nov 2021 10:58:04 +0530 Subject: [PATCH 021/420] ADMX terminal Server Missing polices - part1 Added 44 policies under ADMX Terminal Server and modifies existing content as it was incorrect. --- .../mdm/policies-in-policy-csp-admx-backed.md | 44 + .../policy-configuration-service-provider.md | 132 + .../mdm/policy-csp-admx-terminalserver.md | 3434 ++++++++++++++++- 3 files changed, 3594 insertions(+), 16 deletions(-) diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index 6256ffe15a..3b44f8e00e 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -1131,8 +1131,52 @@ ms.date: 10/08/2020 - [ADMX_tcpip/Teredo_Server_Name](./policy-csp-admx-tcpip.md#admx-tcpip-teredo-server-name) - [ADMX_tcpip/Teredo_State](./policy-csp-admx-tcpip.md#admx-tcpip-teredo-state) - [ADMX_tcpip/Windows_Scaling_Heuristics_State](./policy-csp-admx-tcpip.md#admx-tcpip-windows-scaling-heuristics-state) +- [ADMX_TerminalServer/TS_AUTO_RECONNECT](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_auto_reconnect) +- [ADMX_TerminalServer/TS_CAMERA_REDIRECTION](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_camera_redirection) +- [ADMX_TerminalServer/TS_CERTIFICATE_TEMPLATE_POLICY](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_certificate_template_policy) +- [ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_1](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_allow_signed_files_1) +- [ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_2](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_allow_signed_files_2) +- [ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_1](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_allow_unsigned_files_1) +- [ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_2](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_allow_unsigned_files_2) +- [ADMX_TerminalServer/TS_CLIENT_AUDIO](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_audio) +- [ADMX_TerminalServer/TS_CLIENT_AUDIO_CAPTURE](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_audio_capture) +- [ADMX_TerminalServer/TS_CLIENT_AUDIO_QUALITY](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_audio_quality) +- [ADMX_TerminalServer/TS_CLIENT_CLIPBOARD](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_clipboard) +- [ADMX_TerminalServer/TS_CLIENT_COM](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_com) +- [ADMX_TerminalServer/TS_CLIENT_DEFAULT_M](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_default_m) +- [ADMX_TerminalServer/TS_CLIENT_DISABLE_HARDWARE_MODE](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_disable_hardware_mode) +- [ADMX_TerminalServer/TS_CLIENT_DISABLE_PASSWORD_SAVING_1](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_disable_password_saving_1) +- [ADMX_TerminalServer/TS_CLIENT_LPT](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_lpt) +- [ADMX_TerminalServer/TS_CLIENT_PNP](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_pnp) +- [ADMX_TerminalServer/TS_CLIENT_PRINTER](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_printer) +- [ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_1](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_trusted_certificate_thumbprints_1) +- [ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_2](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_trusted_certificate_thumbprints_2) +- [ADMX_TerminalServer/TS_CLIENT_TURN_OFF_UDP](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_client_turn_off_udp) +- [ADMX_TerminalServer/TS_COLORDEPTH](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_colordepth) +- [ADMX_TerminalServer/TS_DELETE_ROAMING_USER_PROFILES](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_delete_roaming_user_profiles) +- [ADMX_TerminalServer/TS_DISABLE_REMOTE_DESKTOP_WALLPAPER](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_disable_remote_desktop_wallpaper) +- [ADMX_TerminalServer/TS_DX_USE_FULL_HWGPU](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_dx_use_full_hwgpu) +- [ADMX_TerminalServer/TS_EASY_PRINT](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_easy_print) +- [ADMX_TerminalServer/TS_EASY_PRINT_User](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_easy_print_user) +- [ADMX_TerminalServer/TS_EnableVirtualGraphics](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_enablevirtualgraphics) +- [ADMX_TerminalServer/TS_FALLBACKPRINTDRIVERTYPE](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_fallbackprintdrivertype) +- [ADMX_TerminalServer/TS_FORCIBLE_LOGOFF](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_forcible_logoff) - [ADMX_TerminalServer/TS_GATEWAY_POLICY_ENABLE](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_gateway_policy_enable) - [ADMX_TerminalServer/TS_GATEWAY_POLICY_AUTH_METHOD](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_gateway_policy_auth_method) +- [ADMX_TerminalServer/TS_GATEWAY_POLICY_SERVER](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_gateway_policy_server) +- [ADMX_TerminalServer/TS_JOIN_SESSION_DIRECTORY](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_join_session_directory) +- [ADMX_TerminalServer/TS_KEEP_ALIVE](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_keep_alive) +- [ADMX_TerminalServer/TS_LICENSE_SECGROUP](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_license_secgroup) +- [ADMX_TerminalServer/TS_LICENSE_SERVERS](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_license_servers) +- [ADMX_TerminalServer/TS_LICENSE_TOOLTIP](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_license_tooltip) +- [ADMX_TerminalServer/TS_LICENSING_MODE](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_licensing_mode) +- [ADMX_TerminalServer/TS_MAX_CON_POLICY](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_max_con_policy) +- [ADMX_TerminalServer/TS_MAXDISPLAYRES](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_maxdisplayres) +- [ADMX_TerminalServer/TS_MAXMONITOR](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_maxmonitor) +- [ADMX_TerminalServer/TS_NoDisconnectMenu](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_nodisconnectmenu) +- [ADMX_TerminalServer/TS_NoSecurityMenu](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_nosecuritymenu) +- [ADMX_TerminalServer/TS_PreventLicenseUpgrade](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_preventlicenseupgrade) +- [ADMX_TerminalServer/TS_PROMT_CREDS_CLIENT_COMP](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_promt_creds_client_comp) - [ADMX_Thumbnails/DisableThumbnails](./policy-csp-admx-thumbnails.md#admx-thumbnails-disablethumbnails) - [ADMX_Thumbnails/DisableThumbnailsOnNetworkFolders](./policy-csp-admx-thumbnails.md#admx-thumbnails-disablethumbnailsonnetworkfolders) - [ADMX_Thumbnails/DisableThumbsDBOnNetworkFolders](./policy-csp-admx-thumbnails.md#admx-thumbnails-disablethumbsdbonnetworkfolders) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index bbd3101f94..fa5d7a6fb0 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -4067,12 +4067,144 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC ### ADMX_TerminalServer policies
+
+ ADMX_TerminalServer/TS_AUTO_RECONNECT +
+
+ ADMX_TerminalServer/TS_CAMERA_REDIRECTION +
+
+ ADMX_TerminalServer/TS_CERTIFICATE_TEMPLATE_POLICY +
+
+ ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_1 +
+
+ ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_2 +
+
+ ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_1 +
+
+ ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_2 +
+
+ ADMX_TerminalServer/TS_CLIENT_AUDIO +
+
+ ADMX_TerminalServer/TS_CLIENT_AUDIO_CAPTURE +
+
+ ADMX_TerminalServer/TS_CLIENT_AUDIO_QUALITY +
+
+ ADMX_TerminalServer/TS_CLIENT_CLIPBOARD +
+
+ ADMX_TerminalServer/TS_CLIENT_COM +
+
+ ADMX_TerminalServer/TS_CLIENT_DEFAULT_M +
+
+ ADMX_TerminalServer/TS_CLIENT_DISABLE_HARDWARE_MODE +
+
+ ADMX_TerminalServer/TS_CLIENT_DISABLE_PASSWORD_SAVING_1 +
+
+ ADMX_TerminalServer/TS_CLIENT_LPT +
+
+ ADMX_TerminalServer/TS_CLIENT_PNP +
+
+ ADMX_TerminalServer/TS_CLIENT_PRINTER +
+
+ ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_1 +
+
+ ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_2 +
+
+ ADMX_TerminalServer/TS_CLIENT_TURN_OFF_UDP +
+
+ ADMX_TerminalServer/TS_COLORDEPTH +
+
+ ADMX_TerminalServer/TS_DELETE_ROAMING_USER_PROFILES +
+
+ ADMX_TerminalServer/TS_DISABLE_REMOTE_DESKTOP_WALLPAPER +
+
+ ADMX_TerminalServer/TS_DX_USE_FULL_HWGPU +
+
+ ADMX_TerminalServer/TS_EASY_PRINT +
+
+ ADMX_TerminalServer/TS_EASY_PRINT_User +
+
+ ADMX_TerminalServer/TS_EnableVirtualGraphics +
+
+ ADMX_TerminalServer/TS_FALLBACKPRINTDRIVERTYPE +
+
+ ADMX_TerminalServer/TS_FORCIBLE_LOGOFF +
ADMX_TerminalServer/TS_GATEWAY_POLICY_ENABLE
ADMX_TerminalServer/TS_GATEWAY_POLICY_AUTH_METHOD +
+
+ ADMX_TerminalServer/TS_GATEWAY_POLICY_SERVER
+
+ ADMX_TerminalServer/TS_JOIN_SESSION_DIRECTORY +
+
+ ADMX_TerminalServer/TS_KEEP_ALIVE +
+
+ ADMX_TerminalServer/TS_LICENSE_SECGROUP +
+
+ ADMX_TerminalServer/TS_LICENSE_SERVERS +
+
+ ADMX_TerminalServer/TS_LICENSE_TOOLTIP +
+
+ ADMX_TerminalServer/TS_LICENSING_MODE +
+
+ ADMX_TerminalServer/TS_MAX_CON_POLICY +
+
+ ADMX_TerminalServer/TS_MAXDISPLAYRES +
+
+ ADMX_TerminalServer/TS_MAXMONITOR +
+
+ ADMX_TerminalServer/TS_NoDisconnectMenu +
+
+ ADMX_TerminalServer/TS_NoSecurityMenu +
+
+ ADMX_TerminalServer/TS_PreventLicenseUpgrade +
+
+ ADMX_TerminalServer/TS_PROMT_CREDS_CLIENT_COMP +
### ADMX_Thumbnails policies diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md index ed42ebde3f..8e10cb601a 100644 --- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md +++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md @@ -27,19 +27,150 @@ manager: dansimp ## ADMX_TerminalServer policies
+
+ ADMX_TerminalServer/TS_AUTO_RECONNECT +
+
+ ADMX_TerminalServer/TS_CAMERA_REDIRECTION +
+
+ ADMX_TerminalServer/TS_CERTIFICATE_TEMPLATE_POLICY +
+
+ ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_1 +
+
+ ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_2 +
+
+ ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_1 +
+
+ ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_2 +
+
+ ADMX_TerminalServer/TS_CLIENT_AUDIO +
+
+ ADMX_TerminalServer/TS_CLIENT_AUDIO_CAPTURE +
+
+ ADMX_TerminalServer/TS_CLIENT_AUDIO_QUALITY +
+
+ ADMX_TerminalServer/TS_CLIENT_CLIPBOARD +
+
+ ADMX_TerminalServer/TS_CLIENT_COM +
+
+ ADMX_TerminalServer/TS_CLIENT_DEFAULT_M +
+
+ ADMX_TerminalServer/TS_CLIENT_DISABLE_HARDWARE_MODE +
+
+ ADMX_TerminalServer/TS_CLIENT_DISABLE_PASSWORD_SAVING_1 +
+
+ ADMX_TerminalServer/TS_CLIENT_LPT +
+
+ ADMX_TerminalServer/TS_CLIENT_PNP +
+
+ ADMX_TerminalServer/TS_CLIENT_PRINTER +
+
+ ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_1 +
+
+ ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_2 +
+
+ ADMX_TerminalServer/TS_CLIENT_TURN_OFF_UDP +
+
+ ADMX_TerminalServer/TS_COLORDEPTH +
+
+ ADMX_TerminalServer/TS_DELETE_ROAMING_USER_PROFILES +
+
+ ADMX_TerminalServer/TS_DISABLE_REMOTE_DESKTOP_WALLPAPER +
+
+ ADMX_TerminalServer/TS_DX_USE_FULL_HWGPU +
+
+ ADMX_TerminalServer/TS_EASY_PRINT +
+
+ ADMX_TerminalServer/TS_EASY_PRINT_User +
+
+ ADMX_TerminalServer/TS_EnableVirtualGraphics +
+
+ ADMX_TerminalServer/TS_FALLBACKPRINTDRIVERTYPE +
+
+ ADMX_TerminalServer/TS_FORCIBLE_LOGOFF +
ADMX_TerminalServer/TS_GATEWAY_POLICY_ENABLE
ADMX_TerminalServer/TS_GATEWAY_POLICY_AUTH_METHOD
+
+ ADMX_TerminalServer/TS_GATEWAY_POLICY_SERVER +
+
+ ADMX_TerminalServer/TS_JOIN_SESSION_DIRECTORY +
+
+ ADMX_TerminalServer/TS_KEEP_ALIVE +
+
+ ADMX_TerminalServer/TS_LICENSE_SECGROUP +
+
+ ADMX_TerminalServer/TS_LICENSE_SERVERS +
+
+ ADMX_TerminalServer/TS_LICENSE_TOOLTIP +
+
+ ADMX_TerminalServer/TS_LICENSING_MODE +
+
+ ADMX_TerminalServer/TS_MAX_CON_POLICY +
+
+ ADMX_TerminalServer/TS_MAXDISPLAYRES +
+
+ ADMX_TerminalServer/TS_MAXMONITOR +
+
+ ADMX_TerminalServer/TS_NoDisconnectMenu +
+
+ ADMX_TerminalServer/TS_NoSecurityMenu +
+
+ ADMX_TerminalServer/TS_PreventLicenseUpgrade +
+
+ ADMX_TerminalServer/TS_PROMT_CREDS_CLIENT_COMP +
-
-**ADMX_TerminalServer/TS_GATEWAY_POLICY_ENABLE** +**ADMX_TerminalServer/TS_AUTO_RECONNECT** @@ -88,22 +219,2249 @@ manager: dansimp -This policy setting allows you to specify whether the client computer redirects its time zone settings to the Remote Desktop Services session. +This policy specifies whether to allow Remote Desktop Connection clients to automatically reconnect to sessions on an RD Session Host server if their network link is temporarily lost. -If you enable this policy setting, clients that are capable of time zone redirection send their time zone information to the server. The server base time is then used to calculate the current session time (current session time = server base time + client time zone). +By default, a maximum of twenty reconnection attempts are made at five second intervals. If the status is set to Enabled, automatic reconnection is attempted for all clients running Remote Desktop Connection whenever their network connection is lost. -If you disable or do not configure this policy setting, the client computer does not redirect its time zone information and the session time zone is the same as the server time zone. +If the status is set to Disabled, automatic reconnection of clients is prohibited. If the status is set to Not Configured, automatic reconnection is not specified at the Group Policy level. However, users can configure automatic reconnection using the "Reconnect if connection is dropped" checkbox on the Experience tab in Remote Desktop Connection. -Time zone redirection is possible only when connecting to at least a Microsoft Windows Server 2003 terminal server with a client using RDP 5.1 or later. + + + +ADMX Info: +- GP Friendly name: *Automatic reconnection* +- GP name: *TS_AUTO_RECONNECT* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_CAMERA_REDIRECTION** + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting lets you control the redirection of video capture devices to the remote computer in a Remote Desktop Services session. By default, Remote Desktop Services allows redirection of video capture devices. + +If you enable this policy setting, users cannot redirect their video capture devices to the remote computer. + +If you disable or do not configure this policy setting, users can redirect their video capture devices to the remote computer. Users can use the More option on the Local Resources tab of Remote Desktop Connection to choose the video capture devices to redirect to the remote computer. + + + + +ADMX Info: +- GP Friendly name: *Do not allow video capture redirection* +- GP name: *TS_CAMERA_REDIRECTION* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_CERTIFICATE_TEMPLATE_POLICY** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify the name of the certificate template that determines which certificate is automatically selected to authenticate an RD Session Host server. + +A certificate is needed to authenticate an RD Session Host server when TLS 1.0, 1.1 or 1.2 is used to secure communication between a client and an RD Session Host server during RDP connections. + +If you enable this policy setting, you need to specify a certificate template name. Only certificates created by using the specified certificate template will be considered when a certificate to authenticate the RD Session Host server is automatically selected. Automatic certificate selection only occurs when a specific certificate has not been selected. + +If no certificate can be found that was created with the specified certificate template, the RD Session Host server will issue a certificate enrollment request and will use the current certificate until the request is completed. If more than one certificate is found that was created with the specified certificate template, the certificate that will expire latest and that matches the current name of the RD Session Host server will be selected. If you disable or do not configure this policy, the certificate template name is not specified at the Group Policy level. By default, a self-signed certificate is used to authenticate the RD Session Host server. + +>[!NOTE] +>If you select a specific certificate to be used to authenticate the RD Session Host server, that certificate will take precedence over this policy setting. + + + + +ADMX Info: +- GP Friendly name: *Server authentication certificate template* +- GP name: *TS_CERTIFICATE_TEMPLATE_POLICY* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one issued by an authority recognized by the client, such as the issuers in the client's Third-Party Root Certification Authorities certificate store. + +This policy setting also controls whether the user can start an RDP session by using default .rdp settings (for example, when a user directly opens the Remote Desktop Connection [RDC] client without specifying an .rdp file). + +If you enable or do not configure this policy setting, users can run .rdp files that are signed with a valid certificate. Users can also start an RDP session with default .rdp settings by directly opening the RDC client. When a user starts an RDP session, the user is asked to confirm whether they want to connect. + +If you disable this policy setting, users cannot run .rdp files that are signed with a valid certificate. Additionally, users cannot start an RDP session by directly opening the RDC client and specifying the remote computer name. When a user tries to start an RDP session, the user receives a message that the publisher has been blocked. + +>[!Note] +>You can define this policy setting in the Computer Configuration node or in the User Configuration node. If you configure this policy setting for the computer, all users on the computer are affected. + + + + +ADMX Info: +- GP Friendly name: *Allow .rdp files from valid publishers and user's default .rdp settings* +- GP name: *TTS_CLIENT_ALLOW_SIGNED_FILES_1* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ +**ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one that is issued by an authority recognized by the client, such as the issuers in the client's Third-Party Root Certification Authorities certificate store. + +This policy setting also controls whether the user can start an RDP session by using default .rdp settings (for example, when a user directly opens the Remote Desktop Connection [RDC] client without specifying an .rdp file). + +If you enable or do not configure this policy setting, users can run .rdp files that are signed with a valid certificate. Users can also start an RDP session with default .rdp settings by directly opening the RDC client. When a user starts an RDP session, the user is asked to confirm whether they want to connect. + +If you disable this policy setting, users cannot run .rdp files that are signed with a valid certificate. Additionally, users cannot start an RDP session by directly opening the RDC client and specifying the remote computer name. When a user tries to start an RDP session, the user receives a message that the publisher has been blocked. + +>[!NOTE] +>You can define this policy setting in the Computer Configuration node or in the User Configuration node. If you configure this policy setting for the computer, all users on the computer are affected. + + + + +ADMX Info: +- GP Friendly name: *Allow .rdp files from valid publishers and user's default .rdp settings* +- GP name: *TS_CLIENT_ALLOW_SIGNED_FILES_2* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from unknown publishers on the client computer. + +If you enable or do not configure this policy setting, users can run unsigned .rdp files and .rdp files from unknown publishers on the client computer. Before a user starts an RDP session, the user receives a warning message and is asked to confirm whether they want to connect. + +If you disable this policy setting, users cannot run unsigned .rdp files and .rdp files from unknown publishers on the client computer. If the user tries to start an RDP session, the user receives a message that the publisher has been blocked. + + + + +ADMX Info: +- GP Friendly name: *Allow .rdp files from unknown publishers* +- GP name: *TS_CLIENT_ALLOW_UNSIGNED_FILES_1* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from unknown publishers on the client computer. + +If you enable or do not configure this policy setting, users can run unsigned .rdp files and .rdp files from unknown publishers on the client computer. Before a user starts an RDP session, the user receives a warning message and is asked to confirm whether they want to connect. + +If you disable this policy setting, users cannot run unsigned .rdp files and .rdp files from unknown publishers on the client computer. If the user tries to start an RDP session, the user receives a message that the publisher has been blocked. + + + + +ADMX Info: +- GP Friendly name: *Allow .rdp files from unknown publishers* +- GP name: *TS_CLIENT_ALLOW_UNSIGNED_FILES_2* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_CLIENT_AUDIO** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify whether users can redirect the remote computer's audio and video output in a Remote Desktop Services session. + +Users can specify where to play the remote computer's audio output by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can choose to play the remote audio on the remote computer or on the local computer. Users can also choose to not play the audio. Video playback can be configured by using the video playback setting in a Remote Desktop Protocol (.rdp) file. By default, video playback is enabled. + +By default, audio and video playback redirection is not allowed when connecting to a computer running Windows Server 2008 R2, Windows Server 2008, or Windows Server 2003. Audio and video playback redirection is allowed by default when connecting to a computer running Windows 8, Windows Server 2012, Windows 7, Windows Vista, or Windows XP Professional. + +If you enable this policy setting, audio and video playback redirection is allowed. + +If you disable this policy setting, audio and video playback redirection is not allowed, even if audio playback redirection is specified in RDC, or video playback is specified in the .rdp file. If you do not configure this policy setting audio and video playback redirection is not specified at the Group Policy level. + + + + +ADMX Info: +- GP Friendly name: *Allow audio and video playback redirection* +- GP name: *TS_CLIENT_AUDIO* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_CLIENT_AUDIO_CAPTURE** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify whether users can record audio to the remote computer in a Remote Desktop Services session. Users can specify whether to record audio to the remote computer by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). + +Users can record audio by using an audio input device on the local computer, such as a built-in microphone. By default, audio recording redirection is not allowed when connecting to a computer running Windows Server 2008 R2. Audio recording redirection is allowed by default when connecting to a computer running at least Windows 7, or Windows Server 2008 R2. + +If you enable this policy setting, audio recording redirection is allowed. + +If you disable this policy setting, audio recording redirection is not allowed, even if audio recording redirection is specified in RDC. If you do not configure this policy setting, Audio recording redirection is not specified at the Group Policy level. + + + + +ADMX Info: +- GP Friendly name: *Allow audio recording redirection* +- GP name: *TS_CLIENT_AUDIO_CAPTURE* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_CLIENT_AUDIO_QUALITY** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to limit the audio playback quality for a Remote Desktop Services session. Limiting the quality of audio playback can improve connection performance, particularly over slow links. If you enable this policy setting, you must select one of the following: High, Medium, or Dynamic. If you select High, the audio will be sent without any compression and with minimum latency. This requires a large amount of bandwidth. If you select Medium, the audio will be sent with some compression and with minimum latency as determined by the codec that is being used. + +If you select Dynamic, the audio will be sent with a level of compression that is determined by the bandwidth of the remote connection. The audio playback quality that you specify on the remote computer by using this policy setting is the maximum quality that can be used for a Remote Desktop Services session, regardless of the audio playback quality configured on the client computer. + +For example, if the audio playback quality configured on the client computer is higher than the audio playback quality configured on the remote computer, the lower level of audio playback quality will be used. + +Audio playback quality can be configured on the client computer by using the audioqualitymode setting in a Remote Desktop Protocol (.rdp) file. By default, audio playback quality is set to Dynamic. + +If you disable or do not configure this policy setting, audio playback quality will be set to Dynamic. + + + + +ADMX Info: +- GP Friendly name: *Limit audio playback quality* +- GP name: *TS_CLIENT_AUDIO_QUALITY* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_CLIENT_CLIPBOARD** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting specifies whether to prevent the sharing of Clipboard contents (Clipboard redirection) between a remote computer and a client computer during a Remote Desktop Services session. + +You can use this setting to prevent users from redirecting Clipboard data to and from the remote computer and the local computer. By default, Remote Desktop Services allows Clipboard redirection. + +If you enable this policy setting, users cannot redirect Clipboard data. + +If you disable this policy setting, Remote Desktop Services always allows Clipboard redirection. + +If you do not configure this policy setting, Clipboard redirection is not specified at the Group Policy level. + + + + +ADMX Info: +- GP Friendly name: *Do not allow Clipboard redirection* +- GP name: *TS_CLIENT_CLIPBOARD* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_CLIENT_COM** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting specifies whether to prevent the redirection of data to client COM ports from the remote computer in a Remote Desktop Services session. + +You can use this setting to prevent users from redirecting data to COM port peripherals or mapping local COM ports while they are logged on to a Remote Desktop Services session. By default, Remote Desktop Services allows this COM port redirection. + +If you enable this policy setting, users cannot redirect server data to the local COM port. + +If you disable this policy setting, Remote Desktop Services always allows COM port redirection. + +If you do not configure this policy setting, COM port redirection is not specified at the Group Policy level. + + + + +ADMX Info: +- GP Friendly name: *Do not allow COM port redirection* +- GP name: *TS_CLIENT_COM* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_CLIENT_DEFAULT_M** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify whether the client default printer is automatically set as the default printer in a session on an RD Session Host server. + +By default, Remote Desktop Services automatically designates the client default printer as the default printer in a session on an RD Session Host server. You can use this policy setting to override this behavior. + +If you enable this policy setting, the default printer is the printer specified on the remote computer. + +If you disable this policy setting, the RD Session Host server automatically maps the client default printer and sets it as the default printer upon connection. + +If you do not configure this policy setting, the default printer is not specified at the Group Policy level. + + + + +ADMX Info: +- GP Friendly name: *Do not set default client printer to be default printer in a session* +- GP name: *TS_CLIENT_DEFAULT_M* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_CLIENT_DISABLE_HARDWARE_MODE** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting specifies whether the Remote Desktop Connection can use hardware acceleration if supported hardware is available. + +If you use this setting, the Remote Desktop Client will use only software decoding. For example, if you have a problem that you suspect may be related to hardware acceleration, use this setting to disable the acceleration; then, if the problem still occurs, you will know that there are additional issues to investigate. + +If you disable this setting or leave it not configured, the Remote Desktop client will use hardware accelerated decoding if supported hardware is available. + + + + +ADMX Info: +- GP Friendly name: *Do not allow hardware accelerated decoding* +- GP name: *TS_CLIENT_DISABLE_HARDWARE_MODE* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_CLIENT_DISABLE_PASSWORD_SAVING_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy specifies whether to allow Remote Desktop Connection Controls whether a user can save passwords using Remote Desktop Connection. + +If you enable this setting the credential saving checkbox in Remote Desktop Connection will be disabled and users will no longer be able to save passwords. When a user opens an RDP file using Remote Desktop Connection and saves his settings, any password that previously existed in the RDP file will be deleted. + +If you disable this setting or leave it not configured, the user will be able to save passwords using Remote Desktop Connection + + + + +ADMX Info: +- GP Friendly name: *Do not allow passwords to be saved* +- GP name: *TS_CLIENT_DISABLE_PASSWORD_SAVING_1* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_CLIENT_LPT** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting specifies whether to prevent the redirection of data to client LPT ports during a Remote Desktop Services session. You can use this setting to prevent users from mapping local LPT ports and redirecting data from the remote computer to local LPT port peripherals. By default, Remote Desktop Services allows LPT port redirection. + +If you enable this policy setting, users in a Remote Desktop Services session cannot redirect server data to the local LPT port. + +If you disable this policy setting, LPT port redirection is always allowed. If you do not configure this policy setting, LPT port redirection is not specified at the Group Policy level. + + + + +ADMX Info: +- GP Friendly name: *Do not allow LPT port redirection* +- GP name: *TS_CLIENT_LPT* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_CLIENT_PNP** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting lets you control the redirection of supported Plug and Play and RemoteFX USB devices, such as Windows Portable Devices, to the remote computer in a Remote Desktop Services session. By default, Remote Desktop Services does not allow redirection of supported Plug and Play and RemoteFX USB devices. + +If you disable this policy setting, users can redirect their supported Plug and Play devices to the remote computer. Users can use the More option on the Local Resources tab of Remote Desktop Connection to choose the supported Plug and Play devices to redirect to the remote computer. + +If you enable this policy setting, users cannot redirect their supported Plug and Play devices to the remote computer.If you do not configure this policy setting, users can redirect their supported Plug and Play devices to the remote computer only if it is running Windows Server 2012 R2 and earlier versions. + +>[!NOTE] +>You can disable redirection of specific types of supported Plug and Play devices by using Computer Configuration\Administrative Templates\System\Device Installation\Device Installation Restrictions policy settings. + + + + +ADMX Info: +- GP Friendly name: *Do not allow supported Plug and Play device redirection* +- GP name: *TS_CLIENT_PNP* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_CLIENT_PRINTER** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify whether to prevent the mapping of client printers in Remote Desktop Services sessions. You can use this policy setting to prevent users from redirecting print jobs from the remote computer to a printer attached to their local (client) computer. By default, Remote Desktop Services allows this client printer mapping. + +If you enable this policy setting, users cannot redirect print jobs from the remote computer to a local client printer in Remote Desktop Services sessions. + +If you disable this policy setting, users can redirect print jobs with client printer mapping. + +If you do not configure this policy setting, client printer mapping is not specified at the Group Policy level. + + + + +ADMX Info: +- GP Friendly name: *Do not allow client printer redirection* +- GP name: *TS_CLIENT_PRINTER* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (.rdp) file publishers. + +If you enable this policy setting, any certificate with an SHA1 thumbprint that matches a thumbprint on the list is trusted. If a user tries to start an .rdp file that is signed by a trusted certificate, the user does not receive any warning messages when they start the file. To obtain the thumbprint, view the certificate details, and then click the Thumbprint field. + +If you disable or do not configure this policy setting, no publisher is treated as a trusted .rdp publisher. + +>[!NOTE] +>You can define this policy setting in the Computer Configuration node or in the User Configuration node. + +If you configure this policy setting for the computer, the list of certificate thumbprints trusted for a user is a combination of the list defined for the computer and the list defined for the user. + +This policy setting overrides the behavior of the "Allow .rdp files from valid publishers and user's default .rdp settings" policy setting. If the list contains a string that is not a certificate thumbprint, it is ignored. + + + + +ADMX Info: +- GP Friendly name: *Specify SHA1 thumbprints of certificates representing trusted .rdp publishers* +- GP name: *TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_1* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (.rdp) file publishers. + +If you enable this policy setting, any certificate with an SHA1 thumbprint that matches a thumbprint on the list is trusted. If a user tries to start an .rdp file that is signed by a trusted certificate, the user does not receive any warning messages when they start the file. To obtain the thumbprint, view the certificate details, and then click the Thumbprint field. + +If you disable or do not configure this policy setting, no publisher is treated as a trusted .rdp publisher. + +>[!NOTE] +>You can define this policy setting in the Computer Configuration node or in the User Configuration node. + +If you configure this policy setting for the computer, the list of certificate thumbprints trusted for a user is a combination of the list defined for the computer and the list defined for the user. + +This policy setting overrides the behavior of the "Allow .rdp files from valid publishers and user's default .rdp settings" policy setting. If the list contains a string that is not a certificate thumbprint, it is ignored. + + + + +ADMX Info: +- GP Friendly name: *Specify SHA1 thumbprints of certificates representing trusted .rdp publishers* +- GP name: *TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_2* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_CLIENT_TURN_OFF_UDP** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting specifies whether the UDP protocol will be used to access servers via Remote Desktop Protocol. + +If you enable this policy setting, Remote Desktop Protocol traffic will only use the TCP protocol. + +If you disable or do not configure this policy setting, Remote Desktop Protocol traffic will attempt to use both TCP and UDP protocols. + + + + +ADMX Info: +- GP Friendly name: *Turn Off UDP On Client* +- GP name: *TS_CLIENT_TURN_OFF_UDP* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_COLORDEPTH** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify the maximum color resolution (color depth) for Remote Desktop Services connections. You can use this policy setting to set a limit on the color depth of any connection that uses RDP. Limiting the color depth can improve connection performance, particularly over slow links, and reduce server load. + +If you enable this policy setting, the color depth that you specify is the maximum color depth allowed for a user's RDP connection. The actual color depth for the connection is determined by the color support available on the client computer. If you select Client Compatible, the highest color depth supported by the client will be used. + +If you disable or do not configure this policy setting, the color depth for connections is not specified at the Group Policy level. + +>[!NOTE] +> 1. Setting the color depth to 24 bits is only supported on Windows Server 2003 and Windows XP Professional. +>2. The value specified in this policy setting is not applied to connections from client computers that are using at least Remote Desktop Protocol 8.0 (computers running at least Windows 8 or Windows Server 2012). The 32-bit color depth format is always used for these connections. +>3. For connections from client computers that are using Remote Desktop Protocol 7.1 or earlier versions that are connecting to computers running at least Windows 8 or Windows Server 2012, the minimum of the following values is used as the color depth format: +> - a. Value specified by this policy setting +> - b. Maximum color depth supported by the client +> - c. Value requested by the client If the client does not support at least 16 bits, the connection is terminated. + + + + +ADMX Info: +- GP Friendly name: *Limit maximum color depth* +- GP name: *TS_COLORDEPTH* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_DELETE_ROAMING_USER_PROFILES** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to limit the size of the entire roaming user profile cache on the local drive. This policy setting only applies to a computer on which the Remote Desktop Session Host role service is installed. + +>[!NOTE] +>If you want to limit the size of an individual user profile, use the "Limit profile size" policy setting located in User Configuration\Policies\Administrative Templates\System\User Profiles. + +If you enable this policy setting, you must specify a monitoring interval (in minutes) and a maximum size (in gigabytes) for the entire roaming user profile cache. The monitoring interval determines how often the size of the entire roaming user profile cache is checked. + +When the size of the entire roaming user profile cache exceeds the maximum size that you have specified, the oldest (least recently used) roaming user profiles will be deleted until the size of the entire roaming user profile cache is less than the maximum size specified. + +If you disable or do not configure this policy setting, no restriction is placed on the size of the entire roaming user profile cache on the local drive. Note: This policy setting is ignored if the "Prevent Roaming Profile changes from propagating to the server" policy setting located in Computer Configuration\Policies\Administrative Templates\System\User Profiles is enabled. + + + + +ADMX Info: +- GP Friendly name: *Limit the size of the entire roaming user profile cache* +- GP name: *TS_DELETE_ROAMING_USER_PROFILES* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_DISABLE_REMOTE_DESKTOP_WALLPAPER** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy specifies whether desktop wallpaper is displayed to remote clients connecting via Remote Desktop Services. + +You can use this setting to enforce the removal of wallpaper during a Remote Desktop Services session. By default, Windows XP Professional displays wallpaper to remote clients connecting through Remote Desktop, depending on the client configuration (see the Experience tab in the Remote Desktop Connection options for more information). Servers running Windows Server 2003 do not display wallpaper by default to Remote Desktop Services sessions. + +If the status is set to Enabled, wallpaper never appears in a Remote Desktop Services session. + +If the status is set to Disabled, wallpaper might appear in a Remote Desktop Services session, depending on the client configuration. If the status is set to Not Configured, the default behavior applies. + + + + +ADMX Info: +- GP Friendly name: *Enforce Removal of Remote Desktop Wallpaper* +- GP name: *TS_DISABLE_REMOTE_DESKTOP_WALLPAPER* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + +**ADMX_TerminalServer/TS_DX_USE_FULL_HWGPU** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting enables system administrators to change the graphics rendering for all Remote Desktop Services sessions. If you enable this policy setting, all Remote Desktop Services sessions use the hardware graphics renderer instead of the Microsoft Basic Render Driver as the default adapter. + +If you disable this policy setting, all Remote Desktop Services sessions use the Microsoft Basic Render Driver as the default adapter. + +If you do not configure this policy setting, Remote Desktop Services sessions on the RD Session Host server use the Microsoft Basic Render Driver as the default adapter. In all other cases, Remote Desktop Services sessions use the hardware graphics renderer by default. + +>[!NOTE] +>The policy setting enables load-balancing of graphics processing units (GPU) on a computer with more than one GPU installed. The GPU configuration of the local session is not affected by this policy setting. + + + + +ADMX Info: +- GP Friendly name: *Use hardware graphics adapters for all Remote Desktop Services sessions* +- GP name: *TS_DX_USE_FULL_HWGPU* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_EASY_PRINT** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers. + +If you enable or do not configure this policy setting, the RD Session Host server first tries to use the Remote Desktop Easy Print printer driver to install all client printers. If for any reason the Remote Desktop Easy Print printer driver cannot be used, a printer driver on the RD Session Host server that matches the client printer is used. If the RD Session Host server does not have a printer driver that matches the client printer, the client printer is not available for the Remote Desktop session. + +If you disable this policy setting, the RD Session Host server tries to find a suitable printer driver to install the client printer. If the RD Session Host server does not have a printer driver that matches the client printer, the server tries to use the Remote Desktop Easy Print driver to install the client printer. If for any reason the Remote Desktop Easy Print printer driver cannot be used, the client printer is not available for the Remote Desktop Services session. + +>[!NOTE] +>If the "Do not allow client printer redirection" policy setting is enabled, the "Use Remote Desktop Easy Print printer driver first" policy setting is ignored. + + + + +ADMX Info: +- GP Friendly name: *Use Remote Desktop Easy Print printer driver first* +- GP name: *TS_EASY_PRINT* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_EASY_PRINT_User** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers. + +If you enable or do not configure this policy setting, the RD Session Host server first tries to use the Remote Desktop Easy Print printer driver to install all client printers. If for any reason the Remote Desktop Easy Print printer driver cannot be used, a printer driver on the RD Session Host server that matches the client printer is used. If the RD Session Host server does not have a printer driver that matches the client printer, the client printer is not available for the Remote Desktop session. + +If you disable this policy setting, the RD Session Host server tries to find a suitable printer driver to install the client printer. If the RD Session Host server does not have a printer driver that matches the client printer, the server tries to use the Remote Desktop Easy Print driver to install the client printer. If for any reason the Remote Desktop Easy Print printer driver cannot be used, the client printer is not available for the Remote Desktop Services session. + +>[!NOTE] +>If the "Do not allow client printer redirection" policy setting is enabled, the "Use Remote Desktop Easy Print printer driver first" policy setting is ignored. + + + + +ADMX Info: +- GP Friendly name: *Use Remote Desktop Easy Print printer driver first* +- GP name: *TS_EASY_PRINT_User* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_EnableVirtualGraphics** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to control the availability of RemoteFX on both a Remote Desktop Virtualization Host (RD Virtualization Host) server and a Remote Desktop Session Host (RD Session Host) server. When deployed on an RD Virtualization Host server, RemoteFX delivers a rich user experience by rendering content on the server by using graphics processing units (GPUs). + +By default, RemoteFX for RD Virtualization Host uses server-side GPUs to deliver a rich user experience over LAN connections and RDP 7.1. When deployed on an RD Session Host server, RemoteFX delivers a rich user experience by using a hardware-accelerated compression scheme. + +If you enable this policy setting, RemoteFX will be used to deliver a rich user experience over LAN connections and RDP 7.1. + +If you disable this policy setting, RemoteFX will be disabled. + +If you do not configure this policy setting, the default behavior will be used. By default, RemoteFX for RD Virtualization Host is enabled and RemoteFX for RD Session Host is disabled. + + + + +ADMX Info: +- GP Friendly name: *Configure RemoteFX* +- GP name: *TS_EnableVirtualGraphics* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for Windows Server 2008 R2* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_FALLBACKPRINTDRIVERTYPE** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify the RD Session Host server fallback printer driver behavior. By default, the RD Session Host server fallback printer driver is disabled. If the RD Session Host server does not have a printer driver that matches the client's printer, no printer will be available for the Remote Desktop Services session. + +If you enable this policy setting, the fallback printer driver is enabled, and the default behavior is for the RD Session Host server to find a suitable printer driver. If one is not found, the client's printer is not available. You can choose to change this default behavior. The available options are: + +- **Do nothing if one is not found** - If there is a printer driver mismatch, the server will attempt to find a suitable driver. If one is not found, the client's printer is not available. This is the default behavior. +- **Default to PCL if one is not found** - If no suitable printer driver can be found, default to the Printer Control Language (PCL) fallback printer driver. +- **Default to PS if one is not found**- If no suitable printer driver can be found, default to the PostScript (PS) fallback printer driver. +- **Show both PCL and PS if one is not found**- If no suitable driver can be found, show both PS and PCL-based fallback printer drivers. + +If you disable this policy setting, the RD Session Host server fallback driver is disabled and the RD Session Host server will not attempt to use the fallback printer driver. If you do not configure this policy setting, the fallback printer driver behavior is off by default. + +>[!NOTE] +>If the **Do not allow client printer redirection** setting is enabled, this policy setting is ignored and the fallback printer driver is disabled. + + + + +ADMX Info: +- GP Friendly name: *Specify RD Session Host server fallback printer driver behavior* +- GP name: *TS_FALLBACKPRINTDRIVERTYPE* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_FORCIBLE_LOGOFF** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting determines whether an administrator attempting to connect remotely to the console of a server can log off an administrator currently logged on to the console. This policy is useful when the currently connected administrator does not want to be logged off by another administrator. If the connected administrator is logged off, any data not previously saved is lost. + +If you enable this policy setting, logging off the connected administrator is not allowed. + +If you disable or do not configure this policy setting, logging off the connected administrator is allowed. + +>[!NOTE] +>The console session is also known as Session 0. Console access can be obtained by using the /console switch from Remote Desktop Connection in the computer field name or from the command line. + + + + +ADMX Info: +- GP Friendly name: *Deny logoff of an administrator logged in to the console session* +- GP name: *TS_FORCIBLE_LOGOFF* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_GATEWAY_POLICY_ENABLE** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +If you enable this policy setting, when Remote Desktop Connection cannot connect directly to a remote computer (an RD Session Host server or a computer with Remote Desktop enabled), the clients will attempt to connect to the remote computer through an RD Gateway server. + +In this case, the clients will attempt to connect to the RD Gateway server that is specified in the "Set RD Gateway server address" policy setting. You can enforce this policy setting or you can allow users to overwrite this setting. + +By default, when you enable this policy setting, it is enforced. When this policy setting is enforced, users cannot override this setting, even if they select the "Use these RD Gateway server settings" option on the client. Note: To enforce this policy setting, you must also specify the address of the RD Gateway server by using the "Set RD Gateway server address" policy setting, or client connection attempts to any remote computer will fail, if the client cannot connect directly to the remote computer. + +To enhance security, it is also highly recommended that you specify the authentication method by using the "Set RD Gateway authentication method" policy setting. If you do not specify an authentication method by using this policy setting, either the NTLM protocol that is enabled on the client or a smart card can be used. To allow users to overwrite this policy setting, select the "Allow users to change this setting" check box. + +When you do this, users on the client can choose not to connect through the RD Gateway server by selecting the "Do not use an RD Gateway server" option. Users can specify a connection method by configuring settings on the client, using an RDP file, or using an HTML script. If users do not specify a connection method, the connection method that you specify in this policy setting is used by default. + +If you disable or do not configure this policy setting, clients will not use the RD Gateway server address that is specified in the "Set RD Gateway server address" policy setting. If an RD Gateway server is specified by the user, a client connection attempt will be made through that RD Gateway server. ADMX Info: -- GP Friendly name: *Allow time zone redirection* +- GP Friendly name: *Enable connection through RD Gateway* - GP name: *TS_GATEWAY_POLICY_ENABLE* -- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP path: *Windows Components\Remote Desktop Services\RD Gateway* - GP ADMX file name: *TerminalServer.admx* @@ -161,15 +2519,13 @@ ADMX Info: -This policy setting specifies whether to prevent the sharing of Clipboard contents (Clipboard redirection) between a remote computer and a client computer during a Remote Desktop Services session. +This policy specifies the authentication method that clients must use when attempting to connect to an RD Session Host server through an RD Gateway server. You can enforce this policy setting or you can allow users to overwrite this policy setting. -You can use this setting to prevent users from redirecting Clipboard data to and from the remote computer and the local computer. By default, Remote Desktop Services allows Clipboard redirection. +By default, when you enable this policy setting, it is enforced. When this policy setting is enforced, users cannot override this setting, even if they select the "Use these RD Gateway server settings" option on the client. -If you enable this policy setting, users cannot redirect Clipboard data. +To allow users to overwrite this policy setting, select the "Allow users to change this setting" check box. When you do this, users can specify an alternate authentication method by configuring settings on the client, using an RDP file, or using an HTML script. If users do not specify an alternate authentication method, the authentication method that you specify in this policy setting is used by default. -If you disable this policy setting, Remote Desktop Services always allows Clipboard redirection. - -If you do not configure this policy setting, Clipboard redirection is not specified at the Group Policy level. +If you disable or do not configure this policy setting, the authentication method that is specified by the user is used, if one is specified. If an authentication method is not specified, the Negotiate protocol that is enabled on the client or a smart card can be used for authentication. @@ -177,16 +2533,1062 @@ If you do not configure this policy setting, Clipboard redirection is not specif ADMX Info: -- GP Friendly name: *Do not allow Clipboard redirection* +- GP Friendly name: *Set RD Gateway authentication method* - GP name: *TS_GATEWAY_POLICY_AUTH_METHOD* -- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP path: *Windows Components\Remote Desktop Services\RD Gateway* - GP ADMX file name: *TerminalServer.admx*
+ +**ADMX_TerminalServer/TS_GATEWAY_POLICY_SERVER** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy specifies the address of the RD Gateway server that clients must use when attempting to connect to an RD Session Host server. You can enforce this policy setting or you can allow users to overwrite this policy setting. + +By default, when you enable this policy setting, it is enforced. When this policy setting is enforced, users cannot override this setting, even if they select the "Use these RD Gateway server settings" option on the client. + +>[!NOTE] +>It is highly recommended that you also specify the authentication method by using the **Set RD Gateway authentication method** policy setting. If you do not specify an authentication method by using this setting, either the NTLM protocol that is enabled on the client or a smart card can be used. + +To allow users to overwrite the **Set RD Gateway server address** policy setting and connect to another RD Gateway server, you must select the **Allow users to change this setting** check box and users will be allowed to specify an alternate RD Gateway server. + +Users can specify an alternative RD Gateway server by configuring settings on the client, using an RDP file, or using an HTML script. If users do not specify an alternate RD Gateway server, the server that you specify in this policy setting is used by default. + +>[!NOTE] +>If you disable or do not configure this policy setting, but enable the **Enable connections through RD Gateway** policy setting, client connection attempts to any remote computer will fail, if the client cannot connect directly to the remote computer. If an RD Gateway server is specified by the user, a client connection attempt will be made through that RD Gateway server. + + + + +ADMX Info: +- GP Friendly name: *Set RD Gateway server address* +- GP name: *TS_GATEWAY_POLICY_SERVER* +- GP path: *Windows Components\Remote Desktop Services\RD Gateway* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + +**ADMX_TerminalServer/TS_JOIN_SESSION_DIRECTORY** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify whether the RD Session Host server should join a farm in RD Connection Broker. RD Connection Broker tracks user sessions and allows a user to reconnect to their existing session in a load-balanced RD Session Host server farm. To participate in RD Connection Broker, the Remote Desktop Session Host role service must be installed on the server. + +If the policy setting is enabled, the RD Session Host server joins the farm that is specified in the RD Connection Broker farm name policy setting. The farm exists on the RD Connection Broker server that is specified in the Configure RD Connection Broker server name policy setting. + +If you disable this policy setting, the server does not join a farm in RD Connection Broker, and user session tracking is not performed. If the policy setting is disabled, you cannot use either the Remote Desktop Session Host Configuration tool or the Remote Desktop Services WMI Provider to join the server to RD Connection Broker. + +If the policy setting is not configured, the policy setting is not specified at the Group Policy level. + +>[!NOTE] +>1. If you enable this policy setting, you must also enable the Configure RD Connection Broker farm name and Configure RD Connection Broker server name policy settings. +>2. For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard. + + + + +ADMX Info: +- GP Friendly name: *Join RD Connection Broker* +- GP name: *TS_JOIN_SESSION_DIRECTORY* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_KEEP_ALIVE** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to enter a keep-alive interval to ensure that the session state on the RD Session Host server is consistent with the client state. + +After an RD Session Host server client loses the connection to an RD Session Host server, the session on the RD Session Host server might remain active instead of changing to a disconnected state, even if the client is physically disconnected from the RD Session Host server. If the client logs on to the same RD Session Host server again, a new session might be established (if the RD Session Host server is configured to allow multiple sessions), and the original session might still be active. + +If you enable this policy setting, you must enter a keep-alive interval. The keep-alive interval determines how often, in minutes, the server checks the session state. The range of values you can enter is 1 to 999,999. + +If you disable or do not configure this policy setting, a keep-alive interval is not set and the server will not check the session state. + + + + +ADMX Info: +- GP Friendly name: *Configure keep-alive connection interval* +- GP name: *TS_KEEP_ALIVE* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_LICENSE_SECGROUP** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify the RD Session Host servers to which a Remote Desktop license server will offer Remote Desktop Services client access licenses (RDS CALs). + +You can use this policy setting to control which RD Session Host servers are issued RDS CALs by the Remote Desktop license server. By default, a license server issues an RDS CAL to any RD Session Host server that requests one. + +If you enable this policy setting and this policy setting is applied to a Remote Desktop license server, the license server will only respond to RDS CAL requests from RD Session Host servers whose computer accounts are a member of the RDS Endpoint Servers group on the license server. By default, the RDS Endpoint Servers group is empty. + +If you disable or do not configure this policy setting, the Remote Desktop license server issues an RDS CAL to any RD Session Host server that requests one. The RDS Endpoint Servers group is not deleted or changed in any way by disabling or not configuring this policy setting. + +>[!NOTE] +>You should only enable this policy setting when the license server is a member of a domain. You can only add computer accounts for RD Session Host servers to the RDS Endpoint Servers group when the license server is a member of a domain. + + + + +ADMX Info: +- GP Friendly name: *License server security group* +- GP name: *TS_LICENSE_SECGROUP* +- GP path: *Windows Components\Remote Desktop Services\RD Licensing* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_LICENSE_SERVERS** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify the order in which an RD Session Host server attempts to locate Remote Desktop license servers. + +If you enable this policy setting, an RD Session Host server first attempts to locate the specified license servers. If the specified license servers cannot be located, the RD Session Host server will attempt automatic license server discovery. + +In the automatic license server discovery process, an RD Session Host server in a Windows Server-based domain attempts to contact a license server in the following order: +1. Remote Desktop license servers that are published in Active Directory Domain Services. +2. Remote Desktop license servers that are installed on domain controllers in the same domain as the RD Session Host server. + +1If you disable or do not configure this policy setting, the RD Session Host server does not specify a license server at the Group Policy level. + + + + +ADMX Info: +- GP Friendly name: *Use the specified Remote Desktop license servers* +- GP name: *TS_LICENSE_SERVERS* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_LICENSE_TOOLTIP** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting determines whether notifications are displayed on an RD Session Host server when there are problems with RD Licensing that affect the RD Session Host server. + +By default, notifications are displayed on an RD Session Host server after you log on as a local administrator, if there are problems with RD Licensing that affect the RD Session Host server. If applicable, a notification will also be displayed that notes the number of days until the licensing grace period for the RD Session Host server will expire. + +If you enable this policy setting, these notifications will not be displayed on the RD Session Host server. + +If you disable or do not configure this policy setting, these notifications will be displayed on the RD Session Host server after you log on as a local administrator. + + + + +ADMX Info: +- GP Friendly name: *Hide notifications about RD Licensing problems that affect the RD Session Host server* +- GP name: *TS_LICENSE_TOOLTIP* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_LICENSING_MODE** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify the type of Remote Desktop Services client access license (RDS CAL) that is required to connect to this RD Session Host server. + +You can use this policy setting to select one of three licensing modes: Per User , Per Device and AAD Per User . +- Per User licensing mode requires that each user account connecting to this RD Session Host server have an RDS Per User CAL issued from an RD Licensing server. +- Per Device licensing mode requires that each device connecting to this RD Session Host server have an RDS Per Device CAL issued from an RD Licensing server. +- AAD Per User licensing mode requires that each user account connecting to this RD Session Host server have a service plan that supports RDS licenses assigned in AAD. + +If you enable this policy setting, the Remote Desktop licensing mode that you specify is honored by the Remote Desktop license server and RD Session Host. + +If you disable or do not configure this policy setting, the licensing mode is not specified at the Group Policy level. + + + + +ADMX Info: +- GP Friendly name: *Set the Remote Desktop licensing mode* +- GP name: *TS_LICENSING_MODE* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_MAX_CON_POLICY** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy specifies whether Remote Desktop Services limits the number of simultaneous connections to the server. You can use this setting to restrict the number of Remote Desktop Services sessions that can be active on a server. If this number is exceeded, additional users who try to connect receive an error message telling them that the server is busy and to try again later. Restricting the number of sessions improves performance because fewer sessions are demanding system resources. + +By default, RD Session Host servers allow an unlimited number of Remote Desktop Services sessions, and Remote Desktop for Administration allows two Remote Desktop Services sessions. + +To use this setting, enter the number of connections you want to specify as the maximum for the server. To specify an unlimited number of connections, type 999999. + +If the status is set to Enabled, the maximum number of connections is limited to the specified number consistent with the version of Windows and the mode of Remote Desktop Services running on the server. + +If the status is set to Disabled or Not Configured, limits to the number of connections are not enforced at the Group Policy level. + +>[!NOTE] +>This setting is designed to be used on RD Session Host servers (that is, on servers running Windows with Remote Desktop Session Host role service installed). + + + + +ADMX Info: +- GP Friendly name: *Limit number of connections* +- GP name: *TS_MAX_CON_POLICY* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_MAXDISPLAYRES** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify the maximum display resolution that can be used by each monitor used to display a Remote Desktop Services session. Limiting the resolution used to display a remote session can improve connection performance, particularly over slow links, and reduce server load. + +If you enable this policy setting, you must specify a resolution width and height. The resolution specified will be the maximum resolution that can be used by each monitor used to display a Remote Desktop Services session. + +If you disable or do not configure this policy setting, the maximum resolution that can be used by each monitor to display a Remote Desktop Services session will be determined by the values specified on the Display Settings tab in the Remote Desktop Session Host Configuration tool. + + + + +ADMX Info: +- GP Friendly name: *Limit maximum display resolution* +- GP name: *TS_MAXDISPLAYRES* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_MAXMONITOR** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to limit the number of monitors that a user can use to display a Remote Desktop Services session. Limiting the number of monitors to display a Remote Desktop Services session can improve connection performance, particularly over slow links, and reduce server load. + +If you enable this policy setting, you can specify the number of monitors that can be used to display a Remote Desktop Services session. You can specify a number from 1 to 16. + +If you disable or do not configure this policy setting, the number of monitors that can be used to display a Remote Desktop Services session is not specified at the Group Policy level. + + + + +ADMX Info: +- GP Friendly name: *Limit number of monitors* +- GP name: *TS_MAXMONITOR* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_NoDisconnectMenu** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to remove the "Disconnect" option from the Shut Down Windows dialog box in Remote Desktop Services sessions. You can use this policy setting to prevent users from using this familiar method to disconnect their client from an RD Session Host server. + +If you enable this policy setting, "Disconnect" does not appear as an option in the drop-down list in the Shut Down Windows dialog box. + +If you disable or do not configure this policy setting, "Disconnect" is not removed from the list in the Shut Down Windows dialog box. + +>[!NOTE] +>This policy setting affects only the Shut Down Windows dialog box. It does not prevent users from using other methods to disconnect from a Remote Desktop Services session. + +This policy setting also does not prevent disconnected sessions at the server. You can control how long a disconnected session remains active on the server by configuring the **Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\RD Session Host\Session Time Limits\Set time limit for disconnected sessions** policy setting. + + + + +ADMX Info: +- GP Friendly name: *Remove "Disconnect" option from Shut Down dialog* +- GP name: *TS_NoDisconnectMenu* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_NoSecurityMenu** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy specifies whether to remove the Windows Security item from the Settings menu on Remote Desktop clients. You can use this setting to prevent inexperienced users from logging off from Remote Desktop Services inadvertently. + +If the status is set to Enabled, Windows Security does not appear in Settings on the Start menu. As a result, users must type a security attention sequence, such as CTRL+ALT+END, to open the Windows Security dialog box on the client computer. + +If the status is set to Disabled or Not Configured, Windows Security remains in the Settings menu. + + + + +ADMX Info: +- GP Friendly name: *Remove Windows Security item from Start menu* +- GP name: *TS_NoSecurityMenu* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_PreventLicenseUpgrade** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify which version of Remote Desktop Services client access license (RDS CAL) a Remote Desktop Services license server will issue to clients connecting to RD Session Host servers running other Windows-based operating systems. + +A license server attempts to provide the most appropriate RDS or TS CAL for a connection. For example, a Windows Server 2008 license server will try to issue a Windows Server 2008 TS CAL for clients connecting to a terminal server running Windows Server 2008, and will try to issue a Windows Server 2003 TS CAL for clients connecting to a terminal server running Windows Server 2003. + +By default, if the most appropriate RDS CAL is not available for a connection, a Windows Server 2008 license server will issue a Windows Server 2008 TS CAL, if available, to the following: +- A client connecting to a Windows Server 2003 terminal server +- A client connecting to a Windows 2000 terminal server + +If you enable this policy setting, the license server will only issue a temporary RDS CAL to the client if an appropriate RDS CAL for the RD Session Host server is not available. If the client has already been issued a temporary RDS CAL and the temporary RDS CAL has expired, the client will not be able to connect to the RD Session Host server unless the RD Licensing grace period for the RD Session Host server has not expired. + +If you disable or do not configure this policy setting, the license server will exhibit the default behavior noted earlier. + + + + +ADMX Info: +- GP Friendly name: *Prevent license upgrade* +- GP name: *TS_PreventLicenseUpgrade* +- GP path: *Windows Components\Remote Desktop Services\RD Licensing* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
+ + +**ADMX_TerminalServer/TS_PROMT_CREDS_CLIENT_COMP** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting determines whether a user will be prompted on the client computer to provide credentials for a remote connection to an RD Session Host server. + +If you enable this policy setting, a user will be prompted on the client computer instead of on the RD Session Host server to provide credentials for a remote connection to an RD Session Host server. If saved credentials for the user are available on the client computer, the user will not be prompted to provide credentials. + +>[!NOTE] +>If you enable this policy setting in releases of Windows Server 2008 R2 with SP1 or Windows Server 2008 R2, and a user is prompted on both the client computer and on the RD Session Host server to provide credentials, clear the Always prompt for password check box on the Log on Settings tab in Remote Desktop Session Host Configuration. + +If you disable or do not configure this policy setting, the version of the operating system on the RD Session Host server will determine when a user is prompted to provide credentials for a remote connection to an RD Session Host server. + +For Windows Server 2003 and Windows 2000 Server a user will be prompted on the terminal server to provide credentials for a remote connection. For Windows Server 2008 and Windows Server 2008 R2, a user will be prompted on the client computer to provide credentials for a remote connection. + + + + +ADMX Info: +- GP Friendly name: *Prompt for credentials on the client computer* +- GP name: *TS_PROMT_CREDS_CLIENT_COMP* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client* +- GP ADMX file name: *TerminalServer.admx* + + + + + +
From 2728f29438458f6d694d286f0f178d603e2766c0 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Fri, 19 Nov 2021 15:46:26 +0530 Subject: [PATCH 022/420] Update policy-csp-admx-terminalserver.md --- .../mdm/policy-csp-admx-terminalserver.md | 1229 +++++++++++++++++ 1 file changed, 1229 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md index 2833f7d9f9..f4dd2966a5 100644 --- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md +++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md @@ -36,6 +36,54 @@ manager: dansimp
ADMX_TerminalServer/TS_RADC_DefaultConnection
+
+ ADMX_TerminalServer/TS_RDSAppX_WaitForRegistration +
+
+ ADMX_TerminalServer/TS_RemoteControl_1 +
+
+ ADMX_TerminalServer/TS_RemoteControl_2 +
+
+ ADMX_TerminalServer/TS_RemoteDesktopVirtualGraphics +
+
+ ADMX_TerminalServer/TS_SD_ClustName +
+
+ ADMX_TerminalServer/TS_SD_EXPOSE_ADDRESS +
+
+ ADMX_TerminalServer/TS_SD_Loc +
+
+ ADMX_TerminalServer/TS_SECURITY_LAYER_POLICY +
+
+ ADMX_TerminalServer/TS_SELECT_NETWORK_DETECT +
+
+ ADMX_TerminalServer/TS_SELECT_TRANSPORT +
+
+ ADMX_TerminalServer/TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP +
+
+ ADMX_TerminalServer/TS_SERVER_AUTH +
+
+ ADMX_TerminalServer/TS_SERVER_AVC_HW_ENCODE_PREFERRED +
+
+ ADMX_TerminalServer/TS_SERVER_AVC444_MODE_PREFERRED +
+
+ ADMX_TerminalServer/TS_SERVER_COMPRESSOR +
+
+ ADMX_TerminalServer/TS_SERVER_IMAGE_QUALITY +
@@ -263,5 +311,1186 @@ ADMX Info:
+ +**ADMX_TerminalServer/TS_RDSAppX_WaitForRegistration** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + + +This policy setting allows you to specify whether the app registration is completed before showing the Start screen to the user. By default, when a new user signs in to a computer, the Start screen is shown and apps are registered in the background. However, some apps may not work until app registration is complete. + +- If you enable this policy setting, user sign-in is blocked for up to 6 minutes to complete the app registration. You can use this policy setting when customizing the Start screen on Remote Desktop Session Host servers. + +- If you disable or do not configure this policy setting, the Start screen is shown and apps are registered in the background. + + + + + + +ADMX Info: +- GP Friendly name: *Suspend user sign-in to complete app registration* +- GP name: *TS_RDSAppX_WaitForRegistration* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + +
+ + +**ADMX_TerminalServer/TS_RemoteControl_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + + +This policy determines whether the RPC protocol messagese used by VSS for SMB2 File Shares feature is enabled. VSS for SMB2 File Shares feature enables VSS aware backup applications to perform application consistent backup and restore of VSS aware applications storing data on SMB2 File Shares. By default, the RPC protocol message between File Server VSS provider and File Server VSS Agent is signed but not encrypted. + +To make changes to this setting effective, you must restart Volume Shadow Copy (VSS) Service. + + + + + + +ADMX Info: +- GP Friendly name: *Allow or Disallow use of encryption to protect the RPC protocol messages between File Share Shadow Copy Provider running on application server and File Share Shadow Copy Agent running on the file servers* +- GP name: *TS_RemoteControl_1* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + +
+ + +**ADMX_TerminalServer/TS_RemoteControl_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + + +This policy determines whether the RPC protocol messagese used by VSS for SMB2 File Shares feature is enabled. VSS for SMB2 File Shares feature enables VSS aware backup applications to perform application consistent backup and restore of VSS aware applications storing data on SMB2 File Shares. By default, the RPC protocol message between File Server VSS provider and File Server VSS Agent is signed but not encrypted. + +To make changes to this setting effective, you must restart Volume Shadow Copy (VSS) Service. + + + + + + +ADMX Info: +- GP Friendly name: *Allow or Disallow use of encryption to protect the RPC protocol messages between File Share Shadow Copy Provider running on application server and File Share Shadow Copy Agent running on the file servers* +- GP name: *TS_RemoteControl_2* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + +
+ + +**ADMX_TerminalServer/TS_RemoteDesktopVirtualGraphics** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + + +This policy setting allows you to specify the visual experience that remote users will have in Remote Desktop Connection (RDC) connections that use RemoteFX. + +You can use this policy to balance the network bandwidth usage with the type of graphics experience that is delivered. + +Depending on the requirements of your users, you can reduce network bandwidth usage by reducing the screen capture rate. You can also reduce network bandwidth usage by reducing the image quality (increasing the amount of image compression that is performed). If you have a higher than average bandwidth network, you can maximize the utilization of bandwidth by selecting the highest setting for screen capture rate and the highest setting for image quality. + +By default, Remote Desktop Connection sessions that use RemoteFX are optimized for a balanced experience over LAN conditions. If you disable or do not configure this policy setting, Remote Desktop Connection sessions that use RemoteFX will be the same as if the medium screen capture rate and the medium image compression settings were selected (the default behavior). + + + + + + +ADMX Info: +- GP Friendly name: *Optimize visual experience when using RemoteFX* +- GP name: *TS_RemoteDesktopVirtualGraphics* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + +
+ + +**ADMX_TerminalServer/TS_SD_ClustName** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + + +This policy setting allows you to specify the name of a farm to join in RD Connection Broker. + +RD Connection Broker uses the farm name to determine which RD Session Host servers are in the same RD Session Host server farm. Therefore, you must use the same farm name for all RD Session Host servers in the same load-balanced farm. The farm name does not have to correspond to a name in Active Directory Domain Services. + +If you specify a new farm name, a new farm is created in RD Connection Broker. If you specify an existing farm name, the server joins that farm in RD Connection Broker. + +- If you enable this policy setting, you must specify the name of a farm in RD Connection Broker. +- If you disable or do not configure this policy setting, the farm name is not specified at the Group Policy level. + +- This policy setting is not effective unless both the Join RD Connection Broker and the Configure RD Connection Broker server name policy settings are enabled and configured by using Group Policy. +- For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard. + + + + + +ADMX Info: +- GP Friendly name: *Configure RD Connection Broker farm name* +- GP name: *TS_SD_ClustName* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + +
+ + +**ADMX_TerminalServer/TS_SD_EXPOSE_ADDRESS** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + + +This policy setting allows you to specify the redirection method to use when a client device reconnects to an existing Remote Desktop Services session in a load-balanced RD Session Host server farm. + +This setting applies to an RD Session Host server that is configured to use RD Connection Broker and not to the RD Connection Broker server. + +- If you enable this policy setting, a Remote Desktop Services client queries the RD Connection Broker server and is redirected to their existing session by using the IP address of the RD Session Host server where their session exists. To use this redirection method, client computers must be able to connect directly by IP address to RD Session Host servers in the farm. + +- If you disable this policy setting, the IP address of the RD Session Host server is not sent to the client. Instead, the IP address is embedded in a token. + +When a client reconnects to the load balancer, the routing token is used to redirect the client to their existing session on the correct RD Session Host server in the farm. Only disable this setting when your network load-balancing solution supports the use of RD Connection Broker routing tokens and you do not want clients to directly connect by IP address to RD Session Host servers in the load-balanced farm. + +If you do not configure this policy setting, the Use IP address redirection policy setting is not enforced at the group Group policy Policy level and the default will be used. This setting is enabled by default. + +For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard. + + + + + + +ADMX Info: +- GP Friendly name: *Use IP Address Redirection* +- GP name: *TS_SD_EXPOSE_ADDRESS* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + +
+ + +**ADMX_TerminalServer/TS_SD_Loc** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + + +This policy setting allows you to specify the RD Connection Broker server that the RD Session Host server uses to track and redirect user sessions for a load-balanced RD Session Host server farm. The specified server must be running the Remote Desktop Connection Broker service. + +All RD Session Host servers in a load-balanced farm should use the same RD Connection Broker server. + +- If you enable this policy setting, you must specify the RD Connection Broker server by using its fully qualified domain name (FQDN). In Windows Server 2012, for a high availability setup with multiple RD Connection Broker servers, you must provide a semi-colon separated list of the FQDNs of all the RD Connection Broker servers. + +- If you disable or do not configure this policy setting, the policy setting is not specified at the Group Policy level. + +For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard. +This policy setting is not effective unless the Join RD Connection Broker policy setting is enabled. + +To be an active member of an RD Session Host server farm, the computer account for each RD Session Host server in the farm must be a member of one of the following local groups on the RD Connection Broker server: Session Directory Computers, Session Broker Computers, or RDS Endpoint Servers. + + + + + +ADMX Info: +- GP Friendly name: *Configure RD Connection Broker server name* +- GP name: *TS_SD_Loc* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + +
+ + +**ADMX_TerminalServer/TS_SECURITY_LAYER_POLICY** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + + +This policy setting specifies whether to require the use of a specific security layer to secure communications between clients and RD Session Host servers during Remote Desktop Protocol (RDP) connections. + +- If you enable this policy setting, all communications between clients and RD Session Host servers during remote connections must use the security method specified in this setting. + +The following security methods are available: + +- * Negotiate: The Negotiate method enforces the most secure method that is supported by the client. If Transport Layer Security (TLS) version 1.0 is supported, it is used to authenticate the RD Session Host server. If TLS is not supported, native Remote Desktop Protocol (RDP) encryption is used to secure communications, but the RD Session Host server is not authenticated. Native RDP encryption (as opposed to SSL encryption) is not recommended. + +- * RDP: The RDP method uses native RDP encryption to secure communications between the client and RD Session Host server. If you select this setting, the RD Session Host server is not authenticated. Native RDP encryption (as opposed to SSL encryption) is not recommended. + +- * SSL (TLS 1.0): The SSL method requires the use of TLS 1.0 to authenticate the RD Session Host server. If TLS is not supported, the connection fails. This is the recommended setting for this policy. + +- If you disable or do not configure this policy setting, the security method to be used for remote connections to RD Session Host servers is not specified at the Group Policy level. + + + + + +ADMX Info: +- GP Friendly name: *Require use of specific security layer for remote (RDP) connections* +- GP name: *TS_SECURITY_LAYER_POLICY* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + +
+ + +**ADMX_TerminalServer/TS_SELECT_NETWORK_DETECT** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + + +This policy setting allows you to specify how the Remote Desktop Protocol will try to detect the network quality (bandwidth and latency). +You can choose to disable Connect Time Detect, Continuous Network Detect, or both Connect Time Detect and Continuous Network Detect. +- If you disable Connect Time Detect, Remote Desktop Protocol will not determine the network quality at the connect time, and it will assume that all traffic to this server originates from a low-speed connection. +- If you disable Continuous Network Detect, Remote Desktop Protocol will not try to adapt the remote user experience to varying network quality. +- If you disable Connect Time Detect and Continuous Network Detect, Remote Desktop Protocol will not try to determine the network quality at the connect time; instead it will assume that all traffic to this server originates from a low-speed connection, and it will not try to adapt the user experience to varying network quality. +- If you disable or do not configure this policy setting, Remote Desktop Protocol will spend up to a few seconds trying to determine the network quality prior to the connection, and it will continuously try to adapt the user experience to varying network quality. + + + + + +ADMX Info: +- GP Friendly name: *Select network detection on the server* +- GP name: *TS_SELECT_NETWORK_DETECT* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + +
+ + +**ADMX_TerminalServer/TS_SELECT_TRANSPORT** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + + +This policy setting allows you to specify which protocols can be used for Remote Desktop Protocol (RDP) access to this server. + +- If you enable this policy setting, you must specify if you would like RDP to use UDP. You can select one of the following options: +"Use both UDP and TCP", "Use only TCP" or "Use either UDP or TCP (default)" If you select "Use either UDP or TCP" and the UDP connection is successful, most of the RDP traffic will use UDP. If the UDP connection is not successful or if you select "Use only TCP," all of the RDP traffic will use TCP. + +- If you disable or do not configure this policy setting, RDP will choose the optimal protocols for delivering the best user experience. + + + + +ADMX Info: +- GP Friendly name: *Select RDP transport protocols* +- GP name: *TS_SELECT_TRANSPORT* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + +
+ + +**ADMX_TerminalServer/TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + + +This policy setting allows you to enable RemoteApp programs to use advanced graphics, including support for transparency, live thumbnails, and seamless application moves. + +This policy setting applies only to RemoteApp programs and does not apply to remote desktop sessions. + +- If you enable or do not configure this policy setting, RemoteApp programs published from this RD Session Host server will use these advanced graphics. + +- If you disable this policy setting, RemoteApp programs published from this RD Session Host server will not use these advanced graphics. + +You may want to choose this option if you discover that applications published as RemoteApp programs do not support these advanced graphics. + + + + +ADMX Info: +- GP Friendly name: *Use advanced RemoteFX graphics for RemoteApp* +- GP name: *TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + +
+ + +**ADMX_TerminalServer/TS_SERVER_AUTH** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + + +This policy setting allows you to specify whether the client will establish a connection to the RD Session Host server when the client cannot authenticate the RD Session Host server. + +- If you enable this policy setting, you must specify one of the following settings: + +Always connect, even if authentication fails: The client connects to the RD Session Host server even if the client cannot authenticate the RD Session Host server. + +Warn me if authentication fails: The client attempts to authenticate the RD Session Host server. If the RD Session Host server can be authenticated, the client establishes a connection to the RD Session Host server. If the RD Session Host server cannot be authenticated, the user is prompted to choose whether to connect to the RD Session Host server without authenticating the RD Session Host server. + +Do not connect if authentication fails: The client establishes a connection to the RD Session Host server only if the RD Session Host server can be authenticated. + +- If you disable or do not configure this policy setting, the authentication setting that is specified in Remote Desktop Connection or in the .rdp file determines whether the client establishes a connection to the RD Session Host server when the client cannot authenticate the RD Session Host server. + + + + +ADMX Info: +- GP Friendly name: *Configure server authentication for client* +- GP name: *TS_SERVER_AUTH* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + +
+ + +**ADMX_TerminalServer/TS_SERVER_AVC_HW_ENCODE_PREFERRED** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + + +This policy setting lets you enable H.264/AVC hardware encoding support for Remote Desktop Connections. + +- When you enable hardware encoding, if an error occurs, we will attempt to use software encoding. + +- If you disable or do not configure this policy, we will always use software encoding. + + + + +ADMX Info: +- GP Friendly name: *Configure H.264/AVC hardware encoding for Remote Desktop Connections* +- GP name: *TS_SERVER_AVC_HW_ENCODE_PREFERRED* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + +
+ + +**ADMX_TerminalServer/TS_SERVER_AVC444_MODE_PREFERRED** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + + +This policy setting prioritizes the H.264/AVC 444 graphics mode for non-RemoteFX vGPU scenarios. + +When you use this setting on the RDP server, the server will use H.264/AVC 444 as the codec in an RDP 10 connection where both the client and server can use H.264/AVC 444. + + + + +ADMX Info: +- GP Friendly name: *Prioritize H.264/AVC 444 graphics mode for Remote Desktop Connections* +- GP name: *TS_SERVER_AVC444_MODE_PREFERRED* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + +
+ + +**ADMX_TerminalServer/TS_SERVER_COMPRESSOR** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + + +This policy setting allows you to specify which Remote Desktop Protocol (RDP) compression algorithm to use. By default, servers use an RDP compression algorithm that is based on the server's hardware configuration. + +If you enable this policy setting, you can specify which RDP compression algorithm to use. + +If you select the algorithm that is optimized to use less memory, this option is less memory-intensive, but uses more network bandwidth. + +If you select the algorithm that is optimized to use less network bandwidth, this option uses less network bandwidth, but is more memory-intensive. + +Additionally, a third option is available that balances memory usage and network bandwidth. In Windows 8 only the compression algorithm that balances memory usage and bandwidth is used. You can also choose not to use an RDP compression algorithm. Choosing not to use an RDP compression algorithm will use more network bandwidth and is only recommended if you are using a hardware device that is designed to optimize network traffic. Even if you choose not to use an RDP compression algorithm, some graphics data will still be compressed. If you disable or do not configure this policy setting, the default RDP compression algorithm will be used. + + + + +ADMX Info: +- GP Friendly name: *Configure compression for RemoteFX data* +- GP name: *TS_SERVER_COMPRESSOR* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + +
+ + +**ADMX_TerminalServer/TS_SERVER_IMAGE_QUALITY** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + + +This policy setting allows you to specify the visual quality for remote users when connecting to this computer by using Remote Desktop Connection. You can use this policy setting to balance the network bandwidth usage with the visual quality that is delivered. + +- If you enable this policy setting and set quality to Low, RemoteFX Adaptive Graphics uses an encoding mechanism that results in low quality images. This mode consumes the lowest amount of network bandwidth of the quality modes. + +- If you enable this policy setting and set quality to Medium, RemoteFX Adaptive Graphics uses an encoding mechanism that results in medium quality images. This mode provides better graphics quality than low quality and uses less bandwidth than high quality. + +- If you enable this policy setting and set quality to High, RemoteFX Adaptive Graphics uses an encoding mechanism that results in high quality images and consumes moderate network bandwidth. + +- If you enable this policy setting and set quality to Lossless, RemoteFX Adaptive Graphics uses lossless encoding. In this mode, the color integrity of the graphics data is not impacted. However, this setting results in a significant increase in network bandwidth consumption. We recommend that you set this for very specific cases only. + +- If you disable or do not configure this policy setting, RemoteFX Adaptive Graphics uses an encoding mechanism that results in medium quality images. + + + + +ADMX Info: +- GP Friendly name: *Configure image quality for RemoteFX Adaptive Graphics* +- GP name: *TS_SERVER_IMAGE_QUALITY* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + +
+ From e5d84d5a6d6238a0267b51c21e80d05117036712 Mon Sep 17 00:00:00 2001 From: Makazeu Date: Fri, 19 Nov 2021 21:32:37 +0800 Subject: [PATCH 023/420] Update index.md Fixes a typo --- windows/whats-new/ltsc/index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/whats-new/ltsc/index.md b/windows/whats-new/ltsc/index.md index 28bc3db429..0d7830f328 100644 --- a/windows/whats-new/ltsc/index.md +++ b/windows/whats-new/ltsc/index.md @@ -36,7 +36,7 @@ The following table summarizes equivalent feature update versions of Windows 10 | Windows 10 Enterprise LTSC 2015 | Windows 10, Version 1507 | 7/29/2015 | | Windows 10 Enterprise LTSC 2016 | Windows 10, Version 1607 | 8/2/2016 | | Windows 10 Enterprise LTSC 2019 | Windows 10, Version 1809 | 11/13/2018 | -| Windows 10 Enterprise LTSC 2019 | Windows 10, Version 21H2 | 11/16/2021 | +| Windows 10 Enterprise LTSC 2021 | Windows 10, Version 21H2 | 11/16/2021 | > [!NOTE] > The Long-Term Servicing Channel was previously called the Long-Term Servicing Branch (LTSB). All references to LTSB are changed in this article to LTSC for consistency, even though the name of previous versions might still be displayed as LTSB. @@ -51,4 +51,4 @@ For detailed information about Windows 10 servicing, see [Overview of Windows as ## See Also [What's New in Windows 10](../index.yml): See what’s new in other versions of Windows 10.
-[Windows 10 - Release information](/windows/release-health/release-information): Windows 10 current versions by servicing option. \ No newline at end of file +[Windows 10 - Release information](/windows/release-health/release-information): Windows 10 current versions by servicing option. From 1cfda485a318989004cfe1df843eb6d1537d77eb Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Fri, 19 Nov 2021 19:24:07 +0530 Subject: [PATCH 024/420] Update policy-csp-admx-terminalserver.md --- .../mdm/policy-csp-admx-terminalserver.md | 182 +++++++++++++++--- 1 file changed, 158 insertions(+), 24 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md index 9febc8bf46..b42aac7547 100644 --- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md +++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md @@ -173,6 +173,7 @@ manager: dansimp
ADMX_TerminalServer/TS_SERVER_IMAGE_QUALITY +
ADMX_TerminalServer/TS_GATEWAY_POLICY_SERVER
@@ -2661,7 +2662,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_GATEWAY_POLICY_ENABLE** +**ADMX_TerminalServer/TS_RemoteDesktopVirtualGraphics** @@ -2705,44 +2706,28 @@ ADMX Info: > [!div class = "checklist"] > * Device -> * User
-This policy setting allows you to specify the visual experience that remote users will have in Remote Desktop Connection (RDC) connections that use RemoteFX. +This policy setting allows you to specify the visual experience that remote users will have in Remote Desktop Connection (RDC) connections that use RemoteFX. You can use this policy to balance the network bandwidth usage with the type of graphics experience that is delivered. Depending on the requirements of your users, you can reduce network bandwidth usage by reducing the screen capture rate. -You can use this policy to balance the network bandwidth usage with the type of graphics experience that is delivered. +You can also reduce network bandwidth usage by reducing the image quality (increasing the amount of image compression that is performed). +If you have a higher than average bandwidth network, you can maximize the utilization of bandwidth by selecting the highest setting for screen capture rate and the highest setting for image quality. + +By default, Remote Desktop Connection sessions that use RemoteFX are optimized for a balanced experience over LAN conditions. -Depending on the requirements of your users, you can reduce network bandwidth usage by reducing the screen capture rate. You can also reduce network bandwidth usage by reducing the image quality (increasing the amount of image compression that is performed). If you have a higher than average bandwidth network, you can maximize the utilization of bandwidth by selecting the highest setting for screen capture rate and the highest setting for image quality. - -By default, Remote Desktop Connection sessions that use RemoteFX are optimized for a balanced experience over LAN conditions. If you disable or do not configure this policy setting, Remote Desktop Connection sessions that use RemoteFX will be the same as if the medium screen capture rate and the medium image compression settings were selected (the default behavior). - -If you enable this policy setting, when Remote Desktop Connection cannot connect directly to a remote computer (an RD Session Host server or a computer with Remote Desktop enabled), the clients will attempt to connect to the remote computer through an RD Gateway server. - -In this case, the clients will attempt to connect to the RD Gateway server that is specified in the "Set RD Gateway server address" policy setting. You can enforce this policy setting or you can allow users to overwrite this setting. - -By default, when you enable this policy setting, it is enforced. When this policy setting is enforced, users cannot override this setting, even if they select the "Use these RD Gateway server settings" option on the client. Note: To enforce this policy setting, you must also specify the address of the RD Gateway server by using the "Set RD Gateway server address" policy setting, or client connection attempts to any remote computer will fail, if the client cannot connect directly to the remote computer. - -To enhance security, it is also highly recommended that you specify the authentication method by using the "Set RD Gateway authentication method" policy setting. If you do not specify an authentication method by using this policy setting, either the NTLM protocol that is enabled on the client or a smart card can be used. To allow users to overwrite this policy setting, select the "Allow users to change this setting" check box. - -When you do this, users on the client can choose not to connect through the RD Gateway server by selecting the "Do not use an RD Gateway server" option. Users can specify a connection method by configuring settings on the client, using an RDP file, or using an HTML script. If users do not specify a connection method, the connection method that you specify in this policy setting is used by default. - -If you disable or do not configure this policy setting, clients will not use the RD Gateway server address that is specified in the "Set RD Gateway server address" policy setting. If an RD Gateway server is specified by the user, a client connection attempt will be made through that RD Gateway server. +If you disable or do not configure this policy setting, Remote Desktop Connection sessions that use RemoteFX will be the same as if the medium screen capture rate and the medium image compression settings were selected (the default behavior). - ADMX Info: - GP Friendly name: *Optimize visual experience when using RemoteFX* - GP name: *TS_RemoteDesktopVirtualGraphics* -- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* -- GP Friendly name: *Enable connection through RD Gateway* -- GP name: *TS_GATEWAY_POLICY_ENABLE* -- GP path: *Windows Components\Remote Desktop Services\RD Gateway* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for Windows Server 2008 R2* - GP ADMX file name: *TerminalServer.admx* @@ -2750,6 +2735,155 @@ ADMX Info:
+ +**ADMX_TerminalServer/TS_SD_ClustName** + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify the name of a farm to join in RD Connection Broker. RD Connection Broker uses the farm name to determine which RD Session Host servers are in the same RD Session Host server farm. + +Therefore, you must use the same farm name for all RD Session Host servers in the same load-balanced farm. The farm name does not have to correspond to a name in Active Directory Domain Services. If you specify a new farm name, a new farm is created in RD Connection Broker. If you specify an existing farm name, the server joins that farm in RD Connection Broker. + +- If you enable this policy setting, you must specify the name of a farm in RD Connection Broker. + +- If you disable or do not configure this policy setting, the farm name is not specified at the Group Policy level. + +>[!NOTES] +> 1. This policy setting is not effective unless both the Join RD Connection Broker and the Configure RD Connection Broker server name policy settings are enabled and configured by using Group Policy. +> 2. For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard. + + + + +ADMX Info: +- GP Friendly name: *Configure RD Connection Broker farm name* +- GP name: *TS_SD_ClustName* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker* +- GP ADMX file name: *TerminalServer.admx* + + + +
+ + +**ADMX_TerminalServer/TS_SD_EXPOSE_ADDRESS** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify the redirection method to use when a client device reconnects to an existing Remote Desktop Services session in a load-balanced RD Session Host server farm. This setting applies to an RD Session Host server that is configured to use RD Connection Broker and not to the RD Connection Broker server. + +- If you enable this policy setting, a Remote Desktop Services client queries the RD Connection Broker server and is redirected to their existing session by using the IP address of the RD Session Host server where their session exists. To use this redirection method, client computers must be able to connect directly by IP address to RD Session Host servers in the farm. + +- If you disable this policy setting, the IP address of the RD Session Host server is not sent to the client. Instead, the IP address is embedded in a token. When a client reconnects to the load balancer, the routing token is used to redirect the client to their existing session on the correct RD Session Host server in the farm. Only disable this setting when your network load-balancing solution supports the use of RD Connection Broker routing tokens and you do not want clients to directly connect by IP address to RD Session Host servers in the load-balanced farm. + +If you do not configure this policy setting, the Use IP address redirection policy setting is not enforced at the group Group policy Policy level and the default will be used. This setting is enabled by default. + +>[!NOTES] +> For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard. + + + + +ADMX Info: +- GP Friendly name: *Use IP Address Redirection* +- GP name: *TS_SD_EXPOSE_ADDRESS* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker* +- GP ADMX file name: *TerminalServer.admx* + + + +
+ **ADMX_TerminalServer/TS_GATEWAY_POLICY_AUTH_METHOD** From 30c000b7290053554f8ef52da2685a88edc90b18 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Mon, 22 Nov 2021 06:18:39 +0530 Subject: [PATCH 025/420] Update policy-csp-admx-terminalserver.md --- .../mdm/policy-csp-admx-terminalserver.md | 2755 +++++++++++++++-- 1 file changed, 2490 insertions(+), 265 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md index b42aac7547..bb3ba3a713 100644 --- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md +++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md @@ -124,6 +124,48 @@ manager: dansimp ADMX_TerminalServer/TS_GATEWAY_POLICY_AUTH_METHOD
+ ADMX_TerminalServer/TS_GATEWAY_POLICY_SERVER +
+
+ ADMX_TerminalServer/TS_JOIN_SESSION_DIRECTORY +
+
+ ADMX_TerminalServer/TS_KEEP_ALIVE +
+
+ ADMX_TerminalServer/TS_LICENSE_SECGROUP +
+
+ ADMX_TerminalServer/TS_LICENSE_SERVERS +
+
+ ADMX_TerminalServer/TS_LICENSE_TOOLTIP +
+
+ ADMX_TerminalServer/TS_LICENSING_MODE +
+
+ ADMX_TerminalServer/TS_MAX_CON_POLICY +
+
+ ADMX_TerminalServer/TS_MAXDISPLAYRES +
+
+ ADMX_TerminalServer/TS_MAXMONITOR +
+
+ ADMX_TerminalServer/TS_NoDisconnectMenu +
+
+ ADMX_TerminalServer/TS_NoSecurityMenu +
+
+ ADMX_TerminalServer/TS_PreventLicenseUpgrade +
+
+ ADMX_TerminalServer/TS_PROMT_CREDS_CLIENT_COMP +
+
ADMX_TerminalServer/TS_RADC_DefaultConnection
@@ -174,47 +216,6 @@ manager: dansimp
ADMX_TerminalServer/TS_SERVER_IMAGE_QUALITY
- ADMX_TerminalServer/TS_GATEWAY_POLICY_SERVER - -
- ADMX_TerminalServer/TS_JOIN_SESSION_DIRECTORY -
-
- ADMX_TerminalServer/TS_KEEP_ALIVE -
-
- ADMX_TerminalServer/TS_LICENSE_SECGROUP -
-
- ADMX_TerminalServer/TS_LICENSE_SERVERS -
-
- ADMX_TerminalServer/TS_LICENSE_TOOLTIP -
-
- ADMX_TerminalServer/TS_LICENSING_MODE -
-
- ADMX_TerminalServer/TS_MAX_CON_POLICY -
-
- ADMX_TerminalServer/TS_MAXDISPLAYRES -
-
- ADMX_TerminalServer/TS_MAXMONITOR -
-
- ADMX_TerminalServer/TS_NoDisconnectMenu -
-
- ADMX_TerminalServer/TS_NoSecurityMenu -
-
- ADMX_TerminalServer/TS_PreventLicenseUpgrade -
-
- ADMX_TerminalServer/TS_PROMT_CREDS_CLIENT_COMP -
@@ -2658,230 +2659,6 @@ ADMX Info: - -
- - -**ADMX_TerminalServer/TS_RemoteDesktopVirtualGraphics** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device - -
- - - - -This policy setting allows you to specify the visual experience that remote users will have in Remote Desktop Connection (RDC) connections that use RemoteFX. You can use this policy to balance the network bandwidth usage with the type of graphics experience that is delivered. Depending on the requirements of your users, you can reduce network bandwidth usage by reducing the screen capture rate. - -You can also reduce network bandwidth usage by reducing the image quality (increasing the amount of image compression that is performed). -If you have a higher than average bandwidth network, you can maximize the utilization of bandwidth by selecting the highest setting for screen capture rate and the highest setting for image quality. - -By default, Remote Desktop Connection sessions that use RemoteFX are optimized for a balanced experience over LAN conditions. - -If you disable or do not configure this policy setting, Remote Desktop Connection sessions that use RemoteFX will be the same as if the medium screen capture rate and the medium image compression settings were selected (the default behavior). - - - - -ADMX Info: -- GP Friendly name: *Optimize visual experience when using RemoteFX* -- GP name: *TS_RemoteDesktopVirtualGraphics* -- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for Windows Server 2008 R2* -- GP ADMX file name: *TerminalServer.admx* - - - - -
- - -**ADMX_TerminalServer/TS_SD_ClustName** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device - -
- - - -This policy setting allows you to specify the name of a farm to join in RD Connection Broker. RD Connection Broker uses the farm name to determine which RD Session Host servers are in the same RD Session Host server farm. - -Therefore, you must use the same farm name for all RD Session Host servers in the same load-balanced farm. The farm name does not have to correspond to a name in Active Directory Domain Services. If you specify a new farm name, a new farm is created in RD Connection Broker. If you specify an existing farm name, the server joins that farm in RD Connection Broker. - -- If you enable this policy setting, you must specify the name of a farm in RD Connection Broker. - -- If you disable or do not configure this policy setting, the farm name is not specified at the Group Policy level. - ->[!NOTES] -> 1. This policy setting is not effective unless both the Join RD Connection Broker and the Configure RD Connection Broker server name policy settings are enabled and configured by using Group Policy. -> 2. For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard. - - - - -ADMX Info: -- GP Friendly name: *Configure RD Connection Broker farm name* -- GP name: *TS_SD_ClustName* -- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker* -- GP ADMX file name: *TerminalServer.admx* - - - -
- - -**ADMX_TerminalServer/TS_SD_EXPOSE_ADDRESS** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device - -
- - - -This policy setting allows you to specify the redirection method to use when a client device reconnects to an existing Remote Desktop Services session in a load-balanced RD Session Host server farm. This setting applies to an RD Session Host server that is configured to use RD Connection Broker and not to the RD Connection Broker server. - -- If you enable this policy setting, a Remote Desktop Services client queries the RD Connection Broker server and is redirected to their existing session by using the IP address of the RD Session Host server where their session exists. To use this redirection method, client computers must be able to connect directly by IP address to RD Session Host servers in the farm. - -- If you disable this policy setting, the IP address of the RD Session Host server is not sent to the client. Instead, the IP address is embedded in a token. When a client reconnects to the load balancer, the routing token is used to redirect the client to their existing session on the correct RD Session Host server in the farm. Only disable this setting when your network load-balancing solution supports the use of RD Connection Broker routing tokens and you do not want clients to directly connect by IP address to RD Session Host servers in the load-balanced farm. - -If you do not configure this policy setting, the Use IP address redirection policy setting is not enforced at the group Group policy Policy level and the default will be used. This setting is enabled by default. - ->[!NOTES] -> For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard. - - - - -ADMX Info: -- GP Friendly name: *Use IP Address Redirection* -- GP name: *TS_SD_EXPOSE_ADDRESS* -- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker* -- GP ADMX file name: *TerminalServer.admx* - - -
@@ -4003,6 +3780,2454 @@ ADMX Info: +
+ + +**ADMX_TerminalServer/TS_RemoteDesktopVirtualGraphics** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + + +This policy setting allows you to specify the visual experience that remote users will have in Remote Desktop Connection (RDC) connections that use RemoteFX. You can use this policy to balance the network bandwidth usage with the type of graphics experience that is delivered. Depending on the requirements of your users, you can reduce network bandwidth usage by reducing the screen capture rate. + +You can also reduce network bandwidth usage by reducing the image quality (increasing the amount of image compression that is performed). +If you have a higher than average bandwidth network, you can maximize the utilization of bandwidth by selecting the highest setting for screen capture rate and the highest setting for image quality. + +By default, Remote Desktop Connection sessions that use RemoteFX are optimized for a balanced experience over LAN conditions. + +If you disable or do not configure this policy setting, Remote Desktop Connection sessions that use RemoteFX will be the same as if the medium screen capture rate and the medium image compression settings were selected (the default behavior). + + + + +ADMX Info: +- GP Friendly name: *Optimize visual experience when using RemoteFX* +- GP name: *TS_RemoteDesktopVirtualGraphics* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for Windows Server 2008 R2* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + +**ADMX_TerminalServer/TS_SD_ClustName** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify the name of a farm to join in RD Connection Broker. RD Connection Broker uses the farm name to determine which RD Session Host servers are in the same RD Session Host server farm. + +Therefore, you must use the same farm name for all RD Session Host servers in the same load-balanced farm. The farm name does not have to correspond to a name in Active Directory Domain Services. If you specify a new farm name, a new farm is created in RD Connection Broker. If you specify an existing farm name, the server joins that farm in RD Connection Broker. + +- If you enable this policy setting, you must specify the name of a farm in RD Connection Broker. + +- If you disable or do not configure this policy setting, the farm name is not specified at the Group Policy level. + +>[!NOTES] +> 1. This policy setting is not effective unless both the Join RD Connection Broker and the Configure RD Connection Broker server name policy settings are enabled and configured by using Group Policy. +> 2. For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard. + + + + +ADMX Info: +- GP Friendly name: *Configure RD Connection Broker farm name* +- GP name: *TS_SD_ClustName* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker* +- GP ADMX file name: *TerminalServer.admx* + + + +
+ + +**ADMX_TerminalServer/TS_SD_EXPOSE_ADDRESS** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify the redirection method to use when a client device reconnects to an existing Remote Desktop Services session in a load-balanced RD Session Host server farm. This setting applies to an RD Session Host server that is configured to use RD Connection Broker and not to the RD Connection Broker server. + +- If you enable this policy setting, a Remote Desktop Services client queries the RD Connection Broker server and is redirected to their existing session by using the IP address of the RD Session Host server where their session exists. To use this redirection method, client computers must be able to connect directly by IP address to RD Session Host servers in the farm. + +- If you disable this policy setting, the IP address of the RD Session Host server is not sent to the client. Instead, the IP address is embedded in a token. When a client reconnects to the load balancer, the routing token is used to redirect the client to their existing session on the correct RD Session Host server in the farm. Only disable this setting when your network load-balancing solution supports the use of RD Connection Broker routing tokens and you do not want clients to directly connect by IP address to RD Session Host servers in the load-balanced farm. + +If you do not configure this policy setting, the Use IP address redirection policy setting is not enforced at the group Group policy Policy level and the default will be used. This setting is enabled by default. + +>[!NOTES] +> For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard. + + + + +ADMX Info: +- GP Friendly name: *Use IP Address Redirection* +- GP name: *TS_SD_EXPOSE_ADDRESS* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker* +- GP ADMX file name: *TerminalServer.admx* + + + +
+ + +**ADMX_TerminalServer/TS_SD_Loc** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify the RD Connection Broker server that the RD Session Host server uses to track and redirect user sessions for a load-balanced RD Session Host server farm. +The specified server must be running the Remote Desktop Connection Broker service. All RD Session Host servers in a load-balanced farm should use the same RD Connection Broker server. + +- If you enable this policy setting, you must specify the RD Connection Broker server by using its fully qualified domain name (FQDN). In Windows Server 2012, for a high availability setup with multiple RD Connection Broker servers, you must provide a semi-colon separated list of the FQDNs of all the RD Connection Broker servers. + +- If you disable or do not configure this policy setting, the policy setting is not specified at the Group Policy level. + + +>[!NOTES] +> 1. For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard. +> 2. This policy setting is not effective unless the Join RD Connection Broker policy setting is enabled. +> 3. To be an active member of an RD Session Host server farm, the computer account for each RD Session Host server in the farm must be a member of one of the following local groups on the RD Connection Broker server: Session Directory Computers, Session Broker Computers, or RDS Endpoint Servers. + + + + +ADMX Info: +- GP Friendly name: *Configure RD Connection Broker server name* +- GP name: *TS_SD_Loc* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + +**ADMX_TerminalServer/TS_SECURITY_LAYER_POLICY** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting specifies whether to require the use of a specific security layer to secure communications between clients and RD Session Host servers during Remote Desktop Protocol (RDP) connections. + +- If you enable this policy setting, all communications between clients and RD Session Host servers during remote connections must use the security method specified in this setting. + +The following security methods are available: + +1. * Negotiate: The Negotiate method enforces the most secure method that is supported by the client. If Transport Layer Security (TLS) version 1.0 is supported, it is used to authenticate the RD Session Host server. If TLS is not supported, native Remote Desktop Protocol (RDP) encryption is used to secure communications, but the RD Session Host server is not authenticated. Native RDP encryption (as opposed to SSL encryption) is not recommended. +2. * RDP: The RDP method uses native RDP encryption to secure communications between the client and RD Session Host server. If you select this setting, the RD Session Host server is not authenticated. Native RDP encryption (as opposed to SSL encryption) is not recommended. +3. * SSL (TLS 1.0): The SSL method requires the use of TLS 1.0 to authenticate the RD Session Host server. If TLS is not supported, the connection fails. This is the recommended setting for this policy. + +- If you disable or do not configure this policy setting, the security method to be used for remote connections to RD Session Host servers is not specified at the Group Policy level. + + + + +ADMX Info: +- GP Friendly name: *Require use of specific security layer for remote (RDP) connections* +- GP name: *TS_SECURITY_LAYER_POLICY* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + +**ADMX_TerminalServer/TS_SELECT_NETWORK_DETECT** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify how the Remote Desktop Protocol will try to detect the network quality (bandwidth and latency). +You can choose to disable Connect Time Detect, Continuous Network Detect, or both Connect Time Detect and Continuous Network Detect. + +- If you disable Connect Time Detect, Remote Desktop Protocol will not determine the network quality at the connect time, and it will assume that all traffic to this server originates from a low-speed connection. + +- If you disable Continuous Network Detect, Remote Desktop Protocol will not try to adapt the remote user experience to varying network quality. + +- If you disable Connect Time Detect and Continuous Network Detect, Remote Desktop Protocol will not try to determine the network quality at the connect time; instead it will assume that all traffic to this server originates from a low-speed connection, and it will not try to adapt the user experience to varying network quality. + +- If you disable or do not configure this policy setting, Remote Desktop Protocol will spend up to a few seconds trying to determine the network quality prior to the connection, and it will continuously try to adapt the user experience to varying network quality. + + + + +ADMX Info: +- GP Friendly name: *Select network detection on the server* +- GP name: *TS_SELECT_NETWORK_DETECT* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_SELECT_TRANSPORT** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify which protocols can be used for Remote Desktop Protocol (RDP) access to this server. + +- If you enable this policy setting, you must specify if you would like RDP to use UDP. You can select one of the following options: "Use both UDP and TCP", "Use only TCP" or "Use either UDP or TCP (default)" + +If you select "Use either UDP or TCP" and the UDP connection is successful, most of the RDP traffic will use UDP. If the UDP connection is not successful or if you select "Use only TCP," all of the RDP traffic will use TCP. + +- If you disable or do not configure this policy setting, RDP will choose the optimal protocols for delivering the best user experience. + + + + +ADMX Info: +- GP Friendly name: *Select RDP transport protocols* +- GP name: *TS_SELECT_TRANSPORT* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to enable RemoteApp programs to use advanced graphics, including support for transparency, live thumbnails, and seamless application moves. +This policy setting applies only to RemoteApp programs and does not apply to remote desktop sessions. + +- If you enable or do not configure this policy setting, RemoteApp programs published from this RD Session Host server will use these advanced graphics. + +- If you disable this policy setting, RemoteApp programs published from this RD Session Host server will not use these advanced graphics. You may want to choose this option if you discover that applications published as RemoteApp programs do not support these advanced graphics. + + + + +ADMX Info: +- GP Friendly name: *Use advanced RemoteFX graphics for RemoteApp* +- GP name: *TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_SERVER_AUTH** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify whether the client will establish a connection to the RD Session Host server when the client cannot authenticate the RD Session Host server. + +- If you enable this policy setting, you must specify one of the following settings: + + 1. Always connect, even if authentication fails: The client connects to the RD Session Host server even if the client cannot authenticate the RD Session Host server. + + 2. Warn me if authentication fails: The client attempts to authenticate the RD Session Host server. If the RD Session Host server can be authenticated, the client establishes a connection to the RD Session Host server. If the RD Session Host server cannot be authenticated, the user is prompted to choose whether to connect to the RD Session Host server without authenticating the RD Session Host server. + + 3. Do not connect if authentication fails: The client establishes a connection to the RD Session Host server only if the RD Session Host server can be authenticated. + +- If you disable or do not configure this policy setting, the authentication setting that is specified in Remote Desktop Connection or in the .rdp file determines whether the client establishes a connection to the RD Session Host server when the client cannot authenticate the RD Session Host server. + + + + +ADMX Info: +- GP Friendly name: *Configure server authentication for client* +- GP name: *TS_SERVER_AUTH* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_SERVER_AVC_HW_ENCODE_PREFERRED** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting lets you enable H.264/AVC hardware encoding support for Remote Desktop Connections. + +- When you enable hardware encoding, if an error occurs, we will attempt to use software encoding. + +- If you disable or do not configure this policy, we will always use software encoding. + + + + +ADMX Info: +- GP Friendly name: *Configure H.264/AVC hardware encoding for Remote Desktop Connections* +- GP name: *TS_SERVER_AVC_HW_ENCODE_PREFERRED* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_SERVER_AVC444_MODE_PREFERRED** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting prioritizes the H.264/AVC 444 graphics mode for non-RemoteFX vGPU scenarios. + +When you use this setting on the RDP server, the server will use H.264/AVC 444 as the codec in an RDP 10 connection where both the client and server can use H.264/AVC 444. + + + + +ADMX Info: +- GP Friendly name: *Prioritize H.264/AVC 444 graphics mode for Remote Desktop Connections* +- GP name: *TS_SERVER_AVC444_MODE_PREFERRED* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + +**ADMX_TerminalServer/TS_SERVER_COMPRESSOR** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify which Remote Desktop Protocol (RDP) compression algorithm to use. By default, servers use an RDP compression algorithm that is based on the server's hardware configuration. + +- If you enable this policy setting, you can specify which RDP compression algorithm to use. If you select the algorithm that is optimized to use less memory, this option is less memory-intensive, but uses more network bandwidth. + +If you select the algorithm that is optimized to use less network bandwidth, this option uses less network bandwidth, but is more memory-intensive. Additionally, a third option is available that balances memory usage and network bandwidth. + +In Windows 8 only the compression algorithm that balances memory usage and bandwidth is used. You can also choose not to use an RDP compression algorithm. Choosing not to use an RDP compression algorithm will use more network bandwidth and is only recommended if you are using a hardware device that is designed to optimize network traffic. + +Even if you choose not to use an RDP compression algorithm, some graphics data will still be compressed. + +- If you disable or do not configure this policy setting, the default RDP compression algorithm will be used. + + + + +ADMX Info: +- GP Friendly name: *Configure compression for RemoteFX data* +- GP name: *TS_SERVER_COMPRESSOR* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_SERVER_IMAGE_QUALITY** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + +This policy setting allows you to specify the visual quality for remote users when connecting to this computer by using Remote Desktop Connection. You can use this policy setting to balance the network bandwidth usage with the visual quality that is delivered. + +- If you enable this policy setting and set quality to Low, RemoteFX Adaptive Graphics uses an encoding mechanism that results in low quality images. This mode consumes the lowest amount of network bandwidth of the quality modes. + +- If you enable this policy setting and set quality to Medium, RemoteFX Adaptive Graphics uses an encoding mechanism that results in medium quality images. This mode provides better graphics quality than low quality and uses less bandwidth than high quality. + +- If you enable this policy setting and set quality to High, RemoteFX Adaptive Graphics uses an encoding mechanism that results in high quality images and consumes moderate network bandwidth. + +- If you enable this policy setting and set quality to Lossless, RemoteFX Adaptive Graphics uses lossless encoding. In this mode, the color integrity of the graphics data is not impacted. However, this setting results in a significant increase in network bandwidth consumption. We recommend that you set this for very specific cases only. + +- If you disable or do not configure this policy setting, RemoteFX Adaptive Graphics uses an encoding mechanism that results in medium quality images. + + + + +ADMX Info: +- GP Friendly name: *Configure image quality for RemoteFX Adaptive Graphics* +- GP name: *TS_SERVER_IMAGE_QUALITY* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + +**ADMX_TerminalServer/TS_SERVER_LEGACY_RFX** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + +This policy setting allows you to control the availability of RemoteFX on both a Remote Desktop Virtualization Host (RD Virtualization Host) server and a Remote Desktop Session Host (RD Session Host) server. + +When deployed on an RD Virtualization Host server, RemoteFX delivers a rich user experience by rendering content on the server by using graphics processing units (GPUs). By default, RemoteFX for RD Virtualization Host uses server-side GPUs to deliver a rich user experience over LAN connections and RDP 7.1. When deployed on an RD Session Host server, RemoteFX delivers a rich user experience by using a hardware-accelerated compression scheme. + +- If you enable this policy setting, RemoteFX will be used to deliver a rich user experience over LAN connections and RDP 7.1. + +- If you disable this policy setting, RemoteFX will be disabled. If you do not configure this policy setting, the default behavior will be used. By default, RemoteFX for RD Virtualization Host is enabled and RemoteFX for RD Session Host is disabled. + + + + +ADMX Info: +- GP Friendly name: *Configure RemoteFX* +- GP name: *TS_SERVER_LEGACY_RFX* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for Windows Server 2008 R2* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_SERVER_PROFILE** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows the administrator to configure the RemoteFX experience for Remote Desktop Session Host or Remote Desktop Virtualization Host servers. By default, the system will choose the best experience based on available nework bandwidth. + +If you enable this policy setting, the RemoteFX experience could be set to one of the following options: +1. Let the system choose the experience for the network condition +2. Optimize for server scalability +3. Optimize for minimum bandwidth usage If you disable or do not configure this policy setting, the RemoteFX experience will change dynamically based on the network condition." + + + + +ADMX Info: +- GP Friendly name: *Configure RemoteFX Adaptive Graphics* +- GP name: *TS_SERVER_PROFILE* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_SERVER_WDDM_GRAPHICS_DRIVER** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting lets you enable WDDM graphics display driver for Remote Desktop Connections. + +- If you enable or do not configure this policy setting, Remote Desktop Connections will use WDDM graphics display driver. + +- If you disable this policy setting, Remote Desktop Connections will NOT use WDDM graphics display driver. In this case, the Remote Desktop Connections will use XDDM graphics display driver. For this change to take effect, you must restart Windows. + + + + +ADMX Info: +- GP Friendly name: *Use WDDM graphics display driver for Remote Desktop Connections* +- GP name: *TS_SERVER_WDDM_GRAPHICS_DRIVER* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_Session_End_On_Limit_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy setting specifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it. You can use this setting to direct Remote Desktop Services to end a session (that is, the user is logged off and the session is deleted from the server) after time limits for active or idle sessions are reached. By default, Remote Desktop Services disconnects sessions that reach their time limits. Time limits are set locally by the server administrator or by using Group Policy. + +See the policy settings Set time limit for active Remote Desktop Services sessions and Set time limit for active but idle Remote Desktop Services sessions policy settings. + +- If you enable this policy setting, Remote Desktop Services ends any session that reaches its time-out limit. + +- If you disable this policy setting, Remote Desktop Services always disconnects a timed-out session, even if specified otherwise by the server administrator. If you do not configure this policy setting, Remote Desktop Services disconnects a timed-out session, unless specified otherwise in local settings. + +This policy setting only applies to time-out limits that are explicitly set by the administrator. + +This policy setting does not apply to time-out events that occur due to connectivity or network conditions. This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting takes precedence. + + + + +ADMX Info: +- GP Friendly name: *End session when time limits are reached* +- GP name: *TS_Session_End_On_Limit_1* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_Session_End_On_Limit_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy setting specifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it. You can use this setting to direct Remote Desktop Services to end a session (that is, the user is logged off and the session is deleted from the server) after time limits for active or idle sessions are reached. By default, Remote Desktop Services disconnects sessions that reach their time limits. Time limits are set locally by the server administrator or by using Group Policy. + +See the policy settings Set time limit for active Remote Desktop Services sessions and Set time limit for active but idle Remote Desktop Services sessions policy settings. + +- If you enable this policy setting, Remote Desktop Services ends any session that reaches its time-out limit. + +- If you disable this policy setting, Remote Desktop Services always disconnects a timed-out session, even if specified otherwise by the server administrator. If you do not configure this policy setting, Remote Desktop Services disconnects a timed-out session, unless specified otherwise in local settings. + +This policy setting only applies to time-out limits that are explicitly set by the administrator. + +This policy setting does not apply to time-out events that occur due to connectivity or network conditions. This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting takes precedence. + + + + +ADMX Info: +- GP Friendly name: *End session when time limits are reached* +- GP name: *TS_Session_End_On_Limit_2* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions. You can use this policy setting to specify the maximum amount of time that a disconnected session remains active on the server. By default, Remote Desktop Services allows users to disconnect from a Remote Desktop Services session without logging off and ending the session. +When a session is in a disconnected state, running programs are kept active even though the user is no longer actively connected. By default, these disconnected sessions are maintained for an unlimited time on the server. + +- If you enable this policy setting, disconnected sessions are deleted from the server after the specified amount of time. To enforce the default behavior that disconnected sessions are maintained for an unlimited time, select Never. If you have a console session, disconnected session time limits do not apply. + +- If you disable or do not configure this policy setting, this policy setting is not specified at the Group Policy level. Be default, Remote Desktop Services disconnected sessions are maintained for an unlimited amount of time. + +>[!NOTE] +> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence. + + + + +ADMX Info: +- GP Friendly name: *Set time limit for disconnected sessions* +- GP name: *TS_SESSIONS_Disconnected_Timeout_1* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions. You can use this policy setting to specify the maximum amount of time that a disconnected session remains active on the server. By default, Remote Desktop Services allows users to disconnect from a Remote Desktop Services session without logging off and ending the session. +When a session is in a disconnected state, running programs are kept active even though the user is no longer actively connected. By default, these disconnected sessions are maintained for an unlimited time on the server. + +- If you enable this policy setting, disconnected sessions are deleted from the server after the specified amount of time. To enforce the default behavior that disconnected sessions are maintained for an unlimited time, select Never. If you have a console session, disconnected session time limits do not apply. + +- If you disable or do not configure this policy setting, this policy setting is not specified at the Group Policy level. Be default, Remote Desktop Services disconnected sessions are maintained for an unlimited amount of time. + +>[!NOTE] +> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence. + + + + +ADMX Info: +- GP Friendly name: *Set time limit for disconnected sessions* +- GP name: *TS_SESSIONS_Disconnected_Timeout_2* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it is automatically disconnected. + +- If you enable this policy setting, you must select the desired time limit in the Idle session limit list. Remote Desktop Services will automatically disconnect active but idle sessions after the specified amount of time. The user receives a warning two minutes before the session disconnects, which allows the user to press a key or move the mouse to keep the session active. If you have a console session, idle session time limits do not apply. + +- If you disable or do not configure this policy setting, the time limit is not specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active but idle for an unlimited amount of time. + +If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached. + +>[!NOTE] +> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence. + + + + +ADMX Info: +- GP Friendly name: *Set time limit for active but idle Remote Desktop Services sessions* +- GP name: *TS_SESSIONS_Idle_Limit_1* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it is automatically disconnected. + +- If you enable this policy setting, you must select the desired time limit in the Idle session limit list. Remote Desktop Services will automatically disconnect active but idle sessions after the specified amount of time. The user receives a warning two minutes before the session disconnects, which allows the user to press a key or move the mouse to keep the session active. If you have a console session, idle session time limits do not apply. + +- If you disable or do not configure this policy setting, the time limit is not specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active but idle for an unlimited amount of time. + +If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached. + +>[!NOTE] +> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence. + + + + +ADMX Info: +- GP Friendly name: *Set time limit for active but idle Remote Desktop Services sessions* +- GP name: *TS_SESSIONS_Idle_Limit_2* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_SESSIONS_Limits_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it is automatically disconnected. + +- If you enable this policy setting, you must select the desired time limit in the Active session limit list. Remote Desktop Services will automatically disconnect active sessions after the specified amount of time. The user receives a warning two minutes before the Remote Desktop Services session disconnects, which allows the user to save open files and close programs. If you have a console session, active session time limits do not apply. + +- If you disable or do not configure this policy setting, this policy setting is not specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active for an unlimited amount of time. + +If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached. + +>[!NOTE] +> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence. + + + + + +ADMX Info: +- GP Friendly name: *Set time limit for active Remote Desktop Services sessions* +- GP name: *TS_SESSIONS_Limits_1* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_SINGLE_SESSION** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy setting allows you to restrict users to a single Remote Desktop Services session. If you enable this policy setting, users who log on remotely by using Remote Desktop Services will be restricted to a single session (either active or disconnected) on that server. + +If the user leaves the session in a disconnected state, the user automatically reconnects to that session at the next logon. + +If you disable this policy setting, users are allowed to make unlimited simultaneous remote connections by using Remote Desktop Services. If you do not configure this policy setting, this policy setting is not specified at the Group Policy level. + + + + + +ADMX Info: +- GP Friendly name: *Restrict Remote Desktop Services users to a single Remote Desktop Services session* +- GP name: *TS_SINGLE_SESSION* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_SMART_CARD** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to control the redirection of smart card devices in a Remote Desktop Services session. + +- If you enable this policy setting, Remote Desktop Services users cannot use a smart card to log on to a Remote Desktop Services session. + +- If you disable or do not configure this policy setting, smart card device redirection is allowed. By default, Remote Desktop Services automatically redirects smart card devices on connection. + +>[!NOTE] +> The client computer must be running at least Microsoft Windows 2000 Server or at least Microsoft Windows XP Professional and the target server must be joined to a domain. + + + + +ADMX Info: +- GP Friendly name: *Do not allow smart card device redirection* +- GP name: *TS_SMART_CARD* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_START_PROGRAM_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Configures Remote Desktop Services to run a specified program automatically upon connection. You can use this setting to specify a program to run automatically when a user logs on to a remote computer. By default, Remote Desktop Services sessions provide access to the full Windows desktop, unless otherwise specified with this setting, by the server administrator, or by the user in configuring the client connection. Enabling this setting overrides the "Start Program" settings set by the server administrator or user. + +The Start menu and Windows Desktop are not displayed, and when the user exits the program the session is automatically logged off. To use this setting, in Program path and file name, type the fully qualified path and file name of the executable file to be run when the user logs on. If necessary, in Working Directory, type the fully qualified path to the starting directory for the program. + +If you leave Working Directory blank, the program runs with its default working directory. If the specified program path, file name, or working directory is not the name of a valid directory, the RD Session Host server connection fails with an error message. If the status is set to Enabled, Remote Desktop Services sessions automatically run the specified program and use the specified Working Directory (or the program default directory, if Working Directory is not specified) as the working directory for the program. If the status is set to Disabled or Not Configured, Remote Desktop Services sessions start with the full desktop, unless the server administrator or user specify otherwise. (See "Computer Configuration\Administrative Templates\System\Logon\Run these programs at user logon" setting.) + +>[!NOTE] +> This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting overrides. + + + + +ADMX Info: +- GP Friendly name: *Start a program on connection* +- GP name: *TS_START_PROGRAM_1* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_START_PROGRAM_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Configures Remote Desktop Services to run a specified program automatically upon connection. You can use this setting to specify a program to run automatically when a user logs on to a remote computer. By default, Remote Desktop Services sessions provide access to the full Windows desktop, unless otherwise specified with this setting, by the server administrator, or by the user in configuring the client connection. Enabling this setting overrides the "Start Program" settings set by the server administrator or user. + +The Start menu and Windows Desktop are not displayed, and when the user exits the program the session is automatically logged off. To use this setting, in Program path and file name, type the fully qualified path and file name of the executable file to be run when the user logs on. If necessary, in Working Directory, type the fully qualified path to the starting directory for the program. + +If you leave Working Directory blank, the program runs with its default working directory. If the specified program path, file name, or working directory is not the name of a valid directory, the RD Session Host server connection fails with an error message. If the status is set to Enabled, Remote Desktop Services sessions automatically run the specified program and use the specified Working Directory (or the program default directory, if Working Directory is not specified) as the working directory for the program. If the status is set to Disabled or Not Configured, Remote Desktop Services sessions start with the full desktop, unless the server administrator or user specify otherwise. (See "Computer Configuration\Administrative Templates\System\Logon\Run these programs at user logon" setting.) + +>[!NOTE] +> This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting overrides. + + + + +ADMX Info: +- GP Friendly name: *Start a program on connection* +- GP name: *TS_START_PROGRAM_2* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_TEMP_DELETE** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting specifies whether Remote Desktop Services retains a user's per-session temporary folders at logoff. You can use this setting to maintain a user's session-specific temporary folders on a remote computer, even if the user logs off from a session. By default, Remote Desktop Services deletes a user's temporary folders when the user logs off. + +If you enable this policy setting, a user's per-session temporary folders are retained when the user logs off from a session. + +If you disable this policy setting, temporary folders are deleted when a user logs off, even if the server administrator specifies otherwise. If you do not configure this policy setting, Remote Desktop Services deletes the temporary folders from the remote computer at logoff, unless specified otherwise by the server administrator. + +>[!NOTE] +> This setting only takes effect if per-session temporary folders are in use on the server. If you enable the Do not use temporary folders per session policy setting, this policy setting has no effect. + + + + +ADMX Info: +- GP Friendly name: *Do not delete temp folders upon exit* +- GP name: *TS_TEMP_DELETE* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Temporary folders* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_TEMP_PER_SESSION** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to prevent Remote Desktop Services from creating session-specific temporary folders. + +You can use this policy setting to disable the creation of separate temporary folders on a remote computer for each session. By default, Remote Desktop Services creates a separate temporary folder for each active session that a user maintains on a remote computer. These temporary folders are created on the remote computer in a Temp folder under the user's profile folder and are named with the sessionid. + +- If you enable this policy setting, per-session temporary folders are not created. Instead, a user's temporary files for all sessions on the remote computer are stored in a common Temp folder under the user's profile folder on the remote computer. + +- If you disable this policy setting, per-session temporary folders are always created, even if the server administrator specifies otherwise. If you do not configure this policy setting, per-session temporary folders are created unless the server administrator specifies otherwise. + + + + +ADMX Info: +- GP Friendly name: *Do not use temporary folders per session* +- GP name: *TS_TEMP_PER_SESSION* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Temporary folders* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_TIME_ZONE** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify whether the client computer redirects its time zone settings to the Remote Desktop Services session. + +- If you enable this policy setting, clients that are capable of time zone redirection send their time zone information to the server. The server base time is then used to calculate the current session time (current session time = server base time + client time zone). + +- If you disable or do not configure this policy setting, the client computer does not redirect its time zone information and the session time zone is the same as the server time zone. + +>[!NOTE] +> Time zone redirection is possible only when connecting to at least a Microsoft Windows Server 2003 terminal server with a client using RDP 5.1 or later. + + + + +ADMX Info: +- GP Friendly name: *Allow time zone redirection* +- GP name: *TS_TIME_ZONE* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_TSCC_PERMISSIONS_POLICY** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting specifies whether to disable the administrator rights to customize security permissions for the Remote Desktop Session Host server. You can use this setting to prevent administrators from making changes to the user groups allowed to connect remotely to the RD Session Host server. By default, administrators are able to make such changes. + +- If you enable this policy setting the default security descriptors for existing groups on the RD Session Host server cannot be changed. All the security descriptors are read-only. + +- If you disable or do not configure this policy setting, server administrators have full read/write permissions to the user security descriptors by using the Remote Desktop Session WMI Provider. + +>[!NOTE] +> The preferred method of managing user access is by adding a user to the Remote Desktop Users group. + + + + +ADMX Info: +- GP Friendly name: *Do not allow local administrators to customize permissions* +- GP name: *TS_TSCC_PERMISSIONS_POLICY* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_TURNOFF_SINGLEAPP** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting determines whether the desktop is always displayed after a client connects to a remote computer or an initial program can run. It can be used to require that the desktop be displayed after a client connects to a remote computer, even if an initial program is already specified in the default user profile, Remote Desktop Connection, Remote Desktop Services client, or through Group Policy. + +- If you enable this policy setting, the desktop is always displayed when a client connects to a remote computer. This policy setting overrides any initial program policy settings. + +- If you disable or do not configure this policy setting, an initial program can be specified that runs on the remote computer after the client connects to the remote computer. If an initial program is not specified, the desktop is always displayed on the remote computer after the client connects to the remote computer. + +>[!NOTE] +> If this policy setting is enabled, then the "Start a program on connection" policy setting is ignored. + + + + +ADMX Info: +- GP Friendly name: *Always show desktop on connection* +- GP name: *TS_TURNOFF_SINGLEAPP* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_UIA** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to restrict users to a single Remote Desktop Services session. + +If you enable this policy setting, users who log on remotely by using Remote Desktop Services will be restricted to a single session (either active or disconnected) on that server. If the user leaves the session in a disconnected state, the user automatically reconnects to that session at the next logon. + +- If you disable this policy setting, users are allowed to make unlimited simultaneous remote connections by using Remote Desktop Services. + +- If you do not configure this policy setting, this policy setting is not specified at the Group Policy level. + + + + +ADMX Info: +- GP Friendly name: *Restrict Remote Desktop Services users to a single Remote Desktop Services session* +- GP name: *TS_UIA* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections* +- GP ADMX file name: *TerminalServer.admx* + + + +
From 6c5b285a5c7557bd9fbf7f58d11a2459ce3cf5a0 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Mon, 22 Nov 2021 06:27:45 +0530 Subject: [PATCH 026/420] Update policy-csp-admx-terminalserver.md --- .../mdm/policy-csp-admx-terminalserver.md | 67 +++++++++++++++++++ 1 file changed, 67 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md index bb3ba3a713..e1907d8a54 100644 --- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md +++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md @@ -6229,6 +6229,73 @@ ADMX Info:
+ +**ADMX_TerminalServer/TS_UIA** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to permit RDP redirection of other supported RemoteFX USB devices from this computer. Redirected RemoteFX USB devices will not be available for local usage on this computer. +If you enable this policy setting, you can choose to give the ability to redirect other supported RemoteFX USB devices over RDP to all users or only to users who are in the Administrators group on the computer. If you disable or do not configure this policy setting, other supported RemoteFX USB devices are not available for RDP redirection by using any user account. For this change to take effect, you must restart Windows. + + + + + +ADMX Info: +- GP Friendly name: *Allow RDP redirection of other supported RemoteFX USB devices from this computer* +- GP name: *TS_UIA* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client\RemoteFX USB Device Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + + +
From 85669a44a796971060886f1e3c71f89a49cee46c Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Mon, 22 Nov 2021 06:31:23 +0530 Subject: [PATCH 027/420] Update policy-csp-admx-terminalserver.md --- windows/client-management/mdm/policy-csp-admx-terminalserver.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md index e1907d8a54..44fb95957d 100644 --- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md +++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md @@ -6283,7 +6283,6 @@ ADMX Info: This policy setting allows you to permit RDP redirection of other supported RemoteFX USB devices from this computer. Redirected RemoteFX USB devices will not be available for local usage on this computer. If you enable this policy setting, you can choose to give the ability to redirect other supported RemoteFX USB devices over RDP to all users or only to users who are in the Administrators group on the computer. If you disable or do not configure this policy setting, other supported RemoteFX USB devices are not available for RDP redirection by using any user account. For this change to take effect, you must restart Windows. - From 9f518007f6ccd7fdc27abbbf9a6dbc2eb0727e2f Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Mon, 22 Nov 2021 06:48:54 +0530 Subject: [PATCH 028/420] Update policy-csp-admx-terminalserver.md --- .../mdm/policy-csp-admx-terminalserver.md | 60 ++++++++++++++++++- 1 file changed, 59 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md index 44fb95957d..afc0d59440 100644 --- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md +++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md @@ -165,7 +165,7 @@ manager: dansimp
ADMX_TerminalServer/TS_PROMT_CREDS_CLIENT_COMP
-
+
ADMX_TerminalServer/TS_RADC_DefaultConnection
@@ -216,6 +216,63 @@ manager: dansimp
ADMX_TerminalServer/TS_SERVER_IMAGE_QUALITY
+
+ ADMX_TerminalServer/TS_SERVER_LEGACY_RFX +
+
+ ADMX_TerminalServer/TS_SERVER_PROFILE +
+
+ ADMX_TerminalServer/TS_SERVER_VISEXP +
+
+ ADMX_TerminalServer/TS_SERVER_WDDM_GRAPHICS_DRIVER +
+
+ ADMX_TerminalServer/TS_Session_End_On_Limit_1 +
+
+ ADMX_TerminalServer/TS_Session_End_On_Limit_2 +
+
+ ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_1 +
+
+ ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_2 +
+
+ ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_1 +
+
+ ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_2 +
+
+ ADMX_TerminalServer/TS_SESSIONS_Limits_1 +
+
+ ADMX_TerminalServer/TS_SESSIONS_Limits_2 +
+
+ ADMX_TerminalServer/TS_SINGLE_SESSION +
+
+ ADMX_TerminalServer/TS_SMART_CARD +
+
+ ADMX_TerminalServer/TS_START_PROGRAM_1 +
+
+ ADMX_TerminalServer/TS_START_PROGRAM_2 +
+
+ ADMX_TerminalServer/TS_TEMP_DELETE +
+
+ ADMX_TerminalServer/TS_TEMP_PER_SESSION +
+
+ ADMX_TerminalServer/TS_TIME_ZONE +
@@ -6296,5 +6353,6 @@ ADMX Info:
+ From d02ee03e5f10fab0dc87b32ca8caf97955d0f39c Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Mon, 22 Nov 2021 07:08:58 +0530 Subject: [PATCH 029/420] Update policy-csp-admx-terminalserver.md --- .../mdm/policy-csp-admx-terminalserver.md | 305 +++++++++++++++++- 1 file changed, 302 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md index afc0d59440..f67869e5fa 100644 --- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md +++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md @@ -6288,7 +6288,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_UIA** +**ADMX_TerminalServer/TS_USB_REDIRECTION_DISABLE** @@ -6338,14 +6338,15 @@ ADMX Info: This policy setting allows you to permit RDP redirection of other supported RemoteFX USB devices from this computer. Redirected RemoteFX USB devices will not be available for local usage on this computer. -If you enable this policy setting, you can choose to give the ability to redirect other supported RemoteFX USB devices over RDP to all users or only to users who are in the Administrators group on the computer. If you disable or do not configure this policy setting, other supported RemoteFX USB devices are not available for RDP redirection by using any user account. For this change to take effect, you must restart Windows. +If you enable this policy setting, you can choose to give the ability to redirect other supported RemoteFX USB devices over RDP to all users or only to users who are in the Administrators group on the computer. +If you disable or do not configure this policy setting, other supported RemoteFX USB devices are not available for RDP redirection by using any user account. For this change to take effect, you must restart Windows. ADMX Info: - GP Friendly name: *Allow RDP redirection of other supported RemoteFX USB devices from this computer* -- GP name: *TS_UIA* +- GP name: *TS_USB_REDIRECTION_DISABLE* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client\RemoteFX USB Device Redirection* - GP ADMX file name: *TerminalServer.admx* @@ -6354,5 +6355,303 @@ ADMX Info:
+ + +**ADMX_TerminalServer/TS_USER_AUTHENTICATION_POLICY** + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting enhances security by requiring that user authentication occur earlier in the remote connection process. + +- If you enable this policy setting, only client computers that support Network Level Authentication can connect to the RD Session Host server. To determine whether a client computer supports Network Level Authentication, start Remote Desktop Connection on the client computer, click the icon in the upper-left corner of the Remote Desktop Connection dialog box, and then click About. In the About Remote Desktop Connection dialog box, look for the phrase Network Level Authentication supported. + +- If you disable this policy setting, Network Level Authentication is not required for user authentication before allowing remote connections to the RD Session Host server. If you do not configure this policy setting, the local setting on the target computer will be enforced. On Windows Server 2012 and Windows 8, Network Level Authentication is enforced by default. + +Disabling this policy setting provides less security because user authentication will occur later in the remote connection process. + + + + +ADMX Info: +- GP Friendly name: *Require user authentication for remote connections by using Network Level Authentication* +- GP name: *TS_USER_AUTHENTICATION_POLICY* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_USER_HOME** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify the name of the certificate template that determines which certificate is automatically selected to authenticate an RD Session Host server. A certificate is needed to authenticate an RD Session Host server when TLS 1.0, 1.1 or 1.2 is used to secure communication between a client and an RD Session Host server during RDP connections. + +- If you enable this policy setting, you need to specify a certificate template name. Only certificates created by using the specified certificate template will be considered when a certificate to authenticate the RD Session Host server is automatically selected. Automatic certificate selection only occurs when a specific certificate has not been selected. + +If no certificate can be found that was created with the specified certificate template, the RD Session Host server will issue a certificate enrollment request and will use the current certificate until the request is completed. If more than one certificate is found that was created with the specified certificate template, the certificate that will expire latest and that matches the current name of the RD Session Host server will be selected. + +- If you disable or do not configure this policy, the certificate template name is not specified at the Group Policy level. By default, a self-signed certificate is used to authenticate the RD Session Host server. + +If you select a specific certificate to be used to authenticate the RD Session Host server, that certificate will take precedence over this policy setting. + + + + +ADMX Info: +- GP Friendly name: *Server authentication certificate template* +- GP name: *TS_USER_HOME* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_USER_MANDATORY_PROFILES** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify whether Remote Desktop Services uses a mandatory profile for all users connecting remotely to the RD Session Host server. + +- If you enable this policy setting, Remote Desktop Services uses the path specified in the "Set path for Remote Desktop Services Roaming User Profile" policy setting as the root folder for the mandatory user profile. All users connecting remotely to the RD Session Host server use the same user profile. + +- If you disable or do not configure this policy setting, mandatory user profiles are not used by users connecting remotely to the RD Session Host server. + +For this policy setting to take effect, you must also enable and configure the "Set path for Remote Desktop Services Roaming User Profile" policy setting. + + + + + +ADMX Info: +- GP Friendly name: *Use mandatory profiles on the RD Session Host server* +- GP name: *TS_USER_MANDATORY_PROFILES* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + +**ADMX_TerminalServer/TS_USER_PROFILES** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify the network path that Remote Desktop Services uses for roaming user profiles. By default, Remote Desktop Services stores all user profiles locally on the RD Session Host server. You can use this policy setting to specify a network share where user profiles can be centrally stored, allowing a user to access the same profile for sessions on all RD Session Host servers that are configured to use the network share for user profiles. If you enable this policy setting, Remote Desktop Services uses the specified path as the root directory for all user profiles. The profiles are contained in subfolders named for the account name of each user. + +To configure this policy setting, type the path to the network share in the form of \\Computername\Sharename. Do not specify a placeholder for the user account name, because Remote Desktop Services automatically adds this when the user logs on and the profile is created. + +If the specified network share does not exist, Remote Desktop Services displays an error message on the RD Session Host server and will store the user profiles locally on the RD Session Host server. + +If you disable or do not configure this policy setting, user profiles are stored locally on the RD Session Host server. You can configure a user's profile path on the Remote Desktop Services Profile tab on the user's account Properties dialog box. + +1. The roaming user profiles enabled by the policy setting apply only to Remote Desktop Services connections. A user might also have a Windows roaming user profile configured. The Remote Desktop Services roaming user profile always takes precedence in a Remote Desktop Services session. +2. To configure a mandatory Remote Desktop Services roaming user profile for all users connecting remotely to the RD Session Host server, use this policy setting together with the "Use mandatory profiles on the RD Session Host server" policy setting located in Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\RD Session Host\Profiles. The path set in the "Set path for Remote Desktop Services Roaming User Profile" policy setting should contain the mandatory profile. + + + + +ADMX Info: +- GP Friendly name: *Set path for Remote Desktop Services Roaming User Profile* +- GP name: *TS_USER_PROFILES* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ From 8782e39f0b704dc08d825205fdcf1e5a12db122a Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Mon, 22 Nov 2021 07:25:28 +0530 Subject: [PATCH 030/420] Update policy-csp-admx-terminalserver.md --- .../mdm/policy-csp-admx-terminalserver.md | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md index f67869e5fa..727599a933 100644 --- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md +++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md @@ -273,6 +273,30 @@ manager: dansimp
ADMX_TerminalServer/TS_TIME_ZONE
+
+ ADMX_TerminalServer/TS_TSCC_PERMISSIONS_POLICY +
+
+ ADMX_TerminalServer/TS_TURNOFF_SINGLEAPP +
+
+ ADMX_TerminalServer/TS_UIA +
+
+ ADMX_TerminalServer/TS_USB_REDIRECTION_DISABLE +
+
+ ADMX_TerminalServer/TS_USER_AUTHENTICATION_POLICY +
+
+ ADMX_TerminalServer/TS_USER_HOME +
+
+ ADMX_TerminalServer/TS_USER_MANDATORY_PROFILES +
+
+ ADMX_TerminalServer/TS_USER_PROFILES +
From e0d3e5998873a314ba76872bcdbcfdf548574991 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Mon, 22 Nov 2021 07:55:20 +0530 Subject: [PATCH 031/420] Update policies-in-policy-csp-admx-backed.md --- .../mdm/policies-in-policy-csp-admx-backed.md | 44 +++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index 3b44f8e00e..e32a8a34bd 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -1177,6 +1177,50 @@ ms.date: 10/08/2020 - [ADMX_TerminalServer/TS_NoSecurityMenu](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_nosecuritymenu) - [ADMX_TerminalServer/TS_PreventLicenseUpgrade](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_preventlicenseupgrade) - [ADMX_TerminalServer/TS_PROMT_CREDS_CLIENT_COMP](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_promt_creds_client_comp) +- [ADMX_TerminalServer/TS_RADC_DefaultConnection](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_radc_defaultconnection) +- [ADMX_TerminalServer/TS_RDSAppX_WaitForRegistration](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_rdsappx_waitforregistration) +- [ADMX_TerminalServer/TS_RemoteControl_1](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_remotecontrol_1) +- [ADMX_TerminalServer/TS_RemoteControl_2](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_remotecontrol_2) +- [ADMX_TerminalServer/TS_RemoteDesktopVirtualGraphics](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_remotedesktopvirtualgraphics) +- [ADMX_TerminalServer/TS_SD_ClustName](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sd_clustname) +- [ADMX_TerminalServer/TS_SD_EXPOSE_ADDRESS](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sd_expose_address) +- [ADMX_TerminalServer/TS_SD_Loc](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sd_loc) +- [ADMX_TerminalServer/TS_SECURITY_LAYER_POLICY](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_security_layer_policy) +- [ADMX_TerminalServer/TS_SELECT_NETWORK_DETECT](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_select_network_detect) +- [ADMX_TerminalServer/TS_SELECT_TRANSPORT](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_select_transport) +- [ADMX_TerminalServer/TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_server_advanced_remotefx_remoteapp) +- [ADMX_TerminalServer/TS_SERVER_AUTH](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_server_auth) +- [ADMX_TerminalServer/TS_SERVER_AVC_HW_ENCODE_PREFERRED](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_server_avc_hw_encode_preferred) +- [ADMX_TerminalServer/TS_SERVER_AVC444_MODE_PREFERRED](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_server_avc444_mode_preferred) +- [ADMX_TerminalServer/TS_SERVER_COMPRESSOR](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_server_compressor) +- [ADMX_TerminalServer/TS_SERVER_IMAGE_QUALITY](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_server_image_quality) +- [ADMX_TerminalServer/TS_SERVER_LEGACY_RFX](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_server_legacy_rfx) +- [ADMX_TerminalServer/TS_SERVER_PROFILE](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_server_profile) +- [ADMX_TerminalServer/TS_SERVER_VISEXP](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_server_visexp) +- [ADMX_TerminalServer/TS_SERVER_WDDM_GRAPHICS_DRIVER](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_server_wddm_graphics_driver) +- [ADMX_TerminalServer/TS_Session_End_On_Limit_1](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_session_end_on_limit_1) +- [ADMX_TerminalServer/TS_Session_End_On_Limit_2](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_session_end_on_limit_2) +- [ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_1](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sessions_disconnected_timeout_1) +- [ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_2](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sessions_disconnected_timeout_2) +- [ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_1](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sessions_idle_limit_1) +- [ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_2](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sessions_idle_limit_2) +- [ADMX_TerminalServer/TS_SESSIONS_Limit_1](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sessions__limit_1) +- [ADMX_TerminalServer/TS_SESSIONS_Limit_2](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sessions__limit_2) +- [ADMX_TerminalServer/TS_SINGLE_SESSION](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_single_session) +- [ADMX_TerminalServer/TS_SMART_CARD](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_smart_card) +- [ADMX_TerminalServer/TS_START_PROGRAM_1](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_start_program_1) +- [ADMX_TerminalServer/TS_START_PROGRAM_2](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_start_program_2) +- [ADMX_TerminalServer/TS_TEMP_DELETE](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_temp_delete) +- [ADMX_TerminalServer/TS_TEMP_PER_SESSION](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_temp_per_session) +- [ADMX_TerminalServer/TS_TIME_ZONE](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_time_zone) +- [ADMX_TerminalServer/TS_TSCC_PERMISSIONS_POLICY](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_tscc_permissions_policy) +- [ADMX_TerminalServer/TS_TURNOFF_SINGLEAPP](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_turnoff_singleapp) +- [ADMX_TerminalServer/TS_UIA](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_uia) +- [ADMX_TerminalServer/TS_USB_REDIRECTION_DISABLE](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_usb_redirection_disable) +- [ADMX_TerminalServer/TS_USER_AUTHENTICATION_POLICY](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_user_authentication_policy) +- [ADMX_TerminalServer/TS_USER_HOME](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_user_home) +- [ADMX_TerminalServer/TS_USER_MANDATORY_PROFILES](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_user_mandatory_profiles) +- [ADMX_TerminalServer/TS_USER_PROFILES](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_user_profiles) - [ADMX_Thumbnails/DisableThumbnails](./policy-csp-admx-thumbnails.md#admx-thumbnails-disablethumbnails) - [ADMX_Thumbnails/DisableThumbnailsOnNetworkFolders](./policy-csp-admx-thumbnails.md#admx-thumbnails-disablethumbnailsonnetworkfolders) - [ADMX_Thumbnails/DisableThumbsDBOnNetworkFolders](./policy-csp-admx-thumbnails.md#admx-thumbnails-disablethumbsdbonnetworkfolders) From 013a58e0f8226113f7db945dac4d3fb4e0d23f65 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Mon, 22 Nov 2021 12:36:06 +0530 Subject: [PATCH 032/420] Updated --- .../policy-configuration-service-provider.md | 78 ++ .../mdm/policy-csp-admx-terminalserver.md | 690 +++++++++++++----- 2 files changed, 593 insertions(+), 175 deletions(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index fa5d7a6fb0..13d7cd2ea9 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -4205,6 +4205,84 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
ADMX_TerminalServer/TS_PROMT_CREDS_CLIENT_COMP
+
+ ADMX_TerminalServer/TS_RADC_DefaultConnection +
+
+ ADMX_TerminalServer/TS_RDSAppX_WaitForRegistration +
+
+ ADMX_TerminalServer/TS_RemoteControl_1 +
+
+ ADMX_TerminalServer/TS_RemoteControl_2 +
+
+ ADMX_TerminalServer/TS_RemoteDesktopVirtualGraphics +
+
+ ADMX_TerminalServer/TS_SD_ClustName +
+
+ ADMX_TerminalServer/TS_SD_EXPOSE_ADDRESS +
+
+ ADMX_TerminalServer/TS_SD_Loc +
+
+ ADMX_TerminalServer/TS_SECURITY_LAYER_POLICY +
+
+ ADMX_TerminalServer/TS_SELECT_NETWORK_DETECT +
+
+ ADMX_TerminalServer/TS_SELECT_TRANSPORT +
+
+ ADMX_TerminalServer/TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP +
+
+ ADMX_TerminalServer/TS_SERVER_AUTH +
+
+ ADMX_TerminalServer/TS_SERVER_AVC_HW_ENCODE_PREFERRED +
+
+ ADMX_TerminalServer/TS_SERVER_AVC_HW_ENCODE_PREFERRED +
+
+ ADMX_TerminalServer/TS_SERVER_AVC444_MODE_PREFERRED +
+
+ ADMX_TerminalServer/TS_SERVER_COMPRESSOR +
+
+ ADMX_TerminalServer/TS_SERVER_IMAGE_QUALITY +
+
+ ADMX_TerminalServer/TS_SERVER_LEGACY_RFX +
+
+ ADMX_TerminalServer/TS_SERVER_PROFILE +
+
+ ADMX_TerminalServer/TS_SERVER_VISEXP +
+
+ ADMX_TerminalServer/TS_SERVER_WDDM_GRAPHICS_DRIVER +
+
+ ADMX_TerminalServer/TS_Session_End_On_Limit_1 +
+
+ ADMX_TerminalServer/TS_Session_End_On_Limit_2 +
+
+ ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_1 +
+
+ ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_2 +
### ADMX_Thumbnails policies diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md index 727599a933..c96ea7e054 100644 --- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md +++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md @@ -567,154 +567,9 @@ ADMX Info:
- -**ADMX_TerminalServer/TS_RADC_DefaultConnection** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - - -This policy setting specifies the default connection URL for RemoteApp and Desktop Connections. The default connection URL is a specific connection that can only be configured by using Group Policy. In addition to the capabilities that are common to all connections, the default connection URL allows document file types to be associated with RemoteApp programs. The default connection URL must be configured in the form of [http://contoso.com/rdweb/Feed/webfeed.aspx](http://contoso.com/rdweb/Feed/webfeed.aspx). - -- If you enable this policy setting, the specified URL is configured as the default connection URL for the user and replaces any existing connection URL. The user cannot change the default connection URL. The user's default logon credentials are used when setting up the default connection URL. - -- If you disable or do not configure this policy setting, the user has no default connection URL. - -RemoteApp programs that are installed through RemoteApp and Desktop Connections from an un-trusted server can compromise the security of a user's account. - - - - - - -ADMX Info: -- GP Friendly name: *Specify default connection URL* -- GP name: *TS_RADC_DefaultConnection* -- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* -- GP ADMX file name: *TerminalServer.admx* - - - -
-**ADMX_TerminalServer/TS_RDSAppX_WaitForRegistration** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - - -This policy setting allows you to specify whether the app registration is completed before showing the Start screen to the user. By default, when a new user signs in to a computer, the Start screen is shown and apps are registered in the background. However, some apps may not work until app registration is complete. - -- If you enable this policy setting, user sign-in is blocked for up to 6 minutes to complete the app registration. You can use this policy setting when customizing the Start screen on Remote Desktop Session Host servers. - -- If you disable or do not configure this policy setting, the Start screen is shown and apps are registered in the background. - - - - - - -ADMX Info: -- GP Friendly name: *Suspend user sign-in to complete app registration* -- GP name: *TS_RDSAppX_WaitForRegistration* -- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* -- GP ADMX file name: *TerminalServer.admx* - - - -
- - -**ADMX_TerminalServer/TS_RemoteControl_1** +**ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_1** @@ -763,32 +618,7 @@ ADMX Info: - -This policy determines whether the RPC protocol messagese used by VSS for SMB2 File Shares feature is enabled. VSS for SMB2 File Shares feature enables VSS aware backup applications to perform application consistent backup and restore of VSS aware applications storing data on SMB2 File Shares. By default, the RPC protocol message between File Server VSS provider and File Server VSS Agent is signed but not encrypted. - -To make changes to this setting effective, you must restart Volume Shadow Copy (VSS) Service. - - - - - - -ADMX Info: -- GP Friendly name: *Allow or Disallow use of encryption to protect the RPC protocol messages between File Share Shadow Copy Provider running on application server and File Share Shadow Copy Agent running on the file servers* -- GP name: *TS_RemoteControl_1* -- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* -- GP ADMX file name: *TerminalServer.admx* - - - -
- - -**ADMX_TerminalServer/TS_RemoteControl_2** - - - -This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one issued by an authority recognized by the client, such as the issuers in the client's Third-Party Root Certification Authorities certificate store. +This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one that is issued by an authority recognized by the client, such as the issuers in the client's Third-Party Root Certification Authorities certificate store. This policy setting also controls whether the user can start an RDP session by using default .rdp settings (for example, when a user directly opens the Remote Desktop Connection [RDC] client without specifying an .rdp file). @@ -796,7 +626,7 @@ If you enable or do not configure this policy setting, users can run .rdp files If you disable this policy setting, users cannot run .rdp files that are signed with a valid certificate. Additionally, users cannot start an RDP session by directly opening the RDC client and specifying the remote computer name. When a user tries to start an RDP session, the user receives a message that the publisher has been blocked. ->[!Note] +>[!NOTE] >You can define this policy setting in the Computer Configuration node or in the User Configuration node. If you configure this policy setting for the computer, all users on the computer are affected. @@ -804,7 +634,7 @@ If you disable this policy setting, users cannot run .rdp files that are signed ADMX Info: - GP Friendly name: *Allow .rdp files from valid publishers and user's default .rdp settings* -- GP name: *TTS_CLIENT_ALLOW_SIGNED_FILES_1* +- GP name: *TS_CLIENT_ALLOW_SIGNED_FILES_1* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client* - GP ADMX file name: *TerminalServer.admx* @@ -2742,6 +2572,82 @@ ADMX Info:
+ +**ADMX_TerminalServer/TS_GATEWAY_POLICY_ENABLE** + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +If you enable this policy setting, when Remote Desktop Connection cannot connect directly to a remote computer (an RD Session Host server or a computer with Remote Desktop enabled), the clients will attempt to connect to the remote computer through an RD Gateway server. + +In this case, the clients will attempt to connect to the RD Gateway server that is specified in the "Set RD Gateway server address" policy setting. You can enforce this policy setting or you can allow users to overwrite this setting. + +By default, when you enable this policy setting, it is enforced. When this policy setting is enforced, users cannot override this setting, even if they select the "Use these RD Gateway server settings" option on the client. To enforce this policy setting, you must also specify the address of the RD Gateway server by using the "Set RD Gateway server address" policy setting, or client connection attempts to any remote computer will fail, if the client cannot connect directly to the remote computer. + +To enhance security, it is also highly recommended that you specify the authentication method by using the "Set RD Gateway authentication method" policy setting. If you do not specify an authentication method by using this policy setting, either the NTLM protocol that is enabled on the client or a smart card can be used. To allow users to overwrite this policy setting, select the "Allow users to change this setting" check box. + +When you do this, users on the client can choose not to connect through the RD Gateway server by selecting the "Do not use an RD Gateway server" option. Users can specify a connection method by configuring settings on the client, using an RDP file, or using an HTML script. If users do not specify a connection method, the connection method that you specify in this policy setting is used by default. + +If you disable or do not configure this policy setting, clients will not use the RD Gateway server address that is specified in the "Set RD Gateway server address" policy setting. If an RD Gateway server is specified by the user, a client connection attempt will be made through that RD Gateway server. + + + + +ADMX Info: +- GP Friendly name: *Enable connection through RD Gateway* +- GP name: *TS_GATEWAY_POLICY_ENABLE* +- GP path: *Windows Components\Remote Desktop Services\RD Gateway* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ **ADMX_TerminalServer/TS_GATEWAY_POLICY_AUTH_METHOD** @@ -3863,6 +3769,292 @@ ADMX Info:
+ +**ADMX_TerminalServer/TS_RADC_DefaultConnection** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + + +This policy setting specifies the default connection URL for RemoteApp and Desktop Connections. The default connection URL is a specific connection that can only be configured by using Group Policy. In addition to the capabilities that are common to all connections, the default connection URL allows document file types to be associated with RemoteApp programs. The default connection URL must be configured in the form of [http://contoso.com/rdweb/Feed/webfeed.aspx](http://contoso.com/rdweb/Feed/webfeed.aspx). + +- If you enable this policy setting, the specified URL is configured as the default connection URL for the user and replaces any existing connection URL. The user cannot change the default connection URL. The user's default logon credentials are used when setting up the default connection URL. + +- If you disable or do not configure this policy setting, the user has no default connection URL. + +RemoteApp programs that are installed through RemoteApp and Desktop Connections from an un-trusted server can compromise the security of a user's account. + + + + + + +ADMX Info: +- GP Friendly name: *Specify default connection URL* +- GP name: *TS_RADC_DefaultConnection* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + +
+ + +**ADMX_TerminalServer/TS_RDSAppX_WaitForRegistration** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + + +This policy setting allows you to specify whether the app registration is completed before showing the Start screen to the user. By default, when a new user signs in to a computer, the Start screen is shown and apps are registered in the background. However, some apps may not work until app registration is complete. + +- If you enable this policy setting, user sign-in is blocked for up to 6 minutes to complete the app registration. You can use this policy setting when customizing the Start screen on Remote Desktop Session Host servers. + +- If you disable or do not configure this policy setting, the Start screen is shown and apps are registered in the background. + + + + + + +ADMX Info: +- GP Friendly name: *Suspend user sign-in to complete app registration* +- GP name: *TS_RDSAppX_WaitForRegistration* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + +
+ + +**ADMX_TerminalServer/TS_RemoteControl_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + + +This policy determines whether the RPC protocol messagese used by VSS for SMB2 File Shares feature is enabled. VSS for SMB2 File Shares feature enables VSS aware backup applications to perform application consistent backup and restore of VSS aware applications storing data on SMB2 File Shares. By default, the RPC protocol message between File Server VSS provider and File Server VSS Agent is signed but not encrypted. + +To make changes to this setting effective, you must restart Volume Shadow Copy (VSS) Service. + + + + + + +ADMX Info: +- GP Friendly name: *Allow or Disallow use of encryption to protect the RPC protocol messages between File Share Shadow Copy Provider running on application server and File Share Shadow Copy Agent running on the file servers* +- GP name: *TS_RemoteControl_1* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + +
+ + +**ADMX_TerminalServer/TS_RemoteControl_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + + +This policy determines whether the RPC protocol messagese used by VSS for SMB2 File Shares feature is enabled. VSS for SMB2 File Shares feature enables VSS aware backup applications to perform application consistent backup and restore of VSS aware applications storing data on SMB2 File Shares. By default, the RPC protocol message between File Server VSS provider and File Server VSS Agent is signed but not encrypted. + +To make changes to this setting effective, you must restart Volume Shadow Copy (VSS) Service. + + + + + + +ADMX Info: +- GP Friendly name: *Allow or Disallow use of encryption to protect the RPC protocol messages between File Share Shadow Copy Provider running on application server and File Share Shadow Copy Agent running on the file servers* +- GP name: *TS_RemoteControl_2* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* +- GP ADMX file name: *TerminalServer.admx* + + + +
+ **ADMX_TerminalServer/TS_RemoteDesktopVirtualGraphics** @@ -4973,6 +5165,77 @@ ADMX Info: +**ADMX_TerminalServer/TS_SERVER_VISEXP** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to specify the visual experience that remote users receive in Remote Desktop Services sessions. Remote sessions on the remote computer are then optimized to support this visual experience. By default, Remote Desktop Services sessions are optimized for rich multimedia, such as applications that use Silverlight or Windows Presentation Foundation. + +- If you enable this policy setting, you must select the visual experience for which you want to optimize Remote Desktop Services sessions. You can select either Rich multimedia or Text. + +- If you disable or do not configure this policy setting, Remote Desktop Services sessions are optimized for rich multimedia. + + + + +ADMX Info: +- GP Friendly name: *Optimize visual experience for Remote Desktop Service Sessions* +- GP name: *TS_SERVER_VISEXP* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for Windows Server 2008 R2* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + **ADMX_TerminalServer/TS_SERVER_WDDM_GRAPHICS_DRIVER** @@ -5577,6 +5840,83 @@ ADMX Info: +**ADMX_TerminalServer/TS_SESSIONS_Limits_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it is automatically disconnected. + +- If you enable this policy setting, you must select the desired time limit in the Active session limit list. Remote Desktop Services will automatically disconnect active sessions after the specified amount of time. The user receives a warning two minutes before the Remote Desktop Services session disconnects, which allows the user to save open files and close programs. If you have a console session, active session time limits do not apply. + +- If you disable or do not configure this policy setting, this policy setting is not specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active for an unlimited amount of time. + +If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached. + +>[!NOTE] +> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence. + + + + + +ADMX Info: +- GP Friendly name: *Set time limit for active Remote Desktop Services sessions* +- GP name: *TS_SESSIONS_Limits_2* +- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits* +- GP ADMX file name: *TerminalServer.admx* + + + + +
+ + + **ADMX_TerminalServer/TS_SINGLE_SESSION** @@ -6312,7 +6652,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_USB_REDIRECTION_DISABLE** +**ADMX_TerminalServer/TS_USB_REDIRECTION_DISABLE** From 050ba1d6767b40a4a9ec0aba139c10d459d5a625 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Mon, 22 Nov 2021 12:48:35 +0530 Subject: [PATCH 033/420] Updated --- .../mdm/policies-in-policy-csp-admx-backed.md | 4 ++-- .../mdm/policy-configuration-service-provider.md | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index e32a8a34bd..57ac9f7317 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -1204,8 +1204,8 @@ ms.date: 10/08/2020 - [ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_2](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sessions_disconnected_timeout_2) - [ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_1](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sessions_idle_limit_1) - [ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_2](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sessions_idle_limit_2) -- [ADMX_TerminalServer/TS_SESSIONS_Limit_1](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sessions__limit_1) -- [ADMX_TerminalServer/TS_SESSIONS_Limit_2](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sessions__limit_2) +- [ADMX_TerminalServer/TS_SESSIONS_Limit_1](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sessions_limit_1) +- [ADMX_TerminalServer/TS_SESSIONS_Limit_2](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sessions_limit_2) - [ADMX_TerminalServer/TS_SINGLE_SESSION](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_single_session) - [ADMX_TerminalServer/TS_SMART_CARD](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_smart_card) - [ADMX_TerminalServer/TS_START_PROGRAM_1](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_start_program_1) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 13d7cd2ea9..11916ac48a 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -4206,7 +4206,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC ADMX_TerminalServer/TS_PROMT_CREDS_CLIENT_COMP
- ADMX_TerminalServer/TS_RADC_DefaultConnection + ADMX_TerminalServer/TS_RADC_DefaultConnection
ADMX_TerminalServer/TS_RDSAppX_WaitForRegistration @@ -4239,13 +4239,13 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC ADMX_TerminalServer/TS_SELECT_TRANSPORT
- ADMX_TerminalServer/TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP + ADMX_TerminalServer/TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP
ADMX_TerminalServer/TS_SERVER_AUTH
- ADMX_TerminalServer/TS_SERVER_AVC_HW_ENCODE_PREFERRED + ADMX_TerminalServer/TS_SERVER_AVC_HW_ENCODE_PREFERRED
ADMX_TerminalServer/TS_SERVER_AVC_HW_ENCODE_PREFERRED From 34e27c8cd44ef6cc068a63f8bb95cce2eb3d3285 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Mon, 22 Nov 2021 13:17:16 +0530 Subject: [PATCH 034/420] Update policy-configuration-service-provider.md --- .../mdm/policy-configuration-service-provider.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 11916ac48a..b62b8f7d66 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -4247,9 +4247,6 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
ADMX_TerminalServer/TS_SERVER_AVC_HW_ENCODE_PREFERRED
-
- ADMX_TerminalServer/TS_SERVER_AVC_HW_ENCODE_PREFERRED -
ADMX_TerminalServer/TS_SERVER_AVC444_MODE_PREFERRED
From 880432985b64090b80309fd112d1531a6b200bd6 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Mon, 22 Nov 2021 13:29:38 +0530 Subject: [PATCH 035/420] Updated --- .../mdm/policies-in-policy-csp-admx-backed.md | 4 ++-- .../mdm/policy-configuration-service-provider.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index 57ac9f7317..0153913344 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -1204,8 +1204,8 @@ ms.date: 10/08/2020 - [ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_2](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sessions_disconnected_timeout_2) - [ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_1](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sessions_idle_limit_1) - [ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_2](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sessions_idle_limit_2) -- [ADMX_TerminalServer/TS_SESSIONS_Limit_1](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sessions_limit_1) -- [ADMX_TerminalServer/TS_SESSIONS_Limit_2](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sessions_limit_2) +- [ADMX_TerminalServer/TS_SESSIONS_Limits_1](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sessions_limits_1) +- [ADMX_TerminalServer/TS_SESSIONS_Limits_2](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sessions_limits_2) - [ADMX_TerminalServer/TS_SINGLE_SESSION](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_single_session) - [ADMX_TerminalServer/TS_SMART_CARD](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_smart_card) - [ADMX_TerminalServer/TS_START_PROGRAM_1](./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_start_program_1) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index b62b8f7d66..a636e041e5 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -4242,7 +4242,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC ADMX_TerminalServer/TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP
- ADMX_TerminalServer/TS_SERVER_AUTH + ADMX_TerminalServer/TS_SERVER_AUTH
ADMX_TerminalServer/TS_SERVER_AVC_HW_ENCODE_PREFERRED From f5ede191b79be42c1e6d6db6bfa26f14df02605e Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Mon, 22 Nov 2021 13:43:58 +0530 Subject: [PATCH 036/420] Update policy-configuration-service-provider.md --- .../mdm/policy-configuration-service-provider.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index a636e041e5..1fa8949def 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -4280,6 +4280,12 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_2
+
+ ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_1 +
+
+ ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_2 +
### ADMX_Thumbnails policies From 8e8a45bbd972cd73e93852e6f167855aef3cd54c Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Mon, 22 Nov 2021 14:03:49 +0530 Subject: [PATCH 037/420] Adding new policies in CSP .md --- .../policy-configuration-service-provider.md | 45 +++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index b62b8f7d66..95217e5116 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -4280,6 +4280,51 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_2
+
+ ADMX_TerminalServer/TS_SINGLE_SESSION +
+
+ ADMX_TerminalServer/TS_SMART_CARD +
+
+ ADMX_TerminalServer/TS_START_PROGRAM_1 +
+
+ ADMX_TerminalServer/TS_START_PROGRAM_2 +
+
+ ADMX_TerminalServer/TS_TEMP_DELETE +
+
+ ADMX_TerminalServer/TS_TEMP_PER_SESSION +
+
+ ADMX_TerminalServer/TS_TIME_ZONE +
+
+ ADMX_TerminalServer/TS_TSCC_PERMISSIONS_POLICY +
+
+ ADMX_TerminalServer/TS_TURNOFF_SINGLEAPP +
+
+ ADMX_TerminalServer/TS_UIA +
+
+ ADMX_TerminalServer/TS_USB_REDIRECTION_DISABLE +
+
+ ADMX_TerminalServer/TS_USER_AUTHENTICATION_POLICY +
+
+ ADMX_TerminalServer/TS_USER_HOME +
+
+ ADMX_TerminalServer/TS_USER_MANDATORY_PROFILES +
+
+ ADMX_TerminalServer/TS_USER_PROFILES +
### ADMX_Thumbnails policies From 84b0ba0c436ebd9397cb675d32e9a68722d73bdd Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Mon, 22 Nov 2021 14:14:56 +0530 Subject: [PATCH 038/420] Updated --- .../mdm/policy-configuration-service-provider.md | 3 ++- .../client-management/mdm/policy-csp-admx-terminalserver.md | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 1fa8949def..21a5e6f57f 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -4283,9 +4283,10 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_1
-
+
ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_2
+
### ADMX_Thumbnails policies diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md index c96ea7e054..67bd9ecc23 100644 --- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md +++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md @@ -6,8 +6,8 @@ ms.localizationpriority: medium ms.topic: article ms.prod: w10 ms.technology: windows -author: manikadhiman -ms.date: 09/23/2020 +author: nimishasatapathy +ms.date: 11/22/2021 ms.reviewer: manager: dansimp --- From 458ff0e6b8a7bd627833f26e83a24923e768a6fa Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Wed, 24 Nov 2021 15:01:10 +0530 Subject: [PATCH 039/420] Update policy-csp-start.md --- .../client-management/mdm/policy-csp-start.md | 143 ++++++++++++++++++ 1 file changed, 143 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md index 588586543f..a7bfb4c8ba 100644 --- a/windows/client-management/mdm/policy-csp-start.md +++ b/windows/client-management/mdm/policy-csp-start.md @@ -51,6 +51,9 @@ manager: dansimp
Start/AllowPinnedFolderVideos
+
+ Start/ConfigureStartPins +
Start/DisableContextMenus
@@ -108,6 +111,9 @@ manager: dansimp
Start/NoPinningToTaskbar
+
+ Start/ShowOrHideMostUsedApps +
Start/StartLayout
@@ -766,6 +772,73 @@ The following list shows the supported values:
+ +**Start/ConfigureStartPins** + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +This policy will allow admins to push a new list of pinned apps to override the default/current list of pinned apps in the SV start menu experience. + +>[!NOTE] +> TFS information describes feature area owners and policy handling work, but the work to implement the policy itself is being completed by OS\WDX\DASH\Cloud-powered Windows Devices\Project Hailey --> Deliverable 32179178. + + + + +This string policy will take a JSON file (expected name LayoutModification.json), which enumerates the items to pin and their relative order. + + + + +
+ + **Start/DisableContextMenus** @@ -2197,6 +2270,76 @@ To validate on Desktop, do the following:
+ + +**Start/ShowOrHideMostUsedApps** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +This supports a key Enterprise manageability request targeted for Iron. + + + +The following list shows the supported values: + +- 1 - Force showing of Most Used Apps in Start Menu, user cannot change in Settings +- 0 - Force hiding of Most Used Apps in Start Menu, user cannot change in Settings +- Not set - User can use Settings to hide or show Most Used Apps in Start Menu + +On clean install, the user setting defaults to "hide". + + + + + +
+ **Start/StartLayout** From 1b4e38f020f548601e4db8961994ef0c52080f21 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Wed, 24 Nov 2021 15:27:47 +0530 Subject: [PATCH 040/420] Update policy-csp-settings.md --- .../mdm/policy-csp-settings.md | 65 +++++++++++++++++++ 1 file changed, 65 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md index 69c7b52c83..c595c0b078 100644 --- a/windows/client-management/mdm/policy-csp-settings.md +++ b/windows/client-management/mdm/policy-csp-settings.md @@ -29,6 +29,9 @@ manager: dansimp
Settings/AllowDateTime
+
+ Settings/AllowEditDeviceName +
Settings/AllowLanguage
@@ -266,6 +269,68 @@ The following list shows the supported values:
+ +**Settings/AllowEditDeviceName** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy disables edit device name option on Settings. + + + + +Describes what value are supported in by this policy and meaning of each value, default value. + + + + +
+ **Settings/AllowLanguage** From 81090affab904c05f7e8547e71644cb6aca17819 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Wed, 24 Nov 2021 16:53:32 +0530 Subject: [PATCH 041/420] Updated policy-csp-storage with missing policy entries Added: - -- Storage/WPDDevicesDenyReadAccessPerDevice Storage/WPDDevicesDenyReadAccessPerUser Storage/WPDDevicesDenyWriteAccessPerDevice Storage/WPDDevicesDenyWriteAccessPerUser --- .../policy-configuration-service-provider.md | 12 + .../mdm/policy-csp-storage.md | 379 +++++++++++++++++- 2 files changed, 379 insertions(+), 12 deletions(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index bbd3101f94..f43673ae62 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -8293,6 +8293,18 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
Storage/RemovableDiskDenyWriteAccess
+
+ Storage/WPDDevicesDenyReadAccessPerDevice +
+
+ Storage/WPDDevicesDenyReadAccessPerUser +
+
+ Storage/WPDDevicesDenyWriteAccessPerDevice +
+
+ Storage/WPDDevicesDenyWriteAccessPerUser +
### System policies diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md index d470d7977b..7c441baca0 100644 --- a/windows/client-management/mdm/policy-csp-storage.md +++ b/windows/client-management/mdm/policy-csp-storage.md @@ -48,6 +48,18 @@ manager: dansimp
Storage/RemovableDiskDenyWriteAccess
+
+ Storage/WPDDevicesDenyReadAccessPerDevice +
+
+ Storage/WPDDevicesDenyReadAccessPerUser +
+
+ Storage/WPDDevicesDenyWriteAccessPerDevice +
+
+ Storage/WPDDevicesDenyWriteAccessPerUser +
@@ -139,8 +151,8 @@ The following list shows the supported values: Home - - + No + No Pro @@ -218,8 +230,8 @@ ADMX Info: Home - - + No + No Pro @@ -300,8 +312,8 @@ ADMX Info: Home - - + No + No Pro @@ -382,8 +394,8 @@ ADMX Info: Home - - + No + No Pro @@ -464,8 +476,8 @@ ADMX Info: Home - - + No + No Pro @@ -552,8 +564,8 @@ ADMX Info: Home - - + No + No Pro @@ -782,5 +794,348 @@ See [Use custom settings for Windows 10 devices in Intune](/intune/custom-settin
+ +**Storage/WPDDevicesDenyReadAccessPerDevice** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy will do the enforcement over the following protocols which are used by most portable devices, e.g. mobile/IOS/Android: + +- Picture Transfer Protocol (PTP) over USB, IP, and Bluetooth +- Media Transfer Protocol (MTP) over USB, IP, and Bluetooth +- Mass Storage Class (MSC) over USB + +If enabled, this policy will block end-user from Read access on any Windows Portal devices, e.g. mobile/iOS/Android. + +Audit/Warn – P1: in the future, will consider Audit/Warn modes with customer justifications[TC(1] [TW2]. + +>[!NOTE] +> WPD policy is not a reliable policy for removable storage - admin can not use WPD policy to block removable storage, e.g. if an end-user is using an USB thumb drive under a WPD policy, the policy may block PTP/MTP/etc, but end-user can still browser the USB via explorer. + +Supported values for this policy are: +- Not configured +- 1-Enabled +- 0-Disabled + + + +ADMX Info: +- GP Friendly name: *WPD Devices: Deny read access* +- GP name: *WPDDevices_DenyRead_Access_2* +- GP path: *System/Removable Storage Access* +- GP ADMX file name: *RemovableStorage.admx* + + + + + + + + + +
+ + +**Storage/WPDDevicesDenyReadAccessPerUser** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy will do the enforcement over the following protocols which are used by most portable devices, e.g. mobile/IOS/Android: + +- Picture Transfer Protocol (PTP) over USB, IP, and Bluetooth +- Media Transfer Protocol (MTP) over USB, IP, and Bluetooth +- Mass Storage Class (MSC) over USB + +If enabled, this policy will block end-user from Read access on any Windows Portal devices, e.g. mobile/iOS/Android. + +Audit/Warn – P1: in the future, will consider Audit/Warn modes with customer justifications[TC(1] [TW2]. + +>[!NOTE] +> WPD policy is not a reliable policy for removable storage - admin can not use WPD policy to block removable storage, e.g. if an end-user is using an USB thumb drive under a WPD policy, the policy may block PTP/MTP/etc, but end-user can still browser the USB via explorer. + +Supported values for this policy are: +- Not configured +- 1-Enabled +- 0-Disabled + + + +ADMX Info: +- GP Friendly name: *WPD Devices: Deny read access* +- GP name: *WPDDevices_DenyRead_Access_1* +- GP path: *System/Removable Storage Access* +- GP ADMX file name: *RemovableStorage.admx* + + + + + + + + + +
+ + +**Storage/WPDDevicesDenyWriteAccessPerDevice** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy will do the enforcement over the following protocols which are used by most portable devices, e.g. mobile/IOS/Android: + +- Picture Transfer Protocol (PTP) over USB, IP, and Bluetooth +- Media Transfer Protocol (MTP) over USB, IP, and Bluetooth +- Mass Storage Class (MSC) over USB + +If enabled, this will block end-user from Write access on any Windows Portal devices, e.g. mobile/iOS/Android. + +Audit/Warn – P1: in the future, will consider Audit/Warn modes with customer justifications. + +>[!NOTE] +> WPD policy is not a reliable policy for removable storage - admin can not use WPD policy to block removable storage, e.g. if an end-user is using an USB thumb drive under a WPD policy, the policy may block PTP/MTP/etc, but end-user can still browser the USB via explorer. + +Supported values for this policy are: +- Not configured +- 1-Enabled +- 0-Disabled + + + +ADMX Info: +- GP Friendly name: *WPD Devices: Deny write access* +- GP name: *WPDDevices_DenyWrite_Access_2* +- GP path: *System/Removable Storage Access* +- GP ADMX file name: *RemovableStorage.admx* + + + + + + + + + +
+ + +**Storage/WPDDevicesDenyWriteAccessPerUser** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy will do the enforcement over the following protocols which are used by most portable devices, e.g. mobile/IOS/Android: + +- Picture Transfer Protocol (PTP) over USB, IP, and Bluetooth +- Media Transfer Protocol (MTP) over USB, IP, and Bluetooth +- Mass Storage Class (MSC) over USB + +If enabled, this will block end-user from Write access on any Windows Portal devices, e.g. mobile/iOS/Android. + +Audit/Warn – P1: in the future, will consider Audit/Warn modes with customer justifications. + +>[!NOTE] +> WPD policy is not a reliable policy for removable storage - admin can not use WPD policy to block removable storage, e.g. if an end-user is using an USB thumb drive under a WPD policy, the policy may block PTP/MTP/etc, but end-user can still browser the USB via explorer. + +Supported values for this policy are: +- Not configured +- 1-Enabled +- 0-Disabled + + + +ADMX Info: +- GP Friendly name: *WPD Devices: Deny write access* +- GP name: *WPDDevices_DenyWrite_Access_2* +- GP path: *System/Removable Storage Access* +- GP ADMX file name: *RemovableStorage.admx* + + + + + + + + + +
From aa235ef9ef42e6fa7216a75c16dec08bde0cd0b2 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Wed, 24 Nov 2021 17:05:05 +0530 Subject: [PATCH 042/420] fix --- .../mdm/policy-csp-storage.md | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md index 7c441baca0..cdf3d508a1 100644 --- a/windows/client-management/mdm/policy-csp-storage.md +++ b/windows/client-management/mdm/policy-csp-storage.md @@ -857,10 +857,10 @@ Audit/Warn – P1: in the future, will consider Audit/Warn modes with customer j >[!NOTE] > WPD policy is not a reliable policy for removable storage - admin can not use WPD policy to block removable storage, e.g. if an end-user is using an USB thumb drive under a WPD policy, the policy may block PTP/MTP/etc, but end-user can still browser the USB via explorer. -Supported values for this policy are: -- Not configured -- 1-Enabled -- 0-Disabled +Supported values for this policy are: +- Not configured +- Enabled +- Disabled @@ -945,8 +945,8 @@ Audit/Warn – P1: in the future, will consider Audit/Warn modes with customer j Supported values for this policy are: - Not configured -- 1-Enabled -- 0-Disabled +- Enabled +- Disabled @@ -1031,8 +1031,8 @@ Audit/Warn – P1: in the future, will consider Audit/Warn modes with customer j Supported values for this policy are: - Not configured -- 1-Enabled -- 0-Disabled +- Enabled +- Disabled @@ -1117,8 +1117,8 @@ Audit/Warn – P1: in the future, will consider Audit/Warn modes with customer j Supported values for this policy are: - Not configured -- 1-Enabled -- 0-Disabled +- Enabled +- Disabled From a434405f888184557819da4da5d76ee1530e8d5b Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Wed, 24 Nov 2021 17:38:34 +0530 Subject: [PATCH 043/420] Update policy-csp-search.md --- .../mdm/policy-csp-search.md | 73 +++++++++++++++++++ 1 file changed, 73 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md index 8eb0dbe3ea..667994f6ca 100644 --- a/windows/client-management/mdm/policy-csp-search.md +++ b/windows/client-management/mdm/policy-csp-search.md @@ -24,6 +24,9 @@ manager: dansimp
Search/AllowCloudSearch
+
+ Search/AllowCortanaInAAD +
Search/AllowFindMyFiles
@@ -138,6 +141,76 @@ The following list shows the supported values:
+ +**Search/AllowCortanaInAAD** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + + + + +ADMX Info: +- GP English name: *Allow Cloud Search* +- GP name: *AllowCortanaInAAD* +- GP element: *AllowCloudSearch_Dropdown* +- GP path: *Windows Components/Search* +- GP ADMX file name: *Search.admx* + + + + +This is a simple boolean value, default false, that can be set by MDM policy to allow the Cortana Page in OOBE when logged in with an AAD account. + + + + +
+ From fcc0a6224db041d4a29d540b95ca60fe0c82ef1b Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Wed, 24 Nov 2021 18:09:12 +0530 Subject: [PATCH 044/420] correction! --- windows/client-management/mdm/policy-csp-storage.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md index cdf3d508a1..318ae0e1ce 100644 --- a/windows/client-management/mdm/policy-csp-storage.md +++ b/windows/client-management/mdm/policy-csp-storage.md @@ -1124,7 +1124,7 @@ Supported values for this policy are: ADMX Info: - GP Friendly name: *WPD Devices: Deny write access* -- GP name: *WPDDevices_DenyWrite_Access_2* +- GP name: *WPDDevices_DenyWrite_Access_1* - GP path: *System/Removable Storage Access* - GP ADMX file name: *RemovableStorage.admx* From 58631b2a54ea4644dceec28f1c31e577e3c0aedf Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Wed, 24 Nov 2021 19:00:02 +0530 Subject: [PATCH 045/420] Update policy-csp-printers.md --- .../mdm/policy-csp-printers.md | 302 ++++++++++++++++++ 1 file changed, 302 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-printers.md b/windows/client-management/mdm/policy-csp-printers.md index 3902457217..d6f2240333 100644 --- a/windows/client-management/mdm/policy-csp-printers.md +++ b/windows/client-management/mdm/policy-csp-printers.md @@ -22,6 +22,18 @@ manager: dansimp ## Printers policies
+
+ Printers/ApprovedUsbPrintDevices +
+
+ Printers/ApprovedUsbPrintDevicesUser +
+
+ Printers/EnableDeviceControl +
+
+ Printers/EnableDeviceControlUser +
Printers/PointAndPrintRestrictions
@@ -42,6 +54,296 @@ manager: dansimp
+ +**Printers/ApprovedUsbPrintDevices** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy implements the print portion of the Device Control requirements. +These requirements include restricting printing to USB connected printers which match a list of approved USB Vid/Pid combinations or to corporate connected printers while either directly connected to the corporate network or when using a VPN connection to the corporate network. +This policy will contain the comma separated list of approved USB Vid&Pid combinations which the print spooler will allow to print when Device Control is enabled. +The format of this setting is /[,/] + +Parent deliverable: 26209274 - Device Control: Printer + + + +ADMX Info: +- GP Friendly name: *Support for new Device Control Print feature* +- GP name: *ApprovedUsbPrintDevices* +- GP path: *Printers* +- GP ADMX file name: *Printing.admx* + + + + + +
+ + +**Printers/ApprovedUsbPrintDevicesUser** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy implements the print portion of the Device Control requirements. +These requirements include restricting printing to USB connected printers which match a list of approved USB Vid/Pid combinations or to corporate connected printers while either directly connected to the corporate network or when using a VPN connection to the corporate network. +This policy will contain the comma separated list of approved USB Vid&Pid combinations which the print spooler will allow to print when Device Control is enabled. +The format of this setting is /[,/] + + + + +ADMX Info: +- GP Friendly name: *Support for new Device Control Print feature* +- GP name: *ApprovedUsbPrintDevicesUser* +- GP path: *Printers* +- GP ADMX file name: *Printing.admx* + + + +
+ + +**Printers/EnableDeviceControl** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy implements the print portion of the Device Control requirements. +These requirements include restricting printing to USB connected printers which match a list of approved USB Vid/Pid combinations or to corporate connected printers while either directly connected to the corporate network or when using a VPN connection to the corporate network. +This policy will control whether the print spooler will attempt to restrict printing as part of Device Control. + +The default value of the policy will be Unconfigured. + +If the policy value is either Unconfigured or Disabled the print spooler will not restrict printing. + +If the policy value is Enabled the print spooler will restrict local printing to USB devices in the Approved Device list. + + + + + +ADMX Info: +- GP Friendly name: *Support for new Device Control Print feature* +- GP name: *EnableDeviceControl* +- GP path: *Printers* +- GP ADMX file name: *Printing.admx* + + + + +
+ + + +**Printers/EnableDeviceControlUser** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy implements the print portion of the Device Control requirements. +These requirements include restricting printing to USB connected printers which match a list of approved USB Vid/Pid combinations or to corporate connected printers while either directly connected to the corporate network or when using a VPN connection to the corporate network. +This policy will control whether the print spooler will attempt to restrict printing as part of Device Control. + +The default value of the policy will be Unconfigured. + +If the policy value is either Unconfigured or Disabled the print spooler will not restrict printing. + +If the policy value is Enabled the print spooler will restrict local printing to USB devices in the Approved Device list. + + + + + +ADMX Info: +- GP Friendly name: *Support for new Device Control Print feature* +- GP name: *EnableDeviceControlUser* +- GP path: *Printers* +- GP ADMX file name: *Printing.admx* + + + + +
+ **Printers/PointAndPrintRestrictions** From a4c6bd8998a1d2c2b32439f5d2d5dc2f5a5c8205 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Wed, 24 Nov 2021 19:27:49 +0530 Subject: [PATCH 046/420] Update policy-csp-power.md --- .../client-management/mdm/policy-csp-power.md | 68 +++++++++++++++++++ 1 file changed, 68 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md index 367d969417..e8b4361743 100644 --- a/windows/client-management/mdm/policy-csp-power.md +++ b/windows/client-management/mdm/policy-csp-power.md @@ -22,6 +22,9 @@ manager: dansimp ## Power policies
+
+ Power/AllowHibernate +
Power/AllowStandbyStatesWhenSleepingOnBattery
@@ -98,6 +101,71 @@ manager: dansimp > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +
+ + +**Power/AllowHibernate** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + + + + + +ADMX Info: +- GP Friendly name: *Decides if hibernate on the machine is allowed or not* +- GP name: *AllowHibernate* +- GP path: *System/Power Management/Sleep Settings* +- GP ADMX file name: *power.admx* + + + +
From 61fa2b89662ef007259e506b1830a5442694d41d Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Wed, 24 Nov 2021 19:37:26 +0530 Subject: [PATCH 047/420] Notification update --- .../mdm/policy-csp-notifications.md | 75 +++++++++++++++++++ 1 file changed, 75 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md index 643ef3e681..7ba7ed964f 100644 --- a/windows/client-management/mdm/policy-csp-notifications.md +++ b/windows/client-management/mdm/policy-csp-notifications.md @@ -31,6 +31,9 @@ manager: dansimp
Notifications/DisallowTileNotification
+
+ Notifications/WnsEndpoint +
@@ -280,5 +283,77 @@ Validation:
+ +**Notifications/WnsEndpoint** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Machine + +
+ + + +This policy setting determines which Windows Notification Service endpoint will be used to connect for Windows Push Notifications. + +If you disable or do not configure this setting, the push notifications will connect to the default endpoint of client.wns.windows.com. + +Note: Ensure the proper WNS FQDNs, VIPs, IPs and Ports are also whitelisted from your firewall settings. + + + +ADMX Info: +- GP Friendly name: *Required for Airgap servers that may have a unique FQDN that is different from the public endpoint* +- GP name: *WnsEndpoint* +- GP path: *Start Menu and Taskbar/Notifications* +- GP ADMX file name: *WPN.admx* + + + +If the policy is not specified, we will default our connection to client.wns.windows.com. + + + +
+ \ No newline at end of file From f8f49eb21fb57214ae41e6fad3c026c7e781c7e2 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Mon, 29 Nov 2021 10:44:49 +0500 Subject: [PATCH 048/420] Update deploy-whats-new.md --- windows/deployment/deploy-whats-new.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/deploy-whats-new.md b/windows/deployment/deploy-whats-new.md index b092bc6e3c..cb6320f60a 100644 --- a/windows/deployment/deploy-whats-new.md +++ b/windows/deployment/deploy-whats-new.md @@ -92,7 +92,7 @@ The following Delivery Optimization policies are removed in the Windows 10, vers - Intune console updates: target version is now available allowing you to specify which version of Windows 10 you want devices to move to. Additionally, this capability enables you to keep devices on their current version until they reach end of service. Check it out in Intune, also available as a Group Policy and Configuration Service Provider (CSP) policy. - Validation improvements: To ensure devices and end users stay productive and protected, Microsoft uses safeguard holds to block devices from updating when there are known issues that would impact that device. Also, to better enable IT administrators to validate on the latest release, we have created a new policy that enables admins to opt devices out of the built-in safeguard holds. -- [**Automatic Restart Sign-on (ARSO)**](/windows-insider/at-work-pro/wip-4-biz-whats-new#automatic-restart-and-sign-on-arso-for-enterprises-build-18305): Windows will automatically log on as the user and lock their device in order to complete the update, ensuring that when the user returns and unlocks the device, the update will be completed. +- [**Automatic Restart Sign-on (ARSO)**](/windows-server/identity/ad-ds/manage/component-updates/winlogon-automatic-restart-sign-on--arso-): Windows will automatically log on as the user and lock their device in order to complete the update, ensuring that when the user returns and unlocks the device, the update will be completed. - [**Windows Update for Business**](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Update-for-Business-and-the-retirement-of-SAC-T/ba-p/339523): There will now be a single, common start date for phased deployments (no more SAC-T designation). In addition, there will be a new notification and reboot scheduling experience for end users, the ability to enforce update installation and reboot deadlines, and the ability to provide end user control over reboots for a specific time period. - **Update rollback improvements**: You can now automatically recover from startup failures by removing updates if the startup failure was introduced after the installation of recent driver or quality updates. When a device is unable to start up properly after the recent installation of Quality of driver updates, Windows will now automatically uninstall the updates to get the device back up and running normally. - **Pause updates**: We have extended the ability to pause updates for both feature and monthly updates. This extension ability is for all editions of Windows 10, including Home. You can pause both feature and monthly updates for up to 35 days (seven days at a time, up to five times). Once the 35-day pause period is reached, you will need to update your device before pausing again. @@ -221,4 +221,4 @@ For more information, see the following guides: [Windows 10 release information](/windows/windows-10/release-information)
[Windows 10 Specifications & Systems Requirements](https://www.microsoft.com/windows/windows-10-specifications)
[Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md)
-[Windows 10 deployment tools](windows-deployment-scenarios-and-tools.md)
\ No newline at end of file +[Windows 10 deployment tools](windows-deployment-scenarios-and-tools.md)
From 5f70354e96cd88c2f0e4ccebda539d1d37c192f2 Mon Sep 17 00:00:00 2001 From: Rick Munck <33725928+jmunck@users.noreply.github.com> Date: Mon, 29 Nov 2021 16:42:16 -0500 Subject: [PATCH 049/420] Update security-compliance-toolkit-10.md Updated Edge to v96 --- .../security-compliance-toolkit-10.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md b/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md index 2d66169700..a7d705c22e 100644 --- a/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md +++ b/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md @@ -50,7 +50,7 @@ The Security Compliance Toolkit consists of: - Office 2016 - Microsoft Edge security baseline - - Edge Browser Version 93 + - Edge Browser Version 96 - Tools - Policy Analyzer tool From 05da0a4d72ea29d814cd086a1bc52f1b090cc245 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Tue, 30 Nov 2021 17:22:03 +0530 Subject: [PATCH 050/420] Update policy-csp-update.md --- .../mdm/policy-csp-update.md | 101 ++++++++++++++++-- 1 file changed, 90 insertions(+), 11 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index c38caf5830..edc685637d 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -72,6 +72,9 @@ manager: dansimp
Update/ConfigureDeadlineGracePeriod
+
+ Update/ConfigureDeadlineGracePeriodForFeatureUpdates +
Update/ConfigureDeadlineNoAutoReboot
@@ -1333,8 +1336,7 @@ The following list shows the supported values: - -Allows IT admins to specify the number of days a user has before feature updates are installed on their devices automatically. Updates and restarts will occur regardless of active hours and the user will not be able to reschedule. +Allows admins to specify the number of days before feature updates are installed on the device automatically. Before the deadline, restarts can be scheduled by users or automatically scheduled outside of active hours, according to [Update/ConfigureDeadlineNoAutoReboot](#update-configuredeadlinenoautoreboot). After the deadline passes, restarts will occur regardless of active hours and users will not be able to reschedule. ADMX Info: @@ -1346,7 +1348,7 @@ ADMX Info: -Supports a numeric value from 2 - 30, which indicates the number of days a device will wait until performing an aggressive installation of a required feature update. +Supports a numeric value from 0-30 (2-30 in Windows 10, versions 1803 and 1709), which indicates the number of days a device will wait until performing an aggressive installation of a required feature update. Note that when set to 0, the update will download and install immediately upon offering, but might not finish within the day due to device availability and network connectivity. Default value is 7. @@ -1410,8 +1412,7 @@ Default value is 7. - -Allows IT admins to specify the number of days a user has before quality updates are installed on their devices automatically. Updates and restarts will occur regardless of active hours and the user will not be able to reschedule. +Allows admins to specify the number of days before quality updates are installed on a device automatically. Before the deadline, restarts can be scheduled by users or automatically scheduled outside of active hours, according to [Update/ConfigureDeadlineNoAutoReboot](#update-configuredeadlinenoautoreboot). After deadline passes, restarts will occur regardless of active hours and users will not be able to reschedule. ADMX Info: @@ -1423,7 +1424,7 @@ ADMX Info: -Supports a numeric value from 2 - 30, which indicates the number of days a device will wait until performing an aggressive installation of a required quality update. +Supports a numeric value from 0-30 (2-30 in Windows 10, versions 1803 and 1709), which indicates the number of days a device will wait until performing an aggressive installation of a required feature update. Note that when set to 0, the update will download and install immediately upon offering, but might not finish within the day due to device availability and network connectivity. Default value is 7. @@ -1487,8 +1488,7 @@ Default value is 7. - -Allows the IT admin (when used with [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates) or [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates)) to specify a minimum number of days until restarts occur automatically. Setting the grace period may extend the effective deadline set by the deadline policies. +When used with [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates),allows the admin to specify a minimum number of days until restarts occur automatically for quality updates. Setting the grace period might extend the effective deadline set by the deadline policy. If [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates)) is configured but this policy is not, then the default value of 2 will be used. @@ -1501,7 +1501,7 @@ ADMX Info: -Supports a numeric value from 0 - 7, which indicates the minimum number of days a device will wait until performing an aggressive installation of a required update once deadline has been reached. +Supports a numeric value from 0-7, which indicates the minimum number of days a device will wait before it restarts automatically after installing a required quality update. Default value is 2. @@ -1515,6 +1515,84 @@ Default value is 2.
+ +**Update/ConfigureDeadlineGracePeriodForFeatureUpdates** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + + +When used with [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates), allows the admin to specify a minimum number of days until restarts occur automatically for feature updates. Setting the grace period may extend the effective deadline set by the deadline policy. If [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates) is configured but this policy is not, then the value from [Update/ConfigureDeadlineGracePeriod](#update-configuredeadlinegraceperiod) will be used; if that policy is also not configured, then the default value of 2 will be used. + + + +ADMX Info: +- GP Friendly name: *Specify deadlines for automatic updates and restarts* +- GP name: *ConfigureDeadlineGracePeriodForFeatureUpdates* +- GP element: *ConfigureDeadlineGracePeriodForFeatureUpdates* +- GP path: *Administrative Templates\Windows Components\WindowsUpdate* +- GP ADMX file name: *WindowsUpdate.admx* + + + +Supports a numeric value from 0-7, which indicates the minimum number of days a device will wait before it restarts automatically after installing a required feature update. +Default value is 2. + + + + + + + + + + +
+ **Update/ConfigureDeadlineNoAutoReboot** @@ -1565,10 +1643,11 @@ Default value is 2. +When used with [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates) or [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates)), devices will delay automatically restarting until both the deadline and grace period have expired, even if applicable updates are already installed and pending a restart. -If enabled (when used with [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates) or [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates)), devices will not automatically restart outside of active hours until the deadline is reached, even if applicable updates are already installed and pending a restart. +When disabled, if the device has installed updates and is outside of active hours, it might attempt an automatic restart before the deadline. -When disabled, if the device has installed the required updates and is outside of active hours, it may attempt an automatic restart before the deadline. + ADMX Info: From 0f60a6706e4a67acc18c2057c9f8285a1914e603 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Thu, 2 Dec 2021 11:06:01 +0530 Subject: [PATCH 051/420] Added windows 10 After reading this article, I added windows 10 under applies to section. --- windows/whats-new/windows-11-prepare.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/whats-new/windows-11-prepare.md b/windows/whats-new/windows-11-prepare.md index 18d9c7bbea..f76ae48be7 100644 --- a/windows/whats-new/windows-11-prepare.md +++ b/windows/whats-new/windows-11-prepare.md @@ -18,6 +18,7 @@ ms.collection: highpri **Applies to** - Windows 11 +- Windows 10 Windows 10 and Windows 11 are designed to coexist, so that you can use the same familiar tools and process to manage both operating systems. Using a single management infrastructure that supports common applications across both Windows 10 and Windows 11 helps to simplify the migration process. You can analyze endpoints, determine application compatibility, and manage Windows 11 deployments in the same way that you do with Windows 10. From f4d4d41af079a31a49eeebd296d6598517f87073 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Fri, 3 Dec 2021 12:20:39 +0530 Subject: [PATCH 052/420] Converted Html tables to md format --- .../mdm/policy-csp-admx-terminalserver.md | 3565 ++++------------- 1 file changed, 716 insertions(+), 2849 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md index deab09567c..fadaf0bcba 100644 --- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md +++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md @@ -399,38 +399,14 @@ ADMX Info: **ADMX_TerminalServer/TS_CERTIFICATE_TEMPLATE_POLICY** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -475,38 +451,14 @@ ADMX Info: **ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_1** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -524,38 +476,14 @@ ADMX Info: **ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_1** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -593,44 +521,20 @@ ADMX Info: -
+ **ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_2** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -675,38 +579,14 @@ ADMX Info: **ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_1** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -746,38 +626,14 @@ ADMX Info: **ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_2** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -817,38 +673,14 @@ ADMX Info: **ADMX_TerminalServer/TS_CLIENT_AUDIO** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -892,38 +724,14 @@ ADMX Info: **ADMX_TerminalServer/TS_CLIENT_AUDIO_CAPTURE** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -965,38 +773,14 @@ ADMX Info: **ADMX_TerminalServer/TS_CLIENT_AUDIO_QUALITY** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1040,38 +824,14 @@ ADMX Info: **ADMX_TerminalServer/TS_CLIENT_CLIPBOARD** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1115,38 +875,14 @@ ADMX Info: **ADMX_TerminalServer/TS_CLIENT_COM** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1190,38 +926,14 @@ ADMX Info: **ADMX_TerminalServer/TS_CLIENT_DEFAULT_M** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1265,38 +977,14 @@ ADMX Info: **ADMX_TerminalServer/TS_CLIENT_DISABLE_HARDWARE_MODE** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1336,38 +1024,14 @@ ADMX Info: **ADMX_TerminalServer/TS_CLIENT_DISABLE_PASSWORD_SAVING_1** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1407,38 +1071,14 @@ ADMX Info: **ADMX_TerminalServer/TS_CLIENT_LPT** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1478,38 +1118,14 @@ ADMX Info: **ADMX_TerminalServer/TS_CLIENT_PNP** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1552,38 +1168,14 @@ ADMX Info: **ADMX_TerminalServer/TS_CLIENT_PRINTER** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1625,38 +1217,14 @@ ADMX Info: **ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_1** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1703,38 +1271,14 @@ ADMX Info: **ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_2** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1781,38 +1325,14 @@ ADMX Info: **ADMX_TerminalServer/TS_CLIENT_TURN_OFF_UDP** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1852,38 +1372,14 @@ ADMX Info: **ADMX_TerminalServer/TS_COLORDEPTH** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1931,38 +1427,14 @@ ADMX Info: **ADMX_TerminalServer/TS_DELETE_ROAMING_USER_PROFILES** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -2007,38 +1479,14 @@ ADMX Info: **ADMX_TerminalServer/TS_DISABLE_REMOTE_DESKTOP_WALLPAPER** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -2079,38 +1527,14 @@ ADMX Info: **ADMX_TerminalServer/TS_DX_USE_FULL_HWGPU** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -2153,38 +1577,14 @@ ADMX Info: **ADMX_TerminalServer/TS_EASY_PRINT** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -2227,38 +1627,14 @@ ADMX Info: **ADMX_TerminalServer/TS_EASY_PRINT_User** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -2301,38 +1677,14 @@ ADMX Info: **ADMX_TerminalServer/TS_EnableVirtualGraphics** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -2376,38 +1728,14 @@ ADMX Info: **ADMX_TerminalServer/TS_FALLBACKPRINTDRIVERTYPE** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -2455,38 +1783,14 @@ ADMX Info: **ADMX_TerminalServer/TS_FORCIBLE_LOGOFF** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -2528,38 +1832,14 @@ ADMX Info: **ADMX_TerminalServer/TS_GATEWAY_POLICY_ENABLE** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -2604,38 +1884,14 @@ ADMX Info: **ADMX_TerminalServer/TS_GATEWAY_POLICY_AUTH_METHOD** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -2677,38 +1933,14 @@ ADMX Info: **ADMX_TerminalServer/TS_GATEWAY_POLICY_SERVER** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -2755,38 +1987,14 @@ ADMX Info: **ADMX_TerminalServer/TS_JOIN_SESSION_DIRECTORY** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -2832,38 +2040,14 @@ ADMX Info: **ADMX_TerminalServer/TS_KEEP_ALIVE** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -2905,38 +2089,14 @@ ADMX Info: **ADMX_TerminalServer/TS_LICENSE_SECGROUP** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -2981,38 +2141,14 @@ ADMX Info: **ADMX_TerminalServer/TS_LICENSE_SERVERS** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -3056,38 +2192,14 @@ ADMX Info: **ADMX_TerminalServer/TS_LICENSE_TOOLTIP** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -3129,38 +2241,14 @@ ADMX Info: **ADMX_TerminalServer/TS_LICENSING_MODE** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -3205,38 +2293,14 @@ ADMX Info: **ADMX_TerminalServer/TS_MAX_CON_POLICY** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -3283,38 +2347,14 @@ ADMX Info: **ADMX_TerminalServer/TS_MAXDISPLAYRES** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -3354,38 +2394,14 @@ ADMX Info: **ADMX_TerminalServer/TS_MAXMONITOR** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -3425,38 +2441,14 @@ ADMX Info: **ADMX_TerminalServer/TS_NoDisconnectMenu** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -3501,38 +2493,14 @@ ADMX Info: **ADMX_TerminalServer/TS_NoSecurityMenu** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -3572,38 +2540,14 @@ ADMX Info: **ADMX_TerminalServer/TS_PreventLicenseUpgrade** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -3649,38 +2593,14 @@ ADMX Info: **ADMX_TerminalServer/TS_PROMT_CREDS_CLIENT_COMP** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -3725,38 +2645,14 @@ ADMX Info: **ADMX_TerminalServer/TS_RADC_DefaultConnection** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -3799,38 +2695,14 @@ ADMX Info: **ADMX_TerminalServer/TS_RDSAppX_WaitForRegistration** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -3871,38 +2743,14 @@ ADMX Info: **ADMX_TerminalServer/TS_RemoteControl_1** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -3941,38 +2789,14 @@ ADMX Info: **ADMX_TerminalServer/TS_RemoteControl_2** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -4011,38 +2835,14 @@ ADMX Info: **ADMX_TerminalServer/TS_RemoteDesktopVirtualGraphics** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -4085,38 +2885,14 @@ ADMX Info: **ADMX_TerminalServer/TS_SD_ClustName** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -4160,38 +2936,14 @@ ADMX Info: **ADMX_TerminalServer/TS_SD_EXPOSE_ADDRESS** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -4234,38 +2986,14 @@ ADMX Info: **ADMX_TerminalServer/TS_SD_Loc** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -4311,38 +3039,14 @@ ADMX Info: **ADMX_TerminalServer/TS_SECURITY_LAYER_POLICY** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -4387,38 +3091,14 @@ ADMX Info: **ADMX_TerminalServer/TS_SELECT_NETWORK_DETECT** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -4463,38 +3143,14 @@ ADMX Info: **ADMX_TerminalServer/TS_SELECT_TRANSPORT** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -4536,38 +3192,14 @@ ADMX Info: **ADMX_TerminalServer/TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -4608,38 +3240,14 @@ ADMX Info: **ADMX_TerminalServer/TS_SERVER_AUTH** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -4685,38 +3293,14 @@ ADMX Info: **ADMX_TerminalServer/TS_SERVER_AVC_HW_ENCODE_PREFERRED** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -4756,38 +3340,14 @@ ADMX Info: **ADMX_TerminalServer/TS_SERVER_AVC444_MODE_PREFERRED** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -4819,43 +3379,20 @@ ADMX Info:
+ **ADMX_TerminalServer/TS_SERVER_COMPRESSOR** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -4901,38 +3438,14 @@ ADMX Info: **ADMX_TerminalServer/TS_SERVER_IMAGE_QUALITY** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -4971,43 +3484,20 @@ ADMX Info:
+ **ADMX_TerminalServer/TS_SERVER_LEGACY_RFX** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -5048,38 +3538,14 @@ ADMX Info: **ADMX_TerminalServer/TS_SERVER_PROFILE** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -5120,38 +3586,14 @@ ADMX Info: **ADMX_TerminalServer/TS_SERVER_VISEXP** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -5191,38 +3633,14 @@ ADMX Info: **ADMX_TerminalServer/TS_SERVER_WDDM_GRAPHICS_DRIVER** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -5262,38 +3680,14 @@ ADMX Info: **ADMX_TerminalServer/TS_Session_End_On_Limit_1** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -5339,38 +3733,14 @@ ADMX Info: **ADMX_TerminalServer/TS_Session_End_On_Limit_2** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -5416,38 +3786,14 @@ ADMX Info: **ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_1** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -5491,38 +3837,14 @@ ADMX Info: **ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_2** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -5566,38 +3888,14 @@ ADMX Info: **ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_1** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -5642,38 +3940,14 @@ ADMX Info: **ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_2** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -5718,38 +3992,14 @@ ADMX Info: **ADMX_TerminalServer/TS_SESSIONS_Limits_1** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -5795,38 +4045,14 @@ ADMX Info: **ADMX_TerminalServer/TS_SESSIONS_Limits_2** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -5872,38 +4098,14 @@ ADMX Info: **ADMX_TerminalServer/TS_SINGLE_SESSION** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -5944,38 +4146,14 @@ ADMX Info: **ADMX_TerminalServer/TS_SMART_CARD** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -6018,38 +4196,14 @@ ADMX Info: **ADMX_TerminalServer/TS_START_PROGRAM_1** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -6092,38 +4246,14 @@ ADMX Info: **ADMX_TerminalServer/TS_START_PROGRAM_2** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -6166,38 +4296,14 @@ ADMX Info: **ADMX_TerminalServer/TS_TEMP_DELETE** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -6240,38 +4346,14 @@ ADMX Info: **ADMX_TerminalServer/TS_TEMP_PER_SESSION** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -6313,38 +4395,14 @@ ADMX Info: **ADMX_TerminalServer/TS_TIME_ZONE** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -6387,38 +4445,14 @@ ADMX Info: **ADMX_TerminalServer/TS_TSCC_PERMISSIONS_POLICY** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -6461,38 +4495,14 @@ ADMX Info: **ADMX_TerminalServer/TS_TURNOFF_SINGLEAPP** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -6535,38 +4545,14 @@ ADMX Info: **ADMX_TerminalServer/TS_UIA** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -6602,43 +4588,20 @@ ADMX Info:
+ **ADMX_TerminalServer/TS_USB_REDIRECTION_DISABLE** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -6676,38 +4639,14 @@ ADMX Info: **ADMX_TerminalServer/TS_USER_AUTHENTICATION_POLICY** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -6749,38 +4688,14 @@ ADMX Info: **ADMX_TerminalServer/TS_USER_HOME** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -6824,38 +4739,14 @@ ADMX Info: **ADMX_TerminalServer/TS_USER_MANDATORY_PROFILES** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -6898,38 +4789,14 @@ ADMX Info: **ADMX_TerminalServer/TS_USER_PROFILES** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
From 61c39782ff7a47c6cc5f3d3604210faacd5ac10b Mon Sep 17 00:00:00 2001 From: JW0914 Date: Sat, 4 Dec 2021 09:34:04 -0600 Subject: [PATCH 053/420] Update resolution-procedures.md Error 0x8007025D can [occur](https://superuser.com/questions/1691157/how-to-fix-error-0x8007025d-when-installing-windows-10) during the installation of Windows due to an issue with the storage medium; in the case of WinPE, this is RAM since WinPE is mounted into the RAM disk mounted at `X:` --- windows/deployment/upgrade/resolution-procedures.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/upgrade/resolution-procedures.md b/windows/deployment/upgrade/resolution-procedures.md index 227541cee7..619b51c300 100644 --- a/windows/deployment/upgrade/resolution-procedures.md +++ b/windows/deployment/upgrade/resolution-procedures.md @@ -93,7 +93,7 @@ See the following general troubleshooting procedures associated with a result co | Error Codes | Cause | Mitigation | | --- | --- | --- | |0x80070003- 0x20007|This is a failure during SafeOS phase driver installation.|[Verify device drivers](/windows-hardware/drivers/install/troubleshooting-device-and-driver-installations) on the computer, and [analyze log files](log-files.md#analyze-log-files) to determine the problem driver.| -|0x8007025D - 0x2000C|This error occurs if the ISO file's metadata is corrupt.|Re-download the ISO/Media and re-attempt the upgrade

Alternatively, re-create installation media the [Media Creation Tool](https://www.microsoft.com/software-download/windows10).| +|0x8007025D - 0x2000C|This error occurs if the ISO file's metadata is corrupt or if there is an issue with the storage medium, such as a RAM module containing bad blocks during the installation of Windows.|Re-download the ISO/Media and re-attempt the upgrade

Alternatively, re-create installation media the [Media Creation Tool](https://www.microsoft.com/software-download/windows10).| |0x80070490 - 0x20007|An incompatible device driver is present.|[Verify device drivers](/windows-hardware/drivers/install/troubleshooting-device-and-driver-installations) on the computer, and [analyze log files](log-files.md#analyze-log-files) to determine the problem driver.| |0xC1900101 - 0x2000c|An unspecified error occurred in the SafeOS phase during WIM apply. This can be caused by an outdated driver or disk corruption.|Run checkdisk to repair the file system. For more information, see the [quick fixes](quick-fixes.md) section in this guide.
Update drivers on the computer, and select "Download and install updates (recommended)" during the upgrade process. Disconnect devices other than the mouse, keyboard and display.| |0xC1900200 - 0x20008|The computer doesn’t meet the minimum requirements to download or upgrade to Windows 10.|See [Windows 10 Specifications](https://www.microsoft.com/windows/windows-10-specifications) and verify the computer meets minimum requirements.

Review logs for [compatibility information](/archive/blogs/askcore/using-the-windows-10-compatibility-reports-to-understand-upgrade-issues).| From 6dffc51c02de88b526c99178b9f9bc317632d33d Mon Sep 17 00:00:00 2001 From: Andrei-George Stoica <5600871+andreiztm@users.noreply.github.com> Date: Thu, 9 Dec 2021 00:55:06 +0200 Subject: [PATCH 054/420] Final draft from mail version --- windows/deployment/TOC.yml | 2 + .../media/specify-update-type-sources.png | Bin 0 -> 226716 bytes windows/deployment/update/wufb-wsus.md | 78 ++++++++++++++++++ 3 files changed, 80 insertions(+) create mode 100644 windows/deployment/update/media/specify-update-type-sources.png create mode 100644 windows/deployment/update/wufb-wsus.md diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml index 0785a4e3d4..6eb965d5b3 100644 --- a/windows/deployment/TOC.yml +++ b/windows/deployment/TOC.yml @@ -167,6 +167,8 @@ href: update/waas-manage-updates-wufb.md - name: Configure Windows Update for Business href: update/waas-configure-wufb.md + - name: Use Windows Update for Business and WSUS + href: update/wufb-wsus.md - name: Windows Update for Business deployment service href: update/deployment-service-overview.md items: diff --git a/windows/deployment/update/media/specify-update-type-sources.png b/windows/deployment/update/media/specify-update-type-sources.png new file mode 100644 index 0000000000000000000000000000000000000000..92d8bc13568399a7cfae426f1e68640c9fd49d43 GIT binary patch literal 226716 zcmdRV1y>y1(k=vd2tGIj3GNPqOM-?3x8MYKA7pTM4}-hAyF-xR?(XhzIp;m+yWcOk zYu#FF*3|Clp0&HWs(RP+)DBTnkVZoWAVWbxp~=cfe1n35g@%HHX+wm6KXSzgN`C)> zcK9YO230;reDFSiH5HW?g@USzLV5lP_dZ6lmCMc)JLiD?< z?(qtOKC$$Q@avwt%30fd><*2~z>2Jlox2!$0D2eF^Ll{)M?@C?JFg9|xASfk{|PXX z|3{e*6f?4NAMuA)62q36zE+p6I<>8No1A?rIr@||KYJxR%YSn6XKZXN!?|5RpycrM z6kQZCAf9Y^{I%lgtre5mXb~Uz%JU%2a>;{PT~)2zVWFWEUm`BGv2k%RiHU*!{;>Nu?q-~+gDw9#!LbMl_QMyC_LdeRD=RBA8ymHL*VvPXDic!x}|G6qDZFW|blan*ErbdMjla+ztD-x;+m|Sx{{H?!0b=a`{uoL{hE3=3w70j1;rh(+Ka*7}Oiw5NL`^LT zGQ|9!Q;j(R2_hma@X-JKad5eQQBhHh8tMm3tbdC<;Qy*0|Cd@^U0vO73RkM##D4k9 zQW%1-8-+j`h2kqh&fcKLJ9MssNLi8K{isR}!st*fsT+=uwZA2W`^SQm{NBSOBMA^} z^bfqp+>TClIVCkP!VngAH6=+9@ZolU3jE$AO0AGmDt8i0BZG)W@-@ z6kQ?yD-^KmgDh&yMDO3beHSMA1GG)ExbC#1U(;lJ#nixX^k2`oD&axIyy^7m(#Pa3 zL346)nr~_NAmDP^zv_jctfK=C^-^uE69ucShW7w@at*vRNF%4meN?!x*@`$aqaf(= z%Z`NxUok^d;G^0RoqsTYm|*CEg?);^75T?8k}~AexG899r4JrRPCg|iL0bMA8=G!v zMFB}4nE0c-pO$1s27{lSFC<7{&!0T^4=ts|b(j{@jy5WtdXAj4^YU<|9H{aYY`_%# z&;){rp+i4!M2Qe7sqhBnVe@mLrvCbBEOdrj;v%d3U^UxO_oeXn>l)N#_O|iNZ|L@h zw~^Szk}V~IX~W;iDs|{nRK|Vqs&4W;S|_>>AG`~ND9j4+020x#uyh2;UiPIE!g?@( z&$iQX+Pa|AFLwuu-T>hJ#@j~P+M}w`*#5Tt+Y^{MCadxp8G zR=uh5$&fuXA3YEZO9hKq3<|}i0-XgCWfzYRDk`jceI9Y$K8cJE`}VKUOezQrgkSbJ zYjfQUq0P<^z9~}t{Qd~M?gZAla`ax1LHFK300$=dTGGhS&dwfly&W7hqb`4Fu&;r^CM!O2ls;}P|EnBzzQ&7q7f1*h$&Sfv65&xqEx$2Sx9_X zws)PgD*^SY45_I)`=_^|LqX-`P|X71VWT>DEJO*wHPtO_VYlMj(`P%ACQ>aj=Friw z#s?npJsnO-SJ#rkyV;<=65qse#>m#}uSeQZp za%LeUGSYeegqwU{Je!d9C_<_00~mV3yw%_*ek*f}`mAq09zH*R+y3!o2*lv>^-ofe$LC{zF@1 zLK)~ip=JMsflm4YB@+7T43z*-Xh5(cIWe>RCFWsDyG+V6>dwVUkK*~tyI)JsHk9@v zgy?FF0fms7O0vmeUDYa$1V1PuVi6?$eEJRW#*T=I7>)yr2#MY-dh1tjcw@LTpuek@ zI&BFLCn7KS*&-lyYICAxJ^#cTlt1GE-1C9%r)*#pq#Oe`2z^^_SRMpNOS+67FNn5M zPO%cP8>LX(T}3*Q9Zo!WJ^ZMrz2v`KH8ai%E*1;|I1mlUxHJmB)w<{!rPRPDdaRlD z*hr=Coe*bPU-R4w6N3b#wa(0T+&_~th$kL#^uH3!x(Z{jROciVaLztW#&0B>hwBgS z!OubH4)wkJICf@U_b%MuP}?tJ%^rdNEu`(ZccBds045wF0%GEths9dLTh~+d*`4SP z>+}5w@ZC_Ta>v`i;%k?ivcx5u?MuwfEkhcGxpb3aHrJ^k+hH|fn=ZrBkLO@}j{%hi zRIfL&S+#d_4`q9k>+cl*NRoTEIX|L4Yd?AJ-|n5uthPEhos$z=-sN++y2_TV31fLN za=KWRhb%vQ=nfRsv|}WFHFzXT3m1kiC_*SRbBFA@DQF0gcQ+Y|=gp*z_hvazIy4A~ zMY#WYIr|azT&~dO*e6brQBA=fJ{>ZMO>FnUpVobVkT-<(95FN~9X14eZ{g_aFLHp9 zZlK+jO}BY)+}2K;`RnfP`AgjrX%_|pgy=^b`p)gLO~kYgx910!kt|wU`(CG@vpwQQ zIm9EfSYy^l*{ebcP?%mbL%Obw%WBmyW$Gm{WvEp+_ll?+$TfQhL{abH-;BjQ=Eb|* zPDq*BOr@haFkIOmXI*gt+KnJX2iQn3K20;d0D=q?_8tlcCQoa+vP*$mpB=LHRo&{m zi6XC$uHFLw4nsl=l#lZN;Blb;#%ziVc4UAES=|E`q-XW=h9xhXbv@uMx>Emq=BRofYR8 zWA~$8xRQ$ZJPB#@xKnVYj5Pwk759ZzTHKND?B!uXDa9uw1h^MW-nV8boouXRHN4*U zOpL#t4O{ zzjylVMnY{B<1Uk~gx12;CN;LU?i5+s)-$U1w^!WY1SUckk17{f_#RCbL^)qw?gcU4 z7P@wXU0aw(oxg01qn8rpl-cYz2d<56gzLC4|1mV)w>QiaNWa)KF7zD<|B{T7kJ>P{G2-b81_JkMz_;Fw!f2&w;H&&+;cZ^R)N!nagKcbzNqv&&xBUj7b~_mO zG=a_j2lSv?UvhUBauPS$u@q!&b3L#*vG#B;|IwbdiuUo+Qae1k?*FQFaj_`(NeZvXEiVsg7MGY%tPKrgfklL*lAK13|f*DAZ&cEEo#h(1*Y-YU+1#kS=<%VIo&1swA zW|F?UY@@w~vQO7$Jt)eOXu`?4&|r`e=rkgub{*v0A!O0$6bZJktLR`GrYycB9wS)d z&2S9bcB9+@Wz{=;!k!NjuXo@zocXPrv{=PHFY))cnQpflw?_-t8s%SJi_%L$vK!t- zuh})&L&a%IwI>f?g=LTZ@{&hS2fM4j&Fa8KZV-hbJnHEW)?sd3d9e0%>4l}YQ98IC z{2k=XXR=B^B`DA?Iuj!P5?K{;92XM0sZOl6a1AKajav7c`FCn6cq4$?F*X+OM|5S8 zd|!jXx7rp*R1$Jzeo66-X2yf=z|RjqK+GQvrd4EX@zMp>bjfah~%@z1r+ua4VaAQkE`p~Q1fDm4KCOo)W z#OvvuyD1o%s(pRlAffw&mW$ieaI2Lgyg)A4eES$g*&sUjjJA)@-%PnP`Y0Gu%_zk* z{!_9cVoQ;SaXHV8cn8!~?_faFjxk<#in?b&!T=-pX$8rX##8UAQ#!gFAFaQppMLyG zIcoe(SYYnV=RD^FhN$o-@?|Fw_t@=i6z7KoFvD`d>oMw zOwdO$-ekM_7%%iEqvQfwZA-(sqe-3P$1f5Rj(LREn4PbNu&r~xK80W?wBKcB^^faH zdE_}}=*W25;B?6ba_ilQ%I$bc3MTA;yeWOzr~nQlY0qp7*$~oRP2x%dOV)$3VWVj$ zhB!Q-{lh~kL_lutC+XRbWoZ|Mf2s60X|*tJRuTBj06VG+NXQT~;hVJ$p8$IstN3wg zwbP~ehuAx7VW+P+hLrxF)oPimLlXDYmv}c`zF)Jpb9LF1{pl;_*=xq2)pQATxQI*$ zD?Kbg1p0Dv?rup9{9}?mVS&9fpTYNcpI!xW)H85>{=g+q2dVt#h}t%Up!#Jv;n-G5 z350*meQRthLWr+#YZDZF)uhO**=a<4&2BoJj4{Bx?q$i_ewcB$|WS$mF_C#0<$#9N@i?4Nlw;7D9*>T;R zw5!jM06UkohEMS{&d5Yv#KOCblbDdRNXAF$5tlHIscE3C_FqMxHV(fSSeZgDj(Z$f zb5F0EIinJUv1RXCxATy5>LJpMDK-a@d6WhfI*OAm3kfby?PBV>%i_$s zd2s4C26a^~<-!s@67Ahe-}Yo-1Akb2p=#dWko4{4<}#^ z`FDt+nufct9Q`}QQb(Ub-rF+?HnmV96<;YaF;6;uyyqJ^uBSU9gJ#=)kS#V|xth&Y zJt}ELa9sxpMNW{pI0t2{EdU;068k4G-rVS}@0+~?K+hviSrFlesfls#SEK!dg1G>0 zn^l}*0Tuki{bR)U((OiGwS;Tik)O(fP!3(>dSbyh&HXbN2aOo9$i;`+ZkAKu&CZ(L zNcU`y48Y5At@I`uM>#V1mC`iCn6iW60G%M$d}3V#Mgm?d_5h8iathOQZpvctkrK?0 zrohsCa*_lA9T7ImV;RQxO(SljiHg@BB#&Jq17d3+6N~+-vsd2h9Ec#+;}rygB=mF) z5j&dez+0>_RV*wjGLM&f(~pTup_rP8`+GhV&uf0@@(m{=Fawp|U9s>{9z15@pLKMm zW3n$hzE8W*M(aV<2Ap7B5;{hjUBI57OcH2$T|LOUi5W*1RwllXu->j#lK7GFBH0vS zm@6zn(UEuuUl4O8{#afHFjY_;KZF@g5HBP+xSTjUq6{_J<1+&biyBBuh(^Rb5D)1W z0>2iK^4hfj7%9;QiWnbNme0Rvl7R#r^> z{QQ(f3V3@Lq&EK`M9sO{htNK++2|kSSOz=OKbt25xd`2gq)l1ZOaK!@`Gx>{gr#TlB^aV zS)w*b-pS6WUa6F_JFe&BcC{O3PRh>CPFbY8V5FuK1X zRRY-mKt-va{vW8{jg5`71}#QYIA||J|BLV8AYhPw2caW=h)+zE()|x0HkpuJUH$E0 zXz9N&APv(0AcFtjsUgZ>s1xQnpP`+bo->T!Q`5lzptzLHuKzK~zwbQ&2CCuZ<;={5 zpUS}}3U{>2>!F6SBSJ4}E`sIQ3ua~0G;|?+PWWClH(4&m<=x@`CHrE9rKR6NkpNir z#{r<&+=+CeTEVDR%?1a^MBv+ta$y7_JaxrEh)M z4BOyEKjZfsUg0W~{%le@+F9CHRfs(h-|@zlhg9GQ8ro|3O5EYZI{rs;cvvj>$A(|& z;WsQm`RG^HhP8Tx7gEj>%^>b8ZFQB$q>g8YpVC(wI%dMom_iP7lq_{?7unM%Cdv&S z(Sj_b8hc(qcg%A>+vh**_tl}9pFu3`SJG2j<4d;g4Y+QbjS8f;+9S_P60dLY7MFsq zS2W@&+MZcTi0>$=LIF0&uAM^fZj3fG@JpVbLIGH}LXD=*eG}okjaPh}=O1^OE$XA3 zQZPXNJ}Th(w^{akPS|cJuADGY-KD10ijJimW2PBA!^p0$hw&A`#GAZ-J5;k#0ZB3K z2VS}IrQWrLcz~|)n%%XP#Np|7^>>1VgSCWTpqFC`0xz;No;f=wK?I6xw`jboAe=-D zZzPOh1J2uHiMygd_lIC_sX8mb@qyZwM}?42%4fW731Qi!50GT~suO$`{gEjm3g?fB z<8obxD2;I+PU5Pp!yv*MNIc63yMYjUGKsvz47!$l*2Zu+ZM9 zb-78k^SZodnTN3c@0I8tZ;uwopq(?b`)O`%4l3Na9ccxb=DRM<8hpr;8N;r3HI$kc z{f^+-0BK`cgzL`6Sx?(D9)V30hD)&2b>GVvSw!g`uIt^Cbd{41hwAbDhtOWT-}oSv z=!Xj2hj%2?R2cT|aNrzHd1JMN9m&=5OXom|qVfliuSWvMIa0$A@f+ zNvg37G#@@yzO0h9XYazr3+Yl0UP%!>O0-r!Zn6M-C{rcVgdKDjqbF4k3 z=g)HfAo&f}&lbiX{W;6uDvwR&Znyis2<3bUgfPH2Ykb z0eAX}H3X)e1lSo>Y=4nd4mW?F@-27pccv#shi}K*rey1VQrWrp3+{4@AQ>5B1e*8h zC{3-JO;2$H-nvRj*m+*s<@goI2vff>BuVxq5t3;#?l9kW&&BvV)^BGahKJd(I*Xd< zjXMqP;^HDWBt#itciEdl2dMUCCOT0q!F6sSA&o*HBqa1gt27&O+@A4nSSs^WD4EGn zVfCe9d1#|K%0;yvcIRAemYLSG!PFlGOc&n$^bSYS{eh^GZ?v&!fuGsPiysi6v6YI) zNY^!^HjanbTnOw;|PfEwRD1=ba?|?c% zd%9OPBPu+}H~Y(&L_F}ldYrobKAYs;_yqeIK2&tCY%w!6b_fN@U%=A(N7`yqHi1u| zMFldj%CX>h=>y_4ch|xqQi-c#ptuMBSZ0wsPd>gW6$e$q)5S+x59qLrRfgM&x>mFK}c$7>*t{!1?oP# zWG*I?!CE6_bk#Dtj|u8Ixff|zVQrFG2ii+C8jF28< zr6y4`3WdGW|7wmt=CF5uATh}9(%e=#9C3K3(KNqM%{SM~Ha*dd#oMwLw9?=80MuI3 zc227$tS$wb}b#LD}CFwY|JCY^9$Pu3B%O;!rl8lUKpW`W@#+ z+WC#NeH4M3zJm2rKGhG)k?BZP#|LrSkcy?~)?rPr55E4q1bBLIJw+Mc2lAND3%xDkE-4m?I3A5aP4G@uY7$z#M^}LAD-} zs|n)@`g-9bgU0N~w^Bc74Cgjh&nPwUwS}_FZ|5a7t@BXD@Uua>u$Q^>8@6<4Oz+Me z!MorSM>{Dod1&Q0B=XIMTx7N+1RmNQjC}cibnvWpRm7(hQmu>iyM)aKAsQGV%5`cb z@55b$B6EhN=l?qRO?)NhM~D_Xx->{&gsg?wd4>IXAA`nnve}NG$)AMm?VdLSoqUYh zQ{cRU>;fd3dTUef>eKNlJ-yygc>|EBAxjmY-n9Rw0jut44E7S+H4i|e=NOY;!A4~ zzLY3ICu)EB-0EJ5LUh#afWLZ0UD`?;8+n9T>eO<6q9_ys)^V1=BW#wN!t#9D>)a$V z-D+MkrIcsPsYlPyW878C){fs8GgYA23oE!dbp|@0MGfG4zmYJ?mx?Q>y*UlNxbU1l z`~@suJ?w0Fgc_&9Tyl)E8}M6DF3kh~^ilr#Vo4Ugr!r36>-tS^< z+4ZXTyEkKRu}b}T>a+669bJ;LJtmD}GlS&H{gqF%9Y%FU^dWbhC{2dQ)ZoW|Qn9cQ9Rtm^A+$XZfXVuF@ot z$N??J-J=XYWUl!@;W9ewNG)S?KKf zgWijZK(iqH1xXCdh?jla#r-y?%^KSe!3}rn@TMsK-ixI-XCI47k@%$x(H-teIrhHr z$zjzfxT?Kxkfcy6!qlLegQy8B519x58$Fx3TgdugrSYnb9)rXS((KQ*E27H12;|=9 zCk$3v2K1?ERpR@d9y5APzg<7-PV5dp=NWmK#uMh{^x07CH&@&Q8_U4Ek&fP0Vut*O zaS#vQT?I^!ClEte!ProZnDu_BCha1u{p|b*OQjhVgTxbsjc3`d{-{N$*@|r9MyRI2 znsf8_jqoznA-J`Vk>m2Ea?X{cSj8F_VkP;fWbzb6L!;k8pi}KU04`zv>5A^nMDhpC zT`;@3()_!^*hToo4IWXd)12%VZjXOTHUA4VXwQC$bM0nJp%6+L3DZsl*JPkC&_~EipO17 zA}0~xH*|>9!nt{8(H{>x%PH0Gqv5=#vSFpo!FU$uiM5zpK0P&U=v&;@_?8bJ`E_+dOA^fUc%RsS9V|Rh_6#Y2u_M<%V5c#EvW=q1493}<_%Lk3W%s*&*U~JrfMVO$U<&xBxqpT|L zQ}_HK9BRLXX$lOa3OcNE^T60dMpmvhqu3qAei%aRj3WlaoT@X9S9Z>O!xo#>U!0qn zr%I--n9;4xv5Zr8aP)!3&%1wf;!1;i65ODbc!@?F7M0Xy{Zw{z26bCtLrm})Gx{g* zJTh@pGpY`w@TNXKMYv%h)2Zos!5sD@FE{EVCsK25-p_&!&!oXH@HSzEHZ0jfeCTBX zC~OV3G>O_=B-8=sG8|CDl_a9TiAEBw;^vEA4#=vd>H*YY_#y1LPrruPw`u2pA_Y$I zna^&CY<_2Cr0f2HQedE9PSc7@8)Np-Tc5pvlFAWvK$^)rjPC8do+^~+Tazv%a?7@+ zyD4s}NXHKU^=aR5a>bP(LC911z&&lStD7%1u$x*x*dGN zWok-U}Klw3$BhgMqGvSGOzN_D_PF?1|ho<+Fi?Ew2aN+^@A7oH5$5hT!txiWOcChhWl zI?nmHj63H#ac3~ZrStgYZl&;e0Dc<%6_mjzV{q^*s#)eIk+r*Lmjv zN_O-9@XZmbqkw2&%@e(TI^cYdWgvDGKK*mprA;D7Dtk&m>^$alR?JZ)8w1J({e{c0 z!1>v9L|9lAX94z%G@$avb7nkD<`(vyVECpGX$+2_9dr~Pbf@-c9@M3-b`hyHQu?A` z?;|=Z$xmh^bVx$xv-NdCqOQK49w?3a;a-T8*!AYeCyg>0Tw2QFXkLw5w=Aci%)4R< zafuu`O`c3AxV}#c04tE=UGJumMIgJ?Dp~I>*m>C-jP#i7$*bh^Ld$426SyAnW6Llv zZwv9mpp+r;$1D42om8|vqPL(IkNS<771}K3R%pA6s=-i|5cpa_=%o;i1XfVF@@_*sLM6D)Hs{%V?F_@r6woNZ!9Eob*KP_4Qbv%Adq ztAAr#VOFp_Vz?kHkc2Ur0eD`BH*7UqsQx^y6^v1=;4ND5Z_pF+P0~H+AAWnlTXmUo zYJ6(W8@~O8{#&XCI6UdLauYn~LM5Ai+@^uPjc1zK$b-0U?mIB+-H!T!GfOr8=S(>= z=kmEzsb&={#xggyMspAE^&*?4dlq4yfzBM=ktWS77w(i172|e5vHZ5_R}|f)@;(y1 zRw9%nod9Ep{GXy?aJL#xuCIlp5bapF8eNC_F1$b7k*WErxkX|}O5~P=i!E6N`>GXK|uyl7WkX$=jBfPs9<1(-2-1RXN%HC55_K zA6{jiO@!$Pw?>;p=*7rClP3eb7_nga?DiM96F8K0jb|*+qa3xLueFZ3xA0J(I(S)2 zbO#e(yde|B;bIsg#u319Ie#c*vNi7gqfLc90`9slR!1sUsmn2)@C7{^C;#ifi8vMo3HnQcf$bqz;)0V;8n~wt| z+jjVpFS6rlfrKhS3|Czt!+$wDr&`g*BJEo@S_s{c&~ehzE*_&SgFkm7x#BwyDKK@;G3CF zZxa^K`3oRs+`<+-??RUJ#7rA}&>nZcwx^{}ml_fq&_`!y-JL%-uzEYMj}rU*dwzlo z;h~5|P7ysb@7V48U2T>wOX}Xj90kK{5V75}&D#hmEPGfCs{?Xqn$*IaIG|+`9$MF* z%8SA;V5E{a2MKK{=Q+(dEL#pQDYSzM{!?zac92ItWABf=kzNdx*{Y+w0le`|{KiM(=s_oj?|H*=*hkvm0RI+1Mg` z;}yQGirTmsARBmly>}^$c)_JFwXiGpAWdW*@7cpw?DEFPr2vWP+!*MGr-cx8T)~6x z@4PqbIy~V%10REVC$)nL7_gdxYH%(RpU&G5%Dc-hDMr80ZhRZntRraf1d*m%>Fob9 z^J#b`xIKM90$oEOog`nA44RS?+uy<(Pb^q6U-Y?-gD^H6XDFUuZUr_pgd6nKj*uoo zYDWL|(ODr_d)x68YwL0@NRnz|7+Tn}d9np0v;3XIPylk1J~pZ|dOm3JUf=DVpP-e+ zJk7&h48Sqn6tWBsY+$T{Ew1E;ud>FiZD_2YEirLvwUnpylWfApKg;!FY-SK$v8mA< zVxvV2uN2D3_qtb=|L{6GEZ_kS==KN@wMRs)x}udQ88;vDGkTqWE`4&~^D9W3pid-< zPBW`#E9OMlam!^t6AUbCauJ0HbPHP*gTEf%;Y%-_)n`;4DJJ1wvW8g>4feN@_2@Y4 zB{JeKrP9>9C4VWJggW3GEMk(LtkLUn(Gw2giNYv{*>JRO`4z#dy3Iy4mxQD;Dz^OE zM?ILH<}-C8pUtGh>W)+UxuB_D`&ss(`f;C(P+8cZQe_XnyZq46v=TchD8Wg&a1-9+-0$M3w%9>$ek+-pT~Ft1yBgX z!rhC0hJO{66Qf{f-_w7ngH!4Ys(f%2Y6Yd_3zo2djsQ5UDV^~b*6|Y$t+`|SD8&uj`%%rND!Nx7uQ;db1Yu1=6`L*{&seY5?tJyr zFr;?f#NUh7Ia1=E4<0Y+8q}!j)fl%>x_M3~Q@f4nh?3o73d8-E7Sq-p`PKo|4t zUCEirt-`fCc)2D%*1UZ57DXX+fl`AG0jZ@k3XP1MImnSoZZ~COD7^y1h?Vx!i zIe#%C?GFE(llYco4M7jffoZQg?1z=qxq}b+1w^N@$uXM`yc~vqHc(_#UA>|3v^)X3 zuE#+-pOOHqTz{fOY{RQ>(ha@Z9k|)6@$|crpUNS2bCCT)>^`a3gYD_^2LioA$=LmX)u(p?}0VcDN=iRW6QDgu0{bP;$G_=^Nr79(NU;6 zE%&kKQ@eY#^vKL52j)(Au~>VF$fzPwMqfy z!FQPNw2IjU8#tQC$e1#+qSa2qjM*ScV)9soRnM#`b zIV>^sw$P!W(8ATsjwGoZB>glcFza$JaY*~l#p!%|R1lTQo-)JA;i2SUkmt<*h?zvK zAhIc@MEGMOlq1E|b zh2pV&v`~-#!rX$g&YsxHkh3GiTw?dHhRj%)l7xD!_;v*-3IP@vd^> zZm=sdUFX=^;VS&D-;^+BI;6j&D3OVG8D3CmesO!zr@P&<=qTE`uT7gX&wI_fMa zRb+aNJBl~73s-%GbU5+L=^{89&O{)EHlLz>oBw{j4FHLuMci(fHe3sV$)-5#%`RFn5HfrxP*u$;(dkoBT}Nz^NUZDm>knlHTRKXfTAgpF)XI(F*9S!Zzde0?ZOVAm&k1 zsvcYX_&%V_(zFs%`N<ov`x$M(i?a^*Di z3R27ky>~KAQX7wQ)E(DyjzWZCG*VrS>hdU`jJT(vamDP{>G(q8xcr|Hi^R?YzQZVv z?TDC(R+yPB_ED<3uKeb8J|@uAT%tq?7dQI8{TsLC(dj8EVjfB}O`&IX3O6IG5QkR9 zdjN$TCT}#vi_3vMEthN+5@5jv7)Mk#YM!6FLcm@k;KQfH`26+0HtBb6 zVuP=)fbHmvMSsg2zq^e+Xkj&$(d=VfOoul@`oOPBMawWX%doaAc(kW_gNAXi`@Ny?yD~A= zQg78?01_-`mvKdJiDD?cv=gc-~&G}rb@D!Z<^h!`m3fr@raEQAxy}JGM+gy7qZeaqb|r08>xv=WvE23 z)w9`YeO&&VI`Lqw&ug>$$+~LZ1tGJ%6k7{x6~IXn=yg`&YF~h2e2HSAy~KQ2t@|vb zl@-{h5%kz_OQodwVVlWESH-XIp+(6h|3in@0qU-TBH){<@(Ie0;xEAF#}=%#D(nvR z4t(RFCnl;Zy(VbIN4!k;P9}ZBw?Fhc-vB>SVEwYud8G7$5D2OSgYb1y-nS)9=9%>R zLho$Ru6o_+;B4<0-i|J?BHT>C*D4{*?5pzqv~kI)DMEqnAfvC-Os7koFmj@z=?^Ce zLz0e4ml78zN=@UR_`4jUGyw-53ln;J-yPE+UT`XUkY19Ra0ix>Om7Qno^))6k7(i1 zAE>vt{LCP|Fk41fGD8_JOf-U@pzqWUV_ILA<(!1THgauNu>dAHvzBmkBP?z)z+%*l zNU$)W_tF$y``-=v+SYmbm zwQfESUVDBpZf$8I)^a(P?9*jQmz7MecLkKQ$oa2siBy-95S2vc*qid*p3#vtw_Ru^ zivt=Xld{HEg3A&R60G>XsYIwa;}!#ISZ$>6cCXP;dCl}olo077(0@faOf=VrIW0`U zpp7;mRTgqhG@kTq7Z3-f2^FH`lLM6zRx)YHvKRJ1C?OAqG@5+8G7Yi zmad#H{z9go%e7L#5@5jMPx#9(_4`-__2E@(brV0YA9H3y`z=N%>{#64=OP-TdDCV^ zxGbB{${Q{Zpu~@sqPdeU9eqgXSeE=v^*qJn53G;p7kpj@&}6im2^d1T=ve0^`MD;H zQnAwJ0>EiJ*_Ky$mP@L>8TScv>TG0Jl3slFn=(3)#6pke$wOV;Z2Ke0x59k(%&FujyY-8-YD#=U zO2{AD#fcg#7R_;DoE>Gb)ecFeW&=5=1JX6z*Q!soFfH|wO7-SKgD&3{T7{n^y_`?_ z#> =UrsM8T@P+k5ugle(!+gr!tD~h>v2nKia~!dPPa$K@jM##KK7r8+qK|lMezxaDZDc)QnkQ>VC$eFlSQ)xB9 z!I@~rkVG1M8z4q~n1Qg^sGeRVh&oq~&&~RgaYpxpkWOeH(7iKPIF+=C%`o*YY$>MzR=2g<=- z2}oC>+GXP&9zI@;>Da7znekOvFw9hM&Ci9$swxG}Se2=mT9o^lBg}fmw0LsyL@G=r!nMX)>5L^xy+0(eSfLS2 z0m}q$M@rRE#mxS|GcxH{U$1JsOtHYxSXPEYLc$IEhwV$6n6sE*$9BCyZ~a`>0Exd& zI#KW@pFr}ZvA-fhrUTdR)H?$RrBZ)m=hdB;8=7VwXFOB%&ZqS;YYW9|tGp zz!+W?V)pCEhq@mzM>OcS07gzz5y^?w%H~K7f{7s%Qg&5MPBxsgOPU$^js9u+%tR>5 zZQZ5=m^S+IwMNA$Z1oM$gim#J1j!?6+^tC%60>135 zB$gnSq}t6~{%y&pu(zPd=>s$7HW;#Gys&%dDA@giExP6?n_ffUBg1gRnONWJR$*ak zfH{ik2B_*)PKBR+b9pe_=AD*uM}Kk&F{Z!8SkY}$J{AJ2NAXUU@%ts|xv4EAnskt6 zOl!zEQ5!nT!iSpX2KRp#NX1a^lg-6wBFm^qFB}Mo^CFM{+YUBI2Fo759UIAM2*a5h zq+~rHC0TfpBc0arHM)nw1->o`WLX_Ub}eJ_QGN$m!CVo`l4?fKT|ph6J!6f=qq26TQ~}&KHAu5e~b+(BYL@g3Ld#G0fw+8Q$QAYg1u~4g2{?3gO;M4Co2J( zYk{>Jy|RMEb6Yb!YyB*5&&{zFp;Ywgr_5dW?I5l%HQ?;k+hBN2s0%pjPrD>tQ;KB+ zkt7Mcpk{=c_H(^tfeNUwzrD&f#LPA?!$2?L@(ktRhi>y2|7@xH= z?=^I2e5CsITxm=yYk@e~h!YgN+D;OzxzmP_UkC{Ov{OIBsV>Qc}K~ z(Q|$xbU9^8Kb@OMCGKxDF4;u3gb3*Sn5Zp5ZAHSPS80?7o!5LSpY)r z7Y&T6ocYE|?A3_ch^}RYi!-ngWej;u!R^`fiu8aF!jlttXx|@P#Gi$aX+|#M{d8TI ziYMp)2F96cPEtiKoLUoEqDQfhg^L#Wy6xY@{e*iVg%zu|$_7kilJT!G)wdxOV5Ivq znfcG9`{7`Np*Z<&;GzH3E_qpznO$4Ud5K)PV0r)E<{gqYTiPY$;*CjfBQo6zCCH4y zeYzB>)8ewxdx72f5-Cur|LQ6Cn;+MsZ%D*M6ZNwCPMR)C6%!hQFPuc;?1o~@;)QyhorO=;{%5+dvt{@OEIH+tyq{0>1GWEw$xY1=tz)d&wAPyx6plxy-zx+0s6^t^o7@x z?}_-tpd(l+%sJdDJU;`~ba|j+v_Nrts%V*YvZZzC6A1eO2c?S=ph%Vf`Lc+R0b-a? z(9h+(LS*UB8T3R-pt+l)($3@eYyL%ZQUpUUGVUST{m4Nv^UgyZ6hwCxY~EN+a>`2r zdR;$b;1hh# zhr_nlW7`7RqsBs(x2JbaHbWfUVWnJ+cT-WHXVsq|bM$=5LUZ2yFv;wt^NV{}CW&Eb7S+E~2C%HeDAn*LD#Wyj|Y@z8h0q!yi` zLDa+Vrlt~OIvf-U&<*#ji9W5B0P?*L8W!7jjdj$MBU2LK$o%}iW9XAfy#K)!UUDV+ zL#KY)?dDK@V0f6CmX?;w!$cD0SGkE;JL`8FMP!9u#ziDH))a1*34@TELN#~n|8jGuCy|X2cesX@YAL;C#UoA$C;-p7IAI?3^$wm8m*9ce(BG-Ujbs9{kbdM2n zAoBBj5Y~OknI=Tr_EA#uBY>0Sya3ulWOkh+E{xS%%*@OP5%N*WE73Lx1gx+&|D040 zKV5i>k8kIzN6>bXv%8zs6uJfd8xJ&^pkioOcBV&<+bvvx1X?f0x z*kCGA!2p3M%*n3xZ)ufmr=Ke7c6I=O&sZib@Tz71X%+qO!RTQ^QEHNN@dR^o`n5{> z>UP0w@TsQ%{nB3CFsGrWTcHy^3f%wK-Fp8gJIUI)4eiCsP?nAy!4vVxh!vUq6>tAw zz}&A=z@zS>FLdL4aGyZc^u_p<#5i2hY4sI}MWHI}D_e`RtBP8qO(DQtXo>hbIqY~?0Z{Ze+WAjVPiCJ}9D431HRu_AwkeW3b z(JNUOfpY<;K! zFm{w|tvWlbu8`?`Ft2BJ$FJl(8i~Ub4jktA`!8AYE;5{1!X^|$!)3)Z<$yo;GD(Bf z4x{x{t91W=a-*f z9M^H{o%U<{6JT6_$xBzVBSdliX#mmWg^iE9j^~n*V8Ebdss8Opyb@eCA@DkPkGLK^ z=X1SXoTdZs;a}VJkEcy`JL(%Mc#TXVr}RjD2WFe)PI7v`z}vUYz>YNvuGZ??nXL@o zMOh-FS@;fe^d+W8Cs(2&2(4`4A6$@oVZK;f5In2F7!fsMCE1#c3LU2HAdR%Z8%ZZ;An)WG0^Ibdg=RK7$7HInM_t6%{EmW$0c`e4dK!q*~wjfxqr(n4wR*F1NTIAc56V!)Js?LIIDd&8! ze6FvVuThPvZQe+Ywr!~rH^Xtcj<%=h_O+RQ7&#_s ziU~)$2~TE1LIQe+RPY^!Q~sar`1r)gMhI@%$Cb?)-2sA5#I;fkis@}htw_M5ncs&l z5?VxOFcs@GGX@aAr26Qj1mU!Mhy1YI=3+XZGx;?R98MexLbJWM0)5>aY=< z_u56=?MaVm{P?r8)z63z>{cYInsxY|NW^;O4LsVrX++oZmx*=}Wm_c}l1%2fqDN^m z$6LFRXl|-mfmI0Kz!JuGImt^zFtX85K`g=LW^m0;xFO~zb=bFdCs)Ulxjpw{*KUx7 z8vhvM7jOQTKXLfD{uE@tN&G@YyZ_+x4fw$j2P1kVNaEOry+$lgsBU%0l~R8HB2|5y zp6F*Nfxa;Vx)h*q?mrZ~5+d)omV`Xet8V+tEO+D2p7X&kYowaR0{gycuxNA;#rfVd zv`Z0ND5+{7DSY}liIL7e4EfTV;QxYKP>_m6}){_T#B^mOxlEJ8!{NImzYI!Nwq_@o`^u z%S+&`e#K>rAz3Y{FP6V=8=C4}*6X&ZxK`D1@A`)A@SmC#%7;L~DP6t%FQ{q$hIVZN zHtU07VmFqMn^JLr*z4_{^~xjiDn;sJozDKkB!sB@yfOcHqGi+T+LAP<`7Ln~cE8=I zN!mnDK%wcX;YOs|dwd?oHujehrZHPq!-f8M`B`2m3OWrY=3`%gGn|@k8y44hjKAUMhx(DlrtGOY zG$eUPN34tZm(W~}NW^HQlz@?8jK*&}fmxF-<+^^C(hGVx_;zU4!SiZm82d{fOM+eHfuz}Vtk)gn zCxkR+ZyW*<5N27ovVFNiwN{Rm8%rKc7kA@JolulecgA$@T!GPNz}9s+FxfAZ(a}tf z_VV)69N6t!G>kif=cpr~a zRuW3vEt3bei0JeFSm`TIviWrc8>E2|u|nH0*ix~&?~`Jx*-GLdopaaG(~sNU+CP2ez>Q9<4U(5Okoaj$szlLjjE` zo32v+_xl|W$%C(vTVEFEkV;dZ4G599l^Y5Xb@Sxq!nr)Im+ zG$!rm4Ck0*BOznS&t>0-e-N0QkV3B4oVTy6t-gAvfU}dfL`+!vOl_c3I z03keha5}bH1vyiC$B-Z`U|>%3dvOWH;HH#Xsa%?I7>_xO*pmL>zO=30TVSk;=Q7FE zxvGrP4;|HdM5`3zw!WHoM->{83D7LTK>hPf()j3EHQ3!O#FJGItFWLlNQ+EjY8n<= z1h+Nn`7LbbKNXQ*D#!DXa~auS;o=-A&yH7KCp67~nJ+~KpCixEYY{MM8N$Yg_-7Yx z_j3d&>UMBA1KZIRGd(Z2QYN~rf_1oZif*tkJ0&1JAH6x1&9%k7k7-oNAspvX`F-Zk zuz*p73jMHgTu~k@bYBntUz+^=C6R$bjHq5jRN_wFG)E$b)=iXzNpGZ_nG)R!Q2odU z|C^i;6bK8is2lpeRaQQ$y%R`g;~_SLv2lAt>7?o7>KspdH9YJ62E_@fwbN#f?~mG= zh4iN)So-5z0kz`6t9C46z0U3H`W5AimflA?^B6$}13}CR@orK?q%&G)nL(HwLDYte z7cQ}fjJT~RDhCbr4AAs0E~eBeZsp4iZ+c5T){+^9&vz_C+qC12%Ad0C`geWvOQFB+ z_!@cn^Q-FNN=YeCRas<=vWY(^m`_ueNYx&1n<#dm8b2?GIc@x~P;w&eF*ZJvttiLU z_P=ZJlvm1oK7?CsnhEr`KbLUffY%^kA4)LiEps^eriugzI4#Zp7uhK(!^jnK2nLM z*`VhPkDb{#kXfeAWH4{t)=} zWsNxM3336E1fbU3W=fUK_|sykW7_HqvUv35I^MSr3!!Nqu9SAai*$T%e?MIQ5U6}O zT)0e#TMv`FFb*B$2f}|vns}WtY)JS)!bXVC_L`(3?(T)Zt!V6v7UzG2^WcAB9F8N5 zu|0Q0=X#&I(j^4?STb0JDHb_7>ijfHaQTo;@fMx@)V41@_?O|iCNcUpmkV~OM(^D3 zXg+PMU%j2zdv-9n7*4qk{TY0CiPxo6HJ-#J%2|;|f;NP6Mm$Yz1*)U6h1NNxq25z_ z;KHJ@(DPx>s&d|XZ=G@6a~l+o5zO%RUUG3%Bt^st3F7`s&hsvmK0eiFo89Kt?iw9 ziX!FSYjHZ`%#Do5%PE*L?k8ImSRdnB?5BnU%M#Wd{OoO5Sco6LBcyOqGz-n3YSYF( zNsPqsIlLSHfS4}oLbo4&J5u^nK&X9-05t?o1tGhTb&iI3!@DkqwwNJ@o4}>?dl3!i zn+kwq$eh~OK~6@#8E1 zG@dmR-1a!3W3U=rOe?CRLxVxpjU#0Drp}5rHbOjzm6a?(6Stw0A@L~``#O(CSdc-k?eO0w~nJX44D(oMA z;eYM7D&RnlAO2;XHE$3-4uWU*^uvUIpr6l9Ozd*fSANYn>{*f>$m*kBr8-!>{p4hr zO2my6_njQ8s-T2hfV&tg?7SPWKybrG?W6ju|MY9U<8?P;-H9}_%I}pu5_6mw!1Vj~ z_P6-BuUCo>cj79Ww?)%HKBS?CrPjTti|x{ys^JxXe>BF8R|CT3}(7r5@1XMBVoB-7iNJ@_B&w)^({hiCLJi^BFPCB?)jnKAb> zq8u**@s+R-3Y5XePmX&f+!1CSs0%ENgJ}e?bq5_d$Fy>}>!lQ|qSzXW(Peh0vY%TN zyG%9_n^|VgfHMK5GZx zj&v0nePe@KqNQXg?YDSPm>3qhrTCQaBp>^om*|AA?AzIK7G6xM-LtBo2RYWufM8Q zt2a(Q4q-aBJ%dfHg719C}y<}+&&ZV+H){x=^tRUcd zgoJ8pySLjPHPlGi!51zO_v4p?2l*6Q!4^dfPP)5jFjJNm;}ij>&Q!=f*7i07Tm8tj zb}O===NkX*Dt@DZteUPM@WK7|;V&r6P*1(N;cZs)LZPh(b@S=zKWciq5J z5^a(|80R;5m_*x8WpkG))xA_#kCS5+o6dh$ySEx%?>NX`N8YWf3BlJ5y&uo5BhiyW zkDY%|?|4G@TxAW<;v=&Pmi>~APWh`lhzSo!*8uheHH;nRC&b;vq_o&0B}R7yqX#KcvS|1!FIW;--GbJ2`AG!wv*Yr%<1^)KrN-#hYDWGnG4{q2M0yE4 zb7Tre%ufn#3kj-qZ|-3v&X*ch{`^g=ROHoZ1Pxng0+ar5MIhIns@QrTJQ^$T2%^R^VJVBbDlG zzgMOhJT14Csr?81dJPti@JVL7^Yxp(<`G5^xZoOj0t0oyE=T3=U3{1UR)IW$Pg9xV z=oNjeRNin*zFyI;ZdAbH{-s0!rPC?1_UqnBK?IKBOz2a?tlYZBXU-^iWzz3lgi|v! z-$qB@+HTaru8h8hoRRSFY?73!`F}?>6!kk@T=+)zBwTx)50x7h{dywT!fb1oa;(oT z3%itK=H_g_)6-B}lHPxU1~P0z!iYji!^kYLYeI5J=Be|m8)sE7nYL;m(Bip_UZEb_ zCNiY@2BWg|-o^7K3w)h$L=v}s6~{IdQ#_ksAwPIi5eJ((E8t#9M(>_Xy?Z8Y?-VO< z_Knw?XX+1dsx8}bj5*5}9Ss0F$6Do+V9%?o#$z>Xt6YE=r1EyqzR%w%jZQwtt4WE2 z!fgcYF%%p?m;mnw?pAI;K=#v1WU2o>?u*xAY*J1?0uB(P)%T@Al}Z9GI<;KKcarMR znWe0(Tuy=~x$%fQ9<(b4ygJz!==QHLCW7cY-20&y5(Zynhe+>?Z`D#+H$*sJ%jU9R zZMj6*p)lR&sS+b`^Xz+CAY>*#?UGal%hnM*saS@Gh;b5dTTS+6x4Ce(cx3Y8ahHDY zE5jcPf0a%G$aZ2QO&|ZRfG@1vJL~L^E)*xW3}AWO4Qz=K0LGpK3wDtQ(7pW#5+vDC}h?xuY_Fj*>%y4WcRnivd&6u)-~O zzazlxp5aOoVPT06T%@fOAw|eSR_Nei;zaKVUk?0VK93)r7{3aMy*^IvFdIKca{1m? z7=Q8`o%BD^-}va4c2Q&a1S59e_H;QH4Cwm`fKYr?BE^q`MhP|zCzPpSdh=;%3Tr(2f*+qQo(_)gg5X=oOdM=B( zlJDModiY`8*bRQ|1dzn#^}MtXjdWm(h3Wj(Sgi9w&Rve{k_aGe>nyG#zRQhu6ypvZ zJMfV*(pAxKCFWjkN`Hc=kUDu6*rrUJ z7y7m^8JgtVZtP+Md+mbjj&N-{a;%%%wp@jtlraR>M6Ij7yf?JOiFVO0qFDHr5%?^y zd@MEVdEZoo_%dI#-B5@Tar}Gi;5yuG2|F>yu9IA^0VQ>wcyUGF@y9THR*`@1!0ua* zr*1-Yha6g@)B)Uq=BECy4N{~=qYPAzuDu)X#JtWFH$QQ83Ymw(RgvS-kfbz|NDDr? z<0XpAW%Z3&n_`JizH0m>bXeC5`NzFM>lRjP0qgue>#mkMEd+iy5|trR`@|E7t(j5q zRX9+^1E=|PEo4WyIp1~+KiOd=P|uEXPET~ke6EmlUqi7zz((ZPwB^&fcHsO!1Rh|a}oTQ7*M0jS)^_Dn4gv_y7y6`LPGh!f~tmBmE*>e0_ zjUCwf7^m7`$Fe`TD$8>MOYt#?4fUL=UP3*5wo5k{FE@~{3@gnzE6oc<+hwp3%&8`~ zjTXsho+1IDfu)epOpUUQN2KO7hu)zH{aP3V(l=v^Qnjb|X)pv*&3ZslKKxn~=ToQV;9oD}%7jd3bNuLPvSmFpCCZ z9v`~9m}4oY9SQP|Y`+9IbbLzwnpI!j%vLJkcN0E2E@@SW;zTD3hrtYl#T069H_=GN z8S`+>r)RheR6sAHLr7`B(`s21H`Ho16dS=FYpnMekAD;^bCYzv@#hMfe5;>D(rhoj zUGlk);VwZkSq2M(a|7Pz0+`_MtA<|F1mBe}^_?+~fdXvqR=7rc9JYq8=*%^4rf|yY zvbTX6{I|OS?{@Yd4yIa(_>cvkaAzmwX?X9svwt@7Ls+_IU8Q7&tBe*Qw@k1Z#`&`+ z_D6JHhS#y0tCfv!d3&!b;t--5P4`XfEbVN&h{<7Pnbe0`tLBhz{ns7a>lvCU?cgHuQ!d~1KYUrbVR5v+)W87OBb{Hcjq#8O#cn{ zk1T0%x=wT!htmD>JY`djBv1U^g}bU5FU1p$o>t zdHh-hQXo@euGi%Bnoy=+Xo@ziD=i=#pG7dBV6}vOyeINE*&<|kW6ObyeG-D#T^%JQ z$AG_JWkZSoiS3)Q;O@|fL=pzH)u8HSg^qZ9ik^~<51$A{s4Tkhsto&9GJ~DC`X|bW z3V(iS7m{+*Zz$7By`;UwoyV=i)WPnX;VHeglF&!9MtKFSn8Q{JgcahgdOcIjZ`xKI znWoJHJ+oRN^F!WqJi1#bA${5tK13{P83PA)rCZk3l5Q96%WH>kXv`Jd;S!S)^EqjY zDA@7oQpnDlN(Z z)t+58Iy(9XPOG@MI6?a_X(Z{t!ti_cndp=+qZ@J~rKgAmyn|Fm7~dEDiHLBgGvi4eH1{jQ#uvh6 zf-m)+rfBn-rpflX?oorKMWyTi*tRfWY4W zM*-1U&8}vl0(ib{P=|+Z?*Ns(jg*kAf%cYDU0s|o@4 zJGT!AX`1?&6C;%Y{Spk-g6LW95&mgW}|tPHJk+eNj)yjHZ?rlQ_{|C|2Rv`alp2579R``^7l1kZ#CC zL>m9l_J*+!%NFb%48{yoJ6|lQw0UZHEF& zX^W?I+aHM1i?}Ho}Ca?Oh5xl^*P|4}8v6R+PPG>R>;V&opg zDB++BCScCL>vWL9Xe>W=1u^Xu&%B|aqZ5@3ssj$EW6hnIXhzKa;Zkuu`X2{@YM8B3 z`qPKomMih=ebbEe{fIBUGg*#1{AQ+6x)FK6SA3-?ekwW$Y$2z><~`5mVXE@tOO5}Q zal)7Db8k}XaH*?4Gu&NTN)?n?G=fWtcAhJD80h-6pF$rKci>^r%ho}F;bzjFml4v( zG7%H<{c5(Mpo&roMF{@cr`oX-cNn2pkv9(p*5&pgq^5nP>SI}m2-J;2+*~D=eKeUb z-dE2%XJ;Xfu+S3n%!CYrpcag6wd z{13KvSWmASee2!n3~=}G@Yq1%o|bM~v)^-aq)YlxuD>%)f)Ib3Ajv4C&6U1;{g|9b zJkg_$5>6K+`ESLjbXf5BN^M&ONim9HhnVYl$m_dCU=l0Eq3#RpZ}Op_cSUKrJB4YR zCMc_1rCtv9gi85aWnAa2eBy0nC+wlY)zN=GRXqJqQBhHaepXIS^)Dcz7};V;SzPob zwKQ~h-MHNz2WJ}h$3_$)1VUBOV|2Qabp-Hem2K-S-}+)ek@XEyjD>IVhFv{SJiel^W*?*CGr7qY3^jsuf-yozAV2dI zSe=v1)d>M!J8x&i-{gNRPyUDLV;}~Pf=+e4Da(J`SSCusq>UA4cf=w?FBBdD%hjW3 ze`)ygz!~+$$%5(Sq6wLUdoU<_}ml4~6sa=+)@7Te8` zwQ!3!eZ3O+t0|s?VZdWzdMbB$oTSUZ z(58z5Q>j!(!40lX*8LdN20gcJ5jJOn*WX2erbbCF$0!sRa)(DplG@q??HwH{T3Yzfo}M95N7!kZ*#^LTyRYZvO3#mugPmtURw)9EY;>Ym=2ipm=0tZ& z!SuPTwuQU5a6E4WO{Orc@4KCpMfB1o)u%de6Y_FDpS4&X%pj$te?H?n{ z%l;Ytg+dx`{6~DuO!un({g#cM5;ElE6S~PPIKXfO4!xSbeg%Z> zz{B00iJE{I4T-j&)GLeaQ?HdE;ie>n9pB{c)OOVXD-QeO4QBh6t!QAg`QF3Yt61>F zio3~d*IP}^Q|StJlpk}C3=`Zv`CmdxpKy(II$-VAg&K!H?P!bpVCc7GV-H6GH0CYx zPcDT8US=+?I{5GMPp$c5-7+0-pRA~VEu!2gT{eVbDZzFu=AJFy?ss2KZoI-fXlj~F zo@-@`l)v91yN<`5MNew-mjAOdHs-i{sP1V6#43-#-zD}@Yk1)Vb)In;t?x*iE92R$ zz?ZoXnopb}oh~f}`FGBSgnTXOwV3K7WGoz0r@&H!gQ>q_ABK+){2S4!3at&IIbnCb zeu&7WoFtrGU13fIHF2?BiNU{sc?64qjwczzw5(v)lh6KsXHBG-E~C{*@Ksv zTBwv;t8Td*X`o|)^w{aRT>RF_U5xypoh!Rn;<07$#HWQT%(=nQJ88vZ9((+z>-js$ zbxlTW@q&tE;Yd!qAM^58jBRS(g-smAriYuxUzA6su6A-hzg1QnOv%L@#|(gX)fw`x zjXO6(d7GEb2em#|Uv>171NQ_a5?$bPjW32sR-!#mOFbx>{#Tqye%jue8A|rLS6*2`BOhv;(F&(c06kWA4(x46*IUL8e-FU$pVGYH5)b~Z zGq7`VRCx*VA?E?5RC4#-djkQ|+V!MGPzUOVhTyV|PINgVPcq&Q4Kj8dCK6W$_0Wu^ zQlQxnp7;#5arir>Iz7`?F~=Jp4|LEx9i-R}DRS1lmf`a^cqRtorx^XZJ)X;EZUVr| zlnt)s043`$mg7bgYlnd4Pa#Di%n26G)N&g!h9@>Ax&C-1Yt5t{<0BHF8Wds=`1#*> z1+MCh_C|c@h!J!TnRgLuoyakRUlVc;rDChi&GJ6+Q}?S!XmTuHN*->PSp_S#OzZ_v-Q+^BABhYVp2GlXn`cFo%E@Ugsh1n4rOCg~n0n5dbO3KNF z&BPnGyE5*NXB6Ea9CilLspeb4P%tv0Kz*%rnr(^RqN1iu0z|!WSy@>}QSL7-uzDg> zr5wx;P*t~IjVgMChgY@;)pEfNw`GhQarMTwQdPs4)A)e2fMKLO>g?+7dm=~bH&AX~ z^ZeF$ft}}dhWKWi+es}OS7)m!^W9wA7T%W|w{n3vxaQf~TyJD{v0I+p=ZP`TySBG; zUc`p9jDvD9(Ue$THfC(GfZ zmlXlZkjbhNv?nG_gG^wp=xpK(Tx}DyV_f2ON#lqrg39b`3p@3ZI(Gxx-V}#$J1u~1 z4;yU=m8=Fztll?0Fj*-5>>bzP<@q6yK8`d%FGVWOCHf^O&rNvi!dBL9Oy!ipN2a`{ zJL&c|#N%>xUuZyxOwG&JG4e(#ct#HR?&hdXM{^-~7pfz@lPg=WA^SVVivMdc2Ra&? zsKQ-No+1A?2)jZRSS$$)IM4lYqGI}h)AereTbqHQq1a_REhGesNf@t+9`N4S^wd6d?*K3l+wkB*Sts0b?-Co zRz6F{bG;{luFLta4}DFHqZF>Lv1U63af#3n6DlYJO$M9tPQ!~e)QFP_X&Il zL&OoEmlESI7_fOL86a)#Ce!LZ@kyThi(1DSmN!Vuljs>$pa*ZK7hz=RD9nc9y2GKF63YRP@Hl>}hC$h+63X0A!vtO3=S>6OPx8_~s`S zP08VxL~vV4B#DqHem)IuawB*FZ&Nl3_?%>c@a?5sCcbEq{VsxWv?G_dkqn}3xI5Mh6w&sn*a z+?z$Vm2>pGfQ3jUfBI^y`!_#<_JP_OoWTfA<$;2XH8sCAHa0rN+^`2DI@<=6Ym_o| zkC_C4L`^Ir3R$_)`By!V-)f*ak}ifIO`CZj3>~_%%h|WM_b;zkqbV#3-(K9Yle|L5 z9!1%fmh#EgMBN+p*A%$zC5{6zJnh^TjdBB%Pd~1{KJGE_SRZ(VbgCz+bZwnA5ILRLyfY%INsr5PY!>T$(*e(7cp@rV~sJ$Qyy|1*VVM@1K9(wEV95-5&Mb$;k=(gG3ND z(ft_=*zW~x`Z6XC%3;~$vgR-!LZc<508k3-pTQ7MhbtHdw|UvM3html&U0*%$pFQ( zo!0522`d}GZ74P3=ws!(B+`b>W!{!8WRm{17t8*3@X<>0(<9)~SJ>}$#Ln{pHEw&~ z!J!9x8iqXHTZ7D?u;70C%w<|D6Z!EJ!SEqxYbmbZdsi3uw10BdJJP;)v+1#L+mTc7 zfv3`A^Jv8{IIZi6+jjK$B%~D1Md@6c6X65+{+HnDpOj-Z<;9fQJ=Qe5(NPL^p1K6@rxQS_1dZ zNgO*9?<)px@^o6N&@+WEB=pwFS`WG`AC?zbJogiXuOd$NxGDy2DCT()O(4Ab%R5-|4fsh}6+K>X*(4*8beIeEdQmF?N%8E(J0f8 z8`9UlcvzOX3`mMTF|p{?!$je$41xp&-<;k{RH#!Xr$l?E5J=YGcpIaRql&Yo>c^7Q zF!jzzQfK>QVia88NZP(J2nmt-(rWV^d&hFY`iYa2O*kNioh-D;gsp_lD7vCLGwd&k z@RYN+r5n+y_;HGml*3bB?PWJg;D2%JWFi#Eu9*+PwiZDNCSN1hOs9D&Fr~!#7%X4r#>x6)#Fq&lew{pQ>LVX z=R*ZdCW8~S;R&jr-aNvdn39S>d0b>Rp9S*HemYsR8iconaMxL=z?IPG)_r!Nwk<%g z_>~cJgbKxa%vp^8yfyb%VjEv~#|>49iw6iZwea?(@xvc&H_+Av+Mr#1gTPGACT14x_CNR*I?-1yM&Uo@4VTLFmAH8eA4B$sqizb`(E8 z^)TroB%~z#%x?x3yZCZo`q(g;?bcQs#*)&k1T!wotQSWwt-o_@N!VPU&3gL~TWx;v zu;gUGCNaV<0fqj#0Vq39i;zi(&0joR?I=)4u(3n)QyWOE{9Ygh-*9QpCG3v{{s)bQzr zECzXjc`~-!#gFYgkN^DzvKMXVR-UK(niJ^Zo^SPW^`1kV9iw5#g0@Wh5r?Gi_DCw+ z|Ie__M~gw8SIWJ|Q(>$1Z`}MqQU_7B$mH`gYjNG!ul^~a!t32{@;d#=>jz6uHpsG7 zGprETpZ#!G)-_}A`Y*QsOak5?bpm?M@;Y%mHt|4^5|WcA@fE}U?jt;rmabQbmi0>i zWVwTZA3GcXLfS?DF2)5A(BvmBb}!C0-t7(@_7l}7GErHpML+v3?6~ss^{R&y`DG*7 z3TRph0iKJkCNSP7$OjyX?q7K(Z(3bwsL;LJrTP0G?B@r*QMr?Kc6NcEuwd0(5y8!7 z&m~1aXvR7+IvP1nltKDg^{zVYBmoxD>s*Mu{yvbWdOyveKt%G+yK_`FHf>cWYhvDG z(5?~|adPwkC+uZM5?pyaXBTrt1tgPBZa6nmbQfvoWpZq>II5Ajyi8e1{isbN5u+RkU6 zWq<`lW^7>A_apnVa0lnt!D`}Os~n9@V#KK1Z$SULsCaMO%Qa4``4P1KX1KrcDzkdm zL@?!7OMKTZ#1jrV6}x!+CoWO7Lq;kt`(vW$0ln-#qhs#iL9S|w0N`CWkSCv%pvNXf z6$=0md=o@!pl0v+@#Bm@`%2{AoUD%3FM^m843=sie7w)uWoHo})(~ma$e~u%UC!?d z_Z{sl#)l@jG0rh!2yyJkCA^w+sEt=YM=Hx?YOBd^&DO*7@J}#)Xpa8bYq!+CddEV}E0OQRZJ5SoNE@4~ij54N<{N8p-Ttl;+Rehodb~1>hy2?r zunmoNVV>#_jvRLveV{hK2^(yn^?hAUiv?e=?)Qde1%PB#0{;hz17}JKIi?HL+L8T6O#6;i9bU9{ zC)cY_vbw5+(M58b7517)?~_i1JAN0cUtIN_IZ`vsS6w|O-;TNEkpb6`^Mt=wZsco7 z6_F3~$^AUJ?>lOgI=G?0#qx?Amy-a2+e`_>|CnJGX7dCFj8q_Vk;3*`OgaWW+}VnM^_#^JwdKTJty0siLMRE5k2Dk>OYFgQ6c zxHKpTjt1&Yn+m%8n|Yh z3&y*i&0mmfTjHeU*sJLi1sKHr8S38o`Ybo6J;Y``c$MRGH3V3fG*o)~&PLUIe#5wD zXqN38vT@qPh5{+u*S=8Win@FO^pK?k|B;9E)Atst#?gZ{WC88S)S_U`=>Emzl#sP9BaNg zU1|tZg3b?yMBKWqp zHU<_JO?!62KY~P>hxe`lDg4yb^8sj z1XVxN2#HQC>eV6ByQi72%ya#33dZMB>IsVF{(0h_rHF%3XeUZDBE5dl$fW8wqf$ZP zzBW>9!%B@B%wB6A%HEX#YGmfxqDoTX(Uw9G2w#~E{su85osSg1-QBiQD0Vbw zZ?U_`fJGzpxLOAxO3QpNGh-wsNfr5UpxW&-Rs#iQIWuYk<9wkcCXh-z_+aHLl+RfL z_g|ce=hC+Qd*#O^dTN>|yEu)EEwLsNvT7UKwQgkOv9Y=)y=1BXvMge61RK=el}gqY zW7yoIfDAo|!`$r#0}c1enwHgm=OW|@6Sb_dFctK|-f}!nhp*ugHfIkuniHse1s6;c z#lIsVknv;dEQO!i9V~_adzVg2|1`QN5+%#Ohd6)#(s<`ubA9U?;FPmBD%$}{Gj`XF z4~8F2K;PRz-yQkJMg5E{7%z%oF|_OK41xM<%UbdbK$W)d#l?)~sL`MT;=^$(!kz7u zr=OPn4RMt4LjxH)-1OKQk!G7pb>YQ>q2Z7FH%qNg)Ee<-WxdS@^IP}b`eAM-Mm;Vy zS`trzD+#{8S;lc=R5FZ!$C}@*CMDPQKVSXIa@eZT|1o`pX>w^uOf1FXtmTiw&te?l z1O8F>!tURbH~-T$4?D^FkiXs3h=af>!llmfr_!pU3miu0%V*FXecSlO;0+zdA6NO- z3-@uAdCGnYmx^GS-4&B5CMo1lba7*IsO_XNdl<&l-5D!cbRC_gZd>-MyZNzeWt$X_ znTXG2=*Y$_S6mjx&R(@e<;awop4o-nhKl8N7S$r zqktvN``*vu5!3kB_CeljHcxDQXV1<$Dat$PdcRbc_shSqYjSQyts-h^PSMhByq%ok~9 zJ4ePtWH|E1`&MaYy8FZCo(1^hw?fXAl+Tbf zB9D@3B~YpC`BLKiUA*?KjBy)z)L`GTX|oLb9m;#Agm69FHkPn_sN*hB7U~i6C!NMx z#%kOw41FSw;d3W8C+rnb+iOgMGj%({<-dZNG>jC;fQm8WGKsFjVY}w}63qPQYuFC>{Cav9YLL^EKu$45z&s2Gauc1NFrla0kuA zviPK>p!Mg!%MX>`5n<_8iPMUnRP)5hTn>JH$|a<@xE1%jq;Nl54grIm_deU%RedCM zt_{|0uwv{)B!p?j>Qj|)Y-}k~RN|7LE*-+*EnC))z-gE@QH+rc(y=)eR{j_L!VeXA zw{l@RcTM!1SzsPDR1!~#C@$_V$RHB3EZ)YmA!?X%PuNfo0{+^zPUI(Q7pcIu@R+=~ zn$Cw;4smJ>TC25zA~9)gf&YrQnYbbFS zTEN82j4ESP^cTp$1a-b`}6v@V_CcUbptTMsG%lu1+z!_zim=(TMgLuR^3FP@05~< zg8|p-D`~m>>FaRrEZ^ymx}y4Zln#0r2a0gQV5Fr8Z`{%h#{&?}_&5)>_)nOqbX95B za?^hm+i*IYj|i}QWEZ{NvF(pAzAa>_MEbd@~Ww?ZOkAWRil~+_E zP7sp_+TV0wCml@w0Np*WvVspUk+vokzp?x(_&FA1E3NFsivig|2x{QY=d(6N>lTD1 zM*wP(>UYD&+`%lH&%~GE2+QDkWree4N>Jn@z*y`U7k^~@Z{Y?ZSn>hbHR3=JDx#Wl zQ06Skbx1L3I9$}!^yyKsx?xp<1EIruq}!!y^^A<}XxHw-RN@%LnqS zMIFvG+%kgiPrRD$|Mi;=cdoffm&KL+bXx(yY+MJ4F-19BqI&qP96gaG%Q zbbw|poc+ZQKG(|!+5Pm5YPTQrG3QgZ2G*3H$2UFG z9>Sq$JP2FO%|#vDkS;FW9Bc88DP7n&`DG_}LBWW<-E^d)x9wYvP(k!wup(W0eOG^r zHrdtg87yc<{+|dK&KBUbfk6R)_iQHVejvKp*%vH-czJH9^Y(sQj}tRxqsgEU*W0P+ za(OGPfb}(gEVq+2zg++O?38%URU-O_epC8UW00T3{iYZ6E7to=x zlyC&NQ%C(cll~Tmp&|fUca0LJA3;k*NGMNVmV1Hk4yNNu=GXo)!ww`x|61%5s3?z5 zC_9DTXy22iDiS#vF{)%FL^^S+HSvVg!bAYAmM||>U&*doiHDtxFCGJ1JUucT} z!w@t%0y9;BttB461&F}{*7=zcJ=jL1vp*m=35hgzLKuT#!5?7!m%NeKmVSN8^W9A~ zs_3InEA6cWKnU3~n#owhJPNih`E1430*ic_&0k~f7}&*Qtm24!lPzeDiPbtR*<7SAX%5|6V`i z^NsS;xOmU#qgJ&cVXd45rE6oJV-Kr=COIBZ;ywSh%lD<-FYf?par@A+i-%`2U}_S&k-SEjI4qre*c^|^-%6d!|Sd4=`wM?eTNiER60>vwPB> zg#sIFgcu6ZH_v{1jM}XD_hrJex0z|{vyk+BwSWQeBVRb6`@%!n{tge*flXUJ9LJk{ z8sQACJ%1Fb965UCbi?=c&xO;ia5XCRA`$!R?_NEdeOgGW5;6z<`y`DVz_I)Kb>tXz z`1im|7XGJ2sQ4>H_VQ4K>swl2u|N|DIj{VBxqpxVUO z4$nJK`|l~Vn>x+*;`v3UIw$!A-jJm@vCNKw=;fy$D+>fm$a{x+B?SRLF(diQnloAF zeYbkEt2A}aOyrM9Wx^;>Cg9lU7Qrw+67?XWOIOZ)1N-ff;>C1ApSbKkSMtYS%EC6M zWpx`dFIGLCCqrsE7G$SqyyVX=_U{z98on@dBN-q2|38GsPmbPRnYJ3MI{fYe=c*Ux z{`7#uSKZf8N3L2duCsZNS&$t-c*!Z%-)J(3|C<{GL+cjb+oc0nDB?Tk5jIxvb)nX=lPm@sqq=E@oi2eqmU| zyoaImr1O`ys!m6ZTmJad%Tg>$uG4Q?=kuZ}+{7X4i?I#He0@Q)W{b)j##xsYnmyyK zF!02-ZS8%8`=TV87j4q@SUV}Q{Tnms?+%!qn@NkBJGN|) z$vs1Fgg4teXiWpEKYe&>an005bR2~-M5n0r`CqjDrS;cS+RT(x^qi4(>7^|||5eS( zv3@OL;XX^)Ob^dm=hX7dd9(Xap;ar?OGd@liSnzxSFq=%b87~+o{I^=}* ze@Y6c$q7OGPB8i1-bBh7r2_`7LdOq6BOC^qxB&|J7wR^Qr5QYvOPhb?P;JnK z)?wsBjn<#PWvv{F{OHK|FWC9H8FhRJbHxb5!`NLzoy=ODJ;qR#5L&ets%G5`$^A;A z)JHHG7E-Oi{?iqy#C0pMwyNzTVO)2HEpp}8aL{lrcYkU<hGja^xa+expLydXO-oQm=G#{Yre2O4cFa7WxDSc|QNH&+g! zMeiv9w2kE-%Y%|Jp#2q}&v%*RIHBzy9-j)*#`TAiH6J;?z&+u2W6%_Ou!PT-k5lf2 zo>wi{sD-gvSJ!f*6)c&XQXM4b^j@$}riusZ&jk1|2?Q>@Qf8xJWMu(t=o;1dHqj3Z zqd0ng8~f|_Euj){uP4OC?&PZI`j{iPu6qjSU*fT3_VmPH(9@|JvP4KUP0RLt5p>~j zHm?7BZ8vD}`cSWR2G4(Q4PQ^zOtJ)RI+3f9CY;N;C1f>J$c}CkVuk-2LTC%HCjq{- zIqLhq?RObNHWi4QsCrX)No>wAqERMD+sW4e+V&HL+a4`+a9ratl2)x!?kR1k|4j(S z@&4iCtye?-<>TeKc)au2*FvAyblcp8kT^aLcK-1Z&VnB)9NgTzH~R{QLMYLJ^Eu3K z0y%pGt!vT#{kp1@V8$c*$^y{W~iekr&q)-A7aHTsE>DXq2R zB21!E2tPo$KF!QTXed{;@?~PE#t@hVFI&`)=G_VdRgU)iFN`Z5`HIB6c|5MF65Z@% z{!Xxy9{idB&;t6N(yxu!b=I#$+hi>tOi@ zg?jsAyzBYJs+8l+0J=pEe@pOh5Ca&XA<%-*4t(UrettDp{5P9SE0&(Z&Pi6t3s7di z+RgDD!e#hvQZE%g^|cCnOxvteH{^e_&U@U@KNSD*rT@Q7aQ^>%NOY^8$RCV%{@r2m z-fzariHV7~6&3$r%ZM;b=SvU%YAyQ7<6EV&xk*d*IQM@IT4MkHdDD^mOBd?g>}*g> zOpFoHvvvh8)WpMLV`E1NvJ{F`lM;`eT6Bk7jy?V*_)mOA`V8%IDMHlK(>pjj)1Yp- zgwl71GKNf5SgE;asi`F%Gs6y4`u_vVLq+~m#36z@KwU{L_j!FM~`c0GH2V_QXQ49oXLC0|O> z55pP>LqwKbfV_kM@cbm6=2uV-+ceSMHPs&tk4`o{mUT9zI<%9;okvN3 zH<5_=eE-!XAZ!85$c2+P+KX%Lc<+0wQyH>uEz8oN9^5}B-$y---ZUlbQPyCw;B6W4 zOzwp1=4^S`SZ*O1JFA*_fl=jd;kf=>8YEpLbw6%|EY$R>HL z;z!GIg|XxVZgj);yGw%_MbRgmk7jCZ2iK0mE{zZ~lB6`P%{4DQCiJ;yv6*c)p~!2Wn5yt&op<}n=r zVcd`1_ZO%;wa;Qq@=W&1as8wh^KA}JDAk^ubx>qcF90pxj7!}0Q^x<9x70(jDEfNV z7G_YJ@POU0b3i172|ezA7IXPr5S@np;RA~tOfkn^1JR*2Un?64%)V+eP##eE27TfU zF+u?&`PGpkL;X1Wg#l`YJAdOs9%1X_V8Oo2=SY(`-Q#AgvB1tWriFei zqUGlDM`widwZ>#Fhezx;pgUEW3&Z4sB(v>ZnnFp^d`8%?J$=u7&fb@G;K>377`t4dQ?$;zl>kn_AI_jZb@k%`g`4Pv6>P!){+zP% z_TCFp_UPv#Xz^c1Wb}-^^tf~~SwkhuKp`4jxW@dsi_}M2P#pd-WavXfL4Iz8vmM;+ z4|(zM&FjJml*p&*(#B|?(yvAJ%@?z7R5&4a6UF*aQMDp5JA=s^fd*e3^@b21cBSWv zU>{apyQ#ZBXD4K||NXK^C$^^^L#Cfa9CI@=Qb{>$x4cz z@{H1S>$~Zpxy`mwm)9ROF>d#~_6E%ed>k1^%Eg?qk){?z9Sd?+1!cz&^kKX`;kqRjo#+C{`qOP_##c>-7JoUN_uB9 z4s~A*i5o?o#RMn4W^9aUbPANpY=2 zO(?ys4s7+s9J~XSotl^I%24y*%$W3Xok&%FZn=%}M|D;5@`F6HYSsS95?ojtZ2+H7 zw8k%KmhRa9-As=zQQM)Z7COU_#WlxfeMPA3RJC(iAQ?rQH&N9acKBMc9`PSH0JWiv z^nZ-B@4i7i{Xh{g*i}})Pm*RX$iJ)%lc|yxD999yIv?*y$QKz(>YKEm?VH6{6l0!W z^>wch&Eu9}?1Jd+?`mDWf}fD%LUcTV?-#VP6?QDOzD}p}tKwpT;iDCdl_y0_BmTUk z)Rm=$0Dr{fxuWZ?dci0oxFDB?$-eM&FNprRnA&psb|7%<08vh*4<_q+mLs^o20E{-7 z-gUEH`zlr7=!OYJOH*Trl|>t@oaLTDdY(J!vo;;fh`|nY`@q&AQqAaAVHA zA+CrQS*Cp_xt#9lGtXQ|sLzw*>Me%BX-=yt!0&f5E%H%zxE@t;sxu|8m%BNtq0C?_ zW@x)bj_63p9838g*t-JHGD{{)!$px8=ns3+wJAaUUTbDq!DpdY8(t`yMfCad;Bz%! zTMzDkofo-Sdh6_m9Ms(fbJp2Cc-pUDSt?KY?H;-~TXNX4|J4)9cS0Zl z(KyTSVX8apj6BXQN4hNLaD%a|UqI2?wzTmd8`4D6GPJh$S7?|#J~}F~v2hl~`QBl{ zBo`vLKhJ03oPFsOw1h4=*ypZ0hCTCSSjLpwSo)hVv5+?r1y^3$=uh8DuL>{Bzaixx zTXNTf@&cEZ2-a*;l9J3l^b9q#4i_5d2;a031LhwV^zYp{DPWIEWv1{7>wG~P!$c7^ z=*Zo|!3(+A-NVR4*_)#tS5}qj7^9PE(caffi1ZH}Aq|ql#R~e8H~z$(a%fv;psbzn z{p`(DnzQXfe~lmjK_7FmhAdU0*W6;2O@s|9#}mSh*^!0X$m(c)G(b*JY@*l2? zjrfVHQI`oKQb}g|`}OWV)n`LJy%=#T0^G#85Kj~ZH>%l#sfAhPLP-7p7?l&LYYBEY z2ows0JUKywp{V3{P3rp@QrJmScqkz#eN#CA77ig}uKnGQ1Cq@z(_xK7fumS?f=@@nzp6N6x(IMcvjh&}e#vki*HCL@EsNckY4qjR;JU))T=fCVn; zx4PcaG9!J-c^yB-@FKTIH9bX^MSd-==;6De9z?ma&`K$@?mst%2w^YrbEPZS_~sXh zGiE(XrnK?eSK!$i~yu56qb>D*qofrzQfvT>RXkGD0Um6KvDLEh6p((`J$O!g1#9WI7M=hKv z-}tzp1P=e^uBT4wnEFuOaNjdtzPaP$>D{O(b=*;7J0maGUcCDnJ;~J*Gh< zJ?Y^N90?5#&&(c~G^;}@jgV~e#nJ4l4tv>>xov6CHfM%xO0V4YBYl~@gLe4Gsh_|6 z{crjIp{X+BN|2lKFJvT&}Lad`;eR4ml7Dqq( z#mcV8?OK^yZO5@i5Rud~5x9mH#E0KSAJlAE-zuMeFIF@|u<&2wvzh`gX+LYXxi!?( zKz&i zh3C%9K%)r-1wz_?mY%iT-p(%yq00M@N9-?R!IIa4f+!g=9MxgdDB!>TCsb^y%9V`U+L;?i;9srXn^sHZCxhv51y@MYl?p@i5jdNS1H^8)y0l zT=jWj+2to7Hg9vd(QbGZR>lmcm0fqZeuZ8ClTac#IdQnY%Wx^v1)zMl*|C|Ru&l$j zj^t$WyECxMeP`!${Q>TO|Mzm8oWbRPlHc6)UkWh)um9lQ*L?qxy#MXp>0Dt$LqmvW z*2jN8!>MGtQm29I#>!#yIHFMVy$p>X#@Jkfs0(v-G* z%Qu2+kNxy$?`Dr!C$rCP;Y)&D!{hIZQ*wx3XkVNq&OWd@H%T4fiEX zC3W@SiVB9Lq@+QP|K{M@(BudDQh(zm07XiJ4Ve^~Fe2=liSqJB-{{tV$md$YS;ZuI zl+Br^7+cweK6euxl5Ko9^;6%z>r%aKP&b7#b0?^OV>L~oXvWnafoXF!BBqi}Yjl=H zV6M;Rb2F2s93=T{^o%*Jp3?AOY=qN2yVQ5t*wkCoiCeoBw&aqK67O`G*RzCk@33dW zvzc}$`Hp?o|D&&O3=UvH{m*!+wE)NH}dnbVtxO2dorTe zm!)9pptKIi+(q)%;i1)wY?!@-resIBwc6V{&5rtyU#56s`E4J}OMlH7#}wSHct0u+ z*KK?5&k&E2oFXCJi=@*`?$qDfTl-)EI+w&pLu=SkhRg!3gMFXJoS~(R!TB3PEF1o2 zd#TTENsnqcWV@iHvY|2siuFzWxBJ(7+tt=YJw&YV%8xyLbHP2Zj9R6TvcCdiYd!da zfNfb$`*5?qGrbUI7aLt>Co-v^E*uT>7Bw7>5YP4p7|__=<*tP!kDDzWk7xQ4hUV~8 zy$I{?SjX>VQITy75K+4l`Q_oe#IDQheW4oT1x7d9iQNk$?0`xFzsQOYjIIR&)fcf{<=CVOAZ6phgpIc_>*oPcQ%$@adrGh22AY=0YEq{Ct^5<%_-%e?; zg>8}xSnJa5iyD#q58liHzgehfVbfOX4@kQCTWsj(4IQI#s0CzH`83)cxzbrac(y-geo0UDtBn$59TMu;Ujb zERU(!OT52HxJ?~1FfmywPFl>ixV|;8_INIOpH#K_eQ49b^KglB_|)R!=(iT9t@3ia z7u-7P-;H#i1~Hqa`(>3RG3jX){Z<^qFysh{fJy#=nXe{25(Ba5Mxi=F*LUCPa zixSEMRE?fI5U>c&0%M!785tG0xtljFQQaCfwD?NT`3@YJO9t~lNBca_*V+zod2_fk zW|x?q-FLD2&bdvao2#Ux$}3AV0^lf^FVVkz>qd2Ozx8?3_qdHREUuyw00Vq-JEOdA zSABpG%L`;f#~F82Clm@}B_4Cm;1hYqKaCp4@Ro`8q~Bs7PZ-ullI#6)-)1=zc@;Etej-2dpoO@8X>BLRZaQ16J_kTZQFi8#*_wJvRVt`7pEc%_ ztE)#d6Q_n~vy&|hW{Aa8Lx?AOyC@tI(L!KvE$i^DSAzo4Ae)%oOza_rk2;*zGP)$a zD=bPgKN5(PGlQ1?&!2<$!IhP!=!9ZI7HsV(4s^C3XW}|dj(C!kMSxQ!%m5E~w&H97 zb8`#JFUNGn41cMqEQo5RWFI<9us1*r-d!xH&k@eI%fX+Ll7F#!AZhdnCfn2LF{g1=%_e=+9_hHl12oSZJ!stF08} zS+(tIjSkV|bIk7w3QAunPF6@1&1>%X<-dmBpMKtSq%MMYN%|Ive)$UL+iW@`FH7e0 zgA@_n*5rB*-`IGz7Qj`)vpYE9>su-_BfZ$xz{1GV#*?D`_fSz*Jr2O_e;Q(E%ETwcW9O?a27Tb*9%H1JwOCwaeMQ7Q8CWq{hhZ z$2!c^gefvGSMumtH1Yr%@HV*J^!JBl<6RW5>%KCHgq=zALPI!of@gYTID?h?SO`Q% zNmEBwPn2i(>09X-J#&pqH-|v#(TVr8%)b0o0MG84c@AfJD~vjH>|CNwpJj?GryA)rx_mN%Ze7*(b*AXL zVO{VvGZZtr9YAhqnZ<(`rfo)U{^JO$I81M%L%(zs8ViVG7{QJ{+gmw(tINnV=ilF9 zO|y(a2i%@H9H7yT=W@EDAIF#Rtgv1cu?LfNg_fEe7SkGs8S6ONvgBi$?YFY))H6d070gUcUJ6b)BN%Gb!=qOgL$GkSD+zbx6E6uw5$2j zvbab~kGXQOKDxcOk&or*mdf_+45!j}N4}AS$*RSdLtM=Fmg@}Cr#HHsVWPW~|NCG< zedRBAhWkr*L)$JRr1*3T6;b2d)ds=@!Vokya4f;JD*d$?d+#elzJ}b|B{bf z+gn0>>lRhy?=g7wK)hdlW;dvaDssgwE1{(}>RV{PSuydh7o2OpOK45QE{7a3khY$i zpZVT>c)dBPYiGW8C||ESBH8A&E0JF6&&~#hX?Cs|rH~Y~Ty0Oi*v;Rr+}|@vG1`*K z1eSufAC}?R9`+U6CKr;h+OAMZy*A+I3$nUWvyQEAK4sDtf*;Ohr&42~hE`QbZGrga z^@N%AdSB{x<&9c0WpKF&$M)zEe_6q{KNrjsLvn2EY4uZZ`o(r65+fJz8;TOx%?Q-Y zPK{kuI6ss;?vx>wduR?uDDDv$dz=k4-Jn- zhQyu}eqo8@#;GDUd1)vRGl(sT#~WYk_#osRl}7QEcyg=4Co5IrDGttdteB#pL#JlG z)M?%Pp<)Z)Ft)^sh7b0JM{Tda&Qh7b?QXYtr2Q?#ONEo3@~Ii8le(mQxpeg_7tmDA zjXtF5^_E)b+&Uxt77Fhkqn;my+Bw|`QmO3LvsoMJDJ{F1z0uCU+I<;^Xm2r|`-Xi(vz2n4>|4V) zk_^&+4mj_8&T;@gg*&`nqQI>l(X!g#KP&h29Ly1yoPw_3w7WH3x=h!SeT~Xjzr8-q z)0{|a7AVd6m+0VLp1nc*hVqM2pXW4R*4vp{+@j#$UKiTR1ya@*J+;bcuDi_zeV)Zh zflp-gYrvJsKi~kc`OJ%^$Ne)$(Ao`QHt-7Py7M96Ug(W3@7aTJ(7FM{+f1fh>6UM& zJ+g_LipAu=;AOrX{e9%j?&cyHEo1GzIRZ}H=| z)|ePsi&zJ?`B%7;(3@xI~W_ab=HK(LPPOOzhUo&8DW9;oh+lpCzl_5_x3nz z_zf!~E9JaD9Xf}1ln}jan3_P^3~WfbDQl0uW`lFvvu+Dcx2IL{Z?md5ot_`#J6sRi zY1nr6F!`U$84Lu04DNb`rzQZSM)_lyFnr#?mmoXus|zzZuM?uRX#dj5GLOfxwZ$Yx zUIHeDR};pz-=Up6-NQGei|~qDaiF@d3SRMmhKYK1uSZGyrR@>B&Aliqf=AU8ukD;( z-`n~Noq;L1pIt?SC7j9fbZ&-AZ(e6vq{Efj$qX5#v)%3^M>1w2Z6GfD=ML*a4} zBNL7W(`uoL=a?uTMl3-7?Aua_5(V%ep5GsR0&Kr7cExXx+1Jle(_qExM2Wuj+)Vnn z1S9((#^gBo@g=QpjJg=#OK9MvIW3cs?LQ4|het(GIxjL0%6A2))-i%6npe+5zY0*V z46N&W#1IWe7dlJ;QHb3++{d5bNSEEK?>$JLu6}ATy#&)I6M39u9fzGPYm!_~y=*2C z5op)>J7}Ed$^qd2UgBqYU2=4;XHCqp+2xG*CzLku~B(pxl_P{PzL5&YFq3NwRSe7Q z|2!7IVdbW?uoS=|j~>Z8qJ~peuYX2BCG6k$(}yp}{W~1e;Z(~GDi_w9IT)SvyvvnT z66)g=o#n*bggYc7mJ&NqxF4dg`OAzeuK>urc;3&g)k?WXyEUMZ739tZkty$%muEmptt}mjw(6`xE*sg z?-kKi+dK_}OIomDDc)V)x!ZFBfPo+Tu!v_J;BU+)e;J{iZj1j4r9hiMs$CdDXX;Wi zX|^Vt-4_iJp90O`y7M8I|D@Ie1Z|mwMS>-s`RSuB|ExWPhHjp2`-iqpT04mv6fjVm zYn5D#X$J{C+;9`#O~dYgCVMCOe#6vWW_x$!@R&jFl)3IM*Fi`zanJ4BSo)TS+tJYx z%DML3T9>wgfrHj~J}Xb!JzjbLeuzctTvLQPorVd|g|!3%Z|O~y(c9p8>OI8S?M$&S zr#>R1uZ>${TcNlL8MlJky1Y`#e0PN-1tqO}HxEGA8q9v{Dt@xs9Fg5=Fxonn9zMY| zI52~bcU<_)o0xyPKFrj`XgV+~ZyPNjk~vI9nx!yy_EK!eS+$W&mRxPD%3dQGV{}d& zAvyrNH<3M&hRQ-|o}l9SB|dQIaM2@l%WVCsGcM5+?kiwh3n&GO)zwnU~HDlE}5JY*|%ZI#QJdLgZP4`gLi>TMG47eUcimaSJLnbW?}QXztba`>r7K}`Qm@> zt1DTPNp~B5{CEYrCFZY>O<_2uorcc@`{tDq*()mUi1iK#WnjT$~0X=H}N?v zg7e}L@7!8(-O+~?h)r%|+YWe42s=ivA2&xPoKmkoH^rWW7m#PC8(Y|jx@~bLk=C>B zktHImZLYkAE{z`83^SE+ZL)6=7K(YWBWSDs1v?0t|L`Kq0(c<^*fO+fHOg0W3|aK_ zl5pP<^`rnvqn~w~)9;0}Bjz@2KCrD1Cq*z;PB=HSoih3PldsWId_b9piHNEI4wQzg!VAN`@ zIMP)OnIt(`xHPJyZmgx~5l3LD#`5gnK>KKDY#b0A9J~pESg8E?A+4hF`wzwUw)t6! zcb4Z6sFWDzOA`gywX`wwj_;q!ugyZ`-!VJl%x}=@DSk0RX|MpPkL0AoUrUKtPDaru zmhvV(PV>SLWMgc$IgGmlS;sDNnkE7)0%;G&&zm7=FcmD?RSMldC_y{%qz2+uLaSqw zwM8ZSqxak~GmAYzE6%8F5;4XZVEg_HqoC%L?Ui5EgIJHt$gYnB_&WPRzL{o ze7BxNPGlrYvBidD-n~zoyW9SNW9YlYm~YdM2Zrrpb??$Y=jYp2xjos6OZF@6g-~4+zGI%K`Y9wyQVyccBZdgWnBRZsb3TJ5>) zb_6%by4Vutnr_UU(ww}*N|bR*uTD5SL+6e3T3K;MoSLqhSwfg~jD^%{`^{&yyrk+I z)mahGNi~wio*g#NgDg8L^kurR3w`gFs-NLGYmP6Y1#)?e`?tXbGat3nG#xCCDMHvn;uSPDR`@o4-XNCbVk{VRb1*gt4 zr%t+6=ldF3A;v12h|O@Wwnu7yCX~IoJ-`#y>B;KbBXEJnFB3hK3{(o!pMK%6h5(~H}S9zhrzhkl8{sjX7X_J%oxX#n6( z1KwL9<7;fOZ({9RH?9W5kKi>|j6N? z>2OfzL0WHl74=>jp64}4043F#&S&L#{F^uOx^NUBrgyDsf!=K*akP5$%6sg}u2bt3 zx_GUJ0W^elAdRxXD#|${3v(3(U;%dvi=ky}ucj39NILu1XMPfOK|20k_Ytl}%Ln!Z z^V*ZpD%w+yU?a-QaU!Pcp=6=zoo-CqcEHTcDN0{v)X^9bcjJ|X3WErN5G%3H?RhSQ z=;39-E~@!B7Nu0tWcBVFwE>?D#{>?>JeOLV;{`;F|iJuPASqjiMpk4}j> z#G$V{nbj65sx*E{O`6{0*#-}IbeyFoYI^d6uRi5E4MFmk1rHKv6y2R^2`P{5FIN1b zOhk$~e|pRJC$HWv4zh)cW?esTO9tZ~jrhFz<&agTJOf&BT}#O|MAv#po61@#cwpwuG#mHSW`l72QzU4>j$p=|d?(m28=dug+Rm>gZ#K1b+_oZW8iU5J-})qF zV_hEO-!|LCvoALh4KDhK6b+kP$jO-2g@3pTxVDn6JkA1ME{2-Ey|h5Rxd3C6oblWh zs;NeCyo|=jE_&_nt3i^FTi3B3?q|BVz-P<_F`jJ<{tQr-XPgerO;6o9ZPxR#kSBym zk(FKQnA3V-HYUs;&Z%0)3^KkQqOMLAx`+jp72k1u2>`I=OTtTk_>iI0rDKo+s)P$q zi6N4I!|l*2qALsARg%Y;@Oj`lhpdNsv+kQzo-cH7Jql%dw{P|T!D)wpbxZT?&0qJ| zFD?NhnQ|78d@_rN{;4f(I*S@^H4!kh%th_|XG@T1>cc2Sxqz{le^&znV9}m`T zrN%(LbSbZAoICc>+bNs6dXo0q{NbRFHRa&37`SNk-wX3Q@y#^Jz;7`Hd~@Qi+Bo+R z7t(B>D^dgcmyr8cZ@9HneskLe6O35MElbEU*+yTHgR1XaC{8-|*V%=vjFPsi2Tnnc zTOnen^g&;sRyT;ucNqP;YqLdJ;f3FUG(9b(HkpLR9s-+d?)$fpLDutl4%7myW+LEQ zsLoq*ya%tGzEpoB=rZDB<5Y8>-|S)qu#*T0=*ik|$>5F}C``~X=2gW~>{9*MvCt|- z{;iRWdt^K?y^;}f!~fA*TZjYLI$VpzS{obRy;#*($S1&Kl_S2zc)$88yVk@R;|aO>c=c{p>+1} z&6w~oOBfla_#n3OK>YT)W1?ON+{hC$P&|vl2mYvwW^FK#e{}2_|6<+G9ds-Z|A2{KM}|NakBcl82u1+~>Up@S)y)_BCJQk{z;P?qg%e%1#iw zE8JBsFv|h!<}M7DL}`dRPm^AKYX6x|X|oI&oAA#g7+w zdMR)6B>#i)|8R6SDEQ5Dr9t0hhlYj{lJwhuROVwt-`!gCvrcXT`$4#+A#X6mu3$Yw z)hD_3kD(`Wjke1UDUVB|(}X%iHlwoxX)TEyZfmN^5B1(C8!}YC|eC;EU`5jxR1RZ-QNr zW|+uARqq7RcDXn&Vr{i#0$iEw+gxxr1^7{)4-XDNIPRmSzlti1h~z!Z35lA{zw8Wx zn$3Qywk~aAvipI^Ql#_ygmD>`Bnza`2lWUP#4mwpMe5T^c?z9v?nVMHZiT3qU!2a# z`^v8phgfW78gn$)mCA1l5;T%j)CxhvU^G5S^j@!^E!$NO&Fi1MBB3h-zI&s)Rj~%K zXNzC5G6mA{^dV6}CxZxMaj5Iqdiec5_hk>ESrH5Q%Y`OcouR19u_fDuvxf(4W(b<{ z_))Q;L@{VtDA|JW$J+p{j!Kp;tG;wqchK*jy{XbOgIl@3A?45}OrD@eb`BikrN%Jd z&O3Ls=heT+=qum-HqksXhh3u6>q{#2?WStJ`S1*gw-DQ2>^^C(ZyCG+gS*;q5!O4e zzvSK2yzF1&m^Nhv*Ws`s(|O&Ig-LH=qV3`+>trdubW+Mugkn?<3tO%uC9Z!AU(T** ztfX{W(6>G92tPSq=n0M!5CyG_-)zD;xobRjuf=s@+i%NM5ynuF6o@6Z&0PHnta(9e z3m__t>1kPtzQXn7%ell~;^SrYI2n6+99L?rdP;epGC>c29dkL0r<=o<&5}0?3RRB5CeSY*1(KHAgimI_yx61jMuc|GmhHDfi0mzO z&pg7I=81!>1*jU#h@&54gx0QMe7&y}+pmXc=+_&wZ_KeVttal+o%i7usb5D$(O1R- z$-Kw2wrR%CDu21)C!@O;a67>RrfnAS+7i7&VZH!7GrR-+w#Pl(3i9JKGsPlWbI4{# z;&EdUn|fAO&<)P_@+f{bd+?aJIE(2LfZ~xIoldFDt_75*d?HTT@3K2Q&Pz=j0S|`MkCp1Ei zJzj5$LFQ2-#B{fUUwMq}XvE`24>|e=YK60FpP6Tuvifm|q^pLE@6Wt50wnWlT@Y=Z zobGxXe`u%bG;b3*U!_LfUH@spu_t9*%(6{y%x-F6-Cb@HQh0>_l%Q_7yE#$~>%-H^ znMCjNLDFp?4x2fFAUT?5 zE?Yp?r|fchYg%0|L*fQ(d4hmW`6V~@&-8rKFMUXOD}PuYUt=8?PjYJ^-CxF;&SKnn z1b)E1(Z$6e7Y93IUdz*b>WVK&t6YKd($}F&_P71}iH=*GY@cTavR8<_Jt58{ew4BG zq1bG+;`Je473<(cuu0_pRX4@Ng^!%fHoR-{;-rnE@6m8AkGCb=)YK2|I|9+>Q0v|F zql=Fu5~haKmx$Bc&8~349TZ6S*W9-#$3M#cfSF%^aMUWu&RCazOV=ok+-m)1Z7o-S zY|=L!aCuCvkrcveemEQHFUUd6=aGWF6izI=fQd^ersQEDr$D@Marx8Do-fM1UrUrY z^PS}Nev{yaL#ZwwF7f_#a@IziFGR{(`S!4F4jRBv$2;S6d7c&9x!Iy1%Rs|G>z`>U zvnJaoQeC(p?ue=FO5;6~duIC__ibsgc4%N^o>NSe1TP;t_3BU5;Ag^X9eW8Zovo|p zyVmdreCiAv?xKrj6`dr|Zyu(rqo!~a;7<0-cK8nz?xh?SSZXTj-7_ z7id^l0R#m0-XY6{T-y?!%5hD}{Rf%0V@$adDaw{hk1H8p$vBmC^kz=R&j_v>IX#24 z3F+x)U(<|@?HxRVdcL@Dg5JJXAm$6@CK(KY1tl zjPZ~fxNwC;kp@()8qM4B$fWX;+Dw-rwOoA^aotbSY}4Ru`?WVXXK_6Gk0Var6ClwW z7xlyx(M18j03c7d6#V=z^#$(dYuw!Rmr{H1)8&m&cC`?0iq4Nr;t!KRQ7O8BXbRZ! z(~5k!4foF$_e}IcJH0-NFOjipJ_{G+zB5-7cv(h{PV7PsU`6pd3z@b-6g~hGfBWj? z$Lv9hSizwgMWIz=&xb)4txu%e-Do6i_FXa@w%(3TPCfIjG1#f#i#=7jv5JdmV$jHW z2gsf5EmN8DY8S7JCmq&e4UPs=f@e9o%1}r8D=gfTNs5qcjq9QCxsru(qePvLDnD$g z|JJ;9<4s*&-&&1-uJPP2*%^exY?aK$Sb-9G_hz~38ke4diZIvZ-^H`gQBGQ^rPF1( zD9N9N>aA+af3AtiejQsH7~&G}2D1R4;s7nV z*;Piq3(cA0?h$kh>bvjNM*u7|(6( z4ev~tE*C2TFIf~W=KrG5%pIU1ahmD$8kLqR7RZPTlS&T}1c`?j&-84Q6VlP(dBF$& z?lj^fNQ_43!&gg)*VFp0z7FH1_45lc9$5&KmvNY6XS>=KJ?v-rZY3iMPq6SkI-!V< zG?vg?ZCbC01;Wj_6DebaTy?eDZHqi10Gka(^j>kA`kX((I)y7Q4vkDm(;4{=(^m=b zcP}9%jgS@nv`7oE9g$f9W}*{8L518oS@oaHh~q-h-h~h>_N2si7-AC~fon7om z%um4k^K*Xjpi2Y^xzE#qWWlzV!XCd!~u)vmqghX6b5B|7;?D9QBE7i#1 zPl#R2m95U)hwG3?#pH9rRC}J1=ZBwb$;9;MpnB+V`liO&DVIete%ahd>nYNJkXWj2 z?SUz9C<}#G_4dBOqTX6$52RtU0X+F+M?5^P45~r#sraf;I<=**uLvc$68&H7omW(o z-M05t6hw*zkq$OQdT*hL2uO_xq4(ZG=rsWq1(7Db2Bde8-fQS3NQcmb&^rV|3FV8v zd!Mt<<#%!J&K+y;jEt4JR_2<|T=V~%9&}IG-C5_svr3A-X$zvwi*2v(43A23PkxFr z01_S^JhpBVJmgaOjR~K(06KFq+Zrh;-sw@5YU%7?e=CkQV-DSii?c?yXU*@S+q7@U zt7cZGqI(F3Yro7#Ha&*N6lgA@cKJFB1oFlgN1?0*a;x{-quF!bH!cwPqUw?shu_}; zW|muSKlSC@9H_Vt`&qfxek%;=AEaK~o@Xoy;h1T2+7@|~VmzNXuYG3sf};3qTZT~F z?ws#8slo8(`)TG$;C+5J*^b*(d?w#;G~O0Idv!_!SiLcw4n6S$Dl9Ny8)(8=uj;Tt}a z(Ce!O$Lv>Pt!7SqqqhwDt?;BHCh@RKhfq9TSF*&t(%zkOU{KSlSINqiZD3nmjDtHx z$YA@!z1Qa@QGY6%*D_Hvu)f1?m|Sl{ByIC zZ^oNMg9pF+1HJZ;fv2WmQ35$ZA?M1{;(NybzxjN(d(&(0E<&_o%gv!~8^Gx6_`*Z-{PF&!e=XnE=)>PC>+W4| zrD88HN;_SBeqZ0IIlBI6o5u`m#JJjP*txo`%(1t(3#?HWC32Anq8;noqkX4NqIB*P z_`O;zAix(v2J!nfe6W@;D(;AJb)#om{YZ4#lHrH@_}vF$VcPr(WebR1WisAzId&YY zS=V`Ojsf8^u1JZ9zuj^!K_JYQi`BI)T@HNl;G)Zm0DQtKf!9g9p{(*vAd(m}n; zX=U5vpk>qOw^tuR+*#$}5p#ll=v+8FilWYae#r8hmg7r9A+P6I)4%+>AL}PsD3a*; zJta^Ubr*>GP>Q%c3QrA)td+SoG4IBN@G;*%mWS|UA_$IW+f(DfR=+_M`w(oW&^EOM z=3H6-F2`zVQb^ZYte)p#7Q~4bDgl%dp$yOVy2a5zO*0l)W|pT-bhmXdqcqJHO{JLI z;bclqNf$6vpXi~F9sE{{z=s|rujN!TkgN8t;jt- zdwLHk&u9LyWG9kunSR!fkw^#6lUif&?uV!-q6=L3a!TON>cPjRjda~@|GZlczObO% z*!JEY8tyA&!n@(^9d&Rb^?v12t^K{KW6SeHn~?S8B2DOJ5JAMo4gJvIvnTv)XXhx=2^NnRufYzytw zZR&nvPzFhA^c1@=J9oc2H&ETxbaHj>8t(|d^w&rPuFXFk7?eLzsSth}uQzpnruuGc zYbeH8z{s17zJ0GrLIZ&cZe^Rt9yoQhwWa({LC5<}!)ACDmIJF&lr#(awj>Dkq|Z{NXR zywFCit*u36WIcUaVbk;ZUOH~baLUxq&MsHE^4rmCt;N@0%QZ@@1|zFaaDzt;XC+c2 z69y?BcmdD;e3sh{Z9P48H7DoAIFi?!*1s5+Ik>rV%F2cvw^5YD#KZwtDI4Pt|J1hE zw2y&6YPz<4-Kx_-1aM8M9@j&9a< zc64k(AP^@dB*1@`>Q8O`SCa0rF-j>Zss8@{5Ib5M1_Ehm=}8odc0%9t-y{e8WBRY~ zQTWZ9H-E3JSn3ntX%u)g1HREB_ylJf@!z7X#Tz5*uAe`D{=K$lz4p-2!$UZPoJX*+ zX22O=X8rFebKS7Avcf}E@XAjX4h~ZM?nJXth2v#K|CIXUlZ79Jw&w9kbsn`JLU&s_ zprk*7{^P&1pZ^yJ3a+lM{`(O8>_YsApS(GK|6f|H(XlZ#eC^Nqo4?ciicN@*H+FDP z#p}SF2ELf!7eKqWuP^T(jg;)`*Pj-e|61?cII%Gp9IBebU;GbCVsUsFUmmEVldymq z>+I~TsdD+d;E8#~#V@$I@8VZV22%Wwt>S3G?fHf!T?j-*pK!@Pj}3W)@bC~(r^U|; zkbmsOC5Ree!&~(A>(_NqwBmoPtV4Pp#j82I(&S&Jccu7`1^vIlz1OZ3FNTJO$U2+x zT?Bb9-4sDsUq${0CtLtHAFRl!Xp!zC=+*P`Kp!)Rg{8h%@wdF9UKWQP=fjWwJmK`A zcTzBq8t|rdn$u9zQdb@BwYG(Nn?9nIgNXgK9&ap$%k;UBKNz6)_69sy!NX#flsCpA zWu5=X&Xo32CFr$$*y-t{{yJ0<_J91V)ALu2O`p#zU|Z7_-v^sdLV&ACi(;n)4C28f zd(l^NPI&kQ>Xy>PSoEs84oKE3)ajOmMhv6H>N$6iUNiheU!?B`UQ_p#L>Z`JL5_RG z`P6qpl05n~d_U^NSu$*?o!dn1oEW>j7HTJ!{v}cs&wNRjnt81V;_L`z`n$1{%iYDU zSCD_08RO>luy_DuHt3rU_BB(n=P2!5UY(i~2VDwO4+fh!=*RBs!E@ZMJ@2ni>GuJ0OFgM$BIZ ziHeG7N5>buMpl@MnR1Cv59bET3LyWmsQ8kbJ*!L`ryt&wo#;&&fW64i*FB0;YdkA3 z1P0y7`N1k)8Lc7U7yXJ((&pSj7QLH#4z9GGhI?1Mx=@rQK8sXOO`XX`p6J>7<=btL z0xkc@OjkiktCh}diK#eU5sav+SaS+g0Qf~uZOD^xWIQ?fMEbo0? zeXYCgSFwHr*vtwEOi19LyY3^R=Jb7_oFTD->C!@9{Nbc0;!G%SJoYI4~8vO<2jziRKN@lSL$|Y@ZIl%I#h*C@&Q;qsAV)fk7B&gQta}ihgi;K5R=Kx5mmJ@Ygw|@g@n{jT?pf{izE*fq<}*cZMHm zs|$zVIl$E8i1D9I%oMb?1-T*(p9K1RGYgh`=Q=VWa~-W@NmFAbQh=OmaskI?zaDcZ zAH`_Xi+r8<5D~8%kKQr{s;&4Y`x7njITC7x(sh3I)jUD1PhHNbxh_c7gdB9$Z#^c; zKqH?P-;+voFZH&i_;dFA09 z;9~;$T7=)cL;94JppNH7=dtZu_Ek(G?P=S*_EYpS%F5_6QA>WkNT=2PYl7fC7Wa%mPAz0;>5G6Pn zO&It~sx4{5Ake9*s-vBqy5#JFUL@0M{yw#v1!SwRe~9K-`_HbM)p96y53YwtTpJtn z&Sz8HbN|_@HgUNbqO3CDtfuA@Jy!dq<|q}38I<~;j1`t-`TKxN z69-0zj%d~l8lP#jI1FR_;!CBiqwrtyic_F=S$c@1hZOP%DDKDCACzJle^nI?p8}bK zYzY_(#+*N7P`Yj9(zZVfm*~KR&mbEo$d}&ENJfs7u@?iK&o!rBkSa2u(YSQ_5zVQor~1J5O#C^nnmeXFT(@8Ga1=qW}w z7Ce|;XOrtY;splY=`&MV_nU?*CrKnt@k1=J72d9oShO2hi{RBe6;5G3m-ka@JlH6r z{IXVzZzP3HsN1C@I^_cWGmwsvajN!z&Rl^BOO_9Ce|{vR?^X{$+S@7535?UH-@3hr zZRuAg;rcJMi!Jx5u=v}1(v$IN`bT@$%9Kc0Io6kcx7Pu>6<8#AK3oXTbbr2PhY*Vg zepw$_BHEa86Ny_QUfIHIHHJaa){DgHk*)y}uLXXbFqUc!Z!*~Y3vhK6DV zjV|#m78yPV!>i!Ku7+a&378rF55P>0Wkf-h*oE>`rzkn3aGQ{SduYK^9uSeJ{u;h% zpt;xS^uoaDwn*)9bS#!u-D0 z*^Y zMokIIdEb&Sl?P7mg;iV%6e|}8l}t}^eBI?_BN_%GqMs>*)(IV; zYmC`|PIa2AXGSp5@T?#UdQmltcx{EhLEhr0Ur0Mfm?Moh!ClEyjzRGp34E-+)BI6B z`v_4qM(3rPr?Hx?ix90+L+cS#xTNKsrN*44G%)-Xi(3u5vwSds6cThgqRE;gQ)<6k z>Gksz8oakI-yF0UD!99!jj>odmF1fvK)}7 zJAw8uLpxqY{A^=oZ{d2?xi0p_rOzG*_m1V6sx@^!=q7ccQkow^RyDW$YhxkqqSWvUjx>C(gQr zn@M#u9jkrxOiDB<=0=P?O+Av2d^`CFk)jPAUmiEHg%G`bjHfTD;&#>^SI`jmzs$}~ zpE`^1^|b0N6U1wwIdofBCb!!i`iy~*lt?uhnq@874>nDIzxNxWifV%B$O^sy-R5`w zGKlpeRqB-iRceqZj&(p(nKXm=sElQ11mB%>AaektONuKmcw6A{qD3_IuxMbO{9TYr z2eBKMQfL1(q0iN8tb;!Auv5i;sw~*FYv^VeZFdWgmU#Yg`Rk6k5H25d8@z-{6$f zGctgZT-5jPo1AY(2h`Eh+On~}97#En>d?S9S8#I=AW4!#-McU-#92K}TD7F8T;Mu~ z7dnmEl@sR%KOkY}0B?zk#zkajC+8;u6xlTs*6fJxOv-4XW93W$p@g-U& zxt%_~r9ux6qGL^L5l=T?LM~>j#)Yp82)26%9>}|uTAd26xNJ#rDgNQ7gU*UZg zcvv-+Y>f^`ol6n0Us|J{h)lDXOjBi@6c})rMtW_J)>ek0^1bsF?Mg?HDw%16Qf)Z3 zr2RzEWJ93r{Y+$^N{)t|yl_A0SHR_-w}c?uiDDzRDz%gM+P^&4-?vo;_ZzN;eX1Y+ zGL`Ba_aW!+{zM5@oS_HVsvo8@)^O)<2=gijaASX=9mq`lyQKs9-|+QsH1R*)%Go>m#UH>;}=&Qr) z|ID2He+|AWDGJJZ-HO)2L+D_6dGbc@-xwOQ#%(aBOzpz1xL=s*QiAfE0nU;bFu~Yz z$Laz#yu|TRs}l5x>*!4W6+_l7=aAv}YRIu3lLLv(K? z)hzTq6hS*rsOJ@3za0}pj z!W`xvKNUTkA1}5%wr%El)tlYNI&9} zi3I?v&rmDiYR9}}TkoHpASo>S@L45T$K&xtO*)>#BzntBR)g+pHf1*?oE^ zr&37}lB%GGgL>;UecnhFGDvoIZQ8()L;*KI1Sjt$<*52}vSq|pE0t8-+yv#r=$}YR zri6rqVCL>W{+nxU_cFG%k?sB+arhRcs{EP|G=Q8qJ14E`+!x11QTI$JRa?hQ;h8W+z-UptSMOx;-iHhWdtdbzv03jxE*o=i_Jaf>Bh!q&GO#>Yd|Slh z`(u=GcCa(~DLoN+7tl)ID=3$h`!WCS7LjhEUd;nZbJ7KAMs343EqW>|sR5^BGPB9O zw>G5bcTXCZwpV<^anQP8jWDD-?6Nsx-}gPBph(~`xuL1)?Ec`7H&LRqtTsUqo}ZuJ#^ZF0x8vO(jC-$6i)ra5AWCQT zw3Dp|z#|!s!+DfP-sBGFk-#bxFGdkKzAgE7@B2C_c4X&l!qIipvu&IZ` z{o=XnHM)AaKz5M|6IPO@>2Nb36`vVZ`EOk6DY(yJ_(%xPe=)J~J&UoCF(4zhTgCX1 z_?k@5WhB2Gih@_bp9!WMV#}Y1S~A;J3G>*jXtQ~6@CMX|%6O|&W($vZ^4Jwb>YQKR zeXc2b@8McL*Sug%roC=&TZy0PdfibwJ>ZkS5~LxSlPtArwC2jFM4@YXFeSQ3sv4&k zYWwo-eAjRm$%$7Fq|m52NybaC#?u>ZZ)Q1@9VtVnMUD0AMU31ot+ch00s%&;oIQ`7 zo6c0Twl`Glr{U5jzTyR%9IKy;S<(!#ot$(aX2{|N)41C5y;nc%Hq{t%!oKKT8S7W{ zzb2sc3Yz?{W8K!$m@Q!%_=Gir+iUG$ujq?tYq0<`EXOxlhG1 ztYgtH#T$5_0r1Ipt>O*HQ0sd7B=Ji#v~SpA^J|#s8@NA-p&`<`HixxnoUwd0ah;%N z7OPahJ}*9RDB2{fQYz(gX|JIb--cQy(b+@47m|gfb&oQXQ`DbuW`9yR7GTUku0ch% zb4+?7LZOmZdItcJCW);wF}Rho0es)xt);@>Y$E3TT|!e5_lloPn8mNWi$Ye*Sv*6>(7hWmw?dZ>b5iO0))&rc&p$Pm3JPz!!n0$Zy*C56HPH5%Sz))M@s2Rn zu-dg$wK(rFEVVa^q{(UwvN;LMy=KLv=YDlgV$m9<%59efs^bLUxk*CElN!<76SzUj zJ_&hy14r$M+h|_H!bCc`JvRfupxOh#fGQd3AM`YI=@{;_WpmDk^1_q}1cO7sA#1ykE=lh&I-Y%nGL= z@8@i6`DDQfsyR<@ful1>3JGBfc_w*P6@uqYCQKWL8qu-&Ss}yU2rC{Kr^jaZU31F& zlb%KE+D? z&oGBHxHC+_8ZJp4du4MZ7?5@H=E*W;WkAP)2mLY081aWM`3Sznsh_rYB}y7%c|7bk z3KS;~W^wJhhpU(MEH1_i-WxvQ#*43v`Zt58&M-H8XII+#S0PVF)7GCtMZF$X+D})- z$B32Z4WRlGEu_kx3Q?BqIUODib9q!G42JKWHm5Ey?Oyh`KI_mJr$^(_!7s4JtQUcA z7A%Ze6{f-*h}JBB;muAI zZu!n)JIKI*SZJ=1hGwU=G#*rlN)AsLV_bojN6=GRCf;#rZ8H+prRk~XOw|K6|$ zE)0Qv@nZ=n`Qq+sP~8M_Y(O zQ}(NrX4MN#(Jl}B<@(e|&f2?(Zt2F-5r@*TxKgVg`V{CQgu}q+b|av3-RJnH_Y`pB zb>nA7fBAb$g$5$i6XD_fUXh>fw@N!&^0#61h{BjH+vXv>K z8`-G-d}r&Z)Jpkkgf1N3lbXF&?vBBh12MZy8gs0yTHps`+S;|U%k^eUD`JkaIRJcT zv3tmb5yv;-rYjd{&hdv8fTp8-WIRrwgf<-V<8()LH31#l6hh6YCzC9$%y*}h9RievB&yGg8KZ1J)R)qHx z1}v}Ehd|<(L;1|umGYgg@Kf7;F1(71&!K|JhG7Y)PGNQ?b-}X2J^Lnh?lXlC#bkvO zlXRSc^iQrvbvIpg(L2RJlbv}nNkbDxH-=dFNHH%`2IlKMJFI=zHD7gnqarI`)#m_m z?k%DNuTfO^8g8BA;Tb}UxoS>@1^5jb*uJga=zUtnY1j{B7y5299+!3j z`vppoO`$RFSp`bWuLF9&3#Y*Sr#`S#&*L=UbA|xdI)_~iKys}r-J+da047n2>@35o z-zPLWxXF zOgfhp(>o>msBqsD#OI?*+}|d7x!l#0JmZIi(+*A-U?wB;H1i1WiT3GWJDCz_grYy1 zlNfX@_)N+eVE5B0qo8{|$uIyyb`5$?;YfPqXubcHR4;{T!vn5TnKE9RW4bCuXl-xiWDEPKsk)~PVsKiV3YNqv)X5=11UUX7Ie>|%1W zhYul=9(N@O8f#5gNct1_16dsCzf_jSRaIzzNx0u8#@2r;fT!7F{4w1)^nkPe4l3nm z!BaFfNpq6?EF}rKED9&stZ{Y8gc2g#~C4)Ho0V zl<8C?s6X|XCfF~jkK*pY(n@JsW>=A^Ub$0Cr3Fs=EXme9yvConQS4Y>ez?S_>}BOQ z`MHZQ$V!3dMO{45u#u9<3Qbs~k?pWD@8|9R{Fnw>rW}mEG4@rbzYm>!vVayX6swhD zyQ2Tba!?g_+8yt=(&$YhT1t1KAQ;jY((^8d#2A|@Wpa9MG`fG0cq--B8>302jqRi5 zQAf931KXMK71 zUI#1_Ys>p)IGC6@VA~eIkDJ+(ZiB8)YO2RdU1Js1r_QD&&=7qe7n%vu+--B;diRd=X+0HZ`%S4as*3>sps<0W2a>!{ayuwz=;IF)VrLEWtn`r z*&g8hMO&N;)!s;TD#rK?Ss)+K;EUk$Rc%sPErtxw!f0Anmzl#Q>&YkWkBF6&uW0Y+ zEGI;68+qh~ZRD#?Y{TCY4J2$-Y}N56Pbl|^_4|nS$Rjt-$3RC%M{BNiLR2IqB#6~j znF+x4L!Hs3-R0F=Uo`Ycmo@^KR(vbP&-Xwx{N>!SEcv;TX|zmKG2>B-3a>_&Lu&AZ zbZ^n$b~z7z76%*}DD?>P%S)X-+NtrNM-!bb7F9LvdGN?ih!{IicK;CDwQN86NUBbh zcVv)gt1x{I4t|Eka($LnG40j%8|R*F z3F_?}wzU)fKnL;sU~-*HL}U^@&i;+AIPt5CrZ^D>g>1Eq9iN<{}bz=`N) z^PYrPA=&!n8I5c1jP%@Fx$V&Gz$Y0?V@~7Es;XsVq-5bmeCsq}G+sN;Q}p-pRPbAF zVf?SS+-xzT_x+W0kSEyrkfFHCLlu4OG)&zpAozqP&UUM80nPS(sUK{ibTXodzJUqA~XH$@TYlR;N4P(P50M$=A>9x0hm5? zIwZcgXoTgr^G47|el{iGx~m97_CggjV8&B$JWouIah@T6D0a1N$vteB2GjrJ_SoLW z$z+TNvsC;E?|$Oj-e7EG^m_#v6=wNrNSF7LvgI4EatJVep+Tb-&{ zPrJfc3i5%7PvY@nbyWC&{yPBGtKgV}0f|OcsR&zV;Sz1wuo$DOyl9A~w^l%Xb)f5TYQxpY1%os!S*btlm3 zfFH;sI{NJ%3rHBWsW5xWo<&|A~TC z2#BcX{03uYaDwp0A#-N29~>?w`~ape_=qlqN#D5n>U`e4_R*DuEKQ(@uOoZ5mPE^E z9Aq_trSpNUMX_RuNT||ttx)F-&-n-Lj3p+!E7lwEPc)+wn5B>rq*MKrFGpy9Apt$- zZ4+%HZUiPLXL4a>BeV`H-ZMI?X}}>&_M|W;_qRw-pt{I;Uvup`Do@{QIVQBv%>&cZ zOYqJ>A6h|l1R>C+yZy6+hB36_Xng>FEdFiwk|{oq zt7+HQhg?h@lehiD!hurYb9YND6@2{Tlh0xRv-cY5To08L#Jq24McNRYH~0;K^}Cl`kb7sPXiesl{4pSMCMeWcSRF) zfEUxfQY(*APQIjkQ<5GsPG{BQ3FkVhnhKAm zXjDV!#_0-H%Ci$T9gkgGi`5C(HdxsQcFaZKN-{Zf>IwICd^b)WWtEzCKps~5K*f6b z;keoFT+2jjyeoHZ1glTc$Gx#xb~5!~rhra?XS`*l-d7bq%d1I2`(WQ~O@*t;d?j>7%14$<~mk?6YX*Gb_QCsH=2ipfD_umG~mDvsbxf8Ii) z)Q{@T#D~WkT3@mOQ15W#caDI1iuaRD<*}c9BLeE_4A`?!UmWq(iASEtBxaMjLm`Z_ z6(Os2^*gKK3&L>^rCkTn~pT>yND(;q0W&1*r z?WU-ppeK~duCW`snQ{j0beA1A;G5f1N?<(_mqKL~GIR*C@Z;GTo2^}8X$6m%gt)BL zZU<$x5zypZ^}z_HTeK=L%Px%XD7)wI=eFmk+!x4JwAZ%(peHVk&Iu5KCmb*?r8L7- zoK4*5;FPF+2fV5#Xzx*%j{us*ppRfsyv4%5Q4D6H75iwg{>sz;&E`ErJA z!NGQ@>C9&qqr*m;1-GNZ4pwg_yB)E?>B4pTTs1cf>~eQC^fJ~x-CiUkv(g57&~$w} z8KUM)z~|m}jKWp_+D--&`0X_I!FdN^JWm_;obkDl;H&UVouOtRkHj+sPtSB;>nOS% ztk7oF(%yNt3N0I2SX#_YELH(f$P3#Zy@*dl8B{e*?cGBR6s5Fl^}J zae8dYh9j$qb%McY=3VuGKJ7o2MEX`rRy`9^UdxoyyjrShBBf>e6n++WN>feze%d^; z?nz+ur0ESt+8{4Oju>L46Rzyf8k?cfyA{7f(}@oYl(MuyY_bGQPk)UpEWu@A`Q#DtiQ{-xjFG+(!h2A|=8Ci~*|^FuT!b&h*m$o&4{&lO^2* zqu__Mc;w^)sE`uHiFgngsn}pdvxJngi4)Az~hvhe!|_w-}*V3N=?v& z8|Hm*nBF2vls7tDV$60zA%$1Epvz&94K64aHGty zPca<|FqjmvU&>SdIJR zA6D1Kk%G#N7Yf;5s^C_NmC$(-mZc+3tvZk5~5f+N|#Y^R^BTS4Azja*@+b$qQak0n(YkO3R=q~65lZlbnRFAXne24f*C7?GqGnqo? zbffp>p*f41L8sGuJG&4ZRMBb!i_DUl*r57%1TqsKIM zzFM9lAM%yEuyU2y3PtGMKZ|@;=m%pRBANKP4&EuJ^fXmHMK&OyiJd$dyJ8qYDyToL_(B8@G?p z1FsH1Z}={=S6?{vUR38wbf*HZs@n8eE}>DIoF=Dd98hxH_ey5Pmp66op_{aR=F|6j zicZe-J`>#N>0_xSGa2zY_33`I4y-=;O0Gz52v9-Xr+RlKM;6yzl4l2XP)KsZRUG9E zJ0d*#beb)QQ=w%c%Sl+L%);bFGpFYjCq=0zrk7mrHD;75_9`xVzOKGHEIH4V6t>6A zO+b0M6SrB|dc?ppiY#c)P9757Z4A&hRZ4TZVPFO*WjS;?GIH*@1>~4B>b^{-M|({C zbU~|y6>tJ1cXV-C{HHltWg`cjRBVvUdr6V=wP@`e!HA0Usu)4YdH;9~GY8I%71N~K zH%B43B;-T8QZaufyNt;4nR4Z!0{0dYy73iuOUWg&JxjH*$Yd>A3|0WBSy_j;6^B%~ z?l=h$j@}2)AH46jbqc9iHfXxEAsZs@h|aUyZd;;`6o$3rBPi)vHGB#VtPPq_f%8Ip zXrfI84LZuviGs1Lr7lr*V^Uc37oF3#hf_K zYBuRqd{dd{GWGB!(-}zdlE|X)Dse(s=I7;gKebub*MyBklkZ}7&O4xWl0l0bgc};D ziH8g?R&v6%55{nvV9BMNdDE#Fbs%_5G`2N=k^gf^)0}rs(#ALP0~sAzVjU-!DVpk- zWiiFc%0vFx3oIQ5^aDh-c^W(a#BRcoi)pzNTgfh}zto@m@na`&l=*Xp@U!%QmQs+t zgeA~gTZC&M0PGQ41pHpNN3Aey#a(J_Kz~b?IXX7>{k!k2O@d0=jVz(P$k@4B$gh=IkueH4aBTB(=PfGVrHHlM{ha}%`pI3{ zeXnb4$x|`~#~c(x5YL-ejcQB0yvpR*a%&U}ShhB&q2#vcpF;b+lB#hi-RJRQ)Wq7=4}) zRtXe|Q=x7t9+a{?-7$L@lMB96_V%4yf28cRH6y&OrX>Di4Rh{|A|1`HIdPN3hh-*a zj5QnIq_^}AZyEW~$#lo}Scx<-tkMMXGF&)JVEps41RLd5I}6MST$<;lyK{+e<_Se2 zvxz9=aOK;9sgr7RfeQq)q4PCA0jks3zV(kapm36J6~XD0m3SNd---Yrx@7gi)}bdNIayo3 z-x46ZrE^G}M5Vg;Elzpe13?l}e?iPhea$_9>j^kuU{^aC5YwMgUFtbDQZsF#78}>n zrPcWQ%a{yw3oFmKXNW8*=sV>^!hK>LTBg+kL$TP8vqt;w&V)cHeb)-nW0OnEDyZ*= zCrm}A?%$umNC*40%}gx9uvJUrjqfC%F_{|gvY&j|r$4Lp*wi8{8YSbo12~P>y9hw~w0=XV9tO;? z=eN6COH*`O3+}TT4%#>_7jcjYpOX5%%3{I#)#Lqan>D7I$UK8OcUxsd#*AVkPQ4KI zJE%a0%PnU5WDzSEZ^)lD1+np9<#ckcMr3Ml16L$dU`m7E`xqCGF0SN)BXm%52Vpyw zXC6K^9vUwPt?$kWuPf7syFSdmbr%b697Kw&*iPG{^V^@lp4H1fZ7RwR@f?o2*ZkBC zoGVzAnA;g7ggZM|*=F(>>n`usK@Ro}M*CrN&-s6w>kH`4IZARuL>6?TeuSa3!@|)r zTKr>sBEK0yzqLvuN@`cq9?xyBe`pMTW;swyjyf+g!PZPNc4b1PEQ|WyN(*=?=+)SE zc#Cro@;?5_l7b?=x~ddO`KaiJm?n}$bsVG)(>NYb+jKby)6IvOb!7}5Y^Dnn;{{u@ z9=G#EzdZDuey26^3W*GjPJE;$@hfHW!cAm6ZqY0ifeby04!?QTn(u5|9$Xgs$4@3T zM=eXmI?X2wlB(k#ITQ_ZuG?K6c|C!2wDOOIKB*cFYRI{?HCX*10qAnfZmJFHIoi`K z(wubpdbKW$1)s;N&>+4RP6u1fY0hoz13YFYqmJdyXqxh7-Kr~c+jm+-W2Kt~cCZq2 z?kBc6Nfr@uDEli`cy2voU0C1lbc>9Hk(F}$4bu!Ep8W8;X8vHkC9$E%FN%kA1peI@ zuFt}>=K3AC*$RU47$kfGjiba;1(NQI11h+!Tn4Od*Ly{Q}VvbX>=yi&ZUt|fp-hZPx z*~3@e-?y&`9!q@GMP&$RGrByz<#AbeC$*I=YcW|?d^7i zd+XETj>iWtx9IMaI({?nu9@57aTsfF%eh+>*sQsJ6{YCcB{b4psk%IPnKt9R%M_$^ zLB&1i!_0IO+gdK^&lmnABv~@ykg~HSmzmdH0vBcA)vZ+UMUT(p_69yz0+az?$>*W% zPLJj%w?vXBN|GEq(bFa=we=bE48ZqP7=jm%JPAoNn_Xy(7|B=WoM5!vTcAd!N#W?3 z2`W=}TwutagXWd~E4acmw$~=X>^ZRMs#9mehJm5Pg;k6y10PfF{!a3;$2u5ZELs%L z9r}^(yFYEN`5;N*@H_F6hz{cYa(kr_(Uq%dfnI2q@XJqjXC2gVtqm)4Sw{?%L(CC$ z^G*}+AyUkC8n!m%*U-Wn(G*F=JbpKy)!{UZo9^^#We~$s8*S3I*7ueA#~V3xn*E2rp|@r$qh_6^C!4?&N&K#vF``aZ zyRKEt6J_b`Npw3YueiD8#Tme*m6dODxVi@_>L<+|UCr=%wZ7X>&*u(Up#YL43Ngv_ zNsH&8OD!jz@1kLKd>b4aL6_;@-*NkRlODELxiS&&d)X@u^O|>he$sap5iVJxvrQBE zC{Z7&fGT6!?T!!;slT_iZtWS@=(T^JjsFq&mZ zQtz*(oq#qw>vH!OVGIE_o!3A&+;d@7QniCzA}CFhY`bRz;nDZw(7o}jYBvFz#vs`1 z4q*^X_+EJF^%F~bQ?#^1A4+V8EWb3iDWY=7s#}V3XGWCwHeDrbCyvZShc3_*s~=vJ@bQ(HG$s-fR=sFr5Q5j0?aa(W$9=S zhItD_+AqI5)g)3rSkfNIH{d#{Pk6AF!v&>+WXx!6t8>fqfdkRI+NwYtREQIa5E2Oa z-70;u$@kVlvzYEUjbuI6v@O5)nq@w0vtT=^kz6mB?_lH`NaoFQ*ZRnw+h`?}{*{lT z#&V;ZRj&_tRJ6ECQ)Fzy%-2*{uiC+4p{&w=o>6{goPk~>@smS8*i-M};?VcjbS8I` zBA1rY`nwChsv?scKLsT2TKpb)OHj%ccbd7hRkJRcCJ(_yo* z5w*8pIGvkMMYAPOfRXAfm~z}*-N6u!*luOj=F8gm+?+>>*2T8}Mppv;^YZrd4vz|B z2nY_*u6*uq38jB3I@UK8CokPI`;JOImbIUqZv2jHV=|7LPJUQ;kt6<+4=9Kz#T>nu zF)%M+>`70%skDw6=7U*W8SNXj+bs!ZQt~Py{tVqRIr`m^!~~xk`iW$t;*i(v+hPQ> z?m$1WkB8@gvmc2&#SxVCh^w;;agra!#tk@kC5G~t@!s!-W)S1 z?F(8G8_5UcjDCja8Q(hKs*`*#GVG0>*OU0&5we+nv|}~gNI^)A*&Mo;)r`}`b{pC7 zs&A|3UF?!u$8d{LdH;B8@_2K1zENIs{mY8V5r2z2;Ue$58qus;BX7_0bjbinTxm2^Z*ab4a~ z5(~r#u`dkpvG&}3MxI-H!4q))_|4(4b*h`N%Q(peT#l4HGmqu*W>6YsWnIt#XHQZh zV0jLD7&*Ydiu%JK0J(3oj3fQ(f=WCG z>+xNag4IU6)4r)CCR-APts=MH#UADYQ9jw|#E!Ke>M0&w7d3})Wi zMM@TM`?`kV9*lNKb|#+&!BQ0Jo-r2D;wm%X%d#wQ&7>N0Ed}8BC%^i8@>)L~SKU51 zSd{qP*1A|HVq{b;^QB?THD;7dFY#4*8T${ka3&R!( zPbUrlRfXq+5GkJz{wCc_ zj}}LDEaQBxIs~c2y3!6)h>u`7{*xvJ8EyHsOv8^p`*jwg&Zlsno>0pDzXHy!d*;Q&0S+pG2(WojSkylO)ViFL5wBdw_7j?{;tRPW-g)QnAyFeMQ=vfxFa zWxO}5^N@tQrBavlG30VuO2?5R-&Rl5w^t`59h%8C3}f@Xe{Q5FdrKQcpzypH;x=#DNHMgm&lOgy;xQvb$L|Uo-(4E#J zAD~KgjJe3|Ahhk>GOclQ<&%qkwhK%Y&DZh>~G*G?n867AK}}k5J{2Z&Ajl zEfqJK`4ilMcnVoGE>Z*E3vn0_QXi~u_P;FpZ4xU@5Ii1_A8mlADdGqgZ~>UQc&}`U z-i&i6iBoO7Omcg+9$=$=A$Vli1s8KkPd&Fb>Lqw@WKRl-vYc|-*Z;TMObY-z^i8eC zXErJH&r4V)v*#hO5ql~?5BJvg^3Y|y`uzl-gjyqV@&>M!4*45hSz7mU)e6KEELd;c z8U{E{s+B8Jb=ROdikeMw)2lVdZ_f^yZLRAi81LjQw-#oZ6)(GoTe+0EnBZar?3Q$7 zR_+{gn50=({MhSkR#}y)o?3au_#5us_t73Kfi^^8Wdj#yudFY3B$7`gT3(@S5Lddy zg0@BX+~0Yxz10zT;MmST2My+=IBA@~xMmFh3C)Z=mr5oH=;sQ={;xv_OB7uitaa0?a7L6@+o?KN?tAuT~jmL_+Gyl=Ynu~t5S*u>l z$l@|-({V?bkKf@w)=qFs866~q;={4PATkz`&B-eInJ_zjCB&0^+31WAR-5E`UsFRg zT4iJTy$ZtG-=`KPsl`l*GfTAIl|=4S&Ro)1=wV2#Q93(m5mYQu8`2=4U?6xOYzRp} z&TH{eA#0m<;nCBJF3G?OY;#v}`+<(Fk2Yyf*U1Q3&`8+yW{-#pB0y2stKamZCwX0~>kt46pdL^qbFL@^+&iViVw5@ZUJ;hsQ$1t_aVRJer z8*O9*%DAxEib?Urd})9mLoh&`&uwKPAXkB|B$#F5v&&T^d+?qLz;wD3nq}n{RsU{!NQ%~ET;}8XuYaqH_^PN}qCV=T zsv!AWK(89o{q)8nYKA&<&MgwnC~x2JSjzne?(IVdpE=@psj3f1a81M%WjbkUN+p^% zDvu=b0Q2)QT04;a*G2_s2j~7sBn?FI8+aJsPXD8`NB?w(Ohfz8(0bW$1E*zYL2Jl6Vo^Rkn>%(;etCEw&>g+=xigQ?$bfN^B?c}&xI5Gomg^F0TXg=B_Ht0vLr-6kUqA2_94qC`In!7pj}KLE2n}q}H@30J>52N6-Tn_){zvcf~}NCdG#2z(&pj5JIZ5eVQJxE zIeJp9lwgwOlDd#D7oXsRT2ur~Oc?BMCraRYN(CGc<~l-y3-WON6iMylHFIQ0W%Q}h z#&qL~7{6-FsOT^EcxMvRZmUnJIC@Gj2&s7Isr5!0ymR1V^l}y2(GQ}q9X&?_VPZhd>IsUZ{PXyWDibF z{$@ZM+%6Aa!1_7Tcfo9Z7G|;eGujdai{G^J#Ovk?{qVX3|X4&bbSZ`~A40M3|bL4eBeGv!VN2Re_-a zGURzFbh}1;Y#09ZGST;MhKSJRkGs2;1DW`qcF{_|>FoPw(${dyqFc$T%^+sDKw+|G zlqRF)SEf8aZ;#^;_jzI7s+50OSM3+Km8kETjyHzL^R%xA-;t;|NL1+HUitIKB7Iz} zVs-Eo;#t#@kn>9`pEt+@i+Qk4ijew+MXWq1k)h%eTx~y3t`Pp>8M_$w?Fl*w`I@>q zDVqN3>=`qU8-hi?H&Yq$t_2vAK}s?k@j>r7F}ypE=59a4xng@4vv6cE!^XtlX!3}S zX=qo#{j=)&1hnDFFNM{e-NFF)aD8-&hg)IRO%1~k(`<9lRApd1>U3TcZ1(N*Ec!m} z|5Dd}M8_X1QyxekYf|Z0U)egWx}heea$u=SK_hvE@4h61nv^-UAHY|!10|@mZ;SDZw<6AE-nKT9YLQM2 z*u($-MzUDkJ`{}7DMH0O;3--=+oJQ zYh*Ie38Fn>-(SQdFpYr5@(YINaMpo&9QH19t#|$QeV!x>_q>}i0MIr@yx6D69@PYS zV|`$;uQ}PhKq#h0Aw|&vAKY1rcD^~!MORB^G8JP-BX2WZ^UXEsU4Q#Q?mMo*J%pg6 zNS@xT=U|Smj-O4s(2Pk)@55nJL-6UsaM+dPmX&KiU6U}`r;n*lsEsFYtV>ONze5q@ zLm72Y(Czr4BKnE}&o5ABBeFk;*XDMllJwUyO2rzV6?Qi9f6hsd+AbR8P5Enbt=Fz! zp@!+T+54j-8J;L zKO^HUM0S_f+BSWU(K!|QbKu|@o+16`(!Dtw~izRd8mS%2%pmUUG4C- zn}**r7goAD9{~dXk-@btZ#&pW2kIHzQMTHokvJ&eyDihF+2wVMogXbnGwxmr8>S@a zoh5iIPI~k~da>7y9kh;yYm2Y*qC-QFDo;t!j;zBX(vuo(?iM)*$-q|fjylc)Q+3rM zx()%4H>z_SJZOn8JPmNsS_qApQ3FGwRS$`Z!!A|(K4Z&7vMp%d1fl!V63vfyMQOCJ zMlBA_BY#{2_*dXBnCJUu24iXAB_AJ4rW26P|G>9RG)2;ETQxqW!XMci__e?aFU z%Az9hve0~k{qX~wh;B1<>6UO*$j;+;qLn@LN;gEOSWxzUSf2>x@4v&0s)GZo(5l)n z`cEHUyVX>6KM&6-j@Ryi?IbVPhCyjoaW?Le-MQMtN`Z zK^LH1=2in3h93d0n?ccD96v?()y(jK=k@X|Dy5RM@NoUZ|K9i^C;;^>Uiuxh7ehRs zbRCidCA}Jom#ZzaOXgqAf>83}y*w3)!bULU>(GdiD@U z@7H0J^C@Oh2;~iLn)ttuedBcacdq#mRKZ`}$Rc5=n5JvmLIlmu4qnOs2tZ`m16S~> z9l4vp+VomSRt>L$u;^??S7uB|R?u;!&RO>ZoACHjg`FimcVE6>SfzSLv@+f67Sl74 zQAxIJi(X(i1$4Yp7gN(VBR|Zkii@~s+HgfLC#6;N&J`DMSJ}6!&!{P7uYh(N>-vSd z11h5lZTTWfRiKqBO@AHNZ7x49K`NFMP?mbolRy0GTcC^ui)C%DQ6V*S9=@*sb+)$U zYh8apsSDtd`*|%Y*lccw_3^_zu6f0+`2>)(nwb&M>m05c((C-m&G7tADa|FmKZ}2O z(5biisFI62*(HQnt&$HRn9)0=Ewro0zs2R&Lp8l4OEYx6pDt3=T-rfXXUh0<5kUMC zFjhhxRX6IDH~}|(tE=v`rPTo{V%F1XnEW)s9SUd-!}Ra;v%45S&uUZ>^Vfjed;HThn|hKI;*38GR8>$;TMr9KcIHTo)y_ zXQ+2Yo8YSJmPj0XPK=i)`=n>+Ix)uVI&k^tED(*9J0@mv?*tdfC+O{*yo=FtYTfbB>4-2Qa! zYVhK~rwuy%qbaJQlRl!NRHgCZ9VldxN|DX{|p}admvBO=3HDdYH3*UdqV?@2u;Mu?)kq zH0GnjS40W__S-I~@9pysyX9)W{M^!n^VzJ+$K0EIZ1(19pFCwXr*95IPY~^^2`o&O zz0M)D<7p6Lo8Q`(750}E*5oh0z-9DrSGofp994WXe^1Jn4t(AagWp!Tb!?9M8g{e7 zl0W?SN`V{RD*7_UDR9JCsMn683vXX$3%vA3UoC~${mQZ{OhXjAzTG!3<}Qb>0rQIs zn5m+JrjC9cH3~?fl#Za#OtTLxY|Qzc9uywzC5jLdQaL^&U3cC~ZgMX$s(L!;p>gHlv10a@P3Hdb@{8I=6~qc}OCm9kQt^%Ny9xi*(Ujz5p_g zBLI}(e>fhtF4~mnZt1&He|;f89XIblNh7(|=7As)PF-Ak$=(38?J%Dbk4u@FHPfDz+^$%3|;9bVRa_x3Oc6Z>)YU{S%rooxkPm zu94_>a_I_Y6_B`Q#aEDn$4IL_<4Bzc)1)?n7Eklw<;>o%g6lLD$U(I|E%DmL%n$yk z>*5lAaHyjOmZA01KOBZ4YYhSz)mL`0lP;qt=k1oi7#|a&F10^Il@v?_wx2ZV&nxk?6%OqB<^~7muj{|Bm`X>7k)Sc3lG6_~o{plOV>$FdV-dAD=mp_2Ig52xQuJPF!GMs9d zRf<%=vnOi_bPp=Mtf{fSzh2ym`CtNtvj^@ckG!jyLnQ-?t5NkYy4szr7)J)DTC}V> z4H?k}HmIHRjkWW;RCPWh1c`6heQSQ3U#*t1K|To?Pa}97O^~KEWqm2vbAnfX4M0yh>RY$OGt)Ldh?-fQ~_?X683e{D31>c{1lRP`fHtS{e>gc{%oJtXCJ zPz;?A-mG0-YzAhR!Z>H*-1kq0Pke0!w|~bq&S9Sz=qF2@rxpa8r>X|5T0=lL)72F& zZk!aaj;(X`&?OH(U~H@~OjZ@9MIk1ZcVl}LO-WaF3Ie#x!_BCDRi+DbMkh~j+jkaF z>1-&-&Sg%bl}?jcRBOGNN26%KPQcb2%K5@Tj$ZorZ%Kj}$YI)*SEj%VAo82#}(H?@Z?Y@yMX6iJaHrMkPiYx1sgk8M&mOTXbuTjc4=GdYN~JfRov zD@s6>#He*XA%LiHvldt34wNqE*_ZGgax--d)Mj_&Yg)znJb&=%HE|*o2yY)-zq**G z!elMt zP&{mWbVqt_ol4IP_ae+cClET- zD`L&m;6b3PkBJ>ZlCc{OZi%ORdam$n>2+`{Z+>i!g@DyBp%=+ zm%gnG#NY)M+Ad}CaMh0Mf+d3dZ_igM%F1yw1T<|z@uGsq-~906DMIv>NY#|dK)8KU zwj@WCem7lA`QsSUDo&usqEu&T8C~)U?;E;hdS(dc+hCmAURHF!8NcK?g`F4VA%0{%?=}GHjc1ncC!i zV^flyojoRk|Mqu&I8~;E-MopNE<5Qfw`Gm10YFp7fM!<1AmLSuS^n}^Q0mbEY)r$| zBn*;}*!p}>QA8=@VBjHJw#}w4y+it@j^f$~Y`xC>;nyXoA~QA^e~CI$pfg*QR8m3@ ztQs+tecz#%&l5?mc0h9#pRZ>;FUi$KLQBuJj_ZPXWT+gAAZ@x`4RE z4R^S9XLZWdv`rd**OyFupr~wWa9lC*)zdn6hwl-Y=3cLa)_}YeHGiXOS6aXqKA+2f zfreslS0<#iwom4>GPnR0*IkOuu2mMZvqL)Zr*z2IHjlb`AHyhD7A`|bo|23rKQ#m1 zv^>Gn$`=}SNbV14_4O!mM*bwz8)HTb^--Y`02oKspKn>F68`7~*jc4gdNdyQQrG@_ z$(CnvlMusnnpUMddhiJ-^M{BZ)-&D`i1eL^~`UluR3Yq~T8i%6WBh z%{dt7L1r2=b5i|_xcOOG#AH0tekw}=w6X=u!-q?p2mE~QA+Cy;9@f{>q*5$2=v(b> zF*_EAE5c3kN;5K`{za9A@o^b|f@#6}ZC3o{>_g+OW(xWhuWpj2v45xQuOkl?;k&h| z4pdEPe2~nU>Jz9llKpABp>`E@$Maw+bA2tgox$}7-FV;>A04K23qo!ALB!NJ>VVY1 z+H?T}RbA@CDd<|Y$dYYn)Ia-r9X+gIMsIN~Z+MyjDLz`&ZUXzhC&Zy4GLXjK+lvmGm~lxFA!AOpDEGX4C?C zzj-0oZ4KQ*Wyx7X!7)OAN%S&N%Zp0?Vw+s*pLsHC6*_Cx#H=Fgqpj+C6FPN1HgqPC-)mem)r@4BUE8JDgeE~?yBSoYxocZfOE^b|wuh`C&;@=t%yn0Wa> zspUaD_{SrKlvNkGsv&ZcexCZnrCHj@+_n zouDzO=_HO0EfC*<>gDT*VPdJO9-p*MEwAZ-M9r;P#LdNbaFg;Jt%4$2h&ywDlaaDM8djN~#VdylBS7CpAA|u5>>O2Hyw_Qho_reyhlcaZ zYu7NV?Cw@BcWo05hmsCiSWmixi_ZEb^*!Xw+7z<5upCF^<{TnaW~Vt9o#xMu2kXrs zk*Ijn%jmKV4sDot3Yg23RXKWN?&wysi>i=xhn3yrl5Mo~!Kf1QYP%Er2n^%l-_}5U zwn8clTA!4yIZOT+p{b-~fwu6DSV`q+&U2JYyku94<7;c~)Eyw6*Y8!^`8pw%kjvq# z^zqXFf@X%aYVP$%eI1}aCGl_@+jpSh_F4VJz+|gi*02(KR5W0`)C2d0cyfH*yTZD+ zLGhQLRg%G&y*;1{XG2&dG%#crs0_>_L*I! z8&mQ>Qb&pcRCG#?S?5N8qbbpbzt$5Xl17~7?fh5#zmyIubGvq!JQ8o(ur|r*x@O9& zs4!~mcHVpGmX4Q+fk!cLmu>gIa9x#|K$_xVeNB=K-$$dk3|R+hYyB(*32;C0JR&)# zy}iI<)o8VQeXpD>Ls}sxB?hB2Rp+Vg6U)HT@cTu5rkoP%ADE$sq&fC!tC7%7D^;Dl zf|31}o4h95?L~TXfg6@O;k<0A$|C!^?ThWb>V|7eqpX3}4$dW&Ta~HEDP0Gb`kR`X zx;`z#mltm%vuNEr5-ra9q@@5o*%6wG((L92&T0fN+AD?2r#7ZvcYar%n>QiPwT$6| z(=-W*n#HE|5|T^xWwX%R`8dvLQNJkI(TVr;D(N8EzjDB>V@@y3HY?k{{!GTi22dG| z^-7bXwS%3z@IZA3Osuh8?0dwUsh2KauUnl1~+NCmc1a}iH^v3op?>w_~KA&T4p~HDyEjK*ZIFSnlyrQ#(wU(Gt z^G)M?5WGhm>3WO$oKeAjHUFI?^ND>#Y`l~=6z8

ukBe_jRWuc`wuQVnmVo?gcx2 zq$+_zB~dI;4Ab$M5M;{jF_t>c<|1KYYV6a0&DS$)=8)33zml4Y0+OuHUYDUAS<1ei zv)a|1b>3?OwI`gF)B34O5(>aHfLapv=t&!H!Bz{{G=A3Fr_-@^+1XZ~rA}Qt?ZBz$FxR!^a-bu4 zh(G+{%+eOLtD+piv+a}l!V0&rhE%F8Aoc>m_-G22N)?WAU!PxR@_VbKXgVNWL zi<5v_xs*g!2Ov8(O#JNhg;ZHNCpbL}#T;HOPQgv%>ygm<*xJO8o!(NgD(zGZ5Vs?B zqR#xX1$#!r@^jm(%j`0T`C$mivtj=$CDaMCV_4e+-pyX9dBaY< z8b3QoM0-Ua`~oO^k^;If*WY&XX2DVnWrd;zK(Sf{!A)Cr!Lt!#HbS+>II|aa#kcrO zHXWKa*iZVi?Zm&q1r)k8-yqCB)w!MT%KnUT3sYap`FW?$MI566uC&V`G>n;ycv_w; z7u~p?FE=oGZrm&j6U9BsKRI+s1w0&PmVGYYRk9B1ikR!0u;%9G@CavOf$lJEHVk=t zf%GT9P9BBq$Hy1cP^^)73f&Uj9w{t+Tinz1x9??|ZxBn&C#;)g6?Y0V6QkX5m=h&N zN8!cRNEIg?7!@b}v^0%M$ZRvPRh<`$~Z zemU1rvfXh@D(;rV%zjhXjKc{Cf}`>|mXC7$_isaIq9;Gv-BH1|)3xT*$qZjy10^LS zy2$x*D>s~GPEzURG1O8j_dp~|- z^A=|8=U^4-1m4OyFrbvA#>1hb)S~TAu4iRtH0 zSRZjp!D;iKMCXe!i($YM@%qa(-Fis+j~zLZ{+lZQAy#Eoxy=?aqV>8Ip{@r2X(w>o z|BgfG<&kX}!_tXXHLJ;C*3wcuwlNHwGg+k3a)GD(JP;--m$RYXhDP zeHoLKu^neE5+#SDty@H2@PLpd zKXyDSeUsS*c5C$^>mF3`y2>*C{sb`G#p2_1Ou5p~CDyuMOLW7xA|7QGnle713zeC6 zQb38q8=v<0$U>5yw2TIwIqpYTR|q{dx#imAGG8R!@b>+>J-4WV$mjn4ezSBwO2hHQ zPnui3^~wf^_x6&il1S(wK|2X%fB&Mu=$8S?Rra1ynG!L%csKz!$jZ_wUx!(-adzYU zUq5^cu>W2uMSSr^lXk@VmQ+Z@9mrBznJM@vA^lUb9|&S7%JK;8pz}8slk=-G{6;GK zcnTz#$5s zCp@^ov6g>lg2LeaAz~xhtcBFM;D7d#N-&AlyB<6eAJxac)(YC#KKm(~f;f zPX?t$_BE!qtpYTd0CF}$#q;{GvLpd)cu7);m~-eplTbCqBRzt+b9%e0!tu&bp<5h# z*%JCBTahiMqAR1r78jHerPRe`$K}uBx#rI+m$ED5<@#WuM)9}|kHrANr|qbv0J$1h zhcf=wWS!ydzd=$arl3cro#z^6jf%CgMau0hz%0|vP*SswzJnyOb=6v`lX+IeY;9NR z_+CNA&N9Ls%iBoBPQxz&t1g(}#S^R6Q04N0+4>8idoUJm zdvFD*+&42A;*TVns;)6;X_Udv!2S2#8r^11f14K8XGy(##w|+Fv>18TIK~iqlk@lN z`yU}x^EDf5#C>c4A9t|Rc{33gW3m9@+Q4luW`tp53NcTs7Wac{g>`pJWXcRId3P-R zGT}m5SIxJAe*UaVm&5`@mF_26#>7Z8GVo2`S`hG^J0NdmLQ9-hFJv$*7xIh;`*q)^ zu6u^(WZMXgi(d~|ZxuN&u{di%;zgL97O$R34217#TB4BCw9f7L3n=fdO7sS(&GCgY zM3mOAo@qxqBp>kLWkQxGUm%*vFS10RCuOwB!$%XovmHrNCG`Eae6Ju5~eBm;qxpey<`cE9Ur(P``wY#BQxf# zS3gQ)MqEaz()%0Js#2|h^I{+tmph9eG<8|8LJnLL1BB|JgckAyg=N?P`f2LG1KPTPG?G+ zm(MFXf6E58=r-zdz6({?!L#L>k%GNvBwrE06mopv+%Cy|csRaefaCUEk1FAk-q%NP zj*64{O`(AwNOiRzv|e+b)qOO+8lsPi8l_KHaZpq-^JIMFUS-!EP<1SOmj}DHK4y|>M7g8Na11vcX3Qh=ra^y3Z&$GE~ze;8qSIZKh zk`j;iA(5KRiD7v;iG6q}1oYpa9LeTdk7o0oT6q2@rd#(F_B*A2Sn+GdJWuig$um0* zG?mdj`Fn?gPqV;LPTQXQ2mQ&I$u2_y_43QKF&wWzN@IPO1g_J}!O?@5^LyaB>S_rt z1d@ua}yUQf&+MNDqvs9JE>oCwD z@ym4b|7#~UwclM(u*cezO$>7jyV`5^L}qyYyZT-Pw2h#twHUoNSkR<2)yf!mMELWo zSU{00{(-jpa|{Ut?Zh}j&^jG`gcAA-xl$3mXSf)xx7H4WkvCHLEzmWMH^EvEBbjjI zVSl#vEQ!ChS$BGI{r!;|l-LK|J)!M<@c6T96IUWBh zyHiB!<2I%2*@!rY6us~G^rS?=T4m987b1$L`ojo zsS^5OBNx18Po9a2q(6soienbwlbvnrbkva@yHp%9#rqk49_aCab%i6!qU3sFt;3o4*%suki7 z8Vo1@8A_bpQ$yIA3BSK*^i$pDLxFXe^wBM=en$DeIb9CT5x?2G6Xyw!sM8_>fHeC1 zqtcHs@;hfT`K&97UH%=-o`dGAAEDsQ37=1eIEl^6DJ8BsdNUe1zD+|D?;RH_72GLH z?|gsi!?tWLAWVT)R7?!2P{2k)LUNd=Nku~wF*7q$rbh>jEbCmsxV`KhA90Q(rVd{*35@>?;6j^0&%5N{WAL+mM7-{uJsfT$x7}afTy8^6 zlqgJI;M=6j+TPwG^C)($zB&#J$i~D$*TB{6?6I*q12_f<9iu}fbW}0H4lnqE%~Xty z7Rkxl8#5)CrbT1BlU{cl)^nE|RsFSc8KWIQ$!)vr=*mVK0XX>mT^m?U3f=z?;-=aSDZQoJzxNMuTMDLoWz~s;cz%>F1{c5t6TLSrIQQEKSWS zj|}>8>^lKV(XQ09GFJMuN$8Z6n$oJONQAhgkDk2QOoq6`dIIO9J5+Z*QI(}G^7^K& zx1{n$id1%ExyankvpOUXB%U)ZOFT~%!RbWvdWf&?>^#mkj#k8Ow2yiSYxgTA#6zLyt%7BwcgV!aZ5)%ozs4#bT; z>zG7uEO&W^MNG5hr~A8{x)mYoLa4^IX-V0t@OaV)wRD4(we{wV=_diu9`)+oUw04S zlkXvrDaQlbkao{?fwPB^_i|3tansVCY|l7&e#3aw$N0Sm`srU~zf@R@sbb%KiX4+A zH|>w!UfSGrqW%2B-J$DLVl5%}HQ6sEA^vi7sQ2OTx;H!vh*!Gu>Phv%3U=4;ffF$? z_A!0r^RvjLjJU^@cMmIIJc^N%3E|z++8>-utI^Y=nw}Sdar^2TCUXU-+ZLnH6e^3U zRf)U!lV!>n91RkGw4|eoxIh|C2gay0wwM%;M^oGB6a)YF&02#nSk2=sp8R!{PSUcD z!<)}|2g5#MV z2pfmtU;4)%j1!xZj@f(;>ezlurek@HLW#t3DOs2%{%}d~3?dVKzt76Eq9T8VUR z80zMIV$bpk+dQ9PZeJ&e>>`p4Gm{}839$dQ|?T#M%}gmbUSQeRZ3`JM%M6`D^JN} znr9MMiWvzQuh+`^gmf`K3PJ5_VXcNjy~&{2b+G(t&|u>25u+$*d1Q zo#F3&b-u+;`Y-)#k@(xo5hZJsc*)Dfj8heQhX3{53UhpeFDshXOg8=nMiKLAz`!jZ zkdR!?H@eFV>0qEYdnpo;GyW0VHlhdeePZv_w=2Z&^J!bhM!T5a=tpl)iHf_3WbBlm z>PHLZ)6}>~aTxW&3wOr|i88pIL~oj2zU=P@I=<`FW;XZ2^SM3S$>&ebuj4OQ2i(dr zoslUKFuaj80BHOT?pwJ_vG(!)F6po`W#%=X^DSvtXriWspAO zjmmu4QL2Rf(r@laoKo~>CtmeFS5HmH@%gW^T&0W^`H($ik;U0F0pPTjtA2CTFKHZDKTn2a2FyO-f z6#ifrt~d-iF{|GIbjrjHt27BcQT$oZlIvBqur3esgb~vF=pYn;em!_@>Yd9rU4@31 zTLPUp0Z)sm;fKmN>3mHZTgMt1e%kkd~CkB#GFmi<4x1wSK zMJC(p9ab9~E1E3L?$H56-KzJ^cWHgSrmd#Nxnw_H`PDh(5qBREt&)>XGU9)#dvos1 zw9%^VSOT+r|JHHLvS%(e3)|a&2s3rz&Z=C&Qm65ywMIthvqQqwRpo7Q>zSEEZ!*Q5 zXpZ%<#)U_jDpmlPSgK$nJLks#P)^7YHJ0aDl$dK?THG|t`vWrPd7!c_Q98X^ARwp} z7^ANqWa@$5(>Qa;m9W%wOE5OkYH1sp7RDr&qYA)djh+xYUE}u>lf$J541@M(=pp%i zk*n|j?XWSksR;5#i7o1%Zi0%2H1Zj)+wTPGGecWZKgh(FkjkO{7%@}bH{Rb4!g zp)(MV@_TPrPUQRa;G3|qN)1CO`N(1FAuQ?Aol z*to>CC5q$nUwi9M1*S9;d!*|XNmfS{GJSmpsZkY1<^?l1T|X>#^OSU#FVs9~KhxH6Lobd^i_O`0D*G> zkkr^gU3#qfkjf!BLkKEz%`u;0*%G31{4`?;HRvtT*p6Bm1Qc^}C%~PKm*UMKM4 zh-w5d^0tO1;FW4Lqux^)XvEJ98bK=S(BrOO9 zYCM2{j{m4n2{&b(4HESrA8Po1{|DLm5VZVG9!+knhJ|Zi3hBY{FXOHT4xWLNEpMRk zud>NNP6b&EcW$4-Kl{esef#KQlUC5T5x$RKbq+rLFWjA7YogB7>R@D1!EE6N-!4S3 zuSZ%8@8~4@E_>1w3I7w5_IYhrdYiMgCUpDp|A+n`a_RuHnj9{hb=(pNkhB6LYDb4X z=Hy`{*+Z77tD|e?p`dq$6VvY{ab?@#TR&Iul{(=wg#wA6NqUj)lBN@;Z-@i$M(L+& z)9=@}JCnI|zyA9Sk7ZccQ7)!%m@9j^a@Q@>DR3rnr*lGChV_&irl-+q`IP&#!|w}a z28vrZ;Q7ALV6~6#Z;~aAxezh6$18LX-6hkEY?dXMcazHTE~PAX>O{q2&9XE1IrN}~ zYGhjOG_j>H3#ZJ%Nyvqh*_we^%VfD*@3&_CejFL3{L8z_G~O?3idsjem)N^ksXxtrI_m$)sAYL`z?z-Z0{JpR7$8Cw(|~m{VdOp_|R8P?>mH z z>Cm=$cE%L;9_`~tv;Boh*9NYCb4rk(DM@-b(#vS*0+Q`WE!zjmRDTLDn*%ur67}(p zr?aEtgLD|gO3{c8j^-6Xl>z^h5Ru$-95s(*FAXJLDXp{fszN$Da5Dsa=7zACKdrC5 z>~9|c92F(gkI`n^sCHs~i@(McA#E(Q@U4*y-@pHWMiOMW?%>LzsUR`vJrnDeQxzEK zr#kc?YUOU( zqC~AID2d2-{A0Eg9`N@1;r=Gp{wO%26629Fks6KoU|mt$pnwtNg|IQdO6;i1Fw4`J zG3%WegY@B%#XX>9 z?r`1M%`YBEpH_qu=ukLU1vW4L7rovr82*1V;_5j;&;pn(k_bNcTT7mg)T9Rr}N^7$cYk+#UGGC5sL25%6&Y|m92mb){Zb! zV{RO;;NW^uZCUw}`Q^`yICO3<0>vBmtudZPQ*_7U8V-6-~wDvC7PLtxHgs4)WrTbdpDW)toQIJ0t;uC%BW~?yeyO3+_$_cWc}e2=4Cg?(V_e-KBANY2e?P znUk4w-t(MqZxvNk^#|zQz4qE`-S_po7L&3RoWGU|G~_{Y{ZUS?ufw1W*t>M|M#h9W zy=25_R0hHMG}ZM^$ExxED$K?UL&{XG&J{ZAX)g%+B;lZPc{e(2O8D(1tHsatbm$Cpza&>)eZXxDoRQI zFS25sYGidYS~Bad1fL;X@hvjHlL!CJDoX?`p;NeDo}|u1^n=r8kk(c~)-t=I;k(PW zxP&Wk7-<~)&GEU{q}%glutsMq$T@kg>3evTJxvS%t?nCvmE`ifHEjL zJ5@UrIy4R+nhj(XV^CY~6|@1>snuQwSBgKc1aGx_^ZU5^W*I!%LxWOOPgkd3Lt7Yb zULTp?ZXn$+&a7n0(1Tehr4ctDZ&nSa*CnqaLTzd0W#|sGR*bU1t$cfl=M|Pj z*SJCLKKP!>6w(Nog3hU1v*3qZMB<%3%i1jyriX5ode5K6_m_J@Y2RPr*q?L`r3s{t z>^pfK$k>|@VpWxmo`RLjvyAJY>+sZVw}+fH9usbFokW7Mzo(|g|3v)-#tXzjHvH2( zStBDOPEJnwVcIF#*`)Fc3K}iS`zD?9yVmSoc&F`CFNUr_uL9wveI9$lU_+esn+ZOQ z=UJa{Ul;);6-oDX7o^SGr;FIQYJG=SD#gCCQw%%Iu(RfrIPtldeZlTh!>rI%Txbi;WZuuQw`glOcb zQY|s^u6Dyw*#eoIlvzG@QY>~-Ft&<5z*kY9U~@F)9VcQ-6q7qofwoVRBvQe6(_AHk z_ct6Ah)o}mm-d@Vwiqr0V^k-(=Z&VD>;(t;Kz6U(rWaB3Ee1$~&+xh@t=90Y7Gnc^ z10#AtJH*t4&kF{RG!Qi1*Kdb&$@5gae*q*C)EI(Bf9b{o{)Q zmS)Mm`S{AE#yON}p#KU+S1TfqAur=go=5VU0^*=C0hLG)V|2gXy>6j`(dr+hIs1pZ zHJ2K9gXgj_#l7Klp=-MTO5Bf?{x|mjUwHz#9lR!kRaN?jo|Tr*Mi^f~YhE#eo99!I zJEFz~9o9n*9c>oa58h?Ac}tvhzfz9JSR{etCoy6TR;M`&<$&Ikks ziSbs)VwkZ<=`AF^Ai}x?oxKf2)%C)>_=#{*bv4A*klvllS(}#5SFx2xs<&(F*O*nB zPRy71zd-NHL79r(BboWK@wh#qB{>I;0T!9FWgeM}D?kFGr}4{Uau>?NFLPCw7_I!O zos0l259hPzTi}ij{6LWyA8!9jHLfo*u78R6MTDv=1(f1_!Ug|$x51AS&5qoBMAHd{ zd9>z)BiN0KW2R_ApjhE>AIv3iTAyWPH}V1vf+a=&~#_C`R;hfoF~OgM4bN2)k_Tz*T;A9 z#XZ-a&9*FK(=|c#fevmAj05&8rq1qK_xrRFF${6=dH0~(EyyLtDq1DY;PL+Ib24?V zO52M=D>!lLCHOC!q~ z@ozAbu73vaO5vpRTy74+3OtxQ{6>n9l`vCv0Z#m_?y!^dRj^MZIbFS7;acQ3Bp1wF z=y*Zf`RkVz=2IzFA~y3L8%4ZM2Rll%cUMNS3=bg>E$d}z$~M$xpD`#XJkW@m&j@0? ziFA(!LcrIPz?r8z1ewd??aS`LlM0$bX0>M!EV!D(+mHV)LMrJ=zkgI>zWf5q@U>~h zwI@-1 z;`wD9&7Iyns4t6IZc0Dxh{hnFfB^*22~&jhOzb_f6dglm5}D9DG9nuCT*tD_v=SezL;% zfh_8_G~o*ZDXH>f+;%=R5#0!nV1;@6qG^i5e_)|U zOiWB2OG`chVMBSI-lA#}@=j#NV zgGdSZgFDhi<1yDhnoIJ6fG!5&89zw(#)f+l9?x|H2Lk&T=tWn@UZdIaxY%F+oLF<= zH!%LqXT|~vb93vja7H)7F3Ai>>2(>lx$348HRTta`kyFO69osy$#vuNPLHF z89gz1izP=O`(j-|$PhlZ-AM{|_U8(+TWpNNsX{JCeSx$2*x(d)R5P_B0_ipkqTM$l zxqR`bmo2w_*KBb|X1cR6dl!Zq776_ebaK>uby=636dIQ z)jnA|;O0~kSKA>mva^2HP(ZWb6H-$5y>E=pN&8?7QRe10cX{T{JosuFz4{FT*EQ$x z@maP)^e-y0bn#*CsaQrKUET7fJit^3!WG2b#i(HSBP)*AUIzic^NzanNpRjJRKd%i zr+iF9iRS!%E~T_CAJLa=SlUn~b{dV^GCh)tI}_eI)~U2ix|7*eYgs$U^E+yV@y{SD z17WovV{}I-K)MFUL1}e4_o@Wkh7R>}Gk|l9Xmq3S2*VLZPln6HVqJr^eL+Vw7NGou zV#>3$P|v!0{Lk+~aOiP>_Zz!hOQHhp!8Uwi$S5B&WIKG~vEh$g80*vU_|XWBe9Ms9 zn$H-~2;HNFKZsJ5G=FkbmMB6>d1v8#TJn_N)rVVm%va8;=ou%sUmGPu^qb9OHa*bO zGYYWrPI8QKrnq}t#;Sj4b#6Yr|Ky>D^?7R#{mbA%Be+CC5`6X=K1%O)JqH#?zyqAa z_&9IXPf3|onE8p2nKj$}UM0iodyuQj5MFeh@Q;(4(VHo3RR@Csy|VMGiPgLNm@`uI z`#_GByQr;&%-Y2|XuNqRDSh=5`Ap)U^{S+Ct!uoCwMW_QM)(TuM_brOkX-OBL}j3^ z;y$D*R4Ng2Rk|}1wo)2G@g=(U^iL$URv0qvXl7>oHwxEtTKEM9`j*z(QiA@7IoRtV zSF*V{tjX|V^EyhFOoDiNb#g;=p*_n>fPbhc{OH%);p;4H5%0yZ>Y=W2I) zm|%2e#aN$cM{xie*@t3nmq%Vn1mR}A`Q}KT-}791$ab{q7DN&M@B}{sQqgi@t^1&^ zEM1Q+rWhS9KY1w*_(jPZPzGySn>#g0X`m5k9rdJOgVsc;nnKxK63k&WEu67~M6T|mDUL&zz=%na_TNz*L>{}!$AzGd*gL8$G^A0znP$JciQj&R#Ix7VB z362V*C2z+lPg<|tY)NMNuBwx->^CbMvC<-qz+i`484b6Ot8aKT@PcX1sY;E@W%T)C ze9)D!buFyIC^7k?(vsGe?>1wLT|JZ|C6V7@os9jQOf)kmZWJo_dHEl)A2 z3nlo<6T#!VIBl+q5p_10&A6o|u%Oa(_8j1|g0|->sIELLzm`!%f^?$<^m?Vl~UV1L=u*ldx zrAgez7@NH%aTBhjNKUlb*Kl8Q#LCEA`*VOiZSB=rv=VEpg8FajGRv(`Wwbq_-A2ow z2UU6wkR(=dBJ*5o7;lFs{>=nx{GrbFeM3AU6x2SmX(q(xo^k=uzuI5DJJj*a^w1b6 z{SidRzfzcW;+rRdEaykkPic;y#SLiab!Sa%c~~n@?*>Q-!#O9+v!ZLsDT)8gV1!RT ztl(f01kAp9m8GAlr%+&iOK77;NU=E@p>PvjE=exxK=IX-$EyJarG2;`#@3c(;JhlI zvT4D!A-CSC@$1+1?k-rs8syY-D|~IY!~njOB*gNCyk{3yRyGhzS?Fm??Sr-iqyjd+ zI189@Wb4kkKdQ81!86%gKjuhm#W$E95zD-`+D<RBR40v51&YhB})MBhEH*UFchd7URkfGvO)kMgzp$b4OEu zj;%*&PS4$PL3H#P;4)($*^2IjPZ8C_UUE zF#9!cO9YkD{L%eM-^5nEV>B#h^K-P?k^Bzr{ZL=%31z_o3j=fMUB$!cH1mUgg+GMQ z?1U5MR;n4VshKnOxjL|Z=w)CKe4j)BsLZMkSefrJRTPjQ!9Xs9+jVC^bh_+IvW0;z zr>QB~)1c?}(22V7#VwwFpoqS<6iVB>M;CxTAX5~&#^m(c^1NPdwH%G)B@bGI3!Uhf zCZ_bT5d5b2s9xl^o=o1Eng7P`4La)CBNb!wo6!0+#huP%=6u$w7ZVhOO4!?(Z+^nU zJfYIN&3~F>Um`5#PAiv^xYg4@pLgy?-v-&R+To-<+W0=b5`~;HhAv_BA21!x#ROM{ zEk)9duzX!{GOCs&9orT!NkB-9y|QNCot{pydP`E(0M-FsdP#|pr2}~Z4i|b{w5$Tn zI+F`7U!blkc$(rfnSngzK}9)Z*yRPqn+Vuan>ZHvN&d$=taVq5o0g!5*|UdM;}OH1 z0=LqS*ICK>YTIcyx;pzl0LLcexw;SbpcKYZhKd6ZgYLA4Gi>HqOM1gNn1tC_4~6P8 zMC=ex3Zz)~OZcFh?r^F&8X0;O;2}Mx2ij*J3x<~u4QvZOS)7}1f?{bY*oF6=?Q3t> z^H%*CZj=@?ORi(gqW*>`ONx`Q=9)G**t;}Cvp)Z(Gv~E^(Bo!xw|0BtBfP~_@5u*+ zkhRW3nwwd59W97Cw|RlphD-1c=0h=HFzZ8DTDx7}^p>18_bv;e%b^;3a{WRP`b)uw z-z!ZcJG+q6{Y??&4IEZT59uQput0PYTZRDzu?m&bYWL&E=VQ${oA}_URl6q^E5F!ShJ7-f&J(tG8&LhZiX^D(q_p63d7E*lSCHY^%yGf{$O8!D@2@V zVknc=dDujxBW?}%=*yNm#rzvDj5II9acd_2A@5T&z;S$F)W5MqSaK2KT!rnqLono~ zhePEYL$|-FT&|~}es$5bT?u>^E-s~(p~^$?DK{9j%pA?0oB;a2?5Ig+Ga5;*n@$S| z3$t=R(fd`*fAjPK;=Xu?i%X4io_uzCDofPDEiNveotvxus9uocQ_%7%G*>#f(Gi!V zkt=ih>!cA20$y;5<{3i0_gR)ZlbN-KbYaZc1bdF?*B8s0C1Zj@PkA9Jz@WO1M6}fm zqpLIkZ;l$r-nurTYhQI>?__-GqbS3+DmX0tE1 zIm-ykdv%W)%USQTCeVjMLqdYzbY*nAmRdiTsH1E6T_KMjvYSZ~-C6d|QyaX|SSWl} z_c@flpSeWZ^(#{HhH^K9jNYn~gud&e<8d67GWz;P?)BqMq4p_Qr}Khm>zj{Qpb0df zwu?&5$+Wq?rA|;q4TAgqYR3;IcicU&OZMs;B&owDq^;75?@nCYx|>^pMjS*Ul1|}y zX=$B5_}T42@^Zg~9zV3~wn`xSjM0UUwIT1cz5SR@e4v-u>S;vwzgub?nSIswUQHKt zT2RljG7y>lPU3vn0DITIH+|b>#{ipuwD<{@NIii}@Eu z)}W!MXBwCjg0|8^an|R#%~FwucTb1dYz583Ud98ArMtVE>R;k=Z#3^IP-T!r4WXqmLNH6ttvA^Pkx-azc?9yqUd92uDP zT?uY8p|m^mD&bkSMkCWbYZW7{bv!m3+P-HJ<)3M3SI1_^~SmIc}K<(E(r8;pvce`ODL$4VFB zMP4QU@y|aqhN`Rc@t>dKiOhI7fn~?y%4lPA^OqXf#l>ZxM5-V?x6=Q1SZAuSE~_62hGeobj+UAa?+n9@a2b~Z>8Eu+|$mi>aE* z7t3p0LrmJ*>@M6CIX`0^@l9Rd4Mf{AAtE<_W@5MC_o+?7TL{Fz4BD8#>;yU-FAZOp zKUN|Nqo@016p@Jl6GMWOJ}Rlv!(!!p-8cz6vPMbX%Cavipth=s3-?>a~2?k%_Ivl}AfZk9P_sR3CVW~)5!H7bOD{A|1;c-cqQ-{*Z zM6lyfjAq8gKzEX_e}%7ACzwi#WoNJT-5qe?8kcVB>sR=?8<^~7tAPM%(OHNoDPd$} zWN`BEY_6|o@VnSYMn;NBNwo~r$o~aKFhlgnq!bh^=5vg!td=V)>}mrxIg+pxP!96u zAhD1rJZW45#TXSiWo4h(R(@Q0w!|7T^xVVEwQURVRcD$xw_Ciwzoayo@tRE?kurG= zc3ckd^kH_cktSHc3&r-(Dq?U4!JH zyl&xEt?2Ke4NR8jYf24>-wpe5zR-(YRJdts*e{9jdqn21B3C_BwV*rjN%yV1_NvX< zbng9nStLI$#??OI*k+^x@v)$!ty$N@DAg*@T|0IQsTB1)P#vYbrtA^q?j&NVjZ{mJ ztW_fhJUVhcTpw+o25^3&Y5Z!W=hK#i(O9WHI6^>9r;9e~Q4v_~zK$OdvQyqlGmTYg zP0b);l?_Dw_+4q(CvUg3S;vgfvr2gcyHi^@Xw(=1-ah_-VCwHUE zrq>g*g!(nVdZZR%|C(=39c>_T5xce4QlNOV(Ba+Vvnt~NUYqv7GE@&5qa9RR4<>4w zN94~gI@;S}FWnQ0J4*Uc5}-eVMLq2d?yOg^Fy@N&cf;SqRjc_=)2GKslzmm4!zQ`=|^6@vi+DpoxE&hp5pxZ zPM8-R1jIA`PJBc&7^2t=TG&)dZQc>-Qp%PdI}S(p>--}&GYCQ?2Oenf5}YF&Xt19O zDMFJKXv{SqzBp-7`KcG=SV8_Nmck9oCTd_WBVyFZFI}|;HAB4jiXHLNpsCq~tO;C` z^3TwV^7gylbClFA8vx^s+`ylM@vmt-23hhYrHoBi)(NMGfMy#{`zv1d6XbhtY+WUV zU}6d%z23Siog*u7wedTFKArJODR4EH*9FC7-ymIv?1u~ud>O?#a!k5=ZREBJ!yUrw z)KHMQ1Cp?k%PuY?KuC$=9&*XVTG!E|NyH+QLhiU*=KE?vy=51)>04Bk>>EOL?}OFP z`OyQ2DGU#dv5&qGN`{MjteR+|m+vwFpfW*eUT$R4 zvBuI&J_3RH${kM)WYaN}Yr~V(z7cbTAS$4RIv$96GEg*f^#d0MZ1`L@4))r^rN5?Y zhP^`yzsg;G*J7fWZo}3Tt*B6(=iObgtm)4;oEp@KouHv(Vo6Q@;_o?ljp!pRIh6VW z!J3-3^BFzZ!hY+6BM#en`t@P=tHaeQUjvBbkeJKurq?0Xk5o@x-AlxoDF@V`-+e;n zwxiy9ckJ5wV9Diqv?TS}g&D^geqcf1r4_W1ojn+C*Fw+;)>*$a-^Yvh+*TSbsXj?b z!sBa!d~3JFouw_W4aHltio0GVFr6&_#vc$wv)dZ75$kQk+ z5IMb$H@?l$n8HqpVJa!hY|VGoNoI%#FER@7QA!%dc_udd?j|qKhy4rF_>9kphf@O& zQ;*Uky+=tgx|-EI!MKJn-eIQ2$D9Zp_ee)MCt9zR3ap0s2w@$Q9MeUie>^&tR_wl_ zrXyh|c0K~mw;~6_qKiJ+y|!r^+Ky?xGxlZBnL3F@M{!G8KDX)xy=~qSZ*2w;lH(Ol zHbmS?cWm#0eu(t2#@Z}$96s6+^BdmB=V#66P=^g#>>j3hy%hF^jT zu1r#;^bXW0 zE&a6h4Ikc-lw!Q+nXDo+F)3jx1L*TRXpCqxoWgVK5%Kgbb5tAPeFEeMYm&?J7{35s zc=>%JTXfWmSZU6|SNnu{S#UB#@9D29-R`S0!ND^E^|Df_lYe1p3eBg7ot@(#Vc}!e#!H3Wt~4UG9btqHnFI zVcko$_MHnxjNG5(Me9u13i_-W4SNf(=zWTOAl3Uiq-ZXuu@JvdLUA>yhG5K=sJ~hK zyPbW_dnTHw1$7Ypn}1yt$hE20`ZYwzA?SAEP#(asx8B$QLhJrZ%1jnaUmt=!`U(#~ z0Uob7xANY4+m(5WUJsBKdQ@!+O@(TOn(PmR+gap-LX3Z=Ni(OI(1Z&6MfvCpduj^*X9OX^EOfv&X9U=kQ18g7BIKd0*agQ$!h!lZa<7fg5N z?ncJal)(HjCP|KTR>Cvt_V5?>tLej^?=t>7_84_pGS;M=R^P5zoVzf z_q#lj|3p}eByGoxo4pbJ<7l1c0m?HhFAwKYVTRj&dyYpA5`UyGcyeQQ|eHpr5)z_^-PC-H3+Cr zs0hQfqH(hT!>|;A=a__T`z^dhT?Hhb_B@^Huam-@e~oABz&nIJ&uV zZ|ECkH#>&G7^*sRuM_V2`qa|K$%{y-u|u?|QnYf|+!JkpHWB9gtJ8K3`gr9mujz~& zGymGycbM!Ws!sQlWo_rYY97w-`JBX5?j5SSHAC~np_B|7@HL}-3)=9c(ZIX<>j9nu zo-nUpGus^+H~vyYa>dnuNUOZS5i(q?1 zp4>XZP^Y;B9S7(pySPDf3&Srl-$~pbqq*hcXvz`Xo74vr6^~?oUE4Z7B_*XFzP=lW zhrxb+e)qf6;$OZHv$0(j&VKpxmi2N$MMV{pmNuL#*D*F;YJR7rtQ@;v*3;_#K+m_? zV!6z{;=Ds3DY<{FhfwOH|D{sqqQMaxSq7=|p`_w=P_(~>DH?jzO&+dUqmWJa$2F`1*B;WYg^*Wro=4gGJ8Kc%GQQoI9 zVg6VDc(#7DW`R@~IS_M9?I8$cPrD*O^2Ohi79<=(LjDiL{@3pF{r}G|Jijod8X3&0 zt`vEEoXM$d{s!T0E31MUu5wC5A?FHoSdd>_tzDndd`~a&|3kk6*}Ya!QucF;cD2eP z6Yz;9+#8diE9s{M834?wW7y!YI+7%$#4$yQuOUUOg)eiW5Z+X&&bR(3+h3uV*i!G# zN^1Z?`fL?a!5qkxg`euR6gIV$uDp#B#o@BVc3i%Kfwc{sZd=+%f7`f=ag6%}|4>!d zHpI0PYQsqWeZml96UgK6?`Z2!)4Rp1GC*A`fGR(HaVV-{{cyR+k|Yd&T~nms-tl`n z*S}ayPuf3_P`_jR-Y&n@uMc~?S7$JPft?rYxPb#a)_Fy|VQ8)#Z-LAb?rRHFfk^Ai zafCbTeniSX37b7kE?rK!k_8V>r=4LJT-nN3 zrW?MW3h;P~W!!0e0(4s)uE!w1mc4!NtLUm7zc{DU@twIid0X#&71+o9laK!kTdf}3 zKzL2PzzX+XJn{{(|9h`D9F&l>3@)7oPjHcAR zMEcag2~H=D33?h=j3D``-P0t#}zOF@2qdULbp>vx~u3jV-*OHD)5t^aM!S2x|N zKc7iYO!Wb;%@04T`TG7&<4*w9N=2b}$k&p;Wp6SsjN0z1Tx50(l1w~kz1f>gqL;?p zUGW`dF+EUSpR{_zZ&?fZTAx2#{y?ewVo&8`0BZsBiau(f9SAqB8}S0ckF@R^-*FWQ^L z%)cwcMqU2zcK5VWxr<6mMKm-t>?K7-MgRPu2l$1Bg^HeRtgKUXWosf?Qw`@W;zmYB zyu7?qkXo9&JZeEf!Ek9z9X(sN$ce6m6Cng578?b>pE({dYLCz0OxQ2XLVwpnLof-eVJcMN>=+yBYxHA@@AbGjY3Q71A} zF6g0VUY@IqeiX#TM*N=VWI^`tP*fRuaRB=><7#v+Mw_er=*Y=1-W8}WAwPh=s zu^=ZUjhrmNn5*Z}%`6I$-$Vj2QN$3Kd4S5&mk$L}LJD#St}%TnO{ux&kh$>WQ*46` zXuPN(arf!{bG;L!3wzs|Pf5(uelQifD%8j$2`k|x0(UTop5 zCX86*q27_JCE8aI>prS>-BRdw4f8k@ShM&hfLp4jglA+MhPA{&rF7Oed9f`;%a2Ti zk2(6BB&pOqt7yt6w@(;kZpVqYf#men^u_jo8mcgK-cOIsUhf`W=9SR!T?I(gEikQW zqH&s(V5xne#0dLhN+S4z)oQvdwk)`FXfiVB9o`hPXq37R<)C?pr5|{I|47E!l(mii z!CO*`qj4^2Dka;}^XbiC*YKcPsUOf);{*>cZ2j;!(4n8}r!sh?aJb{gXORIQZh;+* z%DmxLx24|r%;Y6LlTXKTG5zZD^w?)nnY@nW6`I8jAYYA0;9|E7jRPu{XYiQ&Ig|V7 z;CWF2Z(W>~vY)KUerD$kwtJ^A>IEAco3W{Bq1UfE zLaD$&zcLft>CJgr((Ac6!8H;Y#^u@2lmnHwati?!LXCRqhyHb}aOspE3@3H9ou1si z9MW<>&8Y03VS90u#qg~EA?OW~BQrvVt}>;+)#>+*R2hLSOMC0*v^wVzL*8iR3#Ib1g-Qm&h;fX%bpwj(aIj!5U9 zvWU;9E7?xIsKk(09j5HueU*B1C!7OJlsnX}i7inh4@NrePy__Y$M9NJa+Hg7Gwi$q!Cf|o-0rW;2vB>&DCUMf-Ele%SNqTj!m~}gJ{L* ztq^CGLMT!Mqul-D`5HQnHcYta@I8PQ;R8$Ef2xTG;NIkT!t_7g{d_Rzvz4YdW}*l^ zqA-@By`$>KzF*29ELQqo7_OE#3hY-S)vo`pln#TbQu=~Ejh@QYRjc*D=|l}DoC6ix zQ-e))v9Bw38b(yJ7DZx1$vsalpt5H>^6)uM$y)!0{^uy^J1n%H0JGX~%^dNg@2htw zJ)2wl*>BM*BkdPQ)(!=J96R`$LLJB|#sLH=YLl1Sya`}|V-rC-XGA)cA%UEp#&m*JR;rh(_G_u$eXp>y7PKF$g%&@S@0>hQdg%XW>P9_;LkFp!Qm(5^6K z;mU1+JGBukg+Dqis;v>Y2j!_=UgsUo?hamlI4%^gJ0DVTyBV2udsHFsBuf0&6hIhQ z2r1dR`;?)~Fb=820kpvatxL|yUciRsznO6h1bfXvv9PY?BDFd|>}V~5W$5mwT9Hzf8(_mhkkUm;BkiUjHKu_kC(|Pd;kb|x&$~r2NSQ2s5vdpI8eG1 z>^vbNTsE^7oXhMeC%yi<+UhRv?(}rGlarZAT<`$|0!1zfDtSWA&wwyvxz*K*@|5WN zR$gtdKsD0N!x}9vHHxybW83M$s}nWnGdYsnx05W9Wg6+12WM{Lg~L%Ztt=2_GLz!H zshO9eT2U}i@P03WhjbL@IjS;{TFJ12CZ=F8GR#2eWK`;%Lz7}YYPNmo^L_jli*<1Ip55}z!a&dj5yBSGj)>H~ zE{p$>n2O}g|8hnFjf|tLDQEgD!9F4>lfF#Jh{0rJ2_?thR!v@6xm9rea16ZCUC$q$<;x%c^fb@z(Fs8C=*^sf$dg@)>^0jQdAS*66JIIEy^cB# z@do)2h^SjV@eoALcX>oukgtuxW-#$REiG!P3L+Wt(pTL7|y!2TDf#-ClQLyv0=! zd!0bw#e|9@N;J5)je<;($~He@gz#3avC1!I>+8-3_i_>?XW2s9FVQP$6EZHlo$sk` z^SB}%(?0I`@$DRd1q6h+V}V}==!#^!Eu8=@`N@WF(vFdIh8AQlVyDr_NV~(qgafRK_%0shf zFB$#{B}9C#B^2BHcqs9Pvt{}47aTsdg#R4D;_O(8^-hD`hBxOelGdwWB&6|~sm~gt zvKXTfEAyW+nc=&)u!?FSB?5cvjd_1U$~c`}3OILwGR+Xz!6J~gY{xxw@6 z+B)T()z@@dh#^RjK=;^8r&x*#pOkxL;j)LN_?kb{>&xqQ`2w^ZLCK~n4onB>B_@#e zz0*SBh~u$9{0p@@u7|LwT>h#LC41R~BnW_G_j?aeD6J!VzXl@?7i=6{|mUF?cwG%&R1W#DnIAkzC(g$%DIyAF=Z)4@gal05uJd527y?)_}e@LM~?4A(!3Ur)l=T$kJZDm&}(r+BMnh!kz}a~1Iy z;ti?^4;woc1^mi>Kxthk3VsUEY_oC^@RMaux8oMA|B zs7^3rWUwOc;dujn+-gP0(A*jhn1O!h%bHF=pIj?3KSo_2+>N;k7AZj(+^NKJ>%6*7-jFK|aVxiG-h;gaXm!Z zCT38D%AL#JiQD6V6DqrVH{JYk zQ=DE!01uZ4kNNVad#@x>z0p5=IHzGELK0z?oyR)?O)#jnyBb~_Nh=7&u{;(7P&qKe zJuw3}*r4}&##wm<1unfcTmw<0T!}CJ2v=@VAYgkrKjKcQ+J&>>h*&Wq54Ul&EG2b8 zL1|PO8IID#!GSj6W%ak%6gFk`D{rsbKHirI?mo$7P>tN`!xu^^3_8Xpp)y$)uW87$4j((SSMFheqae~}dLmjb z&tL`t@DC^Nk1JpYI#2VZzR@(#&Y=v;ee9BP_LN1{In>)VJlf|c77@GJjUhmglhg4e zEehY_`HLHB)~kMphlbi*-nX-sLOa^9eBO9muXl~LWOcz>}k@pj2TFaB`t|uz;}iy*TRV!FW*;Pijlccpv{rK{NtB zyiEJJV|HQi|0%te&v7MVWksquoQmt0X&HpQaOd>+3f&Z{U$>0;N6H|h>`Mu0pLF6oAU8H;!{)3O-mb8#s5WB*fJmSv(SNnbaB^$$1eZ$Vx7LgBFqDY$17;6YRmi%DXw)MRm8r~V)sVPRY z&FPg8P=cDRJ^|=|K)>_gO&<2EJZmQ1!JwojSgDn5wcb^!->*C+VO0|*!ta~{2Ir2QHKun}ta7@DlYK5; z?fU*xcM0rPA1GceY5ecBWZGZ8+(NA zYTA?5FykJ3OnshR@Zs5M>)W4hyMUZ+_W7|kS_=+K!_7UD zESi6Qah3>a*fdb$YS928BsZ!_-KG8^B$q){t%fBs|1pWnh&O!Pop(xuv37K3cmivQ zwTtx6G4cEfk^5@rOl^`fP;+>K?p<_#7!6NnORiL&;~iY<;~~OzuYtU(rlgKGp{P*Y z*}7H5B@rj;taMM|T;f0q9XfoZLL?P6b#{F-CW$CVPcZ)HpA#Hvgh2mhFXBKD>u<;I z#nwOUvHd&M1X4qqE==_Lm!o3}tx5OwfHUg&-*s`Q|v<6UB&+j<8V(ks~6#;j~1Qz2)wix@m zrUin6f}|A{&_M8~5h4V=>HXzo3*Nd(WW>`%PPjO)EL!ISqYZd1y#9IA1@`6Lqi~tN z8Me>KBiZ%&{>{-*;46!_6?gV0v>e&L5qm1z6e-W!J&uh*_i1*vcB_r$IZ$^6I8Uj| zVBjneev4HP#0rT<>;e-TUG8`B$leiP$SBuN_%W0_c3YYInkU_v zrF~Y0nVFe8NKDsK6n_k_*j&OEu%e;c%jR(iVJ{)m*^4?%{}o{ z#le(bUoE#qddKq9qdV2Kxppv59`GhvG=a&PIgI|60O1*@`DsaOu3*)N?Kdj^+eBMf zZn!YXU<(kCz!bQl)FbEb8~P_NZVUb+*(?-Nn3axsO8!7!tZ}QV zbzf!3WN}WbENpx>_3+%gbzDL_G6R2QQcG`3#_dwFF zvXBL?-Z8J@o5#~VM(?X{RXT*@_uuS#z@F$Adz4tzH%qPkKP9XLZI0%~%VBU(O6JR` zKXgwC5P{9-TB>@3mXc|X3|%D<5o}aEi)(Fh+z#jAmh?9@TdqrY z<+{e21l(LwogK9iSS$0Iaxpw~2AV*Nr1`!+BE|^@=_UeEHZ<{IoV90i@KtB=>k&Ne zw_|NQvj-R#wRcK9N0}MkDH233YSC}w)<3S5TNbJqvD#l+AFcQllVphTdt>jW(`I!g z(5*6>O<=3-TqLj^5E5$D2h+<8>q^Qv(lZP@B}5*oVm=zd2tD>Nnog0Dhv4=0o!wN? zF8af!KA=E3EX?X7kPVz86B2&2bYX;rKa97VePfQx3$`uUL$E~t+k$dy=t?v@HI)u& z-N66anbtr3KgQlNEUu^R_Dn*6Bv^2V5Q4iqgg_uT!QI`xaT1(h!5xA&?(PJ4m&U!J z@y4xt`u{wyoSAuN&bhAsv_ExK?OnC^eXsRfYMPq)`Rzw}RF#PVg#YfNj|5Tu4_%&G zC2K2_e=wFW5TH`hE`c(0Bgw^eKPS$kz8}~UZ?6uc8eJ|O6hz3{ke#HB4E5|VI5_LN zOOz;2vmZZAium)L79lv8h; zCA`^VphiyT?E4+nKiW_L z{onMZ{#U+gqP6#swdjPffC8$jsqn)>q4obxyHD8MD{5yPq;JWDZf@9ET@6&q!4`(C z*2y1$nU4zG3#|@yx7SCp#MmAM{S5o*R<^;6LN>!5WOI~CsIzia`1D6HKcj_$o}SIt z=5#fsMqk)A8C)Ihe36^wXF2Ky41A z4=R~L7LofIx0IXhs%Yx4H(#Sm(n`G$k=SxdsI3a`ttG~Njz@->Lzy8%ovqSieno!l z&j=cdj!=%R7z1}sgg4!4??-e4zA2qzZfseD-o|zHu~}GL2sUkz2EPE}+*@gzJ{(81cRkEKGY@W^E_Re`_aP1gwR=Wqen3? zFYlFoOOIyg3Q|Pr%*S`5+%?r4Ee>e&ZyfN0{gC0pBO@d1?Cc17R{-^hG~fT|Sg`Y` zz~93ki@{{|J$~Z z;qCg|7lB*aMV|bp=u;#$_9MT0jh0^lRZ^x9!9-m1r}WB<{9?vEJ-gS^ICUkJ6|`bZ zKhOQ7o3&Qs+|_jR0(Xu?w|~l1Rg1OJfEOqV=NVH29Avv za7LQONq_ssRM2wuPPTRe`y#gCY`ord9HUt1Um`KRw7|MHP;GwT&wScV2SCTab)n~g znJt+gkUFaNyE!t0XP#P+XgdvqkCrFglS1c?TE+{*^5rM!B!$^lxpR9R^!*;s*JCX2 zSWsQIrKQVdzpr8f)5TSk^u2?RFIwcL8V>1|Savi1G1GrTyB5Vq`PO3iicbF}o|!`bieW7c zsBt@tZGT*E$~+YePMbwB@xOGi_*c{+$$`_Q{pMk>k*(=O$T1=($WM7ZWQhE@ORN7r z0Vp#xVqLwY9BmUjHVY(sbM7u~I2rXr$iVzQXM?k|tVM7_jOgpjN7!AuQs-*qb6<*f zhxb3?2(zOH_4WWwLp-&5Cq8{A5oOVz|4r$#ZFlvTTbjPwPzU^@Np!j_W}suC4UZLr zrKYBfw_mQ?-T_+IV~=c2jBH|}Tf_&2fd4Fj6)w4>C58|C7A9ciUA{olj8hlroubr0 zo-rs|QT=TnEm%cg>|<%^2b%p47m91=r*^}yFN!M-x0jZG1LzMDi(}{CBG2?MZwrPcO)PKZWe2KP8Ut5Su5N(-i z^5y>qq{97MFrQ!EPO18^`N;XW!lzD&4y;u4vwIq8HsT@N$@jO>JpOCT29mQ~}lOYr@_wkHcm`sXEKXj?Rr44Dx;M&rsKAyTnzTO39qiP zt2p|p{nMxKvZK`>B;Z4xZRJb`)*d$Pk+C%V0Y<(Y_6gFeGhq>@@-Y*@H5ceG6Ue|q zvX!fSvwn^$J=(_QS}V5i;&n7VHzU>dGX}rmUh-`H@5o*NcKd&3FB_Tvp+-~xkM!Ws z3}@_~vgA68BkhT-m9gxlcqwQZ{U|NB6*AL~&B2~SY<8nX+pJ+17Y1rWG>J-_dz6?t zr4x}io#}%|YkjE``M)$9qn+rlEQEhlW%+0MrPzJYUO{oazvON3yUh{}Dk|h+B}i$K zRGHy@l>PtEE+~Ap;g(BbHGiyR-)6;AP0o<=HF+l$vo^=HSL(Mz*pi8`REGaYboHea z)71jvc9>2~eAXqI&k`(Um@K=zY&bf4dXiV!YJz_5FiI z+@u_=XcX$^vBxf+iu;DHGcJ%-8AY;8YHA&t~G=uHPd0iPs#-u?t=nGdLeqj7We3I!%^Mg1dCn!}R z(rfGf_U*D?`n#6P6mQ|s&2ihe5v+L$8=qI@83jmhxT<`85`PFu?KqTFjZpjd0>^xu zIrz{R|0SdyAr7t4_x6#Ey5HEg;Lqb88r2F2VGilmw#aDl$*gDM|I&{-#%4%r7qf z9{(kBQpasG{IRp0{tbO`(!%{s%e~9`W%i{o*lVKYHq$3m$GCSED|+V7O0a12Dur6f zpWL7qvX6@Qzo#;NV@~wPJwTm>e7O8X%|T)@QpTWKQkEpk!i9~_elO>89sZ11UWyMA zF)9An=#Pu`CYrU_&%VOSlTkEIaH@}N!8i$Ju`Rj0=H`3#R!7kZg@V(T{@{}q$2w== zF{zoW=o7mT-$}veMlUb{?|h7v%DLy#bT$`k{wT%-3#E{?s;j^BNAD`L8uf`Ue;C%+ z%^9FrW$WA9#6cag4C=DZ@+L7fM!_>GDk{Ae7i2=hl$9*M{ukXpkx&!iyw)?4USkU# z?}J_hh?ua@dP+93bAUO^OJW=EDo(vTIqt|RI27+1d3nTF4l zT;mO@#y`^E%gg7>@x{ky+uR)ui(rdSnZZd+4rPe`}~p zrJ=AAf&IY@e{8gEKyEqwsNC?ej2Ud>;rN&o=f6MVYx~DqzN(}O3jO40(%3oLJZ*Ys zc4#p%Sm5lF&$nkud|~1;$R|BsdMiLYrSu9JouHsWYzjZlvP>WQ@g|#DeQQ)J_&hE zK^s1cgQ=zq$=i0WHf3SkXL662Iv8AJ!mKv$e^;1Ob+?6_PLjN;nO(5NgmG#4vle#= zs6@Hv?27PpQM0ird7UgbpvlB1l7F?g=ZO55lNE7vpWmG;2fZNCY305=euF)&CqMCr zn=hme{PFwkRZ(;e$7#iiv03Is%_ZON60&6GyZ-JaOeHMfqnTZlQmjnW=?u25E42Uy zBAhX6h`kM`QqtgK-5VF&ZGNXGJcS&eptmB+rVb{7ad83_zNlOt2(wFBdwk4#R~mZ< zfqW)!LL)2hNL^O6g2DxaC;JxIid*X{1l~cbc0LIPYEl6w`c*#xI^UTnxpFsR?--=9 z0)*MHbCSP$!4zW1G4ji`QCmz4#l;PH4@>yyzt6_)aSsf%65HD|s|zejN{mKZUnW<3 z96m-J7W6h^S#VlE=sq8{HrGZu7KV#F`*r=3Qm`miG&59eGqL@CI%LKNK<``H3qMsD)HIAqvZFSm2RF` zBRY%gJy>btX_S2=+1VEOotChI>)}L+y*NAU@WbyqitLcj;**CIv7Uf);&VphdtaLD zz&u+$IaUb;eIyYii7U5y>MT%EB{3PQ? zKoFrz;X)P+?jW?F5s-IVVWt!>plXmIx6#O&TK3c)0>H`~tz6U0PF#ILd8~T@GL$D4 z^}Rcp=rT$8)}IIx4?$%HasO3ld+_idY#}Josf1nOGY~iYM*C({&d3xhwFRGFLNoS7o^i z+fsxC)fW{;IkmMjOp8;Ssy>C;a#(AnHs(u|K^(c~8{Dmqw<5GnL(B}A)SCvIG|J&+onnY<=NjmYe`B|ayH(|YI+1*+=6Nz z@*>~iwf4;nt)dxDwr#AYERLS;HI7pZ^L18yzH7 zi+{GS1A8lXORoj*iH0$sURB!}K_5F4_d8JubakzCDm7PuOzq397A7nc?wCdTzi1hM@Fh2!V zE`Xfdg9LRR8tW0YcrUc|f)w{RT@FH04*n6$Dguoxx?A)8SYllxWvJA&6Ptw$9o17+ z2d{0kbWOh7SJcq5_+a%nMPT~?kQ3BZhHA*$dX`hLMb`El@sU4>NIvjPS63rkOL^>k zRTh@tdB2Doi0+{%E@^9Uv=)`OHCniX%Pi3DH@sJx61i-Q2Q`bXw{ z1#Dl%B+v83l}F?;f4Ul1xG2^j@V`2E#^c&ZmC3{*@q^4zhgJ#}~KO-yFz7scT$B$qQ~$>SE>;IDKlEz4kI zhN1Q$IIZY-d%w6@>0cPdZj6BgXB_q*zc2r{7Vwv;!`Z&|5mi69Wx{yBE7Wy}npw9e z|6{_R{!5~1Q;HrJX~px!xCETBb_!~Wpqs58dbwz`VawUW`7R-9srK=UIdsnWd;yPL zZa$ana$v$>eg(lv!Joh|vez%j<$PM*Ad)w^`LDw$^1J&n2$@{f|3bJAcNMffJ{|F$ z(u(wEVxEvuh^n?oR8`pj$QI9BnHepw8KV9n z2`_;NU$LkIgIDSo#*&-UEhI2OhD>*XeCJ?ZZ~2j1da{;7zhgPh7xsFZP$|K7J<)t?X0`}sqpxYnwlqgg{f8VTm zukc08KIU^c%q5ge`s|oEhLn`NyeA&U+h45B?jjlB=W+frIhNJ4vyUi7-B*p9IN73t zm>|7|2r6mu$|R}DZP+b1fbZA%b07MT0D-T=uYI3Ua4q5TnX3e=3gY`T{+T?KfxS!WbBO4lCz~ZMH+cm1Lx2I%R%|8WUHpg$BTq{RRD|G+ba&@&2hLF+KtM z;-uG9{N0V;Hak; zGi0r|)pySx&*?fe94C~SoV;X3nwzFCX@6ZxFOZ$3yXg9X_GiJIJSW#4(;+Pwlj75z zvgmWWj?v+AVrPdSZpV}U6ISLY5!D5`WIhp*xNyIfx9DwB;`VGQ4yw71vrksZ{w?9* zPZsEu>x!5a-Q5#=RI^nvjoHW|p*PgFa1{b(gNd{wzC>@Dwf2D+maf`eBT*4=K;HBT z^?{izCx5*kL)V$8gzN*kuJ6U8c@j$$sga?5)cE|au+n?%IEJJ6{sz}DttNjl%`G$*CMQDcV&_vHy;{Z?&e^C2JQ|$(Q8hawx>W9S}1T3 zixu_?e}j?nID|V`kr;Yk_xXco?Qn}rIF^`ijyo`3jS5TA7~vxB)?DXs1zZr|aP?<$^ib1+ z-@W`vSZya3xM<*;Y)t*ISzsPB`GfDm@KOXRBdzq~JIH8neS*>#zktNsh5$hSuPWL~&^2aoJY>iOJn=iOQ%lxqX5!a~n9t^735iL0OJ z6nrrexG0y)3-1Ln&%#`jqK`>=$h(Ek#=ALvnYcpHE$0#sqsV!q4qY`(_IZ-;t75ua zUDjHXS@eaP;={u|ud>o-^@L*n6r=lkdzuz9e0MtfD7TMpdG}{pK1Vdd zxR(}N%VgqCz|=_%24Nk!)f{l3v~STkyBIJ|60jy%V9|aDN~4E`}U-*Kc%JrJWF7mp}SkrZLPu z5pW+564S?9%fIC`soqL0_K^=Oi#TioVxu#4?IJepJA?8T`)Fb+GtC&7n1IaB61rg; zqJGvn^*Of|^7|nzmu9*a41PP~0H6v%d+1v~^-c~CB0nibOHfZ)LrTA?5n_89owQ`t zQ&Nf8^V?-8;4k?JV}Ac8+e#KX(-H@@Y6X`7Z|k`9gJi14cR=EP=T}#Kvx_O~lfsix z#7OXXUP;x_SFthr7f#la^A%>V11MCyh_y>1%=RO4O?q-Z%TQ?F?^zM2<@)%1ETGl6 zsW^u^FrhqB{0OtA%L#sf{j;UGaTm#_L9-!T-@kw7nGj`VVfm`BukSSv4_3UF(0*tAQ!(WIYI3Ue1v9O>PySg&lFJt2>&JSAcDFgM+&he;Z z)0{5U3&gPUHn+CU=$#73_?{wLD3OHLeeH)mLLNLk0VndLnsVh)(Hu>+K=qYed4F@1 zAfeVFj9ft*$TC0oW%pn&_IMj+?c&tb-^v;!DGzc_@3|K`8cdgAN^l46XuE@DpAY`_ z=|+|gO4Nj!g5K9#X@^{C*LnaDAnB);N(sN*gIEMEm&r@=!#M(DFw!r zO`x&dWdB|4(Z*h%RevS17ENKtqwjlhJo@ zj7-;(uU!z({kQw`O|;_G!Hmug25uBy=k!v7KQ$eP-|{RsN6F!BEaE+BA*=Pt_h9$! zm7PP-&z_E5=l;2JV;HliTVi4&eG1M~7I*-*LeI*oQK=1Za_Sx*SHSlUFflRt_U&7- zb5*;7HE-_YD}I;J^qR@*KAol!X8N?5zh;38nT4fg0P(j zn>M=~(0pREHdS&3D?J(y7$5)|n)^?ZWZRl>_hXRHk14ssR1op|R&&yp$`0bCUVR?Z z;vdcD)OM?lp+Cq``Eh(BI89yc?8c^;nW%i>jQ&>}0}+=T1?GeXPvgOVIM0l4( zG_)4|%k7z21svrS79}mW04|y?9dqdfr1Xn-p98^JtK?C((sW@`8eoQo#+NR>(Uem)C)JAgj!`c|8s@H*Y^{zpFS~W2f{=+z@3ODa zayOK4{$*3e^GW@Bgr#hDENR-SYo}kIUHs8hZx*oJX{AHQ8Pp+DSsr^)(eGzkSz6-HK zXM$sHC$R^#PO?zu?BM9bhS2HQH6zQf3iXsy`W@yq*~}t*+7RP%-Ny8jN5ur4kE3TF zMh!D_Gv}MVXB{vzTO?(uHOb_!6OpDcMm28=dtch=bwvC?LVermhHUBzkcYBX``)|2 zmH^>si>^aTa-Sfw!YCf&HAy*TrK;V95^W%WY~Jmz10p5GA4@D{Xz~|$YW=!=r9B7< zb(jBbh*rz8aY2R5K;Z{}{f5xQ$2*A-gX<8w6xMywR@DIdxw-u5u%a8 zM4Yh-dyd&EUs@ZZwSXV3`M(D{ztaXV!;pCHiA%e3xQsE*x6%`pe;ed37O~)a>npPK z^vn|=-FuabiW<%j%F7r{4s0yFuQt3X!vj^7*Ko|H=>Li8JAY<|Pv>;dO}MhKWMt}2 z_c5)|i)_ancL$sxGp{t8ROXkG&o2*{x~yo0hXnBg`O0^Ei=I}Cs^w$|a(|L)yH@_t zn0G6${yNWnWWM2Zuimi&X=`bMGpST*5-*643;Ig~5@`2V-+)S?y~;T6uFb{j)v}A! zf4|qU^lM^{DbFt-WAN{5opX2OOrh*J0~kKGMa0C=va-gUuC>7{CVhs7@#SddV#ows zd{!F9Gx+M9w!Z9fSSR5T5ac1+_U*3&!)WMeeiLVH{DpRHT!PeceB>Po-@rt6!Qgx# zkPhV~>D&qsLG|wi7hoA9 za@rO%(F5KV0`dI-QX@Gk#H~IzhqWmLfu%`mpEqg71rF`sGuy1{H%gUg>! z`4ho7jVG4tFe3&+_h{=KBMA);OqvJY1L^E;D9G{7p+|X)VS9UhuN^-BjLyGwch=>@n%J1UVJDe}@`*n{Hi)+kI07RHfp1?)dyO zxZYIMvv=y>Ve2aOCk^^%FIqdi<)Y zZd2-G&ZBRW7q!EcQcFc$6Mr40F!}LvU%e7Y%;C1o{g9Hm`@|QVf$Zb&pkWBFa9hMCGo80rQ_u8t z8W<4>xwbm4#-O3H1+EIn`uj(dOaPlKtR;e>Fk(<3!J+#PL(b)1nMC#6>~DM8$BjVH zlM_VHBbp>XB|~1%Oi)Uxs|Nze8D!r1P)9qqHQ@KOm8M~Hd)<`&9Qd#(ZBD$tS4O?> z+e7F2+)Pj%6_WFao52EJnfn=Epth}|T606ztD7@cm=d|2*80*N{_-g1OLkLH>1EMK z(MCHcDBS!0{C!J8(Ze<`KBw=+79hCK!e|Q;;jBU+^Oax>{!I5k+CM)EX7W9zQE9vW zJ3#-l-HgR;E`c9#NMb<|bbmfdd9bBCa-C0l=W@ZgaE6tu2c!{cYuU`T%NJg{9k$zl zR-WJ^OrDyQbqKSqkG?_d10R~AE#_CG)E}R$Z31Fgyk3^A$Z9O**`&KK-*$<}wB#7d zT-%q~x`@G>_@*lji3K%v8U=Y)k{R7yW2jRw`;F-r$IJT?f`OzL$L*9}xA&FboTVY< zXZF9E7Iiex3|;6p;|^7(vlrbRAFe70htOa(F^@WYSM|1Rv0aGV*Cr-I(e}#;pFdFt32$U67>>k}0ev+e(JNK`ppSm9O~Th4G&j}~!3_<;Dqs=ER?!iU zP&)+OJ3kh}j~4Zy+0Zz*kEOq!s<4umukT~=h%)HRGvNwQ*Xrc-MsmjI=DpxVCnoKY zp?0bYzlyH88OPeIFfw3#JZV^g%-Zsh;4^LEP%Oj9W2Abd(4KOMoDk*VNzRR|v$eHK zawfQf30q|-?Q&-P;BiznONHU^iPl=p7GVAN7PTxmHL!tn~vQm!bD__9| zI3_W@{($+p8d!^tf1jO9(9W;r;!H_X5i6?#Qz@wmtGZghksIk^D#?{&QS0MKDHl|T zYs_r@Sje#3<)P-?5x^z0xTFISR9`r9iRV1C4I_|S)8UIl>Fm%~u~Oggb=^^tVZ*Ru zzVssrkor&ILf| zRKiClRr9dqT&0^5jxz_p`QX$ha$MH!6pGj`j<{2OjY*&ZddUga-_exlkFw5;C~KEO z(XIVNo^nND8VL`JgF1dZWuIkBb(E?!b~BRVsK__2gLY^0Dz3(ajtX>TH%bBwu=D_C zUYup1dVf*93}nYqcAIQGA`kUL$9EkcB`{^T7R|LGhnM)G79Z2csr_f9k)DL~gJtTv=1!D`gWa%Jc_Z{BYN_%@9kmj9Y%ra-EtL9%!vp9aA^Nr3-Y)oZg zJZL5ps3U{9&L&I6=X$EWal~9ET_PuPsz5Bz(y*~ef!k=mQsnFZO-ZTh`hL5rmGSX8 zV1qsQ->p3wlmQlE?jvI1%rOog-oHbw#HK~jz$7o643F&G&oQ`&)id^HN#(bvwI{bv z4cI*${9@M+1HlZKIpN#T)Mn%Ozq@Ol{vZ91|r}+$0mluDFiklg-3;`W`0Bj=WV0 z#~}$V0s}7D3l0_M4jbvZ(h!D8dv2?_xeR}iOo1oe7Z)vzGA@oTW|yq!evg}n77G4f z$WUW)@(x`c*>e%+1tavNyIs>_YJK^3@i{V3nnz?{cegzQOID9MQiij($>228SiKnl^62QAL^d{$JNmYSD( zUKv19$?!Wejzq(vn)G{y^Ip^Uq8J$=jvt_TmYEp0#)1N6HpLuTT?V*0RmB_rU?8VW zEc`_u;_5iUJX?I-Nn4!Ns%!IeQ%Rgu6^-kPDHcHsc^w#lV`Fo@Bq32Tp!S(OC8oaP z=!#6ll22HEOnG!HnKIk8nIIuF#9BzOzEm_qZM2UBC{B$rY^I=pK zU*A>`aM{CZi|RvNmng2yA%5IdAhYO?5VuZ$-~$sh;V2xQ?!_q1^DJ_{%V=chq~a01 zm_~m^G(^q<9w1WJ4sf!OOoq=~?yQ~hT|740KSB3C4gg%g_ZOpmC5g|p|DW4PT>vE&1%1lP zffM4J?MGkk-k?iq&AKzUUzwG`oh=L$^E21^(r3Wb`vLg}x9SQ{`su~~xz&PYkuQrw zp|BmPIA_-2snkyn`mx(X7kJskYq0|;4IPJZ^lWT-^^#cjEYUh6^0}5GdnKX&*`|7g z^DBskklp){TN4;W9UQU-=%zV_WZCTMju*wgP;hTSs?d%N6JT+>B7qG7EA2x!nwu`* z7iivsI!<1_CfPZHXz)K}?jCL1u{?n&ml?CscjM(RWxs|&7v?v>=g#ggaf5ywI0Jtr0}UR=?;HVK!5mx{ZPo%PbUq3R?(&|S~?+EPH-3|l4@ zGZzLLpLEnz?~>X_YNo){X2{v^$n6Pd!A6%;O9qCfyfHa{h%v34V`s1L z{>vEDo&SB8a9!kLrCA)R_I0hCCLgr{{E+)1CQED}CV_$bkP8QEFFn`?toz<4B)nZO zNkQEV9OuEM&QsA5Slf5hmjV-5J6@UNG7KRnU%uT=D3p7vb&oF+Zge=KuXfD#Tr9JF z1+$7Gy*7hft~W2~8r#@>_Lt&Ba1~1VId8ASP@Ad(9~TFO)Na*9jXMSOO)qF$fqx;EZt<9yybcej!o4QB9yH38c--A7SXFPEN*CD*5VJLK=k zCq$qX{g_=p zkH~`e8=NrhmL@{%)J+=lVj@&YQLY`8`t~=pI%tWSDxa-R%~YhrfFEJixmhiZ5NiJ= z?}tX#CKEPnUs1B1N-V}$iqoL5?L@ESLNx!aFUefJVND4V_^V7CuDxMX4{WG{d~($@U}+E8IWAqaZiliF0flE+9aq({}scFjq73T~vUaoLznN z)EH}CEmM9;$yXg&oVQIX!^7i+^~Y4}?Rn8PE$PP+bm8I3b0N%?SwelS*N-ha6=z-n z0iHwwZ2^AeXd=r|WD+ZZPMz>=ra-o0Xwp$H=#M%g`5{oTv%|^3uK1T>S35=J>D)jE z;%SF0FhO^*Ss}a?O_O5YkPY5EQ`x#?g{jt>EPS8I1cpaHMQ_F}A0$vKRqzAe&a?gW z3ojdGLpc1gIKVHUzIE<)U2VlrL0RZO1ZRQL;hm~%h_sM!(;j3PpTm0z@7p4!9M~O( zS6XDh!I;;rh;MmWSIw0B)n8V3k*a9Q(LN4buhK<&4f6S|ek?Foc}O8=j9(Z>J7)zN zVH2y-&^b&#jXU(aDy{1RDAL%TG1hFhuhiMc8^c!mJf$v`+u~hL%gYl2sWfU{imlZ_k$q#SegUoR&+9)788NGYJ6@3*Nkpc(WAclMftfLtEO z><>|y6SYB_whB#*kmUup!>yp3@y{_9I$Um&O68{)+tS#Exuc1digx~BIHOw{e_R}O zQ7!Ks3IP^XY^S+2$~|74t>ue7eUvHCsp4(Pgm0LFnSOYv-7I{)u_V{abwJ(+g|*y# zJ2hzwXnu6ZA9l_T)5v+yBK+mM;pK>u zyrrAQA(?bmZ7iSDhQn1=GZx_fdO^LYYL2cdtU{>4nT@hCy7el(#Ysel2LD9L&lfiN z$KO6bs+B4WH7YMGmdAF(FQ#W_U>GJAx7bM0GrtnK>_OO)@vxM)4xRf0gTVn))ekT$ z_YynJGk|01NvFoqjPOem)gpN>rR%ifVtVhJ<-edU1*|`SVZh(r4y1KfmmU~M_OB)&-987XMVpCjVI=h;J{ru$ARM$JQ zo<=(^av)$uR%fAP{2Q2L!qD{V6)XAjcrK|2^PR^_a^`F0MZWG1IY7~P+GsfIIJ>gD z-CP5P^+E}jf5nNlnMp)M7HOxc1*g3ep%kqVLQ@hpz1`2M+uBK?)3R8k^SGgBp@oET4j&>sXe3$Qp*@7&NgvP9&{ zfWRq*~s&wx4e^MM2$5r!@6Z+xD{# zrVDu#qvhE-IeI&5=$@q%O&;oj)+Tw1+AU8;dA2e>+60!7=~+0cby7q+f?FW#7l>q5 z6?ZJI68SF@v#H7c_uczma`ubxFS6tc-k| zy^X1rfkH~#cSsr4(Mk)hf?c#@&aDA!z)YP>VVx!_h^_QVMFLAMh1c!M?Ms!xy^gV& zSx7@Z^20z;Y8q(s5R{Ns)j9Sj2D7%a76+oECE&FQ>LbwSa<$7^JBO^kMC)jy(MW*L z_O;5$wLb~7x2e9wlN;b@bS~5fVlExn{zuP>V~T5Fq(1_tTEyWWP8e-QX*=74N>?X@ z>B$yQ9NRTt0K2YHG*sU|>V465&R2a}V z=U^@V!R!cC%>F#N&r3A)&pqGC>h-Ba{>Bmm#3nSWv!%oswlKvr*r0$a*t}A_y>M07 zx;zl!XD4vK!um`1+SmvSfLEC30Evp#^jSsV&jjq9&!NUoiST@YtFB#HftTas`U(M} z=yz60^KK2Y1IJ+LEuDL^e?GF%zg|<5z9}RzzdmsPUSD?G#y9V7s2YHtU6q%g9}yXu z?{j+^aCB+l;?i%z%F{3Kb3}u<;iH9q5a^jBsU=HJz{idU1x|FJ{FV)nl% z+g{>CLPAmxM-=clqMdpIk?$TJW~vOu)DNEDqNDHLUF`6jCSfTGzC<(JukiDDqCgb( zi_|H2kz-j3k!8v~{oZWQxmn&TQO>SwkV#xmZdR4Y1~{(4`R<&&?;M3iu1IyBZc#;Z zK*-K1_)l4O8=d<1(5)=M`n|4UC4#8S1n)Te@FNfkbty>K)%%BZyNUg$nK)egMF0!p zL^)?KFu2Qt`#^B*3}DHzme+r;&U~_Qg;ii8K`-FUloPZJxo@a#nHc%P*;vMmc2eNR zF>rdi_F61^tN$Qnkk-XP+q(ar27F?!I?ZYy@%#_ z!Gq3P=E|9Nq#u60e9@E8D>fH)$<=$emDKWd8(F2@W{#Vo0q+C58tzu)P#+3=(o(ng zz4-CjiEn#>1~HYddNx7@y$6c4(jXC}&>cnVml4JVc)T1M@!<=JNsN|4I4%KffTX^6MR^jDi9c4GjX2 zzqEtE<{lpI;)`_Rz_{pXxxOY|?nnrPfYM^U)}DMA*jPSssZRU9?ZSU@#STLFE)Y{8 z%sDcw5JR*3?L8HcEnYqEU1iYUW715FcOU6L{>+kdk*>+dc-kUyO(krT@Q6>+}=j!xQ>1HQ2|02KE1zX?eRi32ucoxqRT%#y@lZ zlNmUM$61HAtAw#xGq)!`M9aU4M5~ZFzTPaXzLX=*Ai#j7JQ4d#=j2-R5cWa%3kY&P zAD<^Yqsqyk@r?Ko!CLFipk&?h^+w4h6$S6?`3$MLLD6uQ+7BcQQt#07rN#O$cLuq< zyI+Jx>vng_mDB>ClIAofaI`Pz?jUPt-+0Io(O`z=#j(`OrH-Tn63Z9Pj+O;3wc8Uo zPMbu-Ehde93E@Pq|9un2p&Xn3QLdmh;abf$_V zN(q*B(}iR*y?$-bUHkmTz~@3cH2NSYA-Ram_rLT^*g1MIfmWg&u1$rfMc>J8i=xu% z0E&i{Bj<(Z>EWBEI~y-rU`)tw%Z0>b2m_grdl2oo?jK;%Xxv8EPMssBDc2pwLe)ku zqTagHU`|dMV^yV9a88JYGp{nS*RR+0ek@K)j`qp&m8uk0?_wSC1O5i@@36X^o%M-C zLa?*lGkDCfJ)}>bV|GhM68+zSP3Pg$^RD@}giJT^n&_dUmT#r!LWwRkQ#tyJ%m<(n za;Z{fWsm7}4Nw_ zZ?6(xIXb|9IIdDA>WpYJ0zZjG`npS?U)QVs#2V=Z{cEwHoV6;r!(%?%MP+Z*tmM-; z_eAC`^YZczKy`G2g7D3@f3uaY5y*0;#e6}2{>}aUqIVr)2+r82PoGwI476px9Ef^Q z$`zjV#TAe(eYU=QdB6L&tpHz5K#3GTZmnyE!=!T0;cM6=K=r1hsFw@9`tFn-Rp zTm`cIqb?+yQH^z;#5{ho@Xrg4Gr8`Cp77=!-E+gHkd8q`rxImyO(ESY?lL@28PT`c zVR!QZ$zn#;JM2*+fa7fgZ z2cJKe-AxDRX0;}!n7?lgptF58CnXn^w{oE+XjIgi1Lgi6Qfe8?ooCW+qW+CUr}$gh z>QADfuKAr$k#_u7t4*ne%+bMq_Ka?KnBA&-($W$+S=3Pf_&jn@DYeW!!)xSni<1zQ z!kwJAroiS*&{Qj15xPSzVPErxIsXc0t|V`fMNwloA&w2(ZQg zhU(fGc4m$T9Pjjn9O3N(u>($MLt2{dOjo2-+%l%-iXcubc>NR>(+@~^#6s$}RgBF$ zbV(lN%Q0#3-PzGyHB?4jtLsHWClw8=>yV8V58iaWrLGbkzl~ZxY+dsQ8ux{eU+Ey_ zu8KB0IfvjHJ=QX@8}jYH*JRLHoQPJO*q{2YcF~j`=es#_ZuP!OQU7|CD=wKY7Ye}t zN3$XS9|akh`x7YWg;0;pOQ(N2a*>{yehXn4(_3sD?B)C! z0@s)KRb)ivedC`)B9L-H+^3t7k!h{W zih|M_e#7m6l=q2R!8$sx!Vu||E{9(ylL=hTXi};l3r+Q;7WNX3*8#yhgr@XtGrg1w*m4(#@b6y%rCPcgV&{HDrVwjjYG|?9uJB-1f9J9t)F6Qz5{;m z&zkxp2-~c0F!zk(^Sl5HLNsFNdHc);@?)TASmn;cM5$#sK(}FCcdK9Af)0PaAr~-+ zWR3Y2!twNwWS8&Q=yV}VfJ~zasx?QWB6PKyokk_i7s|?(g~rF6gQ8k|>u!b9kX>4` zMS8aSR9f9{3ghBJXHIYBRfU4|#r*r=n1!Z99q~#j_Wu`oZyD9*w*76l#af_H3KWMH zcXw^kLU4DAJCxvFpg?hV2~wcAyA^kL4ess|$dh*Oea=4T{h#x^`sw||7#V|*gnQjt zYtCz4zilfQj4-0oa;sCC__dR0D>4maIwvQ%LLD#4+hSYRRqESqap4|Y>BW@X_VNKgA|n(+G7?7=IA#!vel zf>Bs`${p!aoRI89vJukeXEXB-?7@Ka^v_qih8phQhvAfX_Ti{?Hw)2_wi>X#G1npD3NuUPVo7fdi7^c5^MhV z;!f#=(7(+-GPlrGo<;k*?<{{SY;&KrXUBe-#vBjv`dGp@rya9-4Xz7GBsFbtvI=ei zPAaNA+JjBjW$UGTw>)n2oowbMeT*e|Ys*%T?4HO77;5$!Z<<&Kw@4cDI+*#?`@GrX zZHUC~Sso(b1{unnQw}HM@5wj6Fnixzl3;ax1{(f;d~+(x1Hk(Ve?&!n=BsT|KbuTI z+SktE%wc>SeLRTW{ttJ;7s*QVl!0dO+4Gm@m&Fa!=@xl>ABv z?w@0;?QL>R_vD+lXQqFucI?BAk2P)Gn0p8R2$8J5BgW79Q2RoMhPS3+xMAh6NIiV? zRco{JTn)>B{;`jUsP1zLN;N&3{c0LIx;!y0+f@2vVpI&}v$~hhK5z75p$P3H$0DW^}{l}Ft*B=dwHGlIEIVzC%$PlOG$%?dyiz_+zoVqG@ z8o)4gI_^2m#-JQH{Shk@$*SFJupaaEsKta44ahMdAl(`gCC*{Kw% zq)JxS@9T|Tksg{=ap|t6X%2-yr2E5!D4N+b$|twO;>I@#k`$d(;~mabtFWBd#AxKC z1SX=SLcTZMJdBHiIHSR_6yqE`y1E~t2veE5j-j$==Ii7#8n3e;&7@77tiuBhE;mxg z)~(->^E1SgdZFOQW$r%J4rP3vOH&$tMww|It^WAUN5>+F4cp>iKagUulBqBDNarmr2Q@@36F`v z-TaHu>JFn!(p@>$>lAtlsywMv{rw#MBgXNs$LPy_wd{JlcLRmdmWA)e1K4JASXJ<9 z%JAt9B}-1WA$1Sq&`V23*N9{)gaDnmapjtDR32)bkJ4^$iH>V@G{#=;Ue}Z5P%`iW zgbwnhC00lBauAr%;_|m%SH|w_z}GkI8d^p54v^G+cn10nvq&wudX`O=jCg#bB9JRD<3=h< zt$xXR#)q?tS|ji=0?my<1*@!rBwH&4%iOo%|PNagSMjP9lKG$$LF~ylD@6H?H5qqLx&-4<_gHox0pfDTY=? zU#qp~nigQ2jMHbe(h;g666eZ7Ob5lq%pB93XOBZ)cdI|GRV7t9mbZO;3@gv4(QWQN ze^hoBcCy*_@OYE6nS-@q{5N`_+(ulB0ATz$b}5~wEkfWa;^}~;B*o##9J#)`Z;_o@ z9GKbC0&FPF4R1NS4nC3a@v#FS4!I$sQ`u{nl7$-8_ec}S(VdfX9`gHT^%nLWtG{c_ z&&Twm8p%+q-fiZs+T%?mPD|^p$LPvWYn*L1MVbi#N&+OwOCxz5^UD;NW#yWO={gn+ zZEQ%rO=amo%cwhBy=`CKjw4$fb?L??h&Xw1;_)Et>f$N&+KlIKzc_ZDZCxT$9x=zSH)HTvtekP&dM3xRg;s| z?UVbIc=LlcHuz^5(Fnf)Cez$?s4=+GYO7 z5<;3tVcs{^7};{(lZ6Ilk2QHEd%jb{ugY!>h$ooXV$eSvzs8%8474U0G#bCCy|H$t zR^ft$#Hq%84+tS$p1A66$FU5Vn?+jWs$Yr}=ElYlO}E zHF77Ly$3}#mo<5_=_33M%V@y+7c4{Ux>o1%&L-GNV7^3ZZ@u=KZsCE-aEz5%R89iL z(edTQ=16}WBCfBBe2XB~4S^4RMJ@ZWx0+Arc8i@YL0r+v7krZle+Er>RG?KA9q2aMY?|N1# zBQh~rZW$u6&L@B&)6so#1SV)KB02~gR1C-g&9(1+6s_luFV-gmP9#!CVqvuE-U zC`_2@*ilad0_|<==*D7?bdPoxRi0wiSn3-ITXi1>D!i=VGE=spPHh z8<<Bj%hY&nYrg8g7C?1yHoqBtGvcL62Ry&xgG(+mR#Ah;A4^sfnv&!b0 z1ACK1MpYYEs9EqRym`}dZ~$yi#|Bz!7oM_rc~F>{>>6@Mwe@I71W(iF)|!)}=%$YB zt(VtE&=<)yx3pT(q_ze^+2J3$b@0Y`6WHDb!t|u>c3!WkeB~6@#z3owMJnZcA@Abf z)bxsZ638%E5++Z#0-T&ZZ9nSNwSpgcoN)NPCc*1Rq*Op8j8>W4lnAO~&FTjGFpyjX zsQt0i=L-SQls^&VMsLuuX85(wMx7K2on5>2n9D)ZL(Khr5J0;}_8~Kn^x-A_-YI4q zO??Ht3T!}cALAf(Ac(iQ9R@?Ls>RXJ}erhsSX2aEm)$9qIvLZPNj$PsU~;#Qku zk!+5T+H5u_ND+RiTu0}OKeX9mz4YuHsT@FKI_=e$x1W9D^=PkZH8&I-S9lAYh9_ho zIXG#!%Pgz?17$fll!#cCV>u5?y4d}6|Apv(ZIasG;a__ZvBpQI3jCXq|#lDxZk5FtVgt$Mad7j+L0p=ZA({R*k1FKvf*A{1YiB}dGEBX^^Z zM{Q87&M!-{An}EKWQxr4gK7Je->-Yt;6QfS-K3v;G#+N>)B^~3BE{(~bqY&<_R08w ztKr7#mc^InRBAYv00^qE80w8`Nu1tCD+=(*M0lf$2TvSE3MJ-ZtF|D*`j51Qayd^@ zLoOQHq5Emycn*9KB$!yV%wd-?njmqQ>>Xc3RZ4z=c`bG4VIQR}*8WA4rm!gMn^ zg3V{<1vGEBa)z`O6InP-6MW^3N0Twz+me!9PP=o3y6KS2C9i7cLD^ruBwF-D91|0Y zANpWgkL&ae*VER`z2QNir%tu-IHG|Of(^URps^1+4gjc`q^Ve3FneT|KV45vhk8E9 zY|*R#d^UCI=8Y6!hInSb;) zOXRNBpB)|6*1E(HvJ#MSGvVan;aLoB7CpKB9BnC(s}aFT)-zi3HubpmCU^x!(x|Vs zPfBjvYLr$`7vlpJSeKh?I-vswc6i`QCh-6pfO*1RU#iA9h1nXvWx3@U{^+lDnyjvp zr(>dG6bwH&pa&vbcyo_dS;%TFprRejf9%a62Ub){Mno8OTt5{x+Q>IpdiPJvMul?w z#(WMr3wfTUqPCGxBm&J(LO;#xDb#qsE|R=wU^sRnG;(55%;+kOz4~v64Kh)wy~`zX zO@PWsEvF9Zf%eWqA=}shxC{ETZ-G-vPLA9F?DVXoL_ukjkaUEIVy~NlCyfwUYLdlr zE!5G5hr+*WM@T+dCBIDP-^ZXs8mx(2&t75RbE4Bk_`2Vo^Rz(CX>fo7HVa3(XJ1X? zh02;O&deZ9UhI>M^SCL6QAw`8-=6z}OzjRA-%S^TN2cyCtoOB!_u7j`K5G7Bz?nAY zp99Xls$xY*V!$4+?deOxZ<23mIFzO(TB2=$u;FrF^v#KpLIk%0L%3tT(tWap=7()j z#mf(E?%Cn`>+u(dyY2ZZ1haPw`r44Y@x{K4ccuZ8G9p%L;F`jg$(f_%WXV=u zOlMVTwWav5n;(r%+AL%kI_7-B-7S~e z+l!&3LEs_6BUHkP|Gyh&*3=5~)xyzWHRbL=3NyL8kVGZm4Ep)nzIz1E&#-x-{(Aju zPzsd@KjF8>UB~V)f`Pn3^hl+F4xfJkNnjw2|EoTq2fcR4MIb>?rcuUcJ--Y z61NGd+$DZjK{jvG&8kO0^^e)v(UuNe-K1&%5G@>LBNuO;Ar@eA4A1^SR~e^CKX)(= zvTE4Egrz#4Z)bJm1{q;q%K8G91>jY;;gSF8XATL`Y_o;bqYh`dQlk9g}OEm`-CtLO8DVFN%Z0~ymG(_Sa zn-jAJPEL7Pn2h6`+gAG}c^v<@aE|;5(4WvuBMh3+Svs@Ioh({{TPWlNyJLCj>fxK< z0Ga~Ox+*T{Z6ojpZ&+fIZrdYb*=_v%M22`3;_mizae`T0&zJIJ5lZ!i^;D8ViNrxs z6B_X^0nl9XAnPU7sgWDX*;ydEZoc{XX*!fNZxo z%IveuVFwzLP+Mz*Lk@<9tIO^^FHAjR-@Ap9M{70De7QLbv;EQjJf_2#tMld1z9wd8 z;tvYg_u9|XQU5mhe9e8YPI-=uz(smX+m1K`iz}K)!qT!#pEx7^2RAmcA8yHCx z=>j}ZnJ|f>K8}tV(d*EUPL97dce^T z{Fp0fZS`_=Y%rHwC~Q4so#hOetALJkAW6=+!9>^h9k3@fIs#!zuaAp9|Q~5y7?YtzlkG-6`>Z?NhtO1QJHa= z$*H^jJwaDc3O1IaX6%Q_a1|r2v)suXg0w@-dN0xV?d#|LLx$WQ^xqu!pIMBFwIszR z^!FiQI(#Cbv+1etiqh&bOXKki&_ZEPsm;w%K%>Dx3PRQn^ZxnniX?U&fn;62#_H)y zYr?Rp4Wl=9pPHP)!NNp(pQ}mBOZHRs)*T zkSFfS3~`?L9d2Tx{_$?#k9?++y+MUKe9OM^f^5tG8IU>aNT)Y#9-aa$gTj&KApV}@T&y0$oCo%8N+6^}jMSPmXy0g{8GwMeq#o}ZqjJAM-N zxI@fDY9Bj~jFzFu;=J1TeA7>2fx~I$KXHA&wx{`ecDljuM)1R4rO4f+RFJSS6;ZV9Db-#oXniu34 z6Yp~C`YG3iGQVS5gi0>M)SdtpzliMedONct>EX@_(Y-!Hjb>e7V|O8w!%K&FQn#kU z)^ZAPo$RFxsLz+Lt1J(rJLFZ#zpox;ZZ!L!X(AY-^_wP|chA0@))9Mo8)rNoM69DZ zU<^~9Wl7_^kK1mL=gPS!Q&Kv6xeKv7hHY#s;4CI{_Kb-gNz^rrH>r_`3tm5~q=|*5@SWT@&|ka0HaUDL_P2Epc(L?(SAsGd@R_-ei}vLMI(D$AzXnV8zG1 z)GnU9h?(E>eI|K?X>MlLYprLh$yKhBKBZT9n0mP3!m;0I(mY>+cw^n%uZluPh0c$C zmYig`e-NOyji$b{R4M;BB`P6-iGw3?eYCX6TDqs<&Cu7^*Y7=rwGB@z)MvHal;n?s zLmT1xBkZiuJCcw{G-XA%X|@>;<&LMYC0|z32HCXb)Ts3ex82&bqLb?Dm!AeTBx9RP z6xn80Ss~^c?-m!oLTlP-SG#shx+?6CD&bQBhBGR#Qfq7#p|9(V9enc`9ACC5vLe%| zaiPd;%WRq|irZS3BpPGW&rA}V@rQQH9SH^s%WbMb&2(XlAePMrAXV)EF0Vyum)13F zUv@al_pq06I@s75p;a-KbwC4@k=y}v1h1pP<6@UpH?JT@=H>ny90eGnk-xUZ|`brvec$XF<|pERD@kv69_18 zR`&M+tzHkm;74Xy#jqy=e6CA#L-&#D)9OG|^+-4v?#=joRm%X~uPV;Kx_0S6kkE-h zjNUEU2v_atoPF^IWA%G^?;2ZhiO1~;OfQ{L;$`}3tCW(TU;Eb9kG!`}ifUJ!e$)7R z*;r0Ti9kz&DRc;b-kx1}rqiztL}D^_grZ&dS-0h?a#aIex1l1SBj{Fi^GDV)T;nj) zsG;mDuw3<8^R@1$X{J2x@(m&g*fVNdBFt#J-mHBMJH?nfcZ%FjfHDw3RqbLd&*xT? z-%z)z|D3GS1*J5gs>|zSyMkE%Y;$CMnAv5@N|ktEW47yKMOH1_^(OUMX!_>)0}i*n z?)3e6Ieb-Xx2?W0VN>o$086r!OvtK{zW+4j>=AxUaAgW%3`Fyk(OVal71`>6-JY#5MILr-t>YB>XYZ`F8J)v zGqMWc375~$OR061AkRa(YsSUEZu+n&bc7Mr=A(ax*I)KN;tn)F1+mdc7M*e@1emUFm8 zS`<@@n_gTFGIPZ_s>K&D%;Q_{ZZAEH$h}h6;D|1rc5!J~pXmrCsK5PAk*ApM7-C;y ztzd80HPVI5XQ`pOy*0~e8B*$JklaejfPindvGktdmi@7nA!fjsN9ds`;AbUO{pSbD zpxumoTmSTy7r{PC0dYeX+6W|p%#}F{z2jQ1i_?|$nqu?A5680Gr&4%Q_ebN zIqMe+Ge3p8qV79had6&ycZ}?ZuU$f@n)sVAd0)X=*{WH=9J7pq>0>B-a9xN2&)Q<-IuM^a9FCS*0dOLej3|lL zXD+wvlJtbT23)%=cdTsE(bon8NanJ}Qt6c>nu^%RSXsK>3gLt#n!TO?^hSDT%)Vgb zdt~KeQ}QPqUo(h{0h@!RlLnuq)DLq3gv<6z1}lkDt`(6=n(ve}a-e_Ej@q#q&fJ zS^8HRR0wWed_ayrerUKqcZ6QaCyqGW%UG$5&R@mnbh zE2;eAO6{{PsIXqZzMxWiN^}b?4XiA5%SBbylsFdD-nyKbue|-jz#BibGtHM?;X84# z;2HqnvWbd}7M7BV_UHnh-aJLKQtx?3V0%`addjRK(NTqAvgtZYo%_9q93v)Dczh^@ zyjy!!+>JIEXDFBvXs1ErN+Gs`2TMZVR*D6NOvVl@)}_l@8FdX_1!NQ#%bDvF-zHUf zB>7{-#=bK*(_fp$uO8=T&6Wk876{;PcGq#mqhwEy%flysGRh3k)In^c>UbU!svsMu zrmI#86yWzY6ff>$t!V2~KXRti`eqa?MfzO8IgEO9@=oi_F}#q)RWy|&yE^-Ytc(sz zt)*mRh#GaXL)>SWk6kP|=u|r*e5JRV)nMbXR#{iJq$p51JtDJ3)D9NJP7}2FG4vf} zQ)*R8FoYI%h!Y1)H@=_dA)^b7Juv7WJTy-Qi46cU2^)bSD8O5_eo&Os`}nm*g)X4q zpu;%pId#pxB+~J6=+Rtw-GxzfMTJWKuTtml{w56cmCV)md%~(2pjwrJ*Xd1#`pIq} ztZ5XC15zzEn<@zNxZK)>BAzO_;FzFYDIQjpax+yBS-Z_om`Wjo<&N9f1dDfOtI=)K zSvD*J5Ojg4T^sn>Zw~Etc_O!KhPG!fynt?Ln{;2gde&Aoc!c5N;mme-#)eH%`}BKm zyn@k}*}T>(i4@4q%@j2X+f3_q8sJ}DUnRQHmKVuGXq1%Kb6_W4G z9o1;LV=%dKcWb(weoKjJ9#lROnG{9BtSeiZMmkjA%63si7Bg=?I-$TBoh~@-*F9dmgWudjGV<0|Ow)ds zhx+S=ZdY)Tjp6nr+Vz{}S$^AB6M4;|wOrSjnF}dLm=Kq3A`!3jF$s;wxF=KxEKi<5 zFC;}jD4(Hw?6PgyG)qmNlBn~0Lk>UZ=-OJIPgfqgND-p{L0A9&?4i&9cBa2Ln8PF@ zB2xKyXl6!`k&_eFQjV}^BC|7Fj;X7wd$t+o%%|2guO3O_nLhAt`vnhnL@ofc%E6Jj zwnBWM=|viE-)VF6>E-?hy4qZalh57RaU6Ha_+~$Lv&ryQ4yJ;(fNr|FIw!ja!Fdrl zHYHwlN#+IxIerbfJd9o?vwSHAzPuJ^P=@5$^}TIhm>aD@kp~~hADU)o}L)d^s%lYPc@3 zw?;utV!T?IwX6fcXbM7O*d3oICbMR62pgoCsm)gE3CF(uv2i@w9;X_{9@}cZG27Ij z+noF%lWA|BwzRr=YVV-&b}Q;Wo<%SIBB*aU-%rmZX5$p|!W(woY!>|qTn zGdgEQs27$JxD;r0C@72g^;7u?pXNf+=uuQ(?kw#oxep4{=bgY5ht?DPp(0efk{iWe zS4+fGSY?@Bz3hpep5EQ%ejW^@_3`l`6!L+mH!>D z;s|Gm>d>iC=S|#Yl)I5-Oy7T7nv>doUb)L zZtv)bg9^I62-W{sVT@fB1M7lswT-V=+>ifIn896m;2i` z_iya}^}k^E_ZkhgG=nW|8n>Bme{uH<+vO(qr`pf;$AYkgd?c#kbHpn)Dt9mTz-bs{ z%UdpcWW0*o7)p_@QBWC=WY-YC8)qADEh%vzdrx@kmiVwI;pMwt$rmQN5f~8~JW!4X zx{qOD@>9n3x}X;nloWcGLm-)dLin`%D=|wouq}>6Pc{j>{KS)&I?_c&%#{^C`}^T_ zcs}kQ6P!fm^VhGS%iekSn*w4!($pBt;xZA2RWaXa8N-|dunlG)De1EollDl#&_oDj z;5xGMDo0d5GI#l@NWjHG-%bQqw2r);ww0{O^WzcxjuasXtRw^qK37xvS&j`lTbehz z6NEC_>k$NJ2c;9H{vl;8N({JhkuO;k><|_~xaCgop=(qtlLF-XZH2~P?;xZiJ1BhWXCA;ENY>t0 zd6gTISHHK=noiYV4LhAi#Cl6Yl~2DI|9J+Z5f%ooX5;XJuSLHgWv{V+9cJS10DNFO ztz;EFC}x5!1t_D#<>JnKSMY1XO-#7jX2G|5tmWxhl;`w8v{ww9`T;@7008`<)zz z!2{IiOBG?-Gs~z4tFmG?K%TE8`s+0u@CV#KqgDX1cqxX4h5;rTFIMl>PP3skypA+X z18*ImveS11oV*^1qZ`unR%vCUh5K=SqF(*RXvMmH4MaYK+;+ZSh2e4_^RyjcwxMWx zVK}aeEp0)@fI0Y*bJO*b!p`oal~1CKHYJR>%7=%Wd9Sd_lB;o~%-1cXJx*jHGqA~# zFuJW;u0y)ax6SR-DK*NocR-65XeBkcW)|$~J!=qLr(XiV(iW9|jhq<;p0punNWDB5 zl@DN8kbJa!h9#8IeDRI1B3pIoSWl1EL+(`TFBf04{G8KW#UZ`%f(mt{ntHGo4gw(b9I7=K^*P0f}t)BG0b$vgD_E zRy}Zi_&Dv}vZr(tdDyWiC3Hz{_ZBcET_3&neH|hX0IZyht$$=}-kBR0J}TaP?bPZJ zI?&tT5xsOD{uyF`x+&(CND!ZCx%y4Ti~U27a2;;U$Eb9U0OPrxg@%c_j{LPBi?kb^ z2diQAfKjs<5b+Uknbsm+5)CG&?lOJEFxw#6E>uDKC^fKtx4T}nR24Pg@8n=}9G;m4 zR}?Aq9v1Tvc+fydM<5h5Y020B z!BpPk;<)!z)4@)ZHgt8S)QG^d(mzD4f||O%Kb}GBd3~ZtO1R)G?$iNf zlY(fq63_nDx9_o1^EUglImf0qX02349}gA z;`8Ym&aEl2A1(sn56g71pzVYtL1BTQ5i%{X}Gm_AFM(g)O#ptEEkC;92Z07LF0nU|*H< z5N$0$9EG>KTtsdzp*ewHVD;b_-Hgdz_SRcT=lbrZUR%$IN#$-?0?H>`bEPqTPeRJU zkU~erRqnQqrWm%cMs{CgAVg1QiNl|wnN4B2ROgQr?no@L^xnH9Ar;1(Ahm!R2tqBt3Fhu7P}{~ z7|IU>ds+k6cv`r88JQr$W;ag--7}GL6c%oGip4f+Ncw^gQ#8sA@Cu!640gHLdih$@ zL0(JJigrA=umJkHE1dqj*5SMA)(WG`Kl5U+EfbXXV`P)wpy`O8pKhP;%ycH@K2V+C zMpHBiwg`E4k8Ga1Dw(fY0ib=h6{2XM2Wgy(Dmt*bAUEE2tvzcA5x`3$5NZq1Xm!K} zq1q0e8iOm2q_bGV6(4K8Gky%fa~3ak2OB?HX`a(T&2`#y2&S9^m?j(z<{_XtSO_vK zxklAmqyK%{M<=U=o?=#!hET6!C!NXjSk60>a}LDjTegMkqSb`W{khY_6x=lJ4reVn zSTEP#R!559loylO|z_ zpZ<#Z$|DNW?=gT}=VC<=$mW5!P)dXt7sFp5|H?b|SIo@wFfWhhwI^DtMe_4*UFb}s zlVuw|4oxX%YveT^=NJQMV1ss3An(FVney&PE94m)eL&+vl=#V zP^@kc%XWf!#$bsvzF(SO)ZK;WZG-D;V8hA$Sby0hgb;`{uL)$(ub)kqF3S3@Wjx6b zy(#Ok;*B3%@o8aaZGvi5K~fT4%vNJgcvZSu8!)8~4zX~uw$B%1FCS_d7P$CmUy{CVmH}8f7Vg>nF#m=#?%*8Vu)8P{?p9%L1ANR!?`FDJUJQE7GpY^KhJJTr0GZ` z9WgAsvG{Fma#-hJxzcZ6tR99VM5}#FYfzr0{xhiNkcEpYs+BD-PRM?l+u5Wu`%Gfi}p2=JroK^vnAnQDzfx^ z61rR)Eg-oi?P|^FxzO;bq{0#9n3y|3#~ntgQ*ylvhwG6WyQt?%9L;7W@)vUcv`oil zW()LjOc_y|Jt97Mt(j##^%TEqSCoDR^N*|lrK9nF zv&G=*_L-_;1inm&)$eQ#W?8m=S39SKdS;^$F;w5*C*3N0U@UUyY)#|*Y466T1W&eP zhRDK1H z0@T66#_MJ~dwo2rW_T*Wc!#HPRo@^$)1+q6yg^*yhqnarx#2om{P^JADD%H3(!{gUKMcN6l_(gi)+0%kw$N$?iA>(A z<0rYVY8fKkBh8faZfr%-PrR{-hpT|kQwp(h_r8$Q1;VJic}BV^w8a@0MX;a_MEIb*s4CtiqZzk+(}oQv$!f&_<1Gy zej@j}9u*EWPw85-kTB?V8bUS@bI(8a4wD_46jYnlO*CNe|ikP-P)+YV`Zv%>9_*BIC{{c{3{m+0RcxAg< zp2XYB0XUs)JqF_*Oke3-7|szo#E0kyejB^at<6i}Hjsbo(vG2`{_7+56~b_|hMT|e zikGzr)Hs!3uh9`-nW<~(vB)=En+(tw;j_1%l7N(5vhOC%ZES3Orn`FGw%s9Fa?qnH z@_&)|yX|eJ`BUZeV|f?1;H;R)k%3{de;_C%f{c$ZB-NL7ifd}@{|Ce$L_a@5NQjqb zf1>7x;cOj+r+dR^iz&pKM<-mI))sbWR)v?`@%A(;D3lQJfYnRyNMl@B-TGMguQ7Vl ztXv<*5XR8G32e-TVQIXX;{K|K`|J|y-{~7Ug_tSeTcJBN;+~rzOgtU~T1!9M-iX!e zi66U9mjCh?8F6RlN}C@1tIKHK0&B6MH=3sdPtc5gB2Ug>woDQ}K9S997?*HAZMd0) zN_vqWZ*BGcg~(W&6V)C%XWp6_=W zo5&7C&1C?c5zF-+R=Yvb^gWJX6$wX|(~etIONH|C%zsr|0h0|k*s1<7TVXAn(2f2l zwG|z&p7RfxgeD*$C+ts^6`d9PzvPW%cSEd#2KaDT?9B9d((t5HZ`dcm8e$VTRO7YP zbPcqPT=YYG{~ky}@S`O^t-(sbe$_2nideKKd2)B8gR+8ARHSCf+jgPE#+6gaV*1GE zP$lJ909nXeeQ$jvLUGuwnju-$<@%)UW}0$ZcOuJD&$h@$?xuHrybtbRu^u!!z*P^e ziG=+l?LHXx$I=|<3u0npJ4RGS{Lz~;mDkpmmY08phK5#GU!O00EGI3E`r^fl>pHdm z=C>SS@|V<41IQEli890IS4;t-0I(BK70(~ zsvBB}T6Emk_D!-DgBBN;(`z~cPY25c*{5ejwPvEP1c~fwew?NMRwxOgo>)dGk$Iv@ z50+j3)A|!uZDc+*#!=BeKlaSiP-$?`>I7C898}XYk(WTKSE3rwD0Mi>$g~W%OhI$_ zT&vJu@?K^p*~vP^z~)nERG7e_k%mC3mAu+_J?xh{2U<>}MV`tD z$@L*x*5RAzo_bAZXgFAWU_RwU9ix}jwi3>`Go46N>gQ@`i8_eN%v$qvxdpF7LS|D) z32|b!uDuq^snt1ouL8wYHOd(HMz2(;4mr^b17oy z*DMMDYL1EirPaR&R%iYIE(vOn7sTrELFtw{9WtIa(V)L>OjvWQBd z1WfN0cgof?qI6rE^~!C{sq*sg@88zpEY#YnwRpH}r#Z{3m4dC(g#1oUK5w>O6Twr{ z(J8gCV8A{7^|!Y(GBbT@YHDy%Z%|-%8#&%zrX#tv)64C%wUi=POG+r;WTLGTB;sf~ ztKIh6z0_NiC$K^|thn#eBrh>Ci$zyod2uZu^#VR3xMvhp zSz0~^CGgU9#wy(wTHRbt`(-*hK^I=+`@M2ud`sf^y8p;*-I`-^h{h9Ns&v>d5xJin z2Ft)7&UL}$F#4t$#dolTQ3&Q=!kg#m-0Y61unauKBVEQ<{JZ>4k3}Ux<@r3Ss;anq z76r0|zskQ@f9>>ty|!Nuy#D{>fkz*|C$GC)HNJn}kS{>KbygCWb>npv%VPgq*AzSq zhyE;fi_)HV<2jD)#t-2FMOZ|iVQR}OkyRbfk+U^^12SQ5PYVC&ir4>0)00wWA&wUw zwtf7%9WYGBox?fzDBd3;86LLMyGyqb8=L>EFpIkOcg~-739{QqWLBoL)*v}HTf0|D z1`#0VBN_;{!U0XGI+1Y2~{v zG2NfHC=6Ej0z|3ufUql`CZCI}-eK$w$Vql*FLC8>A|7tv9-maYz?+kfYYk^wN$h`+ zQolC8X-Htq_pKCuh;`8*?EbDB50wmGVNyBK43p*5?yfP>&Kw2BTjYki$eXft(K)WX zxNL;vGw(mrqX1+?Duiu@A0%~oxfDB}{dv{=`f)>b`icOqU}7<+rZhN-wK|P~nWqIBBwz+14TTL{*o5y>PW_^N$aZ4u0Uxr0p!NZVW02`_X%umXY7v$>BiS<^Sg&DZ?ct%c5jAsZpE#z89iy{bE4dK zpsq!x<9wj&58rb5_-;r?OW!<~A`t7frx_cdWqxofE0`N$E@AGbPYrVMFf*ui!)aNQ zN`B|?*0LqFqi6<9NnHZ8`@rMRHF9>FisSmw!8B*L_7(Ee^V>DpJL0&;zmG;OlRu%% zT8P=Q;lL%l4}A=j!DcJF3-xTtXyjCgk%^okor8T$iJ@Ln`tCyugAB%aFvcHA6 zdv6xk+g7+N5NBn}!3H%+bv-v7;}Nm$ z&_f|&CPNR2GJIIZUWvzo5GJO_Ywxd19!3Osu!A@}Oos`J|MpMgb5`9ypxYaUiO#=; zgox-oWF~9;bsJfUI+K^nbEA~mo$g9j(uXO|NS)a?!*_0#sCp+)a^0y+lWWa<^~V)t zbqiepsjf%dJr{#!;2ff@>p`BNn1tc6t9k@_-D+QoLg%xA`;lm@*PXdS;Za(QrYfnO z@wS3%37AQPHy+sT(?$BX6&yt#&hT!v1|Lg+%2`8FZ3eoxXlEW27{dPflr{vyb}W?l#dq zi+eqN$jmCcJ$p+4Ja|Sb>u>PMDlji_!V^Z#=k<__JMVt0u8&F$peeqWHA>WZp+?FS zr2$|6!j6#JD>!$gx$P@4tX{~{*4vw^+Tw@D*F?1y9E3=lb!|&2U5bF2H}t(YB#dz6 zxuKF$lUvyKL;lg%gT>+7n`c(qe5<=Ez4`X1Sbb@8zOxgAVb+~>YPs3Y`>#*UHDb5H z8?$4~{mG6Q`I(3au5;h>mNP_UB;qG<3HD8@s>_u(A!f|XHhmcyBP**$;rZp-#6aSI z7C;qb*GqG=4gJGmiPos;{C={W;@B@}#{NqpMTJiF<$p`07%;Xep|$^;vVgde4G(tM z$5yIm_#^rn3R6HZGc$i0&G^vo{l_*2_T|$P6qu4%kPld|5!khI^M%VR0iL@(Tg9;* z>w*oE@h10U!h3AWdURgFX){S~Ozs*Drd(wBSMOar8hp#~XF$9w5He=3F0wPzq_N?t z=c%oWGm~;=a(1XH{PAwU$k;kOvt-W}_|FW3#{k{G+w}v(9SwP%t-3Y^+7_vM*T(bL z7lD_?7e95`r&`26yO1W)(7^7fD@%=-j5fr7x&B?(%qTtUzp|a?$4+0eYRkNQdE3DC zzX*HFs5rN+OE`o82@u>hf#B{AA-D%Ev>>>$J6VW)=|!wp6GmPto5p`2#55C(F+UqyixtRo`e|%x-D$rx^?jt3s6DXpw zl&RnS^1-E~q`W#=0o-c<0ExhMcN&uqe^-#uDlL)_mFxYd*VW$cWXjX<_oyHDhV#+7 zV^XK<%gK2OAPWx+2Wx8)PkGKFaTpS@trQ_%7Uo@RhVPt1uTXk&7ODUtD{R+CsahiPQqG&Q;T0#q5{X z&4)m>UO*js{LPCV>TTa7@cVOUQKd-ussA_YKB1On(={215bEJh%p{K!B9P}3zM{K# z+v78(H>e?8w?n)4&YH0V&na6{B&L>Opuvc)t>tcW58!sK*V~KV#-5Lh^PpOw2d!So zM#skD+1|pVlFeYpwxi{4pjUq0Y6#hrKcfMqfLLS0jk>0$ zei1<0JV$@1zkTx0VDJBVf%9Xwge$Z<#9?4yV1fO2F?z0kdH!rChsk^Qpa=90IPv&q zXSp0A4t4=wXt`b$gc|WeIYnP4TG%pNGI zYa=&fRD)`LD#&l^@Oc6o;5I#9`vC8BCCTWhg37KO$KlJjwz1J2AtwP220bB*F`PI}VnM#Nh!R2xasfJM90~`a)qt^4p^7zoov*w?hkg z!3v~p1f|u7v2OG{Id@i+2Q~C|=#Q=@if;nKmp2xs0!q$i9IVrgFO+=9w%Fncqt-$M z1{6lr&{QWQqTAPY@!TEp_z{n;knWhY1_HkD02|V*J>L;_fc}#Ak|X`MzBk0aX?$~z zZjnIkSzW}bnJrfhD6j2Fw6vtLgBABfZ|@rjm>vv#VSGW5kIA4(Y^GOmcPB%CY{0~G z{>YQ^?{kJGC=z87Z?v!S-3`Hf4G%-2Ix_<^g_vrp^AHO{?(Kt|@%WM8rW;6~*x6JY z#SFXi=F$PvR3A;WO986kd6S)N8gtS@L*S&Ht590$alpd=6N!s|L^NHRu6LlbujtJ= z1Bd6z^=EcP=Ais8+Ef}vrF`MphFw@DXSA;fJoC$mYHuNK zwp}L!>i=#zzn(W{vltD>-Kt~;hlD7Rn5jDPT9}y?+vm1;q&t-x>j#!+!&wu1;&E1? zqENc58(5f{>Kh#WtoD+~z+cJ)J5v^cPN_?VUd{du$e5Lo$4i--63k3b1cAqK8bQBh zl#kMw`FX4h5B_2-TC)uldS}jbLpM*U2VAT4iI5ra3`6MyTXm1$x&)P-haxz)O4er^4 z5BidN@n$?A1HB3cp$s=61Y%-U2C#5qD(|r3);(5y&USM?o#d$JTtbd}+8swm@$OUJ<^g9HtC-wD;z6!ot1~#kb)ExG31O*!TDMclY<3 zJ3IcZt*x~6#!vz$be(5~Z3WifskbPks*0J6ocv&^c8~nztZyKZzpldW?tF8lwBKr} zCcy0yOr!e&AZ=~UxV*ePEO%Zd)$g%R=vfEy?QGwhnqK`H&j=l_eyORgWnpGUi+zKN z-j^%uus5C${X)iL{u-~zCMYNfWumrqH~)*O3iZ#Rbv|CqZo6YP8Ba53st_{$<>wdw zN}B#(*Z8mCL937PU$NxfuflgMAI{ZtgMEv6IKlAU-~X#qZ?frKgjDyZ0V}-+3b4wuqAfMJJ1=8Eo(nvy#dkr&%q%-X3=%=ic9P`>@9!O!zAXWYNQ(ndK zb&>vf?7mI?uC))^MJE=^hkyMYU6?YTX{LSmm~J(#-X>CgmA zlpGeONcGut(TiWF^r1JCs|p-w^Sb=Xs=|XE{+|EA zJWom2i|ARJ*q*0zmk@|oA-_^ALy~s3n+Mz)2%ccE5H>@0LmQwqtDTU0ik2znDXAMC zlH~3#1Lh77Itb0ix0_?K9mOCV*hCr-mhF3BKW{27ZC&K{OTD>RH~&}v_fnqcV0eHl zOMJ;;GA+Y5fnlZy^YnCJ^Ccy6CtYD(zX<^AsM?u8PL;eNvU1*zS1C=M{fQ}b$6p1a z3MwTdzkZiFK{RqKbc2>zDD8>dr1cU+UTBGQ#+1Zi^A8i2(->+=ruh3n#hrFB@Sza_{L$C1rC% zFqCT0^O1K29gKm#UDlteKvq%f8yB9T2esP;J*Xvkx(A?`kE=?^gt~QD zJ=0Rb#3<13CIdQhmb6w#{ZOoQE^HDzt!aj(jB;0bUOqK3tl;|Gy2`zs?FPIO^Os2d zM3Cr%eiN2TeddC`nn0Gzq07c)GD;X)CEgEN9Bz=EiMUL|Zz3WGYpq=F?z@F2Sn0|E zRr;8zi@lT$Euh|ae|o5dgmm3lo$c+r*Vc5PQD$><6DmRmxL0`c4{g@G3LOhkuqN2u(gly)IBm38f{0FzSO8M13z2KLS3l5Q<#^|sC?9rJ5~XZc=!pn;>r!pMChqBpf{unKBE7|P^HLl7 z?>Go@W9%Jc(&YzZe!UXq_TuDPJ?Jl1&>G`v(F0M~M z_qEB5+8t#As6{k*#)6H{3OX0}y}r)>_*EvNr4bZZl171rn~&z|hLAv#6DvQ=IT}w%=8jO~IvLsl3Gg zy`nW++r^^!RC=@IN|msEU;0Ef4r9ny2WkmBl`0a%6kB5UOAR75UnvkIc8QUWJ9wj2 z-yfucS!mB$vH=Tc_U^$_|D@ScJACFsgK5D`7x{*Eg~rL_>->qi25JxrI$mZ-d^?*O zyvvmuFvFmRpVO2g-3SzI`5;eo(OyzCI4=3$_7(j{vFdS!&ipCCGSIg~Xj_ou~p>YTv2yX)->p0-K59;A2d` zqjFg|EZwNy;?5>^9zvkjyf-@a3H}6IT3*}g^#;ZPcUj`?(%1L57g|lN&H8yQb6*cG zM_lY>3P~z%LRgKks`dNK$BhqiaP7*{&Q!00LM~o^pyS|(8ybFrB0rva&mDJnF%qh? zDgWdwsjcGlcTq~*n+|U}Lvfq1GJ@OlS)eXua#}9kOAq5ei<&+K(NTFV`rI|8F$MC& zYK4VPv((*Y$%MLV^VKA_OJGh-Bk50pUV16=9iDfL)ohmKTr-f?_}II@OT?DNDSHZ8 zlO!J2=Vz|M%rHrV&r33st`Eqb^dXayA>c_UQMbZte{EFS>8i%i*0OKHvyt~*`SJEs z+b}>-4Tnpf)MO1Tr#nek;APv-k0jk-ZV2L?&vt$)2$%>`XDJ zgRKH5gwdc+eq+s^V9+n&sjT$r`smT~`I0sQ*dlK&4`b4Bvh5C}#6^AT31;UCytavW zIqA^;EP>NGVq!6|!C^@@cC;oCLt8x3*r}5@bM={GAe?X1WkzUY!D~-yEP7Xf@K1Kq zH+RPaS%KIP@@fnoq22G=L{t$r+sDc3N;c^xuj3zykVE>*XY{m3v7P8CZ`D2t`J4+1 zFGW4+&r{)y3)-Fs`TcUZ8_E8EW4pnyvZ!Bc`aM2ixr)jcdfS-7vgG=)~%mM?ic}5 zTt6T9-QKzR9s3<DL{-%!g@tG0+d&M(MR;J8uLAsTJbGoG)?{U~$*8Gfjv8&?3YiE{%Vcna|5%JY)DoOO6f-N786Mq34w+K3FQ>Jn6FeaC_!4e6tI6 z#!rV@UQ>KS$-#e@$@lBF3r#79jKz{gl4G#sq&lRj&IUiz`vvn=JK`HTTkxcxpydsp zU!VmQZ*$TJ0+U(o*)Ss`oxd5P+`t-h&za;{(DC6$l#?vg-hjxxIrrcxuyv+S8GR^|{@+%p->pP5_`%%XD1c=1#xOPdfH40R6QXC%EVl05kGCS(9cy0H=Dtp#)MZpw$HgnBA@2SJ zG)t3HHhVJR+iCwo!*&>V^^oyFvt_PUdw;Ij8p>4zSkfZSQwQ%Kr7naT8%Y@;=@$)-^C(J%dre++bf&(6!odN+LAD6s zAoM!FB|g&0Hh{gvN%>$G?nTL5ylxq?8s5^NoK+SYTRvNKZF}IO1)I0O=(-eXpBFOU z>I0%%=*W>iPL08!c^0_k8Je3th*&rGD$~|r;>(8(^2w@}AJ)T)lD{Q{;8jz6`Wc?r$>s}XQrGx=8$7b8Tv!yF*xE_w}MrDX=(Wr~|Uc{x` z#Tk);RZs7PonwsWV==lfxl4zztOhoQ$gQbQ}7F@FPEq+#Ke_pm1 zv=R_85)^snYdj{@sN1|xX4~Jf3~ny|Fdxpx<~{p{$kCuFUi-dfwXZK=$1p!O%{BJz zM*&$`x$0UgSqnZ3)reshR;&J~Std04q zu&DG#k1F9%cVy7V>2%A#>#~V?F_^8pQE!Xi^w&VB2xq@3fWl#H#`0oAKXP({ zv1qSt-|d;KZ;wU)bzyhs5`_f_Y$sPDi|7*1G)SDRTpq>T#NgRU1p`gsUAIgv$Qx0; z>epX&wEnuR1aXTCtE&;_0*RqGNM=$n;j*O6gw#H?Bd2^+NI>8 zU*o-k*^%{`Fyp@r#2#xA@eznBZr`{j3AU9!D7^hQY9L%bHRaqtRDH~9wG8<=jg~GA z;!yt;?T3I_(B^v)@Ue~F<%ROO?l+raFxEUX>w?3{SBpdlF+VJ>i)NBWR&)xZ%L`i* zNrr#C8{sk+QzuqZK?TXRR$U+2=it0idUGJSDQR|xP*j`6Snt-@o~lD1FjVF3B3?hb zGy1{Dx?se^Z~)zQ2Mdk?p0y^toE9*~j?e06XJx7WG9-hX%oz^XVKOw_+8XM^)vvC# zL|*#9xy;+Z%|RPqn=~4xu5U03^&0nG*BNo9yPBWv4eKpRl17k=SB{l8uY3)8$&IXU zkLRCM_EJqXKP)Ye3@@kX5Ag^*Ll+2|uPf5!J*1fv`2uKo9ZfO`WOY5?h_Rae^0MlH z4ykR5_dX)oZAMr*(Aqej$Ge1#2+vBMcvhM}9wseqX`fm9P%AhM#Dvr|Z8e4zZ&R{f z$2ZS^56PNOD2vzh1f$l0z{khrMMBmN#k8;S*(lbk+!~+uXX)@YXcIKwU z6{^t+X`9WzgoIvF(=&esNR;Zku|7~bBNM&S)9j6-5u|@zt^d?^8^q=~`sR>Ol?}-r z7stB&ZtFJx>FV$@iAu+0>amh}cZ5SUZ>N++LlHY4lDMD4>O~zReO187agfJ&t*cd1 zYQqw64~MnDUa9m^vteG{EFNVQD?rBHDWuwFo@k)V_5trX$V5BWHP^s%9Q6$VI`0T~zV*?tm$pl~O zqXOpEU5a>6R>QXv5zH!E#6Oq%XXo=U3=b`b1HCeT^gpugFRZ^*bZJ>V>9#{Y+6**e zz6%^c_aKk!8NhVy7`{_e_H0UYA2Lmy$}^x4_#uWij2f^2Y@`aO0huE_lRLS1q-ONx|2wsU{W z&`mR(`8mNis8w*oUHYz4l+b2i`u@s%d&1esyy(Jm@{bviQBPp}(|HV) zi5k6;&*B(j<5P*kHDpgzo8k+daz2++u@se4@#}JqZ$$+yxJ2%DGidY%?B# zuztd!2hD-Tmo;gXwL|T1ilZNM5b2Ubre|p{HNP>)juKTlRrPhunXY^JaFY5w*)^Y} zd%4Ff zE{IA(pVt^<_YOSYL3+YH^56xN##0mfetZ0?l(l0Hi}W-fh`7Ujw1jO^E7?#X)IVjB zTz6^y%h$=P#iQXfRGRT4Q9jme>36>~C+epL{-yU`|Joe#sR&Dsn3z2zG&n5ei-16Q zSQ^gOlT;~b(}k}_-&1cg zgv;i!!dqJq8UOLMbjrXi9dq$u4i`emVx~@!1$s3Gkn+b|BS0BuvCoXGlrn zY1HpMXVlic#`dw~le0H(Ic!Sgu@_9bz{00mzpx4>ok7Y%Z4zL08V1v*3+v zY&GZluZP7ur3%aYQsR8nsT!j%_;l-i`mRX+#o?*LmIaqptLRGYS3?7e)CW7!0m_)@ zWT_uhYZ8@GRDfzyO~6AXLy9_YeU|PSXPQn&l#cI$q+FtrOo!Nchu85U#@80w!nanb zlywaXT`sqj^4byPBIBt*&ixu z0$7CWT^fZGD;JyD`CDXDp(_o`Sf(oXA$P{!p%Z2S)p@PoWsPgvvX$~SbEGm73Z!1S zwr?l=F*38xlL?75Ykye@V~>pf{;2nobGY?Y>~I-KLj_>H4o6)gPRW+0nRxD(z4gvD zOCagZd3}sv+bnU8OBgLb>bkRD?Fv8~SLTC;*e47jBGxMCBAyrhv1Rfm7t-%?&=6~! z;#_IfF3oIfrU07fB!U3@`-miXTljKvvlT2V85esq4Yq}TsJqn-^lS1Xe%I>#^7q2- zU(zfNHX~Iy^8O5-kr&$o7bgU|toCP4WM9dsZZJaE@rMRK8zgaBVUUZqsu<(QQ%~3-`$lfE|$0@1CP(HqZIpR^os;FDJ z+)AK)dmD53+GxuWuj3i$10e_QJ9^=*;fi}%qIKQ*6GuvU&j>RIwWZEn!&QFzm_x9Cl8BY!fS zZ{>i`X`fZrSY5LY1eb+Uk!xxc*{g~>4VZ@+JUd_EPX&?-jTufa4#~RT7~wn`PG_6+ z3AaaxV1`wcMQ{J9Rqgj}E!OhD#&F;IgiD54UCXAFAHU~qP(T(j_Tq>rCNa;N-C05$ zPAJ?tHKT5SPM{ed)@`xY z_6!YuaB*=_H6Qa23WEC8JTvhE%m;mz7db5hO&W33sR3$ub5_SGLV&84FlSdl)d%gs{-1|G-A^-&>M1FZQPTudoV zi+cL{epaw_$Z})VRaLoGE9;}KM;`+nZDU5tWJ6+HcppKIdZ({r`R(;EDS_gyjweI2 zE`oY03;lTU&M)lOwx(NsS=J}E6(+xf>B|)t+ zv;D7or|k#F)&<(_>(f)w^W+lePrtpnQ}?ND(7Cu~zUT#!YK)WLou8N#z39)b4RHLa z>0l7Y5l>3e+}vMGik^_)j2{vy*6pKRh#xAJO$?cwp6;&Jz}4ielhDPfP`VF_+&Q^j zH!doqgU>&lpY7^zhO@$c)KJ$y+lnwryir%J8C0w1W#Pzq5jgCOYke-H)h(Arg};G% zU**G|&Ii_5-f+9!?DY*{+J^8AW#qykCsnvpH6?VE6;?Rf?E05Ca~Pw1+~;@3hz)Y? z8()OTCljQYnjUV=Ho*ZI2(om*6ktRF$HVmiHS77sq!fL#ZOO~|9=H3k1LTv9kdEWn z_z^b04mqo8v&p0z;O-F+$H@wyQdShfakArlpl|d&Mx6!<6Q#8Dv!5@Zc82 zjZYcktkTH8_Bf;7BI7J9&|djIX;?{~j;xS`hw?87V2Q7I3?qLg#mO9JxB+hMexha0Syj-FOvc2paDIO}2AiYEU&nT6Mor83Jr)TXQ0s`Hu z5bxhv9_{^0KGxoVo#8Ev(iH-0PGxG+8`nInm}CqEeNDkWBNEe2eCGrm7~JY}b1B&N z;ffW+cZadqss0)x*~n+7MbhZ+U)q05z4?a^>Lk?>cH4h4`nt;pCJi(Gqs6pgq$9zE zfxAk6kha?NGjcs+jLGLYpb;uP^m(K?^SOc>sA;+Ex`R=tKE20ze+nC0Ad+;u&F6@7 zqI3T4(|@YR0#kiG^N8@~uI-s0Qk~-obDfaAhg{c=tB*Ee$G?H`rJ5f|PzsvrO(V@T z@w9v%qInzy_a4O_hir+4GDo}(MfnCwa7m!fJiiLj{+YS@Zm{(IXCS;|=a$hb%=BW@ zXZ&!*-|goBlkxW@Q%#_y*H}Yjm(0s;jGeS9^a3 zHQhBrJC-MlA|q3kHvGolt99>`VlX5nn>VSR0T|iSThsnq&f&F@}xO`&Y@C>h=jd9?cHD$Le=Nv zhb)9jRBQQ5uu)?Kt@gq0SPfWOe+E?lQfv8mjGSaTB3D)H7yoE_+Dnw6FgoOUxcK!W(QT;UK-%>N` z$m|s0Z*EMbTQha^*8zar^$Wo5IsDkod5dQ`K?xaVwFPXR9B(xL0|3JsL^<#Loy%W<#j5xjZYpn^=jt$ z*#QY5x27ptXO4P-$ZH0Cb$?C{A9gGj`CwnXm0V6sGb~4SxWSdivpum%_??=B9Qwea z!~(gHK}mTv!3ydk#Nekgb_@*GI8+(L3{HrYoU79EV5|!6_27sU1&iW^dV^`_+w0=m z?8bx+{05QEz50c~YFA^JksAcN^CvHm$X}jBP37V(2?98@tGH-slxb-{ZEvBBi<#K6uj2vebQ}@&X(UmM2D;~tS6qGy zyhxniDkKuN-~=*)@z6#5LD=IJA1E~*v0fy`s}1%j>U4Cb=I6S0ZY=Z-@oQqaJ3b*| zD&QVo+e_ex)IU^hDS1#fj+5?z^YxUL+XGAGV8-FOc%Yy<%PFFUW}-%eCFbMpDvQKu`WFqKI~y*%@hYj`l6=<4v_u zWT!T+8^eHc_r^vMvPFjap-* zbw~%oa}SR*8TN?U&Hf?w@I#4uhc~>5)M?FG*-=X}&^0mDuQsRPLpHd%|0=kX8_$K$dM(h8Y8@&;M<{Rgbazp4 z)_IYpir^m*fR2wZHIX4OHR3>ZwSHH= z(${6ccXv6Fe$4Cm3#qZ9<}CF&?V_`{{#Z*J@`C*;;(h#)>HFF#P}WWuKA393fpZ_Z zmC-~oDpSN+8o7~?*x)usNaJ#V^yy*%XY^ivf8~HB0gR{ z8LNp$;LcR}>Y1U`>+vOCyO|MTw}oiEE;HBnQN7JI+Vcr?XE3DS0kRKy&Zam*_#P+Y zJW63rv^IW*gnO}aR+A?4vV{r?y#q>7Zr{9pcaJsbgt}7e-|j=4y-{In2JX>6jG!T(2SB=}@Rea9<91lM4YcJvbmm|5VUXZdEOQ4mjj zoX9sI0bDVFyT%QMPi-6!|B8@$o4#S0=34ew$jo>ba#_pWu<0QPtcp*X=D zF_qqLo@~x~$b#vli>1K>!C_Dnh5OyTG9ijg=A$Sdk+r#9sgjYIKQm@b%5Cst#@EXr z{MAM6_#6KyJ8YXwB=ttZzShd;AoSda%`$`g#f4jt>$p3H+k54PB}hYr?P!xJTV%U8 zQj(Abo`|K90bQi^ua0awk^c6t8Aby0neWM{6gJWDv3C0G`aAK~JTakWQzA@8sC+KK zolsRy*^3*4o&Y56_q>AvbJwQ zGxG--6VN=_DpjQ0lYOmd)j$gL_W6DPI_Sojme>eu`J{jZ>}*L8VOh$n_lyTZH?%%t z5ehyYs~R)%3IEBF8a@2*0B~V>4AN#z=^W;&VU(x4+PtJ)=@{KRauT*&X$lI9@_YLJ zN|-W!5j~)&F>d)PW)F1z<6wr&Ce%JNlDb)^7I9eR3PvwZXXg1An+qHhx ziXV-{gwq&Wl`VQq&3*mo1W2SRW>kPxC~U8*wzG^dDV$eW|5NiRwC-5nQI>wP)2r}u zTNmWB&2uD`Cr^s-J;o!n?Mi)zp4$U&WBz;U2HXPk^>N6`Z|f^(ww~Tksat8Rja#?2 zePT?$MGk#m?(?U2lMD9Ezhp&Yj5oZgx-yj-P`j>{JKx)gzC7l3O$j?DOcU}5{1Xe4 zhREGJh38daqQ#mWNm5OP(QH?f1kXk_Sy26P%rZQl)jYoS@>}`GQ{OA5yQn%2Bu_5J=XN=V&C$3KXIozlWfcu$ENXnr-W`s@4NWGAUI&A zg?~P{dOJvT#gG+-7%%L;ZW+laP{JZNE{n`~Om5{0idXZq)4Q3x4kG zqqVgIYMllIQAm(??7zVzK$+oq3GjQCjE`=$?rU(P1e*4jy_{;5py3V!U(r2+EwEmA zg{S^s+?Ips{Ntswi2y=;L#jSBcMe4IAj-vkvD*J|dSY4w595ooK3x!%&fi6uZ~2GL zrKkEKU6P&B*7|SdV7)~>)?YJk?)Wce3bsjVY3vfv?X{5iq4?J?%N&s>jShDKkK20; zR~~#M1oF3y)>Jd)OnxJ)huZO@2`y-zdf2a8?dd-+H^1cXVGufpl)^Q*a%&9jDSWIy z)JjI(0gFN=IPX2;otQ*~348@p)jb%4z}C+DYp0fL)wxb|T=ds34+`_qTXlv>CP1MQrVBltF_c>z10e_%%c@q9@W%kt^G8 zoCH67PeK<~%UO+@7)064RuJKW9cQBMEmq)L4l@gkCAzCWCHZ+9jj&-XW_Tx|+_Z-X zkJ*}=NgCm-{ocZWZ@RZ9pdvlHztGtf<7hz}5Blpv= zeH+QAU^0yHq^Xlj!KNjG;qmYI2Q|nvY1;PKxi^gJPBzpd&bMFwIBhW&8gSdb`$)gr zuarhPqAl6un{k!0m;gWAGH7pxr>A5aMx7g|J?x-YHLv&tIl17l7-<#U~;Slgce?EC13ToGb&l zQF>ca#_d2yyLW4GGKS)5Tcu8dqS_z9-N`d)O8ew@w0o6%S%6CN6M-<((;VTQn7KSD z@!mm{_2m*g1}kDjj=DZkC}!zu?q(bNCPa0<60%Tvc6mJkH6}c0;XkL_7;W%copj1` zkie}t1@`jU_yphjj_eHEi~j#y4Q~k*Ndu?p6nd$H=9Cg01*={7nzH zS3fb+dVEPH)Y6!eA;bK%meSFf2gX;8inB_sW=D?jv|kpMYc27ZiL9n`T}Z8bp%>Ic zA?2FJCL?6OoQrZZrK!ii3~H_a!@A+Lhws{p*zjWZk1LWy)~^GP=>Jgj zdTz%UFc4*;7it&1id*#;y$fEld6Q!nP%2H@l$0hXZcN6-sH)_0)SA&du3&ik+Of63 z<}OPx4MW~O9qSxS-1&S$mR^9Wh_V>(ocu)Li@!v)(ili=qEFL?Jtmx)e#}D<;#5n* zUJHoRl|3#0>iw`G;JsdzdVWRkHcIJ|aZ40?>R8^92}xtR zU&co%1C5@#V#2%De`VvyG3V2?z;FiJ2;OgCa-PJTP~SF>BarGZfOU4%U9x19`Run) zFW0V6@0>txN)Cp6nIAX4%YGJUaV%KZ5zPJi%v-V<+d?C~_OhQDX16Hap;P1c=R1SD z?0%3%@-HSA;T8s2;-&qL$mNdS??6Jut%fZsw@Fni;;>V%EO4`m}lPa7CT z{NOul?ZIIylPSAH$qDO^HVTIE-}PrQgj$)V$+>N`g}zJw_V#T1-#Ur--Qs`&pZbxsx~oMWTTt1h!5&8;^lxKgC<^>7RnHqOJp#u zQ%^bL6Ws=d-Ys~;+76+r%DlwjJ<8mFD%}!^7}+( zt-VV4ni$Bg?!r{1sb#0Dd}T3Mh2P`6s3UF9VEe&CwBisIrPHa@DJMdoPApwRV|t0q z$p+ZQMRR<-ao)X|@I>(v^2afLNGhsPi=+MY?GmrJ@z#tw(lPJ1N& zu7KUxB#u)Jg2trY$RPRi?b5O2DCX47cHZ-?0VH)i(V>TbNjHo55N9rQ9|StfLbF!# z;Eq?T6IDkNYOFvQ1*m4?YWpZ152k|2C*rmG12|Caad(PNs>aiiW6ijY-X?^hH(mpW zhy3w<_WkLoPD4hY4}-yV3HDPVkEM1^hRjfM6320O8ILZjB1slC@1aBIy^#04J}2vm!fG}HLAn`$KQ$}#vfAcSkm0kP`Hsjo|1HWb~eJz-B5_a38MDhP!Nu2;6)nk0ygUbdV>^Kg~Y zNC)P1JM}fb(#~}1_N~`jXtWqI&LYLR} z_~xD5BY}P&dND}|f+tA5B$CEVUsj8&w#}Wb*85j8z?SMw??FYD-OiPIGAbl&J~{)S zQk>c!P`|b(Pa+f?S{Pc9aNhZTDz@>HPu#gwbf_7-Ngx-;S{jfayW?r^AW8Ud!REv_ z8ekV!UNAFc5wYfa0SUBVmPPyo4FuN~_K(TT*kk)KjytNP2mW8PPx26s{ljnCf1hc}${ z=PN0PMU43`_&FRub=B@_oca*++tnDnGo#6YS?Shz>k^F7UMt4;+DL+udeSESA5Hxf zDR9F|X&w4Vp_wg7QRd!AOIuLl2p3%Q)hN^`^EIdm)7x_0Ax!q8Kw3-0=Fyo6OI9{g zIDE(GZ9Yp$44o&o!8RffCu12Np@j^^i_kYA=h-n!&1Fb z`@rVaQg?jcI-!I$gXGW>;~#8ngV52BgJtbtwLmaDJQ@?;Vwe)nt?mYwaI03gW%XM9FF9{K;N;Lc%#?Bj503U;A$1_GWA^cJ|RK`=xfPDk&`-R-t7biKCjH$Dmer|o7gRZY8|^=v)h{%50`i#}-@RPo8d(ly`Cll~WpY7pla zatf>6A+l!c@(;3CV{_{WlT6%u&kzJE=aUUj6@q*n1@di9{?}Dx{`6gYS-C3f<30zG z2R*wZqC^bDUFBRHc=3L`{evtTAI>--x?%eE@=jKB+FH)I+1vNy6Kw;jUWGK%t-Mu)8 zW+f+Aca0oxgnxKcQhye1fm?C~QyF1Z)mWC^K06R6pDQuh=_7NGN12qAvbF5Y%m%cU znCyD?UzMa3;KcwzH{M@$Kg#Y?jMx;!bY6b%4?hmi-%1HXgpGwq#^WPEh{dXaC))i3 zE+=Xx5R+ebsu;jkwHbIWX~kd&}3-GMJUV10zj{NW4>I>B+%+)@|6h}<#|_5rC@j~xskigh^s&SacX|8 zVY*sw&gdpb_+?CUm}w;^(K57xxJq>?$LKXU%$9oNux})fwjV*W1&@F*VYQ~RJSbW_ zgG^jCu%)_sUS%s&{1%<-R9pvC5xyQ0iZldWYQ}Rx2}j^A?Nj>?JrQ34HU7SuU?(;< zSz27_?S~H(TF2qGqv<;~9WtI%}z&Tdm`2trK3LKNrYW#JjTD`jK3X;tEsb_ z`)O5E%Jo#BVGzo=nk55%HDS2LVsh=mba+yJNA9jggzWTxQp|Hz)&E8x`~lEJgV6Rn zl;RRTfB%p`DJfOVxkOvdoRNo@(iBf)>IQ;e^NrD-U#UU(iP($UG21ou7g2K@h^_8q z%HgPIc5}`2Sieh^Ckq!lcmeh=-PM|+tU2T(Sp^4nW81Alm< z%TK03G4{?O(vvK9LIgjiWiMs+fpA|5f}P~R}i z+$PXpZw~wwgRQfL_E>s$pP`zOGCq`_n39qdjfb7v|7Ho#g3cps_)u*|l4LLes9CDB zqA1ZQeL7%cWDbykLwpU(%E+fmUs1Ea27nS61=?&SSB5%5&4%;pY=uy?=L;TxLg(1= z$uzBUPDbmY;k3)&v<7er#cwebX2Zj8zf!!ook6n^N!WTA5q}c%?#D1D%Z=S&gQTk& zvT;!g+5sa4!dpGJK4g#-O2tzY>H}w?S1Fj?W<8CwT>_&2B*Bf6I+lGFG{4pG#G1sN zZ88^@vCydZBYN;UC9fOu1Y;P+Y*hdR zp4T_-kxyZFk%Bo({y&iG7bHO5)B-^(tVYvPVC1v$H)6>;4^yivKfe$Cx)shX`>o?GO()S=qEZjXsb-kYz z5jfZb(QuFriRdE53$DIPUkK%aX>MV0F__pYl0b~&i^j43aVp0^tp!($6Wy9S%l~5S zETf|Q_kJy+ARr(i9n#(1D$*%6G}1YAr-*=bcS(154V?oF-67rGeMbG)e)itaIWNvy zx?K1I=1zY1{rz0m$85!3J8d4GPS^p$ahaKB_A3oI`l0L5Ek-TH!%aV3M>7PK|7{h= z$jAiaQaN2N*LBONkd(cWHmBOg-P1s;ur?%~$^$CU!Yj$#IFNDIq?c;BEwa#H@>|$l zR)Iaqk6YsH!=uSq>-OXS$O;nC)oQyR-zs>zp1TZ0l~ius1L9BC@kkX;ViHR*Id-VM zB3lZKbr>|vi>eB|Oq7>8L%mniDAwn3-)CZcYsC6``C#oAiu=}M-D4TGObdTU-_lfc zB5qt#U)GQ_<|Bc|v78Rz`p5o#I(5FKL*W|eP9@xO{GiWBQclV9g>J9*oyYsP zhj1#IGj*Tias~{lmpIfE<*=bc(qS1eGGsTlw7D>)107f@&7GMxaTL)lBy!VO zi2$l#WClhi?J{rqJWQ6x2#tA)vw%twCAx3I&IwJ0R+QmTw>m0QC*!wF7SR->hzaL% z#&@}cO%-!aR1#KOn1_Sj5#`|Qu(viFyWI>P$OtRW@F+K`gu?N5GuGMTyj#Lv)I0H# z0w)cbTOsRziW9Ah-OYG$?1X9fIl==!SwQS~bnUUf()rGO_+&S)S<%E#{`2YiNNevjB3%-ud#GPzirb~K%-;#l^{J2u#FGF7 zWXg#V6uv0FppOCyqm|+fF?kKo8@^`5<9~P^>ljnT%wpF%*@kti0*#N~&$vTpKI=73 z+FN15hEmOd{`;+-CyI6f(N(Y7$-p|O13~;f+uuevcMrsj94-jol1a^(xqrXF)Tw`` z`7Qz4Xbh*XcEFrgD4J;2s#eBjP{K2c;%k~Pd=Mu z!B>8!&5P15`4}akobgHc5h>_$&@K(*Rl1&kW-sl}j-le8*--?6nZSn0p_fSyjQE^I zYyNTkJe7Jhw;h)K!U42-<)KFL6WyRhb&gBl{~S-%I>)P=y)B;Qj2X#uJo$bT4-K!! zgcnH{&Et1JqhIf5wm+EjQ)bv!> z{c412J@m1gTf`HIr-kjHd3Nk}pQvuzbcz|_J9j|>!2sNd;fkil1%)9*X9PWflJ<0r>mTwA5uk`0kBNfN`dVAk+uCR&?>2!H+ zsj6>2JH15}vRivkV0vO@+SiwSuF*9`_kL@-9+mMtM0q_w>|au(%N~LU*}$={lNU5s z2aBBnU>k$1+^9dJp|);W-y(eI?r-f$EVgrtE(BZ}L4AEJU-y>0<%S(>3!D{7GX`#| z@H|RySiav68<)#~T6ZXR>tDsuf|F^%1f<}mq@eBUI5kBv_>dJn(o9kbIXN<6*&>%E z6Z>7jCTv?L*u%1VFWXpl)d+c{zTW3`;OjF(d;@YS^d^Wu5MM65q~9^=3+9~@{l=l! zP($4WwtoKV;WDOl`;^3tRM}1V!yq0VzH4S^J3@o)!yPZ~17_*G6kLN$Wx9aY1 z7<`la79+@yaoPw=F-Rdp1ELFRw%S?=gY$E&MZOriNK5*6S2pgA-El>FyLguqBZZ6b?BmsOIV@Um0#Zy& z8j~J3PlbEJ;(#m>PPK&H#ZkE@`%>%7HW@PdiYQDjDUT1vw5xC^2JHhP@lJ{E8dkG8 zC3nWNyY>#Dx%8%NBVVcM5re2Gs-^vx3b9@k+f4@G&#yt@f`zMnRs zi@EBc^;N06wdK(EskX7Xs;lK;#bMxt9+PN+gRDpaNg0UARyHV1~y#T<>PZ+n7WHSgN(R&pPi# z;}^;x9?B6NxB6e=s3nZFsldtZ8eKO2#_HCLf&RY09z&V^d6Thn0Y|?RHE~6F{7tMX zph+0Wm*Rr)z}e9>EW3nLeKv=EcS8gNn+}trP%9@^Fm$kCv^fT&W@9p*hyDBMw1hO# z>}x)KFsotgc&*|kW0h@XclS7^6uwwuEzuCzO4ir}9&kq2=u?B3P#hd=EiWbXdSsj< z$EL^A-h5kJfX#Q{pkjb6o)&EJE9E)cSCnogl{6Vr#?IQ+ITXREO=z-g;a~G{@K)sz z7H(Qa#mOg7uEs2}@yGfM3aSQKJ%L*?f3vgAiP!dAC($jdqY?<;V;hD*C%LPU>Fga7 z6KbVs2oAR;Vrk0>sSMEGYIm>|guBpS-?}g>uWaO1KY)7%Gz*gP>8`p|h|c$oadUHZ zu#l!~~!^x)h2X*l08;^Zf*>AS4kyonX<#WseOvP3Z4l;k7F89=c3r_8<%7=^$ z4?F?i)ZnP$=<1pIX6oyU3i9~^C{eRPrtA9!oDM}ZpnnEti`8NP3vKh#QJ)Dt4S2$S zbkwG`H5ApepO0T?H~`g^icI__tD^3Qx(aS!OtK$1-N~(5E;)q-v{>pqtR3`45F(Yn z#>U1HATemt+JrqS`jt$bUt(hWXFvq!ES7DPIH#E504WdA@R-D><_kAqpn#KmEuyUl(Ycwq>jU2nW%^fCdB|av zOIRD7thyaqIWL--@(`X%@C${ly;p5WWShqt0< z4j33uyJ*hLL<@ z&oh?sJ_^!ul>!cFJYCruihl%)NzLTHyF1>1cfaajDw=CZ7&ON^xrZ-39!bOAX0?aQ z0<{gmFU!3nvzox*xEHHqLU-tD*APpSByeay`n`#8N@#TCII8 zE6)*@0NstRFxCd4$h(xhF7}4UFR<2~w>$u4__GMybMXX!?++~&y);8e}2=^M83 zV`nXK*eXI^#t))b=1+fZQ@(H!!W-ubYH~6XUp-+q>5v2ZoC|~F7dxt&;;v91_Hz-O zc-2o?r3@wUlQd!JOB=@F;juxnp(I8dqH+UIe~4W37#MDZ>p->S&vX4^iA1|aakd0$ zINa~he*c7@J8$O|P};(R*-ek?2_`?Zg4Rsm%rYRvT~nV0=IDv@%X^in52jXNDwC&g zy<q!0bO#MD&zmHs- z;+H=ZQGXsuns?H_Hvf;W-yTJOpCtcGF7bz-2EOXg@bxoPq>v7O)TIM&%ik_7T|K=F zN$-pdQYb1RA_i@heL?g}U0r=^XD1__WbyrdS#NLer-S)=`-Axe7+APG1@rEn9{<&z zFaS5;*Rti!E2XYbLcXKZQ~jZ29uqUchNNSkpZY9wXb2b#R&53Sl_k|qzHvJR zk72j>HJk6LL94Dm^diXW$bA2v_c{8CIh0Uva4`6(a_B8Z+^Gg=*>|~;J5oNuA}oBx zeFZ9DcfX;<#ks<)-5^JIl2&(B~nAW6Iagu>wrS9yrcXsDyjK6R25Bfi)9_byLVEfq7G|JqkSZR6I+QZzwqcHlg-_oX2;Y;P~N-1jdq) zjzKIf=(yO0; zrZ8r=CRhFDZ_C!N+sW_U(bkgUmimm@Wco|VWcP=w0}6VXn7kFyR_)OFfz6vP@YgOX z+s#BLl7L!9+v`XHZD8`q6kCV+u!TzLeM(!%pt8%eFj!o`{q+eLqUJ>_8}m=Cx)

  • 8o8L=YGCqcIsgE-SAD-81zI^enqXOalwBtp9bjJ5HbbC+6kMDXA94y|S!l{^m zy*NV$kN3tCU0nf!xbIs^UnjZ{pslmXA~&WIoS{auX#@f5}iPpub+kS7`VVF6nC`G`Z~#8f9A zE^}6Yf43C2L~VGz4q^D3yQXr2^O@eRj7jR@PCel;i0QGDi~45*=bk3~z(D7m}`lDQ+zh1}lRdCt_Ofcs+1wca>K($LeBQ&WFyY6^rLX65E$ zprgOHw3M)bh8llgTtx5(`sh#2wD?AQc%!6@ArX0duu@r?^&dW{z-V{CjnoQbv&zDw zCuvk{>1ey+*p-_1RK z>Yt`@zu(6iN^R~nO-mVgTyw}7yhB@h;liwyEM_#0;CXv)^+lge%87hnlS%OY3h80d zC3JMW3haNil;&ki$>=Lg2Quv5Jyk8cETZ2uqoTTXY}T3$t}UdV>SM>A^jcF)_b`hmo zyh0L)-3K>P5L1X(YMF%As!_ejw^ULX44`X&I%-;4Xm3X0-fVT@{3o3eM|Tg8fZ*T{ zil?CVUy0yf&z`ySfWz_DA~b=9SzFpIb}o!H?;QSD0$#MAm5OE0_O{+famP!;C?wV-B#R34B?ZGd$dt>dgd+J*EF6>frl0dU)*scJLc`h$3{Gs<7CGb9`8` zkd`f3uLZ&wj8B*&L;ce*uCA_UyHjDo!7nckm*iAbVr}P|-MAvjM;e{1>>V7G>;IB^ zi$OeOo|8M`ih()f<0j6(+VFW1LQ7VavYsJKp8B_zL*&;e=+OJKVF{7lTvGK!7!=)v+jaeEqo zqeYKDq$3qW49dKhJK*m`$lP1|VhTh0m$Go)KfLuAdmB8WMpK1FL5*O ze$z70UvB)e^GhBDvp3^b3rUO{FjuJ!-NpDL&vXK_3yl?Do>j$Iz1pHjT@iM?vdw(s zrHr> zJmqDHKb5ZGqTj_JSSNjId?M2`s795XJR&;5Hx=m7U~e)M(=1k(5Y@e|*c0HeI}qRI zVUp#RLe|ETMM-YW!s;XI!MC!r_ys|6vGuAQPCJ#`PeO=cMOul}S6S=j)bLxW#R9R+ z_Wcgm5<-)G1<&;lf7wN3WjP$iSt`5g7gJ8MGU!XLiuHEt0;E0GfuIzjG+@t{dhJ!x z&s|xROK(;r|D(vmP=dUR0rP3wm~TP??)~j0z;kkHDpxK|u)pycw4vUIgo!GqvlFT_ zWj!dGB74Qpff<#Q>KgaB3HBH_s5l|Y#UhDFi*bbPSN-&!Dv9uUji0+JHFyvJX`L17 zS|pyhII+=Tu_HT>5rUjQ>5C;?ZI{7$iX08;V4}_UVb(ilWJ6BUQ~T zh1(JzdRLbVCYH%}9J^RzCoIKyoj33(69B|sh_V57p9V_TXU#=&Lg3k&cdcJd!U-B& zN<5opB>ZjMkl65dUB!8e-BoSkr^4+4AWv`e?V2;Q-7ntW|7EIkofq@n>MKwHKiE#O zx3~FprE_jAJ0jKmTXhPdXe||s0UGjo9&@sMZ}C-bX^^ag13A>9!55G)1v%cGT0%1$ z4w3U(8d#dEt=!AKZkp~;j>)9OG!#G44f+pm4&tJh;Q22kulPlv?s3|~7dX83dC(>F z5za?xBll-iD7Q8z7S9X;-|A&-1dq{32v7njOZ(OK#NP47g{G~%cYa?F^WlGTTlA-Q zY2Q&I&b?$0rhL1O%F@oHT3pUAY^=2T#OhWe6zhdBYz}ZdJw4ZJpc-lnPqx@SNj_~k z+Waeq_^v$dN^VlrveyRW1iC7v9|zQbP(9w%g@dmdmX6ww_-qSgbQyL1+-!Z)XQj_Y)=!>cG0J)J&zKBP+HrnRrw4+ZLG6p~+5) zl+C>^17&ptg?EB1>1|oOv%1E5^x$lNe`7%MAn8oQ1JovOI672_05^HQeK6y9bqe!U zi&rMckPL5bhI%(Wzt~@~QP928nPrjAD+il|Ub`vjDpGjfmnHPTaVv|corzo`#?k-k zt(Bf1;$CNtU!t!S5DhJ5S5xXX4j1iGo@0|^FIzw<{j1xko?F;I;jk`>^JEt7A zJ6H}>lx1!6hr&PQCu~d2krCEkAZZD`T!nJI9U}_1+%+p2o*LM4k8y(QK2H8)tpjh* zlfEHCYk!)jW&dX2uydJNuXM3@&aK1+>%9>a|Yki*)@> z!MbrS#=ia0R8TRHd#yP*h$qzE-syvwaN4A{R#|{h4|Mcfc4871QXQ+=t^9Nd9xW~r zs`KSM`G&`*g;6zjx@HM5G#MK%Bu+i&P(2@{$0AhOOOmXhmon(}+!(l|tktG#aInta zJ3kAa9-~)nN(|3aT7PQrZ>p2qbckM(yZ40Dq#cRuP#j|%{_FPcB_}(Ud)bbui7~My z>f~0o^iC@3Gix7VbCoiNJa_BiXm~cfuC5QFB9W=7qN1{Bq9`S2hhx5F*=ZHCm*jo< z6+?zDkx}|DW?Ep=zVG(V{9Gm;#iwTjgKXLavF@sZ3!P-c9o}~?YF!6|?!@ zvX-pu+rjKQW;$P1KQikn2_-vpuATa{w&n>C-&Z6OFA~W%`*YVOB;j>>liAd9SOpvP z!pKt9j~rasWr^D3-0^}rEdV7g6&?^Gm6EH3%~=Tx4c;IGtHG{Al|b6VRS_FctR7Bx zNDopCdK7I*zlxNNAQvOSvh`OE4DE#0H5Rh1`5G3(RCG^Cmacz1RhmwGoV&a9JKFc6 zx)efqgRQ$X4C~h6{Js=_bh40)(@;IXBmxPj#Zm7{0aq)SV#AS_#1>GKPxqK`!K;;` zAI}D4hK?+ZSH7kZ! z(#F)d|6O$g9VY(M?(rsyDkNt2n$=i~A9tkxeS#PZg05l#fh=} zKOe2zgnQmDMS|{cF=||%(|JH56qS}|%H49_&?O{sl+Y=PVH!llY6XV|JipP~dwe@G zS)L){e^6yzEH;xJN5ozmdbpwqqDUPiL^wLmEi*M%UpT-v)z^Z=s1(nQ))Y5697sbv zA*VNcLTc={hU}rhjkw4C&5|T4Vx+7U(ouAM@j>)b#S*mq_%D0x6&xWfoUg(X7T+E8 z@NxE3Dw=apZI~rJF1`ZYAAT@DS?f!Kwt3>=6}V?B&&;VIAtA*eO(C`@64hsn*632jNW4A)Zz~|66H6VVIHcFO0zi z=V0z{Cm&3W`6{7+&@W((nS5eBXcpfle4hULOu0`qt!aXmNu{km6 zDf4bF=N$g9)Co5Sr-GB1sIRL_l@{*Gwpz@EGuoEF^ZW@1d%5{&!bjMK<>eo5xMZ>M zI8EOjlB_0NUl{mRRlg&#Mc~oAc!YmULK(PksjsT#d^e`1GyOkR4hI$b2!fk;+m%gj_>Gy44xZ>=JYX0$Y6{};h>UHyx=boKf=;aEP9 zob0Qfgry;!*t! z^fUa?y!knsH%u$9PPwikjdy~BVpdqb?Cj=cy$N}nCQ~F3Cv3;XcV?NERaw8cIk@A1 zU1quNm#wW#)k;9>gIZ~NtKQ^vV|&$W7%0t9URg=KtuxOkgb!G?cb^1T>;<)HD;qiR z76pIlv@23y6)p&fDhQ?chdw;!7M5bPzk=|@Xe@Ei`Icy{cfBxP-Sv}kx`xC9-#Lf5 zN#7vGoNBWt-EHV|^c3@NNj@A6PQ1(&Z)QIDUsbxFyIvgdiT+sEEK0WLX|@sARFvuO zl}}ykBoE$o$}k3qos8MrobAaPVBm~+L4#HvwIF++S{1aQsn+vips zTVw|7@Y@i?n6(e^753W-7kihR?IABKqV!%gE z5HEFi+g^W{zdjMMU#jedk-O`f+nncqV)e+aDUi%O65~K|*`bdKw7%s@p4VjI$TMlq zh!#iLo9)~QStQ_f4_1=FuZkS1I27mf$c^q*`_j({Hf-FB*+<6_&v+*=UoFM&P9v>QLs!P55irLwRa;|I$J*ZB{w+8-%NUXxR@H({T;)+_VxZ=dRQ8IBima6ty$PWE zAk4H>K%`1E$#ctF5xkk~=J5s*W7F|GmeDdsk1VVZ4GE7PPYS|1l{c?9jKm)bLE+sf zCJbsxJCdQ=5OHXkO%zCTo6d0awYW<{T((dP5tW1Gn99zqZrR!VsRu=zicFU0m|)yf zD4K~vsjrdv7wu1$4d9N0z^KEiHNBzPHs(13TSnsK6c*MA>ajEu0 zO8bdzv*pu-vTS_#vulK1dv9}jt7czI?aobGd_J3O${!6Eyw76EOpStb2$7L7a5p+#vFALB}V4a}iTW>n^pNk4M-d>u4Z4^y+0wMFz9(ESt-gMS(N-pw%?+r;Q7%qvC1KJj|}2L z{k&(fxG_@SL%{Ugc!2{(e#eit(Nldm@%@{SSW%QiMh+|0nvgZgI9aARZ9K-gE-l?S zG=(@pAbD7*R(2`Za|z!*-BF#iCKBYW8Ku#2+whw+V(8_}u}4?yl>Nwc8m;YWRdc5I zxDgp5gS6eUbVsIDOnR@f!Lbc-N{djxG@(NFwEW8M8Xh-Z@=ia0lMgCYju8fo14W`; z=GCS2wUg-X0T&63l4-b<)h5d%)kLfxXPs;8<<9pqz87$+3T{Mi8T9woD4b3*DujK^ zjP_hCzds$VDJxXoD3$e3D1R7Dj_}CFDsB|_5etribGV4)l}V<1-lG)EGjVg_QPsAy z`?}CkQ<=&VptH2%7T6I}?s4mA_(;OTQ$PC9)iEpCb8nbq@kcdsy@~!RNAzQ;#fRSR zCDnbq?0)4X3}L6E39-{Y3$Dc1d^KfyUFeg0vjZzSxlsp^8uOy!v=4)TdB&<8TCdezxg7{Qrj{Uj zZ-ue(klhmwrNXl7B-P-AH)VtOM!s!DxgmU0D5BMQuWR&T@ixO|_l~q#;B2BmUz3nN zNGI!XU_9*6V5(rh!gI3BY*!C%SIc1Y;=XepEiBlM@5RtoU%!tr&&DO;0(};qJ?i)XqjAdkZH z2tu5PJfb;G<~E*C!`OWwg}+|HQHn(-p}AU<1?qG?7$~47T2y19xFw z@!7LDdQye>v{v8B@+ym|*YHUvaXwOE)%0&-wwFrv4ri?Mrvv{BPp1UmJ(vjfw%+O+PkjlnYgrbHDKVR`t!g&@VB@ayLQ6+W^ivtrQu8d* zx=(pbRuZQ9^1KZ}A>d&BFuU-|yo1y8+WL*D+e157MrYatB^i1eFn62%#GI4H!w7i} z3(}z#>-L)pEC6CV&`d~tn|$J_whW$pO&9G6S_uP~8fYKOi0o`JTU;X6d{}2WopQKq zHe}_xhPWNw3eI};BWwNv4G!v7x%=g~i%VGh4_AQyd8~XwiWz15i zO?vvM*|pxOIf1&4z*pw`#wSNQnb&8s#4$cT{?os)T6hg`IQV!O#rXj>sp+g~=^)0L z+L9m5xBuj@9*rdIN# zXCK(+v}A{ylB)!75>Rl^zghWV8QP6AVr5TUw9XRT;Ly}^kU})rh?)(+HfFW-vo)Kt ze3)sB!gom^r|1k<7QJ`9v3%)lPMM-kBWt@NgUEiy z%)-$%RKrrdFFA=pzn7W{yLyDZ;25fmpe=rgb-?jDwwF@ki+mJY}dkuGzv zf)sJ(jt%WS-K|Zg0>pw_dvRa|2-(*mekaBvAlopxc~OtFd=v*m@Q8H=MA@>dklhJnAsK(9`YkIbrQb(fxx`^g-db=L` z>4ymdY0KULE(2mS+a9hzVKUS@zZ`EgN;p@OJ{yrK`G=xW<&fLdy1-G`puc&rNjN*j z`$!l$ifvI!WE^Hkb`(k)O=RwV??DY7TaLiwrd`dj(tWe39D6*0FAw(`dZlN$ikfpM zM&0237rb?8;rM-7h344G0UT&GUKDPt^a*zd@Ml*0f!Ug|?T{qL9g#}c*Q=SlyaWCH zZv^;KqJs&}kk?(~=SB;>;bUWpc5^<4SS`un7lE`X9Y#eZ`wDYFJIUY!Dik5faqeA2 zBEm$RUMfO-J6K)npIN4H1ksCP7l#Waf_9ao7Ka}3{9&)YAFj^mDjPtPrKUS&T^TKb zom!J1k@x5l32I89rcW&SeO%w_(EDQch1fO{(q9ts*BRh*1PEPfe!U}L&1%p{KC=85 z5{UkzBLR$(LwMTO?gUY<))?r$+(y(kOX(QV4j0Eg|GgOzpf|D02I0*$Hl}rsn zHjU(6fjT0Yi{jm^?VVm9$70^HQkF@T3!E62JDp!NQ1%ISRKj0uRHHd5xV0-Khth~# zv@1{GyP`aPT7KeepGwQ^Tg}l7Zdcae;AH${ZhUWz7Hk}@GTewBcLXWA4N>`5rZt0G zu2c9$1p=|Z>8jmA5Ez8!Di~bV`vwcd^$;ot{s%%u+XBeKy50G0DR0!Fl9zDRJ`qvz zd_aLfD?j*%A-dOCR!kY>9A=LKh?*yde zcx#IvP*Tyy$I@@Zaf8kEJ5J=Z^?IvJ>5l}YRJ4IQ_fA4AH8-vkGWhkvQM9|aTM$Fk z$dg4X=K<#2slugl(=Io57VN`!KTE^f?laS~#iCLlmt#Jr9P1qMEvB;+=t$Cp^L+`F z4S{=o!x`8Wye2aWwTvrP4rDYKe%vGPoB2=1Z|GEELPtKoW-Do$#rm!?E16H&#Qv$x z)R&`0;-O&{*gUJOI$p;X2c@uq-Oa1>-NP3gTiv-WRvU-=b7~i3?%I3H1^qVgzZe`z z_$gFv|HK9?d;CX)!pBS4W_(o}!_}wSiL6l*o>K)lU-P9n8h)C@5d$2AEfE_ZX2c>A zU}f;*1)tqY{-TrQZG-zmGo#%rEVaU7)p@zX{~b^|$?v)EoZi`0<^ryvU@1>>$(0;t3d9MBcapd2 zht{N`#l}+RP1O8aZ^^?8xTU(R%iM4@4Oj^=tlC!4Y6bi~#;_H7^Lh;f15dgjlhBc} zTiKqpia7#auLh-Nx)yJ+@es1H8YaY8+kE=oi{L=psDW{0w4=lPg%&c|^omog)VqhT z_>LJ?8cq|t2WC1wD|B4n=&0>D==p*)Bm$J~$E`^a%G000Z?QR!vYnaif2*$M=!Wwp z@19p$r}4>ANwB;3*kKk3%F+lZ5F?SK4y=EtquxYFfZdY7R6waoe0 za@>owp7kX&N1V6>5($6B-T6RMuU&Ge^OI6E#iD1RYi!S@2$8Vz($#GP`!vBK6g(VU z4PC>iFOU)W3Ole4&0s*Cq__$tbZ#R52=h(-MmlC(mQw&0z5&^y(|4@rXsOPJx-rz= z!op7?O3*nW2i@5KRg8?yWMkb|D_aqeyJ2|hpM*u`EPsC&bF22 z*PrUY%u7eEqEiLoP&Jrb#F(QSa) z_ZJKTo;+7!QiJ%`DXIBE|GZN3`>8CiKTuYbF5w@Rl#x-k3Qc&P`WmpGuaJ~ zekEpaL5iD@fQhBtRN^WmXy-rMmy>V)Su74_I{UWV;NEn;@uGX;$rgtahOktFgeeDh(4DC(L!|$iO zcy&!X{EvLl=RBPbx8ROPxIfdTaumFE=Slqo%g8k0@JfcaEdSSOM)8h|3fpDPOY`Lq z)9sfyLY@RmCC3zn(}_O?>C*60Sj`+E55hgCE8_t#i8#Mu3#o}H*>WaGOmSB@aowUk zk5aghl+j8D3g>ET$9G#AEjSQ1TpoUy5gD8)$^4&q2z1sG0G+ikTc+@TEMk`Dff_Ka z#M01!+$Uqwlp!etS;jg><#LpSu9Ne9Q{&ae@BCd%lx_3JrYjKia|KbcC;Mzsj8C#8 zY!?<+qBHTejk2e(DQxwa%C}M?f(cmtOvfl$^g7Ai5$RoyQ_9)p*Bbx?b7AX)`C9c= zK*kPHlxRa7I`Gl&AxS|bMfU`y4_Twva@VFmoBNe@gTtCuydoV-q}nJY#T$ zv%T{5A<2IT;fspPz}f75t=3gnX>KDNmemAZ z9I2T?JrZzBAHu%e6kFRWJU)cX#dDA3l+*afH4S+^vc=fI!n5jbkPh(4fcCAbD}wNp z);HNUfIn2AEyAXQywPq>c zfJdU$qZXLI@fGT3w@XpE!=Vsv5fKp+vwm4RtDm{SJU2u{#Nm&cGRpi^RL<0Eo13ef zn^aC`$<|Izfb2sp$H2E=d>x*~sX^oLasT#bE48#z46`P&Dty5K3QBDI8GtFmu;s0&!NtK2Y3 ze71K)26lNy47z_gY3P(ELdY?wb#!9k?_Z3TlLNJ;yB@EsJ&x7}2wWg1EzcA`$BHRB zD*+k^-!f{Ms6y~O=-BX_4m!M+@WOI4pK~7Uo6L1SC#%OOO3x2cT*Y#Z+0pUM(RJXp z7ip?ppx>1GE%_;7{*$%hrL z#Mk36hju9{i&PDcL9Ip0WM-Jiqn?MxV*C#hX(<*ecNO1VCUd!MuEpKi4r~KbjsBa2 zJ|;#@lp$>--z2EtKt+QS7f9&wQkvezY9flnM?Gd5P(IrjBfvSS@)GCfB~YuVzA$02 z`)^cdLi7d3ole+^o0bgmFyx9z`V7_0bFb++^mNe5O||wn3pB4e8yI{F3@K!TrIK6k z(oG$&G<{omq0Oyf0@y}1?1P{fZ;rxpgSdm7bhdo7wTX;E@K~(pF}1zcMG|MX7B9FQ z_A^xQi`pUnE&Se#w(hL*(nm_YIw>f~Wkps&5x!`YIV#+|oJMPviq3{7@;gZ?HbaH| zwIRU=^~frK(uaMG(PDEM;0MO{#dTVC9)~n2fcJmd;!h(kE>~8ih^|Jt-J$IOe0(() zGwn?-r_rU>)FLbh;fb-L+Lo3vwV!|Hc7H6&OP3|~vrLH#sv!~)145dhI4yE8S zfBFn9?sj)~=k~mF_O;9YVUrb4y|lC*I%`#x(wuUrZBo+IK;vvr4*%F?*Ws1D?eBGT zA6)V+kIGr0SNurVH7=~|;m8S;w4z*yz}Pm{2IU8$v57YZ5>CaLO5lI$;-|O~zJIT) z!^v+S4gGa1K*FSgwZU%f5P`PyUSn=9>FtZLU5&H|wjA6=q}F6;JRFHrG4i5fXy8j? z4>1nN=#I&i9u4hi3~1LSCJ3YyfDox)-GQNL|1XKo^OP{-k#9-zRxYT@17s}pFf9bePkug!Wv-3L2>;x9KOf3Dwx?z)ZU7IOUYL+L&~iuw;mB=m$^03U zh(<12v3deVxeJGo2X7n%ln7~96=~wWr2^eM6P$M$Dzstv|6*nyq;#;UoNxYu6jBNB z&Q=~(EV``@EkUV^@bH=ala*Nf;`SkXxE#0UlY4VLLLm6#^UDsWLp>w81L2Na7oN}1 z+=iasSjb`1qtV5d%D3ClXMe8(zEHu-0Hp^RpnCW=RUM6a$A@pjqa3Z{qv+-{D2N)W z8i{(}H6He%slF&5PRfe3B-{lTB^hMBc`}z#lUl)Lc z2F2Hmvm?U8y@$IyDAUHDE&GQNlM0T9>e-GdioC2x`U@06lNXnC$ALz8HjG5QY4?{S zacn|Y-{~5xV;3q&(onJqe!=j+|0dqAn7u&4^uP*}3qg;{3Fm{Jv$C%+v4nl~4kD7r zrS7a6!`V~7BxUAR^$AbZW)8k)99 zyTJ0#MC=n6Xxn7#Vg1Qq0Fs&N!~)ktJ)h=p^TfQYB4)^sd(_>iGrcRPik8d~dvW~W z3)q>?@x7kOBF~O2y(z&myLzjPX&_p@QCNFrbE;;UywE#W3hMDLtS`_>ds{Fbv$urc z@WcO77wMfLf8N#66Mbm!_pjD;_3m&gg1>kFr@*Q2Gez3Bd_MR|g`+!uD|hsvz^l|S zYzqp?>JvKk#0J;8+CwNZq)31eN>VC*?jvof_p(PWm4uTojjd-WJVz3sfYXtWQ68V< zkR_rI`%m-qnBqDbzwP+3cR{ZdDjEHIq|%c8-j@iJ;2I3AIrRchkCQrLt^5ujMjd$o ze_cGi^W9$;1rf~bH22Ru$1X21zf_kD2AFWRa#^w*s{%^nKI?<)7zo z%Gyj+F=(lq+VQ@5xtR)k6b`)4vK4Aj@Q2p|eJ^pgW>Gu3O8-?6u9Sv=jGXOsxVW{A z07m+G5ACB65+W875=u_~*F_6QGM(Kw{* zxITkN>Zj{?K9L@NPwy9b$2mgsK(EuB+I$;|=FEdlN2Mier3txK!qC(zS}VzVs)lMd z+4Za7d-m__01H)ObJBxe<|T}pKSBix(2x+1_L4r`Rv^hx>(hTU94EyR)MH+UYa;P? z*T}#a}Yxt2rSQ04mi?ta?R$&^H9Z*3tb;59_e)%L24l|Un^7^t z2^ebI)(dAE0G2-9-sE`W9fPx)lbLX8^}aalXBkd(c3JKiv*+7kK_b~9q5(?D?J=!d zMVd}MjEO2(s#0i0YCjVl7>p{}D$&*UwU9iEstZldlJ4!RqPX>0Y#$Frsf@c?WobY) zcD4{f_`Pnm`~2Uz6<86%iBn-;h*CD4)c)?CW*Iy(a|2uTPYAh>jJ z2<}b?cXto&?u~R3+=IKjOXC{co8a#5-Z&iI_dom0-gBL~W9{QI2+m z|JL8x@WzI=q|%9-nzzCSY^u_=?ZjH9oAP*`V7}`^4dO;7aTW- z=l-lB8O4}hY_9D1EjAN-u*B2;a+=EEA9Kb$@Tv)X6vG^yV=WGkM# zGHwPTzul#&ZaRtUUGg$(R8so$eTJt>{>xi@s8dgUh_)SY^RFf=DSG`_ zMhNBgj3?}L=}%{t#S$-SU#~7iTfn_mwsZFf5SQs4W`<>Oel??*STDQnGNSom3$H8h z!d8D;x4r!*R0N=iGa-EFMhsHEzs_dOkTT)WvSO$$!%SXl&+8ex|ny{b(sR_C1d&SydoWG9|_Jw3Q$yEmru7! zQ;IRBZ-1Cc5kCGS0o*LhxSxhD*i$juGEjZ;EwR8YX`y+dKDu0&3;ux1R><$`>*B9H zW8;uPNBh_;uySKB|8Q&P^MI`(fXjv0(vWzxH3}zt+U!dk|L5Zleytwl<{k0{eQ{Ymxy6_43Q_x|nNPU+jg;r=Jr(g}bQQbo1vp}M^8P?j13(~+#x z)J1off2rER(8}7*vD6Qt<+R4_j<_f=zjSW9kEM~h_k-KU)Bu||@S#H&Lh`4GQSL7t zo7-4ud9(Mw(#-?UFR(-pz;9d9{_VX>q1&USaQpAP*Ng6b(>WtQ>WE4-wIhg~558p3 zY`Fbv=)NX+RFu&6^_-<{QzQhSuI4+;Sw0}xlB2vxX%KsOHts?eSMR(va&W=YbniU# zZRskvv^=rg5QMth)1t&QgHHo>v|6}1k$TgxA^AU~kNY?OhxBo!hFVJp7fFNE8#I6* zeY~B0$5VY=Mh4@*yRBywx!kj~P)|Zmo8QVRD$^^U?@IYJ%*4}U^Z}{{2RF~s`$MCu zv;qur&Dexg@0X<&pEHO(zulkypi(Y0He*e$< zmwhwkP;V5^)zbca^n0%853O~Yp-|q!(K3(mxX= zf7w-tjRMf!F?r}&O_r6`vNB60QNDJiUiAsaVeB_-tTx0sc z^&$z1LKO?HmR4-?3xozaV^_Cr6WoMsgJq`X`x2Qd$~H0d?%JU)M$2BxA_(Y~J1=Nb z_+rzCO^rp0Lz0c83|_ghTik1E`vdtN`Dvc-FCycAV^+x?EEGhuyLx6_c)1-Z?O&4| z=O==f$a^UQq%((DZ@|XUE+Pp{H0wF+y8-peVYJBkI$H0C9w}M57*yP^ZSyJw!!GQk z!C+=>tGU{+tNs-gW#t%Ma~}Jn>B)(u*+A(Ek}+vQ;Z2I-+vY3qm|Frr0+=*ln=Vq3 zMvt#qmSAQ?x~9Q3v3-HCTr%!rqEgyGa8fActgc}TlIP|d^Dnt%O}Kwe*`IHtwm@8y zzbRvq>3B@_do)<6LG}+C=`=^Xgx#{&vVGfxkO`BJ5d+tZb^bmJkyvs7)OG%Ys( zCFluujn#~lr*kjjC0ws+RdN~f&=K{AuZ+*A@lvs?8g7{p8XKFj@k=GJ#JI(ZunTAx zrq`#M1%8R922*3xjc^8OZ9C!eqbgpl_)7DinC>RktRBKN4F=ml#QzH*!^2pV_MaY9QB72g96h-Fl{S= z8APknRixdN923*K;Tsyc7CCiarpeXIN%XH{SGJWX-UkSj*&ZGp#qv+(jxG#V?UG%iloE`9>Jp?!HWqVUqFe6?yQZTy`o^r{G&Y>Gq8HCMOs z{7^7X`UgLEoMiSx_7YbkmwY0cGk>PACF`tmM-L+HwUyE_VqrW;jIT)F? zz2VoOW)p zo87E_R$rKZeeEenTG5S#Cs}YFFUUM0ybOv6EUq0LeV0DOm`K3QNRuWE%B9zJ^0z?- zg3#@y%!V*>av(|<5S})7rh6zBKK_ANPqt)@n6Fl0_ngZ@jQA*lQLG*pUz1?C3lUG6 z?^DXA=|pjK){I{gXEkaNr~Q`=VNA=}`f(xKTsApARKt;AeeOg=o}xkZQpnFD)XTXv z)u{d#QkTiSk`aV(@SEiTADcO!(1i+vOxJx1y4kY6>X%7=zIHA+=s$_To^PDG!#$(q zKf~F11wL@({m{I=vm+^0byfF(EW2$-y_T`-;UpR&@KGxOX87G5%vp&-&eGyRe3f!k z1$z<;^LmQBI>jHD0jN7M<~CyOn(G=Z#&FEJ9>^Siib4vDP%90qfdN#@kX`wY{(2GF zE7%R3Ow(~Y9jEe*OzB5)ac1bEbLCXlOu2c})OR0TtOf?S%YfW3X)9ZfJYaT9A@11C zD#a&h*qR>geQuN{Ceu>&btH!)`_{RuNSfRet|O9HyEoOKWy6t)wWA%5qhOA|?k4uS z_I98C5D&U4y#2gwu9OrjEi5d2$H1XN(^^jl-ieJ(kP{aUyv_UYV~MeZPUA^kQr_yV z)_l`cGwrl;jQLldrko>Ix=%8%NwEb+@N*X-NqIy+iexm(X~auE+n0r9wg~^+7mbzQ ziiR}uxo4?R(nZh(B&VUI4tE>(U7nFET&`d3(=Xyf@BBmUf7MUDU)xoo+QA{zZPR7O z8#QIT>Kmwp&OgFd+1hs_qh7Py!@~-Z z;fJ|EGv#}FtFdiU6Dm9M{Se?zG?-`)CK5vD)(q%Ia^f;TpT?MPNLO19ft zqT=_ajQzY5xgsKEm0CWE06bx1FNBJ;Fb+Mu2RFiR-w$})9x=o~u=j2NZW)JF1bntE z#Bn|@jCk#y0FfZcYYX8-HzD@Y-1MyJnT-u4Y9hf)32Z+)p@`HqUGc&a8=urVDrUCS zkyfIKQmfoo$2N5Hqapec4M@3qzyd<9WQ1VP>{x{9-z=g0#XYe1;C3ASg_D!)Y#@h< zsPx2pXhyB^w+5=Yg(>>@lq#G^ZMN0WKs8^mRMU8x?lV6665Ey)-%0u(t`2}-tIY&< zZ(K8{u~>Qad6x5yVylWq^|R(VADgm5Q1!Wgq}|g4=9=Ot(N+@0>G=`WNB&teO>2aEj{1h7WL$vZo^NF7=Se`jRBZ(Oi0xrq<#V)=DrXRPRc7 z7+S2=5pQ_77~z#_UIo6vVJrxVfo#k{e3UC%y2F>;+aDxe~ovVv$8lJ|m24@{GG4m5w}|QeR!TuWvE2-7aqRC*!(_r}{REOWxw|qF?qt05FPAhYk%GcM7+M?@lK7!w*SJ>U|Uzi#&Rl~<2`<2FmHSMXsWTJ%|sXu$p)Fev7dXld@W++`gad@ zi3WR$VkwzPy(Vc@O$jSHg@BwKU8IY!Ni|7pQdlY2rc8EhSBH-yr(8j>kSxl1dxAwi zy`exX_xnMeO{iEGMr3Bo9{^wOncei_RA2KvqJ^IK$G>!2A9u^T0$TSYt#HHw-?R>| zNKaZ;)lS5B?5Spks2$oBcWaYBtIzk5AzfTdmyJ&Ksh0|4h<%;o<(nvz(P(ySYrZ~m zMxT7r5p8L)G}}|??}Bo~Qz8U)bXrVGrYRZJ zI=?wMI-zmgAGEMt$uzxu&#@>qI%c?Avic`i<-Y=LIc@3i%VKkcE7z}xHfs33NV2;# zUovCNU_R&IctUx$t)I`g1SR@aXW$TCg|{>TcX?v;lt+I(+e1+DZeHX}E{vnjlRUku z-n%F~MJ6xieB|?S?E`MR;F)v!4(zB{>Mo~C2-%_GBPLUc6xrTRN2usEm3U%Hyfrb; zi`HV{-Q}ejWQ$K5k##y?hG;e|{ZlVE73PdCTEhY?D6%U&#Z_QZ%6j@{$0E-6m@JX(~e{gcKns*>^%Yc5yQ56oYi z#)IbF>nTny)NAv})P|c*JQ@hUAyfJ-%V<=QbEIe0m(yrPjX--d`y$fjTW#4|xQM^d zfyo>rGbdKbP?;>7>97l@kb7ffTEPsDg+*gy({J{{JKsf7nmkPz<7#5KaXb^~ zl6Ow)YNkt=F%_BKw5f;$hWi9+=zHcr!j3jkEKekkb8bs#WoRvvDfF9-(0CXNm|<^s zk-j=IaV!i`Ck`FY8lA311T`S&GrY=C0u4(3Mw*ix1-YX}mFhAP6jJdsH=^R!mznHF zr3e?Ok&dt+>&zq#|AFMgtRXozkd;+s zR4Vhgg+12*R|97Em>x?j?_x=8@hrBrxh7Wl*UiCHUx%@-OvTG0uh^4;{aF@(<}-(XDS;|hVQ zs;~1kG{7)=?UD8oaTl9oD&^T}d4IcW#w((k%&7>7hjCxSQHO)loE(y4A{1h^e>1X_ zCN?H`?8x-60C_a2FH7oG=s2b(EuPy!_aEJk&6J;LSFwNV6T$t!k!xS6PIUWhtq$N9 zkxsENo}lcStu*hA5y(r1l%$vAs3fEMe=IDNS|BxhejtZsa^7@KQ81>Xn@=*)af9lz z2#VyHsONks(oBrWwLz2+%hAdsK@94vRH`d4**$kkjKSGeT$B}|tHb5wSHmOol>(sj zu$*)#rBOH13^A{Q8!@@O^{Rot4=TR+w;?#QwsT?$6?lA>ocK8%0qo0$Vkdr8+s!8) z470^5wq3=H)WZIheysGxi2d{XE47F7de|Lqrr&|N7|Y@0zNiUDk&ydzCWNdugCmY` zblX3r|DbfrwycGPeeRAk+o19b4Ehvc3bdgtvIY{o=T^n^yy%cxrh=P@igvVO$n@C? zh|NZRx%2plN^CPU+UMc!8*GOT9veoqJ`WfCBC<;P`is246(W7Oa5NKS`-R~L_&yYe zhyoD&>3RnZ_cCLDCJXR-`q>KGQPu5EWO3d5C@z=Mm9*ZS44c73O4A^v5-kw8H@NW8S=)8Lrazr@V^g;L0onb{6ORj)gP-3e zq!=FC)O{sXd{~pIR48zG7~`KBTSDkZDLfsZ9a-`IU`x#ZhPblu@vzN~=MAyb=uVl(?!N1VtWCb}|#+&tX6awDgj+M}DU1huU1*O?% zqr-*B&TP*zt+tpPM)>_By{FILT$_t*_|q;Pqqtr1RICW&9WSpmFFlOh{XnhyKGUw= zMRL!Pf_nIWsiH;?-PQ%R;F|9ULcvA9O2)Lpf`{G9vzLf2HcAqY>!vKrT9jPuT#oQV z&o7K{(i-w~IwBjFQ{JTTVIJp6#jdb}saRQShTH+El00ItUSn^Zbt#9!K$L^6sQZG| znq?Ke_o{7gB$v(&Fpt`JY}EiAYz7c=8)BJ;euph@I9x^w2Y$xPtSllUH!4gBb-*95 z&s{e*rgvTOHuE*TF0*{SoS&EsQw!cp#|uwV^hA#mYH@)P>BLe-b>tz=?nqFE)~Xul zw?wb#<4JT!()&+|kQ+Ap6%0m`Z_%j;j2p7*OK?-4Ae!>_Qfo^qC~pCW;bEOa|4g50 z2IQ!mrgbNl_>@0Qr9%a)b?4k-{D5MLTiz+2h%Q&ACtX98BSf;nhgxSMZF(FNoEtD; z#+%An(I##uCTz#3iQSh=Ay%_-=vija5xv@AgKL@}{R?OD8#PKEmV2J}^P>9+)o4?I zC9@kNWPh^om5nUk&@JxlTR}w!1M{o;r@p}DzC6ZcbZ@za`JSZ60<=1e(0=Q-(povr-r>xg3aBs3xn z9+mfc=Tspg-!BTwj?~s-ndXyU{(GDaqC=%hMB--7?&1-o6)Twd*mvzZ`>?`t25378 zUK+|Aq2AfK<)2`sSWlCQPu>yn>6;7=h?X*AZk>2n;!D5Y;xX?V_MsmCXh{V!ECgb% z$w`o>z$Vub3T8ya1~E+ zLCsgnlG%683~l`I*Q)N8eP8wxw8G6hLt!qn^fqO@IRlqd9_sNv@Nc%Wj_%M(I%C+t z;@*Bh!+4P3O;nx+xqU6cr5fZ<=O8Ly;CM+UD#3o1@$TjTfHoRo=j52c=x;Qky-Ic5^n6s1m$|U^)%UYMIK8fl z8fNb2U8BTS2Rgk~A!&~S zp=n&J5q_N>4qjgZwlcv*y4`Z@3pe2SdT^KAU*q1V|Dnh>P~h7wpBU<**R9 zU;{fYTPH}WJ-oMSB5rXl5UZlI6DNn-39{Srgoh}|n@YBPv2m$u=q@qYw#hH81zNcp zf!$DseHBa(4i(1RetPB0+t5xQ*Ey{t1H~@u{o*3Atmi=G_T{IP-a&6z{`!vn>Fp2L5441zlQGZS%9wgNbkRI z+jbE5^y3194YS*+|6WN|nG9mCfDRcZOYy$u?v0%GNCb@AxdWe9%1J73P?=wpGakd= z!NB7w5$d@-YupKz=f+yq+w_-iJ2B?lfv%EZ{slDC&VIYJN3s|{BWs??=+Q;AYL9jO zXdx=pK%h*bBh#g{0^w2Jo#tn=7?2f5$LK@)d&o?ULR_rI9EwCDNoy+%;Bqe0M|bx* zlk)(-y7Fgv5N6+ii%8LCHOavAn?&K8Pg?EAHt@MZKW-s|pm z7Cs3l%yydifm0yK!GZilr4o+b8uPNbb&SO6lQ8TbISPGj<8I=`*WEY zJSGR&_RE!+r>@UEBr%F+0us(A@6+U+;ioZsOG5`8tf^yFZw zVBfd$?D_x zk*VPXaUwT0ZElhbPfof=*Z7d8I{&)M?&epwQ#l01wek6{U%Tf*8nhAqY28a6NE0}+ zAezK$A(y_Yz`D};?l!Lc6pwha*Dh)mC2L}n;(A|5oI6N& zaQke_BDJ3aYHkWE=NZ-J%ClCWW;8R2#sdfBObrvE*@cKHGVA#*oxvQs8LBY!QMD%q z6;LlVE|te~Mq7i$9tC%vm{alD+P4p1B}$in0=Yr!nAK8Q5Z6*syBUjECQQH+Ld%Qh z(Br8&_V7l>Dzou973?UCjEDCpyR~)MhWy%Xzm=OF&6@JhwxUWxw**xJCyLi3!IY9S z$tT(#RS-1qoam*`c;Ns5U+|c~&f!pz0!MphbH6`@)r43Y+UkD_PNTUyTA5P7QH zqTsYNdL&F^9%n~{MXr~jrOI}rz`6GOefJ&P(7vSPpJKiw$(p%;F@TkzT6;55jcs`8 zF1XpRdu2#8^s1S}ET@cO*D-!#ZE22fiqv0KD~bzgBY=XaewHiLKek>y-(xC%rzZC$ zqY+nE>_!y{pR*}P3hw!7vlL|{1VXL!e?6j1FlKICt*qXe&B(St9_W}oRV9t?Mq*(k z$~u+&HZetp;DjI*Qbc=izr!fxtZ|r`^)4MU+G+5v`x=wm&$zA~rw|y+W#@@F1*}W1 zL&%xOa*g))f5+-S@wIhU<2B$ZVzjd$WeQ<9k!gDTQ3?iNKd#kO=r6s1aIbw8L2px( zcGejkWjHz_y|k(}vC6X8B`Tzv5P{klbl~G}k@xAIhv|v?U-(+L>?n@;Wp;czxscue zuG<67qA-qM&n=~}7r6sYu(?amP^TYS$B~%V9#K$FMJN{B{?=|^HCP5C8L>+ahKY;H zWt{L=oqOfw=6w`Y+Z@T3X&LQgXYU5f!_WeYU$iF0{=PK+yo==vAk)n}M23-qqwO}4 zkWzpnx-rZ=AXC4$#Ykpg_=kuAo3SZHE@!RjeTwZ7jxA3ub+~6#%j@lyN6)pk8KI$n z7o)zAd#c0b!IoF&g(K7qRh(rfV1MMJ&Y+H+GY{`3+=Bc5Am1S-vj7k2zadIo&FbNJ zDs##PeggR})+Wp8bj{Ve;V{V^$hDP*smV~}&$YO2=f(riCkAi^I6_X1%8vG#PxRbQ zmbz=^?OAflPYoEowJ(6bzzWX-<}8NRvuDp!D;|W;DN(gkqXG@*;)e?{jH9p^%!b%g zT;d&NbwQp2!1Usbr7kaK-?PEJ=Iikw-IMGP@wcPjUqj85?e*h^H9xsD54e-9TMiBlyFaj5Z zGbw5|rnX^daD%06t3iAMfpbNl(Vo!YPQ<#(;!lUuhXA2kRrBb@DMlmdR&_LpXf~rZ9Lj4 zCURul>u5N_T5ZCzYZx~Ow7FacfcJ7W70&#I*4N|AS|RK8&mEtv7+#xBK-}D1cXXFn z!<-ycN~rH4aRCfN^D?AH+Yo-Jbgw)Hqm*t)$fOga)-~=^MK5JrxZn||%hlVM=ROQa z%DASzJL_7ggIj(`%VqWg5UQW<_Vf<-P*D8-{fW9BlEzybd)!fJ7NsEJvZ$=q#Q#>!sP?5cIKRdSr3bw7_|eBJ_E!RznG6f>yaKdJujbo#Y4p*-M3{8ClxoI731tnY2{ zg)QZAC>Nd=W1*H-F17xX4j@Adx&H%`;c={wN9_pf)e2m>#attoj6U8-Tu^4#!=-hw zSYqIrS?7lY9XzyPLU~RzN>{h)$^y$l7Z&lE3bbWI%8Yg{_fl` zd9aFpLHP@ccx&fxG&^UyZBXN9IG4cmMuFzLH}8J52VBYAu8MJ#1jPOiR>hvZp|p1U0d$C zfvSXk&HuHezaZ%^2LSO;#n0+PHdBjznt)Tf?$xNE4e|^Fx4NKl_6(EH0hovYUZbJ_bVWJA0^ zS4>B|SexaS$xv_F1k{3 z8I(Bj#9M9fXjUq6xWz=YDZX>jGs6=17piA*WEqya@c8vrS;VBH!&|d;3{MX;{VMh$<+Mk@gh`!>Pfrq5q*3lYiybU-A}L{4WVVTR zwYHPN_mSU=+r_`tPA>GlZ8L{|l(n4V=NqpUbH3-iqRKLL_V!*nuYrgcI`)imeYB4* zNdMXrIl8}6D0ofaTG+1eMJNYOd$i8US~zh>a85_d$oNz?x}58Hv5t;9sy@Qc@}Po) zc=NNO8v>tG(Adv+EUmO5Sy>HkDzk*Js$ z1~IW*6p4V9Ci}|_CIDc6Z(VJ>SU zZf?0|Ch`3|>Yuo7LVmUL+Ku2^$xv8u9+z z`+=J4A+?o8mvmpM*aAfyWyYzAXK;BS-L|`-{zclVI~1EvmJ6Wobldehgi!d2Hjc0aJue;RG6QRy5{aDU-KuY254< z`+Kj34Dj@DYg8gHE6;DvyTX~bCVFF9qWR_n?Ok8W`7T-=sJ~Fd{pU3-VNR&HUBWhV zJ@-pjL&i8xTeVE6G1^`6QzNm1IHm2^t+-m7Ns*-2nyEkCs=FcgWhO!gr2l)0fCo{LuB?h>!D!d)kFxix z1;9U#lxKDoSl{}1$1ms!!aL#eL=3o6(eb!hZqRCMXudg+J`m2omj?C@xxT_k&P-#1 zFfd9-0~1^V)E~_|#1jY}%=!?yS(xV{ZcG2ky(y0eQYnbD{;CTQf2Al z3K6L&XZrUv9o?hXvzVzM9R0Oa-8`s4beAlpEBm{1lPgyGIzCg%N*yBsCO;P^C|TA$ zT1ZRGTOWsejyaeb)_#|EKw!9LKP-5J1M~A98Kc0VGB_ICB~?H25*<)FQ*Aj$65aRh zcMzSD&d$ZE=kUDq7JG;#k8b3`aIrT!!F|*B{I=!;r-=~e_RI%1M9%A?Q!QW8{w0V` za=QgqQ{S7ndRImYf>JEKAg$&cO(ts03rE;l*Wk=!eeReGcnzqFLWI z(K^iNZp(mYWa;iuvf5pYr}^jn@2tD5lSQZcN zkKc44_g{L%hxRBjJ4L~46@ghWPa@=)JRh5PP|U|FjGRS3kah~;4S^`M5dF*3#(w3#uVp@LuDD~; z1B7Yt+{IDz?R)`_JcV$VW|hJ$p}U0)j_)|GuzaNEGL$9DO2W2-dbu(Dl`5y`cWb5; z8wjiMnQ(I(87stAS#F~52#wAzAnSVz??-fMQ+zOT=@sK9$0!=Fdxp40@fT>aG$c$iT4w4w z)8o1+F}cNwF42izk{=T~!+`Pb`uIJ9@5XflaJvC(w`xF=!s(J1C+N7JtcaW#e!6PZ z#SMBFe)C)x!CneapVAOOx3O_D1qe%iIs96Ir-Qjb|0cE6evd(fv40kTd;-aU?vZG-Fb}Y5V_mS8B7K^9v^1nH$+4g2#(<%M*WUSml*jeU=zWRW&NO@ zCvIodU9U$3B$laIfp6(zw`n7o&?2%1=~d!W3WUy|`g8^6eGi0Lhsy1{YQQa;3k;{e zy4Bq-eP*F9b~;it*GT6-9@@AR7@R9#ssL{(f5@qFZ%50?sz zUD^H)!r_}8Gw*#K{;V5nc-gG>*iMc)OSNpdk-t;)F+FYLVeEPE!GM1Iwpg|1a;)lA z_R$TXP$<@-$R7a7E4W)nj^25d%H;OVNIUX|G3kuGrvqqn4s4VLjocsLh^`C*Z*99d z-H3s5N);sLEy5^NJbV!M72MYZvsxVM7^*A{K#|&%yj53c(wD2Z=HumpiRPL(Smgh{ zWIL_d+0r5%bLm32H{ag*7&9hjylC@19!*sZ_P5QMdTI2yr2bfakZSqKS_aci33#!7 zgiZ8utatW>A7Xx#@0%&eeo;%;HXiFDKJc_%oaTBw)|O6a6s>aeh%Rom|Ey^6OZKAJ zKYVk<!L{G)OwGH(I`5>%JqbNtQo`=cy~e@#$ZZ5KO`S$;gy;nn<$cG~}4Ta33(ej_WuU z`hBJB{p&DXx^Hll{(jpXYW6w|Ha1=-S{5(>px3n{!nk7GIDju&otGX(Hq~K+c-%D zr)YqoStIatH7TvFo$_y~KKR0V&?GOg%b;B=DJ3OUd|gmbd7_)_XjggB^UWat6bM$8 z*OyhAP*#bTNz9ECNyL=xFc-5|eO~E^o^YH(9%>dbj}whnuyU$#vbizaw$M$%tagpB zaa<(bHZrQA5h3!jO1$vy5SM-_G^1rnwn7UT3gznms-I9l^g}~X5hhCgwYb<)T6oHA zJJ~Dct1mG?#mzvPD_$)+jo^}Lq^;=j>QORZe-k>SVSV#8BxlspGGwE%X($P{5}MkN zXKL&1xCohm(puxvD|Y2##hHvlYioyx67Ush%2QmFeEE|sq+@Y9)bTfGH1QvHkd&O` z7iPgP?y+$N;;)F6jUZ+nCODWh&3=FPI14M=(m^pUTCrz-o{C>xu;%5C#PHU zRuG8|4qYUkDy6ukmOc8;P<+F>+ee5uzpvN$Ab9N;^ShD;5#uucA>|#N4*;yd$cdRY+OcCyR1xO#62!-9_o84GG`Ob#VzELHT`X>7-OZz1HDW(FyD zY%_0n$lTDdByNiF)nG@<@L1I(8{zZPL<)+;*(VZXG-K6#vXnp8&I-5DR@i?Y&=^Wq z9S?r|Y`WY5P*15n%xQ%v?lF#+wTwE)dFgPfQ$go)@=U343N5iqTJNtxl)Op<2DR50 z#UD*?p2>#-kZ1Qwzi15dHz?r)7KHbCEeo95RiW66uW9=)qm47n%)_I7x8Fo6UD_T+ zbLjs#Jb0&@%x=F__zwSRXiiG31QMiOC$OC+<^Dfe>`IzlGzR5BE)->wdnZUt!GUJ} z7n%9rG?a)_FK{$A_FsZx3zn%|02&czh*`=MmwRa%kMMjCw* z(jhNvW7$EcNqO4Sl}UNey{Gu005*={rnhD-<%$id-`NUbvo)u2S3aq4OuK@@!~|){ zmMKjy(=_4>Ks|>l1-KZR;M5?O;!f<_dK17zw5jta82{0}P zqiS$H2N`_wj3f4vyH?$9Rq))bCY4s~RvO9~;8qc&H2x)WDL>RPbF9Xg+UIX#dh=^H z4zz+A-~ZC0CZ!>!AM~tq=(g<7!o2+fip)j!0!-Z=PE4%;#KgpWZEJ7T(+OEMpsE-C zPtrvws;Yi-Gb51FV2rUhjA$DVE|h@R1~sSnMlGC?TW_W%UmaauS>yXd+62TUBwjTG zq_Et*QrrlI$DnX|2H_^B2e0HjbSEA51jKLCSO|_CZ9fh9 z_<3!*>@)XcA&nGQ^fvcBvKi&f*IF}O10Jc-uWkGwe(*3Dl>M09pM@N>u1nRbZhxxq zGERP8udp+fL2RSj8h2a>jed0_yF3rrQH@tgz27w}h)swWcLH&8*2CubK!3YBNTDF> zT6NHojqSK4`(Bx?81Zp+9j)h54hl}B3o#q!)16P5zI&1p#*VYwC4pNH!5&`?R|Ri& zVuTELp8d#eP~kZ1z+_xzNg`TX|2b?c@JPSy7x}L8Vf%r5c1A%r$y&xU@!7dU_qc`1 zdURKcO#vP`u>@M7LC1~<53*J;yHGg-i>(nMn(fNBo&X9~#&nbIl;d|xmqZGYpPHRH z4;gFG;aeUco~C%XP$Fzg_072#%M9Yx)Hmj&;Bob+-vur^0RKk)(tqRNdrZ)K@eq%Bej+s2c6YN= zaZj|adIWmyIv>m-Do?5198Q4kv-GBw!&s{Pbr`@>o?8?@{uymha3TH=2%9GJe?!5QSC^ebMr|Z$WF15=bMXT%m+V%Ja=9# zGkgc7VQJhFW^T#zpqi_d^L|+ z>FQ-4A1dR9*{sU=Lg2zJwn>%qoS$9D7$eIq7HeDe+0|!mIjtj9gvmnilWBII>iYUZ zeyn}qUP$TC5WeO#?pu>q+@#`894ySU`Ma zT+0;)mb?A`i-K3Al_^1aRIhh#E?i3^mR?Vu<{RSSAK%{&k5C=>JC|^AuN@r!6dBCr zCm@FD!*yBGKWhswN0q1APVqCUEw7~5Ha4Gkq*QBUp`&D1x4~;bdlQo1RdrAIB8w!m z2$}EyGD6 zY>puFku#25_P%d^PY^-8P&3P8#tH@Ogxvtilvm?tJ9I}Bh7&KB3n%es1qRYK`igj7 zr%nG*$qb5>A)~XsW}!3#!-Yjt2u$B!ekt5JC{YlnvL`f@1~+5f=H4D%qT)7xTxmSS9aPT{CKP#Jw4_9956$dvA1z*%=*Z-0K5q~OV! zz-O^pSus9skdmwP9!bp>y(#A^WntwNVm8`UI$RHxX+kT?mC7`9DKQ`W?^rU{4a|zh zSMAW1{7xgPPKA8oe#`mm1-Awx@#d7LwKh9af&OrTCI!*@Z4>fiH5<~YdYk2Xc6mTr zTS;pplR?8mZ7Ef1vDa#KRb4?SHs;WmKB@A$D$h#|HdkQ1U2|!&)q+m$KgXvA7Ys?2 zr{om_A7WSoT{cF$O@CwP`?KJTe0YZ|D*yK1&XyC__+Ht$^<*l#*{IQWROWc>N3&6F z5q^;OTip;D{;r?KQae+W|8E>J?x>}m|H792&-i$_HqsP743@2(_$KW1_@3$ki0&Xe zm^#vjFqgUc#^_>|7jtVfFgN#S*_MY>P0fg<-Dgzw3OJPXd-^b(rvYm4;h$%o)f&li{}T`!e0Qy?b|^MDM$XBa_8FkSe_Y8(py6`y*745NDms2JzlY8wsUx8` z2PYOmZ87|Ht0ZOvbAVRGL`k1f32ehMI|_$@V9(zwaAw64WBzi7S=o9a-E^Fc@Sw6f z50BemGIJbEQEFqx6(0Qq1hQQ%(F$i5i8NS@krvqw0;*7Q-7`Nx zOU{R2ytuN9zY4lk-3hm(d;Uj*cipf z_RKE_RWn|buHSqjPZkFg4AdQ<5P@St?(eHbT-kk}(d=H*iO2WZ5m9@kR0w$<)Q)Kq zOLc4))M7`c+D@1B4~kj{#*JI;2rKL!8~%LXRnAX?jAf9KvB4*P0^7;`@mgMVh4lYf za3sG-)D25}_xqm@y;YznYBfO%BjOR&mFC^w@50B4tS^igXs*?D>U}R87M*LEObkuT z^zMV@I_4D=h8g?&F{Cy5(TdIC$vZoMDb5iOo{??RfkCE0(gLT1T|)~6fsY*jPqI~; zU|%Znqd`XowhZjInLMpi_nwWA^biRdnX;&k3J=%=85!4hYouxu59Q&)m@MmlcA4cswDN2Es64#IaXRI`dNw#!m_-9p9E0FpZ zEFFZkXHCt|DM7$q9JJkwJ))#h%r&?h`g@Ew;i;x2+}lbBP?qGy?PM~j zSl85cb<=MXn46h{U8-7=P=(rN`Ko`02&T)6s>6$iTTsGqR3J8`Py;D}{-qnh_Pjk; ztg;kYM0`eI`om^2PTx_$!^i!JurEqg5#>y6&G!)VaU+;1XO6Kom&$$0wvDtpo!yd| z{5nTog3qqPhPaDHG-37nLEnolQA4poKpOhx_AG=uWjs9Ehaly$d44KekIM(8?6pt^ z57rI5+5`VnIoKf~%_l~&T_$6M<2}AnDUkhsdxlsx>~6NimV1s%yL5=YRmWAhLC_vv zEF!^dHSxI*1puvWNKjmx3Vp4gs-GtNlbJ!7SmJUfGtDRq*NynNzPwA`i&IG*P`sWO zInQ5=aMi7xrk_OmB26DfL_FN)?G_^T6u$4<(rECa5C&Rz!s!!p_&erOvmTGX#4r(k z0CuE0R!XmL9qfk#W}>Q%3t4?1ePlgt8Lt6^3LQJ01-&yw!rE-L$p9q-AoWD}diPzb zo?(XjHuE7cLrCnRrK4+in`u+xzyqR;% z@yc_LXE-t;)@WsqAQH#%$FBdIn5F4t?A+(JL8xR;<2QZDYc2xb>eS$9IYRae!)eQg z&k||~BzSw&c7`Rr1ER`uaV;wlTAaQp>>SUde!Z|&?z~Lbl^!Wa#gHpe^R)^$ z=WJZEHZxuIF}EigduHQ6oyYHVqa~=`V!CZZ#GC5dSj}^N5{zW2?od9KEK$5@KiS*X z@H^$ih;SQEWU~*aL7TD`T`c$hksl$Y5%KXN%E}2=%8zg1;Tcbh6Mr|{Lr0hEu9x)= zZN?{hqMO4bw6?j(wm;OAbUh$Ove*UCv2@4g_TZfgXCNId_`PscLqd_ht+E&{3q&0+ zHMebW*p~!4Dw(Mh7>yOMdwQDC5W0b^5RC;6g@5AEOdGb^J58B>@h=&+l2vkN%QCRM zM9NiosBv0Qv}3b_WnXY8q4XScWz8_%b?~WM&|z^|pUoiNqyYM8EfGTxAR_~j4DNgo?jR|=p-pF0 zlOD*s@^(u4;yvO5BulR`ZJ#Q7a$p9`-Gm+O|$%y3x%=x&4q^Hj68NeY~;;q zD@bc~8<~UPEym+&kb%PwRO4AR& zn`14lCzvjx)wZMUavla_mQbD}aeD=<{~%NioK4E@{|2a>?=3FJI$VC%(vf zxvF}VqLX}%WFh%bb5+Jlzhy|WP*Bb^mM$c+Fas7eElC!pHv1N$GR#%gv#R0_T5}0! zO)oAFttM6~UG;;R4tf5I&m`T|CUd&4&%>P{dE2aFj@hdK_Q?4Ei!!EGV-UENVS!1%3*$so%8v5ysoCmGaICWHVFHfkSwg;2FW2$i-{~|hZT1tE>(^U0C*|Q;x~%OH`;oF+aeHS) zb)EBz|}|y564eu9noP9jHV$TA-~p z55wD`GL6xm?KEA8{N68bwZ!yLDBlq?f z1E}?>iKU-XV`^ykmga~Di{4~jo9SO)yj@s&M$>9yhF#_UepU}18m{BQ$IqdxpFYWd zqKP7T0nMQ{g?;FoMGa@Mf)~5GAL~@qLJGdoJYH&T=xm$wrq=(oOMCAIUT(!%*`Z5% z@l}j_G|E})Y`BBa?sgFlqAU2&X!0r@=MT?Sd}TTWT@hwm?9m)fX8MvDVvlZ4&aSQv z-{e+)S0dTeypKWEs<$OLY|Ke@e9bESs;QbJm8c!oB}nSec|sbTM?;&^O@8Ey3({u? z60(=Sgej>$0+^$hK7y59M#z9yLig%-Ot43HG?_6mSM*cUuq?-wjj8IEF{jryRAyqF#<^$?YGD6SvY<=Y zQtyV1nw6D+tYmzP++kdiheoScpM|nI_x8+8{FgO2U#4evYEG^4OTT~ynp(h&c=-4{ zt`d0e^uVl%jPTFT;j%&dUG@8Ci~BnqTi^bFzYwJ+{hrg9^5e&Bx$i5sj@Gra&(fI@ zm)RegY@dHc$@dLP7U$4DPV3uqN4l$%-cghML*cLA&VI+X33GCM_iC|Q$l)s68ggcV zBGetFq_=XFC#UjgDFQ?k4GY)Vt#MbEr1wy2UzT=>ni`MbHPvaMGBr$X_g3v zBx<>_^DQF!VvYF`w?`PLkx`SDJ+;&I`aNc{YCmBpDbvPi#e=6}t7k6J^UW7M@~CIb z3+Cv$1gpoND_j!TN!5qKl^-07PSy(U7v*FKEqJB&$I7>*9JgXJzsQz$MMXKo`Km2_ zIl*fDl^S&YHJ0eP==y2;NE~`wQj7pnNtd~I%#o3imj}~`riX=w3$%tz@OBkU=KB4> zmZ;XpM@omC>Wx&3cIBj-LOsx8TP2zBnL-`RiyNs*fp417K8SU32YEo!s^1 z$FuQHmx;c&NDbkNL~Oqike9nRk3CUWVwWJEkawMgY|ANxol&KHyPc>jJFCow6?W$) z9;v`&U$sr+g=WO|6Te0(9y0O^C8CB?OgbmWY$g0v8;5kRBRH(4PO?$RkB78kEmoe> zCH@&=j^OBIY(M;F(%Z?agbqI#_Qq4uCmIiU8C_Ab2mD$IvEtvfkJQTD-Q9aMG@TVS zW@wXa3JQwcj(S-k${~Q;ruq}NC8ui`h=P&UfAE_tXY47z0H4|jbf=5#ig_=2Bz@h2 zIiyw>bH#mQMJggtR*UVTQT~KzGg@JGPfBVV`Ua-qZLJ7-@?J6Zo&A%JqQ%0{HF_Qc z7kd{t$<~%p1q1~-A;^qQck}4YrpB@Qn9(w_l5eP$Ms)XsuFO{4BGBRQI9#39^$J<@ z`ggkGRwb{9Zuib9a7y4!FD>O-3u;%Co+!6%22)QpsZ1&0f$KuD99Fce z1N9`fIq59U=k(x}rdpqknjtkSj9IL94zXX+<5H$h;BlGYg;iZ@}n8{fp*^epQlaZ@BtQN5I_l`;?w9 zkdla4moVBx>~gDqDmHVpiqQUc+BtkzYC;nP^gER)aEDR6SvW05SLnL`>NhKeN%T{XvmPb^%U`}^`Is_6`zNuh&#vGRMr!oyIxeaGVTCp$Gz zt_7Pz>`{Vub!DN+gR1^pR|$^(xI4ZIt7$H_<9RYWJ%%fN>YOgv3S+#ZK>LCbs_PV; zi+*XUlFp5sZhH=Aa^lwSB07#mh10*Y%z?DLJO-RlS{Y+aTJ~!t>Rdg6 zo0>i~2yHzJ>v6t!%aIs4Wyg8XXXDsv=L8orShT8x7u$m>m3AbjD~o=l>ny9jKGpqiDZvFlnZ!i|QPLP!q4a)P|H@f8@JA zC_|QSXqJgh#kC>{GHYnGcS4*YJYZTP)>zE`6MYG%&2oPsmBGM4mbAoRCXOlyHAQ&p z&;v2udfQLkBemL~{ZiicnBM2^+)4#LCwp_Cf(SW1_~WX_1&$oCYvL(Z>BeV4AFJG4 zX3u$wnJ1R;=b=Su@$yeY7-fg?^tbm9X`+3lL*-1h+m+;?ep;f&;K9d`(pCrvd&MO- zE&ho_uOcjs&)u&#%{8`cZ=*&5P`gxwMAy^vE@SGJIs&0o!CPZf6@f@*j^%wBq4Q5M}ykqq&|Cc+)W2RnS5hzZ)VaeKUJf@H6vBWL4!YE zIvgs@s;9{a5<49cpH@1Z6Ol??-;soergfOEo&e^TRu&fKs^v|U*vDp>Hfzq;SBbax zaa$2w(cPWzm|8%!puOxRS^V46D2=V1_~!fkIY)7`hroVx=f}rVWzV&;0+dQ#NR-BI z@T_wF@L$txiKqBz4ZJrTY;>$k#OCe*>R9i!;P>^Vx2sK`NHftX38OD;I2?_zBY8uO z4oXJ`RvH*uxg#^PC5l$7UJjC=JDsmH`uO=xG?=R`ToDi4?&dM2N210qPev|ruru?V zj*M+;6`n%p@7JoP+zmWuG{mh8i7r1ikrHmvm<>m^_8%J4YpGfW<5L?_`sUv8K3kB0 zJ#NFCZ9NTS@zvPez|3$_R9d%m)YnL@bhlw0FGtIb+HZzHd}*t3o}+ywBRd$e(QbM$ zo`SVHxdlZkG^%XzsKP9UvqzqlV>~~t$ZcRwn|V?~*vJwqb>MAxh76t#x`*y{s1il6 z;CJ2Nt*hO;3O5_&v#^`_U)Zq1>Wh>x(=u_W9SK% z*|;OMr}T^$YHN@tZQO2lX{$opgEH@oyk}AwcC>sZwr=cHhCE0!3C0#iCkr%>G@UIp zhMdk~j2Zx)1UQ1zTES=;Bq(}mi|vN=o`NxpqAe;p1A0V-*z}vBL}4`dE)>avkBGrl zZ>oqpn}}yGCTnf)w8xovJ*{69v_5|T)g#FvOI5gEQQI`~bZx*4CNjGc1$#cFiX`pY zZs=S^kK0d6+^=K$u-9u^3H*2P%ql{wl()`@W_`y zhRQ-hA7kOo*%|d}nahcd_AWTF(GJVID7@U{4pzrEDEMMS`M%rLtrp;0Ks>5{Jjw?? zK1#bgzj7Vd;+1ks1l*S>DNgU7tBM~myB_Kj-S6Qm7TqSQP&`0V88xbDo*=K;K$MLM zhQn+QwA0hO!uP6ENt`sC@q?RMG;4YFne?S9J?xg@?Th`O^thNg2cH_gw9)yl2~Jx{ z`vmZG)|4Yl!i4(hpJ?T^_)sDukTs@hBrC_^bcB%uju(SdY3555emu={^~O-N;FXMX z*8Tx$`bc_1oX78v!g67a$(f%aE^&L~-)ciu>?Ey>+^%|YCmH9HvL<_}?UC|GV%dC! zb?N~|^dHe=%%Kd%GpKo*ozG>lYz6ZU)~1jyLe!k6-W7GyBt6rwxZlu5KH0Y1=~Ek) zV#qxF(gumlJh$zFJ*aDwOrK&qA!pNO9^5##)uHo@MF~LfG$EA@#BsHFhKEPT;VTgB zfy&(n6?u6<3kNoMYcUL!m_|&mnE^c0<>{{stm?;Y_gZ)ATX!>ymf$=3LC#1$i$uJq zn?)Yp2YdGTQDWVG_B8MaH~4Pd|Au;MRZ#JjwnWQ%r`An`!Hkdw*t0bx%;HV7$MZw8 zSSq~!<--Vj<(xweM0|m&da@KR4tLlucJ-_s?w1AMMzS+LN7^?x5l!UL2ZQ@oeFy}?sX9J#3IdA287GlAIN-8Aqai9IlQK&Hphk7$zWGDT;Kp|z7n#cq1U z@UbEG7No;nTEk0WVmXSYJqiOuz-1S(v=kIAageeW5b)N<#-eFe^n~c|6hV1yZSTy^ zK~;Kt0p<-KZ)n)d5su$f!&qSX&2{f0Rh)#FLMSJUo?&jJ-8ShR*32A!sFMpzdQM&; zr_eS|h!hUw_K}4-UY|Y;_wkG)iL1BV>B?hL8L!$J-v2Tb_xX%P71lZFz|_tzTj12X z30P0ks8qVvS3fZ0Rv_y^K3=Z4LZ zR+&6oMmF<#HL}^7mbh8-weS~L>9wD9$7fbp=FD7wSIh}8N^*bT@nM)EFbiwkLTNax+Ug44hZJ!cR7i* z+-j>pW{;&i%z7L03tC{&uIecT`v0(oQ_c%C@=hu1e-KpjO~H|3!~HiBQo@NEt0OgO zA+R^k`QtJ;@<^lEZ*`_*%R|>zUbOy3hZ^qj1>XXsH|^wG>>uEr5D6_oh0p))clEm0%~xm_c5Y*BMlqc;|ycD4OPwBDU%nG053nSyylT?PxJY zAZsnRj;kQ+`O5z;aME?TW5@)dooax5bIIZf+%4myMVEL-M{2T++VnKQ4XHX{Aa|9M zG23okb?bbp+v4&yIsiTHEw<9f!5N%)w8p)&CP`^Rh*a3I8VD!egdX7-o>Nt8sNIb= z(qGI4KW~hYlkACiJbT<)v*u;pFg`Aq&f7E`k>Nzxt$(uR^-OHeLz4vLANIHYI_qfA znK*5I8b)0m*-^+?9hJIY?#jMDtj#SO!bg5+isKdthp|Ti7Z&i^ zqjJV!U}4!DOi?P9YHEzkD*;}xnJ?(MTuYFF_ye=wNNBw9;MGrioQBV9#~L(gV*5LH zVI>G~VF{h)+ws`U z%FDLWr)ir~8H;^EqCisC`*&J=>~Z|wu(1~Zq#DrOfn@tQe9-k`KEbvINVD3nf>zPY=R)k3*`_Vmc(H{f4*K z88@A8BlGU8?(O1^k#^noy%L1ipYRmEL{ypE&wk4B_2>YH8P~`y~=c)$pP8d z2cf@A@@SdizgC7$r{W)){#S>;={Hge`8DoXj=Ly!CK@d$`t_-dzc<(JOJjY%9P?#v z=!lMhRpG(#CPzxJBG)G*LW_|^$FGg2>WCbyxoA8`71DCbguOPDS#nCZy($PT|E*JR_$Ugi7%WD1hy{s`m_Ucdr zG%iCfQz01731g9ygPMj%ue0vH&!B|`pbJ2a+fni$I{nVDt(VBuGfzW~t8_Zkty&#V z;c0iH6~OG|&h7!f=i?R56v~^h49@kUB@a+hR76FGS=g!i$jp{>$o?vV_s;!Asi~88 zb+$;Q#XK)pm{XdT)P2fmg^J~S8w3ht@RDXjN902BA8^?F3r^{&4lW* zxz$tJ#pCK4dnMu+K|wZ@eY3jy1;xFLgyC-JJL$8R5H9IJ*Xr^KdUdd%98M zPgz79MkkXd6@NcG60M}u*k8Chn5i5EN=RvUTh}#Gbu4Wi7hZ zs4Wj?=0|m@D(Zg$b%FEU8Oz(9&+2C=#xkcCyk?KubAPs!Qc4RU^a^8)6Bu7(-k1QtEKUA;yVL_)7ke)t-vjV^#5jT7lisv zBj?i-fpx+5@^W_817}QBfJ6Y__1-zW6*=AcTez@TL2b;et=;$dxY9x4fYfV;>N@2z zDBj=|tj2WcAQ;CBtBg|2iYx#(*?mnT(Sc$G8N-rZbjX%Dj8MBqsBIV=7X94(;!+wJ zm+2Z;(|J4gVzDxuIlCTn{qF<{MbFFED*fkMda;rOhuyb@5g@$w{k@8Cb@*Dg-#|xF z2cU3`>ymWDymqvd`op@-$8}dT9N;=pL+xez^fV^7`%5LA=|dnUVo?#&#uEN;djQTP zs{*Bp7(p=4VC)27*g{aTI>+T!wGMO1NNe)@HeTCU!Dxlic(~g|Ey__E zm=-^iE>1HGBc>$!|^iQf48YFkelgJVVrCXE7TS zZCY!~$Q_IB>S)bbhmMMLAmv^NHbV_3Cnx!-JHBssG?|(nVK9rCS@7N-X`ds>(}TmC z*dvvnxL3F7e2#i()jr8djzgaX5bxRZ`Ua^UFUaW>+UoKVXG=fYB2~DB4I*Q>E0Oln z{Y+Y;`(C%Z)J$}tHRi6DW^bmI{w0d4ZQah*wiczTIcK~_Y;#4rJ5g&>U!p76`dIwJA-GiF&)Z>8?ZSCzpJs$59c^BvA z#u^<@5lX|OA@*a+syg4~1uyH3CMIOXS~D=KgGHsdx>L#g10=+-b+fFPd^@*|^~33C z;}4dyE(aeH7)^=Z@5)M!Q^k)G?HtbA1`Jtr_wgbNApmKG!*cZ^F zD9Eipn9-e%2By2`t-QHkz%*2*#Ups7%HXDKI5O%UUK)2yMoB)bega=Z3=iN{@=mct zzrRAzIbG6HzV1}?YPin&_Cp}Yk%jO+sB+c*Bhxi4D-5A>KcUaLfn;`Yp1h?+`5E;T3c zHzPW^m4u?80?F|0f)U<-5+XxO^cJ9?tMdAnDY>>sXDFofnpm4+T=RE$paYnV$Zvuk z(nLYkWXMTVofjJjJ4JjtabQf6U3;1beMe4CB?W(7Pcv;9^*i{4Uz8hN12Rr~r_bM2 zoccG3p@NP@mceteYFGLJnrO4%i4QT-?o{A1K~SkoZQPS`q1;4`)ZS!ga#5YPpxH|2 z^{rmg<-yP1D`1VHUowV)gZbOIk@m~C-ug!#VTgv$bymM1hpZHHo$>FqIB=|!62Kyy z(L4O3Ge7sPX0bC>LSQA-=vD2A`w=ah1TDjt-CErMxGHy<;zCZW#^U}q83BLuA=Lqt z>D;D;QMmh!7o-9YXUzbteEung9aq`+Mlz$=UjdSb&JW-=Vc z+n2eLiEU@==*sb@Lv@D2o0ifFxNJ}`yQLz)us2j2vUk2T>55_Ns0^NKEM;i2w)P4C z?{;~AS*CST%Pa?r&{|HK{&(NG74AfsMf#v|wRGDo-O;Zh@z|AXP2|h>_Fcz*rSMc) z2K5Dq^=$vs^R9p*vFY+&525yXNZ@gZ36~kvLYBwi3dXI%DzU?1Lz?w^-Na?`c2ihJ zZz1cMe6<$F!$awm?4gQqI2zS){kDP~hfC*0G(`xOv((n-?{I##`5r1a$p!Jr;lJJX zE{Rrxj?;KYe8!^_7)(ejXY|KPdKCbwhDaOFxjg*wKa@3-nF2_3dzqdxNO&5}*pG!T z0cAt9H_)Ykf=g2z)v@iZ6V}O0kjJ@>ackZCUzLT2lLa09)04P-MQJ!Px&H$$QVs-r z?EcK!!#!yCnk8l#bZ&|Ovw3klq#wE0{yJbdE*4U!ayB;#)w9_Mmnzb1j`Rl5eXk*BU6)>Y0*TcO5+jthC3Wno%y>NF0i{#5r>D?8Cfgw6!Q{j zH}@w=N_DA#zZqVc{ZZ^4jBe`*h=A*)>1SSFuy~+WYkIGpp%A zO#3S}YTq+pGKbN)FbL$uQD#r82-Mv2&U+Sa)dcRXG`sH46ga=V7KepnFVb^$aL+|D z4R2@JlnwD+fj_PvhFmUwgW%0o+MI|l!SW4ex9}_fIx&-`;%0+5EZ=Db%Np@-`O(jV zj)vP-Qmn?cfIqhZDf;WRTJQHcBSb_TI>yD-idIYGq9^MRAGzTllcKTVA5YXT>EkGz z5H*mxHR|Oh9x2K%J4-n;j(fS&LP@%e+IoZ~hFW52G;8B~1c&qWcCSA(mE89*4imcxH_={Z90fJ9bxX0Q$GZ69~R4wv|6rhsEuOs!8{QTIJ z>ZIiFqn_qfsRXeg@+01gi1s{x)(1r+d0pP%%ElgLY7bYk@Y?*mYC6bTfxnP>BHQ#+=&R+j zTF1`LRT#A_GHL15DvRY{W0^P~q%LHA~798}RdKV>&M{3W7mnywvB!~+=u zFD>T0^h0Bw{x6Pttasm1lh}g3Gb&=meM)%AlOE0^OQ+BmiO*B=8 zqtc2X?LMu$!Fah7A2!Z@Rq%)?uNVD12?SQNYL3|RWIFxK$x1ME1%zuoJ~;OHS;)ys8alY5hMui2krtB`5wYOgDP zWsfNAjn9iKaX%2SdF7?KCXo<&jU{(0apR+JD>yjI7i&!CmTCmE{vKj|jFBB;X5rmQEAabc&5u*mhtw+Yq=!Grp?E%etK7 z=HA4Zi{W=~2+?ta!mEfy%r7bj)-inDWa zDD|Cf-9Z(1c7Ati`WRH@$+^@i_;z0x?9Y_$`JSq6N+d5XB^qN3nhz{nZaU?!#v+miL#CJq zl)~+l4p<2bAXSIiQJ|z>+2oq?VKfhlxEq`K95MaObT*MTGMyiCHs_RL%-_eyVvP61 zbP4LOHsFev&d|n2jy`9r57DyZC|u~omgZf_zv8x&yGMdPTpV&Bk)8Fl*oYG*W z&-JI>(8eH;FOj`s`Zw#|1KV3HB(?J7jOP&-*Xdt#9@ac5^Q1�RTExm1?_;it{O$ zZJRF@Q6QR{LF`z8R*&M#EAt|rt7Q~&vcrmsv(Rzz!JZ6g!J`9ZV1K4YW=mioqxkLp z_P~PoZcNeTU!6~`dfZC7^0t#~TZ0x>w1<-@-Tg1+7OLvCRBR4@Nh8`?@;p~y?Br6a z8A!^1;dvd)cjczx$V-? zIMR5Cov62NmerWjY&{>iL3LEXt0BszftSHD7yC9ss9M_OW~tUaJ}>3$Xx>z?+34)o>^u5JC(_Zy39c%jg??sPG1AW}lnJW?J(~7r?)UP&j!B9_ z8XZFi7+(7OLbW4OVtn>kixFYBu2_6&`uJl3!iwWQLKNr=a>!auVef`BB~eQ6qbOfL zOw@0_^Fzk(XRHR<4yIDRqe&3I%E^nrR)W@d zC9G2b|E9V_M9w%Um$Z-x)hr&8LO(7deRoP*Qx#Sf`>QM`ap`RH1r-*Gw9|b3y9u_K zb?^HPC4+UQVnzSFcw*r+hb2Cn7okmrb$G=N&DtK_B+Avu%!TfCSwS!}u&y+Oul6QO zQHKv3v1Z$QUOFm~c_1$`*nOr~zrr&+z{xDAEC+o06cBMAdWL%Ok%J>axWk#?ZY_%k zsLk<{uA51*bDGQHP%`+t(o%>pXxYtZ!3GCC4Kxtpz&{tjrhxsF_n#h@+j<_G(7AbJ zCECIrcDz~$*p%XKg^G}?;oq{vr;iuTHzzRHIgR^ba`VNiMVH|cBG1Ej%OYD_>wK-W zm%0?-F0xIdBLjtB!3+CJYK71vS@^$>WMh2=6|r}A1KYo9xO-XK{W9$<-!dQ}hO2vA z8t8rbH|Nxo`VIBEqjLx4?W`16`+<%EKa0iv}ToT3*_21`0oGs@9)tdZ)D} z?Ml%01sRUP9gRk%!l!n{1@Vg2nEY?tTm82Q^clu#@L*lbEjh6i3atj1AIf-v+hnkB z4~XcO#EGZkmQ1D;+W$`^bA;3vIjwczAz3|v_eLm*Yvm=G`6Vm`?;Vk+dSCkJ?Typ= zdg?8X#Y(W@A7iZgXqA6smAOl%lNR*r>+89#7d6p;%KDz=I3~d3;kWi9wk!?k6ffi< zt{11A!SHI0em8m7J!-!pI4Bi%k@rsy?T%Q$(7bJaex(ZUneeBu|M)mAw43#jnVmjS z`yWdfL7PS>Nfxyjf*D39J*V1VX85NJ;IFt_hE@gin|H4iQxg|M0^@~i+IpH~{zlT( z!a)ru>WBBr9Bn(>t*&VQBGUc>?dpO5EGhW&SN!9f7h@XppV8^l< zmGq~-h6Vi=3sx*BxFt7~rc$8?|6BjNzP{c8mTjtIwF+ljGZw!PqLiZg&GRMyh@J7G zAe!M>oStUE{ZJ2to_~US@GZv*2Ri4ceX?W+GYI@G$;B|p9~4!%;>4@VAqe1ty%1t*CqD&%5L;MY4Yx_|Tm+ zh`or_tQ-Lg6D!q#`k79D1BU&>nIdJhmgY?zJCsj5z$mrQe^lZ?FLRwK;H67Y@Dw|{ zI^#e7d1JVx#3!XcD*8q3`@gI^p!2tbb)M8Kh%@W&3LY`eprD|w1?qncI!Z0*&*w#P z`)qCL+1T1jMZf&VpV0b?KmV!j>L>hSXU9@dPym%Jl5YOG7to=xWB>I9j&GqolJ)fT z5-477>HhQ0QEKhab02@e{M3XcIz9QU1|9bLtwef;sjUc+g>i7abGV>QZB$B%6hA-o zGW?0e-}eh#PscYuKiL-Y;O^9zgRBZ}K`SyZa<=wC(r6vl-;V|*+(5OJ`#p1DuKf267L4I(0~?t|0C<2%EJ{b6oP9ORT_t}|us*DE`~ z>MsfYp|P-rg~>($Qflu|^4H0n=beu&W(n#=i_=+4&L2ecp4^hh7}=)0(}e5CN1b-B zUyBKCEqneW@cWB*8r)7}+z{P(%yDMA;#_8(Tr5^#dsr%UzXE~$eib9lFele8!Zl25 zAz%12tQ1(VFt8{wu&8uKwcf11y)i!>Xo6eX+s`2*%Zu3wCPA@tql^>3Y;%SrMH>28nHbOLXVA6I)A@yc%&)mtN4lwz^wWe#> z9vkv1%EuhP`4S0vY}Pz#19tqE6dH>D&r8ZbS>t!)iQ$$EVp59_8GyH65vZFRpL}02 z&aH1HqA&J}jb=4Ju2N3CDMZQ43PwgQzPR1gc{vZ`YZlbhk&s5u%-6C<&kUdL$a*FT zr>2t?g~NUN>gL%klF?QdmkkiNTbqqe)?Bmb#b26b>HZp-pjvq;g!4tD*ycO3XfKwb zd8fp6Te>q(MEdhKR7Rw`eWuDRn|>xh^A*O~W(fz8x{dGf{zU3O(g5@!Q78d>n2{99 z?0h%Q$tpK2NJdqqZn)hOl^EVI%DpA{9$3sN`?+v(Y;G0L+>Hos60z_7!{viqj zI*js~-k45lWt(iaV}*hzc5*SSyT0}X9%9G_oE%;`r?QIt{0E8RzEVk5Lww{JeYC}Z zhPoj4ZHq2bmb!o{hfLm_M&HWaPY2ubJ16DEp&T=y(%`<%Uw8#Bbt>!h9^pa5JCfH5 zaK#@Qe=Hl?a@dBB8kno7!^t%Z)nCu{@zW#NqU);$xL^)`@y=2uZifAKjF6y5HxVy1 zoK=Ms>CbUVwd1ByL_20oYlUTRg?V4b^6ZwS3=eEf08^`>VrPKFz2L_JFHH!iSV}fZ zZ?z~*T1IB)gvDef3U%(@j%QZ0#5;ycPKm$_3}`?Ku!F3udjaUph?0h;XzJ_5
    @@ -216,7 +215,6 @@ ms.collection: highpri

    o77FP#v<@mc@Xin*8rbG=a+ zZ1TFhH7*nV@w1c?DK_hKMfWeRmW9)<)7Ve^(?1tvBqney;~4*yETGi0^JpH*N6i5e zVUGS#jbbat2Y5w`nJU|<3U<=aZARy+w>6m3V%G23xFlTO>~UB#CRY|59F|rgnVt4n z$^mh;r;AkGwFPw2U~7Y(0lz_lfAatEcf{v z(HGj$k17mZi9~b_2!|MZ=EXSEBfeTh7lwzcujlUaiIaPr&(tM=FYh;P~$0*`TSB{CIk8zrLIZCdm9X)k6 zGKhdD>ILklZ2DDXu>PSyDkM$IS;ffAj%RMv|M-S;vMYZ_`)6r1Ej`Mm&ZKT85=k=9 z6TIHc=HN6R^JzM&;B}J1mmQI`)WZ1Rc3l_hE9{E; zOoK!p68M6J>zF38I4WzTQtpgn0N%}ZEM`YT74RNKcqfw7(dxd;=6Sos%{7>|S&<(ErU$6x*JQNA&abWLYk24ez8-SSBx5H9J;`p^ z9hy6tL-YETEyGnbYX@wN%$31P{tJ)R*+Ah;I(_hLBW?n3Pq>PPS^13e#SOnE4gThr zUMAQbBhyYJ?Op2LU|#Zt>O)38EEIc64Zcos)BXr7I+}M}b5sM1%-w02-Wq%KTLvyo zpTASypMMxT_v=PQ~%6)HTRPUS$=NYb0?obqI9MkclOqt=U&>SE5_?765ZuE1-$ z>wRer5k3CeO1D;~2x=2{Je+ObyUFw4>3QlZvBBln6}iRUBkF!IgopDJ9m`2GD>FIL zVc~_CQW~rvjx_(!lxnN=WgLs>-X`fP$MDoZPICri7ygR+oK)q^5~=DH;xl>G3Gg=ORbSmpYuK zr%lo+h z=u_2JthPnS&GfgUtOKX?Wc)OT%3a7l3-1D`&#;lX47JMeM;f`3WtiI9p-Jc0@sX5o zluflNd#-9+FsZ_t2irdwNa#Q^yREKroFG-fFOm)Y9=!8uVrF4p!QRO9sNk*gcgU^8 zqC12nH>KhFlbKo6rL{G*hHBfNXh<)N5LVOt&fS;ps!Ex&UKKGYik1o^&4I_Q9Pbyg z&z7$RS5PH%RKC2|y{|tH$geF{F|3(UU3i07&t9XWB}m2Wm{)#a##Zvu!44fa{+D7_ zhV2hpa{}$rdUb@LATr#gqblX(XdL7j3fJedU{=6r_C~K;Fh~jR0SEkKoPVXdxt% zeNk=zVw6xbs{Vn|X$f=jSShBo6Sk#9=ID01V_AnxvxHejMrtrC5mx9^!Ek=M;& z*sRu0uUOn#X@ADEe`G$jqS87N-x_|+X=k+cnfSCYbZSm5(t|W|*F$D)d6=>&u>bp` zkT0(k(wli~Lz9g1bbWW%q{v>?by14+99={azlGh4`-V3w@Dhx%=PNUU2Ey3q-%ZJo zB`aSXv}5g=*@HL25b@X@)<{Ob@Gd2MIHF9v6Op}} z4HJB_=SkD14XG-y!FnOfY;$*68w}Bvz~V(FxYNsKxAo(kTvSox63ZAr#2J&G14Z@o zc}lEJ5*jQn$MktQAxAGRY$~AXli1}}PgEG*=%=EaKdE2(D_~b}L>u-$e!*hf`89{I zY*%XdxjtqjsqV`ZN3uOqIwzLHT3M^ufEQylV^{*JM6Cp(>kqF-J>e4 z_KvMA$LO?N-}#&wie`O-@^^7nipC9$%Q&pu-L7L_vgt03&Y8}A0`Z1}i!FoQ%4at= zYv&z8<*~j+JaX#zSdj`*`c1+dy{$?rCb-Z>)?$!-w!sd%16!H_KU>|R(b-j5Zgs{F zt?O)?rH-htO4O6KGg6SNtzJD_j=X@ap;yv5SYs9C=;(O!6Vh8*)t^YK{kk7*E)eGk z5<9BW=r3-2>|~K#G;#O4xsT1yF~U;tNX8pmXnj?j)%#~B#5gp8-sby6-@OerNmQ=6 z4uXrfkVEcNIEw=McADy!6EigrJD5emObntN#Rn;N#i6X7hbr$0qs8WYUqScbmnh{V z*Wyq$HHXsE{*ZJ_pFB)Soff{FjZd!RQ+BpqIYgPxn6==P>nnooyd8~y@WGe&xr7Mu z=r(gi(c$9)8UpQJpBx zORJd@h@{Gk7W{jAWCe&xZnCr0ZCJQm67(mgM`5{1qInFd4-N-u98_NV)>Wx{tfaI( z+R}kfb)B93InJkF6Y*>r8aGg%S{RCzex@Gj+0`{Jql|7J zTc3!fQB0-!Fu2qL-mO%2WF&reaj;|Kt5`qD%qy+!2s)z~(O0Mf+5?fMQ<=~z;ki=; zf;j0Tfdwis9h$Uz1lheBWcTJa?`hqxc3k$2jWQyB@m`Z2wW|l9qR$q zZPSZ!Gab$*`|0FtY|*b1cRC9*L^<$W>24rP|ubND-n*M>ifwL_&A4wV^Q3V0lWzp35-BH_vcj?aaFwlZ$r7H+yT^TzL z-sn>w-AA@nNDh@?GSq*gkIl0xgf)qk6)8@d zre^#?eB3SuBtOdwWiYJFbxF1;yC(JzqH&n&56Wo}8tIv8S7@Mm$Hj#b-svdMGcDoZ zr*99$zKUTYve%S;X{}EYi$R_?{eFH+S!I&*^IVYC*dhztMtoA|y+pm9yeu%(*F?rj zY|ho!nA+NBB&#+FyB2Dbo=nX}6pD+j8kUeNkTOe8vdU`^?un_2 z2cy`(&bn-RZ3N;^C_4(dJ`kXezIaW@gY*V#s{&9Ru_1Jd$oZj3SPh?AxQcyDl%pCj zCGwIA%zqG&Bovw7P}|As=s-Iadu~4$r&7$L#6jmGL1=NkLrDI1cVZ^Llb<8K+*#=D zO@0IR?|*#)d9A)AkI>`umSy%;wi-AIO4Z4TG9bAz#+#^fBMtlO`GmQ^lRP zRS2@>V#sc=V{Zj94W$)ki;|E7!{4me)Y=r>#=S{t#tc286_psoW@0~;f8X%wAr}_2 zcy67BKyCst0MlF!;82A}o4Rpp^EPimf@8J=n@wAn{HVD2=ayUnPbJS!_Ni)&>l_<- zg*jG#O^Ha^&u+r+cQfUjFXDrkaH~0fZlA-%6uVquSWC|J#`oI7+f?_=ev^>qCkgy= z0*3-%vexcq>M4;nNV{FmmJni;`W53@_yPosA6cP6bYZW^sD+( z;ZG5i%d$Tb$AbSP@*Y0X_hTLcx4K5TbQYHSMoOnju8ZF8R;7&$shr?4v2v_nR31<8sMOTH~i8GLp}nhDOv-Pk)f~mAMtYxdO?<$ktaQ^WiZp6OLO2`mvSo z{Sg#3%Go=%B*kO$rQpn`gH0HBH9Xw44DCfG0BZRR3Z*POpP0Bcl;>Bv+OylYK9r{y^O#!#Nbj!6nq{OK^Y$b^2F`0)U8S zy0NmukuNbqqAowVfl#UsK-n5lP$#_Q`> zT8s^^48~+5HP?eoGfDry?%paYt|e*%Y~0=5-3h^hJHaKmOK^9GV2wKgg1bx5;O_43 z1b6r8dvovo|A(1*nKf(8ntJK#K2lwKpW0eyfBBfPg~<*d^K+AFb%q9aR7;c3nSe_4`EZ#5Yh0T4mOyNX?JR_SaFZ#$kylaZ1qukNG%S z)AcoDbA6ADjP^JUb5r8#__=l^b7-6SWc+2Zkk?K}(AriaZDMJk%h#Gmk4df(u)2+} ztKI5)m9)iF@lpvDlzV<-v6se$)lS6=-F^xGeNHc)yH>iBL2pgT-w1S`G9%wXu*cz4 zPSF+$;_-9&#B{Vz*Tw5lo~ z0Lgl|&2~n(sztsm- z8?AvWBd~i*P96)Yd5OIwi3o`(IKkLTIs(AI!^{1FO{(YHX&9rx5B(E&EKH-r;{CUN zXv9O!(dDf1RKlr#@+f?$qjTxma_9)EC!gbg?P_@-ygc7lC>SY17E zvWKQy5qC5tN2ZfImNVh4^~aGBt2Ob$dOR<(mY2jPnNv8FyjZD2o5|S$t2Fm7A+?WLn5s+hfVM zP=ENo2NR4K6u81Y7+~m|tO5Vw&Ix0{*&#o}eo~h)T*Hqsi2^UX*zl&y)%m`GT(^dF zP`-!CkfEp&Q(1p;ImLiLCusE;uL2g!)zc2a>+EtG)t3w=E+3p%2C1jH>H4b*f0TE* z`EOIvXHxBudgsl!!ub=v#O{e)yL{M39rTc?vM7umJ|+jOJME33G-9&5NVJC8F7hnh z+ys+jMm+lEqtuKZ6dK17ey1wnTT*htas`Gy}W|Bn_ z;jZ*!?}<>ydGJy@I~X=~e0*b0uDilKwKC}}BMk+Wp|}6Ms6VGd8Gi&qx&X?L7iHW+ zwYIj}J3EUN&E&Ml2|HT-L4rgS6ciK@5gGNe`h9aa)7#st>RFli$9*n|EH0+q>JXpF zlZ+9(ePR|6SiiXsp#gJrVl>Azkjbu$EqIRC{BD11>le2ykcSl5T5r9^lAe9-kzzLv zA7p%7P}D|q!W}CeWP#opFEDnC314J#nyNEBN;fC%pWJo#fU|q`TtbMhT0~9v{W=x9 z&fLI6143J5t$dI-Ykc(p99*aV1SfMHZ7Z?3>@sxVx4jm3dImlo9wT9`Z9C_p=^m?( z3VChJexgHWkdvutUp6TN^MJ{Pj2N=?kzFpI-Ijj?t5&t8J~@Hhr>^1tc;RkCLMp-% z+kgfRhgyT%am;q^MBy(iu(Xrr7TD(5em?yC-w>VAT`Y{NQGY6IwVjrna0s%*{m}1x zThxI+DaWHt?`jY5Y=&OiloMb;F8s-s6U#>?>W9L=mJy-h$k);hvWeph5Ok4|Ceg4` zhZ*Cj3nC$YBqvP-GE>7RslCvwLQQsY9GOSk@(h@cYUj14v`YDaqirmel6uTUoM(_Ge_nI-_ zr4=GUCU?RzBvDq=X;4Auo2hd$f@7MG5ISI`xBwSst$Xx#A1wH{XEDFc!QaH?!LgP26&RxHm9JGPoX-Ns#)9rqc8lGYqKFgXguRe+MD#UIT)g+(R-_*) zx6NWZ8$LR%IOb^{%7q~eU45q1G;vVVXTSAnxtBqNxL#t{D!!4sl2VpWeK(ctsvTd+ zPIv{HnXzdj`M#s0x2ij?4*gbfrtC?YMI{uSF_?d;PT*n@waUmCwqA3dqHp137Hgx?EHAunS;R6{*yp6>WNs-R6@MGNRLoLGoU1Ye z7E?6%kMNpdxpI4@#ZStjhYUdZL>p8Kn;;{Z-GnTCYlz%KYT4J}TwstDwcF=v%z;ng zyrrC)cVjs8)EQxSMF^=W-(Gc#a?kImUG0ohRSt^JmTM~>WDdQ}w9_y2T0F{t* zWUN^OpAxub3ytTMsf^)zZcd}tELuJXRZg3SgoI2Xl;wf5KbHEx!o{KI{}+Krwf}#k z-o%%^uPC^?HyxhKl?W%>zs&{r(aQpgVJB2yPnY2UN#DB3(fjQBFaY%3Xc!v_m8k&5 zAv9A;c!g4H&fwA=>U5uv?~q#s`LGINYu_0K^q&hk=I~@Np5-j&*h?J`dN0Gsb(K>= zH{#o3)I}Re0^Pe<-Y?|W>5;2AlX{{G(>AF~t`Jk+ZWH8Gi1SqSaJ1@(9J4e{gBTfs zgFBtLNXQYmUy?ka7`QRF6W=GiFgzPntk7V86+fJqQ^>@yPk8B-0on&4){fWB^W|1M z-Y#uW71;QB)-y3*{Z=JxD3%4k^k^ZmhAF`wYsH%El+Az~CBvx@(Do=&|{P5)ma{{M0rs8}m=WQ81Xt-Hv zmRnFhAD}AB+wv7$s35zXAI>lzDDl1CsXi+|`G&5h#FK>q#5X46mZ4l95P0OjyC!~l zJzN)({TDC$%K=?g`?qTIKi-EQnq?bxCxMU7lJZcuKl;$EaX@HoCQO><&mDVcn6WCo zM5#B+8`y@uiYWEnG|=9GU(|o9KF6>0Wi(I=RnUNODqMm#ZGqI~(3k{~*&b!*spvno zU&(*zz9=vw{#AnsedxW>jpjlrai65q&&%#^^fxu75Fh}s6|bV&3&B!qV^g7S^WLCU zRUka3rs8Fp?FLC#WC!?iRCna>GLLF@5ajm_7^xGJMgfOB)C8O*( zA8?>KZ~f5n$&T~ndi1$nR1DPCND=^leS%sW&1$!}RfDF9imj*P1_gccaI0%T|9fK69NY9?vJAl4?Nx38$uI96MT`n}9=y>yYIc;k9a>qaO{1P>7E$SlllTNLI*p`iR9?xXvI*?-5 zMk4PCAHQw;)%mc~>(YDsBkevVen{i5*L02^68>I{u!Vh`s-o9)_m?Tr%mfp5=#DBV zTQ}{tLhLMV5*s@`WC(NY^BVCp0<3+Za;~N|7)l8A+~~%Vno|#af-MU>bMn92QA4!5 zkdr3*-v+X9&dkwZq;3OS=*=Rl6!dlvN6CE(;CqC?t#yxcg-}) z?ZjKCV^3!LG~(^8cC2m%e@W_E^}=%2a_N=g-G7+ku)g&0#zNc$qirQ{9+v~mHoCP+ zaT>tlz9+v-o8ZOxz|x8w^Xf*G*5d$qm$ZG~s2jYJ<&N{^hq~eT?MDCTxn9)%_fxey z`CfwRtG1%cT038e{R{_cdBJyCotHA0i?c%faT1}w*Zpi1kpns@l^fqUQAJnt7Y3y@ z@~TA18m|Ft4lj25t3zWp3sp3om3adzl@&;zxM8G+;$a|Ia8I0}#qkSC1mvXZ#N zCN}7-7Vr^l{;&nEkH%MxW?KPEwf0N?o_x10UKjV<{FbZ)A|6BFtCtZimztl+Y}>pz z&)To45jm}UI^J)QEx&!H66e#2{(k;Q<$D{t5c}!q^QzB1M3dRP3pbM)3UTwR>&xve zJ0z0CE)qe=!}1vIib~@<4=0NsiB&^+PsqnIrDGNNsU|N5&hsndlf^FJFRtwx{daiK z4vOCUv-H5{v-DsY1(L87;fhr%F-5%&oIaMZ0hx2P&HQWI?sTuSp0N)ShNn9y+iykR zv-N(#lJvFT+HEaxt%t{mdOREwxox+5oplDaeru;ZQJ5wf9&^`{lHr=il zp%Oc=*=G5moV7o`D^?%tuKL|))s(dN4AK0(TykyqfC&JJJcK+NOrz(!iel%+@RVO@ zR_Z?C$=?pSjTNy&qVc0tcd*OX$r`9I7F!I7R`D!ScwGp~kJylzAdS!LSM7V+9)@Dt zgYCS}C7T}CTkOL*fid41#dTp}xz75muCuxd!Ekm0o{4*-)O7;ve2$+}D8R2qaHK2Y(syW>!=U1;-pzfU*}QQ_=NTUB=HqVR{TbQtz`t7nQIw!`W??yxo}U=25% zijzW9wqj|tTcY&K3KA8sgbXkHyORirJ-qbpD{W3Gw$i&DY8o5}!rjp{nXXbkxtY|v< zdA>c&;1?~p`l^DUYEkV}$K*B$3&r*1&%0}WkAcw=BJkuc5-KTz=86ZG~ ze?SX^2uRklelCal!14<-@429)o`aS9*{FN=^591)Hd%CdRKa9nR^&)K50YA-JQIxd z;j6di8Be-H-D&WkQoPLDMeB zhM62_qROY$X1j*=9ljcm8~c~jEh9==nxXE~l$itB0x~#L`P=zy`1JEXpVkDl~DOmMw78OR!<_qp+XMF~T>zh*8!& z5Nuz&u$u19cxacDBC7ei^yvdm%LK*bBH;4i(`mKaz(r)wA`K=A*EZWA z{}8shh(aD5AYpPNh$k*Sr}4`c#`SzT==Mh)x7TMfMrtMw597bh3;Y$Y( zhNnzNW_aDBv-dzXtDrM~^}^7p^2%@_4nkWIr#vJcP5A?q=9X+Vvx90ohP0!=Nef5u zwLoyE3hd-`fk7#1w1|k#g`@7`DP#Y7tD2b=e_ibn)M32HnULtN17EiCl_rFbNcD>~ zpTbp&BE{3j04v!l_5&xO4ikD(k zd<&apH>^hU=2!o#&kYhYk;_kNy}bP^VXXKBX`35@jak^x3CLZFAMx=~n!7V(Nfq@Y zsEdf0%b+|{lvuqHuL!j-riL?U8OlU9aws;3$GQfUL=}IvW44SeiHa=Kg=a^v_6EwTpTcD<%*s^LmY@r^5@$T-hOJ#9d}b4cr*um+55ER ziYOu+V*38Yk1_!m!9`CjK;wI%ejdD%242*IOyN9fsjYNwD?yn%9~ZCWp0;Xkq3kCC zAi!bi9lmOBdcKsroP@Xs)mzq!NKKIFDLil5$w}E7wkKmMf?asO!(-H_-t07e;~Q8Omt~WKl+J&oDv+mR;VGeeBu*Wp<6Cf7w>(->5oHHJRp}L@=HXJ^1 zM(Zjgh)Ka#^J0dV4>y{NFIWU&c#;GXm(UMPqp0UN`Wbab#}z3+dl$GL))$z=`DVhx zemw2+iby6~Zv;U3=xm!>#PK*I$`kMQ<}T=q4@FbUrf9&n^aba_VZ@<5AX3RhDDC0< z`+k1Shi&k=2m`JhjCLl71n>> z@m4s@&ZzT(mcE^iEbZpK&P~QLyudiH9FE;PH*!KYA<){eY3e@X$X2IMJxZsE%Pkv< z#1LLnQ3?W9Mcz51FV|rlz8kprojr4)Af6*FQlOXRCB?fp+AqANt$H&;7rKiFimfOV zBm0D6kOZ{BbMRrj)3_c9Sl0^7^|BR{~Mgnv_`U zVDZK$P%MUsVoF}Ms(t71dnMB&4dqpEZXf{GJU#YHSnr{Wr8um|U7@UQT^$!$k1?BF zlEef3!<0JDp~&X3e!~S#7M=p@ekby)j{Eu-FJ*Syd;6I^Co6sdk{if7SLg2litCl% zbd!rP+vPK%xfW~Wi31@K-&9Hvn7q)!Y zs~t7=TV?J>>(>u;ywN!np}vQ^p}fZM@~`7eDaA`bp2l~`+TW`&W?4Si9q((R4|_yz zTS*hpn^$(35rm;iYoe3Kn-!W-MZ~RGPW!I}RWCLIzSm{i7rii^I?j*vDXfDbnCiss z9(zbqYj@OV8BQp~@B4z)7kvYl+1!F8$xv~%?^mrDG*L$}?$%J5KJLtV9;Rf!*WL;E zZmrq07-95!6vj?rd`{&VJskwrH6HBB*XDsYY&e@CcF_Zpeos)o4hwlH_g4h&dvku9 zQnvH_rw%b}i0si)Jl-yhrr2(X-ld!TR@ewyS39PrXa8l>2H|qwneZ4A$-PXfh zhi39Z4RiUnadoUK8H1xg-I^S&gFbv9;=IP8nXl#kuvv}25)bRiAffL};rqUl)qS^A z=6=%!!@8gKF8nH8v=#D$xohwZnacfpBsQAr#QZ$(xtMdxC;dZ6zwo z#50EPT}DlHnTx6NPJZs?V7+O0ryqx7?VJ!_1we&nx682BAkCe`<`zlHrFrt_y(r&X z(X+z@|NYk7yLHcK%UN%Qxi4!b7(R4_9aA=kXv0D}w?5FovaN@_c^NR-!EW|Z}z3I$56WP&{>zF zFK00wB7*lY?k{dA+v{d}y_M}d4yQzdor_@d4z5%bA({6ot3ET0O7G(;P5S9EZm!~& zQCY8$`!P)ZU-%vHE07@+UIl*Zu%oZ6yW^wqKdF~j+I~~Z3dZ9a@3*siWA0|q@87xd zUcWbcxvsF>9czLt+I3?6mq!J3baYFC(=WFR`UB}aP6myB#Mm-3StY&GR?j7ZM2rEk z3m^zkRmh{mYJ8Mo1~G5*iy(uayqnd|P0dWb{lNdZKsgsH}$gJqm+IZ-J!T>Y#^t7 zo{89JPf;;Q&|SEnXfFy6om!lx|7L)Y&Wx~ZbV->jOv2ZW%2<+GT^!)Zjwd;JE>1ej zsi$8y*K<_eW6d3jd}$PF&P}T4hl*xe-GS|?vSM{)j{za}&5HFnGArk*wdG>;1aH#A z82*OsSZEC6j|!aqND5%g;`Urz7ClCbuSiBS%7bNAHEhB=-XUw_i6lc z+#`Fhpadxi-o#)89D27eKlr^GV5g$>TUFK63i({S7$&<6~y!~Jg&-~iHQBA(6em9L;4glISsp3w&KWzEC4N{oOi1U$U$6eDfV z=Hm-=Kzux~x|>cf;wp`OW(z&QeE_nv%Xzzvr`Jj)b0q007}7s~YDg^TNnmDXi-RC% z3V#!`s)8Sk)B*{+DRF-cbAJUoLxSN><`XICH(A#y37gwx&|D|h-7l~TDB1&IU@>U&h*BV3G4R>#2ku36Jb;J_9qz$fV0L~!x1o&DA-X@v#EeeD5P*x7rA{h)*Q>(u?I5X1X`SH%-3sXuaeo%(M*q&Ub>51wpre^F)NbBq*t zoiVsSu=tquLeTYZvg8^Uv`~RXA7Kr$l<~VgE&u+^UsJ8Bx@~g)!O`Ti@R^ z0ew?q>H7atcgi7ImKrT)pu;(Cr3L)I=;DB;jSW+S?OHgKc7wO!QoGNmR=p~%>jT!m z2?3&obNUx`b>oRl{!krydiu%5#o~EBURm&e=1XMe;o-rWDtn{=EpFC%mkt;ml`U}dS6gw(`Sjm3)`CX%M3j`!B%%q!&?qEG zsi?%)ra%5S$`Q3m9PCk?SjLKO=FjBV;L2Q zUi=DHRt&@*yJ)hh>`))Rjw;G@EN}Nk)Hv>ae$$o)oe*j>6i=m5V+8eeA`_|N?m;({ zg@HkZ7)1(vG)pi`-x3HcR*ww>qyi4C(S?{_8skAkKvrkO4%DkU&y@C0OT%}G0-du@ zz+oQyldw{^#gz`>ugA?SKR@4Kxy}L_TSK}A=Lifjj_~TWe z-J<`;!T-N>(?BSu`OVR}x#WM52ehpHWPo;YT^i_YHRv*cq1O%iL-!dgunOpEy!uI? zLaPy1X3)=wR#!D7CUL z9<#@{N6F&}HuNi;#4!vJz4=1-*)xaPbC!l2_%Xa&J%0uxii?H4Y1^XITilcsB@Hk@ zJUHf{SI;_phyda;qg%B&RxMDnk}Uw~9;p{2@eABKx8ef~Nl_KC_cX`{`O<_Env<!Rl)nmA;V4sd@0eD=J(p!Hxri|mF`JbL>uhPR+=dOEUW|I>@&vV9A;02 zOd1|jH%ch| z5fR(;ShTdYsP&N5{LEoG)}j5wg>Rl1pDDBmP!D z86`Fdq2NS;kB^V6^P&`FOk}3^{TMEYk2t7XDd^75lEqHQ$x3J`rX3p2K@Wq>U2KKJ z)tttTH1f=Ac<=Nv_k!yI4SAp!-$fohOat>$3OBAvL-6Yi0VQfoKPrX|wcuKtq1rzR z03;6K{F^~h=(rzdMx!ZgSu84rhNFS!#%HCL^@Y0_0dKCY{Kv?xZ`0(hx-cKnNJqHB zu0A+iuhlw?w<=SEwiT_&NY6dj*Mr} zauFy*9v<7Qa8Cv?OzVy03)xCW4d4~`UMClT#DL@Ift~e2y@f)XwTSLYdJKAKi=e>A zCUFcz#?NRNfEoHD@RcU0TawhRd+*}iE~`qnSfiRTJJR_HYUlPUe^m9w%tWA7(Dplx zH1uFdlllS&DTr^fEeCiLE43nz;spDPRmOY9ihg(H@2ekGqDitJ39k)Q<+%?@yp(Z6 zVc7j5Qg<^iJC`L2=*r1}rQYGjUI;tHm8OnE^gx|IKxHlLo}LAokizOe^D}q2;_nH( zXyp-W{iEgO4Z=_r?>WOaN(ZhdkOq7@+F{j48O0hFXWzsZ4dez=j`e!?L?t#uh*)y+ zdHpK{T=G66Qx*G}VPjj*ZTVgsr?_;XjxyGjXqQ;2k}WpF*$JeD1_Xb&{7$uCs8xvN zGgqN(Ye?3wYY%oc`t{=Eo^VKv5X_CAL+jHCPtO!hBiQ7l;(|FUi2z!9*=@1aLFKRC zY0tARCT1gop?|ATeOqx;++(Y}CSN1^@_yU5TOE1U#wth|H>*ouN)*9XOT?$8NGT<* zMrjeVx=#IH*g2&})+bJ6(@gj`3UCI;xqCn!L|{?SWmhS0&D0ZaS?D0YE3QC>gdCL42WrlNeFEtjdI zt)sH(ii2m2P;V)=Q^00Vtwm^e#W@beO-(-@9UV<=+KP!vvG}HPRMU%kyqMd-_AHDB~UVU3%CsBl;5W*zuzzXZ3DxZ-*%o z=>Ov8tW($~?bIT`P7VHu22mtaK0?)HW`9@R2!`w?s9GIKCa5m*}BC(|pil*1RThosoX!mZr z?FNO2Sg$ToTHRN)&-)v|p+|| z3tQGal)~#31`8`Gw^Fbb!3#T$1qBacj0JZ3G3xtbmlq=h)%IVKyhV-}(R2pV?sB@* zLyCvOtuHTS3Qar7$!{W;@i|85m!q?|vtZW=YJTw`G^}27zrS2NOo^+o=2Ri4x@aq| zCkly5&3_Ne_MC;TU&N#Bw3r$18%>>Y=;EPJ+FXma7v*=YJK&`RH&L|r;iJnjfMdgzb=p@$Qe!y;Su>9qF9{n=;uJ1+v4GyW4uVNeF z9qjuXGHJ`g(XE6D5HOo;gidu;=177_C;(lQ?gfwDH&Wer^TGNGe2PU7k%%mB2|Qvf zm{%XLKB+GETogR64;znq>bRJ&PWrQ!RacHj@+n(%sWDZ=_HAjn3mri{|D4oidA zBiCdG^(-SQ0APbZjUyN+|3)4>OJD|fB`BwpIB<4dv{p08KSTvmqhX!WhoYJr1omu+ zWwl$_FOIR|Gfp06NI4xEuu^X!(2$nW$q>}U3?T+C4s2hN(&_zBu$C3`f$ak*bO)&Z zAf}U0qBcX}7bf`ekC|3er$t0~$O8nX{48t+Gek2Wh`#fI8eVse}|Mek%BHmM2# zN5u2OFVyEI3cG)gu%WW5wrte@#ZPn%&>gX^q3BBrE4Adp_j!BwiD)Y(SzpdrtiR*u zdtUwEZh5wGxr$(y-Q-BnFw2#rJ?1R6T(eBcoy9IL&%%aUtJNh9-vE6-v9^3>`j3}8|7b)hU55QoH0lm1%;9jApdatMBMI3tj6(#;y}ntAFYa; zv4s1+jDPT%L5V&bITaQduGr#C{F`|>{Jc#N+fSe(;qz)jY|WN)|#jHVkj9l?8>#Niyk>Btclt=17JSCKQYMif;2)LS)f$;^Nm`JwItW4G-JH!fmlLSDH~_Wk8@9-JQ*y9-SV6*=;-fGg>*S!8$Uuo{H%@pVIkzHg*v8f3|lYf@4F~la%jJc zEYuaE9OQP^*Ds26FC`r?|68nMVmN@8#8Ng@O76QT^lYDn?T;kA3i(iB=q-UNbA5`| z=r>$GXV?%Nr$5r67w|S&RlG5ANhaXa&o35do*8|JZ5G3Gl ztZA$G8jKPtyQ8o8nrFcq=aN36xNN4|{nf>1qAGbOk9mP>wtUq%{vw5t&QcCqea47y zg%Wj~5$sWVhZfm#;rh`SO*sC&f4t~h9W97W+~99<*pYZ07$l5ZVOR`;J+>Y)Y^Eg= zx0!MpuUYEVl?_nZ2!#gjrN}D~@nPYYrDG*7Hr zWOEsW4r~xFc5V{8$h>GEEteDKa3Yn!#4?;cn8I!Iqw59ccnl)WQk>oAkd^CIEr`Ve zpC=bL1Bh+`EJO($RTQ=GRi*b^ucAoMtXy}|}}=Vp?02_dX9Io=5? zEf~hv0_unwAwX*`Zw*e4@0+~}zt)S58?!yH*jmtu$E0gdHwM<9z}oE2o_ss;j9)u! zReA@OhWDqhk$8a)MtC27tERhd$+=ftuyF5}eyZMWW*e+)*dW@BunwMKJ@{tj(DI0P zqRoNxeZrGKo8K|S;|Lzwin?E?5znKbWdvEn{H~x<>gZ1SY$~N$eFVc&w>?SHCIl=pI&~HK|-Y2%vwPdocUj$ zQ0E?$c90ox?p>-QNI8*~79*E+87|J^QL0UbJWt?LvPpR00@)GmQ~lj_LYjGU8&E1Q z@G(K#lg^nQVfz@|NZH*9*`aTGNQ;We6VPBJZ}4lXs300lP!9v(n`)m#ccdg6($z^T zoguk%4*zu|A`%q-vWjjx%8L<=eQYon6l8LZprp<3B@kgt1yu9;R^b; zYET<&_YS4-z7j?r?u!VgwK53(FcE>NnE!TyMiKYpdz5vJblF_EajGHqzz7~E8Vwe< z(Gk!(|DbNN3-bj|n8tM|;hzB-4U=ISLsFy0S|mx?1qG}vVNQ_8X~ zS=-+_bTekE;3$yhgpp02h!0};Q`^x_6H@2nC2V^Wb>sj*F+B^GyeW6F(=YlPoN5v( z%E~|A`7yDuO053ksaWXU1w2cp_PONY1T^W)u+rq(8iWkN0-JO= zYj?GAab~4ts3|JP^KuKByx(?^`iQ#;v@&2V?pPrAkCFVgjZ5y1;#ut=&2Qav6)R9k z@{bv;=8}nZcfGoZl26*n0HnyP75Y)(Bv7OJQ5AqlXZ+?@k~NYEP~X2m zL=g zyr~{d?wMX`DqFOBSIAeGnlX*?=HE*}X(x8)F`>Kc09=PB``vKB#(cvTYWd_3M@9E1 zDMZ4QC`P5LxqvEJLXFrobzql@nL&TB3ag>J{w`iTFf2PQTW2zVSU6k=*Y4y{WXntC1I9v<64v?5C5MKyF_?e6(kA zw8N8j8o(cN7OO;hA~8xZeVfW>Z{c)NU`q?zINRp zXit`r0^k#YH~{@rbH`M{`6tuv+t}K^~OFaB_pE(-dk8m&B4XR z5I`LY4MM-BP2>mQ6A(;IPG;A|fPygSV4%P*H2V@o3|5#}q9iqVbIjeQKDFmAIbM{+ zo|6X$2Nf07v-YpzVkzCf^QpXbv9Napfp9Ozfg}M^glQ(=Uv-s#O_%RqY}@8&_9DpT zQ0ibq$e-JF{}s}g)iME+_j1Qzn7OXKte(~!vAk5 zel=RmZct72xvc-m3)Yx`cb>YI3I56Zf&?8%$`J!r8to)aO$)T9fBRE*b`gaANkbm= zlJ5f+TRlF|54&}pTLn+0mD+;+#dT?yj6Y`pJz0@q{#OS5-!7K_JB+8=bi4!s%Qyhk Nq{ZdMDn$&w{U21U=mG!$ literal 0 HcmV?d00001 diff --git a/windows/deployment/update/wufb-wsus.md b/windows/deployment/update/wufb-wsus.md new file mode 100644 index 0000000000..e03715c193 --- /dev/null +++ b/windows/deployment/update/wufb-wsus.md @@ -0,0 +1,78 @@ +--- +title: Use Windows Update for Business (WUfB) and Windows Server Update Services (WSUS) together +description: Learn how to use Windows Update for Business and WSUS together. +ms.prod: w10 +ms.mktglfcycl: manage +author: arcarley +ms.localizationpriority: medium +audience: itpro +ms.author: arcarley +ms.collection: + - m365initiative-coredeploy + - highpri +manager: dougeby +ms.topic: article +--- + +# Use Windows Update for Business and WSUS together + +**Applies to** + +- Windows 10 +- Windows 11 + +> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) + +The Windows update scan source policy enables you to choose what types of updates to get from either [WSUS](waas-manage-updates-wsus.md) or Windows Update for Business (WUfB) service. + +We added the scan source policy starting with the [September 1, 2021—KB5005101 (OS Builds 19041.1202, 19042.1202, and 19043.1202) Preview](https://support.microsoft.com/help/5005101) update and it applies to Window 10, version 2004 and above and Windows 11. This policy changes the way devices determine whether to scan against a local WSUS server or Windows Update service. + +> [!IMPORTANT] +> The policy **Do not allow update deferral policies to cause scans against Windows Update**, also known as Dual Scan, is no longer supported on Windows 11 and on Windows 10 it is replaced by the new Windows scan source policy and is not recommended for use. If you configure both on Windows 10, you will not get updates from Windows Update. + +## About the scan source policy + +The specify scan source policy enables you to specify whether your device gets the following Windows update types form WSUS **or** from Windows Update: + +- Feature updates +- Windows quality updates +- Driver and firmware updates +- Updates for other Microsoft products + +We recommend using this policy on your transition from fully on-premises managed environment to a cloud supported one. Whether you move only drivers to the cloud today or drivers and quality updates and then later move your other workloads, taking a step-by-step approach might ease the transition. + +## Default scan behavior + +To help you better understand the scan source policy, see the default scan behavior below and how we can change it: + +- If no policies are configured: All of your updates will come from Windows Update. +- If you configure only the WSUS server policy: + + - On Windows 10: All of your updates will come from WSUS; + - On Windows 11: All of your updates will still come from Windows Update unless you configure the specify scan source policy. + +- If you configure a WSUS server and deferral policies: All of your updates will come from Windows Update unless you specify the scan source policy. +- If you configure a WSUS server and the scan source policy: All of your updates will come from the source chosen in the scan source policy. + +>[!NOTE] +>The only two policies relevant in terms of where your updates come from are the specify scan source policy and whether or not you have configured a WSUS server, this should simplify the configuration options. + +## Configure the scan sources + +The policy can be configured using: + +1. Group Policy: Specify source service for specific classes of Windows Updates + +- Path: Computer Configuration\Administrative Templates\Windows Components\Windows Update\Manage updates offered from Windows Server Update Service\ + +:::image type="content" source="media/specify-update-type-sources.png" alt-text="Screenshot of the Group Policy for specifiying sources for update types"::: + +2. Configuration Service Provider (CSP) Policies: **SetPolicyDrivenUpdateSourceFor[]**: + +>[!NOTE] +>You should configure **all** of these if you are using CSPs. + +- [Update/SetPolicyDrivenUpdateSourceForDriverUpdates](../../client-management/mdm/policy-csp-update.md#update-setpolicydrivenupdatesourcefordriverupdates) +- [Update/SetPolicyDrivenUpdateSourceForFeatureUpdates](../../client-management/mdm/policy-csp-update.md#update-setpolicydrivenupdatesourceforfeatureupdates) +- [Update/SetPolicyDrivenUpdateSourceForOtherUpdates](../../client-management/mdm/policy-csp-update.md#update-setpolicydrivenupdatesourceforotherupdates) +- [Update/SetPolicyDrivenUpdateSourceForQualityUpdates](../../client-management/mdm/policy-csp-update.md#update-setpolicydrivenupdatesourceforqualityupdates) From 85785e6d4ff933b1dbc85cdf58faedfeffd300aa Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Thu, 9 Dec 2021 09:03:03 -0800 Subject: [PATCH 055/420] minor formatting edits --- windows/deployment/update/wufb-wsus.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/deployment/update/wufb-wsus.md b/windows/deployment/update/wufb-wsus.md index e03715c193..7e6b3fd10b 100644 --- a/windows/deployment/update/wufb-wsus.md +++ b/windows/deployment/update/wufb-wsus.md @@ -54,23 +54,23 @@ To help you better understand the scan source policy, see the default scan behav - If you configure a WSUS server and deferral policies: All of your updates will come from Windows Update unless you specify the scan source policy. - If you configure a WSUS server and the scan source policy: All of your updates will come from the source chosen in the scan source policy. ->[!NOTE] ->The only two policies relevant in terms of where your updates come from are the specify scan source policy and whether or not you have configured a WSUS server, this should simplify the configuration options. +> [!TIP] +> The only two relevant policies for where your updates come from are the specify scan source policy and whether or not you have configured a WSUS server. This should simplify the configuration options. ## Configure the scan sources -The policy can be configured using: +The policy can be configured using the following two methods: 1. Group Policy: Specify source service for specific classes of Windows Updates - Path: Computer Configuration\Administrative Templates\Windows Components\Windows Update\Manage updates offered from Windows Server Update Service\ -:::image type="content" source="media/specify-update-type-sources.png" alt-text="Screenshot of the Group Policy for specifiying sources for update types"::: + :::image type="content" source="media/specify-update-type-sources.png" alt-text="Screenshot of the Group Policy for specifiying sources for update types"::: -2. Configuration Service Provider (CSP) Policies: **SetPolicyDrivenUpdateSourceFor[]**: +1. Configuration Service Provider (CSP) Policies: **SetPolicyDrivenUpdateSourceFor[]**: ->[!NOTE] ->You should configure **all** of these if you are using CSPs. +> [!NOTE] +> You should configure **all** of these policies if you are using CSPs. - [Update/SetPolicyDrivenUpdateSourceForDriverUpdates](../../client-management/mdm/policy-csp-update.md#update-setpolicydrivenupdatesourcefordriverupdates) - [Update/SetPolicyDrivenUpdateSourceForFeatureUpdates](../../client-management/mdm/policy-csp-update.md#update-setpolicydrivenupdatesourceforfeatureupdates) From 75a028e5dea9f142bdd7a7bd89f583e6813d0aba Mon Sep 17 00:00:00 2001 From: Andrei-George Stoica <5600871+andreiztm@users.noreply.github.com> Date: Thu, 9 Dec 2021 22:36:16 +0200 Subject: [PATCH 056/420] Corrected ordered list --- windows/deployment/update/wufb-wsus.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/update/wufb-wsus.md b/windows/deployment/update/wufb-wsus.md index 7e6b3fd10b..0f2676efb4 100644 --- a/windows/deployment/update/wufb-wsus.md +++ b/windows/deployment/update/wufb-wsus.md @@ -1,6 +1,6 @@ --- title: Use Windows Update for Business (WUfB) and Windows Server Update Services (WSUS) together -description: Learn how to use Windows Update for Business and WSUS together. +description: Learn how to use Windows Update for Business and WSUS together using the new scan source policy. ms.prod: w10 ms.mktglfcycl: manage author: arcarley @@ -67,7 +67,7 @@ The policy can be configured using the following two methods: :::image type="content" source="media/specify-update-type-sources.png" alt-text="Screenshot of the Group Policy for specifiying sources for update types"::: -1. Configuration Service Provider (CSP) Policies: **SetPolicyDrivenUpdateSourceFor[]**: +2. Configuration Service Provider (CSP) Policies: **SetPolicyDrivenUpdateSourceFor[]**: > [!NOTE] > You should configure **all** of these policies if you are using CSPs. From f15adac8ab06abaebd516a460283b7d867b88a06 Mon Sep 17 00:00:00 2001 From: Andrei-George Stoica <5600871+andreiztm@users.noreply.github.com> Date: Fri, 10 Dec 2021 00:59:05 +0200 Subject: [PATCH 057/420] Updating AllowMUService policy disabled option and a lot of formatting improvements/acrolinx --- .../mdm/policy-csp-update.md | 1016 +++++++++-------- 1 file changed, 538 insertions(+), 478 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index ec5de9aacf..0c612b064a 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -15,7 +15,6 @@ ms.collection: highpri # Policy CSP - Update -

    • -
    @@ -245,10 +243,10 @@ ms.collection: highpri -Allows the IT admin (when used with **Update/ActiveHoursStart**) to manage a range of active hours where update reboots are not scheduled. This value sets the end time. There is a 12 hour maximum from start time. +Allows the IT admin (when used with **Update/ActiveHoursStart**) to manage a range of active hours where update reboots are not scheduled. This value sets the end time. There is a 12-hour maximum from start time. > [!NOTE] -> The default maximum difference from start time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured. See **Update/ActiveHoursMaxRange** below for more information. +> The default maximum difference from start time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured. For more information, see **Update/ActiveHoursMaxRange** below. Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, etc. @@ -256,12 +254,13 @@ The default is 17 (5 PM). -ADMX Info: -- GP Friendly name: *Turn off auto-restart for updates during active hours* -- GP name: *ActiveHours* -- GP element: *ActiveHoursEndTime* -- GP path: *Windows Components/Windows Update* -- GP ADMX file name: *WindowsUpdate.admx* +ADMX Info: + +* GP Friendly name: *Turn off auto-restart for updates during active hours* +* GP name: *ActiveHours* +* GP element: *ActiveHoursEndTime* +* GP path: *Windows Components/Windows Update* +* GP ADMX file name: *WindowsUpdate.admx* @@ -302,12 +301,13 @@ The default value is 18 (hours). -ADMX Info: -- GP Friendly name: *Specify active hours range for auto-restarts* -- GP name: *ActiveHoursMaxRange* -- GP element: *ActiveHoursMaxRange* -- GP path: *Windows Components/Windows Update* -- GP ADMX file name: *WindowsUpdate.admx* +ADMX Info: + +* GP Friendly name: *Specify active hours range for auto-restarts* +* GP name: *ActiveHoursMaxRange* +* GP element: *ActiveHoursMaxRange* +* GP path: *Windows Components/Windows Update* +* GP ADMX file name: *WindowsUpdate.admx* @@ -340,10 +340,10 @@ ADMX Info: -Allows the IT admin (when used with **Update/ActiveHoursEnd**) to manage a range of hours where update reboots are not scheduled. This value sets the start time. There is a 12 hour maximum from end time. +Allows the IT admin (when used with **Update/ActiveHoursEnd**) to manage a range of hours where update reboots are not scheduled. This value sets the start time. There is a 12-hour maximum from end time. > [!NOTE] -> The default maximum difference from end time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured. See **Update/ActiveHoursMaxRange** above for more information. +> The default maximum difference from end time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured. For more information, see **Update/ActiveHoursMaxRange** above. Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, etc. @@ -351,12 +351,13 @@ The default value is 8 (8 AM). -ADMX Info: -- GP Friendly name: *Turn off auto-restart for updates during active hours* -- GP name: *ActiveHours* -- GP element: *ActiveHoursStartTime* -- GP path: *Windows Components/Windows Update* -- GP ADMX file name: *WindowsUpdate.admx* +ADMX Info: + +* GP Friendly name: *Turn off auto-restart for updates during active hours* +* GP name: *ActiveHours* +* GP element: *ActiveHoursStartTime* +* GP path: *Windows Components/Windows Update* +* GP ADMX file name: *WindowsUpdate.admx* @@ -398,28 +399,27 @@ If the policy is not configured, end-users get the default behavior (Auto instal ADMX Info: -- GP Friendly name: *Configure Automatic Updates* -- GP name: *AutoUpdateCfg* -- GP element: *AutoUpdateMode* -- GP path: *Windows Components/Windows Update* -- GP ADMX file name: *WindowsUpdate.admx* + +* GP Friendly name: *Configure Automatic Updates* +* GP name: *AutoUpdateCfg* +* GP element: *AutoUpdateMode* +* GP path: *Windows Components/Windows Update* +* GP ADMX file name: *WindowsUpdate.admx* The following list shows the supported values: -- 0 – Notify the user before downloading the update. This policy is used by the enterprise who wants to enable the end-users to manage data usage. With this option users are notified when there are updates that apply to the device and are ready for download. Users can download and install the updates from the Windows Update control panel. -- 1 – Auto install the update and then notify the user to schedule a device restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates immediately. If the installation requires a restart, the end-user is prompted to schedule the restart time. The end-user has up to seven days to schedule the restart and after that, a restart of the device is forced. Enabling the end-user to control the start time reduces the risk of accidental data loss caused by applications that do not shutdown properly on restart. -- 2 (default) – Auto install and restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device is not actively being used. This is the default behavior for unmanaged devices. Devices are updated quickly, but it increases the risk of accidental data loss caused by an application that does not shutdown properly on restart. -- 3 – Auto install and restart at a specified time. The IT specifies the installation day and time. If no day and time are specified, the default is 3 AM daily. Automatic installation happens at this time and device restart happens after a 15-minute countdown. If the user is logged in when Windows is ready to restart, the user can interrupt the 15-minute countdown to delay the restart. -- 4 – Auto install and restart without end-user control. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device is not actively being used. This setting option also sets the end-user control panel to read-only. -- 5 – Turn off automatic updates. - +* 0 – Notify the user before downloading the update. This policy is used by the enterprise who wants to enable the end users to manage data usage. With these option users are notified when there are updates that apply to the device and are ready for download. Users can download and install the updates from the Windows Update control panel. +* 1 – Auto install the update and then notify the user to schedule a device restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates immediately. If the installation requires a restart, the end user is prompted to schedule the restart time. The end user has up to seven days to schedule the restart and after that, a restart of the device is forced. Enabling the end user to control the start time reduces the risk of accidental data loss caused by applications that do not shut down properly on restart. +* 2 (default) – Auto install and restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device is not actively being used. This is the default behavior for unmanaged devices. Devices are updated quickly, but it increases the risk of accidental data loss caused by an application that does not shut down properly on restart. +* 3 – Auto install and restart at a specified time. The IT specifies the installation day and time. If no day and time are specified, the default is 3 AM daily. Automatic installation happens at this time and device restart happens after a 15-minute countdown. If the user is logged in when Windows is ready to restart, the user can interrupt the 15-minute countdown to delay the restart. +* 4 – Auto install and restart without end-user control. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device is not actively being used. This setting option also sets the end-user control panel to read-only. +* 5 – Turn off automatic updates. > [!IMPORTANT] > This option should be used only for systems under regulatory compliance, as you will not get security updates as well. - @@ -459,18 +459,19 @@ This policy is accessible through the Update setting in the user interface or Gr -ADMX Info: -- GP Friendly name: *Allow updates to be downloaded automatically over metered connections* -- GP name: *AllowAutoWindowsUpdateDownloadOverMeteredNetwork* -- GP path: *Windows Components/Windows Update* -- GP ADMX file name: *WindowsUpdate.admx* +ADMX Info: + +* GP Friendly name: *Allow updates to be downloaded automatically over metered connections* +* GP name: *AllowAutoWindowsUpdateDownloadOverMeteredNetwork* +* GP path: *Windows Components/Windows Update* +* GP ADMX file name: *WindowsUpdate.admx* The following list shows the supported values: -- 0 (default) - Not allowed -- 1 - Allowed +* 0 (default) - Not allowed +* 1 - Allowed @@ -508,18 +509,19 @@ Allows the IT admin to manage whether to scan for app updates from Microsoft Upd ADMX Info: -- GP Friendly name: *Configure Automatic Updates* -- GP name: *AutoUpdateCfg* -- GP element: *AllowMUUpdateServiceId* -- GP path: *Windows Components/Windows Update* -- GP ADMX file name: *WindowsUpdate.admx* + +* GP Friendly name: *Configure Automatic Updates* +* GP name: *AutoUpdateCfg* +* GP element: *AllowMUUpdateServiceId* +* GP path: *Windows Components/Windows Update* +* GP ADMX file name: *WindowsUpdate.admx* The following list shows the supported values: -- 0 – Not allowed or not configured. -- 1 – Allowed. Accepts updates received through Microsoft Update. +* 0 – Not configured. +* 1 – Allowed. Accepts updates received through Microsoft Update. @@ -552,18 +554,18 @@ The following list shows the supported values: -Allows the IT admin to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. This policy supports using WSUS for 3rd party software and patch distribution. +Allows the IT admin to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. This policy supports using WSUS for third-party software and patch distribution. Supported operations are Get and Replace. -This policy is specific to desktop and local publishing via WSUS for 3rd party updates (binaries and updates not hosted on Microsoft Update) and allows IT to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found on an intranet Microsoft update service location. +This policy is specific to desktop and local publishing via WSUS for third-party updates (binaries and updates not hosted on Microsoft Update) and allows IT to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found on an intranet Microsoft update service location. The following list shows the supported values: -- 0 – Not allowed or not configured. Updates from an intranet Microsoft update service location must be signed by Microsoft. -- 1 – Allowed. Accepts updates received through an intranet Microsoft update service location, if they are signed by a certificate found in the "Trusted Publishers" certificate store of the local computer. +* 0 – Not allowed or not configured. Updates from an intranet Microsoft update service location must be signed by Microsoft. +* 1 – Allowed. Accepts updates received through an intranet Microsoft update service location, if they are signed by a certificate found in the "Trusted Publishers" certificate store of the local computer. @@ -603,22 +605,23 @@ Even when Windows Update is configured to receive updates from an intranet updat Enabling this policy will disable that functionality, and may cause connection to public services such as the Microsoft Store to stop working. > [!NOTE] -> This policy applies only when the desktop or device is configured to connect to an intranet update service using the "Specify intranet Microsoft update service location" policy. +> This policy applies only when the desktop or device is configured to connect to an intranet update service using the "Specify intranet Microsoft update service location" policy. -ADMX Info: -- GP Friendly name: *Specify intranet Microsoft update service location* -- GP name: *CorpWuURL* -- GP path: *Windows Components/Windows Update* -- GP ADMX file name: *WindowsUpdate.admx* +ADMX Info: + +* GP Friendly name: *Specify intranet Microsoft update service location* +* GP name: *CorpWuURL* +* GP path: *Windows Components/Windows Update* +* GP ADMX file name: *WindowsUpdate.admx* The following list shows the supported values: -- 0 – Update service is not allowed. -- 1 (default) – Update service is allowed. +* 0 – Update service is not allowed. +* 1 (default) – Update service is allowed. @@ -655,28 +658,30 @@ For Quality Updates, this policy specifies the deadline in days before automatic The system will reboot on or after the specified deadline. The reboot is prioritized over any configured Active Hours and any existing system and user busy checks. -Value type is integer. Default is 7 days. +Value type is integer. Default is seven days. Supported values range: 2-30. -Note that the PC must restart for certain updates to take effect. +The PC must restart for certain updates to take effect. If you enable this policy, a restart will automatically occur the specified number of days after the restart was scheduled. If you disable or do not configure this policy, the PC will restart according to the default schedule. If any of the following two policies are enabled, this policy has no effect: + 1. No auto-restart with logged on users for scheduled automatic updates installations. 2. Always automatically restart at scheduled time. -ADMX Info: -- GP Friendly name: *Specify deadline before auto-restart for update installation* -- GP name: *AutoRestartDeadline* -- GP element: *AutoRestartDeadline* -- GP path: *Windows Components/Windows Update* -- GP ADMX file name: *WindowsUpdate.admx* +ADMX Info: + +* GP Friendly name: *Specify deadline before auto-restart for update installation* +* GP name: *AutoRestartDeadline* +* GP element: *AutoRestartDeadline* +* GP path: *Windows Components/Windows Update* +* GP ADMX file name: *WindowsUpdate.admx* @@ -713,28 +718,30 @@ For Feature Updates, this policy specifies the deadline in days before automatic The system will reboot on or after the specified deadline. The reboot is prioritized over any configured Active Hours and any existing system and user busy checks. -Value type is integer. Default is 7 days. +Value type is integer. Default is seven days. Supported values range: 2-30. -Note that the PC must restart for certain updates to take effect. +The PC must restart for certain updates to take effect. If you enable this policy, a restart will automatically occur the specified number of days after the restart was scheduled. If you disable or do not configure this policy, the PC will restart according to the default schedule. If any of the following two policies are enabled, this policy has no effect: + 1. No auto-restart with logged on users for scheduled automatic updates installations. 2. Always automatically restart at scheduled time. -ADMX Info: -- GP Friendly name: *Specify deadline before auto-restart for update installation* -- GP name: *AutoRestartDeadline* -- GP element: *AutoRestartDeadlineForFeatureUpdates* -- GP path: *Windows Components/Windows Update* -- GP ADMX file name: *WindowsUpdate.admx* +ADMX Info: + +* GP Friendly name: *Specify deadline before auto-restart for update installation* +* GP name: *AutoRestartDeadline* +* GP element: *AutoRestartDeadlineForFeatureUpdates* +* GP path: *Windows Components/Windows Update* +* GP ADMX file name: *WindowsUpdate.admx* @@ -773,12 +780,13 @@ The default value is 15 (minutes). -ADMX Info: -- GP Friendly name: *Configure auto-restart reminder notifications for updates* -- GP name: *AutoRestartNotificationConfig* -- GP element: *AutoRestartNotificationSchd* -- GP path: *Windows Components/Windows Update* -- GP ADMX file name: *WindowsUpdate.admx* +ADMX Info: + +* GP Friendly name: *Configure auto-restart reminder notifications for updates* +* GP name: *AutoRestartNotificationConfig* +* GP element: *AutoRestartNotificationSchd* +* GP path: *Windows Components/Windows Update* +* GP ADMX file name: *WindowsUpdate.admx* @@ -819,19 +827,20 @@ Allows the IT Admin to specify the method by which the auto-restart required not -ADMX Info: -- GP Friendly name: *Configure auto-restart required notification for updates* -- GP name: *AutoRestartRequiredNotificationDismissal* -- GP element: *AutoRestartRequiredNotificationDismissal* -- GP path: *Windows Components/Windows Update* -- GP ADMX file name: *WindowsUpdate.admx* +ADMX Info: + +* GP Friendly name: *Configure auto-restart required notification for updates* +* GP name: *AutoRestartRequiredNotificationDismissal* +* GP element: *AutoRestartRequiredNotificationDismissal* +* GP path: *Windows Components/Windows Update* +* GP ADMX file name: *WindowsUpdate.admx* The following list shows the supported values: -- 1 (default) – Auto Dismissal. -- 2 – User Dismissal. +* 1 (default) – Auto Dismissal. +* 2 – User Dismissal. @@ -869,22 +878,24 @@ This policy setting allows you to configure if Automatic Maintenance should make > [!Note] > If the OS power wake policy is explicitly disabled, then this setting has no effect. -If you enable this policy setting, Automatic Maintenance attempts to set OS wake policy and make a wake request for the daily scheduled time, if required. +If you enable this policy setting, Automatic Maintenance attempts to set OS wake policy and make a wake request for the daily scheduled time, if necessary. If you disable or do not configure this policy setting, the wake setting as specified in Security and Maintenance/Automatic Maintenance Control Panel applies. -ADMX Info: -- GP Friendly name: *Automatic Maintenance WakeUp Policy* -- GP name: *WakeUpPolicy* -- GP path: *Windows Components/Maintenance Scheduler* -- GP ADMX file name: *msched.admx* +ADMX Info: + +* GP Friendly name: *Automatic Maintenance WakeUp Policy* +* GP name: *WakeUpPolicy* +* GP path: *Windows Components/Maintenance Scheduler* +* GP ADMX file name: *msched.admx* -Supported values: -- 0 - Disable -- 1 - Enable (Default) +Supported values: + +* 0 - Disable +* 1 - Enable (Default) @@ -926,22 +937,23 @@ Allows the IT admin to set which branch a device receives their updates from. As -ADMX Info: -- GP Friendly name: *Select when Preview Builds and Feature Updates are received* -- GP name: *DeferFeatureUpdates* -- GP element: *BranchReadinessLevelId* -- GP path: *Windows Components/Windows Update/Windows Update for Business* -- GP ADMX file name: *WindowsUpdate.admx* +ADMX Info: + +* GP Friendly name: *Select when Preview Builds and Feature Updates are received* +* GP name: *DeferFeatureUpdates* +* GP element: *BranchReadinessLevelId* +* GP path: *Windows Components/Windows Update/Windows Update for Business* +* GP ADMX file name: *WindowsUpdate.admx* The following list shows the supported values: -- 2 {0x2} - Windows Insider build - Fast (added in Windows 10, version 1709) -- 4 {0x4} - Windows Insider build - Slow (added in Windows 10, version 1709) -- 8 {0x8} - Release Windows Insider build (added in Windows 10, version 1709) -- 16 {0x10} - (default) Semi-annual Channel (Targeted). Device gets all applicable feature updates from Semi-annual Channel (Targeted). -- 32 {0x20} - Semi-annual Channel. Device gets feature updates from Semi-annual Channel. (*Only applicable to releases prior to 1903, for all releases 1903 and after the Semi-annual Channel and Semi-annual Channel (Targeted) into a single Semi-annual Channel with a value of 16) +* 2 {0x2} - Windows Insider build - Fast (added in Windows 10, version 1709) +* 4 {0x4} - Windows Insider build - Slow (added in Windows 10, version 1709) +* 8 {0x8} - Release Windows Insider build (added in Windows 10, version 1709) +* 16 {0x10} - (default) Semi-annual Channel (Targeted). Device gets all applicable feature updates from Semi-annual Channel (Targeted). +* 32 {0x20} - Semi-annual Channel. Device gets feature updates from Semi-annual Channel. (*Only applicable to releases prior to 1903, for all releases 1903 and after the Semi-annual Channel and Semi-annual Channel (Targeted) into a single Semi-annual Channel with a value of 16) @@ -978,12 +990,13 @@ The following list shows the supported values: Allows IT admins to specify the number of days a user has before feature updates are installed on their devices automatically. Updates and restarts will occur regardless of active hours and the user will not be able to reschedule. -ADMX Info: -- GP Friendly name: *Specify deadlines for automatic updates and restarts* -- GP name: *ConfigureDeadlineForFeatureUpdates* -- GP element: *ConfigureDeadlineForFeatureUpdates* -- GP path: *Administrative Templates\Windows Components\WindowsUpdate* -- GP ADMX file name: *WindowsUpdate.admx* +ADMX Info: + +* GP Friendly name: *Specify deadlines for automatic updates and restarts* +* GP name: *ConfigureDeadlineForFeatureUpdates* +* GP element: *ConfigureDeadlineForFeatureUpdates* +* GP path: *Administrative Templates\Windows Components\WindowsUpdate* +* GP ADMX file name: *WindowsUpdate.admx* @@ -1031,12 +1044,13 @@ Default value is 7. Allows IT admins to specify the number of days a user has before quality updates are installed on their devices automatically. Updates and restarts will occur regardless of active hours and the user will not be able to reschedule. -ADMX Info: -- GP Friendly name: *Specify deadlines for automatic updates and restarts* -- GP name: *ConfigureDeadlineForQualityUpdates* -- GP element: *ConfigureDeadlineForQualityUpdates* -- GP path: *Administrative Templates\Windows Components\WindowsUpdate* -- GP ADMX file name: *WindowsUpdate.admx* +ADMX Info: + +* GP Friendly name: *Specify deadlines for automatic updates and restarts* +* GP name: *ConfigureDeadlineForQualityUpdates* +* GP element: *ConfigureDeadlineForQualityUpdates* +* GP path: *Administrative Templates\Windows Components\WindowsUpdate* +* GP ADMX file name: *WindowsUpdate.admx* @@ -1085,12 +1099,13 @@ Allows the IT admin (when used with [Update/ConfigureDeadlineForFeatureUpdates]( -ADMX Info: -- GP Friendly name: *Specify deadlines for automatic updates and restarts* -- GP name: *ConfigureDeadlineGracePeriod* -- GP element: *ConfigureDeadlineGracePeriod* -- GP path: *Administrative Templates\Windows Components\WindowsUpdate* -- GP ADMX file name: *WindowsUpdate.admx* +ADMX Info: + +* GP Friendly name: *Specify deadlines for automatic updates and restarts* +* GP name: *ConfigureDeadlineGracePeriod* +* GP element: *ConfigureDeadlineGracePeriod* +* GP path: *Administrative Templates\Windows Components\WindowsUpdate* +* GP ADMX file name: *WindowsUpdate.admx* @@ -1140,18 +1155,20 @@ If enabled (when used with [Update/ConfigureDeadlineForFeatureUpdates](#update-c When disabled, if the device has installed the required updates and is outside of active hours, it may attempt an automatic restart before the deadline. -ADMX Info: -- GP Friendly name: *Specify deadlines for automatic updates and restarts* -- GP name: *ConfigureDeadlineNoAutoReboot* -- GP element: *ConfigureDeadlineNoAutoReboot* -- GP path: *Administrative Templates\Windows Components\WindowsUpdate* -- GP ADMX file name: *WindowsUpdate.admx* +ADMX Info: + +* GP Friendly name: *Specify deadlines for automatic updates and restarts* +* GP name: *ConfigureDeadlineNoAutoReboot* +* GP element: *ConfigureDeadlineNoAutoReboot* +* GP path: *Administrative Templates\Windows Components\WindowsUpdate* +* GP ADMX file name: *WindowsUpdate.admx* -Supported values: -- 1 - Enabled -- 0 (default) - Disabled +Supported values: + +* 1 - Enabled +* 0 (default) - Disabled @@ -1222,23 +1239,24 @@ Enable IT admin to configure feature update uninstall period. Values range 2 - 6 -Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect. +Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect. Defers Feature Updates for the specified number of days. Supported values are 0-365 days. > [!IMPORTANT] -> The default maximum number of days to defer an update has been increased from 180 (Windows 10, version 1607) to 365 in Windows 10, version 1703. +> The default maximum number of days to defer an update has been increased from 180 (Windows 10, version 1607) to 365 in Windows 10, version 1703. -ADMX Info: -- GP Friendly name: *Select when Preview Builds and Feature Updates are received* -- GP name: *DeferFeatureUpdates* -- GP element: *DeferFeatureUpdatesPeriodId* -- GP path: *Windows Components/Windows Update/Windows Update for Business* -- GP ADMX file name: *WindowsUpdate.admx* +ADMX Info: + +* GP Friendly name: *Select when Preview Builds and Feature Updates are received* +* GP name: *DeferFeatureUpdates* +* GP element: *DeferFeatureUpdatesPeriodId* +* GP path: *Windows Components/Windows Update/Windows Update for Business* +* GP ADMX file name: *WindowsUpdate.admx* @@ -1277,12 +1295,13 @@ Supported values are 0-30. -ADMX Info: -- GP Friendly name: *Select when Quality Updates are received* -- GP name: *DeferQualityUpdates* -- GP element: *DeferQualityUpdatesPeriodId* -- GP path: *Windows Components/Windows Update/Windows Update for Business* -- GP ADMX file name: *WindowsUpdate.admx* +ADMX Info: + +* GP Friendly name: *Select when Quality Updates are received* +* GP name: *DeferQualityUpdates* +* GP element: *DeferQualityUpdatesPeriodId* +* GP path: *Windows Components/Windows Update/Windows Update for Business* +* GP ADMX file name: *WindowsUpdate.admx* @@ -1316,10 +1335,9 @@ ADMX Info: > [!NOTE] -> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use DeferUpdatePeriod for Windows 10, version 1511 devices. +> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use DeferUpdatePeriod for Windows 10, version 1511 devices. - -Allows IT Admins to specify update delays for up to 4 weeks. +Allows IT Admins to specify update delays for up to four weeks. Supported values are 0-4, which refers to the number of weeks to defer updates. @@ -1328,39 +1346,41 @@ If the "Specify intranet Microsoft update service location" policy is enabled, t If the Allow Telemetry policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. OS upgrade: -- Maximum deferral: 8 months -- Deferral increment: 1 month -- Update type/notes: - - Upgrade - 3689BDC8-B205-4AF4-8D4A-A63924C5E9D5 + +* Maximum deferral: Eight months +* Deferral increment: One month +* Update type/notes: + * Upgrade - 3689BDC8-B205-4AF4-8D4A-A63924C5E9D5 Update: -- Maximum deferral: 1 month -- Deferral increment: 1 week -- Update type/notes: If a machine has Microsoft Update enabled, any Microsoft Updates in these categories will also observe Defer / Pause logic: - - - Security Update - 0FA1201D-4330-4FA8-8AE9-B877473B6441 - - Critical Update - E6CF1350-C01B-414D-A61F-263D14D133B4 - - Update Rollup - 28BC880E-0592-4CBF-8F95-C79B17911D5F - - Service Pack - 68C5B0A3-D1A6-4553-AE49-01D3A7827828 - - Tools - B4832BD8-E735-4761-8DAF-37F882276DAB - - Feature Pack - B54E7D24-7ADD-428F-8B75-90A396FA584F - - Update - CD5FFD1E-E932-4E3A-BF74-18BF0B1BBD83 - - Driver - EBFC1FC5-71A4-4F7B-9ACA-3B9A503104A0 + +* Maximum deferral: One month +* Deferral increment: One week +* Update type/notes: If a machine has Microsoft Update enabled, any Microsoft Updates in these categories will also observe Defer / Pause logic: + * Security Update - 0FA1201D-4330-4FA8-8AE9-B877473B6441 + * Critical Update - E6CF1350-C01B-414D-A61F-263D14D133B4 + * Update Rollup - 28BC880E-0592-4CBF-8F95-C79B17911D5F + * Service Pack - 68C5B0A3-D1A6-4553-AE49-01D3A7827828 + * Tools - B4832BD8-E735-4761-8DAF-37F882276DAB + * Feature Pack - B54E7D24-7ADD-428F-8B75-90A396FA584F + * Update - CD5FFD1E-E932-4E3A-BF74-18BF0B1BBD83 + * Driver - EBFC1FC5-71A4-4F7B-9ACA-3B9A503104A0 Other/cannot defer: -- Maximum deferral: No deferral -- Deferral increment: No deferral -- Update type/notes: - Any update category not specifically enumerated above falls into this category. +* Maximum deferral: No deferral +* Deferral increment: No deferral +* Update type/notes: + Any update category not enumerated above falls into this category. - Definition Update - E0789628-CE08-4437-BE74-2495B842F43B -ADMX Info: -- GP name: *DeferUpgrade* -- GP element: *DeferUpdatePeriodId* -- GP ADMX file name: *WindowsUpdate.admx* +ADMX Info: + +* GP name: *DeferUpgrade* +* GP element: *DeferUpdatePeriodId* +* GP ADMX file name: *WindowsUpdate.admx* @@ -1394,12 +1414,11 @@ ADMX Info: > [!NOTE] -> Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect. +> Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect. > -> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use DeferUpgradePeriod for Windows 10, version 1511 devices. +> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use DeferUpgradePeriod for Windows 10, version 1511 devices. - -Allows IT Admins to specify additional upgrade delays for up to 8 months. +Allows IT Admins to specify more upgrade delays for up to eight months. Supported values are 0-8, which refers to the number of months to defer upgrades. @@ -1409,10 +1428,11 @@ If the "Allow Telemetry" policy is enabled and the Options value is set to 0, th -ADMX Info: -- GP name: *DeferUpgrade* -- GP element: *DeferUpgradePeriodId* -- GP ADMX file name: *WindowsUpdate.admx* +ADMX Info: + +* GP name: *DeferUpgrade* +* GP element: *DeferUpgradePeriodId* +* GP ADMX file name: *WindowsUpdate.admx* @@ -1445,16 +1465,17 @@ ADMX Info: -Specifies the scan frequency from every 1 - 22 hours with a random variant of 0 - 4 hours. Default is 22 hours. This policy should only be enabled when Update/UpdateServiceUrl is configured to point the device at a WSUS server rather than Microsoft Update. +Specifies the scan frequency from every 1 - 22 hours with a random variant of 0 - 4 hours. Default is 22 hours. This policy should be enabled when Update/UpdateServiceUrl is configured to point the device at a WSUS server rather than Microsoft Update. -ADMX Info: -- GP Friendly name: *Automatic Updates detection frequency* -- GP name: *DetectionFrequency_Title* -- GP element: *DetectionFrequency_Hour2* -- GP path: *Windows Components/Windows Update* -- GP ADMX file name: *WindowsUpdate.admx* +ADMX Info: + +* GP Friendly name: *Automatic Updates detection frequency* +* GP name: *DetectionFrequency_Title* +* GP element: *DetectionFrequency_Hour2* +* GP path: *Windows Components/Windows Update* +* GP ADMX file name: *WindowsUpdate.admx* @@ -1497,18 +1518,19 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. -ADMX Info: -- GP Friendly name: *Do not allow update deferral policies to cause scans against Windows Update* -- GP name: *DisableDualScan* -- GP path: *Windows Components/Windows Update* -- GP ADMX file name: *WindowsUpdate.admx* +ADMX Info: + +* GP Friendly name: *Do not allow update deferral policies to cause scans against Windows Update* +* GP name: *DisableDualScan* +* GP path: *Windows Components/Windows Update* +* GP ADMX file name: *WindowsUpdate.admx* The following list shows the supported values: -- 0 - allow scan against Windows Update -- 1 - do not allow update deferral policies to cause scans against Windows Update +* 0 - allow scan against Windows Update +* 1 - do not allow update deferral policies to cause scans against Windows Update @@ -1552,24 +1574,25 @@ IT admins can, if necessary, opt devices out of safeguard protections using this > [!NOTE] > Opting out of the safeguards can put devices at risk from known performance issues. We recommend opting out only in an IT environment for validation purposes. Further, you can leverage the Windows Insider Program for Business Release Preview Channel in order to validate the upcoming Windows 10 Feature Update version without the safeguards being applied. > -> The disable safeguards policy will revert to “Not Configured” on a device after moving to a new Windows 10 version, even if previously enabled. This ensures the admin is consciously disabling Microsoft’s default protection from known issues for each new feature update. +> The disable safeguards policy will revert to “Not Configured” on a device after moving to a new Windows 10 version, even if previously enabled. This ensures the admin is consciously disabling Microsoft’s default protection from known issues for each new feature update. > > Disabling safeguards does not guarantee your device will be able to successfully update. The update may still fail on the device and will likely result in a bad experience post upgrade as you are bypassing the protection given by Microsoft pertaining to known issues. -ADMX Info: -- GP Friendly name: *Disable safeguards for Feature Updates* -- GP name: *DisableWUfBSafeguards* -- GP path: *Windows Components/Windows Update/Windows Update for Business* -- GP ADMX file name: *WindowsUpdate.admx* +ADMX Info: + +* GP Friendly name: *Disable safeguards for Feature Updates* +* GP name: *DisableWUfBSafeguards* +* GP path: *Windows Components/Windows Update/Windows Update for Business* +* GP ADMX file name: *WindowsUpdate.admx* The following list shows the supported values: -- 0 (default) - Safeguards are enabled and devices may be blocked for upgrades until the safeguard is cleared. -- 1 - Safeguards are not enabled and upgrades will be deployed without blocking on safeguards. +* 0 (default) - Safeguards are enabled and devices may be blocked for upgrades until the safeguard is cleared. +* 1 - Safeguards are not enabled and upgrades will be deployed without blocking on safeguards. @@ -1602,7 +1625,7 @@ The following list shows the supported values: -For Quality Updates, this policy specifies the deadline in days before automatically scheduling and executing a pending restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to automatically executed, within the specified period. +For Quality Updates, this policy specifies the deadline in days before automatically scheduling and executing a pending restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to automatically execute, within the specified period. The system will reboot on or after the specified deadline. The reboot is prioritized over any configured Active Hours and any existing system and user busy checks. @@ -1613,23 +1636,25 @@ Value type is integer. Default is 14. Supported value range: 2 - 30. -If no deadline is specified or deadline is set to 0, the restart will not be automatically executed and will remain Engaged restart (e.g. pending user scheduling). +If no deadline is specified or deadline is set to 0, the restart will not be automatically executed and will remain Engaged restart (for example, pending user scheduling). If you disable or do not configure this policy, the default behaviors will be used. If any of the following policies are configured, this policy has no effect: + 1. No auto-restart with logged on users for scheduled automatic updates installations 2. Always automatically restart at scheduled time 3. Specify deadline before auto-restart for update installation -ADMX Info: -- GP Friendly name: *Specify Engaged restart transition and notification schedule for updates* -- GP name: *EngagedRestartTransitionSchedule* -- GP element: *EngagedRestartDeadline* -- GP path: *Windows Components/Windows Update* -- GP ADMX file name: *WindowsUpdate.admx* +ADMX Info: + +* GP Friendly name: *Specify Engaged restart transition and notification schedule for updates* +* GP name: *EngagedRestartTransitionSchedule* +* GP element: *EngagedRestartDeadline* +* GP path: *Windows Components/Windows Update* +* GP ADMX file name: *WindowsUpdate.admx* @@ -1662,29 +1687,31 @@ ADMX Info: -For Feature Updates, this policy specifies the deadline in days before automatically scheduling and executing a pending restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to automatically executed, within the specified period. +For Feature Updates, this policy specifies the deadline in days before automatically scheduling and executing a pending restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to automatically execute, within the specified period. Value type is integer. Default is 14. Supported value range: 2 - 30. -If no deadline is specified or deadline is set to 0, the restart will not be automatically executed and will remain Engaged restart (e.g. pending user scheduling). +If no deadline is specified or deadline is set to 0, the restart will not be automatically executed and will remain Engaged restart (for example, pending user scheduling). If you disable or do not configure this policy, the default behaviors will be used. If any of the following policies are configured, this policy has no effect: + 1. No auto-restart with logged on users for scheduled automatic updates installations 2. Always automatically restart at scheduled time 3. Specify deadline before auto-restart for update installation -ADMX Info: -- GP Friendly name: *Specify Engaged restart transition and notification schedule for updates* -- GP name: *EngagedRestartTransitionSchedule* -- GP element: *EngagedRestartDeadlineForFeatureUpdates* -- GP path: *Windows Components/Windows Update* -- GP ADMX file name: *WindowsUpdate.admx* +ADMX Info: + +* GP Friendly name: *Specify Engaged restart transition and notification schedule for updates* +* GP name: *EngagedRestartTransitionSchedule* +* GP element: *EngagedRestartDeadlineForFeatureUpdates* +* GP path: *Windows Components/Windows Update* +* GP ADMX file name: *WindowsUpdate.admx* @@ -1719,25 +1746,27 @@ ADMX Info: For Quality Updates, this policy specifies the number of days a user can snooze Engaged restart reminder notifications. The snooze period can be set between 1 and 3 days. -Value type is integer. Default is 3 days. +Value type is integer. Default is three days. -Supported value range: 1 - 3. +Supported value range: 1-3. If you disable or do not configure this policy, the default behaviors will be used. If any of the following policies are configured, this policy has no effect: + 1. No auto-restart with logged on users for scheduled automatic updates installations 2. Always automatically restart at scheduled time 3. Specify deadline before auto-restart for update installation -ADMX Info: -- GP Friendly name: *Specify Engaged restart transition and notification schedule for updates* -- GP name: *EngagedRestartTransitionSchedule* -- GP element: *EngagedRestartSnoozeSchedule* -- GP path: *Windows Components/Windows Update* -- GP ADMX file name: *WindowsUpdate.admx* +ADMX Info: + +* GP Friendly name: *Specify Engaged restart transition and notification schedule for updates* +* GP name: *EngagedRestartTransitionSchedule* +* GP element: *EngagedRestartSnoozeSchedule* +* GP path: *Windows Components/Windows Update* +* GP ADMX file name: *WindowsUpdate.admx* @@ -1770,27 +1799,29 @@ ADMX Info: -For Feature Updates, this policy specifies the number of days a user can snooze Engaged restart reminder notifications. The snooze period can be set between 1 and 3 days. +For Feature Updates, this policy specifies the number of days a user can snooze Engaged restart reminder notifications. The snooze period can be set between one and three days. -Value type is integer. Default is 3 days. +Value type is integer. Default is three days. Supported value range: 1 - 3. If you disable or do not configure this policy, the default behaviors will be used. If any of the following policies are configured, this policy has no effect: + 1. No auto-restart with logged on users for scheduled automatic updates installations 2. Always automatically restart at scheduled time 3. Specify deadline before auto-restart for update installation -ADMX Info: -- GP Friendly name: *Specify Engaged restart transition and notification schedule for updates* -- GP name: *EngagedRestartTransitionSchedule* -- GP element: *EngagedRestartSnoozeScheduleForFeatureUpdates* -- GP path: *Windows Components/Windows Update* -- GP ADMX file name: *WindowsUpdate.admx* +ADMX Info: + +* GP Friendly name: *Specify Engaged restart transition and notification schedule for updates* +* GP name: *EngagedRestartTransitionSchedule* +* GP element: *EngagedRestartSnoozeScheduleForFeatureUpdates* +* GP path: *Windows Components/Windows Update* +* GP ADMX file name: *WindowsUpdate.admx* @@ -1825,25 +1856,27 @@ ADMX Info: For Quality Updates, this policy specifies the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. The period can be set between 2 and 30 days from the time the restart becomes pending. -Value type is integer. Default value is 7 days. +Value type is integer. Default value is seven days. -Supported value range: 2 - 30. +Supported value range: 2 - 30. If you disable or do not configure this policy, the default behaviors will be used. If any of the following policies are configured, this policy has no effect: + 1. No auto-restart with logged on users for scheduled automatic updates installations 2. Always automatically restart at scheduled time 3. Specify deadline before auto-restart for update installation -ADMX Info: -- GP Friendly name: *Specify Engaged restart transition and notification schedule for updates* -- GP name: *EngagedRestartTransitionSchedule* -- GP element: *EngagedRestartTransitionSchedule* -- GP path: *Windows Components/Windows Update* -- GP ADMX file name: *WindowsUpdate.admx* +ADMX Info: + +* GP Friendly name: *Specify Engaged restart transition and notification schedule for updates* +* GP name: *EngagedRestartTransitionSchedule* +* GP element: *EngagedRestartTransitionSchedule* +* GP path: *Windows Components/Windows Update* +* GP ADMX file name: *WindowsUpdate.admx* @@ -1878,25 +1911,27 @@ ADMX Info: For Feature Updates, this policy specifies the timing before transitioning from Auto restarts scheduled_outside of active hours to Engaged restart, which requires the user to schedule. The period can be set between 2 and 30 days from the time the restart becomes pending. -Value type is integer. Default value is 7 days. +Value type is integer. Default value is seven days. Supported value range: 2 - 30. If you disable or do not configure this policy, the default behaviors will be used. If any of the following policies are configured, this policy has no effect: + 1. No auto-restart with logged on users for scheduled automatic updates installations 2. Always automatically restart at scheduled time 3. Specify deadline before auto-restart for update installation -ADMX Info: -- GP Friendly name: *Specify Engaged restart transition and notification schedule for updates* -- GP name: *EngagedRestartTransitionSchedule* -- GP element: *EngagedRestartTransitionScheduleForFeatureUpdates* -- GP path: *Windows Components/Windows Update* -- GP ADMX file name: *WindowsUpdate.admx* +ADMX Info: + +* GP Friendly name: *Specify Engaged restart transition and notification schedule for updates* +* GP name: *EngagedRestartTransitionSchedule* +* GP element: *EngagedRestartTransitionScheduleForFeatureUpdates* +* GP path: *Windows Components/Windows Update* +* GP ADMX file name: *WindowsUpdate.admx* @@ -1930,24 +1965,25 @@ ADMX Info: > [!NOTE] -> Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect. +> Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect. Allows IT Admins to exclude Windows Update (WU) drivers during updates. -ADMX Info: -- GP Friendly name: *Do not include drivers with Windows Updates* -- GP name: *ExcludeWUDriversInQualityUpdate* -- GP path: *Windows Components/Windows Update* -- GP ADMX file name: *WindowsUpdate.admx* +ADMX Info: + +* GP Friendly name: *Do not include drivers with Windows Updates* +* GP name: *ExcludeWUDriversInQualityUpdate* +* GP path: *Windows Components/Windows Update* +* GP ADMX file name: *WindowsUpdate.admx* The following list shows the supported values: -- 0 (default) – Allow Windows Update drivers. -- 1 – Exclude Windows Update drivers. +* 0 (default) – Allow Windows Update drivers. +* 1 – Exclude Windows Update drivers. @@ -1987,19 +2023,20 @@ Allows Windows Update Agent to determine the download URL when it is missing fro -ADMX Info: -- GP Friendly name: *Specify intranet Microsoft update service location* -- GP name: *CorpWuURL* -- GP element: *CorpWUFillEmptyContentUrls* -- GP path: *Windows Components/Windows Update* -- GP ADMX file name: *WindowsUpdate.admx* +ADMX Info: + +* GP Friendly name: *Specify intranet Microsoft update service location* +* GP name: *CorpWuURL* +* GP element: *CorpWUFillEmptyContentUrls* +* GP path: *Windows Components/Windows Update* +* GP ADMX file name: *WindowsUpdate.admx* The following list shows the supported values: -- 0 (default) – Disabled. -- 1 – Enabled. +* 0 (default) – Disabled. +* 1 – Enabled. @@ -2032,7 +2069,7 @@ The following list shows the supported values: -Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for apps and their updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies. +Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for apps and their updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies. > [!WARNING] > Setting this policy might cause devices to incur costs from MO operators. @@ -2041,15 +2078,16 @@ Specifies whether to ignore the MO download limit (allow unlimited downloading) The following list shows the supported values: -- 0 (default) – Do not ignore MO download limit for apps and their updates. -- 1 – Ignore MO download limit (allow unlimited downloading) for apps and their updates. +* 0 (default) – Do not ignore MO download limit for apps and their updates. +* 1 – Ignore MO download limit (allow unlimited downloading) for apps and their updates. To validate this policy: -1. Enable the policy and ensure the device is on a cellular network. -2. Run the scheduled task on your device to check for app updates in the background. For example, on a mobile device, run the following commands in TShell: +1. Enable the policy and ensure the device is on a cellular network. +2. Run the scheduled task on your device to check for app updates in the background. For example, on a mobile device, run the following commands in TShell: + ```TShell exec-device schtasks.exe -arguments '/run /tn "\Microsoft\Windows\WindowsUpdate\Automatic App Update" /I' ``` @@ -2085,7 +2123,7 @@ To validate this policy: -Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for OS updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies. +Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for OS updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies. > [!WARNING] > Setting this policy might cause devices to incur costs from MO operators. @@ -2094,15 +2132,16 @@ Specifies whether to ignore the MO download limit (allow unlimited downloading) The following list shows the supported values: -- 0 (default) – Do not ignore MO download limit for OS updates. -- 1 – Ignore MO download limit (allow unlimited downloading) for OS updates. +* 0 (default) – Do not ignore MO download limit for OS updates. +* 1 – Ignore MO download limit (allow unlimited downloading) for OS updates. To validate this policy: -1. Enable the policy and ensure the device is on a cellular network. -2. Run the scheduled task on your device to check for app updates in the background. For example, on a mobile device, run the following commands in TShell: +1. Enable the policy and ensure the device is on a cellular network. +2. Run the scheduled task on your device to check for app updates in the background. For example, on a mobile device, run the following commands in TShell: + ```TShell exec-device schtasks.exe -arguments '/run /tn "\Microsoft\Windows\WindowsUpdate\Automatic App Update" /I' ``` @@ -2142,20 +2181,21 @@ Used to manage Windows 10 Insider Preview builds. Value type is integer. -ADMX Info: -- GP Friendly name: *Manage preview builds* -- GP name: *ManagePreviewBuilds* -- GP element: *ManagePreviewBuildsId* -- GP path: *Windows Components/Windows Update/Windows Update for Business* -- GP ADMX file name: *WindowsUpdate.admx* +ADMX Info: + +* GP Friendly name: *Manage preview builds* +* GP name: *ManagePreviewBuilds* +* GP element: *ManagePreviewBuildsId* +* GP path: *Windows Components/Windows Update/Windows Update for Business* +* GP ADMX file name: *WindowsUpdate.admx* The following list shows the supported values: -- 0 - Disable Preview builds -- 1 - Disable Preview builds once the next release is public -- 2 - Enable Preview builds +* 0 - Disable Preview builds +* 1 - Disable Preview builds once the next release is public +* 2 - Enable Preview builds @@ -2189,11 +2229,9 @@ The following list shows the supported values: > [!NOTE] -> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use PauseDeferrals for Windows 10, version 1511 devices. - - -Allows IT Admins to pause updates and upgrades for up to 5 weeks. Paused deferrals will be reset after 5 weeks. +> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use PauseDeferrals for Windows 10, version 1511 devices. +Allows IT Admins to pause updates and upgrades for up to five weeks. Paused deferrals will be reset after five weeks. If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. @@ -2201,17 +2239,18 @@ If the "Allow Telemetry" policy is enabled and the Options value is set to 0, th -ADMX Info: -- GP name: *DeferUpgrade* -- GP element: *PauseDeferralsId* -- GP ADMX file name: *WindowsUpdate.admx* +ADMX Info: + +* GP name: *DeferUpgrade* +* GP element: *PauseDeferralsId* +* GP ADMX file name: *WindowsUpdate.admx* The following list shows the supported values: -- 0 (default) – Deferrals are not paused. -- 1 – Deferrals are paused. +* 0 (default) – Deferrals are not paused. +* 1 – Deferrals are paused. @@ -2244,26 +2283,26 @@ The following list shows the supported values: -Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect. - +Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect. Allows IT Admins to pause feature updates for up to 35 days. We recomment that you use the *Update/PauseFeatureUpdatesStartTime* policy if you are running Windows 10, version 1703 or later. -ADMX Info: -- GP Friendly name: *Select when Preview Builds and Feature Updates are received* -- GP name: *DeferFeatureUpdates* -- GP element: *PauseFeatureUpdatesId* -- GP path: *Windows Components/Windows Update/Windows Update for Business* -- GP ADMX file name: *WindowsUpdate.admx* +ADMX Info: + +* GP Friendly name: *Select when Preview Builds and Feature Updates are received* +* GP name: *DeferFeatureUpdates* +* GP element: *PauseFeatureUpdatesId* +* GP path: *Windows Components/Windows Update/Windows Update for Business* +* GP ADMX file name: *WindowsUpdate.admx* The following list shows the supported values: -- 0 (default) – Feature Updates are not paused. -- 1 – Feature Updates are paused for 35 days or until value set to back to 0, whichever is sooner. +* 0 (default) – Feature Updates are not paused. +* 1 – Feature Updates are paused for 35 days or until value set to back to 0, whichever is sooner. @@ -2296,18 +2335,19 @@ The following list shows the supported values: -Specifies the date and time when the IT admin wants to start pausing the Feature Updates. When this policy is configured, Feature Updates will be paused for 35 days from the specified start date. +Specifies the date and time when the IT admin wants to start pausing the Feature Updates. When this policy is configured, Feature Updates will be paused for 35 days from the specified start date. -Value type is string (yyyy-mm-dd, ex. 2018-10-28). Supported operations are Add, Get, Delete, and Replace. +Value type is string (yyyy-mm-dd). Supported operations are Add, Get, Delete, and Replace. -ADMX Info: -- GP Friendly name: *Select when Preview Builds and Feature Updates are received* -- GP name: *DeferFeatureUpdates* -- GP element: *PauseFeatureUpdatesStartId* -- GP path: *Windows Components/Windows Update/Windows Update for Business* -- GP ADMX file name: *WindowsUpdate.admx* +ADMX Info: + +* GP Friendly name: *Select when Preview Builds and Feature Updates are received* +* GP name: *DeferFeatureUpdates* +* GP element: *PauseFeatureUpdatesStartId* +* GP path: *Windows Components/Windows Update/Windows Update for Business* +* GP ADMX file name: *WindowsUpdate.admx* @@ -2344,19 +2384,20 @@ Allows IT Admins to pause quality updates. For those running Windows 10, version -ADMX Info: -- GP Friendly name: *Select when Quality Updates are received* -- GP name: *DeferQualityUpdates* -- GP element: *PauseQualityUpdatesId* -- GP path: *Windows Components/Windows Update/Windows Update for Business* -- GP ADMX file name: *WindowsUpdate.admx* +ADMX Info: + +* GP Friendly name: *Select when Quality Updates are received* +* GP name: *DeferQualityUpdates* +* GP element: *PauseQualityUpdatesId* +* GP path: *Windows Components/Windows Update/Windows Update for Business* +* GP ADMX file name: *WindowsUpdate.admx* The following list shows the supported values: -- 0 (default) – Quality Updates are not paused. -- 1 – Quality Updates are paused for 35 days or until value set back to 0, whichever is sooner. +* 0 (default) – Quality Updates are not paused. +* 1 – Quality Updates are paused for 35 days or until value set back to 0, whichever is sooner. @@ -2389,18 +2430,19 @@ The following list shows the supported values: -Specifies the date and time when the IT admin wants to start pausing the Quality Updates. When this policy is configured, Quality Updates will be paused for 35 days from the specified start date. +Specifies the date and time when the IT admin wants to start pausing the Quality Updates. When this policy is configured, Quality Updates will be paused for 35 days from the specified start date. -Value type is string (yyyy-mm-dd, ex. 2018-10-28). Supported operations are Add, Get, Delete, and Replace. +Value type is string (yyyy-mm-dd). Supported operations are Add, Get, Delete, and Replace. -ADMX Info: -- GP Friendly name: *Select when Quality Updates are received* -- GP name: *DeferQualityUpdates* -- GP element: *PauseQualityUpdatesStartId* -- GP path: *Windows Components/Windows Update/Windows Update for Business* -- GP ADMX file name: *WindowsUpdate.admx* +ADMX Info: + +* GP Friendly name: *Select when Quality Updates are received* +* GP name: *DeferQualityUpdates* +* GP element: *PauseQualityUpdatesStartId* +* GP path: *Windows Components/Windows Update/Windows Update for Business* +* GP ADMX file name: *WindowsUpdate.admx* @@ -2468,18 +2510,19 @@ This policy is deprecated. Use [Update/RequireUpdateApproval](#update-requireupd -Available in Windows 10, version 2004 and later. Enables IT administrators to specify which product they would like their device(s) to move to and/or stay on until they reach end of service or reconfigure the policy to target a new product. +Available in Windows 10, version 2004 and later. Enables IT administrators to specify which product they would like their device(s) to move to and/or stay on until they reach end of service or reconfigure the policy to target a new product. If no product is specified, the device will continue receiving newer versions of the Windows product it is currently on. For details about different Windows 10 versions, see [release information](/windows/release-health/release-information). -ADMX Info: -- GP Friendly name: *Select the target Feature Update version* -- GP name: *TargetReleaseVersion* -- GP element: *ProductVersion* -- GP path: *Windows Components/Windows Update/Windows Update for Business* -- GP ADMX file name: *WindowsUpdate.admx* +ADMX Info: + +* GP Friendly name: *Select the target Feature Update version* +* GP name: *TargetReleaseVersion* +* GP element: *ProductVersion* +* GP path: *Windows Components/Windows Update/Windows Update for Business* +* GP ADMX file name: *WindowsUpdate.admx* @@ -2527,24 +2570,24 @@ By using this Windows Update for Business policy to upgrade devices to a new pro > [!NOTE] -> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use RequireDeferUpgrade for Windows 10, version 1511 devices. - +> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use RequireDeferUpgrade for Windows 10, version 1511 devices. Allows the IT admin to set a device to Semi-Annual Channel train. -ADMX Info: -- GP name: *DeferUpgrade* -- GP element: *DeferUpgradePeriodId* -- GP ADMX file name: *WindowsUpdate.admx* +ADMX Info: + +* GP name: *DeferUpgrade* +* GP element: *DeferUpgradePeriodId* +* GP ADMX file name: *WindowsUpdate.admx* The following list shows the supported values: -- 0 (default) – User gets upgrades from Semi-Annual Channel (Targeted). -- 1 – User gets upgrades from Semi-Annual Channel. +* 0 (default) – User gets upgrades from Semi-Annual Channel (Targeted). +* 1 – User gets upgrades from Semi-Annual Channel. @@ -2578,10 +2621,9 @@ The following list shows the supported values: > [!NOTE] -> This policy is *only* recommended for managing mobile devices. If you previously used the **Update/PhoneUpdateRestrictions** policy in previous versions of Windows, it has been deprecated. Please use this policy instead. +> This policy is *only* recommended for managing mobile devices. If you previously used the **Update/PhoneUpdateRestrictions** policy in previous versions of Windows, it has been deprecated. Please use this policy instead. - -Allows the IT admin to restrict the updates that are installed on a device to only those on an update approval list. It enables IT to accept the End User License Agreement (EULA) associated with the approved update on behalf of the end-user. EULAs are approved once an update is approved. +Allows the IT admin to restrict the updates that are installed on a device to only those updates on an update approval list. It enables IT to accept the End User License Agreement (EULA) associated with the approved update on behalf of the end user. EULAs are approved once an update is approved. Supported operations are Get and Replace. @@ -2589,8 +2631,8 @@ Supported operations are Get and Replace. The following list shows the supported values: -- 0 – Not configured. The device installs all applicable updates. -- 1 – The device only installs updates that are both applicable and on the Approved Updates list. Set this policy to 1 if IT wants to control the deployment of updates on devices, such as when testing is required prior to deployment. +* 0 – Not configured. The device installs all applicable updates. +* 1 – The device only installs updates that are both applicable and on the Approved Updates list. Set this policy to 1 if IT wants to control the deployment of updates on devices, such as when testing is required prior to deployment. @@ -2629,12 +2671,13 @@ The default value is 15 (minutes). -ADMX Info: -- GP Friendly name: *Configure auto-restart warning notifications schedule for updates* -- GP name: *RestartWarnRemind* -- GP element: *RestartWarn* -- GP path: *Windows Components/Windows Update* -- GP ADMX file name: *WindowsUpdate.admx* +ADMX Info: + +* GP Friendly name: *Configure auto-restart warning notifications schedule for updates* +* GP name: *RestartWarnRemind* +* GP element: *RestartWarn* +* GP path: *Windows Components/Windows Update* +* GP ADMX file name: *WindowsUpdate.admx* @@ -2672,7 +2715,7 @@ Supported values are 15, 30, or 60 (minutes). > [!NOTE] -> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education +> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education Allows the IT Admin to specify the period for auto-restart warning reminder notifications. @@ -2681,12 +2724,13 @@ The default value is 4 (hours). -ADMX Info: -- GP Friendly name: *Configure auto-restart warning notifications schedule for updates* -- GP name: *RestartWarnRemind* -- GP element: *RestartWarnRemind* -- GP path: *Windows Components/Windows Update* -- GP ADMX file name: *WindowsUpdate.admx* +ADMX Info: + +* GP Friendly name: *Configure auto-restart warning notifications schedule for updates* +* GP name: *RestartWarnRemind* +* GP element: *RestartWarnRemind* +* GP path: *Windows Components/Windows Update* +* GP ADMX file name: *WindowsUpdate.admx* @@ -2731,25 +2775,26 @@ Supported operations are Add, Delete, Get, and Replace. -ADMX Info: -- GP Friendly name: *Configure Automatic Updates* -- GP name: *AutoUpdateCfg* -- GP element: *AutoUpdateSchDay* -- GP path: *Windows Components/Windows Update* -- GP ADMX file name: *WindowsUpdate.admx* +ADMX Info: + +* GP Friendly name: *Configure Automatic Updates* +* GP name: *AutoUpdateCfg* +* GP element: *AutoUpdateSchDay* +* GP path: *Windows Components/Windows Update* +* GP ADMX file name: *WindowsUpdate.admx* The following list shows the supported values: -- 0 (default) – Every day -- 1 – Sunday -- 2 – Monday -- 3 – Tuesday -- 4 – Wednesday -- 5 – Thursday -- 6 – Friday -- 7 – Saturday +* 0 (default) – Every day +* 1 – Sunday +* 2 – Monday +* 3 – Tuesday +* 4 – Wednesday +* 5 – Thursday +* 6 – Friday +* 7 – Saturday @@ -2782,7 +2827,7 @@ The following list shows the supported values: -Enables the IT admin to schedule the update installation on the every week. Value type is integer. Supported values: +Enables the IT admin to schedule the update installation on every week. Value type is integer. Supported values: